Web Access
STAR web organization at BNL
- The STAR home page URL is http://www.star.bnl.gov/ . All pages from the root directory is strictly reserved to the webmaster. Several user contents are into sub-trees explained below.
- http://www.star.bnl.gov/STAR/ will (since 2007) redirect you into the Drupal Content Management System (CMS) for STAR. This page is in STAR's Drupal CMS and the base URL should appear as http://drupal.star.bnl.gov/STAR/. Note that both www.star and drupal.star are equivalent for the path STAR/.
- Drupal attachments menu are no visible by the public (however, the document may be accessible to those having the direct link)
- Comments added to the Drupal site are not visible by non-authenticated users
- URLs of form http://www.star.bnl.gov/public/* or http://www.star.bnl.gov/protected/* map respectively to the physical locations
Those areas are reserved for PWG related documents and information. The space is limited so, do not use it as an archival space.
- /afs/rhic.bnl.gov/star/doc_public/www/*
- /afs/rhic.bnl.gov/star/doc_protected/www/*
- The STAR computing home page URL is http://drupal.star.bnl.gov/STAR/comp/
- ANY path containing the word "protected" will see the Web server ask for the protected pasword.
ATTENTON: the word as a parameter of a cgi does NOT trigger requiring a password
- See for example https://www.star.bnl.gov/~jeromel/test/protected/
- When writing HTML, relative URLs (i.e. without http://hostname) of the form 'comp/xxx/yyy.html' (computing web) or 'public/comp/xxx/yyy.html' (general web) should be used such that mirroring of the web on other servers will work.
- Example of URL and location for a typical web directory, SOFI:
URL: http://www.star.bnl.gov/public/comp/train/
Physical location: /afs/rhic.bnl.gov/star/doc_public/www/comp/train/
- ACLs control access to AFS web areas. If you need (or think you might ever need) write access to a web area, just ask. See ACL info link below.
- There are STAR logos and other images in the images directory.
Personal Webpages and CGI access
Each STAR users should have a personal web area on the RHIC/STAR cluster, starting from the physical location and directory /afs/rhic.bnl.gov/star/users/$YOURUSERNAME/WWW . Since 2007 onward, you should NOT have administrative ACLs on this area. However, the area MUST have the following ACLs set for the Web server account tto be able to access your files:
- The top directory /afs/rhic.bnl.gov/star/users/$YOURUSERNAME should have "rl" ACL for starweb
- The Web startup directory /afs/rhic.bnl.gov/star/users/$YOURUSERNAME/WWW should also have the "rl" ACL for starweb
- Nothing else is needed
- Note that the rule related to path containing the word "protected" also applies to private area
Important Note / precision
- /afs/rhic.bnl.gov/star/users/$YOURUSERNAME/WWW should itself be readable by starweb account as showed in the previous bullet.
- the starweb account is NOT part of the "STAR" group. Explicit ACL to "rl" need to be set as instructed.
- ATTENTION:
- Although you should no longer have privileges to do so, you should NEVER set or reset the starweb account ACLs to values different than "rl" as instructed. Setting / resetting ACL for the special account system:anyuser has DIRE consequences and will be considered PROHIBITED.
- You should especially NEVER grant write access by those account to ANY area without prior notice and explicit approval.
- Several areas are protected with "protected password" for a reason (including our code repository, the path with the word /protected/, etc ...). DO NOT attempt to circumvent those protections without consulting with Infrastructure Leader. Circumventing may include replication of the content and providing it to a public space. Doing so may expose collaboration only information to a wide audience.
Your personal pages will be accessible as http://www.star.bnl.gov/~yourusername/. If not, please send a note to starsofi Hypernews confirming and specifying you have followed the instructions above. In some instances, old ACLs get cached on the Web server side and your page may not be displayable before a service restart (AFS) is issued. For more information on setting ACLs in AFS, please consult the Guide to AFS and ACLs page.
Running CGIs
Running CGIs on the STAR Web servers need to follow the below guidance and regulations:
- By default, all CGIs will (and MUST) be protected of access using the "protected" password or other (stronger) method of authentication.
- Any deviation and need for public access requires a review of the CGI by experts.
- The de-facto assumption will always be that CGIs must be protected - if a review cannot happen, the default assumption will be in effect.
- CGIs with read-only access and of general (outside STAR) interest are candidates for an exemption.
- CGIs having write access to files or database (hence subject to injection attacks) require special attention. You should always consider the question "can I write this CGI differently". For example:
- pre-generation of results (write) from a different account than starweb could be used as an example of privilege separation.
- two stage (two accounts) database access could be used to write and read
- ...
- After a review, a frozen version of the CGI will be put in place
- The area or database the CGI writes to should be documented.
- File access: ANY area in AFS having write access ACL for starweb but un-documented will see the ACLs removed (for both starweb and the administrator of the area) without prior notice.
- STAR provides standard CGIs for general use
- Use them
- DO not make and use private copies - send your changes and improvements to the developers if needed
- Virtually hosted site should comply with the guidance and rules described herein.
More information
More information is available below providing you are authenticated.
Accessing the World Wide Web from inside BNL
BNL Wireless or internal network are proxied network. Proxy is used to
- "hide" your client IP from the remote host
- Provide load balancing and caching (hot donloads are cached on the proxy)
- As a side effect, it also allows Cyber-security to perform activity monitoring of the traffic
Information explaining how to set a Web proxy for about all possible utilities and tools is available on The Information and Technology division (ITD) web server page Web Proxy configuration instructions. Instructions for other proxies (FTP, RealPlayer streaming,...) are also available.
Command line tools typically respect the value of http_proxy. The information for such manual proxy can be found as the IP provided here. As an example on how to set http_proxy,you will need to issue a command such as
setenv http_proxy http://192.168.1.130:3128/ # internal
OR
setenv http_proxy http://192.168.1.140:3128/ # external
to have it all set. Note that on this page, by "outside BNL" one means outside the internal network (hence the Wireless).
Available CGIs
AutoIndex
AutoIndex provides the ability to have a directory structure automatically set with a nice browsing interface. There is no need to install this package in STAR. See You do not have access to view this node for more information.
Counters
In cgi-bin, We have a modified version of Frederic TYNDIUK's version of the Basic Graphical Counter. To set it up, just add lines similar to the below in your html page
<IMG SRC="/cgi-bin/counter.cgi?counter=test&digit=2">
<IMG SRC="/cgi-bin/counter.cgi?counter=test&digit=1">
<IMG SRC="/cgi-bin/counter.cgi?counter=test&digit=0&w">
The result would be:
This did set a three digits counter named test. Use a name appropriate for your page and be aware that changing names would make the counter reset to 0. Also, be careful to use only one &w as the counter needs to be incremented only once on the lowest digit.
counter.cgi accepts the following parameters
Parameter name
|
Value
|
Effect
|
counter
|
Any (string)
|
Used to separate counters in classes. In the example above, all pages referencing counter=test if accessed, would share the same 'test' counter.
|
digit
|
(int)
|
The digit to display.
|
w
|
|
This parameter do not need a value. Its effect is to increment the counter and it needs to appear only once per page (in short, use an arbitrary name relevant to your page).
|
Cookies
This is note is for STAR users only. External visitors of our Web pages do not need to accept cookies.
However, in order for several STAR-users tools to work (Hypernews, Drupal, RT, etc...), you MUST set your client to accept cookies from sites www.star.bnl.gov and drupal.star.bnl.gov (or the full domain {star.}bnl.gov). To do this, here are a few recipes: