Managed WWW Server Service FAQ | Server Hosting Service

About the WWW Server

Q. What is a virtual host?

A. The Managed WWW Server Service hosts websites for multiple organizations on a shared server, and each website is referred to as a virtual host.

Please apply for the server name you wish to use as your website address as the virtual host name.

Virtual host names are configured as CNAME records, so you cannot use a name that is the same as a domain name (NS record).

Q. I cannot access the site by its virtual host name.

A. The virtual host name needs to be registered on the DNS server for the domain.
Please contact the administrator of your DNS server.

Q. I want to increase the disk usage limit for my virtual host. / I want to check current usage.

A. Please note that the storage capacity and usage fee for each virtual host are determined by the number of faculty members specified at the time of application.

If your capacity is exceeded, you will not be able to add new files. Please tidy up your usage by deleting unnecessary files and pages, moving files to Box, etc. For security reasons, please refrain from using the service as a general file repository.

You can also check your current disk usage by logging into the administration page for your server.

Q. Can the WWW server (e.g., CGI) communicate with other servers?

A. Communication with servers outside the university is permitted only over http (port 80).

About Accounts and Passwords

Q. When will I receive my SFTP account and password?

A. Once preparations are complete after your application, we will send the URL of a Box folder containing the approval document by email to your designated liaison and your technical-contact mailing list. If you need it urgently, please contact us separately.

Q. I want to change my SFTP account or password.

A. Accounts and passwords cannot be changed.

Q. I have lost my SFTP account or password.

A. We can reissue them. Please have your technical liaison contact us at www-query@noc.cii.isct.ac.jp.

About SFTP Connections

Q. What is an SFTP connection?

A. It is the protocol used to update the content of your website.
Please use port 22 to connect.

Q. Can I use public key authentication?

A. Yes. Please follow the steps below to set it up.

Log in using password authentication.
Create a .ssh directory (permission 700) in your home directory.
Create an authorized_keys file (permission 700) inside the .ssh directory.
Paste your public key into the authorized_keys file.
From the next login, you can log in using public key authentication.

Q. How can I connect from outside the university?

A. For security reasons, SFTP connections are permitted only from on-campus.

As this is a shared server, access restrictions will not be relaxed for individual users.
If you are outsourcing your content work, please either have your contractor deliver the data and have an on-campus staff member upload it, or, for the School of Science and Engineering, consider obtaining an access card and using the VPN service.

For use from the School of Medical and Dental Sciences network, please contact the Information Infrastructure Division, Infrastructure Systems Group 2 (Medical and Dental Information Promotion Office).

Q. How should I specify the path when using scp from the command line?

A. Please refer to the following example. %scp [filename] [SFTP-account-name]@[virtual-host-name]:www/[directory-name]/

Q. I can no longer upload files.

A. Your disk usage may have exceeded the limit.
Please delete unnecessary files and try uploading again.
You can check your current disk usage by logging into the administration page for the WWW hosting server you are using.

About Access Restrictions

Q. Can I configure access restrictions?

A. You can place a .htaccess file in the target directory to apply access restrictions. For details, please see "About Access Restrictions" in the Managed WWW Server Service User Guide.

About CGI

Q. Can I use CGI?

A. Yes. Please place your CGI files in the /www/cgi-bin directory.

Q. What languages can I use?

A. Perl is available. Please note that operation is not guaranteed when using shell scripts or other UNIX commands.

Additionally, due to security considerations, we do not add new UNIX commands. Likewise, operation of binary programs is not guaranteed.

Q. What permissions should I use for CGI?

A. Please set the mode of directories and files under cgi-bin to 754.
* Files that will be written to by programs other than .cgi scripts (e.g., PHP) should be placed in directories outside of cgi-bin.

Q. About CGI execution privileges

A. We use a wrapper program called suexec, so CGI scripts run with the user's privileges.

Q. How can I send email from a CGI script?

A. Please connect to port 25 of the dedicated mail submission server (filter.nap.gsic.titech.ac.jp).
For the information needed to connect, please see Dedicated Mail Submission Server. (No application is required.)

About Database Usage

Q. Can I use a database?

A. One database is available per virtual host.

Q. Can I use only the database (without the WWW server)?

A. We do not provide the database feature on its own.

About CMS Usage (Movable Type, WordPress, etc.)

Q. How can I use Movable Type?

A. Each user must purchase their own license.

Q. I cannot execute mt-upgrade.cgi.

A. Access to mt-upgrade.cgi may be blocked by our WAF (Web Application Firewall).
If you encounter an error, we can temporarily unblock access — please contact us with your host name.

Q. About disabling XML-RPC

A. To prevent unauthorized access exploiting vulnerabilities in Movable Type and WordPress, the WWW server is configured to block access to the following files. If you need to use them, please enable them via a .htaccess file.
mt-xmlrpc.cgi, xmlrpc.php

About Server Logs

Q. Can I view the logs?

A. Yes. They are stored in the logs directory of each SFTP user.
If you experience any communication or configuration issues, please have your designated liaison check the logs directly. There is no need to contact NOC.

Q. How are the logs managed?

A. Logs are compressed weekly and retained for three months.

Q. Where is the access log? How do I read it?

A. It is recorded in /logs/access_log in the following format:
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
For details, please see the Apache 2.4 manual.

Q. Where is the error log? How do I read it?

A. It is recorded in /logs/error_log. For details, please see the Apache 2.4 manual.

About Error Pages

Q. An error page saying "This page can't be displayed. Contact support for..." appeared.

A. This error page is produced by our Web Application Firewall.
Please have your designated liaison send us the URL that was accessed when the error appeared.

About Redirects

Q. Redirecting from an old host name to a new host name

A. If you have applied for an old host name as an alias and you want to redirect access from the old host name to the URL of the new host name, place a .htaccess file in the www directory and write the redirect rules following the example below.
This example redirects requests matching www.noc.titech.ac.jp to https://www.noc.cii.isct.ac.jp.
* If you want to redirect to http instead, change https on the third line to http.

RewriteEngine On
RewriteCond %{HTTP_HOST} ^www\.noc\.titech\.ac\.jp$ [NC]
RewriteRule ^(.*)$ https://www.noc.cii.isct.ac.jp$1 [R=301,L]

About HTTPS Usage

Q. About redirecting from http to https

A. When you use https, we configure the server so that http requests are automatically redirected to https. If you do not want this redirect, please contact us.

Q. Are there any points to be aware of?

A. Encryption in transit and certificate-based signatures improve the security of your site, but you should continue to handle programs such as forms and CGI scripts — and the information collected through them — with the same level of care as before.

Note also that for simple survey forms that do not collect personal information, accepting responses by email may often involve less effort and allow safer management.
Please carefully consider the purpose of use before adopting HTTPS. Please also note the following points:

About encryption

Encryption prevents the contents of communication from being eavesdropped on the network path, but please note that under the current configuration the firewall (WAF, etc.) cannot inspect the encrypted content.

About certificate signatures

Certificates contain information about the site they were issued for. When users access the site, they can check the certificate contents in their browser to confirm that the site is operating legitimately (and is not being misused as a phishing site, etc.).
Currently, GSIC issues certificates on your behalf, so the certificate information reflects GSIC, as shown below:

CN = web-o1.noc.titech.ac.jp OU = Global Scientific Information and Computing Center O = Tokyo Institute of Technology L = Meguro-ku ST = Tokyo C = JP