|
Home
Web Hosting Guide
Compare Hosting Plans
Basic Hosting Plan
Professional Hosting Plan
Extreme Hosting Plan
Email Only Hosting
Web Forwarding
Advanced Features
Hosting Control Panel
SSL Certificates
Hosting Order Page
WISDOM
The Essence of Knowledge is Having it to Apply it. |
File and Folder Permissions
NTFS permissions vs. IIS permissions Perl Modules that are installed on our servers Default Document List MIME type interpretation with Internet Explorer Supported ASP Components ColdFusion Tags we support that most Web Hosts do not ColdFusion session variables and application varibles How to install 3rd party or custom components Guidelines for running scripts in password protected directories Is WebDav support with my hosting account? Visual Studio .NET requiring FrontPage Server Extensions Creating a second Login for Front Page How to set up Browsable directories Creating Web Server applications on sub directories Support for WAP / WML / .NET Mobile zeWEBHOST Security Compliance
You can change the permissions for all of the files and folders in your
hosting account by going into the Web Based FTP in the control panel. You may
give a file or folder one of the following permissions:
R: Set this to have the file or folder as read only. W: Set this to have the file or folder as write only. A user can overwrite the file or if it is a folder, create new files and folders within the folder. RW: Set this to give a file or folder read and write permissions. M: Set this to give a file or folder modify permissions. This allows all the permissions of 'RW' plus the file or folder can be deleted. F: Set this to give full access to a file or folder. This allows any operation on the file or folder and is rarely needed. Modify permissions are enough for almost any application. If a script is giving you an error it may be because it is trying to access a resource that it does not have proper permission for. Try changing the permissions settings for the resource. By default, the cgi-bin and db directories have the Modify permission. This allows your scripts to read, create, modify and delete files/folders anywhere within the cgi-bin directory. The Modify permission is necessary on the db directory to ensure proper functionality of your MSACCESS databases. CHMOD is a Unix command and will not work with our Windows servers. The ability to change permissions in our Web Based FTP is the equivalent of the CHMOD command. Some common Unix permissions and their Windows equivalents are as follows: 777 = F 666 = M 755 = M The triplet set of numbers in Unix permissions refer to User, Group and Other. When dealing with Windows permissions, the F, M, R, RW, W permissions only apply to the anonymous Internet user that visits your Web Site from a web browser. Because of this difference, there is no direct comparison of Unix to Windows permissions. The best method to take when setting windows permissions is to leave everything in your Web Site as Read (with the exception of cgi-bin and db). Then set Modify on any directories that your scripts need to write or delete files in. (again, we recommend using the cgi-bin for this as it already has Modify permissions). This method will take care of just about any permissions problems you may encounter.
NOTE: To fully understand exactly how these permissions work with one
another, you need to have an in-depth technical understanding of them. This
article is meant as reference as to how our system operates, not a guide to
understanding these principles.
When dealing with Web site development on the server side, there are two types of permissions you may need to deal with: - NTFS Permissions - IIS (Web server) Permissions NTFS Permissions NTFS permissions are the Windows File System permissions. These are the permissions that appear when you right click on a file/folder on your local computer, then Properties -> Security tab. These permissions control file access on the server for your scripts and access to files/folders after requests have gotten past IIS (Web server). NTFS permissions can be set in our Web Based FTP Utility. IIS (Web server) Permissions IIS permissions are built into the Web server and add an extra layer of protection for Web access before requests can even get to the Windows File System level. IIS permissions currently cannot be set through our Control Panel. You must email our support team to change these permissions. NTFS permissions vs. IIS permissions While there are caveats to this, the best way to differentiate these two types of permissions is as follows. NTFS permissions control what files/folders your scripts can read/write/delete. IIS permissions control what files/folders visitors on your Web site can read/write/delete. Example 1: If you have a a script that can be executed through your Web site which writes a file to a directory and that directory has been assigned the M (Modify) NTFS permission in the Web Based FTP, the file will be written properly. Example 2: If you have an Access database in a directory on your Web site that has the IIS Read permission disabled but has M (Modify) NTFS permissions, visitors will not be able download the database file via the Web browser, but scripts on the site will be able to make changes to it. Default NTFS and IIS permissions With all default Web site setups the entire site is set to the following: NTFS: Read IIS: Read With the following exceptions: /cgi-bin NTFS: M (Modify: read/write/delete) IIS: No Read access /db NTFS: M (Modify: read/write/delete) IIS: No Read access More information about permissions and setting them can be found in the File and Folder Permissions knowledge base article.
