Web Guide is no longer being maintained and the information on this page may be out of date. For assistance with managing course materials, please visit MIT's Stellar course management system.

Running Your Own Web Server
Some requirements are best met by running your own Web server.
However, this should be viewed as a serious responsibility. You must
decide how long you can afford to have the server be unavailable, and
plan to ensure that you can recover from disaster within that time.
E.g. that may require someone to carry a pager, and you may need to
have a replacement system on standby.
Be aware
that running a Web server makes your machine very interesting to
malicious people with time on their hands. You must be extra careful
to keep your machine secure. CGI scripts you run may introduce
security flaws. Two main concerns are errors which may allow an
intruder to access your machine to run their own programs, and flaws
which allow someone to overload your server or overfill your hard
drive producing a `denial of service'.
To avoid and recover from disaster:
- Use an uninterruptable power supply
- There are occasional power
outages, some short and unplanned. A UPS can keep your server running
through short outages, and give you time to shut the machine down
gracefully and avoid hard drive damage. GovConnection sells UPSs from APC
and Tripp Lite.
For more information on using a UPS, see Using a UPS to Prevent Hardware Problems.
- Keep backups
- This should be obvious. You can use TSM (ADSM) or keep your own
media. Be sure you know how to restore quickly, and consider how
you'd restore the data to another computer if time-consuming repairs
to the server machine are needed. For further protection, keep backup
media in a separate location, as far away as practical, in case of
major disaster which destroys an entire room or building.
- Pay attention to physical security
- Make sure your
server can't be stolen.
- Pay attention to network security
- Pay attention to the
network security of your computer. Be sure to correct any known OS
security flaws. Only use encrypted telnet, ftp, and http to protect
passwords. A Web server is a tempting target for someone who wants to
produce electronic graffiti or worse. See the Information Security
Office for more information.
For more information: