IBM HTTP-Server for AS/400 Configuration: Difference between revisions
(→Links: Fixed dead link) |
(→Links: +link (for future expansion of the article)) |
||
(9 intermediate revisions by the same user not shown) | |||
Line 25: | Line 25: | ||
In the latter two files you can add as many members as desired and thus have as many independent server instances as required. They are automatically started according to the settings in <code>CHGHTTPA</code>. | In the latter two files you can add as many members as desired and thus have as many independent server instances as required. They are automatically started according to the settings in <code>CHGHTTPA</code>. | ||
== Complete | == Complete configuration documentation == | ||
# Template Configuration - Examples for all possible directives | # Template Configuration - Examples for all possible directives | ||
# https://www-01.ibm.com/software/webservers/httpservers/doc/v4r4/wmg/RZAG2M07.HTM | # https://www-01.ibm.com/software/webservers/httpservers/doc/v4r4/wmg/RZAG2M07.HTM | ||
Line 8,264: | Line 8,264: | ||
# * Denial of service | # * Denial of service | ||
# ------------------------------------------------------------------------------ | # ------------------------------------------------------------------------------ | ||
== Minimal working configuration examples == | |||
Each standard (aka, non-admin) site has one member with the same name in both of <code>QATMHINSTC</code> and <code>QATMHTTPC</code>. The former establishes parameters for the server instance, the latter ist the configuration itself. | |||
<syntaxhighlight lang="Bash"> | |||
# Specify the port on which you want the server to listen for requests | |||
Port 8080 | |||
# | |||
# Multi-format processing | |||
MultiFormatProcessing none | |||
# | |||
# Specify the data type of files with particular extensions | |||
AddType .html text/html 8bit | |||
AddType .jpg image/jpeg binary | |||
# | |||
# Specify the MIME content encoding of files with particular extensions | |||
AddEncoding .gz x-gzip | |||
AddEncoding .Z x-compress | |||
# | |||
# Specify the maximum time allowed for your server to send output to a client | |||
OutputTimeOut 2 mins | |||
# | |||
# Specify the minimum number of threads to keep available or active | |||
MinActiveThreads 2 | |||
# | |||
# Specify the maximum number of threads to have active | |||
MaxActiveThreads 20 | |||
# | |||
# Specify the amount of time that the server waits before cancelling a | |||
# persistent connection | |||
PersistTimeout 2 mins | |||
# | |||
# Specify the maximum number of requests that the server receives on a | |||
# persistent connection | |||
MaxPersistRequest 20 | |||
# | |||
# DenialOfServiceThreshold - Detection of DOS Conditions | |||
DenialOfServiceThreshold 0 1 minute | |||
</syntaxhighlight> | |||
Notes: | |||
* The list of MIME type association is far from complete. Do not assume automatic built-ins! | |||
* <code>DenialOfServiceThreshold</code> is essentially disabled, because I'm using a reverse-proxy in front which makes DDOS detection moot. | |||
* I also did not specify logging parameters to essentially do no logging at all, because all accesses come from the reverse proxy, anyway. The mentioned reverse proxy itself logs accesses, thus there is no need to create additional burden to the probably older and slower AS/400 by establishing (redundant) logging. | |||
The ''mapping'' of (virtual) http paths to real paths is established in the following sections. For details see the "Pass - Accept matching requests" section in the [[#Complete configuration documentation|complete configuration documentation]] above. | |||
=== Webroot in the IFS === | |||
<syntaxhighlight lang="Bash"> | |||
# Set up access control for the server | |||
Pass /* /QOpenSys/var/www/mysite/* | |||
# | |||
# Specify settings for welcome pages | |||
Welcome index.html | |||
</syntaxhighlight> | |||
Every resource appended to <code>/</code> in the browser's URL line is automatically prepended by <code>/QOpenSys/var/www/mysite/*</code>, and handed off to the file system code. Very much like each recent, decent web server software works. | |||
Many sources rightfully recommend to '''not''' use the PC-DOS compatible document library filesystem mainly for performance reasons. I'm using ''/QOpenSys'' because compared to the IFS root, this is case sensitive and thus closer to real UNIX semantics. | |||
=== Using source physical files === | |||
You can also serve web pages from source physical files. Each member is a separate HTML document. Because the naming scheme is predefined by OS/400 a lot of page-individual configuration needs to be done: | |||
<syntaxhighlight lang="Bash"> | |||
# Pages via QSYS.LIB | |||
Pass /index.html /QSYS.LIB/QGPL.LIB/MYSITE.FILE/INDEX.MBR | |||
Pass /impressum.html /QSYS.LIB/QGPL.LIB/MYSITE.FILE/IMPRESSUM.MBR | |||
Pass /dse.html /QSYS.LIB/QGPL.LIB/MYSITE.FILE/DSE.MBR | |||
Redirect / /index.html | |||
</syntaxhighlight> | |||
Compared to the IFS, there are quite some restrictions and other considerations: | |||
* The free formatting capability of HTML source often yields some very long lines along many short ones. Since the <code>QSYS.LIB</code> is hosting record-oriented files exclusively, this might result in considerable overhead of allocated storage, and probably more data to be read from disk. | |||
* You can't meaningfully store binary streams (images) in source PFs. One way to deal with this is to ''imbed'' a Base64 encoded copy in the HTML <code><nowiki><img src></nowiki></code> tag. The Base64 decoding ignores line wrapping, so you can fill up lines to the maximum configured length. Example: | |||
<syntaxhighlight lang="html"> | |||
<img src="data:image/jpeg;base64,base64-encoded-text-goes-here"> | |||
</syntaxhighlight> | |||
* The member ''type'' '''must''' be <code>HTML</code>. Anything else will be sent with a MIME type of <code>text/plain</code>. | |||
** This precludes using CSS files, because they will be delivered with the wrong MIME type. You can work around this by using ''server side includes'' with the <code>include virtual</code> HTML comment directive. You need to enable ''imbeds'' in the server configuration, though. | |||
*** The configuration documentation states that ''files'' refer to IFS includes only, but <code>include virtual</code> works just fine with QSYS.LIB members. They need to be referred with a ''Pass'' directive, though. | |||
If you prefer to edit members with SEU, SRC PFs should be created with <code>rcdlen(134)</code>, yielding a maximum line length of 122. No sideways scrolling is necessary with this setting on a 27×132 (emulated) terminal, while maintaining ample horizontal space for formatting purposes. | |||
Why would one serve HTML pages from the apparently cumbersome <code>QSYS.LIB</code> filesystem? I have not gathered measurements yet, but I'd expect better performance. It's well known that even the IFS isn't exactly a speed wonder. On older and slower machines, this can truly make a difference. | |||
== Links == | == Links == | ||
* [https://www.ibm.com/resources/publications/OutputPubsDetails?PubID=GC41543405 HTTP Server for AS/400 Webmaster's Guide], GC41-5434-05 | * [https://www.ibm.com/resources/publications/OutputPubsDetails?PubID=GC41543405 HTTP Server for AS/400 Webmaster's Guide], GC41-5434-05 | ||
* [http://www.redbooks.ibm.com/redbooks/pdfs/sg245645.pdf AS/400 HTTP Server Performance and Capacity Planning], IBM | * [http://www.redbooks.ibm.com/redbooks/pdfs/sg245645.pdf AS/400 HTTP Server Performance and Capacity Planning], IBM RedBook SG24-5645-00 | ||
* [https://www.ibm.com/resources/publications/OutputPubsDetails?PubID=sg24481501 Cool Title About the AS/400 and Internet], SG24-4815-01. | |||
* [https://www.ibm.com/docs/en/i/7.4?topic=programming-writing-persistent-cgi-programs Writing persistent CGI programs], IBM.com | |||
== Footnotes == | == Footnotes == |
Latest revision as of 10:53, 22 October 2024
The configuration of the IBM HTTP-Server for AS/400 is rather poorly documented. It's possible to manually edit the configuration with WRKHTTPCFG
, but
- in the default configuration, many directives are not included (as comments),
- the nine-line excerpt from a large text configuration isn't helpful for retaining a certain overview,
- the editor is awkward and slow.[1]
The procedures presented here were tested with OS/400 V4R5.
Web based configuration tool
There is a web-based administration interface on the AS/400, usually listening on TCP port 2001. If a connection via http fails, the server instance is not active and must be started prior to use.
STRTCPSVR SERVER(*HTTP) HTTPSVR(*ADMIN)
After some time you can then log into the admin UI with QSECOFR and take a look at the interface. Patience is a must, the server-side component is painfully slow. [2] However, this allows a comprehensive configuration of all server directives.
New directives entered via web UI are just appended to the end of an existing configuration. This is further limiting overview.
Manual, text based configuration
Processing the configuration members with SEU is not possible because the members are contained in a database table file instead of a source physical file. [3] SEU only processes members from src-pf.
Fortunately it is possible to download the configurations via FTP/ASCII, edit them locally as desired, and re-upload them afterwards. There are four files with their according members in QUSRSYS:
- QATMHINSTA: Admin Instance Launch Configuration
- QATMHTTPA: Admin Instance Server Configuration
- QATMHINSTC: Normal named Instance Launch Configuration
- QATMHTTPC: Normal named Instance Server Configuration
In the latter two files you can add as many members as desired and thus have as many independent server instances as required. They are automatically started according to the settings in CHGHTTPA
.
Complete configuration documentation
# Template Configuration - Examples for all possible directives # https://www-01.ibm.com/software/webservers/httpservers/doc/v4r4/wmg/RZAG2M07.HTM # (Page no longer existing) #------------------------------------------------------------------------------ # BindSpecific - Specify if the server binds to one or all IP addresses # # Use this directive on a multi-networking system to run a different # server instance on each IP address or host name. All the servers may # listen on the same port. # # If you specify On, the server binds to the IP address specified in the # HostName directive only, instead of binding to all local IP addresses. # # If this directive has not been specified, the server binds to the # HostName specified in the CFGTCP command, options 12 and 13. # # If you change this directive, you must stop the server and then start # it again. The server will not pick up the change if you only restart # it. # # Example # BindSpecific On # # Program default setting # BindSpecific Off # # This directive is used by the following form: # * Basic #------------------------------------------------------------------------------ # DNS-Lookup - Specify whether you want to look up host names of clients # # Use this directive to specify whether you want your server to look up # the host name of requesting clients. # # The value you use affects the following things about how your server # works: # * The performance of the server. Using the value of Off improves the # performance of the server because it does not use resources to # perform the host name lookup. The default value is Off. # * The way your server identifies clients when writing to log files: # + Off - Clients identified by IP address # + On - Clients identified by host name # * Whether you can use host names on address templates in protection # setups, server group files, and ACL files. # + Off - Cannot use host names on address templates; must use IP # addresses # + On - Can use host names on address templates; cannot use IP # addresses # # Note: Because of TCP/IP or DNS configurations, a value of On for this # directive does not guarantee hostnames will be resolved into IP # addresses . # # Example # DNS-Lookup On # # Program default setting # DNS-Lookup Off # # This directive is used by the following form: # * Basic #------------------------------------------------------------------------------ # HostName - Specify the fully qualified domain name or IP address for the # server # # Use this directive to specify the domain name or an IP address returned # to clients from document requests. If you specify a domain name, then # you need a domain name server (DNS) to resolve the name into an IP # address. If you specify an IP address, then you do not need a domain # name server. # # For example, you might specify a host name (such as # host.yourcompany.com) or an IP address (such as 9.4.6.128). # # The format for this directive is the following: # HostName name or IP address # # Example # HostName beth.chi.com # # This directive is used by the following form: # * Basic #------------------------------------------------------------------------------ # imbeds - Specify whether server-side includes will be dynamically # imbedded # # Use this directive to specify if you want server-side include # processing to be performed for documents served from the integrated # file system, CGI programs, or both. Server-side include processing is # performed on documents with a content type of text/x-ssi-html. # Optionally, you can specify that server-side include processing also be # performed for documents with a content type of text/html. For more # information about content types, see AddType - Specify the data # type of files with particular extensions. # # You can use server-side includes to dynamically insert information into # the document being returned by the server, such as the following: # * Date # * File size # * Last change date of a file # * CGI or server-side include environment variables # * Text documents # # Server-side include processing causes the server to search your # documents for special commands each time they are served. This can # affect the server's performance and slow down response time to clients. # # the format of this directive is: # imbeds source [type] # # source can be any of the following: # # on # Server-side include processing is done for documents from the # integrated file system and from CGI programs. # # files # Server-side include processing is done for documents from the # integrated file system. # # cgi # Server-side include processing is done for documents returned by # CGI programs. # # off # Server-side include processing is not done for any documents. # # The server checks the content type of each file it retrieves and the # output of each CGI program that it processes. # # Server-side include processing is normally done only for documents # having a content type of text/x-ssi-html. However, you can specify that # documents with a content type of text/html be processed for server-side # includes. # # type can be any of the following: # # SSIOnly # Server-side include processing is done for documents with a # content type of text/x-ssi-html. # # html # Server-side include processing is done for documents with a # content type of text/html and a content type of text/x-ssi-html. # # Note: The server treats html, .html, and .htm files all as HTML. Any # other types of files are retrieved as SSIOnly. # # Each suffix or file name extension must have an AddType directive # defined with the correct content type. If you use suffixes or file name # extensions other than .htm or .html, make sure to define a new AddType # directive with a content type of text/s-ssi-html. # # Example # imbeds files html # # Program default setting # imbeds off SSIOnly # # This directive is used by the following form: # * Basic #------------------------------------------------------------------------------ # Port - Specify the port on which you want the server to listen for # requests # # Use this directive to specify the port number the server should listen # to for requests. The valid range of port numbers is 1 through 65535. # The standard port number for HTTP is 80. Other port numbers less than # 1024 are reserved for other TCP/IP applications and should not be used. # Port numbers 8080 and 8008 are commonly used for proxy servers. # # When a port other than 80 is used, clients are required to include a # specific port number on requests to the server. The port number is # preceded by a colon and placed after the host name on the URL. For # example, the URL, # http://www.bethh.com:8008/ # # requests the default welcome page from a host named www.bethh.com that # is listening on port 8008. # # If you change this directive, you must stop your server and then start # it again for the change to take effect. The server will not pick up the # change if you only restart it. For more information on stopping and # starting your HTTP server, see the AS/400 Information Center. # # Example # Port 8080 # # Program default setting # Port 80 # # This directive is used by the following forms: # * Change instance parameters # * Basic #------------------------------------------------------------------------------ # UserID - Specify the default access control user ID # # Use this directive to specify the AS/400 system profile the server # changes to before accessing files. For a protected resource (one for # which Protection directives are defined), the UserID subdirective # specifies which AS/400 system profile the server temporarily swaps to # while serving that resource. # # All UserID directives (and subdirectives specified for a protected # resource) are verified during startup. If any UserID directive or # subdirective does not satisfy the following rules, the server instance # does not start and messages are sent to QSYSOPR: # * A valid AS/400 system profile must be specified # * The value QSECOFR cannot be specified on the directive # * The profile that issued the STRTCPSVR command must have *USE # authority to the profiles specified on all of the UserID directives # and subdirectives. # # Note: Because IBM HTTP server swaps to the profile that you specify on # the UserID directive, you should be careful what profile you specify. # For example, if you create a profile MIGHTY1 that is of the class # *SECOFR and use that on the UserID directive, then whenever the server # invokes a swap to that profile, all AS/400 authority checking for the # requested resource is based on that profile. # # There are two special values you can use on the UserID directive or # subdirective. Entering %%SERVER%% uses the default profile QTMHHTTP # unless a protection setup has a different UserID subdirective # specified. Entering %%CLIENT%% causes the server to challenge the # client on each and every request for a user ID and password. # # Note: When the server is running under the QTMHHTTP profile (the # QTMHHTTP profile is the default) and no UserID directive is in effect, # the server switches to the QTMHHTP1 profile before starting a CGI # program. However, when a CGI program is running on servers where the # UserID directive is in effect or within a protection setup where the # UserID subdirective has been specified, the program is executed under # the specified profile. If the profile does not have authority to the # specified program, the request is rejected. # # Example # UserID Webmaster # # Program default setting # UserID %%SERVER%% # # This directive is used by the following form: # * Basic #------------------------------------------------------------------------------ # CGI Settings - Specify how the server processes Common Gateway Interface # (CGI) programs # # The CGI settings control how your server handles conversions between # EBCDIC and ASCII for CGI input and output. The values that you specify # on these directives determine the default conversion mode for the # server. You can override these values with an optional parameter on the # Exec or Service directives by using the Request routing form. The # Request routing form is located in the Request Processing subheading of # the Configurations section of the Configuration and administration # forms. # # If you configure the server to convert between ASCII and EBCDIC, the # server will check entity bodies with text/* or # application/x-www-form-urlencoded Content-Types for a charset tag. If # found, the server converts the corresponding ASCII CCSID to the EBCDIC # CCSID of the job. If not found, the server uses the value of the # DefaultNetCCSID configuration directive as the CCSID from which to # convert. # # See the IBM HTTP Server Web Programming Guide, GC41-5435, for more # information about CGI and the conversion modes. # # You can use the CGI settings form to specify these values. The CGI # settings form is located in the CGI subheading of the Configuration # section of the Configuration and Administration forms. # # CGIConvMode - Specify the CGI conversion mode that the server will use # # Use this directive to specify the CGI conversion mode that your server # will use when processing Common Gateway Interface (CGI) programs. # # For more information about this directive, see the online help for the # CGI Settings form. This form is located in the CGI subheading in the # Configurations section of the Configuration and Administration forms. # For more general information about using CGI programs with your server, # see the IBM HTTP Server Web Programming Guide, GC41-5435. # # The format for this directive is the following: # CGIConvMode value # # where value is a CGI conversion mode from the following list: # # %%MIXED/MIXED%% # The server converts CGI environment variables to EBCDIC CCSID # 37, including QUERY_STRING. The server converts Stdin data to # the CCSID of the server job. However, the encoded characters # "%xx" are still represented by the ASCII 819 octet. The server # provides the header output in EBCDIC CCSID 37. However, the # ASCII 819 octet must represent the encoded characters "%xx". The # server assumes that the body output is in the default CCSID of # the server job unless specified otherwise using the Content-type # header. This is the default setting. # # %%EBCDIC/MIXED%% # The server converts everything into the EBCDIC CCSID of the job. # In addition, the server converts escaped octets from ASCII to # EBCDIC. The server provides the header output in EBCDIC CCSID # 37. However, the ASCII 819 octet must represent the encoded # characters "%xx". The server assumes that the body output is in # the default CCSID of the server job unless specified otherwise # using the Content-type header. # # %%BINARY/MIXED%% # The server converts environment variables into the EBCDIC CCSID # of the job, but performs no conversions on either QUERY_STRING # or stdin data. The server provides the header output in EBCDIC # CCSID 37. However, the ASCII 819 octet must represent the # encoded characters "%xx". The server assumes that the body # output is in the default CCSID of the server job unless # specified otherwise using the Content-type header. # # %%EBCDIC_JCD/MIXED%% # The server will use the Japanese Codepage Detection utility to # determine which Japanese CCSID to convert from. Otherwise, this # option is the same as the %%EBCDIC/MIXED%% option. # # %%EBCDIC/EBCDIC%% # The server converts everything into the EBCDIC CCSID of the job. # In addition, the server converts escaped octets from ASCII to # EBCDIC. The server provides the header output and encoded # characters "%xx" in EBCDIC CCSID 37. The server assumes that the # body output is in the default CCSID of the server job unless # specified otherwise using the Content-type header. # # %%BINARY/BINARY%% # The server converts environment variables into the EBCDIC CCSID # of the job, but performs no conversions on either QUERY_STRING # or stdin data. The server provides the header output and encoded # characters "%xx" in ASCII 819. The server assumes that the body # output is in ASCII 819 unless specified otherwise using the # Content-type header. # # %%BINARY/EBCDIC%% # The server converts environment variables into the EBCDIC CCSID # of the job, but performs no conversions on either QUERY_STRING # or stdin data. The server provides the header output and the # encoded characters "%xx" in EBCDIC CCSID 37. The server assumes # that the body output is in the default CCSID of the server job # unless specified otherwise using the Content-type header. # # %%EBCDIC_JDC/EDCDIC%% # The server will use the Japanese Codepage Detection utility to # determine which Japanese CCSID to convert from. Otherwise, this # option is the same as the %%EBCDIC/EBCDIC%% option. # # Note: If you previously specified the following conversion modes, they # will continue to function as indicated. # * %%MIXED%% mode is equivalent to %%MIXED/MIXED%% mode # * %%EBCDIC%% mode is equivalent to %%EBCDIC/MIXED%% mode # * %%BINARY%% mode is equivalent to %%BINARY/MIXED%% mode # * %%EBCDIC_JDC%% mode is equivalent to %%EBCDIC_JDC/MIXED%% mode # # Example # CGIConvMode %%BINARY/BINARY%% # # In this example, the server processes environment variables into the # EBCDIC CCSID of the job. The server converts escaped octets in the # environment variables from ASCII to EBCDIC and does not perform any # conversions on QUERY_STRING or stdin data. # # Program default setting # CGIConvMode %%MIXED/MIXED%% # # This directive is used by the following forms: # * CGI settings #------------------------------------------------------------------------------ # DefaultFsCCSID - Specify server character set environment # # Use this directive to explicitly specify the server character set # environment. The DefaultFsCCSID directive specifies the CCSID that your # server runs under. This directive defines the EBCDIC CCSID that is used # when the server converts: # * Input request data for user CGI programs # * Output response data from user CGI programs to be sent back to the # requester (client browser) # * When serving documents from QSYS.LIB and no ASCII CCSID can be # deduced from the file CCSID # # For information about the ASCII/EBCDIC data conversions on AS/400, see # AS/400 National Language Support, SC41-5101. # # You can use the -fsccsid instance startup value with the STRTCPSVR # command to override the DefaultFsCCSID directive when you start the # server. # # If you change this directive, you must stop the server and start it # again. # # For more information about this directive, see the online help for the # Environment variables form. This form is located in the CGI subheading # in the Configurations section of the Configuration and Administration # forms. # # Example # DefaultFsCCSID 5026 # # Program default setting # QCCSID system value # # This directive is used by the following forms: # * CGI settings # * Environment variables #------------------------------------------------------------------------------ # DefaultNetCCSID - Specify client character set environment # # Use this directive to explicitly specify the client character set # environment. This directive defines the ASCII CCSID that is used when # converting: # * Input request data for user CGI programs # * Output response data from user CGI programs to be sent back to the # requester (client browser) # # For information about the ASCII/EBCDIC data conversions on AS/400, see # AS/400 National Language Support, SC41-5101. # # This directive overrides the Coded Character Set Identifier value # specified on the CHGHTTPA command. # # You can use the -netccsid instance startup value with the STRTCPSVR # command to override the DefaultNetCCSID directive when you start the # server. # # If you change this directive, you must stop the server and start it # again. # # For more information about this directive, see the online help for the # Environment variables form. This form is located in the CGI subheading # in the Configurations section of the Configuration and Administration # forms. # # Example # DefaultNetCCSID 5052 # # Program default setting # DefaultNetCCSID 00819 # # This directive is used by the following forms: # * Global server parameters # * Change instance parameters # * Environment variables #------------------------------------------------------------------------------ # JavaClassPath - Specify the Java class path # # Use this directive to specify the Java class path that the server # should use when it runs Java CGI programs. # # The format for this directory is the following: # JavaClassPath directory;directory;...directory # # where directory is a classpath for Java CGI programs. # # Example # JavaClassPath /QIBM/UserData/java/classes.zip; # /QIBM/UserData/java/cgi/classes.zip; # /QIBM/UserData/java/public # # Note: The directive must be typed on one line, even though here it is # shown on more than one line. # # Program default setting # # All classes must be in the same directory as the your Java CGI # programs. # # This directive is used by the following form: # * CGI settings #------------------------------------------------------------------------------ # MaxContentLengthBuffer - Set the size of the buffer for dynamic files or # files retrieved from another server # # Use this directive to set the size of the buffer for dynamic data # generated by the server. Dynamic data is output from CGI programs, # server-side includes, and API programs. It is data that does not come # from a proxy request. # # The value can be specified in bytes (B), kilobytes (K), megabytes (M), # or gigabytes (G). It does not matter if you have a space between the # number and the value (B, K, M, G). # # Example # MaxContentLengthBuffer 2 M # # Program default setting # MaxContentLengthBuffer 100 K # # This directive is used by the following form: # * CGI settings #------------------------------------------------------------------------------ # CgiThreadedMode - Specify whether the default for CGI jobs are multiple # thread capable or not # # Use this directive to specify whether your CGI programs should be run # in a job that is multiple thread capable. # # The HTTP server uses a pool of pre-started jobs for handling CGI # requests. Multiple threaded programs must run in a multiple # thread-capable job. The job pool that the job runs in is specified at # job start-up time. Once the job has started, it cannot be changed to # another job pool. Since not all APIs are thread safe, some will issue # an error if started in a multiple thread-capable job. This happens even # if the program does not actually have multiple threads running. Because # of this, the HTTP server must default to non-multiple thread capable # jobs for CGI programs for compatibility reasons. If your CGI program is # multiple-thread capable, it must run in a multiple threaded job. The # CgiThreadedMode directive allows you to change the default CGI job pool # from non-multiple thread capable to multiple thread capable. The Exec # directive can be used to allow CGI programs matching particular URLs to # run either multiple thread capable or non-multiple thread capable on a # case-by-case basis. # # Note: This directive has no impact on CGI programs written in JAVA. # JAVA CGI programs are always run in a job that is multiple thread # capable. # # Example # CgiThreadedMode On # # Program default setting # CgiThreadedMode Off # # This directive is used by the following form: # * CGI settings #------------------------------------------------------------------------------ # Environment variables - Specify environment variable inheritance for CGI # programs # # When the server runs a CGI program, it passes information about the # request and about the server itself to the CGI program using # environment variables. You can use these directives to specify which # environment variables you want your CGI programs to inherit and which # ones you do not want your CGI programs to inherit. A list of CGI # environment variables can be found in the IBM HTTP Server Web # Programming Guide, GC41-5435. # # If you do not specify an InheritEnv directive, all CGI environments are # inherited by CGI programs. If at least one InheritEnv directive is # specified, only those environment variables specified with InheritEnv # will be available along with the CGI-specific environment variables. # You can optionally initialize the value of the variables that are # inherited by using the form ENV=VALUE. By default all environment # variables are inherited by CGI programs. You can exclude individual # environment variables from being inherited by specifying the # DisInheritEnv directive. # # The Environment variables form is located in the CGI subheading of the # Configuration section of the Configuration and Administration forms. # # DisInheritEnv - Specify which environment variables are disinherited by # CGI programs # # Use this directive to specify which environment variables that you do # not want your CGI programs to inherit. This excludes the CGI # environment variables that are specific to CGI processing. # # If you do not specify an InheritEnv directive, then CGI programs # automatically inherit all CGI environment variables. If you specify at # least one InheritEnv directive, then only the environment variables # that you specify are available to CGI programs, along with the # CGI-specific environment variables. You can optionally initialize the # values of the variables that CGI programs inherit by specifying your # entries in the form of ENV=VALUE. By default, CGI programs inherit all # environment variables. You can exclude individual environment variables # from being inherited with the DisInheritEnv directive. # # Refer to the IBM HTTP Server Web Programming Guide, GC41-5435, for a # list of the CGI-specific environment variables. # # Example # DisInheritEnv PATH # DisInheritEnv LANG # # In this example, all environment variables except for PATH and LANG # will be inherited by CGI programs. # # This directive is used by the following forms: # * Environment variables #------------------------------------------------------------------------------ # InheritEnv - Specify which environment variables are inherited by CGI # programs # # Use this directive to specify which environment variables that you want # your CGI programs to inherit. This excludes the CGI environment # variables that are specific to CGI processing. # # If you do not specify an InheritEnv directive, then CGI programs # automatically inherit all CGI environment variables. If you specify at # least one InheritEnv directive, then only the environment variables # that you specify are available to CGI programs, along with the # CGI-specific environment variables. You can optionally initialize the # values of the variables that CGI programs inherit by specifying your # entries in the form of ENV=VALUE. By default, CGI programs inherit all # environment variables. You can exclude individual environment variables # from being inherited with the DisInheritEnv directive. # # Refer to the IBM HTTP Server Web Programming Guide, GC41-5435, for a # list of the CGI-specific environment variables. # # Example # InheritEnv PATH # InheritEnv LANG=ENUS # # In this example, only the PATH and LANG will be inherited by CGI # programs. Furthermore, the LANG variable will be initialized with the # value of ENUS. # # This directive is used by the following form: # * Environment variables #------------------------------------------------------------------------------ # Persistent CGI - Specify the settings for how your server works with # persistent CGI programs # # Persistent CGI defines an interface between CGI programs and the Web # server that establishes a session between the CGI program, the server, # and the client. # # When requests come in to the server for that session, the server routes # the request to the waiting CGI program. This allows the CGI program to # maintain state information, keep files open, and manage database # transactions. Since these CGI programs may remain active for extended # periods of time, you can use these directives to manage their behavior # within the specified limits. # # Use the Persistent CGI form to control how your server controls # persistent CGI activity. The Persistent CGI form is located in the CGI # subheading of the Configuration section of the Configuration and # Administration forms. # # For more information about writing persistent CGI programs for your # server, see the IBM HTTP Server Web Programming Guide, GC41-5435. # # MaxPersistentCGI - Maximum number of persistent CGI jobs # # Use this directive to set the maximum number of active persistent CGI # jobs that you want to have active at one time. You can enter a number # from 1 through 999. The default value is 40. # # Example # MaxPersistentCGI 64 # # Program default setting # MaxPersistentCGI 40 # # This directive is used by the following form: # * Persistent CGI #------------------------------------------------------------------------------ # MaxPersistentCGITimeout - Maximum timeout value for persistent CGI jobs # # Use this directive to set the maximum timeout value for persistent CGI # jobs. You can enter any amount of time greater than 1 second. The # default timeout value is 20 minutes. # # Example # MaxPersistentCGITimeout 15 minutes # # Program default setting # MaxPersistentCGITimeout 20 minutes # # This directive is used by the following form: # * Persistent CGI #------------------------------------------------------------------------------ # PersistentCGITimeout - Default timeout value for persistent CGI jobs # # Use this directive to set the default timeout value for persistent CGI # jobs. You can enter any amount of time greater than 1 second. The # default timeout value is 20 minutes. # # This directive specifies the number of minutes that your server waits # for a client response before ending a persistent CGI session. The CGI # program can override the value that you specify on a request-by-request # basis. # # Example # PersistentCGITimeout 30 minutes # # Program default setting # PersistentCGITimeout 5 minutes # # This directive is used by the following form: # * Pesistent CGI #------------------------------------------------------------------------------ # Welcome page - specify settings for welcome pages # # By default, the server first looks for a welcome file. If no welcome # file exists, then the server displays a directory listing if you enable # the DirAccess directive. Configuration settings control how directory # listings appear and the icons that the listings use. # # You can specify a different set of file names to use as welcome pages # depending on the address from which a request comes into your server. # The file names that you define as welcome pages determine how the # server responds to requests that do not contain a file name. Use the # Welcome page form to specify how your server works with Welcome pages. # The Welcome page form is located in the Directories and Welcome Page # subheading of the Configurations section of the Configuration and # Administration forms. # # AlwaysWelcome - Specify if a welcome file is returned for all directory # requests # # Use this directive to specify if you want your server to always handle # directory requests by first searching the directory for a welcome file. # # The default value is On, which means that the server always searches # the directory for a welcome file. The Welcome directive specifies the # names of the files that the server recognizes as welcome files. # # If you change the value to Off, the server first checks the last # character of requests that refer to AS/400 files, QDLS folders, or # integrated file system directories for the slash (/) character. If a # directory request ends with a slash, the server searches the directory # for a welcome file. If a directory request does not end with a slash, # the server attempts to return a directory listing. # # If the server does not find a welcome file, or AlwaysWelcome is set to # Off and the directory request does not end in a slash, the DirAccess # directive controls whether or not the server responds to the request # with a directory listing. # # Example # AlwaysWelcome Off # # Program default setting # AlwaysWelcome On # # This directive is used by the following form: # * Welcome page #------------------------------------------------------------------------------ # DirAccess - Control directory listings # # Use this directive to specify whether you want your server to return # directory listings when requested. The values on the Welcome and # AlwaysWelcome directives determine when a request is interpreted as a # request for a directory listing. # # The default value is Off, which means that the server cannot return # directory listings for any directories and subdirectories. If you want # to control which directories and subdirectories the server can return # directory listings for, use: # DirAccess Selective # # If you change the value to On, the server will return directory # listings. # # If you change the value to Selective, the server will return directory # listings for any directory that contains a file named wwwbrws. The # contents of the wwwbrws file are not important, the server only checks # for its existence. The object is a member name of an AS/400 physical # file or a type of object in an integrated file system directory. For # case-sensitive file systems such as /QOpenSys, the wwwbrws name is # lower-case. # # Example # DirAccess On # # Program default setting # DirAccess Off # # This directive is used by the following form: # * Welcome page #------------------------------------------------------------------------------ # Welcome - Specify names of welcome files # # Use this directive to specify the name of a welcome file the server # should look for to respond to requests that do not contain a specific # file name. You can build a list of welcome files by putting multiple # occurrences of this directive in the configuration file. # # You can specify a different set of file names to use as welcome pages # depending