BSc (Hons) Web Technologies

Cohort: BWT/21B/FT

Assignment for 2023/2024 / Semester 1

MODULE: WEB SERVER ADMINISTRATION (Normal)

MODULE CODE: WAT2107C

Lecturer Name: Mr. Saggoonoo Yanesh

Student Name: Baichoo Bibi Zainab

Cohort & Student Id: BWT/21/BFT – 2110_22861

Task 1 - 20 Marks

1. Make use of the mod_status module to get the current status of your server.

First step is to open Command Prompt as Administrator and navigate to Apache bin folder:

Now if we want to view all the enabled Load Modules that we have, simply type httpd -M in cmd and
press enter:
To enable a module, you have to navigate to “C:\Apache24\conf” and locate the file httpd:

Open the httpd file in notepad++

Then make a search of where the Load Modules starts and then locate the “mod_status module”. As
you can see below it is already enabled and it was shown above in the cmd:

If you want to enable a module just remove the # at the start of the line.

Now go to cmd and type httpd -k start to start the server and on browser type http://localhost/server-
status

It will render this page below:

 2. Have the server status page refresh automatically every 5 seconds.

To refresh automatically for 5 second simply type “?refresh=5” aster server-status in the address bar:

The page will reload each 5 second automatically

3. Limit the server status page only for request coming from localhost, only users accessing
the server status page through localhost should be allowed, any other users should be
redirected to a custom access denied page.

Create an html file in htdocs. I named it “custom_denied.html” and input an access denied
message as shown below:

Then in in folder Apache got to folder conf then in folder extra you will see httpd_vhosts,
open in notepad++
 Then in the VIrtualHost opening tag I input the Error Document 403 / custom_denied.html
page I create earlier, see below:

Restart Apache server by typing “httpd -k restart”

Then in browser enter the following address to see that the access is denied for users that does
not use localhost to browse:

4. Explain the purpose of the “Extended Status” directive:

The Extended Status directive enables or disables extended status information in the server status
page provided by mod_status. When it is enabled, it provides additional details about each request
being processed by the server, including information like the current request processing phase, request
method, request URI, request protocol, and more.
 5. Turn on the “Extended Status” directive for your web server and explain the difference
in the output.

Go to fille httpd.conf and locate the “ExtendedStatus” If it is off turn it on by simple typing “on” after
the directive. As shown below:

Then Restart Apache and in browser type localhost/server-status you will see the following page: All
the current process request are shown below

By restarting Apache for the changes to take effect. The difference in the output will include more
detailed information about each request in the server status page.
To turn if off simply type “off”

Refresh and reload browser you will see below completely on the page that you need to turn it on to
get full report:

ExtendedStatus OFF

6. Create a file named utmhomepage.html in the document root of your Apache server.
Add all the codes for a basic web page, including the DOCTYPE and meta tags.

Create an html page called “utmhomepage” in folder htdocs:

Below is a basic html code for the utm web page:

Then restart server and open the html page that was shown above in htdocs: It will be as shown below
 7. When a directory is requested from the web server, the server will look for a default
page to display from the directory. Typically, this page is named index.html. Configure
your Apache server so that the default page is named utmhomepage.html.

In httpd.conf locate the directive “IfModule dir_module”. You will see that originally the
DirectoryIndex is index.html. But we have to make the utmhomepage become the default. Thus, in the
DirectoryIndex input utmhomepage.html instead of index.html as shown below:

The restart server and type “localhost/”. utmhomepage is now the default page:
 8. Create a directory named errors in your docRoot directory. When a page that does not
exist is requested from the Apache server, a response code of 404 is returned to the
browser along with a default page that describes the error. Configure the Apache server
so that your own custom error page is returned for a 404 error. Place your custom page
in the error’s directory.

Create an error.html in htdocs:

Input a message indicating that the requested URL was not found if it does not exist on the
server:

In httpd locate “ScriptAlias” then input the ErrorDocument 404 code as shown below to direct it to
the web page I created earlier namely error.html:

Restart server and go to browser input a page that does not exist on the server:
9. Configure your Apache server to disable directory listing. Configure your Apache
server to disable directory listing.

To disable a directory listing go to httpd.conf, locate “Directory” and input “AllowOverride

none” and “Require all denied” as shown below:

Restart server and browse localhost/errors/:

You will see it is forbidden
Task 2 - 30 Marks

1. We can use both IP and name-based virtual hosts; what are the differences between
them. Explain the advantages of setting up named based virtual Hosts versus IP based
virtual Hosts? (5 marks)

Differences between IP-based and name-based virtual hosts:

IP-based virtual hosts: Each website is assigned a unique IP address, and Apache uses this IP
address to determine which website to serve. As such, each website will have its own IP address and
can be accessed directly using that IP address.