The following is a list of the installed post ActiveState Perl 5.6
distribution Perl
Modules:
CGI-Enurl Crypt-Blowfish_PP DBI DBD-Mysql DBD-ODBC Unicode-String Crypt-SSLeay Business-UPS Fedex File-NCopy DB_File Date-Simple Parse-Tokens HTML-TokeParser-Simple Image-GD-Thumbnail HTTP-GetImages Image-Base Image-Info Image-Magick Image-Size GD GD-Barcode GDGraph GDGraph-Map GDGraph3d GDTextUtil HTTP-Request-Form SMS-MT Net-SMS
In order to for visitors to view your website using it's URL, eg.
http://www.yourdomain.com, you must upload your primary file. This file
is referred to as the default document. A basic default document formatted in
HTML would be named either index.HTML or default.html. Other extensions that are
supported by the server can also be used. For example: .htm, .html, .asp, .aspx,
.shtm, .shtml, .cfm, & .php, are all valid extensions for the default
document.
If you receive an error when you type your domain into the address field of browser or see a blank page, chances are good that you do not have an index.* or default.* page uploaded to the server. To create an index file, name the primary page you want displayed as index.html or default.html etc. Default documents can be used in any directory within your website. For example, the URL: http://www.domain.com/directory/index.html can be shortened to just htp://www.domain.com/directory We highly recommend that you only have one default document in a single directory, as having multiple index files may cause unexpected results when viewing your website. Default documents take presidence over each other in the following order: default.html default.htm default.shtml default.asp default.aspx default.php index.html index.htm index.shtml index.asp index.aspx index.php
When opened in Internet Explorer, certain file types will always display them
as text, even when you are trying to make users download the file. This most
commonly occurs with .cfg, .lua, or other text files that are not meant to be
viewed in a web browser. Internet Explorer's behavior is to try to figure out
what the is, rather than to trust known MIME types. To force Internet Explorer
to download these files you will need to create a scripting solution that will
allow you to adjust and add content disposition information to the HTTP headers
sent to the user.
Please see the following URLs for examples and further information: http://msdn.microsoft.com/library/default.asp?url=/workshop/networking/moniker/overview/appendix_a.asp http://support.microsoft.com/default.aspx/kb/260519
The following are a list of ASP components that we support:
1. Persits ASPUpload 3.0 2. Persits ASPEmail 5.0.0.2 3. Persits ASPJpeg You do not have to install or configure anything for these to work. Simply refer to the example scripts in our Scripting Knowledge Base section or visit www.persits.com for documentation and examples.
The following is a list of ColdFusion tags that we support that many Web
Hosts do not:
1. CFCONTENT 2. CFDIRECTORY 3. CFFILE 4. CFOBJECT 5. CFEXECUTE We are able to support these tags because of our extremely rigid security model on all of our Web Servers.
Session variables and application variables are enabled by default on the
Cold Fusion server. You may incorporate them into your ColdFusion applications
as normal.
Based on the scripting language(s) your website is actively using, it may use
server components that go by a variety of names. The following are the component
aliases for scripting languages we support:
Perl/PHP - Modules ASP/ASP.NET - COM Objects / DLL / ISAPI Filter If you require a component that we do not currently support you must send an email to support@zewebhost.com with your request. If the component is made by a software manufacturer, you must provide their web address and a link to full documentation on the product. You can also attach the documentation to your email. If the component is custom developed by you or your developer, you must attach a full description and full documentation for your component to the email. If you need a Perl module, all of this information may not be readily available. If this is the case, just send us as much as possible including the CPAN documentation if applicable. Most ASP/ASP.NET Components will require a $35 one time review and installation charge. This charge will be billed to your account if the component is approved for installation by our support staff. Objects such as Windows TrueType Fonts, that do not require a server-side registration, can be installed to the web server at no additional cost.