on the address that your server receives a request from. The # file names that you define as welcome pages determine how the server # responds to requests that do not contain a file name. # # For example, you might want to specify that homeA.html is a welcome # page only for requests that the server receives on the IP address # 9.4.6.128. You could also specify that homeB.html is a welcome page # only for requests that your server receives on 9.83.1.191. # # For requests that contain a directory name but not a file name, the # AlwaysWelcome directive controls whether the server looks in the # directory for a welcome file to return. By default, AlwaysWelcome is # set to a value of On. This means the server always looks in the # requested directory for a file matching a name specified on a Welcome # directive. If a match is found, the file is returned to the requester. # # If the server finds more than one match between files in a directory # and file names on Welcome directives, the order of the Welcome # directives determines which file is returned. The server uses the # Welcome directive closest to the top of the configuration file. # # Welcome processing is not case-sensitive. For case-sensitive file # systems such as /QOpenSys, the first name found that matches the # welcome name, regardless of case, is returned. For a Welcome # welcome.html directive, in /QOpenSys file system with two files, # welcome.html and Welcome.html, the server could return either file. # # If the server does not find a welcome file in the directory, the # DirAccess directive controls whether or not the server responds to the # request with a directory listing. # # The format of the Welcome directive is: # Welcome file-name [IP-address-template] # # file-name # A file name you want to define as being a welcome file. # # IP-address-template # If your server has multiple connections, you can use this # parameter to specify an address template. If you use the address # template, be sure you do not have any preceding Welcome # directives in your configuration file that do not have the # address template, or your address template will not be # effective. # # The server uses the directive only for requests that come to the # server on a connection with an address matching the template. It # is important to note that it is the address of the server's # connection that is compared to the template, not the address of # the requesting client. # # You can specify a complete IP address (for example, # 204.146.167.72). # # This parameter is optional. Without this parameter, the server # uses the directive for all requests regardless of the connection # the requests come in on. # # Example # Welcome letsgo.html # Welcome Welcome.html # # The above example defines two welcome pages and assumes the # AlwaysWelcome directive is set to its default of On. For requests that # do not contain a file name, the server would try to return a welcome # file from the directory specified on the request (or document root # directory if the request does not specify a file name or a directory). # The server would first look for a file named letsgo.html. If the # directory does not have a letsgo.html file, the server would look for a # file named Welcome.html. # Welcome CustomerA.html 204.146.167.72 # Welcome CustomerB.html 1.11.222.3 # # The above example uses the optional IP address template parameter. Your # server looks for different welcome files based on the IP address of the # connection on which the request arrives. For requests that arrive on # 204.146.167.72, the server looks for welcome files named # CustomerA.html. For requests that arrive on 1.11.222.3, the server # looks for any welcome files named CustomerB.html. If the request # arrives on a different IP address, the server looks for the default # welcome page. # # Initial configuration file setting # Welcome Welcome.html # # This directive is used by the following form: # * Welcome page #------------------------------------------------------------------------------ # Directory list contents - specify settings for directory listings # # A directory listing shows the files and subdirectories that the # directory contains. The server shows each file or subdirectory item on # a separate line along with information about each item. Use the # Directory list contents form to specify how your server works with # directory listings. The Directory list contents form is located in the # Directories and Welcome Page subheading of the Configurations section # of the Configuration and Administration forms. # # DirShowBytes - Show byte count for small files on directory listings # # Use this directive to specify whether directory listings should include # the exact byte count for files smaller than 1 KB. The DirShowSize # directive controls whether the file sizes are displayed. # # A value of Off means the directory listing shows a size of 1 KB for all # files that are 1 KB or smaller. # # Example # DirShowBytes On # # Program default setting # DirShowBytes Off # # This directive is used by the following form: # * Directory list contents #------------------------------------------------------------------------------ # DirShowCase - Use case when sorting file on directory listings # # Use this directive to specify whether directory listings should # distinguish between uppercase and lowercase letters when sorting file # names. # # A value of On means that uppercase letters are placed before lowercase # letters. # # Example # DirShowCase Off # # Program default setting # DirShowCase On # # This directive is used by the following form: # * Directory list contents #------------------------------------------------------------------------------ # DirShowDate - Show date last modified on directory listings # # Use this directive to specify whether directory listings should include # the last modification date for each file. # # Example # DirShowDate Off # # Program default setting # DirShowDate On # # This directive is used by the following form: # * Directory list contents #------------------------------------------------------------------------------ # DirShowDescription - Show descriptions for files on directory listings # # Use this directive to specify whether directory listings should include # descriptions for HTML files. # # For AS/400 source physical files, the description is the member text # value displayed in the WRKMBRPDM command or the value specified in the # HTML file on the HTML <title> tag, when the member text value is blank. # # For integrated file system files, the description is the text value # displayed in the WRKLNK command. # # Example # DirShowDescription Off # # Program default setting # DirShowDescription On # # This directive is used by the following form: # * Directory list contents #------------------------------------------------------------------------------ # DirShowMaxDescrLength - Set the maximum description length on directory # listings # # Use this directive to set the maximum number of characters to show in # the description field on directory listings. # # Example # DirShowMaxDescrLength 30 # # Program default setting # DirShowMaxDescrLength 25 # # Note: The default is 24 characters plus 1 blank for 25 total # characters. # # This directive is used by the following form: # * Directory list contents #------------------------------------------------------------------------------ # DirShowMaxLength - Set the maximum length for file names on directory # listings # # Use this directive to set the maximum number of characters that will be # used for file names on directory listings. # # Example # DirShowMaxLength 30 # # Program default setting # DirShowMaxLength 32 # # This directive is used by the following form: # * Directory list contents #------------------------------------------------------------------------------ # DirShowMinLength - Set the minimum length for file names on directory # listings # # Use this directive to set the minimum number of characters that will # always be reserved for file names on directory listings. If the longest # file name in the directory is longer than this number, the field will # be extended up to the amount specified on the DirShowMaxLength # directive. # # Example # DirShowMinLength 120 # # Program default setting # DirShowMinLength 15 # # This directive is used by the following form: # * Directory list contents #------------------------------------------------------------------------------ # DirShowOwner - Show file owner on directory listings # # Use this directive to specify whether directory listings should include # the owner ID for each file. # # Example # DirShowOwner On # # Default program setting # DirShowOwner Off # # This directive is used by the following form: # * Directory list contents #------------------------------------------------------------------------------ # DirShowSize - Show file size on directory listings # # Use this directive to specify whether directory listings should include # the size of each file. # # Example # DirShowSize Off # # Program default setting # DirShowSize On # # This directive is used by the following form: # * Directory list contents #------------------------------------------------------------------------------ # Directory icons - specify icons that the server uses in directory listings # # You can use the Directory icons form to specify how your server works # with icons on these directory listings. The Directory icons form is # located in the Directories and Welcome Page subheading of the # Configurations section of the Configuration and Administration forms. # # AddBlankIcon - Specify the icon URL used to align the heading of # directory listing # # Use this directive to specify an icon to use for aligning the heading # on directory listings. This can either be a blank icon or another icon # that you want to appear on the headings of your directory listings. For # proper alignment, the icon you use must be the same size as the other # icons that you are using on your directory listings. # # The format of this directive is: # AddBlankIcon icon-URL alternate-text # # icon-URL # # The last part of the URL for the icon. The server adds this value to # the value of the IconPath directive to form the complete URL request. # If the request is for a local file, the server translates the request # through the mapping directives. For the icon to be retrieved, the # mapping directives must allow the request to be passed. # # If you are using the server as a proxy, the complete request must be a # fully-qualified URL pointing to your server. # # alternate-text # # The alternate text to use for the icon if the requesting browser is not # displaying graphics. # # Example # AddBlankIcon logo.gif logo # # Program default setting # AddBlankIcon blank.gif # # The default does not specify alternative text because the icon is # blank. # # This directive is used by the following form: # * Directory icons #------------------------------------------------------------------------------ # AddDirIcon - Specify the icon URL for directories on directory listings # # Use this directive to specify an icon for representing a directory on a # directory listing. # # The format of this directive is: # AddDirIcon icon-URL alternate-text # # icon-URL # # The last part of the URL for the icon. The server adds this value to # the value of the IconPath directive to form the complete URL request. # If the request is for a local file, the server translates the request # through the mapping directives. For the icon to be retrieved, the # mapping directives must allow the request to be passed. # # If you are using the server as a proxy, the complete request must be a # fully-qualified URL pointing to your server. You must map the URL to a # local file and make sure that the mapping directives allow the URL to # be passed. # # alternate-text # # The alternate text to use for the icon if the requesting browser is not # displaying graphics. # # Example # AddDirIcon dir.gif DIR # # Program default setting # AddDirIcon dir.gif DIR # # This directive is used by the following form: # * Directory icons #------------------------------------------------------------------------------ # AddIcon - Bind an icon to a MIME content-type or encoding-type # # Use this directive to specify icons for representing files with a # specific MIME content-type or encoding-type. The server uses the icons # on directory listings. # # The format of this directive is: # AddIcon icon-URL alternate-text type-template # # icon-URL # # The last part of the URL for the icon. The server adds this value to # the value of the IconPath directive to form the complete URL request. # If the request is for a local file, the server translates the request # through the mapping directives. For the icon to be retrieved, the # mapping directives must allow the request to be passed. # # If you are using the server as a proxy, the complete request must be a # fully-qualified URL pointing to your server. You must map the URL to a # local file and make sure that the mapping directives allow the URL to # be passed. # # alternate-text # # The alternate text to use for the icon if the requesting browser is not # displaying graphics. # # type-template # # Either a MIME content-type or encoding-type template. Content-type # templates always contain a slash (/) character. Encoding-type templates # never have a slash. # # Example # AddIcon video_file.gif MOV video/* # # This directive is used by the following form: # * Directory icons #------------------------------------------------------------------------------ # AddParentIcon - Specify the icon URL for a parent directory on directory # listings # # Use this directive to specify an icon for representing a parent # directory on a directory listing. # # The format of this directive is: # AddParentIcon icon-URL alternate-text # # icon-URL # # The last part of the URL for the icon. The server adds this value to # the value of the IconPath directive to form the complete URL request. # If the request is for a local file, the server translates the request # through the mapping directives. For the icon to be retrieved, the # mapping directives must allow the request to be passed. # # If you are using the server as a proxy, the complete request must be a # fully-qualified URL pointing to your server. You must map the URL to a # local file and make sure that the mapping directives allow the URL to # be passed. # # alternate-text # # The alternate text to use for the icon if the requesting browser is not # displaying graphics. # # Example # AddParentIcon parent.gif UP # # Program default setting # AddParentIcon back.gif UP # # This directive is used by the following form: # * Directory icons #------------------------------------------------------------------------------ # AddUnknownIcon - Specify the icon URL for unknown file types on directory # listings # # Use this directive to specify an icon for representing files with # unknown file types on a directory listing. # # The format of this directive is: # AddUnknownIcon icon-URL alternate-text # # icon-URL # # The last part of the URL for the icon. The server adds this value to # the value of the IconPath directive to form the complete URL request. # If the request is for a local file, the server translates the request # through the mapping directives. For the icon to be retrieved, the # mapping directives must allow the request to be passed. # # If you are using the server as a proxy, the complete request must be a # fully-qualified URL pointing to your server. You must map the URL to a # local file and make sure that the mapping directives allow the URL to # be passed. # # alternate-text # # The alternate text to use for the icon if the requesting browser is not # displaying graphics. # # Example # AddUnknownIcon whattheheck.gif huh # # Program default setting # AddUnknownIcon unknown.gif ??? # # This directive is used by the following form: # * Directory icons #------------------------------------------------------------------------------ # DirShowIcons - Show icons in directory listings # # Use this directive to specify whether you want your server to include # icons in directory listings. Icons can be used to provide a graphic # representation of the content type of the files in the listing. The # icons themselves are defined by the following directives: # * AddBlankIcon # * AddDirIcon # * AddIcon # * AddParentIcon # * AddUnknownIcon # # Example # DirShowIcons Off # # Program default setting # DirShowIcons On # # This directive is used by the following form: # * Directory icons #------------------------------------------------------------------------------ # IconPath - Specify the path for the directory listing internal icons # # Use this directive to specify URL information to be added at the # beginning of each icon-URL specified on the following directives: # * AddBlankIcon # * AddDirIcon # * AddIcon # * AddParentIcon # * AddUnknownIcon # # The value that you specify on this directive is added to the icon-URL # value on each of the other directives to form the full request URL for # each icon. The full request can be mapped to a file on your server or # it can be sent as a request to another server. # # The following path and directory is the default location for icons: # /QIBM/ProdData/HTTP/Protect/HTTPSVR/HTML/ICONS # # Notes: # 1. You must map the location of your icons by adding a Pass statement # in the configuration # /QIBM/ProdData/HTTP/Protect/HTTPSVR/HTML/ICONS. # 2. You must use this directive in your configuration file before any # of the other icon directives (such as AddBlankIcon, AddDirIcon, and # so on). # # Example # IconPath http://icons.are.us.com:8080/httpd-internal-icons/ # # In this example, each request for a directory list icon generates a # request to a server named icons.are.us.com. # # IconPath /icons/ # # In this example, each request for a directory list icon generates a # request that begins with /icons/. The server uses its mapping rules to # resolve the request to a local file. # # This directive is used by the following form: # * Directory icons #------------------------------------------------------------------------------ # README text - Control directory README files # # When your server creates any directory listing, it searches the # directory for a file named README. This README file usually contains a # brief description of the contents of the directory. Use the README text # form to specify how your server works with README files. The README # text form is located in the Directories and Welcome Page subheading of # the Configurations section of the Configuration and Administration # forms. # # DirReadme - Control directory README files # # Use this directive to specify if and where you want your server to # display directory listing README files. # # The default value is Off, which means that when the server returns a # directory listing, it does not search the directory for a file named # README. If README is found, the server puts the contents of the file at # the top of the directory listing. # # If you change the value to Bottom, the server searches for a README # file, but puts the contents at the bottom of the directory listing. # # If you change the value to On, the server searches the directory for a # README file. For case-sensitive file systems such as /QOpenSys, the # README name is upper-case. # # Example # DirReadme Bottom # DirReadme off # # Program default setting # DirReadme Top # # This directive is used by the following form: # * README text #------------------------------------------------------------------------------ # User directories - allow users to store and publish their own Web documents # # User directories are subdirectories where individual Internet users # store and publish their own Web documents. Use the User directories # form to specify how your server works with user directories. The User # directories form is located in the Directories and Welcome Page # subheading of the Configurations section of the Configuration and # Administration forms. # # UserDir - Specify the name of the accessible subdirectory of a user # directory that enables users to have private Web documents # # Use this directive to allow individual users of your server to have # their own private Web documents. The value on the directive specifies # the name of a subdirectory within each user's home directory. When the # server receives a URL request that contains /~Username/, the server # looks for the requested object in the UserDir subdirectory of the # user's home directory. # # The directory for a user is configured on the HOMEDIR parameter of the # Create User Profile (CRTUSRPRF) CL command. # # For example, suppose that you specify the value WWW on this directive. # The server could receive a request of http://yourserver/~fonbuk/, and # the user fonbuk could have a HOMEDIR value of /USERDIR/FONBUK. The # server will then look in the /USERDIR/FONBUK/WWW/ directory and returns # the appropriate welcome page. # # Another example uses the QSYS.LIB file system support for user # directories. Suppose that you specify the value WWW.FILE on this # directive. The user profile dirtykid has a HOMEDIR value of # /QSYS.LIB/DIRTYKID.LIB. If the server receives the request # http://yourserver/~dirtykid, then it will look in # /QSYS.LIB/DIRTYKID.LIB/WWW.FILE/ and return the appropriate welcome # page member. # # Before allowing local users to have their own private documents on the # Web, you may want to consider issues of security and corporate image. # For example, a user might accidentally (or purposefully) display # confidential information on their home page. Another user might link to # other external Web sites that your audience could misinterpret as being # part of your Web site. # # Example # UserDir WWW # # This directive is used by the following form: # * User directories #------------------------------------------------------------------------------ # Error message customization - Customize the error messages that the server # returns to clients # # Use this directive to customize the messages that your server sends to # the requesting client when it encounters an error condition. For # example, you can change a message to include more information about the # cause of the problem and suggest possible solutions to fix it. For # internal networks, you might provide a contact person for your users to # call. # # Each error condition is identified by a key word. To decide which error # messages you want to customize, first review the list of error # conditions, their causes, and the default message that the server # sends. Then, for each error message you want to change: # * Create an individual HTML file with the desired text. # * Add an ErrorPage directive to your configuration file that # associates the error condition key word with the HTML file you want # to serve. # # Note: The server does not parse your error files for imbeds, regardless # of the file extensions or use of the imbeds directive. # # ErrorPage - Specify a customized message for a particular error condition # # Use this directive to specify the name of a file that you want to send # when the server encounters a particular error condition. # # You can place this directive anywhere in the configuration file. When # the error occurs, the file will be processed according to the mapping # rules defined in your configuration file. Therefore, the file you want # to send must be in a location that can be reached through the mapping # rules as defined by the Fail, Map, NameTrans, Pass, Redirect, Service # directives. At a minimum, you need a Pass directive that would allow # the server to pass the error message file. # # The format of this directive is: # ErrorPage keyword /path/filename.html # # keyword # One of the key words associated with an error condition. See # Error Conditions, Causes, and Default Messages for a list # of keywords. # # /path/filename.html # This is the path and file name of your error file, as viewed by # a client on the Web. The file must be an HTML file. You can # specify a URL that is directed to your server or a different # server. # # Examples # ErrorPage badrequest /errors/html/badrequest.html # # ErrorPage scriptstart http://goodserver/errors/html/scriptstart.html # # In the first example, when a badrequest condition is encountered, the # server sends the badrequest.html file to the client. # # In the second example, when a scriptstart condition is encountered, the # server sends the scriptstart.html file from another server to the # client. # # This file might contain the following HTML text: # <HTML><HEAD> # <TITLE>Message for SCRIPTSTART condition</TITLE> # </HEAD><BODY> # The CGI program could not be started. # <P> # <A HREF="mailto:admin@Websvr.com">Please notify the Webmaster</A> # about this problem. # </BODY></HTML> # # If the server's configuration file contains PASS /* /wwwhome/*, then # the full path for this message file would be # /wwwhome/errors/html/scriptstart.html. # # Program default setting # # If you do not specify an ErrorPage directive for an error condition, # the server's default error message for that condition will be sent. # # Error Conditions, Causes, and Default Messages # # The following list shows the HTTP status code and key word for each # error condition, followed by the probable cause, and the default # message the server sends. # # For a complete list of HTTP status codes, see HTTP status codes. # # Code and Key Word # Cause and Default Message # # 302 okredirect # Cause: The requested file is on another recognized server. The # name of the server is sent back to the requesting client along # with a message. The client can connect to the correct server or # display the message that is sent. # # Default message: Found. # # 400 badrequest # Cause: Either there is a network problem, such as a time-out, or # the request was indecipherable. # # Default message: Invalid request - completely unable to parse # it. # # 400 badscript # Cause: The server could determine that the requested file was a # CGI script but it could not process it; the request was invalid # in some way. # # Default message: The script execution request is not valid. # # 400 connectfail # Cause: On a tunneled request, the server could not connect to # the requested partner on the requested port. # # Default message: Host not found or not responding. # # 400 nopartner # Cause: On a tunneled request, the server could not connect to # the requested host name due to bad syntax or an unknown host. # # Default message: Host not found or not responding. # # 400 proxyfail # Cause: The client is trying to use the server as a proxy, and # although this is allowed, it did not work. Possibly the # destination server doesn't exist or is busy. # # Default message: Proxy load failed. # # 400 unknownmethod # Cause: The request did not include a recognized method, such as # GET or POST. # # Default message: The request is not valid or not recognized. # # 401 notauthorized # Cause: The request requires a user ID and password. Either the # user ID and password sent by the client are not valid for this # request or the client did not send a user ID and password. # # Default message: Not Authorized. Authentication failed. # # 401 notmember # Cause: The requested file has a protection rule listing valid # user IDs and passwords and the user ID of the requesting client # is not included in that list. # # Default message: Not authorized to access the document. # # 401 pwchanged # Cause: The user ID has been changed to use the new password you # entered. Enter the new password again to correct your browser's # password cache. # # Default message: Password changed. Enter newpw to continue. # # 401 pwexpired # Cause: The password for the MVS user ID has expired. # # Default message: Access denied - password expired. Enter # oldpw/newpw/newpw to change your password. # # 403 badredirect # Cause: The server is trying to redirect the request and the # Redirect directive is invalid (possibly missing a destination) # or contains a loop. # # Default message: The redirection in the configuration file is # not valid. # # 403 baduser # Cause: The client requested a user's home directory that does # not exist. # # Default message: The user directory is not valid. # # 403 byrule # Cause: Either the file requested is specifically blocked by a # Fail directive or it does not match any of the files that are # allowed to be accessed according to other request mapping # directives. # # Default message: Forbidden by rule. # # 403 dirbrowse # Cause: The client specified a directory (rather than a file # name) in the URL that does not have a welcome page and the # administrator has turned off directory browsing (either for this # directory or for the entire server). # # Default message: Directory browsing failed - access forbidden. # # 403 dotdot # Cause: The client request contains an instruction (/../) to # navigate above the document directory root and this is not # allowed. # # Default message: Forbidden - URL containing .. forbidden (don't # try to break in). # # 403 ipmask # Cause: The file requested has a protection rule that includes a # list of valid IP addresses and the client's address is not # included in the list. # # Default message: Server will not serve to your IP address. # # 403 ipmaskproxy # Cause: The client is trying to use the server as a proxy and the # client is not included in the list of host names or IP addresses # that are allowed to do so. # # Default message: Proxy server will not serve to your IP address # (at least with this HTTP method). # # 403 methoddisabled # Cause: The client requested a method (such as GET or POST) that # is specifically not allowed by the Disable directive. # # Default message: Method method is disabled on this server. # # 403 noacl # Cause: The directory has a protection rule but does not have an # Access Control List (ACL) defined and the protection setup does # not have a GetMask subdirective. The administrator needs to # remove the protection rule or add an ACL. # # Default message: Access to this file is not allowed 'no ACL # file'. # # 403 noentry # Cause: The directory is protected by an Access Control List # (ACL) and the user is not included in the ACL. # # Default message: Access to this file is not allowed (no ACL # entry). # # 403 notallowed # Cause: The server found the requested file but the protection # setup of the server prevented access. This is commonly generated # for URLs that point to CGI programs. # # Default message: The PUT and DELETE methods must be specified in # the protection setup of the server. # # 403 openfailed # Cause: After passing the protection rules, the server determined # that the client should have read access to the file but the # operating system will not allow the server to access it. # Possibly the user ID running the server does not have read # permission to the file it is trying to serve or the file system # may be encountering problems. # # Default message: Can't browse selected file. # # 403 setuperror # Cause: The directory has an Access Control List (ACL) defined # but does not have a protection rule. The administrator needs to # add a protection rule or remove the ACL. # # Default message: Server protection setup error occurred. # Probably, the protection setup file was not found or it # contained a syntax error. # # 404 multifail # Cause: The requested file could not be found on the server. The # server tried to match the file name exactly as specified and # with every known file extension appended. # # Default message: The file was not found, even after searching on # any extensions to the file name. # # 407 proxynotauth # Cause: The proxy request requires a user ID and password. Either # the user ID and password sent by the client are not valid for # this request or the client did not send a user ID and password. # Note that some Web browsers do not support the # PROXY-AUTHENTICATE function. # # Default message: Not authorized. Proxy-Authentication failed (or # your browser does not support it). # # 407 proxynotmember # Cause: The proxy request has a protection rule listing valid # user IDs and the user ID of the requesting client is not # included in that list. # # Default message: Not authorized for proxy access to the # document. # # 407 proxypwchanged # Cause: The user ID has been changed to use the new password you # entered. Enter the new password again to correct your browser's # password cache. # # Default message: Password changed. Enter newpw to continue. # # 407 proxypwexpired # Cause: The proxy password for the MVS user ID has expired. The # password for the MVS proxy user ID has expired. # # Default message: Access denied - password expired. Enter # oldpw/newpw/newpw to change your password. # # 412 preconfail # Cause: A precondition specified by the client on this request # was not met. For example, this could result from HTTP/1.1 # request that contains a condition "if-not-modified-since xxx". # # Default message: Precondition failed: could not match entity # tags. # # 416 badrange # Cause: A PUT request either has an invalid content range header # or it has incorrect information in the content range header for # the file being processed. An example of an incorrect content # range would be when the starting byte range of the associated # content exceeds the existing file size. # # Note: An HTTP response code of 501 is returned if the content header # cannot be parsed. # # Default message: Invalid request - content range is incorrect. # # 500 setupsurrogate # Cause: A surrogate user ID is defined in the configuration file, # but the server does not have permission to use this user ID as a # surrogate. # # Default message: Access denied - surrogate user setup error. # # 500 scriptio # Cause: The client requested a CGI script; the server can find it # and start it but cannot get it to process input or output. The # script may contain invalid code. # # Default message: Cannot read script output pipe. # # 500 scriptnotfound # Cause: The client requested a CGI script that cannot be found. # # Default message: The script request is not valid; none of # <program> and <program>.pp is executable. # # 500 scriptstart # Cause: The client requested a CGI script; the server can find it # but cannot start it. The script may contain invalid code. # # Default message: Starting the CGI program failed. Could not # communicate with the CGI program. # # 500 systemerror # Cause: An internal MVS error occurred using SAF services. See # trace table error information. # # Default message: Access denied - system error using SAF. # # 501 noformat # Cause: The server has encountered an internal error and cannot # interpret the format of the file it is trying to serve. The file # may be corrupted or have an unknown or invalid file extension. # # Default message: Sorry, can't convert from mime-type-1 to # mime-type-2. #------------------------------------------------------------------------------ # Java Servlets - Work with Java servlets on your server # # You can use the Java servlets form to enable Java servlets on your # server. The Java servlets form in located in the Configurations section # of the Configuration and Administration forms. You must install the # Java virtual machine to use Java servlets with IBM HTTP server. # # Java servlets are Java programs that use additional packages in the # JavaSoft Java servlet Application Programming Interface (API). Servlets # run on IBM HTTP server and extend the capabilities of the server in the # same way that Java applets run on a browser. Servlets extend the # capabilities of the server by creating a framework for providing # services for requests and responses over the Web. # # When a client sends a request to the server, the server can send the # information to a servlet. The servlet then constructs the response, # which the server sends back to the client. # # For the latest information about how your server works with Java # Servlets, see http://www.ibm.com/software/webservers/. # # For more information on how to write and use Java servlets, see the IBM # HTTP Server Web Programming Guide, GC41-5435. #------------------------------------------------------------------------------ # Languages and Encoding - Bind files with particular extensions # # The resources mapping directives in this section associate meta # information from file headers with file extensions. Meta information # consists of MIME type, encoding quality, language, and browser (agent) # type. This process is referred to as multi-format processing. # # Multi-format processing consists of two parts: # * Request headers from the browser # The browser sends accept-headers that contain acceptable values # (such as content-type, content-encoding, language, charset) that # you can associate to file suffixes with the configuration # directives. The browser also sends a user-agent header that # identifies its browser type that you can associate with file # suffixes in the same manner. # * The request URL # The server finds all files with any extension that matches the # directory and file name and uses multi-format processing to choose # the best file to return. # # MultiFormatProcessing - Specify multi-format processing # # When a file name requested by a URL is not found, the multi-format # processing function reads every entry in the directory to identify the # highest quality file name to satisfy the request. If the directory is # very large, the multi-format processing will take significant # processing time to find a qualifying file. The MultiFormatProcessing # and DirExcludeMulti directives provide you options for controlling the # multi-format processing. You must use the WRKHTTPCFG command to add the # MultiFormatProcessing and DirExcludeMulti directives to the # configuration file. # # Use this directive to specify the type of file names you want your HTTP # server to perform multi-format processing for. # # Format # MultiFormatProcessing value # # value # Specify the value, as described below: # # all # The HTTP server performs multi-format processing for all # file names. # # multi # The HTTP server performs multi-format processing for URLs # that request a file name with no extension or .multi file # extension. # # none # The HTTP server performs no multi-format processing. # # Program default setting # MultiFormatProcessing all # # DirExcludeMulti - Specify the path and directory to exclude from # multi-format processing # # Use this directive to specify path names you want the HTTP server to # exclude from multi-format processing. You can only specify the # DirExcludeMulti directive once in the configuration file. The last # DirExcludeMulti directive in the configuration is used if you specifed # more than one. # # You must specify the physical directory path for full or partial # wildcard (*) paths. Normally the URL path is mapped using the Map # directive to a physical directory path. If you use the Map directive, # the full or partial path name you specify for the DirExcludeMulti # directive must match the full or partial path you specify for the Map # directive. # # This directive is ignored if you specify a value of none on the # MultiFormatProcessing directive. # # Example # DirExcludeMulti /aaa/bbb/ccc # # In this example multi-format processing is not performed for an URL # request for /aaa/bbb/ccc/any_filename. # # Example # DirExcludeMulti /aaa/bbb* # # In this example multi-format processing is not performed for an URL # request for /aaa/bbb/ccc/any_filename or /aaa/bbbxxx/ccc/any_filename. # # Example # DirExcludeMulti /aaa/bbb/* # # In this example multi-format processing is not performed for an URL # request for /aaa/bbb/any_filename or /aaa/bbb/ccc/any_filename. #------------------------------------------------------------------------------ # AddClient - Specify file suffixes to use when responding to specific # browsers # # Use this directive to bind files with particular extensions to the type # and version of client that is sending the request. This is often # referred to as automatic browser detection. # # All HTTP requests contain a User-Agent header that identifies the # browser sending the request. IBM HTTP server enables you to detect # which browser was used to send a request. Based on this information, # your server can respond with a specific version of a Web page, a # document, or other file that is especially appropriate for that client # browser. # # For example, your server can send a page written in HTML 3.0 only to # the specific browsers that are known to support it. Your server can # then send a version of the same page written in HTML 2.0 for all other # browsers. # # Automatic browser detection is only effective for multi-format # processing. This occurs when a requesting URL specifies a file without # an extension and no file with that name exists, or it specifies a file # with the extension .multi. For example, a link from this HTML anchor # tag initiates multi-format processing: # <A HREF="http://www.raleigh.ibm.com/cjjd/tscores.multi> # # As a result, the server will evaluate the values passed in the request # headers (such as User-Agent), along with the extensions of all the # tscores files and the associations specified in the directives. Based # on this, your server will try to find the file that is the 'best match' # to send as a response. # # You can have multiple occurrences of this directive in your # configuration file. The sequence of AddClient directives is important # because your server processes these directives in the order in which # they occur in the configuration file. The first AddClient directive # that matches a client's User-Agent value is the one that will be used # to determine the file extension. # # For more information about this directive, see the online help for the # Automatic browser detection form. This form is located in the Languages # and Encoding subheading in the Configurations section of the # Configuration and Administration forms. # # The format of the directive is: # AddClient .extension user-agent # # .extension # # The file extension of the file that you want to send to a particular # browser. You cannot use any wildcard characters (such as *) in this # pattern. This extension can be one of a string of suffixes used to # qualify a file. For example, the extension .Mozilla can apply to a file # named TxtSample.UK.Mozilla.html as well as TxtSample.html.Mozilla.eng. # # user-agent # # The value to match in the User-Agent header of the incoming request. # This field is case-sensitive. You can use the asterisk (*) as a # wildcard character in this field. For example, IBM* applies to all # versions of IBM's Web browser client, IBM WebExplorer. # # Examples # AddClient .Mozilla Mozilla/2.