Name-based virtual hosts: Multiple websites shares the same IP address, and Apache determines
which website to serve, based on the hostname provided in the HTTP request. As such, it can be
hosted on the same IP address, and the server distinguishes between them based on the domain name
specified by the client.

Advantages of name-based virtual hosts over IP-based virtual hosts:

 Cost-effective: Name-based virtual hosts allow multiple websites to share the same IP
address and thus, reducing the need for acquiring and managing multiple IP addresses. This
can be particularly advantageous in situations where IP addresses are limited or expensive.
 Simplified configuration: Managing configuration for name-based virtual hosts is simpler
compared to IP-based virtual hosts, as there is no need to assign and manage individual IP
addresses for each website. This can save time and reduce the risk of configuration errors.
 Scalability: Name-based virtual hosts make it easier to scale and add new websites without
requiring additional IP addresses. This flexibility simplifies the management of multiple
websites on the same server.
 2. Explain How Apache decides what of the virtual hosts should be used to respond to a
client request? (5 marks)

How Apache decides which virtual host to use:

When a client sends a request to the Apache server, Apache determines which virtual host should
respond to the request based on the following steps:

IP-based virtual hosts: If the server is configured with IP-based virtual hosts, Apache examines the
IP address of the incoming request and matches it to the IP address associated with one of the virtual
hosts. The request is then served by the virtual host associated with that IP address.

Name-based virtual hosts: If the server is configured with name-based virtual hosts, Apache
examines the hostname provided in the HTTP request. Apache then matches the hostname to the
ServerName or ServerAlias directives specified in the configuration for each virtual host. The request
is then served by the virtual host whose ServerName or ServerAlias matches the hostname in the
request.

In summary, Apache uses the information in the request (either the IP address or the hostname) to
determine which virtual host should handle the request. This allows Apache to serve the appropriate
website based on the configuration of virtual hosts
 3. Use your Apache server to set up two Named based virtual hosts. Document all the steps
and configurations used. (15 marks)

Create a folder named “vhosts” under C drive which will contain the 2 virtual hosts:

Then open C:\WINDOWS\system32\drivers\etc\hosts in notepad++. Locate the following line

“127.0.0.1 localhost” below:

Then on another line enter 127.0.0.1, followed by the same space as above accompanied with the
name of the virtual host (zainab.utm.ac.mu and zainab.uom.ac.mu) that need to be registered as
shown below:

Save the hosts file and close.

Next open httpd.conf scroll down and locate the section Virtual hosts. You will see the Include is
commented and it must be enabled. Thus, remove the # before the include as shown below:

Next in file httpd-vhosts.conf add the following directive below line 15:

“<Directory C:/vhosts>

Require all granted

</Directory>”

This directive will allow correct permissions for the folder that contains the two virtual hosts I created
earlier.

Next step is to add the two virtual host:

Create two folders under C:/vhosts as below:

Then in each folder add a simple index.html page whereby you input a message like:

Uom.ac.mu content: -

“<html><body><h1>UOM Virtual Hosts. It works! </h1></body></html>”

Utm.ac.mu content: -

“<html><body><h1>UOM Virtual Hosts. It works! </h1></body></html>”

Then go to httpd-vhosts.conf, add the virtual host configuration for each as shown below:

Save and restart server

Anything in the server root will be accessible through http://localhost/

Whereas anything in a virtual host will be accessible through a direct address as shown below:

http://zainab.uom.ac.mu/index.html

http://zainab.utm.ac.mu/index.html
 4. Configure your Apache server so that each virtual host has their own access and error
logs only for them. (5 marks)

For that we need to use CustomLog directives inside each <VirtualHost> section as shown below: It
will be the access_log as you can see-
In folder log under Apache, you will see both the virtual host now has an access and an error log
each:

Uom access log

Uom error log

Utm access log

Utm error log

Task 3 – 25 Marks

1. Configure your web server to support TLS.

2. Make sure you disable the SSLv2+3 protocols as they are shown to be unsafe.

3. It is not difficult to set up your server to support TLS. It is however difficult to do it

correctly

4. Be sure you know what you are doing and read the server’s documentation on TLS
carefully.

5. Read the TLS configuration options carefully before you start. Adapt it to your needs
and make sure the TLS module is loaded.

6. List the encryption standards / cipher suites that the web server supports with the
standard configuration file. Select one and explain all its components.
 7. Describe how you created your own certificate for your web server.

8. You can test your secure web server using a web browser, but you can also use open ssl
or curl.

9. Test your web server using both these tools and report your findings.

Task 4 - 25 Marks

Critical Evaluation

You are required to write a short report (1000 words) analysing the server configurations

you have implemented and the strong and weak aspects of your server setup, suggest

improvements, and propose ideas for further configuration. This analysis must include a

discussion of the security aspects, configuration and logging of the server and learn

what questions you should be asking when determining whether to delegate this

responsibility to a third party.