The following guidelines are in place for password protected
directories:
1. You cannot access password protected directories with a shared SSL URL. 2. ASP.NET scripts will not work in password protected directories. PHP, Perl, ASP and ColdFusion script will. NOTE: Theoretically, ASP.NET scripts should be able to execute with password protected directories. However, our system's configuration is unable to support this. Authentication such as this can be accomplished with script-based authentication methods. 3. If you are putting ColdFusion files in the password protected directory and are using an "application.cfm" file, this file must be placed within the password protected directory." 4. Any files that are included, created, appended to or read in your scripts must exist within the same password protected directory as the script. 5. Access databases must exist within the same password protected directory as the script. 6. Password protected directories should not contain quotes in their names e.g Incorrect Name - John's Pictures Correct Name - Johns Pictures
WebDav (Web Document Authoring and Versioning) is supported with Web Sites
that have the FrontPage Extensions installed. You can utilize WebDav without
using Frontpage by following these steps:
1. In Windows XP, open "My Network Places". 2. Double click on Add Network Place. 3. Click on next. 4. Choose "Another network location". 5. Enter your full web address (i.e. http://www.yourdomain.com). 6. Enter your FrontPage username/password. 7. Click on next and then finish. You have now created a Network Place where you can access your Web file directly as if they were on your local computer.
If you are using Visual Studio .NET to create Web Applications on zeWEBHOST's shared web servers,
you will need to ensure that you have requested the
installation of Microsoft FrontPage Server Extensions to your website. Any of
our hosting packages can accommodate for FrontPage Server Extensions.
If you did not choose to do so during the initial signup process, you can simply email support@zewebhost.com requesting the installation of FrontPage Server Extensions to your website.
To add another login in FrontPage 2002:
1. Use File -> Open Web to connect to your web space like you were making a change to your website. 2. After you are connected, select Tools -> Server -> Administration Home. This will open a browser window. 3. In the new window, under Accounts used, select Manage users. 4. Select Add a user. 5. Enter the Username and the Password for the new login and click Create an Account. To delete the login: 1. Use Open Web to connect to your web space like you were making a change to your website. 2. After you are connected, select Tools -> Server -> Administration Home. This will open a browser window. 3. In the new window, under Accounts used, select Manage users. 4. Check the box next to the user you wish to remove and click Remove selected user(s) from all roles. To change Permissions on new logins: 1. Use Open Web to connect to your web space like you were making a change to your website. 2. After you are connected, select Tools -> Server -> Permissions. This will open a browser window.
A browsable directory is one that the contents will be listed in the Web
browser. To set up a directory to be browsable send in a request to
support@zewebhost.com. Specify the exact directory you want to be browsable and
we will set it up for you.
By default, there is one application set up in our Web Server (IIS 5.0) on
the root of the Web Site. Many ASP scripts require a global.asa file
which must be in the root of an application to get processed.
You can setup .NET Application directories on sub folders in your account through our Web Based FTP utility. Access this by logging into your zeWEBHOST control panel, click on Web Site/Domain Management -> domain.com -> Web Based FTP. When the utility loads, clicking on the yellow folder icon, next to the directory of your choice, will setup that directory as the application root. Clicking it again will remove the setting.
The WAP protocol is the leading standard for information services on wireless
terminals like digital mobile phones and is fully supported within zeWEBHOST's
shared hosting environment. Additionally, zeWEBHOST supports mobile applications
created with .NET Mobile.
zeWEBHOST is able to set the following MIME types on the web server to support standard WML. wbmp - image/vnd.wap.wbmp wml - text/vnd.wap.wml wmlc - application/vnd.wap.wmlc wmls - text/vnd.wap.wmlscript wmlscriptc - application/vnd.wap.wmlscriptc
Visa and MasterCard have implemented security compliance programs that all
credit card merchants of a certain size must conform to. The programs
are:
MasterCard Site Data Protection (SDP) http://sdp.mastercard.com Visa Cardholder Information Security Program (CISP) http://www.visa.com/cisp Both Visa & MasterCard compliance programs adhere to the standards set forth in the "PCI Data Security Standard": http://usa.visa.com/download/business/accepting_visa/ops_risk_management/cisp_PCI_Data_Security_Standard.pdf?it=il /business/accepting_visa/ops_risk_management/cisp.html PCI%20Data%20Security%20Standard As part of the compliance check, zeWEBHOST customers (merchants) must hire a 3rd party security company to run a port scan and web server vulnerability check on the zeWEBHOST Web server that hosts their website. These checks may also be performed by the bank in which you have applied for merchant status. zeWEBHOST has passed multiple security audits using 3rd party vendors such as SecurityMetrics and TrustWave/TrustKeeper. A complete list of Qualified Data Security Companies is at: http://usa.visa.com/download/business/accepting_visa/ops_risk_management/cisp_Qualified_Data_Security_Company_List.pdf?it=il /business/accepting_visa/ops_risk_management/cisp_assessors.html Qualified%20Data%20Security%20Company%20%28QDSC%29 Any questions regarding the results of your security compliance check may be forwarded to support@zewebhost.com |
||||||||