* # AddClient .OldMozilla Mozilla/1.* # AddClient .Webex IBM* # # Program default setting # # If a client's User-Agent is not matched in an AddClient directive, then # the server looks for a generic file extension (.htm or .html) to send. # If the server cannot find a generic file extension, then it uses an # algorithm to find the 'best match' for the client browser. This # calculation takes into account the quality of all the extensions for # that file and sends the file whose extension yields the highest # quality, considering it to be the 'best match.' # # This directive is used by the following form: # * Automatic browser detection # # Using automatic browser detection to serve specific welcome pages to # specific clients # # Using automatic browser detection for sending various welcome pages # requires additional considerations. Follow the procedure listed below # to enable browser detection and multi-format processing for your # welcome pages. # # In the example listed below, the server sends different versions of the # file index.html (in a fictitious directory Webhome). This procedure # also functions for Welcome.html, welcome.html, or Frntpage.html files. # 1. Add a Welcome directive to your configuration file that specifies # the file name with the .multi extension. # Welcome index.multi # # 2. Include AddClient directives in the configuration file that specify # which file extensions to send to a particular browser. Remember # that the AddClient directives are order-dependent. The server will # process them in the order in which they appear in the configuration # file. # AddClient .Mozilla Mozilla/2.* # AddClient .OldMozilla Mozilla/1.* # AddClient .Webex IBM* # # 3. Create specific versions of the index file for each of these file # extensions: # + index.Mozilla.html # + index.OldMozilla.html # + index.WebEx.html # 4. Create a test file index.multi in the Webhome directory. # 5. Specify only the directory name in the URL when linking to this # page: # http://www.buh-nah.com/Webhome/ # # When clients access this URL, your server will determine which Web # browser they are using and serve the appropriate document for that # browser. #------------------------------------------------------------------------------ # AddEncoding - Specify the MIME content encoding of files with particular # extensions # # Use this directive to create or modify a list of file extensions that # you want to bind to Multipurpose Internet Mail Extension (MIME) # encodings. # # The MIME extension to the Internet mail standard defines the methods # used to encode files. You can use a list of file extensions to # associate MIME encodings. The server considers any file with an # extension that matches an entry in this list to be encoded in the # associated MIME encoding method. # # For more information about this directive, see the online help for the # Mime encodings form. This form is located in the Languages and Encoding # subheading in the Configurations section of the Configuration and # Administration forms. # # The format of the directive is: # AddEncoding .extensions encoding # # .extensions # The file extensions pattern. # # encoding # The MIME-encoding type you want to bind to files that match the # corresponding extensions pattern. # # Example # AddEncoding .qp quoted_printable # # This directive is used by the following form: # * MIME encodings #------------------------------------------------------------------------------ # AddLanguage - Specify the language of files with particular extensions # # Use this form to create or modify a list of file extensions that you # want to bind to languages. # # If you intend to use files in multiple languages, then you can use a # list of file extensions to associate your files with specific # languages. The server considers any file with an extension that matches # an entry in the list to be in the associated language. # # A language identifies a natural language that human beings speak, # write, or otherwise convey for the purpose of communication. The syntax # and registry of HTTP languages is the same as that defined by Request # For Comments (RFC) 1766. It is composed of a primary language tag and # zero or more subtags. The name space of language tags is administered # by the Internet Assigned Number Authority (IANA). # # Example tags include the following: # * en # * en-US # * i-cherokee # # In these examples, a two-letter primary tag is an ISO 639 language # abbreviation. A two-letter initial subtag is an ISO 3166 country code. # # For more information about this directive, see the online help for the # Languages form. This form is located in the Languages and Encoding # subheading in the Configurations section of the Configuration and # Administration forms. # # The format of the directive is the following: # AddLanguage .extension language # # .extension # The file extension pattern. # # language # The language you want to bind to files that match the # corresponding extension pattern. # # Example # AddLanguage .en en_US # # This example defines files with a .en extension as being in American # English. # AddLanguage .uk en_UK # # This example defines files with a .uk extension as being in United # Kingdom English. # # This directive is used by the following form: # * Languages #------------------------------------------------------------------------------ # AddType - Specify the data type of files with particular extensions # # Use this directive to create or modify a list of file extensions that # you want to bind to Multipurpose Internet Mail Extension (MIME) content # types or subtypes. # # The server packages file contents using methods defined by the MIME # extension to the Internet mail standard. You can use a list to # associate file extensions with MIME types and subtypes. The server # considers any file with an extension that matches an entry in the list # to be packaged with the associates MIME type or subtype. # # For more information about this directive, see the online help for the # MIME types form. This form is located in the Languages and Encoding # subheading in the Configurations section of the Configuration and # Administration forms. # # The format of the directive is the following: # AddType .extension # type/subtype encoding [quality] # # .extension # The file extension pattern. You can use the wildcard character # (*) only on the following two special extension patterns: # # *.* # Matches all file names that contain a dot character (.) # and have not been matched by other rules # # * # Matches all file names that do not contain a dot character # (.) and have not been matched by other rules # # type/subtype # The MIME type and subtype you want to bind to files that match # the corresponding extension pattern. # # encoding # The MIME content encoding to which the data has been converted. # # 7bit # Data is all represented as short (less than 1000 # characters) lines of US-ASCII data. Source code or plain # text files usually fall into this category. Exceptions # would be files containing line-drawing characters or # accented characters. # # 8bit # Data is represented as short lines, but may contain # characters with the high bit set (for example, # line-drawing characters or accented characters). # PostScript files and text files from European sites # usually fall into this category. # # binary # This encoding can be used for all data types. Data may # contain not only non-ASCII characters, but also long # (greater than 1000 characters) lines. Almost every file of # type image/*, audio/*, and video/* falls into this # category, as do binary data files of type application/*. # # Encoding values of 7bit and 8bit will not be sent in MIME # headers. # # quality # An optional indicator of relative value (on a scale of 0.0 to # 1.0) for the content type. The quality value is used if multiple # representations of a file are matched by a request. The server # selects the file that is associated with the highest quality # value. For example, if the file internet.ps is requested, and # the server has the following AddType directives: # # AddType .ps application/postscript 8bit 1.0 # AddType *.* application/binary binary 0.3 # # the server would use the application/postscript line because its # quality number is higher. # # Example # AddType .bin application/octet-stream binary 0.8 # # This directive is used by the following form: # * MIME types # # Cross-reference between file extensions and file formats # # This table shows the associations between the extensions of files and # their corresponding file formats: # AddType .mime www/mime binary 1.0 # Internal -- MIME is # # not recursive # AddType .bin application/octet-stream binary 1.0 # Uninterpreted binary # AddType .class application/octet-stream binary 1.0 # Java classes # AddType .oda application/oda binary 1.0 # AddType .pdf application/pdf binary 1.0 # AddType .ai application/postscript 8bit 0.5 # Adobe Illustrator # AddType .PS application/postscript 8bit 0.8 # PostScript # AddType .eps application/postscript 8bit 0.8 # AddType .ps application/postscript 8bit 0.8 # AddType .rtf application/x-rtf 7bit 1.0 # RTF # AddType .csh application/x-csh 7bit 0.5 # C-shell script # AddType .dvi application/x-dvi binary 1.0 # TeX DVI # AddType .hdf application/x-hdf binary 1.0 # NCSA HDF data file # AddType .latex application/x-latex 8bit 1.0 # LaTeX source # AddType .nc application/x-netcdf binary 1.0 # Unidata netCDF data # AddType .cdf application/x-netcdf binary 1.0 # AddType .sh application/x-sh 7bit 0.5 # Shell-script # AddType .tcl application/x-tcl 7bit 0.5 # TCL-script # AddType .tex application/x-tex 8bit 1.0 # TeX source # AddType .texi application/x-texinfo 7bit 1.0 # Texinfo # AddType .texinfo application/x-texinfo 7bit 1.0 # AddType .t application/x-troff 7bit 0.5 # Troff # AddType .roff application/x-troff 7bit 0.5 # AddType .tr application/x-troff 7bit 0.5 # AddType .man application/x-troff-man 7bit 0.5 # Troff with man macros # AddType .me application/x-troff-me 7bit 0.5 # Troff with me macros # AddType .ms application/x-troff-ms 7bit 0.5 # Troff with ms macros # AddType .src application/x-wais-source 7bit 1.0 # WAIS source # AddType .bcpio application/x-bcpio binary 1.0 # Old binary CPIO # AddType .cpio application/x-cpio binary 1.0 # POSIX CPIO # AddType .gtar application/x-gtar binary 1.0 # Gnu tar # AddType .shar application/x-shar 8bit 1.0 # Shell archive # AddType .sv4cpio application/x-sv4cpio binary 1.0 # SVR4 CPIO # AddType .sv4crc application/x-sv4crc binary 1.0 # SVR4 CPIO with CRC # # # # # The following are neutral CAE formats: # # # AddType .igs application/iges binary 1.0 # IGES Graphics format # AddType .iges application/iges binary 1.0 # IGES Graphics format # AddType .IGS application/iges binary 1.0 # IGES Graphics format # AddType .IGES application/iges binary 1.0 # IGES Graphics format # AddType .stp application/STEP 8bit 1.0 # ISO-10303 STEP - # AddType .STP application/STEP 8bit 1.0 # Product data files # AddType .step application/STEP 8bit 1.0 # AddType .STEP application/STEP 8bit 1.0 # AddType .dxf application/dxf binary 1.0 # DXF (AUTODESK) # AddType .DXF application/dxf binary 1.0 # AddType .vda application/vda binary 1.0 # VDA-FS Surface data # AddType .VDA application/vda binary 1.0 # AddType .set application/set 8bit 1.0 # SET (French CAD std) # AddType .SET application/set 8bit 1.0 # AddType .stl application/SLA 8bit 1.0 # Stereolithography # AddType .STL application/SLA 8bit 1.0 # # # # ## The following are vendor-specific CAD-formats commonly # ## used at CERN and in HEP institutes: # # # AddType .dwg application/acad binary 1.0 # Autocad drawing files # AddType .DWG application/acad binary 1.0 # AddType .SOL application/solids binary 1.0 # MATRA Prelude solids # AddType .DRW application/drafting binary 1.0 # Prelude Drafting # AddType .prt application/pro_eng binary 1.0 # PTC Pro/ENGINEER part # AddType .PRT application/pro_eng binary 1.0 # AddType .unv application/i-deas binary 1.0 # SDRC I-DEAS files # AddType .UNV application/i-deas binary 1.0 # AddType .CCAD application/clariscad binary 1.0 # ClarisCAD files # AddType .snd audio/basic binary 1.0 # Audio # AddType .au audio/basic binary 1.0 # Audio # AddType .aiff audio/x-aiff binary 1.0 # AddType .aifc audio/x-aiff binary 1.0 # AddType .aif audio/x-aiff binary 1.0 # AddType .wav audio/x-wav binary 1.0 # Windows+ WAVE format # AddType .gif image/gif binary 1.0 # GIF # AddType .ief image/ief binary 1.0 # Image Exchange fmt # AddType .jpg image/jpeg binary 1.0 # JPEG # AddType .JPG image/jpeg binary 1.0 # AddType .JPE image/jpeg binary 1.0 # AddType .jpe image/jpeg binary 1.0 # AddType .JPEG image/jpeg binary 1.0 # AddType .jpeg image/jpeg binary 1.0 # AddType .tif image/tiff binary 1.0 # TIFF # AddType .tiff image/tiff binary 1.0 # AddType .ras image/cmu-raster binary 1.0 # AddType .pnm image/x-portable-anymap binary 1.0 # PBM Anymap format # AddType .pbm image/x-portable-bitmap binary 1.0 # PBM Bitmap format # AddType .pgm image/x-portable-graymap binary 1.0 # PBM Graymap format # AddType .ppm image/x-portable-pixmap binary 1.0 # PBM Pixmap format # AddType .rgb image/x-rgb binary 1.0 # AddType .xbm image/x-xbitmap 7bit 1.0 # X bitmap # AddType .xpm image/x-xpixmap binary 1.0 # X pixmap format # AddType .xwd image/x-xwindowdump binary 1.0 # X window dump (xwd) # AddType .html text/html 8bit 1.0 # HTML # AddType .htm text/html 8bit 1.0 # HTML on PCs # AddType .htmls text/html 8bit 1.0 # Server-side includes # AddType .c text/plain 7bit 0.5 # C source # AddType .h text/plain 7bit 0.5 # C headers # AddType .C text/plain 7bit 0.5 # C++ source # AddType .cc text/plain 7bit 0.5 # C++ source # AddType .cxx text/plain 7bit 0.5 # C++ # AddType .com text/plain 7bit 0.5 # Scripts # AddType .conf text/plain 7bit 0.5 # Definition files # AddType .def text/plain 7bit 0.5 # Definition files # AddType .hh text/plain 7bit 0.5 # C++ headers # AddType .m text/plain 7bit 0.5 # Objective-C source # AddType .f90 text/plain 7bit 0.5 # Fortran 90 source # AddType .for text/plain 7bit 0.5 # Fortran # AddType .txt text/plain 7bit 0.5 # Plain text # AddType .rtx text/richtext 7bit 1.0 # MIME Richtext format # AddType .tsv text/tab-separated-values 7bit 1.0 # Tab-separated values # AddType .etx text/x-setext 7bit 0.9 # Struct Enhanced Txt # AddType .list text/plain 7bit 0.5 # List files # AddType .lst text/plain 7bit 0.5 # List files # AddType .log text/plain 7bit 0.5 # Log files # AddType .mar text/plain 7bit 0.5 # MACRO # AddType .MPG video/mpeg binary 1.0 # MPEG # AddType .sdml text/plain 7bit 0.5 # SDML # AddType .mpg video/mpeg binary 1.0 # AddType .MPE video/mpeg binary 1.0 # AddType .mpe video/mpeg binary 1.0 # AddType .MPEG video/mpeg binary 1.0 # AddType .mpeg video/mpeg binary 1.0 # AddType .qt video/quicktime binary 1.0 # QuickTime # AddType .mov video/quicktime binary 1.0 # AddType .avi video/x-msvideo binary 1.0 # MS Video for Windows # AddType .movie video/x-sgi-movie binary 1.0 # SGI movieplayer # AddType .gz x-gzip 1.0 # AddType .Z x-compress 1.0 # Compressed data # AddType .zip multipart/x-zip binary 1.0 # PKZIP # AddType .tar multipart/x-tar binary 1.0 # 4.3BSD tar # AddType .ustar multipart/x-ustar binary 1.0 # POSIX tar # AddType *.* www/unknown binary 0.2 # Try to guess # AddType * www/unknown binary 0.2 # Try to guess # AddType . text/plain 7bit 0.5 # Files no extension #------------------------------------------------------------------------------ # SuffixCaseSense - Specify whether extension definitions are case # sensitive # # Use this directive to specify whether you want your server to # distinguish between uppercase and lowercase letters when comparing file # extensions to the extension patterns on AddType, AddEncoding, and # AddLanguage directives. # # By default, the server does not distinguish between uppercase and # lowercase. The case-sensitivity you select on this form determines how # your server handles case when matching requests against these # configurations. # # For more information about this directive, see the online help for the # File extension definitions form. This form is located in the Languages # and Encoding subheading in the Configurations section of the # Configuration and Administration forms. # # Example # SuffixCaseSense Off # # Program default setting # SuffixCaseSense On # # This directive is used by the following form: # * File extension definitions #------------------------------------------------------------------------------ # LDAP servers # # Lightweight Directory Access Protocol (LDAP) is a directory service # protocol that runs over TCP/IP or SSL. The LDAP directory service # follows a client/server model where one or more LDAP servers contain # the directory data. An LDAP client, for example IBM HTTP server, # connects to the LDAP server and makes a request. The LDAP Server # performs the directory search and responds with the result. The LDAP # server may be located on your AS/400 (AS/400 Directory Services) or on # other systems. The HTTP server can use LDAP servers for server # configuration or user authentication information. # # For more information about LDAP servers and AS/400 Directory Services, # see AS/400 Directory Services (LDAP) in the AS/400 Information Center. # # LDAPInfo - Define an external LDAP server # # Use the LDAPInfo directive to provide the server with information # regarding the LDAP servers in which to store HTTP server configuration # and authentication information. This directive must occur before any # LDAPInclude directives or protection setups which refer to this named # setup. # # Format # LDAPInfo label-name { # subdirective # subdirective # . # . # . # } # # Label-name # The name you want to associate with this LDAP server setup. The # name can then be used by subsequent LDAPInclude and Protection # directives. # # subdirective # If you want to include subdirectives as part of the LDAPInfo # directive, use this parameter. The left brace character must be # the last character on the same line as the LDAPInfo directive. # Each subdirective follows on its own line. The right brace # character must be on its own line that follows the last # subdirective line. You cannot put any comment lines between the # braces. # # Example # LDAPInfo PrimaryLdapServer { # Host ldap.ibm.com # Transport TCP # ClientAuthType Basic # ServerAuthType Basic # ServerDN "cn=IBM HTTP Server, 0=IBM c=US" # ServerPasswordStashFile "StashFileName" # UserSearchBase "0=IBM c=US" # GroupSearchBase "0=IBM c=US" # } # # This directive is used by the following forms: # * Create LDAP server setup # * Change LDAP server setup # * Delete LDAP server setup #------------------------------------------------------------------------------ # LDAPInfo Subdirectives # # The following descriptions of LDAPInfo subdirectives can be used in an # LDAP server setup. There are four groups of LDAPInfo subdirectives: # general, timeout, server connection, and client connection. # # General subdirectives # # Use the following subdirectives to provide general information about # the LDAP servers. # # Host - Specify LDAP server host name # # Use this subdirective to specify the host name of the LDAP server. # # Example # Host ldap.mycompany.com # # This subdirective is used by the following forms: # * Create LDAP server setup # * Change LDAP server setup # # Transport - Specify LDAP connection protocol # # Use this subdirective to specify the protocol that is used to connect # to the LDAP server (TCP or SSL). # # Example # Transport SSL # # This subdirective is used by the following forms: # * Create LDAP server setup # * Change LDAP server setup # # Port - Specify LDAP server port number # # Specify the port number the LDAP server listens on. # # Example # Port 636 # # Program default setting # Port 389 # # This subdirective is used by the following forms: # * Create LDAP server setup # * Change LDAP server setup # # Timeout subdirectives # # When attempting to reach an external server, there is always a # possibility the connection will take a long time to complete. The # server uses the following subdirectives to provide timeout settings for # connections to the LDAP server. # # IdleConnTimeout - Specify how long to keep an idle LDAP connection open # # Use this subdirective to specify the amount of time to leave an idle # connection to an LDAP server open. # # Example # IdleConnTimeout 15 minutes # # Program default setting # IdleConnTimeout 10 minutes # # This subdirective is used by the following forms: # * Create LDAP server setup # * Change LDAP server setup # # WaitToRetryConnTime - Specify how long to wait before retrying an LDAP # connection # # Use this subdirective to specify the amount of time to wait between # unsuccessful attempts to connect to an LDAP server. # # Example # WaitToRetryConnTime 45 seconds # # Program default setting # WaitToRetryConnTime 30 seconds # # This subdirective is used by the following forms: # * Create LDAP server setup # * Change LDAP server setup # # SearchTimeout - Specify maximum LDAP search time # # Use this subdirective to specify the time limit to wait for an LDAP # server request to complete. # # Example # SearchTimeout 2 minutes # # Program default setting # SearchTimeOut 10 seconds # # This subdirective is used by the following forms: # * Create LDAP server setup # * Change LDAP server setup # # CacheTimeout - Specify LDAP expiry time # # Use this subdirective to specify how long the server will return the # cached copy as opposed to generating a new query. # # Example # CacheTimeout 5 minutes # # Program default setting # CacheTimeout 10 minutes # # This subdirective is used by the following forms: # * Create LDAP server setup # * Change LDAP server setup # # Server Connection subdirectives # # The HTTP server uses the following subdirectives for establishing LDAP # connections in order to read authentication information. # # ServAuthType - Specify LDAP server authentication type # # Use this subdirective to specify the authentication type that is used # to connect the HTTP server to an LDAP server. Values include: # * None - allows for anonymous access if supported by the LDAP server. # * Basic - requires the IBM HTTP server to provide its distinguished # name and password for authentication. The HTTP server uses its # distinguished name from the ServerAuthType directive, and the # password that are provided in the password stash file. # # Example # ServerAuthType None # # This subdirective is used by the following forms: # * Create LDAP server setup # * Change LDAP server setup # # ServerDN - Specify the distinguished name of the HTTP server # # Use this subdirective to specify the distinguished name of your HTTP # server. This name is used when accessing the LDAP server when you # specify Basic in the ServerAuthType subdirective. # # Example # ServerDN MyLdapServer # # This subdirective is used by the following forms: # * Create LDAP server setup # * Change LDAP server setup # # ServerPasswordStashFile - Specify the password stash file for the HTTP # server # # Use this subdirectibe to specify the name of the file that contains the # encrypted password to access the LDAP server. The password is used if # you specify Basic in the ServerAuthType subdirective. # # Example # ServerPasswordStashFile /usr/lpp/internet_base/server/passwordfile # # This subdirective is used by the following forms: # * Create LDAP server setup # * Change LDAP server setup # # Client Connection subdirectives # # The HTTP server uses the following subdirectives for establishing an # LDAP connection on behalf of the client. # # ClientAuthType - Specify the authentication type for the client # # Use this subdirective to specify Basic authentication for connections # that are made on behalf of a client. The client must provide a userid # and password in order to authenticate. # # Example # ClientAuthType Basic # # This subdirective is used by the following forms: # * Create LDAP server setup # * Change LDAP server setup # # UserSearchBase - Specify LDAP user search root # # Use this subdirective to specify the starting point for the LDAP server # to search for user names. # # Example # UserSearchBase "o=IBM, c=US" # # This subdirective is used by the following forms: # * Create LDAP server setup # * Change LDAP server setup # # UserNameFilter - Specify user search filter # # Use this subdirective to specify the filter that is used to convert the # user name as input by the user to a search filter for an LDAP entry. # # For example, if the user types "Pa Kel", the resulting search string # would be "(cn=Pa* Kel*)". However, if multiple matching entries are # returned, the HTTP server does not know which one to use, and fails # authentication. For example, if the entries were (cn=Paul Kelsey) and # (cn=Paula Kelly), the search string "(cn=Pa* Kel*)" will return both # entries and fail to authenticate. # # Program default setting # UserNameFilter "(objectclass=person)(cn=%v1* %v2*))" # # Where %v1 and %v2 are the words, that the user typed. # # This subdirective is used by the following forms: # * Create LDAP server setup # * Change LDAP server setup # # UserNameFieldSep - Specify delimiters for user data # # Use this subdirective to specify the set of characters that are used to # separate the user's input into fields. # # Example # UserNameFieldSep "," # # Program default setting # UserNameFieldSep " \t," # # The default value delimits data by using a space, a comma, and the tab # character. # # This subdirective is used by the following forms: # * Create LDAP server setup # * Change LDAP server setup # # GroupSearchBase - Specify LDAP group search root # # Use this subdirective to specify the starting point for the LDAP server # to search for group entries. # # Example # UserSearchBase "o=IBM, c=US" # # This subdirective is used by the following forms: # * Create LDAP server setup # * Change LDAP server setup # # GroupNameFilter - Specify LDAP group search filter # # Use this subdirective to specify the filter LDAP uses to search for # group names. # # Example # UserNameFilter "(&(objectclass=groupNames)(objectclass=group0fUniqueNames))" # # This subdirective is used by the following forms: # * Create LDAP server setup # * Change LDAP server setup # # GroupMemberAttrs - Specify attributes that are returned for groups # # Use this subdirective to specify the attributes of the group which # contain member information. You can specify more that one attribute by # separating them with a comma. The default value and the following # example show that the member information is available in both the # member and the uniqueMember attributes. # # Example # GroupMemberAttrs "member,uniqueMember" # # This subdirective is used by the following forms: # * Create LDAP server setup # * Change LDAP server setup # # LDAPInclude - Retrieve server configuration from an external LDAP server # # Use the LDAPInclude directive to provide the HTTP server with the # locations of configuration information that is stored on an LDAP # server. # # This directive must occur after the LDAPInfo directive that names it. # # Format # LDAPInclude label filter attribute # # label # The name of the LDAP server setup that is defined in the # LDAPInfo directive. The label tells the HTTP server which LDAP # server to use to locate configuration information related to the # attributes. # # filter # The filter is a query string that is passed from the HTTP server # to the LDAP server. If the LDAP server finds a match, it returns # the distinguished name of the entry. For example, (cn=Joe Smith) # searches the directory service for the common name of Joe Smith. # # attribute # The name of the attribute whose value is some arbitrary part of # the configuration file. # # Example # LDAPInclude PrimaryLdapServer "(cn=web config)" description # # This example will retrieve the value of the description attribute from # a single entry with the common name web config on the server that is # associated with PrimaryLdapServer. # # This directive is used by the following form: # * LDAP includes #------------------------------------------------------------------------------ # Logging - Customize access and error logs # # The HTTP server provides utilities for log reporting, archiving, # maintenance, and web usage mining. Over time, log files can use # considerable system storage space. You can use the HTTP server's # archiving and maintenance features to help you manage your log files. # The directives described in this section give you control of your # server's logs. The server logs incoming requests in a variety of access # log files. Server errors of various types are logged in error log # files. # # IBM HTTP server can create several types of logs: # * Access logs # * Agent logs # * Error logs # * Cache access logs, if your server is a caching proxy # * CGI error logs # * Proxy access logs, if your server is a proxy server # * Referer logs # # For more information about these logs, see Customizing your logs. # # You can additionally specify the following traits for each log: # * The path and file where you want these logs to be kept # * The maximum size for each log file # * How requests should be logged # * Which requests you do not want to log # # Note: The HTTP server's user profile QTMHHTTP must have write authority # to all log files in the integrated file system, or write authority to # log files in QSYS. For the QDLS file system, you must give the QTMHHTTP # user profile authority to each folder in which you want to store log # files. # # You most likely will want to use the common or extended log format. # This is the default format, and it is the same format that is used by # most other types of Web servers. # # Note: For a complete list of HTTP status codes that may appear in the # server log files, see HTTP status codes. # # AccessLog - Name the path for the access log file # # Use this directive to specify the place where the server logs all # requests made by the client. # # The server starts a new log file each day at midnight if it is running. # Otherwise, the server starts a new log file the first time you start it # on a given day. When creating the file, the server uses the file name # you specify and appends a date extension. # # The server does not log access requests unless you include this # directive in your configuration file. # # Access and error logs must use the same log format. In the QSYS and # QDLS file systems, the date is used as a member name. In the integrated # file system, the date is used as a file extension. The system generates # the date in the format of qcyymmdd where: # * c is the century indicator (0 for pre-2000, 1 for post-2000) # * yy is the year indicator # * mm is the month indicator # * dd is the day indicator # # The server starts a new access log file each day at midnight, local # time, if it is running. Otherwise, the server starts a new log file the # first time that you start it on a given day. It is a good idea to # remove old log files, because they can take up a significant amount of # space. # # For more information about this directive, see the online help for the # Access log file form. This form is located in the Logging subheading in # the Configurations section of the Configuration and Administration # forms. # # Format: # AccessLog log-file-name [max-size] [extendedlogformat-name] # # log-file-name # For the Integrated File System, enter the path of a valid # directory. You must create the directory in the Integrated File # System before starting the server. The server creates the file. # # For all file systems other than QDLS, enter the directory and # file name of the access log file. For example: # /http/logs/accesslog. # # The system generates a file extension in the format of qcyymmdd # where: # # + c is the century indicator (0 for pre-2000, 1 for post-2000) # + yy is the year indicator # + mm is the month indicator # + dd is the day indicator # # For the QDLS file system, enter the directory where the access # log file is located. For example: /QDLS/httplogs/acclog/. # # The system generates a file name in the format of qcyymmdd # where: # # + c is the century indicator (0 for pre-2000, 1 for post-2000) # + yy is the year indicator # + mm is the month indicator # + dd is the day indicator # # Note: There is no file extension. # # For the QSYS file system, you can specify the access log file in # two ways: # # 1. If you only specify a log file name, then the server creates # the file in the QUSRSYS library. For example: acclog. # 2. You can choose the library for the file by specifying the QSYS # object name using the Integrated File System syntax for file # names. For example: /qsys.lib/httplogs.lib/acclog.file. The # library that you specify must exist before you start the # server. The server creates the file and the member. # # max-size # The maximum size of a log file, measured in kilobytes. If you # specify 0, then the log file keeps growing until the server # closes the log file during the server's midnight log file # processing. At that time, the server opens a new log file # containing the current date. The default is 2000 kilobytes. This # directive parameter is optional. # # Note: The value can be specified in bytes (B), kilobytes (K), megabytes # (M), or gigabytes (G). The server will interpret any value entered # without a specified unit that you enter as kilobytes. # # extendedlogformat-name # Specify the name of a previously defined extended log format. # The extended log format defines the format for each access log # entry. The extended log format name you specify is used for # access logs, cache access logs, and proxy access logs. For more # information about the ExtendedLogFormat directive, see # ExtendedLogFormat - Specify an extended log file format for # access log files. # # If the extended log format is specified with the LogFormat # directive and no ExtendedLogFormat name is specified with the # AccessLog directive, the server uses the default for the # extended log format. The default for the extended log format is # the common format along with the User-agent and referer # information appended. # # Examples # QSYS: AccessLog ACCLOG 4000 Jim # # QOpenSys: AccessLog /QOpenSys/server/logs/accesslog 2500 # # "root" (/): AccessLog /http/logs/accesslog 800 # # QDLS: AccessLog /QDLS/AccessLog/ 320 # # # This directive is used by the following forms: # * Access log file # * Change instance parameters #------------------------------------------------------------------------------ # AccessLogArchive - Remove existing access, agent, or referer log files or # run a program # # Use this directive to specify values that apply to access, agent, and # referer logs. At midnight the HTTP server closes the current log and # creates a new log file for the next day. Using this directive you can # choose to do one of the following actions with the closed logs: # * Remove log files of a given age or when a given amount of storage # is used by the collection of files. # * Allow closed log files to remain in the directory. # * Run a user-exit program. # # Maintenance is performed at midnight against log files in the following # order: # 1. Access logs # 2. Agent logs # 3. Referer logs # # To remove access, agent, or referer logs of a given age, specify this # directive, in addition to the AccessLogExpire directive. To remove logs # when their collective size exceeds a certain amount of storage, specify # this directive, in addition to the AccessLogsizeLimit directive. To # allow closed logs to remain in the directory, you can accept the # default, which is AccessLogArchive none. # # Using the AccessLogArchive directive you can specify the HTTP server to # branch to a program. You can specify the path to the program and any # parameters for the program. The program is called up to three times # depending on whether the access, agent, and referer logs are enabled. # The server will append to this directive the path to the access, agent, # or referer log. # # Specify any of the following formats: # AccessLogArchive purge # AccessLogArchive none # AccessLogArchive userexit path_to_the_user-exit_program # [parameters for your user-exit program] # # purge # Remove access log files of a given age or when their collective # size exceeds a given amount of storage. # # none # Do not remove access log files. # # userexit # Specifies the path of the user-exit program you want to branch # to. You can optionally specify the parameters for your user-exit # program. # # Program default setting # AccessLogArchive none # # This directive is used by the following form: # * Access log file #------------------------------------------------------------------------------ # AccessLogExcludeMethod - Suppress log entries for files and directories # requested by a given method # # Use this directive to specify that you do not want to log access # requests made for files or directories by using a specific method. For # example, you might not want to log POST requests for files and # directories. # # If you do not specify this directive, the server automatically includes # the files and directories that are requested by all types of methods in # the access log. # # This directive excludes entries from the following logs: # * Access log # * Agent log # * Cache access log # * Proxy access log # * Referer log # # You can have multiple occurrences of this directive in your # configuration file. You can also specify multiple methods on the same # directive if you separate them by one or more spaces. # # For more information about this directive, see the online help for the # Access log file form. This form is located in the Logging subheading in # the Configurations section of the Configuration and Administration # forms. # # Example # AccessLogExcludeMethod GET # AccessLogExcludeMethod POST # # This directive is used by the following form: # * Access log file # # AccessLogExcludeMIMEType - Suppress log entries for specific MIME types # # Use this directive to specify that you do not want to log access # requests made for directories or files of a given MIME type. Examples # of MIME types are text/html, image/gif, and image/jpeg. For example, # you might not want to log access requests for GIF images. # # If you do not specify this directive, the HTTP server automatically # includes the files and directories that are requested by all MIME types # in the access log. # # This directive excludes entries from the following logs: # * Access log # * Agent log # * Cache access log # * Proxy access log # * Referer log # # You can have multiple occurrences of this directive in your # configuration file. You can also specify multiple MIME types on the # same directive if you separate them by one or more spaces. # # For more information about this directive, see the online help for the # Access log file form. This form is located in the Logging subheading in # the Configurations section of the Configuration and Administration # forms. # # Example # AccessLogExcludeMIMEType image/gif # # This directive is used by the following form: # * Access log file #------------------------------------------------------------------------------ # AccessLogExcludeReturnCode - Suppress log entries for specific return # codes # # Use this directive to specify that you do not want to log access # requests that fall within a given range of error code numbers. These # error code numbers are httpd status codes. # # If you do not specify this directive, the access log automatically # includes all requests to the server, regardless of the error code. # # This directive excludes entries from the following logs: # * Access log # * Agent log # * Cache access log # * Proxy access log # * Referer log # # You cannot specify individual codes on this directive. Rather, # specifying 300 indicates that you want to exclude access requests with # redirection return codes (301, 302, 303, and 304). To exclude these # requests, you would specify the following: # AccessLogExcludeReturnCode 300 # # You can have multiple occurrences of this directive in your # configuration file. You can also specify multiple return codes on the # same directive if you separate them by one or more spaces. # # For more information about this directive, see the online help for the # Access log file form. This form is located in the Logging subheading in # the Configurations section of the Configuration and Administration # forms. # # Format # AccessLogArchive return_code # # return_code # Specify one or more return codes (200, 300, 400, or 500). # # Example # AccessLogExcludeReturnCode 300 400 # # This directive is used by the following form: # * Access log file #------------------------------------------------------------------------------ # AccessLogExcludeURL - Suppress log entries for specific files and # directories # # Use this directive to specify that you do not want to log access # requests made for specific files or directories that match a given URL # template. For example, you might not