• https://ares.varndean.ac.uk/qfsearch/admin (Authentication controlled in the apache web server configuration files - all support.vsfc should be OK to access the admin area)

The configuration is based around the concept of virtual servers (regardless of how many sites you want to search).

A virtual server has been setup for students (online), staff (staff.varndean.ac.uk) and the IS Dept (is.varndean.ac.uk).

Each virtual search server is used to group search indexes and provide options that apply to each index in a group. Most options can also be set on each index independantly of other indexes in a group.

Contents 1 Authentication 1.1 Explaination 1.2 Our Authentication Hack 1.2.1 Example Redirection Rule 2 Index Configuration

Authentication

Due to the pathetic authentication system that comes with the QFSearch server, the authentication arrangements are a bit of a hack.

Explaination

QFSearch needs local accounts on the server for each user you want to access the search engine. QFSearch checks permissions to a certain file on the server to see if the users are allowed to search or not (This means we need Universal Passwords, Linux User Management and possibly to have QFSearch installed on an NSS Partition). Unlike other Novell web services, QFSearch *does not* authenticate against eDir or LDAP.

Our Authentication Hack

There are two ways to access a virtual search server (eg staff search index/student search index) QFSearch checks the name of the server you are accessing (eg online.varndean.ac.uk, staff.varndean.ac.uk DNS aliases to ares.varndean.ac.uk) or for a GET variable in the url called 'site' (eg ?site=students or ?site=staff.varndean.ac.uk).

The apache webserver cannot distinuish GET variables, this means there is no way for it to authorise access to a virtual search server based on the ?site= variable. Apache can control who is authorised to access a virtual web server, so using staff.varndean.ac.uk/qfsearch/ should be secure. The problem is that you can still go to the student search engine and enter the GET variable ?site=staff.varndean.ac.uk and get access to summaries of all the pages on the staff intranet using a student account. To stop this a redirection rule has been setup on the webserver to always append the ?site variable to the url. If the variable appears twice in a url, the second entry over-rules the first. This redirection rule is the only thing that locks down the search engine, so it's very important!!!

Example Redirection Rule

RedirectMatch /qfsearch(.*) https://online.varndean.ac.uk/qfsearch$1&site=students

The /qfsearch/admin/ config needs to be set in each virtual host section of apache!

Index Configuration

For the student's virtual search server, indexes have been indivually created for each subject area website. This is to help students find the information they need, and to allow staff to add a "search this website" tool to their subject area sites.

The indexes are recreated in full every weeknight, it doesn't take long to do and that by avoiding incremental updates the server is very fast when users perform a search.

The locations of the indexes should be excluded from the back up software. There have already been problems with tapes filling up and there is really no need to backup the indexes.

If you need to regenerate the indexes during the day, it shouldn't take too long, but you should alter the options so there is a delay between each page request. That should keep the server nice and responsive for everyone.