Hosting and Development

Hosting

RIT's official web environment is designed to support the marketing and day-to-day business needs of RIT and its colleges, departments, and student organizations.

The official web environment hosts sites for RIT colleges and divisions, academic and administrative departments, academic programs, research labs and sponsored research projects, and other RIT-affiliated entities.

Students, faculty, and staff at RIT may choose to host their own website using people.rit.edu. These sites can make use of common web technologies, such as PHP and Perl, but they are currently not equipped with a separate staging environment, databases, or the version control features that are provided for official sites (www.rit.edu/).

People sites are strongly recommended for personal use. This can extend to coursework and projects assigned by RIT faculty to students. However, if you are looking to create a website to fulfill strictly RIT-affiliated purposes, including, but not limited to, academic programs, colleges and their departments, and campus-wide events, please consider submitting a request for an official web account.

Technical Features


System Software

  • Red Hat Enterprise Linux 7.8 (Maipo)
  • Apache Server 2.4
  • MariaDB 10.5
  • PHP 8.0 and 8.1 (environment default)
  • Perl 5

Supported by ITS

Drupal - RIT's official content management system (CMS). RIT's current Drupal version's:

  • Drupal 7.94
  • Drupal 9.5.8

ITS provides quarterly updates to Drupal core/modules to ensure our environment is up to date and secure. Unless a security update requires an out-of-cycle update


Permitted (Not ITS Supported)*

  • Joomla
  • Wordpress
  • Codeignitor
  • Laravel
  • LAMP Stack Applications

System Software

  • Red Hat Enterprise Linux 7.8 (Maipo)
  • Apache Server 2.4
  • MariaDB 10.5
  • PHP 8.0 and 8.1 (environment default)
  • Perl 5

Supported by ITS

Drupal - RIT's official content management system (CMS). RIT's current Drupal version's:

  • Drupal 7.94
  • Drupal 9.5.8

ITS provides quarterly updates to Drupal core/modules to ensure our environment is up to date and secure. Unless a security update requires an out-of-cycle update


Permitted (Not ITS Supported)*

  • Joomla
  • Wordpress
  • Codeignitor
  • Laravel
  • LAMP Stack Applications

*External development or management of these services are not supported by ITS. Developers are expected to perform all required maintenance, updates, and security to these services while adhering to RIT Web Standards. If developers are experience server related issues, please contact the RIT Service Center

For further details on what standards are supported at RIT, please take a look at the Official RIT Web Standards.

Development Options

University Web Services

University Web Services is RIT's award-winning one-stop shop for website strategy, design & development and photography needs.

 

University Web Services
https://www.rit.edu/webservices

Raman Bhalla
AVP, University Web Services
Email:  raman.bhalla@rit.edu  
Phone: 585-475-2555

Information & Technology Services (ITS)

ITS is charged with maintaining RIT’s Web Environment and creating Web Accounts. For Project Requests, submit a form through the PMO.


ITS Web Services
ITS Web Service Requests

RIT Service Desk
Portal/Chat: help.rit.edu
Phone: 585-475-5000

ITS Project Management Office

The Project Management Office (PMO)  works collaboratively with members of the campus community to provide tangible, repeatable, long-term benefits to the campus community. 
 

ITS Project Management Office
https://www.rit.edu/its/its-project-management-office

University Web Services

University Web Services is RIT's award-winning one-stop shop for website strategy, design & development and photography needs.

 

University Web Services
https://www.rit.edu/webservices

Raman Bhalla
AVP, University Web Services
Email:  raman.bhalla@rit.edu  
Phone: 585-475-2555

Information & Technology Services (ITS)

ITS is charged with maintaining RIT’s Web Environment and creating Web Accounts. For Project Requests, submit a form through the PMO.


ITS Web Services
ITS Web Service Requests

RIT Service Desk
Portal/Chat: help.rit.edu
Phone: 585-475-5000

ITS Project Management Office

The Project Management Office (PMO)  works collaboratively with members of the campus community to provide tangible, repeatable, long-term benefits to the campus community. 
 

ITS Project Management Office
https://www.rit.edu/its/its-project-management-office

Caching

RIT's web environment offers a robust caching solution utilizing Apache Traffic Server (ATS) for our Production websites. 

All of our Drupal 8 websites are configured to utilize ATS to it's fullest extent. This means that websites load blazingly fast and provide the most optimized user experience possible for all users. 

If you have any questions regarding caching, please reach out to the RIT Service Center

Security

Developers are expected to adhere to RIT's Web Security Standards while creating websites and or services. If a website or service is found not to be security compliant, ITS reserves the right to remove the website or service off of our web environment until it is secure. 

Third-party Applications

It's the responsibility of the site owner to ensure installed third-party applications and related modules are updated and patched. Applications that are not updated are often vulnerable to security problems.

Form Validation

All input received via form needs to be validated to ensure the integrity of the data. Do not rely on client-side validation such as JavaScript. JavaScript can be turned off by the client, which will override your validation rules. Server-side validation should be used to ensure data is input as expected. Some parameters that should be considered include:

  • Length of input
  • Data types of input
  • SQL injections
  • Cross-site scripting

For details on what information can and cannot be requested in forms, and other privacy-related issues, refer to Privacy.