want to log access requests for # GIF files or you might not want to log access requests to a particular # file or directory on your server. # # If you do not specify this directive, the server automatically includes # the files and directories that are requested by all types of methods in # the access log. # # This directive excludes entries from the following logs: # * Access log # * Agent log # * Cache access log # * Proxy access log # * Referer log # # You can have multiple occurrences of this directive in your # configuration file. You can also put multiple entries for the same # directive if you separate them by one or more spaces. # # For more information about this directive, see the online help for the # Access log file form. This form is located in the Logging subheading in # the Configurations section of the Configuration and Administration # forms. # # Example # AccessLogExcludeURL *.gif # AccessLogExcludeURL /Rochvill/* # # This directive is used by the following form: # * Access log file #------------------------------------------------------------------------------ # AccessLogExcludeUserAgent - Exclude request URLs from user-agents that # match a given template # # Use this directive to specify that you do not want the HTTP server to # log access requests that match a specified user-agent. # # This directive excludes entries from the following logs: # * Access log # * Agent log # * Cache access log # * Proxy access log # * Referer log # # You can have multiple occurrences of this directive in your # configuration file. # # Format # AccessLogExcludeUserAgent user-agent # # user-agent # Specifies the user-agent for URL requests you do not want the # HTTP server to log. # # Example # AccessLogExcludeUserAgent Mozilla* # # In this example all URL requests made from a Netscape browser are # excluded from the access logs. # # This directive is used by the following form: # * Access log file #------------------------------------------------------------------------------ # AccessLogExpire - Remove existing access, agent, or referer log files # when they reach a given age in days # # Use this directive to specify that you want to remove access, agent, # and referer log files when they reach a specified age in days. This # directive requires that you also specify the AccessLogArchive # directive. You can have only one occurrence of this directive in your # configuration file. The age of the access log file is determined by the # file creation date, as reported by the operating system. The suffix of # the file name, such as accesslog.Q0990322, is not used to determine the # file age. # # Format # AccessLogExpire number-of-days # # number-of-days # Specifies that the access log files older that this value are to # be removed. The number of days must be an integer. Decimal # values such as 1.5 are not valid. The default value is 0. A # value of 0 indicates that no expiration date exists. # # Program default setting # AccessLogExpire 0 # # This directive is used by the following form: # * Access log file #------------------------------------------------------------------------------ # AccessLogSizeLimit - Remove existing access, agent, or referer log files # when they reach a given collective size # # Use this directive to specify that you want to remove access, agent, # and referer log files when they reach a collective size in megabytes. # The collective size refers to the size of all access log files # together, all agent log files added together, and all referer log files # added together. This directive requires that you also specify the # AccessLogArchive directive. You can only have one occurrence of this # directive in your configuration file. This directive takes effect after # the AccessLogExpire directive has taken effect. # # Format # AccessLogSizeLimit number-of-megabytes # # number-of-megabytes # Specifies that when the combined size of the access log files # exceeds this value. Files are deleted starting with the oldest # file, until the collective size is within the limit that is # specified on the AccessLogSizeLimit directive. The number of # megabytes must be an integer value. The default value is 0. A # value of 0 indicates that no access log files are to be removed. # # Program default setting # AccessLogSizeLimit 0 # # This directive is used by the following form: # * Access log file #------------------------------------------------------------------------------ # AgentLog - Specify the path for the agent log files # # Use this directive to specify the path and file name where you want the # server to log statistics about which Web browser was used to access a # particular Web page located on your server. # # By default, the server writes an entry to this log each time that a # client sends the server a request. For every entry made in the access # log, the agent log has a corresponding entry that indicates the browser # used to display the file that the client requested. # # The server starts a new agent log file each day at midnight, local # time, if it is running. Otherwise, the server starts a new log file the # first time that you start it on a given day. # # The server does not log Web browser information unless you include this # directive in your configuration file. # # Note: You must set the AccessLog file for the AgentLog to work. # Otherwise, the server will create the log file, but it will contain no # records or entries. # # For more information about this directive, see the online help for the # Access log file form. This form is located in the Logging subheading in # the Configurations section of the Configuration and Administration # forms. # # Format: # AgentLog log-file-name [max-size] # # log-file-name # For the Integrated File System, enter the path of a valid # directory. You must create the directory in the Integrated File # System before starting the server. The server creates the file. # # For all file systems other than QDLS, enter the directory and # file name of the agent log file. For example: # /http/logs/agentlog. # # The system generates a file extension in the format of qcyymmdd # where: # # + c is the century indicator (0 for pre-2000, 1 for post-2000) # + yy is the year indicator # + mm is the month indicator # + dd is the day indicator # # For the QDLS file system, enter the directory where the agent # log file is located. For example: /QDLS/httplogs/acclog/. # # The system generates a file name in the format of qcyymmdd # where: # # + c is the century indicator (0 for pre-2000, 1 for post-2000) # + yy is the year indicator # + mm is the month indicator # + dd is the day indicator # # Note: There is no file extension. # # For the QSYS file system, you can specify the agent log file in # two ways: # # 1. If you only specify a log file name, then the server creates # the file in the QUSRSYS library. For example: acclog. # 2. You can choose the library for the file by specifying the QSYS # object name using the Integrated File System syntax for file # names. For example: /qsys.lib/httplogs.lib/acclog.file. The # library that you specify must exist before you start the # server. The server creates the file and the member. # # max-size # The maximum size of a log file, measured in kilobytes. If you # specify 0, then the log file keeps growing until the server # closes the log file during the server's midnight log file # processing. At that time, the server opens a new log file # containing the current date. The default is 2000 kilobytes. This # directive parameter is optional. # # Note: You do not have to specify kilobytes (K) on this parameter. The # server will interpret any value that you enter as kilobytes. # # Example # AgentLog /logs/agent-log 8000 # # Note: For log files that you create in the QDLS file system, you must # only specify a path. The server will name the new log file in the # timestamp format of the suffix. The QTMHHTTP user profile must be # granted *RWX rights for all folders in the path that you specify in # QDLS. # # This directive is used by the following form: # * Access log file #------------------------------------------------------------------------------ # CacheAccessLog - Specify the path for the cache access log files # # If the server is running as a proxy, then you can log requests to the # cache separately from other requests. Use the CacheAccessLog directive # to specify the path and file name where you want the server to store # access requests for cached files. To enable logging of requests to the # proxy cache, you must define the following directives: # * Caching must be turned ON (the default setting is OFF) # * CacheRoot (by default, no CacheRoot is defined) # * AccessLog # * CacheAccessLog # # The server does not log cache access requests unless you include this # directive in your configuration. # # Notes: # 1. The server logs requests in the access log if you specify the # AccessLog directive in your configuration but do not specify the # CacheAccessLog directive. For more information about the AccessLog # directive, see AccessLog - Name the path for the access log # file. # 2. If you specify an extended log format with the AccessLog directive, # the same extended log format is also used for cache access logs. # # The value of CacheAccessLog can either be an absolute path to a path # that is relative to the ServerRoot directive (one example of each is # shown below). # # Note: If you choose to use CacheAccessLog, access requests for cached # files are logged, but they are not included in the access reports. # Access reports contain only information from access logs, and not from # cache access logs. Therefore, if you want access reports to contain # access requests for cached files, then do not specify the # CacheAccessLog directive. # # The server starts a new cache access log file each day at midnight, # local time, if it is running. Otherwise, the server starts a new log # file the first time that you start it on a given day. # # Note: It is a good idea to occasionally check the path that contains # your log files. If your server has a large amount of activity, then # your log files could grow to the point where they cause your server to # run out of disk space. Make sure that the files are not taking up too # much space and delete the log files that you no longer need. # # For more information about this directive, see the online help for the # Access log file form. This form is located in the Logging subheading in # the Configurations section of the Configuration and Administration # forms. # # The format for this directive is the following: # CacheAccessLog <file_path> [max-size] # # file_path # For the Integrated File System, enter the path of a valid # directory. You must create the directory in the Integrated File # System before starting the server. The server creates the file. # # For all file systems other than QDLS, enter the directory and # file name of the cache access log file. For example: # /http/logs/cacheaccesslog. # # The system generates a file extension in the format of qcyymmdd # where: # # + c is the century indicator (0 for pre-2000, 1 for post-2000) # + yy is the year indicator # + mm is the month indicator # + dd is the day indicator # # For the QDLS file system, enter the directory where the cache # access log file is located. For example: /QDLS/httplogs/acclog/. # # The system generates a file name in the format of qcyymmdd # where: # # + c is the century indicator (0 for pre-2000, 1 for post-2000) # + yy is the year indicator # + mm is the month indicator # + dd is the day indicator # # Note: There is no file extension. # # max-size # The maximum size of a log file, measured in kilobytes. If you # specify 0, then the log file keeps growing until the server # closes the log file during the server's midnight log file # processing. At that time, the server opens a new log file # containing the current date. The default is 2000 kilobytes. This # directive parameter is optional. # # Note: You do not have to specify kilobytes (K) on this parameter. The # server will interpret any value that you enter as kilobytes. # # Example # CacheAccessLog /absolute/path/logfile 3300 # CacheAccessLog /logs/logfile 5050 # # Note: For log files that you create in the QDLS file system, you must # only specify a path. The server will name the new log file in the # timestamp format of the suffix. The QTMHHTTP user profile must be # granted *RWX rights for all folders in the path that you specify in # QDLS. # # This directive is used by the following form: # * Access log file # * Caching settings #------------------------------------------------------------------------------ # CGIErrorLog - Specify the path for the CGI error log files # # Use this directive to specify the path and file name where you want the # server to log standard error output (stderr) from CGI programs. # # The server starts a new CGI error log file each day at midnight, local # time, if it is running. Otherwise, the server starts a new log file the # first time that you start it on a given day. # # The server does not log errors related to CGI programs unless you # include this directive in your configuration. # # If you store this log file in the QSYS.LIB file system, then you must # specify the library and file member. The server then creates the member # in the format QYYYYMMDD, where these variables have the following # values: # * Q a default value that indicates to the server that this is a log # file. # * YYYY is the four-digit year. # * MM is the numerical month. # * DD is the numerical day of the month. # # Note: For all other file systems, remember that the user profile # QTMHHTTP must have write authority for the server to create log files # in these file systems. For the QDLS file system, you must give the # QTMHHTTP user profile authority to each folder in which you want to # store log files. # # For more information about this directive, see the online help for the # Error log file form. This form is located in the Logging subheading in # the Configurations section of the Configuration and Administration # forms. # # Format: # CGIErrorLog log-file-name [max-size] # # log-file-name # For the Integrated File System, enter the path of a valid # directory. You must create the directory in the Integrated File # System before starting the server. The server creates the file. # # For all file systems other than QDLS, enter the directory and # file name of the CGI error log file. For example: # /http/logs/cgierrorlog. # # The system generates a file extension in the format of qcyymmdd # where: # # + c is the century indicator (0 for pre-2000, 1 for post-2000) # + yy is the year indicator # + mm is the month indicator # + dd is the day indicator # # For the QDLS file system, enter the directory where the CGI # error log file is located. For example: # /QDLS/httplogs/cgierrorlog/. # # The system generates a file name in the format of qcyymmdd # where: # # + c is the century indicator (0 for pre-2000, 1 for post-2000) # + yy is the year indicator # + mm is the month indicator # + dd is the day indicator # # Note: There is no file extension. # # For the QSYS file system, you can specify the CGI error log file # in two ways: # # 1. If you only specify a log file name, then the server creates # the file in the QUSRSYS library. For example: acclog. # 2. You can choose the library for the file by specifying the QSYS # object name using the Integrated File System syntax for file # names. For example: /qsys.lib/httplogs.lib/acclog.file. The # library that you specify must exist before you start the # server. The server creates the file and the member. # # max-size # The maximum size of a log file, measured in kilobytes. If you # specify 0, then the log file keeps growing until the server # closes the log file during the server's midnight log file # processing. At that time, the server opens a new log file # containing the current date. The default is 2000 kilobytes. This # directive parameter is optional. # # Note: You do not have to specify kilobytes (K) on this parameter. The # server will interpret any value that you enter as kilobytes. # # Example # CGIErrorLog /logs/cgi-error 1500 # # Note: For log files that you create in the QDLS file system, you must # only specify a path. The server will name the new log file in the # timestamp format of the suffix. The QTMHHTTP user profile must be # granted *RWX rights for all folders in the path that you specify in # QDLS. # # This directive is used by the following form: # * Error log file #------------------------------------------------------------------------------ # ErrorLog - Name the file where you want to log internal server errors # # Use this directive to specify the path and file name where you want the # server to log internal errors. You can also optionally specify the # coded character set identifier (CCSID) and language ID that is used by # all error logs. # # The server starts a new log file each day at midnight if it is running. # Otherwise, the server starts a new log file the first time you start it # on a given day. When creating the file, the server uses the file name # you specify and appends a date extension. # # The server does not log internal errors unless you include this # directive in your configuration. # # For more information about this directive, see the online help for the # Error log file form. This form is located in the Logging subheading in # the Configurations section of the Configuration and Administration # forms. # # Format # ErrorLog log-file-name [max-size] [langid ccsid] # # log-file-name # For the Integrated File System, enter the path of a valid # directory. You must create the directory in the Integrated File # System before starting the server. The server creates the file. # # For all file systems other than QDLS, enter the directory and # file name of the error log file. For example: # /http/logs/errorlog. # # The system generates a file extension in the format of qcyymmdd # where: # # + c is the century indicator (0 for pre-2000, 1 for post-2000) # + yy is the year indicator # + mm is the month indicator # + dd is the day indicator # # For the QDLS file system, enter the directory where the error # log file is located. For example: /QDLS/httplogs/errlog/. # # The system generates a file name in the format of qcyymmdd # where: # # + c is the century indicator (0 for pre-2000, 1 for post-2000) # + yy is the year indicator # + mm is the month indicator # + dd is the day indicator # # Note: There is no file extension. # # For the QSYS file system, you can specify the error log file in # two ways: # # 1. If you only specify a log file name, then the server creates # the file in the QUSRSYS library. For example: acclog. # 2. You can choose the library for the file by specifying the QSYS # object name using the Integrated File System syntax for file # names. For example: /qsys.lib/httplogs.lib/acclog.file. The # library that you specify must exist before you start the # server. The server creates the file and the member. # # max-size # The maximum size of a log file, measured in kilobytes. If you # specify 0, then the log file keeps growing until the server # closes the log file during the server's midnight log file # processing. At that time, the server opens a new log file # containing the current date. The default is 2000 kilobytes. This # directive parameter is optional. # # Note: Specify a value in units of bytes (B), kilobytes (K), megabytes # (M), or gigabytes (G). The server interprets any value that you enter # without units as kilobytes. # # langid ccsid # The language ID and coded character set identifier (CCSID) that # are used by all error log files. # # Enter a three character language ID. Specifying *DFT means to # use the default ENU (English). Specifying *LANGID means to use # the QLANGID system value. You can use the wrksysval QLANGID # command to view a list of valid language ID values. # # Enter a five digit number from 00001 through 65535 to represent # the error log file CCSID. For a list of CCSID values see the # manual, AS/400 National Language Support, SC41-5101. Specifying # *DFT value means to use the default of 819 (when log files are # in the Integrated File System). Or use the default 37 (when log # files are in the QSYS file system). Specifying *CCSID means to # use the QCCSID system value. # # Notes: # # 1. You must specify the langid and ccsid values as a pair. That # is, if you specify one value, you must specify the other. # 2. If you do not specify the langid and ccsid values, the server # uses the default values ENU 819 or ENU 37. # 3. If the language specified is not installed, the server uses # the primary language installed for the IBM HTTP Server for # AS/400 product (5769-DG1). # # Examples # QSYS: ErrorLog ERRLOG 1000 # # QOpenSys: ErrorLog /QOpenSys/server/logs/errorlog 550 ENU 819 # # Note: For log files that you create in the QDLS file system, you must # only specify a path. The server will name the new log file in the # timestamp format of the suffix. The QTMHHTTP user profile must be # granted *RWX rights for all folders in the path that you specify in # QDLS. # # Example # ErrorLog /httplog/error/default 2000 # # This directive is used by the following form: # * Error log file # * Change instance parameters #------------------------------------------------------------------------------ # ErrorLogArchive - Remove existing error and GCI error log files or run a # program # # Use this directive to specify values that apply to error and CGI error # logs. The collective size includes the size of all error logs or all # CGI error logs, but not both types of logs together. At midnight the # HTTP server closes the current error and CGI error logs and creates new # log files for the next day. Using this directive you can choose to do # one of the following actions with the closed error logs: # * Remove log files of a given age or when a given amount of storage # is used by the collection of error log files. # * Allow closed log files to remain in the directory. # * Run a user-exit program. # # To remove error logs of a given age, specify this directive, in # addition to the ErrorLogExpire directive. To remove logs when their # collective size exceeds a certain amount of storage, specify this # directive, in addition to the ErrorLogSizeLimit directive. # # To allow closed logs to remain in the directory, you can accept the # default, which is ErrorLogArchive none. # # To branch to a program, specify the path to the program and any # parameters for the program on the ErrorLogArchive directive. The # program is called up to 2 times depending on whether the error and CGI # error are enabled. The server will append to this directive the path to # the error or CGI error log. # # You can specify any of the following formats: # ErrorLogArchive purge # ErrorLogArchive none # ErrorLogArchive userexit path_to_the_user-exit_program # [parameters for your user-exit program] # # purge # Remove error log files of a given age or when their collective # size exceeds a given amount of storage. # # none # Do not remove error log files. # # userexit # Specifies the path of the user-exit program you want to branch # to. You can optionally specify the parameters for your user-exit # program. # # Program default setting # ErrorLogArchive none # # This directive is used by the following form: # * Error log file #------------------------------------------------------------------------------ # ErrorLogExpire - Remove existing error and CGI error log files when they # reach a given age in days # # Use this directive to specify that you want to remove error and CGI # Error log files when they reach a specified age in days. This directive # requires that you also specify the ErrorLogArchive directive. You can # have only one occurrence of this directive in your configuration file. # The HTTP server uses file creation date, as reported by the operating # system, to determine the age of the error log file. The HTTP server # does not use the suffix of the file name, such as errorlog.Q0990322, to # determine the file age. # # Format # ErrorLogExpire number-of-days # # number-of-days # Specifies that the error log files older that this value are to # be removed. The number of days must be an integer. Decimal # values such as 1.5 are not valid. The default value is 0. A # value of 0 indicates that no expiration date exists. # # Program default setting # ErrorLogExpire 0 # # This directive is used by the following form: # * Error log file #------------------------------------------------------------------------------ # ErrorLogSizeLimit - Remove existing error and CGI error log files when # they reach a given collective size # # Use this directive to specify that you want to remove error and CGI # error log files when they reach a collective size in megabytes. The # collective size refers to the size of all error log files together, and # separately, all CGI error log files added together. This directive # requires that you also specify the ErrorLogArchive directive. You can # only have one occurrence of this directive in your configuration file. # This directive takes effect after the ErrorLogExpire directive has # taken effect. # # Format # ErrorLogSizeLimit number-of-megabytes # # number-of-megabytes # Specifies that when the combined size of the error log files # exceeds this value, files are deleted. This starts with the # oldest file, until the collective size is within the limit that # is specified on the ErrorLogSizeLimit directive. The number of # megabytes must be an integer value. The default value is 0. A # value of 0 indicates that no error log files are to be removed. # # Program default setting # ErrorLogSizeLimit 0 # # This directive is used by the following form: # * Error log file #------------------------------------------------------------------------------ # ExtendedLogFormat - Specify an extended log file format for access log # files # # Use this directive to customize the information that is logged in the # HTTP server's access log files. The extended log format is a World Wide # Web Consortium standard and is readable by many common log analysis # tools. You can specify what information the HTTP server logs in the # access logs by using the subdirectives for this directive. You must # name each format and use the name on the subsequent AccessLog # directive. # # Format # ExtendedLogFormat format-name { # Field field-value # subdirective # subdirective # subdirective # . # . # . # } # # format-name # The name of this format. # # Field # This is the Field subdirective, see Field - Specify a field # to record an entry in the access log. This directive requires # you specify at least one Field subdirective. # # subdirective # Use this parameter to include other subdirectives as part of the # ExtendedLogFormat directive. The left brace character must be # the last character on the same line as the ExtendedLogFormat # directive. Each subdirective follows on its own line. The right # brace character must be on its own line that follows the last # subdirective line. You cannot put any comment lines between the # braces. # # Example # ExtendedLogFormat myformat { # StartDate # EndDate # Software # Remark "Log file description" # Field cs-dns # Field time # Field cs-uri-stem # Field sc-status # Field bytes # Field cs(User-Agent) } # # This directive is used by the following forms: # * Create extended log format # * Change extended log format # * Delete extended log format #------------------------------------------------------------------------------ # ExtendedLogFormat Subdirectives # # The following are descriptions of the extended log format # subdirectives. # # Date - Include the date and time at which the entry was added as a directive # # Use the Date subdirective to specify that you want to include the date # and time the entry was added to the log. # # EndDate - Include the date and time at which the log was ended as a # directive # # Use the EndDate subdirective to specify you want to include the date # and time the log was ended in the log file header. # # Field - Specify a field to record an entry in the access log # # Use the Field subdirective to specify a field to record for an entry in # the access log file. The HTTP server requires that you specify at least # one Field subdirective with the ExtendedLogFormat directive. The order # of the Field directives specifies the order the HTTP server records # information in an access log entry. If the field information is not # available, a dash (-) is recorded in the log entry. # # The format of this directive is the following: # { Field field-value # # Field-value # One of the following can specify the field-value: # # + An identifier - relates to the transaction as a whole. # + A prefix-identifier combination - relates to information # transfer between parties that are defined by the prefix. # + Or a prefix-header combination - the HTTP header field for # transfer between parties. # # The following identifiers do not require a prefix: # # + date Date at which transaction completed # + time Time at which transaction completed # + bytes Bytes transfered # + cached Records whether a cache match occurred, 0 indicates a # miss # # The following identifiers require a prefix: # # + ip Host IP address and port # + dns Host's DNS name # + status Status code # + comment Comment returned with status code # + method Method URI # + URI URI # + uri-stem Stem portion alone of URI (omitting query) # + uri-query Query portion alone of URI # # Specify the following prefixes: # # c # Client # # s # Server # # cs # Client to server # # sc # Server to client # # Remark - Include and specify comment information to be included as a # directive # # Use the Remark subdirective to specify you want to include comment # information in the log file header. # # Software - Include the software which generated in the log as an analysis # tool directive # # Use the Software subdirective to specify you want to include the name # of the software that generated the log in the log file header. # # StartDate - Include the date and time at which the log was started as a # directive # # Use the StartDate subdirective to specify you want to include the date # and time the log was started in the log file header. # # LogFormat - Specify common, DDS, or extended log file format # # Use this directive to specify whether you want your server to write log # files in the common format, Data Description Specification (DDS) # format, or the Extended format. If you select common or extended # format, you can choose whether you want to store the access and error # log files in the QSYS or the integrated file system. You must create # both access logs and error logs in the same log format. This directive # must occur before other directives that refer to log formats. # # The default format is common. The common format is the one that is used # by most Web servers. # # When DDS is specified as the format, during the server startup, a new # physical file is created in the QSYS library that you specify by using # CRTDUPOBJ with the access log template as the "from" file. DDS defines # fields for each record in the file. # # Format # LogFormat format # # format # # DDS # Specify DDS to write Access and Error log files in the # Data Description Specification (DDS) format. Access and # Error log files in the DDS format must be in the QSYS file # system. The DDS format contains the same information that # is described in the Common format. # # Access logs have the following field definitions: # # o Host name # o Remote ID # o Authentication user # o Time # o Request # o Request status # o Number of bytes transferred # # Error logs have the following definitions: # # o Time # o Error message # o Host name # o Request # # common # Specify common to write log files in the common format. # Most web servers use the common format. Analyzing tools # are generally available for the common format. # # Access logs have the following field definitions: # # o Host name # o Remote ID # o Authentication user # o Time # o Request # o Request status # o Number of bytes transferred # # Error logs have the following definitions: # # o Time # o Error message # o Host name # o Request # # extended # Specify the extended log format to combine Access, # Referer, and Agent log information into one log file. This # format also allows you to configure the information that # is written in each access log entry. If you do not specify # a named extended log format, each access log entry will # have a common format with agent and referer information # appended. Use the ExtendedLogFormat directive to specify # what information the HTTP server logs into the access log # files. For information about the ExtendedLogFormat # directive, see ExtendedLogFormat - Specify an # extended log file format for access log files. Using the # extended log format does not affect error, referer, or # agent log files. # # For more information about logging, see Customizing your logs. # # For more information about this directive, see the online help for the # Global log file settings form. This form is located in the Logging # subheading in the Configurations section of the Configuration and # Administration forms. # # Example # LogFormat DDS # # Program default setting # LogFormat Common # # This directive is used by the following form: # * Global log file #------------------------------------------------------------------------------ # LogTime - Specify GMT or local time stamps in log files # # Use this directive to specify whether your logs should record entries # using local time or Greenwich Mean Time (GMT). # # Format # LogTime value # # value # # GMT # Specify GMT to use Greenwich Mean Time on time stamps. # # LocalTime # Specify LocalTime to use local time on time stamps. # # Example # LogTime GMT # # Program default setting # LogTime LocalTime # # This directive is used by the following form: # * Global log file #------------------------------------------------------------------------------ # NoLog - Suppress log entries for specific hosts or domains matching a # template # # Use this directive to specify that you do not want to log access # requests made from specific hosts or domains that match a given # template. For example, you may not want to log access requests from # local hosts. # # This directive excludes entries from the following logs: # * Access log # * Agent log # * Cache access log # * Proxy access log # * Referer log # # You can have multiple occurrences of this directive in your # configuration file. You can also put multiple templates on the same # directive if you separate them by one or more spaces. You can use host # names or IP number addresses on the templates. # # Note: To use host name templates, you must set the DNS-Lookup directive # to On. If the DNS-Lookup directive is set to Off (the default), you can # use IP address templates only. # # For more information about this directive, see the online help for the # Access log file form. This form is located in the Logging subheading in # the Configurations section of the Configuration and Administration # forms. # # Examples # NoLog 128.141.* # NoLog *.edu # NoLog localhost.* # # This directive is used by the following form: # * Access log file #------------------------------------------------------------------------------ # ProxyAccessLog - Name the path for the proxy access log file # # For more information about the ProxyAccessLog directive, see # ProxyAccessLog - Name the path for the proxy access log file. # # RefererLog - Specify the path for the referer log files # # Use this directive to specify the path and file name where you want the # server to log the identity of the Web page that referred to (linked to) # the requested Web page on your server. By default, the server writes an # entry to this log each time that a client sends the server a request. # For every entry made in the access log, the referer log has a # corresponding entry that indicates which page referred to the page that # the client requested. If no page referred to the requested page, then # the entry is two quotation marks (""). # # The server starts a new referer log file each day at midnight, local # time, if it is running. Otherwise, the server starts a new log file the # first time that you start it on a given day. # # The server does not log URLs that referred to (linked to) the requested # Web page on your server unless you include this directive in your # configuration file. # # For more information about this directive, see the online help for the # Access log file form. This form is located in the Logging subheading in # the Configurations section of the Configuration and Administration # forms. # # Format # RefererLog log-file-name [max-size] # # log-file-name # For the Integrated File System, enter the path of a valid # directory. You must create the directory in the Integrated File # System before starting the server. The server creates the file. # # For all file systems other than QDLS, enter the directory and # file name of the referer log file. For example: # /http/logs/refererlog. # # The system generates a file extension in the format of qcyymmdd # where: # # + c is the century indicator (0 for pre-2000, 1 for post-2000) # + yy is the year indicator # + mm is the month indicator # + dd is the day indicator # # For the QDLS file system, enter the directory where the referer # log file is located. For example: /QDLS/httplogs/refererlog/. # # The system generates a file name in the format of qcyymmdd # where: # # + c is the century indicator (0 for pre-2000, 1 for post-2000) # + yy is the year indicator # + mm is the month indicator # + dd is the day indicator # # Note: There is no file extension. # # For the QSYS file system, you can specify the referer log file # in two ways: # # 1. If you only specify a log file name, then the server creates # the file in the QUSRSYS library. For example: acclog. # 2. You can choose the library for the file by specifying the QSYS # object name using the Integrated File System syntax for file # names. For example: /qsys.lib/httplogs.lib/acclog.file. The # library that you specify must exist before you start the # server. The server creates the file and the member. # # max-size # The maximum size of a log file, measured in kilobytes. If you # specify 0, then the log file keeps growing until the server # closes the log file during the server's midnight log file # processing. At that time, the server opens a new log file # containing the current date. The default is 2000 kilobytes. This # directive parameter is optional. # # Note: You do not have to specify kilobytes (K) on this parameter. The # server will interpret any value that you enter as kilobytes. # # Example # RefererLog /logs/referer-log 4400 # # Note: For log files that you create in the QDLS file system, you must # only specify a path. The server will name the new log file in the # timestamp format of the suffix. The QTMHHTTP user profile must be # granted *RWX rights for all folders in the path that you specify in # QDLS. # # This directive is used by the following form: # * Access log file #------------------------------------------------------------------------------ # Log reporting # # The HTTP server provides two types of log reports; Basic and web usage # mining. # # Basic reports are generated through an interactive interface from # information in your access, agent, and referer logs. Basic reports # provide the following types of information: # * Host names or IP addresses of visitors to your Web site. # * Methods that are requested by visitors to your Web site. # * Return codes from programs running on your HTTP server. # * URLs that are accessed by visitors to your Web site. # # The HTTP server generates web usage mining reports at a time that you # specify. The HTTP server generates reports from information in your # access, agent, and referer logs. Web usage mining reports provide the # following types of information: # * User session information such as the most frequent external link # (referer) to your Web site. # * Paths that are chosen by each visitor through your Web site. # * Groups of pages that are most frequently visited on your Web site. # # AccessReportDoDNSLookup - Display client host names in access reports # # Use this directive to display the client host names in access reports. # When the HTTP server creates access reports, it generates a list of the # client host names and calls the domain name server (DNS). This results # in improved performance since not every client access requires the # server to do a DNS lookup. # # Example # AccessReportDoDNSLookup on # # Program default setting # AccessReportDoDNSLookup off # # This directive is used by the following form: # * Global report settings #------------------------------------------------------------------------------ # AccessReportTemplate - Define a report template # # Use this directive to define a report template and give it a name. This # directive must occur before other directives that refer to report # templates. # # Format # AccessReportTemplate report_title { # subdirective value # subdirective value # . # . # . # } # # report_title # The name of the report. The report name cannot contain any # blanks. # # subdirective value # Use this parameter to include subdirectives as part of the # LDAPInfo directive. The left brace character must be the last # character on the same line as the LDAPInfo directive. Each # subdirective follows on its own line. The right brace character # must be on its own line that follows the last subdirective line. # You cannot put any comment lines between the braces. # # Example # AccessReportTemplate Myreport { # AccessReportDescription Top 50 files and vistitors # AccessReportTopList 50 # } # # This directive is used by the following forms: # * Create report template # * Change report template # * Delete report template #------------------------------------------------------------------------------ # AccessReportDescription - Display a description of the report to be created # # Use the AccessReportDescription subdirective to specify a description # that is displayed on the report. # # Example # AccessReportDescription Top 50 files and visitors # # AccessReportExcludeHostName - Suppress from the report the log entries for # specific host names # # Use the AccessReportExcludeHostName subdirective to specify that you do # not want to include in the access report requests that are made by host # names or IP addresses that match a given template. # # You can have multiple occurrences of this directive in your # configuration file. # # Note: To exclude host names, you must set the DNS-Lookup directive to # On. If you set the DNS-Lookup directive to Off (the default), you can # exclude IP addresses only. # # Example # AccessReportExcludeHostName 9.85.