File Uploads to the WWW Server

Please use SFTP software to upload files to the WWW server of this service.
(For the account and password, please refer to the materials sent to you after your application.)

On Windows, you can use SFTP software such as the following:

WinSCP (SFTP protocol only)(JPN)

FileZilla (SFTP protocol only)

On Mac, you can use SFTP clients such as the following:

FileZilla (SFTP protocol only)

About Access Restrictions

Restriction by Source IP Address

Place a .htaccess file in the target directory and write the restriction rules in it.
Example: To allow access only from on-campus (excluding the Event Network):
<RequireAll>
Require ip 131.112.0.0/16 172.16.0.0/12 10.0.0.0/11 10.255.0.0/16 202.242.160.0/19
Require not ip 131.112.213.0/24 10.0.0.0/15
</RequireAll>

Restriction by Account/Password (.htaccess)

In addition to the .htaccess file, you also need to prepare a separate file containing account/password information. (Specify the file path on the AuthUserFile line as a full path.)

  • Basic authentication

[.htaccess]
AuthUserFile /noc/home/[SFTP-Username]/www/[any-directory]/.htpasswd
AuthName "foo directory"
AuthType Basic
require valid-user
[.htpasswd] 
account1:Base64-encoded password
account2:Base64-encoded password
 :

  • Digest authentication
    This may not be supported by some browsers, but it offers higher security than Basic authentication.

[.htaccess]
AuthUserFile /noc/home/[SFTP-Username]/www/[any-directory]/.htdigest
AuthName "foo directory"
AuthType Digest
require valid-user
[.htpasswd] 
account1:password hash
account2:password hash
 :

Please prepare the authentication hashes for Basic/Digest authentication on your side.

About Redirects

Place a .htaccess file in the target directory and write the redirect rules in it.
Example: To redirect the entire site:
 RewriteEngine on
 RewriteRule ^(.*)$ http://[redirect-destination-URL]/$1 [R=301,L]

About cron

The cron of the WWW server is generally not available.
If it is necessary for a university-wide service or program, please consult us separately.

About Bot Blocking

The following bots, from which we have observed a high volume of access in the past, are blocked from accessing this service via WAF (Web Application Firewall):
Baiduspider, Bytespider

About Website Vulnerability Scanning

Please use the vulnerability scanning service provided by the Science Tokyo CERT(JPN).

■ Notes for Scanning
------------------------------------
- The vulnerability scanning tool runs against the live server.
- Since scanning involves simulated attacks, it may generate a large volume of logs or,
  in some cases, a large number of database accesses.
- If the server has email notification functionality, a large volume of emails
  (e.g., error notification emails) may be generated.
- The attacks are simulated and do not cause direct damage, but unintended behavior
  may occur in some cases.


To request a scan, please contact us at pentest@cert.i.isct.ac.jp with the following information:

  - Server name     : (example: cert.titech.ac.jp)  ※Used during Web Application Tests scanning
  - Contact person  :
  - Contact info    :
  - Preferred date  :

Scanning will be conducted from the on-campus IP address [131.112.15.5].

We recommend scheduling scans on weekends or holidays to avoid increased server load during
business hours, and delivering the diagnostic report (Japanese version) on the following Monday.
Given the notes above, we also encourage you to consider testing on an alternative machine.

The diagnostic report (Japanese version) will be sent via Slack DM to the contact person.