Strongbox Usage and Requirements
Strongbox have very few requirements, virtually any standard non-windows web hosting plan is compatible! check the Strongbox compatibility list to see if your hosting company is there.
The Strongbox Security Systemtm has a few system/site requirements as to how your web server is set up and how your HTML is coded. Most professional webmasters will already have their servers configured properly and their links coded correctly anyway, so normally they do not need to be adjusted at all.
Strongbox Requirements Checklist
- Apache with mod_rewrite
- Posix System
- CGI scripts under /cgi-bin/
- Wildcard domain sb*.example.com
- Non fully-quallified URL links
- Firewall allows Outgoing ports: UDP/5151, UDP/43 and TCP/43
- Software Dependencies PHP & Perl Modules
Strongbox is designed to protect sites running Apache Web Server with mod_rewrite module.
- AllowOverride: Recommended “AllowOverride All” or at the very least “AllowOverride FileInfo”.
- AcceptPathInfo enabled.
This means Linux, FreeBSD, etc. Strongbox can protect websites on servers running any POSIX style operating system. Please check our Strongbox Compatibility out for a list. Strongbox IS NOT compatible with IIS on Microsoft Windows Servers. We no longer sell nor support Strongbox on a server with any Windows Operating system running IIS.
We will need to be able to run CGI scripts in a normal fashion. Most servers have a standard setup so that CGI scripts can be executed. A typical server configuration has this directory named “/cgi-bin/” and it is usually located either at the same level as the site’s document root, or one level up from document root (so it can referenced by using “../cgi-bin/”). Also, most standard server configurations already have this directory created, the ScriptAlias defined within the site’s VirtualHost. The Strongbox Security Systemtm is no different, and will need to be able to execute CGI scripts as well, from a directory that is named “/cgi-bin/”.
To use The Strongbox Security Systemtm, you must be able to access your site from ANYTHING.your-site.com (catch-all sub-domains). Some hosts set this up by default. On other hosts we can help get it setup for you and it’s not a big deal. We have recently begun keeping a list of which hosts will do this for you without a problem and which will not. At the time of this writing, we’ve found only one host who won’t, but dozens who will. Check our compatibility list to see if your host is listed.
~~> NOTE: If other, similarly named sites exist with the difference in site name being a prefix (ex: join.mysite.com or trial.mysite.com) to the site to be protected (ex: mysite.com), to prevent these “prefixed” sites from being encompassed by the catch-all wildcard, rather than:
please use this instead:
This will preserve the domains named with the special prefixes so they still direct people to the correct pages.
Why we need this: Newtons: our in-URL session IDs
The links on the site, *especially* within the members, or protected, area cannot be full-qualified URLs. You must to use this:
If you have links with full URLs in your members area we can do a search and replace to take care of those for you. Linking in this fashion is desirable with or without the Strongbox Security Systemtm because it lets you move pages from one domain to another or from one directory to another and they still work. For example, some years ago many processors decided that you weren’t allowed to have certain words such as “teen” in your domain name. Webmasters with sites like barelyeighteen.com had to move their sites to new domain names and by linking in the way described above they made the move very easy. With the Strongbox Security Systemtm, leaving the domain name out of the links is not only desirable, but required in most cases.
Most servers require no changes to the firewall. If your server uses an egress firewall to block outgoing connections that your server makes or responses sent in, it can be set to allow Strongbox to query our proxy server. For optimal proxy checking and data accuracy in the reporting module, please be sure the server’s firewall is configured to allow all outgoing queries and their associated responses on UDP ports 5151 & 43 and TCP port 43.
We’ve tried very hard to make The Strongbox Security System tm as simple as possible and not depend on any more software than necessary. Thus it does not require MySQL or anything else other than Perl, mod_rewrite, and Apache. So far we haven’t found any hosts that needed additional software installed. The Perl scripts use the following Perl modules, all of which are standard modules that are almost always already installed:
Strongbox can use two Perl modules that aren’t always installed. Neither of them is required for for sites that use a plain text password file. DBI/DBD is used by Strongbox only if your usernames and password are stored in a database, such as by NATS, rather than in a plain password file. The DBI/DBD modules are pretty standard, as the are required for any Perl script to connect to a database. You can see if they are installed using this command, which will do nothing if it is installed, but will give an error if not:
perl -e 'use DBD::mysql;'
Strongbox CAN use the Inline module in order to run more efficiently. Strongbox will use it if it’s installed, or not use it if it’s not. You can check for Inline with:
perl -e 'use Inline'
Either of these modules can be installed using either RPM/yum/apt or by Perl itself using CPAN.
To install using yum/apt:
yum install perl-DBD-MySQL yum install perl-Inline # On Debian-based systems apt-get install libdbd-mysql-perl apt-get install libinline-perl
To install using Perl and CPAN:
perl -MCPAN -e 'install Bundle::DBD::mysql' perl -MCPAN -e 'install Inline'
PHP is used for our login page and logout.php file
- cURL: Client URL Library
- Needed when PHP virtual function is not available, usually when PHP is not running as an Apache module (DSO)
- GD: Graphics Library Support
- (PHP 4 >= 4.0.6, PHP 5), GD 2.0.1 or later (2.0.28 or later is recommended)
- Debian/Ubuntu package: php5-imagick
- CentOS package: ImageMagick
- PHP Settings
- PHP scripts should be able to read the /cgi-bin/ directory in your site.
We strongly recommend to enable SSI (Apache module: mod_includes).