*.* # AccessReportExcludeHostName *.edu # # AccessReportExcludeMethod - Suppress from the report the log entries of a # given method type # # You can use the AccessReportExcludeMethod subdirective to specify you # do not want to include in the access report requests of a given method # type. # # You can have multiple occurrences of this directive in your # configuration file. # # Example # AccessReportExcludeMethod GET # AccessReportExcludeMethod PUT # AccessReportExcludeMethod POST # # AccessReportExcludeReturnCode - Suppress from the report the log entries # with a given return code # # Use the AccessReportExcludeReturnCode subdirective to specify that you # do not want to include in the access report requests that fall within a # given set of error code numbers. These error code numbers are HTTP # status codes. You cannot specify individual return codes. For example, # when you specify to exclude return code 300 from the access report, you # are excluding return codes 301, 302, 303, and 304. To exclude these # requests from the report, you would specify # AccessReportExcludeReturnCode 300. # # You can have multiple occurrences of this directive in your # configuration file. # # Example # AccessReportExcludeReturnCode 200 # AccessReportExcludeReturnCode 400 # # AccessReportExcludeURL - Suppress from the report the log entries for # specific files or directories # # Use the AccessReportExcludeURL subdirective to specify that you do not # want to include in the access report requests made for specific files # or directories that match a given URL template. For example, you might # not want to include in the report access requests for GIF files or a # particular file or directory on your server. # # You can have multiple occurrences of this directive in your # configuration file. # # Example # AccessReportExcludeURL *.gif # AccessReportExcludeURL oldfiles* # # AccessReportIncludeHostName - Include in the report only log entries for # specific host names # # Use the AccessReportIncludeHostName subdirective to specify you want to # include in the access report requests made by host names or IP # addresses that match a given template. # # To include host names, you must set the DNS-Lookup directive to On. # Only IP addresses are included if you set the DNS-Lookup directive to # Off (the default). # # You can have multiple occurrences of this directive in your # configuration file. # # Example # AccessReportIncludeHostName 9.9.99.* # AccessReportIncludeHostName *.com # # AccessReportIncludeURL - Include in the report only log entries for specific # files or directories # # Use the AccessReportIncludeURL subdirective to specify that you want to # include in the access report only access requests made for specific # files or directories that match a given URL template. For example, you # might want to include in the report only access requests for HTML # files. Or you might want to include access requests to a particular # file or directory on your server. # # You can have multiple occurrences of this directive in your # configuration file. # # Example # AccessReportIncludeURL /*.html # # AccessReportTopList - Specify the top number of items on which to report # # Use the AccessReportTopList subdirective to specify the top number of # items on which to report. # # You can use the AccessReportTopList subdirective in one of the # following methods: # * Specify that the report is to include the top_number most # frequently occurring entries in the access log. You must specify an # integer value. # AccessReportTopList top_number # # * Specify that the report is to include all entries in the access # log. # AccessReportTopList all # # Example # AccessReportTopList 10 # # Program default setting # AccessReportTopList 50 # # ReportProcessOldLogs - Check for old logs in the log directory # # Use this directive to indicate that you want the server to check for # old access logs in the log directory that are not listed in the list of # log files that have been processed into reports. With this directive, # you can process old access log files by doing the following: # * Appending the data from old access log files to existing reports # * Creating reports for all access log files and overwriting existing # reports # * Creating a report for the most recently created access log file # # Format # ReportProcessOldLogs append | force | last # # append # Add to existing access log reports data from log files that were # not originally included in the reports. # # force # Overwrite existing accesslog reports with reports that are based # on data from all access log files, regardless of whether they # are originally included in the reports. # # Note: The only way to erase report files that are named access.mmddyyyy # is to archive them with the ReportDataArchive directive. # # last # Create reports that are based on data from the most recently # created access log file. # # Program default setting # ReportProcessOldLogs append # # This directive is used by the following form: # * Global report settings #------------------------------------------------------------------------------ # ReportDataSizeLimit - Remove existing access data files when they reach a # given collective size # # Use this directive to specify that you want to remove access data files # when they reach a collective size (in megabytes). # # Note: This directive requires that you also specify the # ReportDataArchive directive. # # Format # ReportDataSizeLimit number-of-megabytes # # number-of-megabytes # Specifies that when the sum total size of the access data files # exceeds this value, files are deleted. This starts with the # oldest file, until the collective size is within the limit that # is specified on the ReportDataSizeLimit directive. You must # specify an integer. # # This directive takes effect after the ReportDataExpire directive has # taken effect. # # Program default setting # ReportDataSizeLimit 0 # # The default is 0, a value that indicates that no access data files are # to be removed. # # This directive is used by the following form: # * Global report settings #------------------------------------------------------------------------------ # ReportDataArchive - Specify whether to remove existing access data files # # Use this directive to specify whether you want to remove existing # access data log files. If you want to remove access data files, you # also must specify the ReportDataExpire directive, see # ReportDataExpire - Remove existing access data files when they # reach a given age in days. Even after you remove access data files, the # data from these files is still available for reports to use, until you # specify the ReportProcessOldLogs directive with the force option. # # You can specify any of the following formats: # ReportDataArchive purge # ReportDataArchive none # ReportDataArchive userexit # # # purge # Remove access data files of a given age or when their collective # size exceeds a given amount of storage. # # ReportDataArchive none # # none # Do not remove access data files. The default value is none. # # ReportDataArchive userexit path_to_the_user-exit_program # [parameters for the user-exit] # # userexit # Specifies the path of the user-exit program you want to branch # to. The server appends the path to the access log to the # directive. You can optionally specify the parameters for your # user-exit program. # # none # # This directive is used by the following form: # * Global report settings #------------------------------------------------------------------------------ # ReportDataExpire - Remove existing access data files when they reach a # given age in days # # Use this directive to specify that you want to remove access log files # when they reach a certain age (in days). This directive requires that # you also specify the ReportDataArchive directive. # # The HTTP server uses the file creation date, as reported by the # operating system, to determine the age of the error log file. The HTTP # server does not use the suffix of the file name, such as # httpd-log.Mar221996, to determine file age. # # Format # ReportDataExpire number-of-days # # number-of-days # Specifies that reports older than this value are to be removed. # The number-of-days must be an integer. For example, decimal # values such as 1.5 are not valid. # # Program default setting # ReportDataExpire 0 # # The default is 0, a value that indicates that no expiration date # exists. # # This directive is used by the following form: # * Global report settings #------------------------------------------------------------------------------ # DoReporting - Specify when to generate reports # # Use this directive to specify when you want the HTTP server to generate # basic reports. This directive requires you have logging enabled. # # Format # DoReporting value [hours_past_midnight] # # value # # on # The server generates basic reports. # # off # The server does not generate basic reports. # # hours_past_midnight # Enter the number of hours past midnight you want the server to # generate basic reports. Choose a number from 0 through 23. When # you specify 0, the HTTP server generates the report at midnight. # # Example # DoReporting On 2 # # Program default setting # DoReporting Off 0 # # The default time is 0, a value that indicates to generate a basic # report at midnight. # # This directive is used by the following form: # * Global report settings #------------------------------------------------------------------------------ # DoWebUsageMining - Create when to generate web usage mining reports # # Use this directive to specify when you want the HTTP server to generate # web usage mining reports. This directive requires you also have logging # and reporting enabled. # # Format # DoWebUsageMining value [hours_past_midnight] # # value # # On # The server generates web usage mining reports. # # Off # The server does not generate web usage mining reports. # # hours_past_midnight # Enter the number of hours past midnight you want the server to # generate detailed reports. Choose a number from 0 through 23. # When you specify 0, HTTP server generates the report at # midnight. # # Example # DoWebUsageMining On 4 # # Program default setting # DoWebUsageMining Off 0 # # The default time is 0, a value that indicates to generate a web usage # mining report at midnight. # # This directive is used by the following form: # * Global report settings #------------------------------------------------------------------------------ # Meta information - Name meta information files and directories # # Use the directives described in this section to control where your # server looks for meta information files. The server can include the # meta information for a file when responding to requests for that file. # Meta information describes the file containing a document, but not the # contents of that document. For example, the meta information for a # particular file might give the date that the file was created and the # date the it was last changed. Each line of a meta information file # contains a header field, followed by a colon, and then the value of the # field. # # For example: # Last-Modified: Tuesday, 31-Mar-98 12:34:56 GMT # Expires-by: Friday, 19-Jun-98 24:00:00 GMT # MIME-Version: 1.0 # Content-Type: text/html # Content-Length: 2468 # # Note: Meta information is only supported on the "root" (/), # user-defined file systems (UDFS), and QOpenSys file systems. # # You can use a separate set of files to store meta information about # your server's documents. The server can include the meta information # with its HTTP responses. You can include any valid response headers as # described in the HTTP 1.1 specification. # # HTTP recognizes MIME headers. Information that MIME header fields can # include are the following: # * file type # * file subtype # * encoding # * content length # # MetaDir - Specify the name of subdirectory for meta information files # # Use this directive to specify the name that you want to use for # subdirectories that contain meta information files. You can only have # one instance of this directive, which means that all of your meta # information subdirectories have the same name. The stated directory is # a subdirectory of the directory in the document which "meta" is located # in. # # Any directory from which your server retrieves files can have a # subdirectory with the name specified on this directive. The files on # the meta information subdirectory can contain meta information about # the files being retrieved. The meta information files have the same # file name and extension as the file that they describe, plus an added # extension. You specify the name of the added suffix on the MetaSuffix # directive. # # For example, you might have the following two directives in your # configuration file: # MetaDir look_here # MetaSuffix .file_desc # # Your server can retrieve this file: # /html/ultracool/ultraindex.html # # Then your server looks for meta information to include with the # response in this file: # /html/ultracool/look_here/ultraindex.html.file_desc # # Example # MetaDir mimeinfo # # Program default setting # MetaDir .web # # Note: The dot or period character (.) at the beginning of the default # value is used as part of the subdirectory name. The server hides this # subdirectory from the user. If you wish to use a directory that is not # hidden, then choose a directory without an initial period. For example: # MetaDir web # # This directive is used by the following form: # * Meta information #------------------------------------------------------------------------------ # MetaSuffix - Specify the extension for meta information files # # Use this directive to specify the suffix that you want to use for # subdirectories that contain meta information files. You can only have # one instance of this directive, which means that all of your meta # information files end in the same suffix. you must include the dot or # period character (.) as part of the value. # # Any file that your server retrieves files can have a meta information # file associated with it. A meta information file has the same file name # and suffix as the file that it describes, plus the additional suffix # that you specify on the MetaSuffix directive. the suffix is an # extension of the complete "meta" file name. A meta information file # must be located on a subdirectory of the directory that contains the # file being described. The name of the subdirectory must be the that you # specify on the MetaDir directive. # # See the above description of the MetaDir directive to see an example of # how MetaDir and MetaSuffix work together. # # Example # MetaSuffix .head # # Note: Some file systems may hide a subdirectory that contains an # initial period (.). If you wish to use a directory that is not hidden, # then choose a directory without an initial period. For example, you # could specify the following MetaSuffix directive in your configuration # file: # MetaSuffix web # # Program default setting # MetaSuffix .meta # # Note: The dot or period character (.) at the beginning of the default # value is used as part of the subdirectory name. # # This directive is used by the following form: # * Meta information #------------------------------------------------------------------------------ # UseMetaFiles - Specify whether meta files will be used # # Use this directive to specify whether meta files will be used by the # server. Set this directive to off for better server performance. # # The format of this directive is the following: # UseMetaFiles setting # # The setting can have a value of on or off, as described below: # # on # The server will always use meta files. # # off # The server will not use meta files. # # Example # UseMetaFiles on # # Program default setting # UseMetaFiles off # # This directive is used by the following form: # * Meta information # * Performance #------------------------------------------------------------------------------ # Protection - Set up access control for the server # # Use the directives described in this section to control access to your # server's resources. # # There are two ways to define protection: # * Defined inline, on the Protect directive # * Defined with a named protection setup on the Protection directive # # You link protection setups to groups of files based on the requests # that are used to access those files. Use the Protect directive to # define the requests you want to protect. # # You can define the actual protection setup directly in the # configuration file. Within the configuration file, you can define and # label a protection setup using the Protection directive. You can also # define a protection setup directly on a Protect directive. # # To create or modify an access control list (ACL) file, the server must # have write permission to the file. # # This section also describes the subdirectives that define a protection # setup. # # See Protecting your server for step-by-step instructions on # protecting your server resources. # # Protect - Activate protection setup for requests that match a template # # Use this directive to activate protection setup rules for requests that # match a template. # # Attention: For protection to work properly, you must put your Protect # and Protection directives before any Pass or Exec directives in your # configuration file. You must also use these directives before the # directive where you intend to use them. For example, if you set up a # proxy server and wanted to protect it, you would need to specify the # Protect and Protection directives immediately before the Proxy http:* # directive. # # The format of the directive is different depending on how you use it. # You can use the Protect directive to do the following: # * Point to a label containing the protection subdirectives. # * Include the protection subdirectives as part of the Protect # directive. # # How you use the Protect directive determines its format. # # If you want to point to a label containing the protection # subdirectives, the format is as follows: # Protect request-template [label [FOR IP-address-template]]] # # If you want to include the protection subdirectives as part of the # Protect directive, the format is as follows: # Protect request-template [IP-address-template]] { # subdirective value # subdirective value # . # . # . # } # # request-template # A template for requests that you want to activate protection # for. The server compares incoming client requests to the # template and activates protection if there is a match. # # label # If you are pointing to a label containing the protection # subdirectives, use this parameter to identify the protection # setup you want to activate for requests that match # request-template. # # This parameter is optional. Protection setup is defined with # protection subdirectives. See Protection Subdirectives for # descriptions of the protection subdirectives. If present, this # parameter can take the following form: # # + A protection setup label name that matches a name defined # earlier on a Protection directive. The Protection directive # contains the protection subdirectives. # # subdirective value # If you want to include the protection subdirectives as part of # the Protect directive, use this parameter. The left brace # character must be the last character on the same line as the # Protect directive. Each subdirective follows on its own line. # The right brace character must be on its own line following the # last subdirective line. # # You cannot put any comment lines between the braces. # # See Protection Subdirectives for descriptions of the # protection subdirectives. # # FOR IP-address-template # If your server has multiple connections, you can use this # parameter to specify an address template. The server uses the # directive only for requests that come to the server on a # connection with an address matching the template. It is # important to note that it is the address of the server's # connection that is compared to the template, not the address of # the requesting client. # # You can specify a complete IP address (for example, # 204.146.167.72). # # This parameter is optional. Without this parameter, the server # uses the directive for all requests regardless of the connection # the requests come in on. # # Note: To use this parameter, you must also use the label or # subdirective value parameters. # # Example # Protection DEF-PROT { # UserID BUSYBODY # AuthType Basic # ServerID restricted # PasswdFile QUSRSYS/restrict # GroupFile /docs/WWW/restrict.grp # GetMask authors # } # Protect /secret/business/* DEF-PROT # Protect /topsecret/* { # AuthType Basic # ServerID restricted # PasswdFile QUSRSYS/TOPBRASS # GroupFile /docs/WWW/restrict.grp # GetMask topbrass # UserID ANYBODY # } # Pass /secret/scoop/* /WWW/restricted/* # Pass /secret/business/* /WWW/confidential/* # Pass /topsecret/* /WWW/topsecret/* # # In the above example, the server would activate protection as follows: # * Requests beginning with /secret/business/ activate protection. The # protection setup is defined on the Protection directive that has a # label of DEF-PROT. Also, the server changes to the user profile of # busybody as defined in the DEF-PROT protection setup. # * Requests beginning with /topsecret/ activate protection The # protection setup is included directly on the Protect directive. The # user profile defaults to ANYBODY. (ANYBODY comes from the UserID # directive at the beginning of the example.) # # Note: The user profile ANYBODY must exist and the server must have # authority to use it. # # Protect /secret/* CustomerA-PROT Webname 204.146.167.72 # Protect /secret/* CustomerB-PROT Webname 9.67.12.4 # Protect /topsecret/* Webname 204.146.167.72 { # AuthType Basic # ServerID restricted # PasswdFile QUSRSYS/CUSTOMERA # GroupFile /docs/WWW/customer-A.grp # GetMask A-brass # } # Protect /topsecret/* Webname 9.67.12.4 { # AuthType Basic # ServerID restricted # PasswdFile QUSRSYS/CUSTOMERB # GroupFile /docs/WWW/customer-B.grp # GetMask B-brass # } # # The above examples use the optional IP address template parameter. If # your server receives requests that begin with /secret/ or /topsecret/, # it activates a different protection setup for the request based on the # IP address of the connection the request comes in on. # # For /secret/ requests coming in on 204.146.167.72, the server activates # the protection setup defined on a Protection directive with a label of # CustomerA-PROT. For /topsecret/ requests coming in on 204.146.167.72, # the server activates the protection setup defined inline on the first # Protect directive for /topsecret/. # # For /secret/ requests arriving on any connection with an address of # 9.67.12.4, the server activates the protection setup defined on a # Protection directive with a label of CustomerB-PROT. For /topsecret/ # requests arriving on any connection with an address beginning 9.67, the # server activates the protection setup defined inline on the second # Protect directive for /topsecret/. # # This directive is used by the following form: # * Document protection #------------------------------------------------------------------------------ # Protection - Define a named protection setup within the configuration # file # # Use this directive to define a protection setup within the # configuration file. You give the protection setup a name and define the # type of protection using protection subdirectives. # # Note: In the configuration file, you must place Protection directives # before any Protect directives that point to them. # # Attention: For protection to work properly, you must put your Protect # and Protection directives before any Pass or Exec directives in your # configuration file. You must also use these directives before the # directive where you intend to use them. For example, if you set up a # proxy server and wanted to protect it, you would need to specify the # Protection and protect directives immediately before the Proxy http:* # directive. # # The format of the directive is: # Protection label-name { # subdirective value # subdirective value # . # . # . # } # # label-name # The name you want to associate with this protection setup. The # name can then be used by subsequent Protect directives to point # to this protection setup. # # subdirective value # Put a protection subdirective and its value on each line between # the left brace and the right brace. You cannot put any comment # lines between the braces. # # See Protection Subdirectives for descriptions of the # protection subdirectives. # # Example # Protection NAME-ME { # AuthType Basic # ServerID restricted # PasswdFile QUSRSYS/PASSWORD # GroupFile /WWW/group.grp # GetMask groupname # } # # This directive is used by the following forms: # * Document protection #------------------------------------------------------------------------------ # Protection Subdirectives # # Following are descriptions of each of the protection subdirectives that # can be used in a protection setup. The subdirectives are in # alphabetical order. Protection setups exist within the configuration # file as part of Protect or Protection directives. # # Note: You must specify a Mask, GetMask, PutMask, DeleteMask, or # PostMask subdirective in your protection setup. # # See Protection example and the previous descriptions of the # Protect, and Protection directives for examples of using protection # setups. # # Example # Protection /topsecret/* { # AuthType None # Mask All # CommonName "Dr. Sheila A. Jones" # Organization "RTP Quick Care Center" # } # # ACLOverride - Specify that ACL files override protection setups # # Use this subdirective with a value of On if you want Access Control # List files (ACL) to override the masks specified in the protection # setup. If a directory being protected by the protection setup has an # ACL file, the mask subdirectives in the protection setup are ignored. # (The mask subdirectives are GetMask, Mask, and PostMask.) # # See Using Access Control List (ACL) files for more information on # ACL files. # # Example # ACLOverride On # # Program default setting # ACLOverride Off # # This subdirective is used by the following forms: # # * Protection setup # * Protection setup (SSL) # # AuthType - Specify authentication type # # Use this subdirective to specify the type of authentication that the # server uses to validate clients. # # This subdirective is one of many that you can use to set up and # configure Secure Sockets Layer (SSL) client authentication on your # server. For more information about using SSL with your server, see # Using Secure Sockets Layer (SSL). # # Format # AuthType [Basic | Cert | Cert_Or_Basic] # # Basic # This type of authentication specifies that the server protects # resources that are based on a user ID and password. The server # challenges the user for a user ID and password the first time # that the user requests a protected resource for this protection # setup. You can use this type of authentication on either a # secure or non-secure HTTP session. On a non-secure HTTP session, # the user ID and password are encoded, but not encrypted. # # Cert # This type of authentication specifies that the server protects # resources that are based on SSL client certificates that you # associate with AS/400 user profiles or validation lists. To use # this type of authentication successfully, you must complete the # following tasks: # # + You must configure the server for SSL client authentication # + The client must request the resource by using the Secure HTTP # (HTTPS) protocol # + The client certificate must be valid # + You must associate the client certificate with an AS/400 user # profile or the validation lists that are specified on the # PasswdFile directive. For more information about the # PasswdFile directive, see PasswdFile - Specify the # location of the associated users. # # You can also limit access to server resources that are based on # a valid client certificate only, or by specifying particular # Distinguished Name (DN) information. For more information about # using SSL client authentication with your server, see Using # Secure Sockets Layer (SSL). # # Cert_Or_Basic # This type of authentication provides flexibility between the # Basic and Cert authentication types. Using this type of # authentication, the server first attempts to satisfy the client # request that is based on the Cert authentication type that is # described above. If the Cert authentication fails for any # reason, the server then attempts Basic authentication for the # client request, as described above. If the client does not have # a valid or registered certificate, you can still grant access to # secure resources if the client has a valid user ID and password. # # If you do not specify an authentication type, the HTTP server protects # resources that are based on valid SSL client certificates or # certificates with particular Distinguished Name (DN) information. For # more information about using SSL client authentication with your # server, see Client authentication with SSL. # # The following events cause the server to challenge a client for a user # ID and password when you specify the Cert_or_Basic authentication type: # * If you specify Cert_or_Basic but do not enable SSL, then the server # always challenges a client for a user ID and password. In this # case, specifying an authentication type of Cert_or_Basic is similar # to specifying the Basic authentication type. # * If you specify Cert_or_Basic and enable SSL, but the client does # not have a certificate, then the server challenges the client for a # user ID and password. This also occurs when the server does not # request a client certificate because the SSLClientAuth directive is # not present in the configuration file. # * If you specify Cert_or_Basic, but the certificate supplied is not # associated with a user profile or found in the specified validation # list, then the server challenges the client for a user ID and # password. # # Example # AuthType Basic # # This subdirective is used by the following forms: # # * Protection setup #------------------------------------------------------------------------------ # CommonName - The common name of the client # # Use this subdirective to specify the common name of the client in the # Distinguished Name (DN) information on the client's certificate. # # You must configure the server for SSL client authentication and the # client must request the resource using the HTTPS (HTTP + SSL) protocol. # The server ensures the validity of the client certificate by matching # the CommonName specified on the certificate against the value on the # server. There must be an exact match before the server allows access to # this resource. This value is case-sensitive, must have exactly the same # punctuation, and cannot contain wildcard characters. Values that # contain spaces must be enclosed in double quotes (" "), but these # quotes are not used for comparison purposes. You can also limit access # based on a valid certificate only, or by associating the certificate # with an AS/400 user profile or validation list. For more information on # using SSL client authentication on your server, see Using Secure # Sockets Layer (SSL). # # Example # CommonName "Ellen Kathryn" # # This subdirective is used by the following form: # * Protection setup (SSL) #------------------------------------------------------------------------------ # Country - The country in which the client resides # # Use this subdirective to specify the country in which the client # resides in the Distinguished Name (DN) information on the client's # certificate. # # You must configure the server for SSL client authentication and the # client must request the resource using the HTTPS (HTTP + SSL) protocol. # The server ensures the validity of the client certificate by matching # the Country specified on the certificate against the value on the # server. There must be an exact match before the server allows access to # this resource. This value is case-sensitive, must have exactly the same # punctuation, and cannot contain wildcard characters. Values that # contain spaces must be enclosed in double quotes (" "), but these # quotes are not used for comparison purposes. You can also limit access # based on a valid certificate only, or by associating the certificate # with an AS/400 user profile or validation list. For more information on # using SSL client authentication on your server, see Using Secure # Sockets Layer (SSL). # # Example # Country "Germany" # # This subdirective is used by the following form: # * Protection setup (SSL) #------------------------------------------------------------------------------ # DeleteMask - Specify the user names, groups, and addresses that are allowed # to delete files # # Use this subdirective to specify user names, groups, and address # templates that are authorized to make DELETE requests to a protected # directory. # # Example # DeleteMask authors,(niceguy,goodie)@96.96.3.1,128.141.*.* # # This subdirective is used by the following form: # * Protection setup #------------------------------------------------------------------------------ # GetMask - Specify the user names, groups, and addresses allowed to get files # # Use this subdirective to specify user names, groups, and address # templates authorized to make GET requests to a protected directory. The # special value all@(*) will allow access to all of the requesters within # the realm that you specify on the PasswdFile subdirective. For more # information, see Rules for specifying user names, group names, and # address templates. # # Example # GetMask authors,(niceguy,goodie)@96.96.3.1,128.141.*.* # # This subdirective is used by the following form: # * Protection setup #------------------------------------------------------------------------------ # GroupFile - Specify the location of the associated group file # # Use this subdirective to specify the path and file name of the server # group file you want this protection setup to use. The following can # then use the groups that are defined within the server group: # * Any mask subdirectives that are part of the protection setup. # * Any access control list file on a directory that is protected by # the protection setup. # # See Using server group files for more information about server # group files. # # Example # GroupFile /docs/etc/WWW/restrict.group # # This subdirective is used by the following form: # * Protection setup #------------------------------------------------------------------------------ # IssuerCommonName - The Certification Authority's (CA) common name # # Use this subdirective to specify the common name for the CA who # originally issued the client's certificate. # # You must configure the server for SSL client authentication and the # client must request the resource using the HTTPS (HTTP + SSL) protocol. # The server ensures the validity of the client certificate by matching # the IssuerCommonName specified on the certificate against the value on # the server. There must be an exact match before the server allows # access to this resource. This value is case-sensitive, must have # exactly the same punctuation, and cannot contain wildcard characters. # Values that contain spaces must be enclosed in double quotes (" "), but # these quotes are not used for comparison purposes. You can also limit # access based on a valid certificate only, or by associating the # certificate with an AS/400 user profile or validation list. For more # information on using SSL client authentication on your server, see # Using Secure Sockets Layer (SSL). # # Example # IssuerCommonName "Kevin Carl" # # This subdirective is used by the following form: # * Protection setup (SSL) #------------------------------------------------------------------------------ # IssuerCountry - The country in which the CA resides # # Use this subdirective to specify the country for the CA who originally # issued the client's certificate. # # You must configure the server for SSL client authentication and the # client must request the resource using the HTTPS (HTTP + SSL) protocol. # The server ensures the validity of the client certificate by matching # the IssuerCountry specified on the certificate against the value on the # server. There must be an exact match before the server allows access to # this resource. This value is case-sensitive, must have exactly the same # punctuation, and cannot contain wildcard characters. Values that # contain spaces must be enclosed in double quotes (" "), but these # quotes are not used for comparison purposes. You can also limit access # based on a valid certificate only, or by associating the certificate # with an AS/400 user profile or validation list. For more information on # using SSL client authentication on your server, see Using Secure # Sockets Layer (SSL). # # Example # IssuerCountry "Finland" # # This subdirective is used by the following form: # * Protection setup (SSL) #------------------------------------------------------------------------------ # IssuerLocality - The locality in which the CA resides # # Use this subdirective to specify the locality for the CA who originally # issued the client's certificate. # # You must configure the server for SSL client authentication and the # client must request the resource using the HTTPS (HTTP + SSL) protocol. # The server ensures the validity of the client certificate by matching # the IssuerLocality specified on the certificate against the value on # the server. There must be an exact match before the server allows # access to this resource. This value is case-sensitive, must have # exactly the same punctuation, and cannot contain wildcard characters. # Values that contain spaces must be enclosed in double quotes (" "), but # these quotes are not used for comparison purposes. You can also limit # access based on a valid certificate only, or by associating the # certificate with an AS/400 user profile or validation list. For more # information on using SSL client authentication on your server, see # Using Secure Sockets Layer (SSL). # # Example # IssuerLocality "Northern Fjords" # # This subdirective is used by the following form: # * Protection setup (SSL) #------------------------------------------------------------------------------ # IssuerOrganization - The organization of the CA # # Use this subdirective to specify the organization for the CA who # originally issued the client's certificate. # # You must configure the server for SSL client authentication and the # client must request the resource using the HTTPS (HTTP + SSL) protocol. # The server ensures the validity of the client certificate by matching # the IssuerOrganization specified on the certificate against the value # on the server. There must be an exact match before the server allows # access to this resource. This value is case-sensitive, must have # exactly the same punctuation, and cannot contain wildcard characters. # Values that contain spaces must be enclosed in double quotes (" "), but # these quotes are not used for comparison purposes. You can also limit # access based on a valid certificate only, or by associating the # certificate with an AS/400 user profile or validation list. For more # information on using SSL client authentication on your server, see # Using Secure Sockets Layer (SSL). # # Example # IssuerOrganization "Superslakers, Ltd." # # This subdirective is used by the following form: # * Protection setup (SSL) #------------------------------------------------------------------------------ # IssuerOrgUnit - The organizational unit of the CA # # Use this subdirective to specify the organizational unit for the CA who # originally issued the client's certificate. # # You must configure the server for SSL client authentication and the # client must request the resource using the HTTPS (HTTP + SSL) protocol. # The server ensures the validity of the client certificate by matching # the IssuerOrgUnit specified on the certificate against the value on the # server. There must be an exact match before the server allows access to # this resource. This value is case-sensitive, must have exactly the same # punctuation, and cannot contain wildcard characters. Values that # contain spaces must be enclosed in double quotes (" "), but these # quotes are not used for comparison purposes. You can also limit access # based on a valid certificate only, or by associating the certificate # with an AS/400 user profile or validation list. For more information on # using SSL client authentication on your server, see Using Secure # Sockets Layer (SSL). # # Example # IssuerOrgUnit "User Technologies" # # This subdirective is used by the following form: # * Protection setup (SSL) #------------------------------------------------------------------------------ # IssuerStateOrProvince - The state or province in which the CA