Web Servers

Before running a Web server on the Departmental Network, approval must be obtained from the Department’s Network Administrators (ip-register@eng.cam.ac.uk). This is both to ensure that the Department can monitor web page content for its suitability and in the interests of network security.

Web Pages

In order to comply with University rules, legislation and the proper use of national network funding, the following restrictions apply to web pages and sites published on all computer systems in the Department (note particularly the guideline relating to server security).

1. The use must comply with the University ISC’s Rules, the associated guidelines on interpretation and Web Guidelines, and with the Authorization for Use of the CUDN. These in turn require compliance with JANET Acceptable Use rules and relevant legislation.
   Some of the main points which these cover are that the material must not: be pornographic or defamatory; contravene the Data Protection Act; breach any copyright or trademark registration; or bring the University or Colleges into disrepute. One of the commoner improper uses is use of the University crest without permission.
   There are also requirements under the Disability Discrimination Act for material to be as accessible as possible to disabled users.
2. It must be clear to the reader of any page whether it is being published officially by the Department or privately by an individual. Privately published material must not contain any material which gives the impression that it is an official publication and must indicate who is publishing the material. Material published on behalf of the Department must be approved by someone authorised by the Head of Department to do so.
3. Private Web pages are allowed on the understanding that they are for the provision of information for non-profit-making purposes relating to the individual publishing them. This may include academic and recreational interests but must not extend to the provision of Web pages on behalf of a third party (for which explicit permission must be obtained – see 4 below).
   Additional disk space and other resources will not normally be provided for private Web pages unless the content is primarily academic and of relevance to the work of the Department.
4. If Web pages are to be provided on behalf of a third party or for profit-making purposes, permission must first be obtained from the Computer Systems Committee by sending a written request to the Secretary of the committee. The Department will not normally provide space for Web pages on behalf of a third party unless that person or organisation’s activites are directly related to and compatible with its own.
   Note that the University Computing Service no longer have facilities for providing Web pages for University societies, but instead recommend the use of the Student-Run Computing Facility (SRCF), and societies will normally be required to use these rather than departmental facilities.
5. Particular care must be taken when using facilities which cause the Web server to run additional programs (eg cgi-bin scripts) especially if these are to receive input from a client Web browser. Unless such programs are very carefully written, attacks may be made on the server or other machines by people using deliberately malformed input.
   If one server in the Department can be compromised in this way, it may then be used to attack other machines. Alternatively, programs which generate email, if compromised, can be used to send nuisance email to other sites. Since these types of attack potentially affect the whole Department, carelessness of this type in setting up Web servers may be treated as a disciplinary matter.

In cases of doubt about the appropriateness of material intended for publication on the Web, please email webadmin@eng.cam.ac.uk. In any dispute about appropriate use of the Department’s facilities for the provision of Web material, the Head of Department’s decision is final. Contravention of these guidelines may be treated as misuse of a computer system and dealt with by the ISC’s disciplinary procedures.