This article discusses considerations for protecting the contents of your Web site.
The primary purpose of running an HTTP server is to provide access for visitors to a Web site on your system. You might think of someone who visits your Web site as you would think of someone who views an advertisement in a trade journal. The visitor is not aware of the hardware and software running your Web site, such as the type of server you are using, and where your server is physically located. Usually, you do not want to put any barrier (such as a Sign On display) between a potential visitor and your Web site. However, you might want to restrict access to some of the documents or CGI programs that your Web site provides.
You might also want a single system to provide multiple logical Web sites. For example, your system might support different branches of your business that have different customer sets. For each of these branches of the business, you want a unique Web site that appears totally independent to the visitor. Additionally, you might want to provide internal Web sites (an intranet) with confidential information about your business.
As a security administrator, you need to protect the contents of your Web site while, at the same time, you need to ensure that your security practices do not negatively affect the value of your Web site. In addition, you need to ensure that HTTP activity does not jeopardize the integrity of your system or your network. The topics that follow provide security suggestions when you use the program.