resides # # Use this subdirective to specify the state or province for the CA who # originally issued the client's certificate. # # You must configure the server for SSL client authentication and the # client must request the resource using the HTTPS (HTTP + SSL) protocol. # The server ensures the validity of the client certificate by matching # the IssuerStateOrProvince specified on the certificate against the # value on the server. There must be an exact match before the server # allows access to this resource. This value is case-sensitive, must have # exactly the same punctuation, and cannot contain wildcard characters. # Values that contain spaces must be enclosed in double quotes (" "), but # these quotes are not used for comparison purposes. You can also limit # access based on a valid certificate only, or by associating the # certificate with an AS/400 user profile or validation list. For more # information on using SSL client authentication on your server, see # Using Secure Sockets Layer (SSL). # # Example # IssuerStateOrProvince "Camelot" # # This subdirective is used by the following form: # * Protection setup (SSL) #------------------------------------------------------------------------------ # Locality - The locality in which the client resides # # Use this subdirective to specify the locality in which the client # resides in the Distinguished Name (DN) information on the client's # certificate. # # You must configure the server for SSL client authentication and the # client must request the resource using the HTTPS (HTTP + SSL) protocol. # The server ensures the validity of the client certificate by matching # the Locality specified on the certificate against the value on the # server. There must be an exact match before the server allows access to # this resource. This value is case-sensitive, must have exactly the same # punctuation, and cannot contain wildcard characters. Values that # contain spaces must be enclosed in double quotes (" "), but these # quotes are not used for comparison purposes. You can also limit access # based on a valid certificate only, or by associating the certificate # with an AS/400 user profile or validation list. For more information on # using SSL client authentication on your server, see Using Secure # Sockets Layer (SSL). # # Example # Locality "Rhine Valley" # # This subdirective is used by the following form: # * Protection setup (SSL) #------------------------------------------------------------------------------ # Mask - Specify the user names, groups, and addresses allowed to make HTTP # requests # # Use this subdirective to specify user names, groups, and address # templates authorized to make HTTP requests not covered by other mask # subdirectives. The special value all@(*) will allow access to all of # the requesters within the realm that you specify on the PasswdFile # subdirective. For more information, see Rules for specifying user # names, group names, and address templates. # # Note: When you use the Mask directive, it is important that you keep in # mind that Masks are case-sensitive. If you specify %%SYSTEM%% as on the # PasswdFile subdirective, you must use upper-case characters when # referring to specific users on all of the Mask subdirectives. The # following is an example of how you would issue Mask protection on such # a user ID: # # Example # Mask WEBUSERA,WEBUSERB # # This subdirective is used by the following form: # * Protection setup #------------------------------------------------------------------------------ # Organization - The organization of the client # # Use this subdirective to specify the organization of the client in the # Distinguished Name (DN) information on the client's certificate. # # You must configure the server for SSL client authentication and the # client must request the resource using the HTTPS (HTTP + SSL) protocol. # The server ensures the validity of the client certificate by matching # the Organization specified on the certificate against the value on the # server. There must be an exact match before the server allows access to # this resource. This value is case-sensitive, must have exactly the same # punctuation, and cannot contain wildcard characters. Values that # contain spaces must be enclosed in double quotes (" "), but these # quotes are not used for comparison purposes. You can also limit access # based on a valid certificate only, or by associating the certificate # with an AS/400 user profile or validation list. For more information on # using SSL client authentication on your server, see Using Secure # Sockets Layer (SSL). # # Example # Organization "Chop-Chop, Inc." # # This subdirective is used by the following form: # * Protection setup (SSL) #------------------------------------------------------------------------------ # OrgUnit - the organizational unit of the client # # Use this subdirective to specify the organizational unit of the client # in the Distinguished Name (DN) information on the client's certificate. # # You must configure the server for SSL client authentication and the # client must request the resource using the HTTPS (HTTP + SSL) protocol. # The server ensures the validity of the client certificate by matching # the OrgUnit specified on the certificate against the value on the # server. There must be an exact match before the server allows access to # this resource. This value is case-sensitive, must have exactly the same # punctuation, and cannot contain wildcard characters. Values that # contain spaces must be enclosed in double quotes (" "), but these # quotes are not used for comparison purposes. You can also limit access # based on a valid certificate only, or by associating the certificate # with an AS/400 user profile or validation list. For more information on # using SSL client authentication on your server, see Using Secure # Sockets Layer (SSL). # # Example # OrgUnit "Information Development" # # This subdirective is used by the following form: # * Protection setup (SSL) #------------------------------------------------------------------------------ # PasswdFile - Specify the location of the associated users # # Use this subdirective to specify if the users that are associated with # a protection setup are AS/400 user profiles or members of one or more # validation lists. A validation list is an AS/400 object of type *VLDL # that stores user names and passwords for use in access control. # Validation lists reside in AS/400 libraries and are case-sensitive. You # can specify multiple validation lists, but you must separate them with # commas (,). # # You can use the PasswdFile directive in one of the following methods: # * Specify the library name of the validation list that you want this # protection setup to use # libname/validation_list_name # # * Specify %%SYSTEM%% to indicate that you want to use the AS/400 user # profile support to validate user names and passwords. # * Specify %%LDAP:<setupname>%% to validate using an LDAP server that # is defined by an LDAPInfo directive. For more information, see # LDAPInfo - Define an external LDAP server. # # Example # PasswdFile %%SYSTEM%% # # This subdirective is used by the following form: # * Protection setup #------------------------------------------------------------------------------ # PostMask - Specify the user names, groups, and addresses allowed to post # files # # For a secure server, use this subdirective to specify users, groups, # and address templates authorized to make POST requests to a protected # directory. The special value all@(*) will allow access to all of the # requesters within the realm that you specify on the PasswdFile # subdirective. For more information, see Rules for specifying user # names, group names, and address templates. # # Example # PostMask Anyone@9.136.* # # This subdirective is used by the following form: # * Protection setup #------------------------------------------------------------------------------ # PutMask - Specify the user names, groups, and addresses that are allowed to # post files # # Use this subdirective to specify users, groups, and address templates # authorized to make PUT requests to a protected directory. # # Example # PutMask authors,(niceguy,goodie)@96.96.3.1,128.141.*.* # # This subdirective is used by the following form: # * Protection setup #------------------------------------------------------------------------------ # SerialNum - The serial number of the client # # Use this subdirective to specify the serial number of the client in the # Distinguished Name (DN) information on the client's certificate. # # You must configure the server for SSL client authentication and the # client must request the resource using the HTTPS (HTTP + SSL) protocol. # The server ensures the validity of the client certificate by matching # the SerialNum specified on the certificate against the value on the # server. There must be an exact match before the server allows access to # this resource. This value is case-sensitive, must have exactly the same # punctuation, and cannot contain wildcard characters. Values that # contain spaces must be enclosed in double quotes (" "), but these # quotes are not used for comparison purposes. You can also limit access # based on a valid certificate only, or by associating the certificate # with an AS/400 user profile or validation list. For more information on # using SSL client authentication on your server, see Using Secure # Sockets Layer (SSL). # # Example # SerialNum "TRUSTNO1" # # This subdirective is used by the following form: # * Protection setup (SSL) #------------------------------------------------------------------------------ # ServerID - Specify a name to associate with the protection setup # # Use this subdirective when limiting access based on user ID and # password. Specify a name that you want to associate with the protection # setup that you use. The name does not need to be a real machine name. # # The name is used as an identifier to the requester. Since different # protection setups can use different validation lists, having a name # associated with the protection setup can help the client decide which # user ID and password to send. Most clients display this name when # prompting for a user name and password. # # Example # ServerID restricted # # This subdirective is used by the following form: # * Protection setup #------------------------------------------------------------------------------ # SSL_ClientAuth - Use Secure Sockets Layer (SSL) client certificates # # Use this subdirective to protect resources based only on users that # supply valid SSL certificates. You must configure the server for SSL # client authentication and the client must request the resource using # the HTTPS (HTTP + SSL) protocol. the server ensures the validity of the # client certificate before allowing access to the secure resource. You # can also limit access based on the particular Distinguished Name (DN) # information in the client certificate, or by associating the # certificate with an AS/400 user profile or validation list. For more # information on using SSL client authentication with your server, see # Using Secure Sockets Layer (SSL). # # The format of the SSL_ClientAuth subdirective is: # SSL_ClientAuth client # # This subdirective is used by the following forms: # * Document protection #------------------------------------------------------------------------------ # StateOrProvince - The state or province in which the client resides # # Use this subdirective to specify the state or province in which the # client resides in the Distinguished Name (DN) information on the # client's certificate. # # You must configure the server for SSL client authentication and the # client must request the resource using the HTTPS (HTTP + SSL) protocol. # The server ensures the validity of the client certificate by matching # the StateOrProvince specified on the certificate against the value on # the server. There must be an exact match before the server allows # access to this resource. This value is case-sensitive, must have # exactly the same punctuation, and cannot contain wildcard characters. # Values that contain spaces must be enclosed in double quotes (" "), but # these quotes are not used for comparison purposes. You can also limit # access based on a valid certificate only, or by associating the # certificate with an AS/400 user profile or validation list. For more # information on using SSL client authentication on your server, see # Using Secure Sockets Layer (SSL). # # Example # StateOrProvince "Frankfurt" # # This subdirective is used by the following form: # * Protection setup (SSL) #------------------------------------------------------------------------------ # UserID - Specify the access control user ID that the server should use # # Use this subdirective to specify the AS/400 user profile that the # server switches to while completing the HTTP request. If you use an # AS/400 valid user ID in a protection setup, then you must type it in # uppercase. For example, you would enter WEBUSER instead of webuser, as # shown below). # # During startup, the server verifies all UserID subdirectives that you # specify for a protected resource. If any UserID subdirective does not # satisfy the following rules, the server instance does not start and the # server sends messages to the QSYSOPR message log: # * You must specify a valid AS/400 system profile # * You cannot specify the value QSECOFRon this subdirective # * The profile that you use with the STRTCPSVR command must have *USE # authority to the profiles that you specify on all UserID # subdirectives. # # Note: Because the HTTP server swaps to the profile that you specify on # the UserID subdirective, you should be careful what profile you # specify. For example, if you create a profile MIGHTY1 that is of the # class *SECOFR and use that on the UserID subdirective, then when the # server invokes a swap to that profile, all AS/400 authority checking # for the requested resource is based on that profile. # # There are two special values you can use on the UserID subdirective. # Entering %%SERVER%% uses the profile specified on the UserID directive # for this request only. Entering %%CLIENT%% causes the server to swap to # the profile returned from the client challenge for user ID and # password. You should only use this configuration when the subdirective # PasswdFile has the special value of %%SYSTEM%%, which indicates that # the server will use AS/400 user profiles. # # Note: When the server is running under the QTMHHTTP profile (the # QTMHHTTP profile is the default) and no UserID directive is in effect, # then the server switches to the QTMHHTP1 profile before starting a CGI # program. However, when a CGI program is running on servers where the # UserID directive is in effect or within a protection setup where the # UserID subdirective has been specified, the program is executed under # the specified profile. If the profile does not have authority to the # specified program, the request is rejected. # # The values specified here (on the UserID Protection subdirective) # override the values specified on the UserID directive. # # Example # UserID WEBUSER # # # Program default setting # UserID %%SERVER%% # # This subdirective is used by the following form: # * Protection setup #------------------------------------------------------------------------------ # Proxy Settings - Configure your server as a caching proxy # # Use these directives to configure your server as a caching proxy. For # more information about using your server as a proxy, see AS/400 # Information Center. # # CacheAccessLog - Specify the path for the cache access log files # # For more information about the CacheAccessLog directive, see # CacheAccessLog - Specify the path for the cache access log files. # # CacheClean - Specify how long to keep cached files with URLs that match a # URL template time # # Use this directive to specify how long you want the server to keep # cached files with URLs matching a given request template. The server # deletes cached files whose URLs match a given request template after # they have been cached for the specified time, regardless of their # expiration date. # # You specify a URL template and the expiration time for files with URLs # that match the template. You can have multiple occurrences of this # directive in the configuration file. Include a separate directive for # each template. The URL template must include the protocol used or # involved in the request. Specify the time value in any combination of # months, weeks, days, and hours. # # Examples # CacheClean http://troupe/* 10 minutes # CacheClean http://dirtykid/* 1 month 2 days # # This directive is used by the following form: # * Time limit for cached files #------------------------------------------------------------------------------ # CacheDefaultExpiry - Specify default expiration time for files that do # not have an expiration date # # Use this directive to set a default expiration time for files that the # server did not give either an Expires or a Last-Modified header to. You # specify a URL template and the expiration time for files with URLs that # match the template. You can have multiple occurrences of this directive # in the configuration file. Include a separate directive for each # template. The URL template must include the protocol used or involved # in the request. Specify the time value in any combination of months, # weeks, days, and hours. # # Examples # CacheDefaultExpiry ftp:* 1 month # CacheDefaultExpiry gopher:* 10 days # # Program default setting # CacheDefaultExpiry ftp:* 1 day # CacheDefaultExpiry gopher:* 1 day # CacheDefaultExpiry http:* 0 days # # Notice in the above defaults that the expiration for HTTP is zero (0) # days. HTTP expiration should be kept at zero because many script # programs don't give an expiration date, yet their output expires # immediately. A value other than zero may cause problems. # # This directive is used by the following form: # * Other caching time limits #------------------------------------------------------------------------------ # CacheExpiryCheck - Work with cache expiration checking # # Use this directive to specify whether you want the server to return # cached files that have expired. Specify Off for the value if you want # the server to be able to return expired files. Use the default value On # if you do not want the server to return expired files. Generally, you # will not want the server to return expired files. An exception might be # if you were demonstrating the server and did not particularly care # about the content being returned. # # Example # CacheExpiryCheck Off # # Program default setting # CacheExpiryCheck On # # This directive is used by the following form: # * Cached file expiration #------------------------------------------------------------------------------ # CacheLastModifiedFactor - Specify fraction of last-modified time to be # used for determining expiration date # # HTTP servers usually give the Last-Modified time for a file, but not # the Expires date. Use this directive to have your server approximate # the expiration date of these files based on the Last-Modified time. The # server uses the Last-Modified date to determine how long it has been # since the file was modified. The server multiplies that length of time # by the value on the CacheLastModifiedFactor directive. The server uses # the result of this calculation to assign the file an expiration date # when it caches the file. # # Examples # CacheLastModifiedFactor 0.2 # # The above example would cause files modified five months ago to expire # after one month. # # CacheLastModifiedFactor Off # # The above example would turn this function off. # # Program default setting # CacheLastModifiedFactor 0.14 # # The default value of 0.14 causes files modified in the past week to be # updated in one day. # # This directive is used by the following form: # * Cached file expiration #------------------------------------------------------------------------------ # CacheLimit_1 - Specify lower limit for files that the server deletes # during garbage collection # # The server uses an algorithm for garbage collection to determine which # files to delete. The size of a file is part of the calculation. The # size of small files is not taken into account in the calculation. The # size of large files is taken into account; the larger the file, the # more likely it is to be deleted. # # Use this directive to tell the server what should be considered a small # file. The value can be specified in bytes (B), kilobytes (K), megabytes # (M), or gigabytes (G). It does not matter if you have a space between # the number and the value (B, K, M, G). # # Example # CacheLimit_1 350K # # Program default setting # CacheLimit_1 200K # # This directive is used by the following form: # * Caching settings #------------------------------------------------------------------------------ # CacheLimit_2 - Specify upper limit for cached file size # # Use this directive to specify the maximum size of files to be cached. # Files larger than this size will not be cached. The value can be # specified in bytes (B), kilobytes (K), megabytes (M), or gigabytes (G). # It does not matter if you have a space between the number and the value # (B, K, M, G). # # Example # CacheLimit_2 2100K # # Program default setting # CacheLimit_2 4000K # # This directive is used by the following form: # * Caching settings #------------------------------------------------------------------------------ # CacheLockTimeOut - Specify how long a file being cached can remain locked # # During retrieval, cache files are automatically locked. If something # goes wrong, a locked file may be left hanging. Use this directive to # set the amount of time after which the lock on the file can be broken. # Specify the time value in minutes (mins). # # Note: Set CacheLockTimeOut to a value equal to or greater than # OutputTimeOut. The default value of 20 minutes in the same as the # default value for OutputTimeOut. # # Example # CacheLockTimeOut 30 mins # # Program default setting # CacheLockTimeOut 20 minutes # # This directive is used by the following form: # * Caching settings #------------------------------------------------------------------------------ # CacheNoConnect - Specify stand alone cache mode # # Use this directive to specify whether you want the proxy server to # retrieve files from remote servers. Use the default value of Off if you # want the server to be able to retrieve files from remote servers. # # Specify On if you want the server to run in stand alone cache mode. # This means that the server can return only files that are already # stored in its cache. Typically, you would also set the CacheExpiryCheck # directive to Off when operating the server in this mode. # # Running the server in stand alone cache mode can be useful if you are # using the server for demonstrations. If you know all the files that you # want to use for a demonstration are stored in the cache, then you do # not need a network connection. # # Example # CacheNoConnect On # # In the above example, the server returns only files that are stored in # its cache. # # This directive is used by the following form: # * Cached file expiration #------------------------------------------------------------------------------ # CacheOnly - Cache only files with URLs that match a template # # Use this directive to specify that only files with URLs that match the # given template should be cached. You can have multiple occurrences of # this directive in the configuration file. Include a separate directive # for each template. The URL template must include the protocol. # # Example # CacheOnly http://dirtykid/* # # This directive is used by the following form: # * Caching filters #------------------------------------------------------------------------------ # CacheRoot - Specify cache root directory # # Use this directive to specify the directory that you want to be the top # directory in the cache hierarchy. The server creates subdirectories # within this directory for each cached protocol. It also creates # subdirectories under each protocol subdirectory for each remote server. # # Note: This directory must be in the QOpenSys file system. # # Example # CacheRoot /QOpenSys/Web/Cache # # Program default setting # CacheRoot /QOpenSys/QIBM/UserData/HTTPSVR/ProxyCache/ # # This directive is used by the following form: # * Caching settings #------------------------------------------------------------------------------ # CacheSize - Specify cache size # # Use this directive to set the maximum amount of disk space that you # want the proxy cache to use. If you have plenty of disk space, then you # may want to substantially increase the 5 megabyte (M) default size. The # size of the cache will usually stay below the maximum, but may # occasionally grow slightly larger. When the maximum size is reached, # then the garbage collection process begins. # # The value can be specified in bytes (B), kilobytes (K), megabytes (M), # or gigabytes (G). It does not matter if you have a space between the # number and the value (B, K, M, G). # # Example # CacheSize 50 M # # Program default setting # CacheSize 5 M # # This directive is used by the following form: # * Caching settings #------------------------------------------------------------------------------ # CacheTimeMargin - Do not cache files due to expire within specified time # # Use this directive to specify that you do not want your server to cache # files that are set to expire with a specified time. Generally, you want # your server to perform cached file expiration checking of this kind. # This action ensures that your server does not serve expired files. # Using this directive, you can set a specific margin of time for which # you do not want to cache particular files if they are set to expire. # # You can enter a time in the range of 0 to 60 minutes. For example, if a # cached file has 1 minute before it expires and you specify 2 minutes on # this directive, then your server will not cache the file. # # Example # CacheTimeMargin 5 minutes # # Program default setting # CacheTimeMargin 2 minutes # # This directive is used by the following form: # * Cached file expiration #------------------------------------------------------------------------------ # CacheUnused - Specify how long to keep unused cached files that match a # template # # Use this directive to set the maximum amount of time for the server to # keep unused cached files with URLs matching a given template. The # server deletes unused files with URLs matching the template after they # have been cached for the specified time, regardless of their expiration # date. # # You can have multiple occurrences of this directive in the # configuration file. Include a separate directive for each template. The # URL template must include the protocol. Specify the time value in any # combination of months, weeks, days, and hours. # # Examples # CacheUnused ftp:* 3 weeks # CacheUnused gopher:* 3 days 12 hours # CacheUnused * 4 weeks # CacheUnused http://www.patrickproductions.com/* 13 hours # # This directive is used by the following form: # * Other caching time limits #------------------------------------------------------------------------------ # Caching - Turn proxy caching on or off # # Use this directive to enable the caching of files. With caching turned # on, the proxy server can store the files that it retrieves from other # servers in a local cache. The server can then respond to subsequent # requests for the same files without having to retrieve them from other # servers. This can improve response time. # # Example # Caching On # # Program default setting # Caching Off # # This directive is used by the following form: # * Caching settings #------------------------------------------------------------------------------ # ftp_proxy - Specify a proxy server to connect to for FTP requests # # If your proxy server is part of a chain of proxies, use this directive # to specify the name of another proxy that this server should contact # for FTP requests. # # You might need to specify the port of the proxy to which you want to # connect. If so, enter the following directive into your configuration # file: # ftp_proxy http://external.proxy.server:port/ # # Also, you must configure the proxy chain directives using HTTP as the # protocol in the URL for the external server. Enter the following # directive into your configuration file: # ftp_proxy http://external.proxy.server:port/ # # Example # ftp_proxy http://external.proxy.server/ # # This directive is used by the following forms: # * Proxy chaining # * Non-proxy domains #------------------------------------------------------------------------------ # Gc - Turn garbage collection on or off # # If you have enabled caching, then the server uses the garbage # collection process to delete files that should no longer be cached. # Files are deleted based on their expiration date and other proxy # directive values. Use this directive to turn garbage collection on or # off. Generally, you would not turn off garbage collection if you have # enabled caching. If you do turn off garbage collection, then your cache # file could grow beyond the maximum size that you set for it. # # Assuming garbage collection is turned on, the garbage collection # process runs when the cache reaches its maximum size (as specified on # the CacheSize directive). The garbage collection process will also run # at the time of day specified on the GcDailyGc directive. # # Example # Gc Off # # Program default setting # Gc On # # This directive is used by the following form: # * Caching settings #------------------------------------------------------------------------------ # GcDailyGc - Specify a daily time for garbage collection # # Use this directive to specify a particular time of day to run the # garbage collection process. Garbage collection occurs automatically # when the cache size limit is reached. By specifying a daily time for # garbage collection, you can also remove cached files before the cache # reaches its maximum size. Specify the time value in the 24:00 hour # format. Generally, you would want the garbage collection process to run # when your server is not being used much for other functions. This is # why the default time setting is 03:00. # # Examples # GcDailyGc 22:00 # # The above example would start the garbage collection process at 10 P.M. # GcDailyGc Off # # The above example would disable daily garbage collection. # # Program default setting # GcDailyGc 03:00 # # This directive is used by the following form: # * Caching settings #------------------------------------------------------------------------------ # GcMemUsage - Specify how much memory to use for garbage collection # # Garbage collection works best if it can read all of the cache # information into memory at one time. It may not be able to read in the # entire cache if your system does not have enough main memory. # # Use this directive to specify how much memory that garbage collection # can use. The value that you specify should be approximately the amount # of virtual memory that the server may use while performing garbage # collection. The amount of memory that is needed will vary based on # dynamic changes (such as the directory structure of cached files). # # Specify the value as a number that represents kilobytes, but do not put # a K next to the number. # # Example # GcMemUsage 100 # # The above example might be used for a system with a small amount of # memory. # # Program default setting # GcMemUsage 1000 # # This directive is used by the following form: # * Caching settings #------------------------------------------------------------------------------ # gopher_proxy - Specify a proxy server for this proxy to connect to for # Gopher requests # # If your proxy server is part of a chain of proxies, you can use this # directive to specify the name of another proxy that this server should # contact for Gopher requests. # # You might need to specify the port of the proxy to which you want to # connect. If so, enter the following directive into your configuration # file: # gopher_proxy http://external.proxy.server:port/ # # Also, you must configure the proxy chain directives using HTTP as the # protocol in the URL for the external server. Enter the following # directive into your configuration file: # gopher_proxy http://external.proxy.server:port/ # # Example # gopher_proxy gopher://external.proxy.server/ # # This directive is used by the following forms: # * Proxy chaining # * Non-proxy domains #------------------------------------------------------------------------------ # http_proxy - Specify a proxy server for this proxy to connect to for HTTP # requests # # If your proxy server is part of a chain of proxies, you can use this # directive to specify the name of another proxy that this server should # contact for HTTP requests. # # You might need to specify the port of the proxy to which you want to # connect. If so, enter the following directive into your configuration # file: # http_proxy http://external.proxy.server:port/ # # Also, you must configure the proxy chain directives using HTTP as the # protocol in the URL for the external server. Enter the following # directive into your configuration file: # http_proxy http://external.proxy.server:port/ # # Example # http_proxy gopher://external.proxy.server/ # # This directive is used by the following forms: # * Proxy chaining # * Non-proxy domains #------------------------------------------------------------------------------ # no_proxy - Connect directly to domains matching templates # # Use this directive to specify the domains that you want the server to # directly connect to rather than going through a proxy. # # Specify the value as a string of domain names or domain name templates. # Separate each entry in the string with a comma (,). Do not put any # spaces in the this text entry string. # # You specify templates on this directive a bit differently than the way # you specify templates on other directives. Most importantly, you cannot # use the wildcard character (*) when specifying a template on this # directive. You must specify a template by including only the last part # of the domain name. The server connects directly to any domains that # end with a text string matching the templates that you specify. # # Example # no_proxy www.someco.com,.rochester.ibm.com,.some.host.org:8080 # # In the above example, the server would not go through a proxy for the # following requests: # * Any requests to domains ending with www.someco.com # * Any requests to domains ending with .rochester.ibm.com, such as # honkers.rochester.ibm.com or loveas400.rochester.ibm.com # * Any requests to port 8080 of domains ending with .some.host.org, # such as myname.some.host.org:8080. This would also include requests # to any other ports of the same domain, such as # myname.some.host.org, which assumes the default port 80. # # This directive is used by the following forms: # * Proxy chaining # * Non-proxy domains #------------------------------------------------------------------------------ # NoCaching - Do not cache files with URLs that match a template # # Use this directive to specify that the server should not cache files # with URLs matching the given template. You can have multiple # occurrences of this directive in the configuration file. Include a # separate directive for each template. The URL template must include the # protocol. # # Example # NoCaching http://troupe/* # # This directive is used by the following form: # * Caching filters #------------------------------------------------------------------------------ # Proxy - Specify proxy protocols # # Use this directive to indicate which protocols that you want the server # to process as a proxy. Valid protocols are File Transfer Protocol # (FTP), Gopher, and HyperText transfer Protocol (HTTP). # # IBM HTTP Server also supports SSL tunneling for secure connections. # Your server can establish secure connections involving encryption and # decryption of data between the client browser and the destination # content server. Your server does not cache secure requests at the proxy # because the proxy server does not decrypt any client requests. Instead, # the proxy establishes a connection to the content server and passes the # request through to the destination server without looking at the data. # # You can configure the server for this function by using the Proxy # directive. You should specify the port number on the secure connection # of the destination server. Then use the Enable directive to enable the # CONNECT method. For more information about the Enable directive, see # Enable - Enable HTTP methods. # # Additionally, the client browser must be configured to use the security # proxy setting in order to use SSL tunneling and proxy setting in order # to use the proxy function. # # Example # Proxy http:* # Proxy ftp:* # Proxy *:443 # # This directive is used by the following form: # * Proxy server settings #------------------------------------------------------------------------------ # ProxyAccessLog - Name the path for the proxy access log file # # If the server is running as a proxy, then you can log proxy requests # separately from other requests. Use the ProxyAccessLog directive to # specify the path and file name where you want the server to store # access requests made through the proxy. To enable logging of proxy # requests, you must specify the following directives in your # configuration file: # * Proxy # * AccessLog # * ProxyAccessLog # # Notes: # 1. The server logs requests in the access log if you use the AccessLog # directive in your configuration but do not use the ProxyAccessLog # directive. For more information about the AccessLog directive, see # AccessLog - Name the path for the access log file. For more # information about the proxy directive, see Proxy - Specify # proxy protocols. # 2. If you specify an extended log format with the AccessLog directive, # the proxy access logs will use the same extended log format. # # The value of ProxyAccessLog can either be an absolute path to a path # that is relative to the ServerRoot directive (one example of each is # shown below). # # The server starts a new cache access log file each day at midnight, # local time, if it is running. Otherwise, the server starts a new log # file the first time that you start it on a given day. # # For more information about this directive, see the online help for the # Access log file form. This form is located in the Logging subheading in # the Configurations section of the Configuration and Administration # forms. # # The format for this directive is the following: # ProxyAccessLog <file_path> [max-size] # # file_path # For the Integrated File System, enter the path of a valid # directory. You must create the directory in the Integrated File # System before starting the server. The server creates the file. # # For all file systems other than QDLS, enter the directory and # file name of the proxy access log file. For example: # /http/logs/proxyaccesslog. # # The system generates a file extension in the format of qcyymmdd # where: # # + c is the century indicator (0 for pre-2000, 1 for post-2000) # + yy is the year indicator # + mm is the month indicator # + dd is the day indicator # # For the QDLS file system, enter the directory where the proxy # access log file is located. For example: # /QDLS/httplogs/proxyacceslog/. # # The system generates a file name in the format of qcyymmdd # where: # # + c is the century indicator (0 for pre-2000, 1 for post-2000) # + yy is the year indicator # + mm is the month indicator # + dd is the day indicator # # Note: There is no file extension. # # max-size # The maximum size of a log file, measured in kilobytes. If you # specify 0, then the log file keeps growing until the server # closes the log file during the server's midnight log file # processing. At that time, the server opens a new log file # containing the current date. The default is 2000 kilobytes. This # directive parameter is optional. # # Note: You do not have to specify kilobytes (K) on this parameter. The # server will interpret any value that you enter as kilobytes. # # Example # ProxyAccessLog /absolute/path/logfile 3300 # ProxyAccessLog /logs/logfile 5050 # # Note: For log files that you create in the QDLS file system, you must # only specify a path. The server will name the new log file in the # timestamp format of the suffix. The QTMHHTTP user profile must be # granted *RWX rights for all folders in the path that you specify in # QDLS. # # Initial configuration file setting # # None. The server does not log cache access requests at all unless you # include this directive in your configuration file. # # This directive is used by the following form: # * Proxy server settings # * Access log file #------------------------------------------------------------------------------ # SocksServer - Specify the socks server that the proxy is linked to # # Use this directive to specify the IP address or host name of the Socks # server (Secure Sockets Layer server) through which this proxy will be # passing requests. # # You must add the domain names of Internet servers to the TCP/IP # configuration on AS/400. You can update the Domain Name Service (DNS) # table on AS/400 by following these steps: # 1. In an AS/400 5250 emulator session, type the Configure TCP (CFGTCP) # CL command at a command prompt. # 2. Specify option 12, Change TCP/IP domain information. # 3. Add the address of the Internet server in the Internet Address # prompt as the first domain to search. # # For more information about DNS and TCP/IP, see the AS/400 Information # Center. # # The format for this directive is the following: # SocksServer SocksServer # # where SocksServer is the IP address or host name of the Socks server to # which the proxy should be chained. # # Example # SocksServer socks.ibm.com # # This directive is used by the following form: # * Proxy server settings #------------------------------------------------------------------------------ # Server API application processing - customize IBM HTTP Server functions # # The IBM HTTP Server Application Programming Interfaces (APIs) allow you # to extend the base functions of IBM HTTP Server with your own # customized processing routines. Use the directives described in this # section to have the server call the application functions in your # program at various points in its request processing cycle. # # You can find detailed information for writing the application functions # and compiling your program in the IBM HTTP Server Web Programming # Guide, GC41-5435. # # For more information about using the Configuration and Administration # forms related to Server APIs, see the IBM HTTP Server online help for # the Server API application processing form. This form is located in the # Request Processing subheading of the Configuration section of the # Configuration and Administration forms. # # Note: You can configure the NameTrans and Service rules on the Request # routing form. The Request routing form is located in the Request # Processing subheading of the Configuration section of the Configuration # and Administration forms. # # The basic server request process can be broken up into a number of # steps. Each step is based on the type of processing that the server # performs. These steps each include a point at which an application # function that you can specify can operate. You can indicate which # function you want called to operate at each particular step by # modifying your configuration with Server API directives. You can also # use the Configuration and Administration forms to modify your # configuration. You can call several functions during each request # processing step by including more than one Server API directive for # that processing step. # # Your compiled program resides in a *SRVPGM. As the server proceeds # through its request process steps, it calls the application functions # that are associated with each step until one of the functions indicates # that it has handled the request. If you have more than one of your # application functions indicated for a particular step, they are called # in the order in which they appear in the configuration file. # # If the request is not handled by an application function (either you # did not add a Server API directive to the configuration or all of your # application functions for that step returned as HTTP_NOACTION), then # the server performs its default action for that step. # # Note: If the server fails to load a specific application or it does not # return an OK status code after the ServerInit step, then it won't call # other Server API applications. The server will then also ignore any # processing that it completed that is specific to the failed # application. Other Server API programs that you include in this form # and their application functions will not be affected. # # Except for the Service and NameTrans directives, all of these # directives can be in any order in the configuration file. You do not # have to include each of these directives in your configuration file. # Using Server APIs is entirely optional. If you do not have a customized # application function for a particular step, just omit the corresponding # directive. The server will use the normal processing for that step by # default. # # The Service and NameTrans directives behave like the other mapping # directives and are sensitive to their placement in the configuration # file. For example, a rule for /cgi-bin/foo.so must appear before the # rule for /cgi-bin/*. # # You can also use more than one configuration directive for a step. For # example, you could include two NameTrans directives, each pointing to a # different application function. When the server performs the name # translation step, it will process your name translation functions in # the order in which they appear within the configuration file. # # Your application functions do not have to be processed for every # request. Depending on your directive entries, the following will occur: # * By specifying a URL with some directives, you can indicate that you # want the application function called only for URLs that match a # certain pattern or mask. # * By specifying an authentication scheme with the Authentication # directive, you can indicate that you want the application function # called only for certain types of authentication. # # Authentication - Customize the Authentication function # # Use this directive to specify a customized application function that # you want the server to call during the Authentication step. The server # will process this code based on the authentication scheme. Currently, # only Basic authentication is supported. # # Note: Authentication is part of the authorization process. # Authentication occurs only when authorization is required. # # The format of this directive is the following: # Authentication type /path/file:function_name # # type # Specifies an authentication scheme which determines if your # application function is called. Both an asterisk character (*) # and Basic are accepted values. # # /path/file # The fully-qualified file name of your compiled program, # including the file name extension. # # :function_name # The name that you gave your application function within your # program. # # Example # Authentication BASIC /QSYS.LIB/yourapilib.LIB/apiprogram.SRVPGM:apiprocedur # e # # This directive is used by the following form: # * Server API application processing #------------------------------------------------------------------------------ # Authorization - Customize the Authorization function # # Use this directive to specify a customized application function that # you want the server to call during the Authorization step. This code # would verify that the requested object can be served to the client. # # The format of this directive is: # Authorization request-template/path/file:function_name # # request-template # A template for requests that further determine if your # application function is called. The specification can include # the following: # # + Protocol # + Domain and host # + A slash (/) as a preceding character # + An asterisk (*) as a wildcard character # # For example, the following sample entries are all valid: # # + /med_city.html # + http://www.lotus.com/ # + /pub* # + /* # + * # # /path/file # The fully-qualified file name of your compiled program, # including the file name extension. # # :function_name # The name that you gave your application function within your # program. # # Example # Authorization /index.html /QSYS.LIB/yourapilib.LIB/apiprogram.SRVPGM:apiproc # edure # # This directive is used by the following form: # * Server API application processing #------------------------------------------------------------------------------ # DataFilter - Customize Data Filter function # # Use this directive to specify a customized application function that # you want the server to call during the Data Filter step. This code # would provide three application functions: # * An open function to perform any initialization prior to processing # the data # * A write function to process the data # * A close function to perform any clean-up activities # # Note: You can only have one DataFilter active for each instance of the # server. # # The format of this directive is: # DataFilter /path/file:function_name:function_name:function_name # # /path/file # The fully-qualified file name of your compiled program, # including the file name extension. # # :function_name # The name that you gave your application function within your # program. You must supply the name of the open, write, and close # functions. # # Example # DataFilter /QSYS.LIB/yourapilib.LIB/apiprogram.SRVPGM: # apiprocedure_open:apiprocedure_write:apiprocedure_close # # Note: Even though we show this example on separate lines, you should # use this directive on one continuous line without breaks in your # configuration file. # # This directive is used by the following form: # * Server API application processing #------------------------------------------------------------------------------ # Error - Customize the Error function # # Use this directive to specify a customized application function that # you want the server to call during the Error step. This code would # function only when an error is encountered to provide customized error # routines. # # The format of this directive is: # Error request-template /path/file:function_name # # request-template # A template for requests that further determine if your # application function is called. The specification can include # the following: # # + Protocol # + Domain and host # + A slash (/) as a preceding character # + An asterisk (*) as a wildcard character # # For example, the following sample entries are all valid: # # + /med_city.html # + http://www.lotus.com/ # + /pub* # + /* # + * # # /path/file # The fully-qualified file name of your compiled program, # including the file name extension. # # :function_name # The name that you gave your application function within your # program. # # Example # Error /index.html /QSYS.LIB/yourapilib.LIB/apiprogram.SRVPGM:apiprocedure # # This directive is used by the following form: # * Server API application processing #------------------------------------------------------------------------------ # Log - Customize the Log function # # Use this directive to specify a customized application function that # you want the server to call during the Log step. This code would supply # logging and other processing that you want performed after the # connection has been closed. # # The format of this directive is: # Log request-template /path/file:function_name # # request-template # A template for requests that further determine if your # application function is called. The specification can include # the following: # # + Protocol # + Domain and host # + A slash (/) as a preceding character # + An asterisk (*) as a wildcard character # # For example, the following sample entries are all valid: # # + /med_city.html # + http://www.lotus.com/ # + /pub* # + /* # + * # # /path/file # The fully-qualified file name of your compiled program, # including the file name extension. # # :function_name # The name that you gave your application function within your # program. # # Example # Log /index.html /QSYS.LIB/yourapilib.LIB/apiprogram.SRVPGM:apiprocedure # # This directive is used by the following form: # * Server API application processing #------------------------------------------------------------------------------ # ObjectType - Customize the ObjectType function # # Use this directive to specify a customized application function that # you want the server to call during the Object Type step. This code # would locate the requested object in the integrated file system and # identify its MIME type. # # Note: The ObjectType server directive is not a terminal mapping rule. # The transformed URL still has to match one of the terminal mapping rule # directives, such as Exec, Fail, map, Pass, Redirect, or Service. # # The format of this directive is: # ObjectType request-template/path/file:function_name # # request-template # A template for requests that further determine if your # application function is called. The specification can include # the following: # # + Protocol # + Domain and host # + A slash (/) as a preceding character # + An asterisk (*) as a wildcard character # # For example, the following sample entries are all valid: # # + /med_city.html # + http://www.lotus.com/ # + /pub* # + /* # + * # # /path/file # The fully-qualified file name of your compiled program, # including the file name extension. # # :function_name # The name that you gave your application function within your # program. # # Example # ObjectType /index.html /QSYS.LIB/yourapilib.LIB/apiprogram.SRVPGM:apiproced # ure # # This directive is used by the following form: # * Server API application processing #------------------------------------------------------------------------------ # PICSDBLookup - Customize the PICS label retrieval step # # Use this directive to specify a customized application function you # want the HTTP server to call to retrieve PICS labels for a specified # URL. Your application function can either dynamically create a PICS # label for the requested document or search for a PICS label in an # alternative file or database. # # Format # PICSDBLookup request-template /QSYS.LIB/lib.LIB/pgm.SRVPGM:function_name # # request-template # A template for requests that further determine if your # application function is called. The specification can include # the protocol, domain, and host. A slash can also precede the # specification (/), and can use and asterisk (*) as a wildcard. # For example, /front_page.html, http://www.ics.raleigh.ibm.com, # /pub*, /*,and * are all valid. # # /QSYS.LIB/lib.LIB/pgm.SRVPGM # The fully qualified name of a compiled program. # # :function_name # The name of the application function within the program. # # This directive is used by the following form: # * Server API application processing #------------------------------------------------------------------------------ # PostExit - Customize the PostExit function # # Use this directive to specify a customized application function that # you want the server to call during the PostExit step. This code # functions regardless of the return codes from previous steps or other # PostExit handlers. It allows you to clean up any resources allocated to # process the request. # # The format of this directive is: # PostExit /path/file:function_name # # /path/file # The fully-qualified file name of your compiled program, # including the file name extension. # # :function_name # The name that you gave your application function within your # program. # # Example # PostExit /QSYS.LIB/yourapilib.LIB/apiprogram.SRVPGM:apiprocedure # # This directive is used by the following form: # * Server API application processing #------------------------------------------------------------------------------ # PreExit - Customize the PreExit function # # Use this directive to specify a customized application function that # you want the server to call during the PreExit step. This code # functions after a client request has been read but before any other # processing occurs. You can call the GoServe module during this step. # For more information, see the IBM HTTP Server Web Programming Guide, # SC41-5435. # # The format of this directive is: # PreExit /path/file:function_name # # /path/file # The fully-qualified file name of your compiled program, # including the file name extension. # # :function_name # The name that you gave your application function within your # program. # # Example # PreExit /QSYS.LIB/yourapilib.LIB/apiprogram.SRVPGM:apiprocedure # # This directive is used by the following form: # * Server API application processing #------------------------------------------------------------------------------ # ServerInit - Customize the Server Initialization function # # Use this directive to specify a customized application function that # you want the server to call during its initialization routines. This # code functions before any client requests are read and whenever you # restart the server. # # The format of this directive is: # ServerInit /path/file:function_name # # /path/file # The fully-qualified file name of your compiled program, # including the file name extension. # # :function_name # The name that you gave your application function within your # program. # # Example # ServerInit /QSYS.LIB/yourapilib.LIB/apiprogram.SRVPGM:apiprocedure # # This directive is used by the following form: # * Server API application processing #------------------------------------------------------------------------------ # ServerTerm - Customize the Server Termination function # # Use this directive to specify a customized application function that # you want the server to call during the server termination step. This # code functions whenever an orderly shutdown occurs and whenever you # restart the server. This function allows you to release resources # allocated by a PreExit application function. # # The format of this directive is: # ServerTerm /path/file:function_name # # /path/file # The fully-qualified file name of your compiled program, # including the file name extension. # # :function_name # The name that you gave your application function within your # program. # # Example # ServerTerm /QSYS.LIB/yourapilib.LIB/apiprogram.SRVPGM:apiprocedure # # This directive is used by the following form: # * Server API application processing #------------------------------------------------------------------------------ # Methods - disable and enable HTTP methods # # When the server receives a URL request, the request header asks the # server to perform one of the HTTP methods. In order for the server to # perform the HTTP method and deliver the document, you must first enable # the method on the server. # # Your server supports the following methods: # * Delete - Enable the DELETE method and the server deletes the object # identified by the URL. After the object is deleted, the URL is no # longer valid. The user profile the server is running under for this # request must have update authority to the file and directory or # library in order for the operation to succeed. The DELETE method # allows clients to delete information on your server. You must use # protection setups to define who can use this method and which files # can be deleted. Disabled is the default setting. # * Get - Enable the GET method and the server returns whatever data is # identified by the URL. If the URL refers to an executable program, # the server returns the output of the program. Enabled is the # default setting. # * Head - Enable the HEAD method and the server returns the HTTP # document header without the document body. Enabled is the default # setting. # * Post - Select POST to indicate that the input to the CGI program # will be passed to the CGI program in the standard input stream. # Disabled is the default setting for every server instance except # ADMIN. To handle POST method requests submitted by a remote HTTP # client, the server administrator needs to select Exec as the Action # on the Request routing form to enable CGI programs to run. Unless # CGI programs are enabled by selecting Exec, the server will not # honor a request to run a CGI program. Selecting Exec can enable all # the CGI programs in a library or it can enable only specific # programs within various libraries. # # Note: The ADMIN server instance uses the POST method to submit # configuration updates. If you disable this method for the ADMIN server # instance, you will not be able to make server configuration updates # using the administration forms. By default, the POST method is enabled # for the ADMIN server instance. # * Put - Enable the PUT method and the HTTP server stores the resource # identified in the URL by the client. If the resource already exits, # the PUT method replaces it. If the resource did not exists, the PUT # method creates it. The user profile the server is running under for # this request must have update authority to the file and directory # or library in order for the operation to succeed. The PUT method # allows clients to add or replace information on your server. You # must use protection setups to define who can use this method and # which files. Disabled is the default setting. # * Options - Enable the OPTIONS method and the request information # about the communications options on the request/response chain # identified by the URL. This method allows a client to determine the # options and requirements associated with an object, or the # capabilities of a server, without having to act on or retrieve the # object. Enabled is the default setting. # * Trace - Enable the TRACE method and the server echoes the request # message sent by the client. This method allows the client to see # what is being received at the other end of the request chain and # use that data for testing or diagnostic information. The content # type of the response is message/http. Enabled is the default # setting. # * Connect - Enable the CONNECT method and your server can establish # an SSL tunneling session between a client (such as Netscape # Navigator) and a remote server through a proxy server. The sessions # between the client and the proxy and between the proxy and the # remote server are secure. The proxy does not have access to the # data being sent. The proxy server can be a base or secure server. # Disabled is the default setting. to enable SSL tunneling, go to the # Proxy server settings form and and specify an SSL tunneling port. # * User-Defined - You can specify a unique method name that will # process requests with a Server API or CGI program that you provide. # Enter the name of the method and the Method handler path and # program name that will handle requests for this method. For # example, Mymethod # /QSYS.LIB/MYMETHAPI.LIB/MYMETHAPI.SRVPGM:mymethodhandler. If a # request is received, that uses a User-Defined method, the URL must # match an Exec or Service directive in order to be processed by the # HTTP server. # # Disable - Disable HTTP methods # # Use this directive to specify which HTTP methods you do not want your # server to accept. # # In the ADMIN server configuration, the DELETE, GET, HEAD, POST, and PUT # methods are enabled, and all other supported HTTP methods are disabled. # To disable a method that is currently enabled, change the Enable # directive for the method to a Disable directive. # # Note: The Configuration and Administration forms use the POST method to # make updates to your server configuration for *ADMIN. If you disable # the POST method you will not be able to use the Configuration and # Administration forms. # # Example # Disable DELETE # # This directive is used by the following form: # * Methods #------------------------------------------------------------------------------ # Enable - Enable HTTP methods # # Use this directive to specify which HTTP methods you want your server # to accept. # # You can enable as many of the HTTP methods as you need. For each method # you want the server to accept, enter a separate Enable directive # followed by the name of the method. # # Format # Enable method [optional_method_handler] # # method # Specify the method you want to enable. For example, PUT, GET, or # a User-Defined method. # # optional_method_handler # Specify a method handler program to handle client requests for # any method where customized programming is needed. You must # specify a method handler for user defined methods. The program # you specify will override the standard processing for that # method. # # Example # Enable POST # # This directive is used by the following form: # * Methods #------------------------------------------------------------------------------ # Request routing - Redirect URLs and define file extensions # # Use the directives described in this section to control how your server # interprets particular file extensions, which requests your server # accepts, and where the server looks for resources. # # The server binds files to a content type, content encoding, or content # language based on the file extensions. The configuration file shipped # with the server contains specifications for most commonly used # suffixes. Use the extensions definition directives only if you need to # add new definitions or change the sample definitions found in the # configuration file. # # Use the mapping directives (Exec, Fail, Map, Pass, and Redirect) to # control which requests your server accepts and to map URL requests to # your actual files. # # You can use the mapping directives to create a virtual hierarchy of Web # resources. You can then change the physical location of files or # directories without affecting the virtual layout. Even if your server # sends documents from different file systems, it can present a virtual # layout. # # The server applies the mapping directives in the order they appear in # the configuration file until a request has been accepted, rejected, or # there are no more directives that apply to the request. # # Note: Because the AS/400 system has both case sensitive and non-case # sensitive file systems, the HTTP server handles all URLs as case # sensitive for certain directives. Therefore, if you are using a # non-case sensitive file system, you should utilize the MAP directive in # addition to your PASS, Protect, EXEC, and other request routing # directives. # # Exec - Run a CGI program for matching requests # # Use this directive to specify a template for requests you want to # accept and respond to by running a CGI program. Once a request matches # a template on an Exec directive, the request is not compared to request # templates on any subsequent directives. # # The format of the directive is the following: # Exec request-template [program-path [IP-address-template]] [CGIConvMode[ # [CgiThreadedMode] # # request-template # A template for requests that you want your server to accept and # respond to by running a CGI program. # # You must use an asterisk as a wildcard in the program-path. The # part of the request that matches the request-template wildcard # must begin with the name of the file that contains the CGI # program. The request-template is case sensitive, but the # replacement string is only case sensitive when it refers to a # case sensitive file system. # # Example # # Map /cgi-bin/* /cgi-bin/*.pgm # Exec /cgi-bin/* /qsys.lib/cgilib.lib/* # # This example substitutes the value after /cgi-bin/ as the name # of the program. The Exec directive identifies the library where # the CGI program specified in /cgi-bin/ is stored. The Exec # directive changes the directive to the cgilib library. # # program-path # The path to the file that contains the CGI program you want the # server to execute for the request. # # program-path must also contain a wildcard. The wildcard is # replaced with the name of the file that contains the CGI # program. The request can also contain additional data that is # passed to the CGI program in the PATH_INFO environment variable. # The additional data follows the first slash (/) character that # comes after the CGI program file name on the request. The data # is passed according to CGI specifications. # # IP-address-template # If your server has multiple connections, you can use this # parameter to specify an address template. The server uses the # directive only for requests that come to the server on a # connection with an address matching the template. It is # important to note that it is the address of the server's # connection that is compared to the template, not the address of # the requesting client. # # You can specify a complete IP address (for example, # 204.146.167.72). # # This parameter is optional. Without this parameter, the server # uses the directive for all requests regardless of the connection # the requests come in on. # # CGIConvMode # Use this parameter to specify the CGI conversion mode that the # server should use for requests that match this template. For # this request, the value that you specify here overrides the # general server setting. See CGIConvMode - Specify the CGI # conversion mode that the server will use for a list of # CGIConvMode values. If this value is left blank, the default # from the CGIConvMode directive is used. # # CgiThreadedMode # Use this parameter to specify URLs to run either multiple thread # capable or non-multiple thread-capable. With this parameter you # can specify *On or the default *Off. The default from the # CgiThreadedMode directive is used if this value is left blank. # See CgiThreadedMode - Specify whether the default for CGI # jobs are multiple thread capable or not for more information # about the CgiThreadedMode directive. # # Example # Map /cgi-bin/* /cgi-bin/*.pgm # Exec /cgi-bin/* /QSYS.LIB/CGIBIN.LIB/* # # In the above example, the server expects to find the CGI program in # library CGIBIN. In this case, the request for # http://hostname/cgi-bin/mycgi causes the server to attempt to run the # program named MYCGI, in library CGIBIN. The Map directive adds the .pgm # to the program name so .pgm does not have to be specified on the URL # request. The request arrives at the server as: # /cgi-bin/mycgi - The request arrives. # /cgi-bin/mycgi.pgm - The Map directive adds the .pgm. # /QSYS.LIB/CGIBIN.LIB/* - The request changes to identify the # path to the program (AS/400 library.) # # You can add more Exec directives to your configuration file as you need # them. For example, you could have an exec directive for the languages # in which you write CGI programs: # Exec /rexx/* /qsys.lib/as400cgi.lib/rexx.file/* # Exec /java/* /as400cgi/* # # This directive is used by the following form: # * Request routing #------------------------------------------------------------------------------ # Fail - Reject matching requests # # Use this directive to specify a template for requests you do not want # to process. Once a request matches a template on a Fail directive, the # request is not compared to request templates on any subsequent # directives. # # The format of the directive is: # Fail request-template [IP-address-template] # # request-template # A template for requests that you want your server to reject. If # a request matches the template, the server sends the requester # an error message. # # You can use an asterisk as a wildcard in the template. # # IP-address-template # If your server has multiple connections, you can use this # parameter to specify an address template. The server uses the # directive only for requests that come to the server on a # connection with an address matching the template. It is # important to note that it is the address of the server's # connection that is compared to the template, not the address of # the requesting client. # # You can specify a complete IP address (for example, # 204.146.167.72). # # This parameter is optional. Without this parameter, the server # uses the directive for all requests regardless of the connection # the requests come in on. # # Example # QDLS: Fail /QDLS/TESTING/* # # In the above example, the server rejects any requests beginning with # /QDLS/TESTING/. # Fail /customerB/* 204.146.167.72 # Fail /customerA/* 9.99.123.4 # # The server rejects any requests beginning with /customerB/ if the # request comes in on a connection with IP address 204.146.167.72. The # server also rejects any requests beginning with /customerA/ if the # request comes in on a connection with an IP address of 9.99.123.4. # # Program default setting # # The default rule is Fail. If a request does not match any other # processing directive (such as Map or Pass), then server will not # process the request. # # This directive is used by the following form: # * Request routing #------------------------------------------------------------------------------ # Map - Change matching requests to a new result string # # Use this directive to specify a template for requests you want to # change to a new request string. After your server changes the request, # it takes the new request string and compares it to the request # templates on subsequent directives. # # The format of the directive is: # Map request-template new-request [IP-address-template] # # request-template # A template for requests that you want your server to change and # then continue comparing the new request string to other # templates. # # You can use an asterisk as a wildcard in the template. # # new-request # The new request string you want your server to continue to # compare to the request templates on subsequent directives. # new-request may contain a wildcard if the request-template has # one. The part of the request that matches the request-template # wildcard is inserted in place of the wildcard in new-request. # # IP-address-template # If your server has multiple connections, you can use this # parameter to specify an address template. The server uses the # directive only for requests that come to the server on a # connection with an address matching the template. It is # important to note that it is the address of the server's # connection that is compared to the template, not the address of # the requesting client. # # You can specify a complete IP address (for example, # 204.146.167.72). # # This parameter is optional. Without this parameter, the server # uses the directive for all requests regardless of the connection # the requests come in on. # # Example # # Example for a Map request with /cgi-bin/ as a PGM object: # # Map /cgi-bin/* /cgi-bin/*.pgm # Exec /cgi-bin/* /qsys.lib/cgilib.lib/* # # In the above example, your server would take any requests starting with # /cgi-bin/ and change the /cgi-bin/ portion of the request to # /cgi-bin/*.pgm. Anything that followed /cgi-bin/ on the original # request would also be included in the new request string. So # /cgi-bin/whatsup/ would change to /cgi-bin/whatsup.pgm. # # The Exec directive would change the /cgi-bin/whatsup.pgm to # /qsys.lib/cgilib.lib/*. This change allows IBM HTTP Server to execute # the program cgipgm in library cgilib. Your server would take the new # request string and continue to compare it to request templates on # subsequent directives. # Map /stuff/* /customerA/good/stuff/* 204.146.167.72 # Map /stuff/* /customerB/good/stuff/* 9.99.123.4 # # If your server receives requests that begin with /stuff/, it changes # the request to a different request string based on the IP address of # the connection the request comes in on. For requests that arrive on # 204.146.167.72, the server changes the /stuff/ portion of the request # to /customerA/good/stuff/. For requests that arrive on any connection # with an address of 9.99.123.4, the server changes the /stuff/ portion # of the request to /customerB/good/stuff/. # # This directive is used by the following form: # * Request routing #------------------------------------------------------------------------------ # NameTrans - Customize the NameTrans function # # Use this directive to specify a customized application function that # you want the server to call during the Name Translation step. This code # would supply the mechanism for translating the virtual path in the # request to the physical path on the server, mapping URLs to specific # objects. # # Note: The NameTrans server directive is not a terminal mapping rule. # The transformed URL still has to match one of the terminal mapping rule # directives, such as Exec, Fail, map, Pass, Redirect, or Service. # # The format of this directive is: # NameTrans request-template # /path/file:function_name [Server-IP-address or hostname] # # request-template # A template for requests that further determine if your # application function is called. The specification can include # the following: # # + Protocol # + Domain and host # + A slash (/) as a preceding character # + An asterisk (*) as a wildcard character # # For example, the following sample entries are all valid: # # + /med_city.html # + http://www.lotus.com/ # + /pub* # + /* # + * # # /path/file # The fully-qualified file name of your compiled program, # including the file name extension. # # :function_name # The name that you gave your application function within your # program. # # Server-IP-address or hostname # If you are using multiple IP addresses or virtual hosts, this # entry determines if your application function will be called # only for requests coming in on a specific IP address or for a # specific host. # # Example # NameTrans /index.html /QSYS.LIB/yourapilib.LIB/apiprogram.SRVPGM:apiprocedu # re # # This directive is used by the following form: # * Request routing #------------------------------------------------------------------------------ # Pass - Accept matching requests # # Use this directive to specify a template for requests you want to # accept and respond to with a document from your server. Once a request # matches a template on a Pass directive, the request is not compared to # request templates on any subsequent directives. # # The format of the directive is: # Pass request-template [file-path [IP-address-template]] # # request-template # A template for requests that you want your server to accept and # respond to with a document from your server. # # You can use an asterisk as a wildcard in the template. # # file-path # The path to the file that contains the document you want the # server to return. file-path may contain a wildcard if the # request-template has one. The part of the request that matches # the request-template wildcard is inserted in place of the # wildcard in file-path. # # This parameter is optional. If you do not specify a path, the # request itself is used as the path. # # IP-address-template # If your server has multiple connections, you can use this # parameter to specify an address template. The server uses the # directive only for requests that come to the server on a # connection with an address matching the template. It is # important to note that it is the address of the server's # connection that is compared to the template, not the address of # the requesting client. # # You can specify a complete IP address (for example, # 204.146.167.72). # # This parameter is optional. To use this parameter, you must also # use the file-path parameter. Without the IP-address-template # parameter, the server uses the directive for all requests # regardless of the connection the requests come in on. # # Example # QDLS: Pass /doc/* /QDLS/WebTEST/*.HTM # Root: Pass /root/* /WebSAMP/*.html # QOpenSys: Pass /x/* /QOpenSys/WebSAMP/*.html # QSYS: Pass /lib/* /QSYS.LIB/WebSAMP.LIB/HTMLDOC.FILE/*.MBR # # Attention! # # Specifying Pass /* (with no replacement string after it) can be # dangerous. Specifying Pass /* disables any further access control that # the server would impose. This Pass directive could allow browser users # to access files you did not intend for them to access. # # We strongly recommend that you never specify Pass /*. # # Specifying Pass with /* as a template and no replacement string allows # the server to serve any AS/400 file that QTMHHTTP user profile has read # access to, with a request that specifies the AS/400 real document name; # for example, /QSYS.LIB/PERSONAL.LIB/DATA.FILE/PAY.MBR. A Pass directive # with /* as a template can be used to refer to a replacement string that # would serve an AS/400 document; for example, Pass /* # /www/Webdata/Web.html. This would be used after all other Map, Pass, # Exec, and Redirect directives to prevent anyone from getting an Error # 403 "Forbidden by rule". # # In the above example for the QDLS file system, your server would # respond to a request starting /doc/ with a document from # /QDLS/WebTEST/. Anything that followed /doc/ would also be used to # identify the document. So your server would respond to the request # /doc/test/test1/doctest.html with the document in file # /QDLS/WebTEST/test/test1/doctest.html. # Pass /gooddoc/* # # In the above example, your server would respond to a request starting # with /gooddoc/ with a document from /gooddoc. So your server would # respond to the request /gooddoc/volume1/issue2/newsletter4.html with # the document in file /gooddoc/volume1/issue2/newsletter4.html. # Pass /parts/* /customerA/catalog/* 204.146.167.72 # Pass /parts/* /customerB/catalog/* 9.99.123.4 # # If your server receives requests that begin with /parts/, it returns a # file from a different directory based on the IP address of the # connection the request comes in on. For requests coming in on # 204.146.167.72 the server returns a file from /customerA/catalog/. For # requests that come in on any connection with an address of 9.99.123.4, # the server returns a file from /customerB/catalog/. # # This directive is used by the following form: # * Request routing #------------------------------------------------------------------------------ # Redirect - Send matching requests to another server # # Use this directive to specify a template for requests you want to # accept and send to another server. Once a request matches a template on # a Redirect directive, the request is not compared to templates on any # other directives in your configuration file. # # The format of the directive is: # Redirect request-template URL [IP-address-template] # # request-template # A template for requests that you want your server to send to # another server. # # You can use an asterisk as a wildcard in the template. # # URL # The URL request you want your server to send to another server. # The response to this request goes to the original requester # without any indication that it did not come from your server. # # URL must contain a protocol specification and the name of the # server to send the request to. It can also contain a path or # file name. If request-template uses a wildcard, the path or file # name on URL can also use a wildcard. The part of the original # request that matches the wildcard on request-template is # inserted in place of the wildcard on URL. # # IP-address-template # If your server has multiple connections, you can use this # parameter to specify an address template. The server uses the # directive only for requests that come to the server on a # connection with an address matching the template. It is # important to note that it is the address of the server's # connection that is compared to the template, not the address of # the requesting client. # # You can specify a complete IP address (for example, # 204.146.167.72). # # This parameter is optional. Without this parameter, the server # uses the directive for