Security for Project Web Server

On OSDN, we provide hosting services to a wide range of projects. Among them, there are projects that need to have their contents on the web server to be securely stored. However, the number of available options is limited as of now. This document will detail on the options that are generally chosen.

Encryption of the Contents

All http communication between project web server and users is under a possibility of eaves dropping. So try to use https as much as possible.

Access Limitations Against Web Contents

ation can be used to impose access limitation against certain page on web site. To set up Basic authentication on a project's web content, please follow the following procedure.

  1. Log in to OSDN shell server (shell.osdn.net) via SSH
  2. Generate password file using htpasswd
  3. Within the /home/groups/projectname/htdocs directory tree, create .htaccess file on the directory which will be protected by Basic authentication,

Please note that there may be times where you won't be using the usual OSDN password for the project's Basic authentication file. Every account must use different and secure password, and Basic authentication file also falls into this rule. Now, here's how you make the first entry (user).

htpasswd -cm /home/groups/projectname/.htpasswd usernamechgrp projectname /home/groups/projectname/.htpasswdchmod o-w /home/groups/projectname/.htpasswd

And after that, the entries are made as shown below.

htpasswd -m /home/groups/projectname/.htpasswd username

For .htaccess file, here's what you write.

AuthUserFile /home/groups/projectname/.htpasswdAuthName projectnameAuthType Basic
<Limit GET>
require valid-user
</Limit>

If you have any questions regarding other security matters, please submit support request to OSDN staff.

Automatic Limitation of POST

If there's been so much POST request sent from a specific address to a project web within a certain period, that address will be blocked automatically. By doing so, there's a possibility that web applications that use a part of Ajax could get improperly blocked. If you are operating an application that will use POST often, contact us so that we could remove the limitation.