Your MCECS account comes with the capability to display web pages, though it does require a baseline knowledge of the MCECS web infrastructure and some fundamental web development concepts. This guide provides the necessary information required for all MCECS users to engage in user account-based web development.
|Table of Contents|
Note: Web pages created with your MCECS account should be related to coursework and projects.
For users unfamiliar with how web servers work, file permissions in Linux and how to change them, or how to navigate a file system from a web browser, read the following guide:
Hosted Directories – public_html vs dev_html
We provide two distinct directories that allow users to host their own personal sites depending on their needs: public_html and dev_html. Both of these directories are located in the Linux home directory of your MCECS account (i.e. the directory you begin in when logging into a Linux terminal), and in the directory /home/username/web.
The files and directories you place inside of public_html are reachable from a web browser at this URL:
The files and directories you place inside of dev_html are reachable from a web browser at this URL:
Although the names and URLs of these two directories are similar, the way the web server interacts with them is very different.
Publicly Visible Web pages – public_html (https://web.cecs.pdx.edu/~username)
The contents of your public_html directory have a public address, which means that anyone on the Internet can view files in this directory from a web browser as long as they are retrievable (i.e. they have the correct permissions) by the web server.
CAUTION: Before making files retrievable in public_html, security considerations must be taken into account. This includes ensuring your code is securely written and that any third-party web applications have been patched for security vulnerabilities.
MCECS Security Protocols and Logview
To assist in guaranteeing the security of our public web environment in MCECS, the CAT employs a set of protocols, called mod_security, that detect vulnerabilities in the public_html files of every user. If mod_security detects a potential vulnerability in a file, the web server will produce an error when that file is requested by a web browser.
This means that encountering an error while requesting a file from your public_html directory may be caused by either incorrect permissions or mod_security. You can monitor traffic throughout your website and troubleshoot errors using our Logview tool in Intranet:
Using Logview, you can learn information about each access request, including the IP address of the individual who made the request and whether or not the request was successful, indicated by the status code.
A status code of 403, such as in the first row above, indicates that the request was unsuccessful due to either incorrect permissions or a detected security vulnerability. A status code of 200, such as in the second row above, indicates that the request was successful.
Note: Mod_security may detect vulnerabilities in certain web apps because of the nature of their code, even though they may not necessarily pose a security risk. If you believe this to be the case, you can contact the CAT to resolve this issue after confirming that the web app is securely patched and the permissions are correct.
Although mod_security helps negate risks involved in public web development, it is not infallible. It is still necessary for you to maintain secure coding habits before making files publicly visible. To that end, we will introduce the dev_html directory.
Internally Visible Web Pages – dev_html (https://devweb.cecs.pdx.edu/~username)
If you’re interested in developing your site without the security concerns involved in being publicly accessible, the dev_html directory is provided. Pages hosted here are only retrievable from within the PSU-internal network.
Since these pages are not accessible to the outside world, mod_security is disabled. This means that you will not have to be concerned with security measures in dev_html files as you would with files in public_html.
To access web pages placed in your dev_html directory from a web browser, you must either be connected to the Internet while on campus, or connected to a VPN if you wish to access it off campus. For more information about how to connect to a VPN, go to:
Required Directory and File Permissions
To enable the Apache web server to successfully retrieve a directory, it’s permissions must be set to at least 711. This is enabled using the following chmod command:
chmod 711 <directory name>
A file, on the other hand, must have its permissions set to at least 600 for the Apache web server to retrieve it. This is enabled using the following chmod command:
chmod 600 <file name>
You can enable more permissions than the above designations to a given file or directory if necessary. Enabling fewer permissions will produce a 403 error if attempting to view the file or directory on a web browser.
Note: Although you can change the permissions of the dev_html and public_html directories from your home directory, you must navigate to /home/username/web to view their current permissions.
This is because the public_html and dev_html directories located in your home directory are symbolic links to their true location in /home/username/web. Symbolic links always have permissions set to 777.
Password Protecting a Web Page
The Apache web servers used in MCECS allow for password protection on web pages. This is a great way to practice user authentication and introduce an added layer of security to the files in your public_html directory. To learn how, read the following guide:
Alternate Ways to Access Your Hosted Directories
In addition to reaching dev_html and public_html from your Linux home directory, you can also ssh into an MCECS server dedicated to accessing these directories: websftp.cecs.pdx.edu.
From an MCECS Windows computer, you can access your hosted directories by typing the following address into the File Explorer or This PC address bar:
However, you cannot change the permissions of files in these directories in a Windows environment. This can only be done using the Linux chmod command, as explained above.
Web Server Infrastructure
The current web servers used by MCECS run Apache 2.4. To view a list of modules and configurations provided by the MCECS Apache web servers, go to: