On Unix Systems the LinkScan installation procedure assumes the availability of an existing web server, often the Apache system. See LinkScan Installation and Startup Guide for Unix Systems.

The remainder of this section describes the use of LinkScan with various web servers and discusses the associated security considerations.

27.2 LinkScan and Apache

When using LinkScan with Apache (and most other web servers) two sets of considerations must be addressed:

Apache Requirements

Apache normally requires that several conditions be satisfied before it will execute the LinkScan CGI programs -- or any other CGI program, for that matter:

1. The CGI programs must be installed in a directory that is configured to permit CGI executions. This is typically a cgi-bin directory configured with an Apache ScriptAlias However, any directory may be configured to permit CGI executions with the Apache Option ExecCGI
2. The CGI programs must have an appropriate file extension Typically you will need an Apache AddHandler cgi-script .cgi
3. The CGI program and the directory in which it resides will require appropriate permissions. Typically, one would use 711 for the directory and 755 for the CGI file
4. The CGI program must not be owned by nobody
5. The CGI program must include a valid shebang header pointing at the Perl 5 executable on your computer. For example:
   
   #!/usr/local/bin/perl

Unless all of the above are satisfied, Apache will refuse to execute the CGI program and you will likely receive a 500 Server Error or 403 Forbidden response.

LinkScan Requirements

LinkScan imposes certain additional (minimal) requirements:

1. In the linkscan.sys configuration file, the Cgibinurl setting must be configured to point at the directory into which the LinkScan CGI programs have been installed. This is required in order that the LinkScan CGI programs can link to each other. For example: Cgibinurl = http://www.example.com/cgi-bin/
2. In the linkscan.sys configuration file, the Docsurl setting must be configured to point at a directory containing the LinkScan documentation and associated images. For example: Docsurl = http://www.example.com/linkscan/docs/
3. An additional requirement is imposed if (and only if) the LinkScan CGI programs are installed in a directory other than the main LinkScan directory (for example, if you moved them to a cgi-bin directory). In this case, the LinkScan CGI's will need to know where to find the rest of the LinkScan configuration files and databases. In the directory containing the LinkScan CGI programs, create a hidden file called .linkscan. This file needs to contain a single line entry with the full pathname to the main LinkScan directory. For example:
   
   /usr/linkscan/

   Be sure to include the leading and trailing forward-slash characters and make the file world readable (chmod 644 .linkscan).

Although the above guidelines are presented in the specific context of the Apache web server, the basic principals are quite generic and may easily be adapted to almost web server. Note also that LinkScan provides considerable flexibility; you may install the LinkScan CGI programs in one directory, the documentation in another and the main LinkScan system including the databases in a third. Indeed, LinkScan may easily be configured to run in chroot and other similar environments.

27.3 LinkScan Access Controls

LinkScan includes some basic Access Controls that may be configured using the Access command in the configuration file linkscan.sys in the LinkScan directory. These access controls apply to CGI access only. It is assumed that standard operating system features will be used to control access by shell (command line) users.

Access username : password : project-list : owner-list : menu-options

• username: The username by which a user may access the LinkScan CGI scripts to create reports
• password: The password associated with username
• project-list: A comma delimited list of configured Projects that this user is allowed to access
• owner-list: A comma delimited list of configured Owners that this user is allowed to access
• menu-options: A string of characters defining which of the available LinkScan functions are available to username. Valid characters are:

  x = Project Summary Report
  e = Problem Documents Report
  s = Document Detail Report
  k = Critical Errors Report
  d = Detailed Errors Report
  b = Changed Documents Report
  u = Search Documents Report
  v = Search Links Report
  m = SiteMap Report
  y = Summary of All Projects
  c = Selected Status Codes Report
  a = All Pages Linking To ... Report
  o = Orphaned Files Report
  h = External History Report
  r = Redirections Report
  p = System Configuration Report
  q = LinkScan/QuickCheck
  t = LinkScan/TapMap
  

An asterisk character may be used as a wildcard for any or all of the above parameters.

Indeed, a default LinkScan installation will create the following entry in linkscan.sys file providing unrestricted access:

Access = * : * : * : * : *

Facilities are also provided to integrate with HTTP Authentication Schemes. LinkScan will check for the Environment Variable specified by the Httpauth parameter in linkscan.sys (normally REMOTE_USER). If this variable is present, it will be used to set the current Username. LinkScan will assume that the user has already authenticated with the HTTP server and it will not check the password field in linkscan.sys.

Example: In the following example, we have configured two users with different passwords. User 'admin' has unrestricted access, but user 'webmaster' may only access the two Projects specified. Also the "Site History" and "System Configuration" Reports are not available to 'webmaster'.

Access = admin : root : * : * : *
Access = webmaster : html : www.example.com,devel.example.com : * : sxdcmoaqt

27.4 LinkScan Security Considerations

LinkScan incorporates some simple access controls on the various Reporting options and selections when run as CGI scripts. No LinkScan-specific access controls are applied when accessing LinkScan via a shell (command line) interface; it is assumed that normal operating system access controls apply. The LinkScan access controls are subject to the many and varied limitations inherent within the CGI protocol (see the WWW CGI Security FAQ and other sources for further discussion). In summary, if your HTTP server can access any specific file, then, any user with HTTP access to your server may be able to access that file. The LinkScan security features are provided as a convenience but they are no substitute for other more robust system-level security controls such as:

• Firewalls
• Appropriate access controls to the shell (command line) interface
• Appropriate File System access controls, User Id's, Group ID's, Directory and File permissions etc.
• Appropriate HTTP Server and CGI Access Controls
• Secure HTTP and shell access Authentication schemes

We highly recommend that you configure HTTP Authentication of the LinkScan directory. Other measures you may wish to consider include:

• Ensure that the LinkScan directory permissions are configured so that public browsers cannot obtain directory listings.
• Do not create hyperlinks to the LinkScan files from your other documents.
• Exclude the LinkScan directory from your httpd log file and/or published access statistics
• Exclude the LinkScan directory from any local search engine indexing schemes such as Excite, GLIMPSE, SWISH, WWWWAIS.
• Configure a Robot Exclusion file to prevent public Search Engines from indexing the LinkScan directory.

LinkScan for Unix. Reference Manual. Section 27. LinkScan and Various Web Servers
LinkScan Version 11.6
© Copyright 1997-2006 Electronic Software Publishing Corporation (Elsop)
LinkScan™ and Elsop™ are Trademarks of Electronic Software Publishing Corporation