Databases

When using databases for your website, static queries should be used, if possible. Otherwise, use prepared statements for dynamic queries. Stored procedures and views should also be considered.

Connection strings should never include embedded usernames and passwords. Use Config Vars available through the CLAWS Web Hosting application to manage your credentials.

Databases should never contain sensitive data such as Social Security numbers. Please contact ITS if your application needs to store sensitive information.

SSL

Any application or website that requires a user to log in needs to use SSL. The official RIT Web hosting environment supports an SSL certificate enabling users to send credentials over https. When .htaccess files are used for authentication, the SSLRequireSSL directive should be set.

Authentication (Login-restricted Websites)

Websites or applications should use RIT Single Sign On (SSO) for authentication whenever possible. Avoid developing your own authentication. Note that authentication via LDAP, either OpenLDAP (ldap.rit.edu) or Active Directory, is deprecated and should be converted to SSO. Consult the Authenticating and Authorizing RIT Users page for more information on the use of SSO in the web environment.

PHP

When developing PHP applications, consider the following:

  • Errors should never be displayed in production
  • When developing applications in the staging environment, consider password-protecting your site
  • Leave register_globals set to "off"
  • Dynamic HTML content should be encoded using htmlentities()
  • Phpinfo() should never be visible on any public-facing site
  • The directive allow_url_fopen should be set to "on"
  • Test your PHP applications after upgrades are performed
  • File system permissions should be set appropriately. On the official Web hosting environment user and group read, write, and execute is sufficient.

Directories/Folders

Directories should not be browsable. A browsable directory is one where a default Web page doesn't exist. As a result, all the files in that directory are listed. To stop a directory from being browsable, simply add an empty index.html file.

Web Standards

RIT's web presence is one of the primary ways to access information about the university. Maintaining consistency and quality of user experiences throughout RIT's digital environment requires consistent application of standards and guidelines. RIT has developed such standards to ensure consistency in the web environment with respect to accessibility, security, scalability, user experience and the use and implementation of current technology. Learn more about RIT's web standards here.

SEO/Analytics

Google Tag Manager (GTM) is a free tag management system that helps users administer various tracking codes and other tags on their websites.

The current RIT standard for tracking web analytic information is to use Google Tag Manager (GTM) to sending pageview and event information into Google Analytics (GA). Generally, each college/division has their own GTM account and container on their websites, and that GTM container sends data to both the main RIT Google Analytics account as well as that college/division's own, separate Google Analytics account. This implementation allows us to see analytics for the whole university, and also allows each college/division to implement their own unique events if required.

Using in Drupal

The Google Tag Manager module is already installed in Drupal if you are using the standard RIT theme. You may need to add your unique college/division GTM container ID to the GTM module. If that is the case, please email jhlcmp@rit.edu for help determining your container ID. At the very least, you can input the main RIT container ID into the Drupal GTM module:
GTM-TKNM7FX.

Note: When using the GTM module, in most cases you should uninstall the Google Analytics module from Drupal. You're sending data via GTM, so having the Google Analytics module send data as well will cause duplicate page views and events.

Using outside of Drupal

Copy the code below and ensure it appears on every page of your website, usually by placing it in the site's template.

This code should appear as high in the <head> of the page as possible:

<!-- Google Tag Manager -->
<script>(function(w,d,s,l,i){w[l]=w[l]||[];w[l].push({'gtm.start':
new Date().getTime(),event:'gtm.js'});var f=d.getElementsByTagName(s)[0],
j=d.createElement(s),dl=l!='dataLayer'?'&l='+l:'';j.async=true;j.src=
'https://www.googletagmanager.com/gtm.js?id='+i+dl;f.parentNode.insertBefore(j,f);
})(window,document,'script','dataLayer','GTM-TKNM7FX');</script>
<!-- End Google Tag Manager -->

Additionally, to gather information for devices that may have JavaScript disabled, this code should appear immediately after the opening <body> tag:

<!-- Google Tag Manager (noscript) --> 
<noscript><iframe src="https://www.googletagmanager.com/ns.html?id=GTM-TKNM7FX" 
height="0" width="0" style="display:none;visibility:hidden"></iframe></noscript> 
<!-- End Google Tag Manager (noscript) -->

Note: the code snippets above use the main RIT GTM container ID, GTM-TKNM7FX. Please email jhlcmp@rit.edu for help determining your college/division's container ID.

Tracking into multiple Google Analytics accounts

If you are using your college/division's GTM container ID, the Google Tag Manager implementation already tracks info into multiple Google Analytics accounts. If you are working with an outsider vendor that needs analytics information in their Google Analytics account as well, you should implement the additional tracking code in your college/division GTM container. Please email jhlcmp@rit.edu if you need help with this.

More Information

If you have any questions about using Google Tag Manager or Google Analytics, send an email with your questions to jhlcmp@rit.edu.