all requests regardless of the connection # the requests come in on. # # Example # Redirect /chief/stuff/* http://www.other.org/wahoo/* # # In this example, your server sends any requests beginning with # /chief/stuff/ to the wahoo directory of the www.other.org server. # Redirect /stuff/* http://www.chief.org/wahoo/* 204.146.167.72 # Redirect /stuff/* http://www.dawg.com/bones/* 9.99.123.4 # # If your server receives requests that begin with /stuff/, it redirects # the request to different servers based on the IP address of the # connection the request comes in on. For requests that come in on # 204.146.167.72, the server sends the request to the wahoo directory of # the www.chief.org server. For requests that come in on any connection # with an address of 9.99.123.4, the server sends the request to the # bones directory of the www.dawg.com server. # # This directive is used by the following form: # * Request routing #------------------------------------------------------------------------------ # Service - Customize the Service function # # Use this directive to specify a customized application function that # you want the server to call during the Service step. This code services # the client request. For example, it could send a file or run a CGI # script. # # There is no default for this directive. If the request matches a # Service rule (an application function specified on a Service directive # is executed) but it returns HTTP_NOACTION, then the server will # generate an error and the request will fail. # # The format of this directive is: # Service request-template # /path/file:function_name [CGIConvMode] # # request-template # A template for requests that further determine if your # application function is called. The specification can include # the following: # # + Protocol # + Domain and host # + A slash (/) as a preceding character # + An asterisk (*) as a wildcard character # # For example, the following sample entries are all valid: # # + /med_city.html # + http://www.lotus.com/ # + /pub* # + /* # + * # # /path/file # The fully-qualified file name of your compiled program, # including the file name extension. # # :function_name # The name that you gave your application function within your # program. # # Server-IP-address or hostname # If you are using multiple IP addresses or virtual hosts, this # entry determines if your application function will be called # only for requests coming in on a specific IP address or for a # specific host. # # Note: You cannot use the wildcard character (*) to specify a server's # IP address or hostname. # # [CGIConvMode] # Use this parameter to specify the CGI conversion mode that the # server should use for requests that match this template. For # this request, the value that you specify here overrides the # general server setting. The default from the CGIConvMode # directive is used if this value is left blank. See # CGIConvMode - Specify the CGI conversion mode that the # server will use for more information about the CGIConvMode # parameter and directive. # # Note: If you want full path translation, including query_string, you # must have an asterisk (*) in both the request-template as well as in # the/path/file:function_name as shown in the second example. # # Examples # Service /index.html /QSYS.LIB/yourapilib.LIB/apiprogram.SRVPGM:apiprocedure # Service /cgi-bin/hexcalc* /QSYS.LIB/yourapilib.LIB/apiprogram.SRVPGM:apipro # cedure # # This directive is used by the following form: # * Request routing #------------------------------------------------------------------------------ # Security configuration - Set up network security for the server # # For a secure server, use the directives described in this section to # control how your server uses network security functions. # # For more information about using SSL with your server, see Using # Secure Sockets Layer (SSL). # # If you change these directives, you must stop your server and then # start it again for the changes to take effect. The server will not pick # up the changes if you only restart it. # # NormalMode - Turn HTTP Server normal mode on or off # # Use this directive to turn on or off the port defined by the Port # directive. # # Set NormalMode on for an HTTP connection. If you also want an SSL # connection, set SSLMode on. # # Note: You should have either this directive or the SSLMode directive # turned on. If both NormalMode and SSLMode are turned off, the server # will not start. # # If you change this directive, you must stop your server and then start # it again for the change to take effect. The server will not pick up the # change if you only restart it. # # Program default setting # NormalMode on # # This directive is used by the following form: # * Security configuration #------------------------------------------------------------------------------ # SSLClientAuth - Turn Secure Sockets Layer (SSL) client authentication on # or off # # Use this directive to enable SSL client authentication for secure # connections. You must enable SSLMode in order to use this directive in # your configuration. # # You can protect your resources based on valid client certificates, # certificates with particular Distinguished Name (DN) information, # certificates that you associate with AS/400 user profiles, and # certificates that you associate with AS/400 validation lists. For more # information about using SSL client authentication on your server, see # Using Secure Sockets Layer (SSL). # # If you change this directive, you must stop your server and then start # it again for the change to take effect. The server will not pick up the # change if you only restart it. # # Specify any of the following formats: # SSLClientAuth Required # SSLClientAuth on # SSLClientAuth off # # Required # The server requests certificates from clients. If the client # does not return a certificate or if the certificate is not # valid, the connection fails. The server does not process the # request from the client. # # on # The server requests certificates from clients. The server # processes the request from the client regardless if the client # returns a certificate or if the certificate is valid. # # off # The server does not request certificates from clients. The # server processes the request from the client. # # Program default setting # SSLClientAuth off # # This directive is used by the following form: # * Security configuration #------------------------------------------------------------------------------ # SSLMode - Turn HTTP Server secure port on or off # # Use this directive to turn on or off the port defined by the SSLPort # directive. # # Set SSLMode to on for an SSL connection. If you also want an HTTP # connection, set NormalMode to on. # # Note: You should have either this directive or the NormalMode directive # turned on. If both NormalMode and SSLMode are turned off, the server # will not start. # # If you change this directive, you must stop your server and then start # it again for the change to take effect. The server will not pick up the # change if you only restart it. # # Program default setting # SSLMode off # # This directive is used by the following form: # * Security configuration #------------------------------------------------------------------------------ # SSLPort - Set port for SSL security # # Use this directive to set the port for SSL security. The server will # use this port only for HTTPS requests. (Requests for HTTP will still # come on the port that you set with the Port directive.) # # If you want to use a port other than 443, you must specify a port above # 1024. # # If you change this directive, you must stop your server and then start # it again for the change to take effect. The server will not pick up the # change if you only restart it. # # Program default setting # SSLPort 443 # # This directive is used by the following forms: # * Security configuration # * Change instance parameters #------------------------------------------------------------------------------ # Simple Network Management Protocol (SNMP) # # A network management system is a program that runs continuously to # monitor, reflect status of, and control a network. Simple Network # Management Protocol (SNMP), a popular protocol for communicating with # devices in a network, is the current network management standard. The # network devices typically have an SNMP agent and one or more subagents. # The SNMP agent can talk to the network management station or respond to # command line requests. The SNMP subagent retrieves and updates data and # gives that data to the SNMP agent to communicate back to the requester. # # The HTTP server provides an SNMP Management Information Base (MIB) and # SNMP subagent so you can use any network management system to monitor # your server's health, throughput, and activity. You can simultaneously # monitor up to twenty server instances. # # The MIB data is used to describe the Web server being managed, the # current and recent server status, and server performance data. You can # view additional information such as MIB variable names, object IDs, and # descriptions. # # The user or a programmer sends a GET command to the SNMP agent. The # subagent responds with the appropriate MIB data when the SNMP agent # sends a GET command. The SNMP agent communicates the data to the # network management station. If the threshold values that you specified # are exceeded, the network management station can notify you. # # Note: SNMP is generally not recommended for use on public Internet # servers since it discloses information about your server that hackers # may be able to exploit. # # SNMP - Enable and disable SNMP support # # Use the SNMP directive to enable or disable SNMP support. # # Example # SNMP on # # Program default setting # SNMP off # # This directive is used by the following form: # * SNMP #------------------------------------------------------------------------------ # SNMPCommunityName - specfiy a community name for SNMP # # Use the SNMPCommunityName directive to define the community name # between the HTTP server DPI subagent and the SNMP subagent. The SNMP # community name authorizes a user to view the performance variables that # are monitored by SNMP for a particular community of servers. The system # administrator defines which variables from which servers can be viewed # when a password is entered. If you change the SNMP community name, be # sure to also configure the community name using the ADDCOMSNMP or # CHGCOMSNMP commands with the ASCIICOM(*YES) parameter. This will ensure # the community name is converted to ASCII before it is compared with the # name that is specified in the SNMP manager request. # # Example # SNMPCommunityName com_nam # # Program default setting # SNMPCommunityName public # # This directive is used by the following form: # * SNMP #------------------------------------------------------------------------------ # WebMasterEmail - Create an e-mail address to receive SNMP problem reports # # Use the WebMasterEmail directive to create an e-mail address to receive # SNMP problem reports. # # Example # WebMasterEmail webmaster@computer.com # # Program default setting # WebMasterEmail webmaster # # This directive is used by the following form: # * SNMP #------------------------------------------------------------------------------ # System Management # # Use the directives described in this section to control the performance # of your server. # # Each time your server receives a request from a client, it uses a # thread to perform the requested action. (One thread is used if the # server is not performing DNS lookup. Two threads are used if the server # is performing DNS lookup.) The server first checks to see if any # threads are available. If so, the server uses available threads to # process the request. If no threads are available and the maximum number # of active threads has not been reached, the server starts new threads # to process the request. If the maximum number of active threads has # been reached, the server holds the request until threads become # available. When a request finishes, the threads it was using become # idle. As long as idle threads do not expire, they are available for the # server to use again. # # For more information about DNS and DNS lookup, see TCP/IP in the AS/400 # Information Center. # # If your server is running at maximum capacity on a sustained, non-stop # basis, you might experience some affect on system performance of your # machine. This situation is temporary and is alleviated when the number # of requests to the server decreases, allowing the server to catch up on # servicing requests. # # The impact on system performance is an indication that the # MaxActiveThreads directive might be set too high for your machine. # Specifying a number on the MaxActiveThreads directive that is too high # affects the performance of the server as it attempts to satisfy browser # requests. # # We suggest that you experiment with lowering the number specified for # the MaxActiveThreads directive until you reach a point where you see no # affect on system performance. A good starting point would be half of # the previous setting. For example, if you had the MaxActiveThreads # directive set to 100, try setting it to 50. You may want to lower it # even further, but remember that when no threads are available, the # server holds requests until more threads are available. # # Note: Lowering the MaxActiveThreads directive might result in increased # numbers of rejected connections when the server reaches capacity. # Increasing the number specified for the MaxActiveThreads directive # decreases the number of rejected connections when the server reaches # capacity, but it results in an increasing affect on system performance. # You decide how you want to balance ability to service sustained large # numbers of requests with ability to tolerate performance effects. # # If you see a problem with your performance with your server being too # slow, it could be related to any of the following: # * Your token ring speed # * The traffic on your LAN # * The number of clients requesting from your server # * The number of threads set on your server # * Slow domain name server (DNS) name resolution (You might consider # setting the DNS-Lookup directive to off.) # # You can use the CacheLocalFile directive to load your most popular # files into the server's memory at startup time. You can specify the # maximum amount of memory and the maximum number of files for caching # with the CacheLocalMaxBytes and CacheLocalMaxFiles directives. # # Use the PersistTimeout and MaxPersistRequest directives to specify the # characteristics of a persistent connection. A persistent connection # allows the server to accept multiple requests and to send responses # over the same TCP/IP connection. Overall throughput is increased # because the server does not have to establish a separate TCP/IP # connection for each request and response. Also, the TCP/IP connection # is used more efficiently because clients can make multiple requests # without waiting for the server to respond to each request. # # CacheLocalFile - Specify files that you want to load into memory at start # up # # Use this directive to specify the names of files that you want to load # into the server's memory each time that you start the server. You can # have multiple occurrences of this directive in the configuration file. # Include a separate directive for each file that you want to load into # memory. # # By keeping your most frequently requested files loaded in the server's # memory, you can improve your server's response time for those files. # For example, if you load your server's welcome page into memory at # startup, the server can handle requests for the page much more quickly # than if it had to read the file from a disk. Keep in mind that for each # file you load into memory, you are making that amount of memory # unavailable for other uses. # # Before responding to a request for a file that is stored in memory, the # server checks to see if the file has changed since the server was # started. If the file has changed, then the server responds to this # request with the updated file. The server then deletes the older # version of the file from its memory. To load the new file into memory, # you need to restart the server. # # Notes: # 1. You can use an asterisk (*) as a wildcard character on the file # names. # 2. File name matching is not recursive through subdirectories. The # server will only files in the specified directory. No files in # subdirectories are affected. # # Example # CacheLocalFile /www/html/index.html # # this example caches a specific file. # # CacheLocalFile /www/smock/*.html # # this example caches all .html files in the smock directory. # # Program default setting # # The default configuration includes CacheLocalFile directives for all of # the HTML and graphics files that make up IBM HTTP Server's Front Page. # # This directive is used by the following form: # * Local caching #------------------------------------------------------------------------------ # CacheLocalMaxBytes - Specify the maximum amount of memory allocated for # file caching # # Use this directive to specify the maximum amount of memory that you # want to allow for file caching. You can specify the memory in kilobytes # (K) or megabytes (M). You must still specify the files that you want # cached with the CacheLocalFilesDirective. # # Note: CacheLocalMaxBytes can help limit your cache size when you are # using the wildcard character to specify the files on the # CacheLocalBytes directive. # # Example # CacheLocalMaxBytes 500 K # # Program default setting # CacheLocalMaxBytes 2 M # # This directive is used by the following form: # * Local caching #------------------------------------------------------------------------------ # CacheLocalMaxFiles - Specify the maximum number of files to be # simultaneously cached # # Use this directive to specify the maximum number of files that you want # to be cached at one time. You must still use the CacheLocalFiles # directive to indicate which files that you want cached. # # Note: CacheLocalMaxFiles can help limit your cache size when you are # using the wildcard character to specify the files on the # CacheLocalFiles directive. # # Example # CacheLocalMaxFiles 150 # # Program default setting # CacheLocalMaxFiles 200 # # This directive is used by the following form: # * Local caching #------------------------------------------------------------------------------ # DynamicCache - Turn dynamic caching on or off # # Use this directive to specify your HTTP server to perform dynamic local # caching. With the DynamicCache directive on, files are cached based on # file usage. # # The CacheLocalMaxBytes directives are used to configure the storage # size that is allocated for all caching. The amount of storage available # for dynamic caching is determined by subtracting the amount of storage # used by the files specified in the CacheLocalFile directive from the # amount of storage specified in the CachLocalMaxFiles directive. # # Example # DynamicCache On # # Program default setting # DynamicCache Off # # InputTimeout - Specify input timeout setting #------------------------------------------------------------------------------ # Use this directive to set the time allowed for a client to send a # request after making a connection to the server. A client first # connects to the server and then sends a request. If the client does not # send a request within the amount of time on this directive, the server # drops the connection. Specify the time value in any combination of # hours, minutes (or mins), and seconds (or secs). # # Example # InputTimeout 3 mins 30 secs # # Program default setting # InputTimeout 2 minutes # # This directive is used by the following form: # * Timeouts #------------------------------------------------------------------------------ # LiveLocalCache - Specify whether the cache is updated when a cache file # is modified # # Use this directive to specify whether or not the cache is updated when # a cached file is modified. Specify ON if you want users requesting a # cached file to get the file with the latest updates. OFF if the optimum # setting for performance. # # Initial configuration file setting # LiveLocalCache off # # Program default setting # LiveLocalCache off # # This directive is used by the following form: # * Local caching #------------------------------------------------------------------------------ # MaxActiveThreads - Specify the maximum number of threads to have active # # Use this directive to set the maximum number of threads that you want # to have active at one time. If the maximum is reached, the server holds # new requests until another request finishes and threads become # available. # # Example # MaxActiveThreads 36 # # Program default setting # MaxActiveThreads 40 # # This directive is used by the following forms: # * Global server parameters # * Change instance parameters # * Performance #------------------------------------------------------------------------------ # MaxPersistRequest - Specify the maximum number of requests that the # server receives on a persistent connection # # Use this directive to specify the maximum number of requests that the # server should receive on a persistent connection. When determining this # number, be sure to consider the number of images used in your pages. # Each image requires a separate request. # # The format of this directive is the following: # MaxPersistRequest number # # where number is the number of requests that the server should receive # for a persistent connection. # # Program default setting # MaxPersistRequest 5 # # This directive is used by the following form: # * Performance #------------------------------------------------------------------------------ # MinActiveThreads - Specify the minimum number of threads to keep # available or active # # Use this directive to set the minimum number of AS/400 threads that are # created to service requests. # # Example # MinActiveThreads 30 # # Program default setting # MinActiveThreads 10 # # This directive is used by the following forms: # * Global server parameters # * Change instance parameters # * Performance #------------------------------------------------------------------------------ # OutputTimeout - Specify output timeout setting # # Use this directive to set the maximum time allowed for your server to # send output to a client. The time limit applies to requests for local # files. The time limit does not apply for requests that start a local # CGI program. # # If the server does not send the complete response within the amount of # time on this directive, the server drops the connection. Specify the # time value in any combination of hours, minutes (or mins), and seconds # (or secs). # # Example # OutputTimeout 10 minutes # # Program default setting # OutputTimeout 20 minutes # # This directive is used by the following form: # * Timeouts #------------------------------------------------------------------------------ # PersistTimeout - Specify the amount of time that the server waits before # cancelling a persistent connection # # Use this directive to specify the amount of time that the server should # wait between client requests before cancelling a persistent connection. # # The server uses a different timeout, the input timeout, to determine # how long to wait for the client to send the first request after the # connection is established. For more information about the input # timeout, see InputTimeout - Specify input timeout setting. # # After the server sends its first response, it uses the persistent # timeout to determine how long it should wait for each subsequent # request before cancelling the persistent connection. # # The format of this directive is the following: # PersistTimeout time # # where time can be any valid time increment, but usually will be seconds # or minutes. # # Example # PersistTimeout 2 minutes # # Program default setting # PersistTimeout 4 seconds # # This directive is used by the following form: # * Performance #------------------------------------------------------------------------------ # ScriptTimeout - Specify script timeout setting # # Use this directive to set the time allowed for a program started by the # server to finish. When the time runs out, the server job is ended. # Specify the time value in any combination of hours, minutes (or mins), # and seconds (or secs). # # Example # ScriptTimeout 3 mins # # Initial configuration file setting # ScriptTimeout 45 minutes # # This directive is used by the following form: # * Timeouts #------------------------------------------------------------------------------ # UseACLs - Specify whether ACL files will be used # # Use this directive to specify whether the ACL files will be checked for # file protection. Set this directive to never or protect only for better # server performance. The format of the directive is: # UseACLs setting # # The setting can have a value of always, protect only, or never, as # described below: # # always # The server will always look for an ACL file on every file # request. # # protect only # The server will only look for an ACL file when the file request # is for a file that is covered by a protection statement. # # never # The server will never look for an ACL file on a file request. # # Example # UseACLs always # # Program default setting # UseACLs protectonly # # This directive is used by the following form: # * Performance #------------------------------------------------------------------------------ # Web site content rating # # Using Platform for Internet Content Selection (PICS), users of Internet # applications, such as the World Wide Web, File Transfer Protocol (FTP), # and Gopher, can filter the material they encounter. Users can accept or # reject the material based on its ratings. This filtering allows # parents, businesses, schools, or decerning individuals to block access # to inappropriate and objectionable material. For the most-up-to-date # information on PICS see, the World Wide Web Consortium's PICS Web site # at URL: http://www.w3.org/pub/WWW/PICS/ The specifications published at # this Web site enable the following: # * Content providers (people who publish information on the Web) to # rate and label their own documents. These can be HTML files or # other files that contain images, sound, or animations. # * Independent rating services to rate and label documents that are # published by other Web sites and to distribute the labels to # whomever requests them. # * Internet users (browsers and other clients) to request these labels # and determine how to handle rated and nonrated information. # # The HTTP server makes it easy for you to store and serve the rating # labels for the documents you publish. It also allows you to act as a # rating service or label bureau by providing a means for you to maintain # and distribute rating labels for other Web sites. # # LabelsFor - Specify ratings for each site document # # Use this directive to specify the ratings that are given by a # particular rating service for documents on a given Web server. This # directive is used within the # /QIBM/UserData/HTTPSVR/PICS/Config/ICS_PICS.CNF configuration file. # # Format # LabelsFor servername servicename { # /WebPath1/doc1 /path/LabelFile1 # /WebPath2/doc2 /path/LabelFile2 # . # . # . # } # # servername # This can be the keyword LOCAL to indicate documents on this # server, or it can be a full URL if documents on remote servers # are being rated. The URL must not contain a trailing slash. # # servicename # The full URL where clients will send their label requests. # # /WebPath/doc # The URL path and name of the document being rated. You can use # Wildcards (*). # # /path/LabelFile # The fully qualified name of the label file on your system. # Wildcards (*) are not allowed. The keyword NOTLABELED can be # used. # # This directive is used by the following form: # * Maintain PICS label entries for other Web sites #------------------------------------------------------------------------------ # DefineService - List local label files that are associated with a # third-party rating service # # Use this directive to specify the local label files that are associated # with a third-party rating service. This directive is used within the # /QIBM/UserData/HTTPSVR/PICS/Config/ICS_PICS.CNF configuration file. # # Format # DefineService servicename name-of-service ratingfile { # LABELFILE /path/LabelFile1 "description" # LABELFILE /path/LabelFile2 "description" # . # . # . # } # # servicename # The URL of the rating service. # # name-of-service # The name of the rating service, in quotes. # # ratingfile # The fully qualified name of the service's RAT file in your # system. # # /path/LabelFile # The fully qualified name of the label file in your system. # # description # A text description of the label, in quotes. # # This directive is used by the following form: # * Register third-party rating services # * Maintain PICS label entries for your Web site # * Request label entries from third-party rating services #------------------------------------------------------------------------------ # DefineLBService - List local label files that are associated with your # own label bureau or rating service # # Use this directive to specify the local label files that are associated # with your own label bureau or rating service. This directive is used # within the /QIBM/UserData/HTTPSVR/PICS/Config/ICS_PICS.CNF # configuration file. # # Format # DefineLBService servicename name-of-service ratingfile { # LABELFILE /path/LabelFile1 "description" # LABELFILE /path/LabelFile2 "description" # . # . # . # } # # servicename # The URL of the rating service. # # name-of-service # The name of the rating service, in quotes. # # ratingfile # The fully qualified name of the service's RAT file in your # system. # # /path/LabelFile # The fully qualified name of the label file in your system. # # description # A text description of the label, in quotes. # # This directive is used by the following forms: # * Registering your own rating service # * Maintain PICS label entries for other Web sites # * PICS labels for your own rating service #------------------------------------------------------------------------------ # Denial-of-service Attack Configuration # # Use the directives described in this section to configure how your # server detects and reacts to a specific kind of attack named # denial-of-service. Such attacks could result in a denial of service to # your Web server. These directives have default settings, but you may # want to change them to suit your individual needs. # # Your server can detect a denial-of-service attack by measuring the # timeout of certain clients requests. After the initial client # connection to your server is made, if the server does not receive a # request from the client, then your server determines that a # denial-of-service attack is in progress. # # All of the following directives work together to define how your server # detects and reacts to denial-of-service attacks. Because they are # interdependent upon one another, be sure to consider each of them and # how you want them to interact on your server. # # Note: If you are doing performance measurements, you should turn off # denial of service detection. See the directive, # DenialOfServiceThreshold - Specify the server detection of # denial-of-service attacks. # # DenialOfServicePenalty - Specify the penalty that you want to impose on a # denial-of-service attack that your server detects # # Use this directive to limit the impact that a denial-of-service attack # will have on your server. This denial-of-service detection is # controlled by the DenialOfServiceThreshold directive. # # If the DenialOfServiceThreshold is set too small, then the client that # your server determines to be an attacker may not actually be an # attacker. Your server may mistake many users of the same firewall or # router for a single client attempting a denial-of-service attack. If # the server shut the router or firewall down completely, then you would # be denying service to any number of valid, legitimate users. Although # you would stop the attacker, you would also stop all business on that # particular firewall or router. # # When your server detects an attack, the server uses this directive to # limit the percent of the maximum active server threads that the # attacking client can use. Your server will penalize attacking clients # until the time that you specify has passed and the clients have had no # additional timeouts. # # The percentage applies to any number of client attacks. If you have 3 # different users (defined as clients possessing three separate IP # addresses) attacking simultaneously, then they do not each get a full # 100 percent of the server's resources. They each have to fit into the # penalty percentage of the server's remaining resources. Therefore, your # server can also stop an organized multi-user denial-of-service attack. # # For more information about the maximum number of threads allowed on # your server, see MaxActiveThreads - Specify the maximum number of # threads to have active. # # The format of this directive is the following: # DenialOfServicePenalty percent timevalue # # percent # The percent of the server's threads that attackers are allowed # to use. # # timevalue # The amount of time to which attackers are limited. This is the # amount of time that must pass after the last timeout occurs # before the attacker is again allowed unlimited access to server # threads. # # Example # DenialOfServicePenalty 8 30 minutes # # In this example, your server limits the attacker to only connections # that use 8 percent or less of the maximum active threads of the server. # This leaves 92 percent of your server's threads available for # processing other requests. This penalty stays in effect until 30 # minutes pass after the last timeout of the attacker. # # Initial configuration file setting # # None. # # Program default setting # DenialOfServicePenalty 10 20 minutes # # This directive is used by the following form: # * Denial of service #------------------------------------------------------------------------------ # DenialOfServiceThreshold - Specify the server detection of # denial-of-service attacks # # Use this directive to set the number of timeouts that are acceptable in # the amount of time. A broad definition of timeout is the amount of time # that the server waits for data from the requester or the amount of time # the server takes to send a file. The three timeouts that your server # monitors are the following: # * Input timeout (for more information, see InputTimeout - # Specify input timeout setting) # * Output timeout (for more information, see OutputTimeout - # Specify output timeout setting) # * Script timeout (for more information, see ScriptTimeout - # Specify script timeout setting) # # You may not have to use this protection if most of your clients access # your server through firewalls or routers that have denial-of-service # detection. Also, the default configuration of your server can falsely # detect an attack and attempt to limit server access when it should not # be doing so. If most of your server access comes from a proxy or # firewall, many users will appear as only one user in this detection # scheme. # # The format of the directive is the following: # DenialOfServiceThreshold timeouts timevalue # # timeouts # The number of timeouts allowed. The default is 5. If you do not # want any detection, specify a value of 0. # # timevalue # The amount of time before a denial-of-service is confirmed. # Specify the time value in any combination of hours, minutes, and # seconds. The default is 1 minute. # # Example # DenialOfServiceThreshold 7 2 minutes # # In this example, the server only allows seven timeouts from the # requesting client (with a unique IP address) over a period of two # minutes. If an eighth timeout occurs before two minutes have elapsed # since the first timeout, then the server identifies the requesting # client as a potential attacker. If the eighth timeout occurs and more # than 2 minutes have elapsed since the first timeout, then the server # handles the request normally. # # Initial configuration file setting # # None. # # Program default setting # DenialOfServiceThreshold 5 1 minute # # This directive is used by the following form: # * Denial of service #------------------------------------------------------------------------------ # DenialOfServiceTrusted - Specify the name or IP address of known and # trusted routers and firewalls that should not be considered for # denial-of-service attack detection # # Use this directive to inform the server of the name or IP address of a # known and trusted router or firewall that has its own denial-of-service # detection and prevention schemes. This helps to eliminate the false # detection of attacks from addresses that route multiple users and make # them appear as only one user. This directive allows you to specify that # your server should perform no detection of denial-of-service attacks on # these trusted firewalls or routers. # # You can specify either a domain name or an Internet Protocol (IP) # address on this directive. If you specify a domain name (such as # www.host77.com), then you need a domain name server (DNS) to resolve # the name into an IP address. If you specify an IP address (such as # 9.87.654.3), then you do not need a domain name server. See the # examples below for more information about specifying a domain name or # an IP address. # # If many users access your server from a single computer (defined as # having a unique IP address), it is always possible that your # denial-of-service detection scheme could mistake legitimate activity # for an attack. Most firewalls and routers have their own # denial-of-service detection and penalization schemes already built into # their systems. Therefore, you can trust any requests from such routers # and firewalls to not attack your server. # # The format of this directive is the following: # DenialOfServiceTrusted servername-or-IP-address # # servername-or-IP-address # The host name or the IP address of the host that your server # trusts. # # Examples # DenialOfServiceTrusted myrouter # # This example involves specifying a domain name. In this example, you # allow the server to process all requests from the host myrouter without # regard to any denial-of-service detection or penalization mechanisms. # For your server to completely process this directive, you must define # the myrouter host in the TCP/IP Domain Name server (DNS) host table # before the server instance is started or restarted. # # If the DNS server is unaware of this host name or if the DNS server may # not be running when you start the server instance, then you can specify # an IP address on this directive: # DenialOfServiceTrusted 12.345.6.789 # # This example involves specifying an IP address. In this example, you # provide the same trust for a server as in the above example. You don't # need the host name or a DNS server because you specifically provide the # IP address of a trusted server. # # Initial configuration file setting # # None. # # Program default setting # # None. # # This directive is used by the following form: # * Denial of service # ------------------------------------------------------------------------------
Minimal working configuration examples
Each standard (aka, non-admin) site has one member with the same name in both of QATMHINSTC
and QATMHTTPC
. The former establishes parameters for the server instance, the latter ist the configuration itself.
# Specify the port on which you want the server to listen for requests
Port 8080
#
# Multi-format processing
MultiFormatProcessing none
#
# Specify the data type of files with particular extensions
AddType .html text/html 8bit
AddType .jpg image/jpeg binary
#
# Specify the MIME content encoding of files with particular extensions
AddEncoding .gz x-gzip
AddEncoding .Z x-compress
#
# Specify the maximum time allowed for your server to send output to a client
OutputTimeOut 2 mins
#
# Specify the minimum number of threads to keep available or active
MinActiveThreads 2
#
# Specify the maximum number of threads to have active
MaxActiveThreads 20
#
# Specify the amount of time that the server waits before cancelling a
# persistent connection
PersistTimeout 2 mins
#
# Specify the maximum number of requests that the server receives on a
# persistent connection
MaxPersistRequest 20
#
# DenialOfServiceThreshold - Detection of DOS Conditions
DenialOfServiceThreshold 0 1 minute
Notes:
- The list of MIME type association is far from complete. Do not assume automatic built-ins!
DenialOfServiceThreshold
is essentially disabled, because I'm using a reverse-proxy in front which makes DDOS detection moot.- I also did not specify logging parameters to essentially do no logging at all, because all accesses come from the reverse proxy, anyway. The mentioned reverse proxy itself logs accesses, thus there is no need to create additional burden to the probably older and slower AS/400 by establishing (redundant) logging.
The mapping of (virtual) http paths to real paths is established in the following sections. For details see the "Pass - Accept matching requests" section in the complete configuration documentation above.
Webroot in the IFS
# Set up access control for the server
Pass /* /QOpenSys/var/www/mysite/*
#
# Specify settings for welcome pages
Welcome index.html
Every resource appended to /
in the browser's URL line is automatically prepended by /QOpenSys/var/www/mysite/*
, and handed off to the file system code. Very much like each recent, decent web server software works.
Many sources rightfully recommend to not use the PC-DOS compatible document library filesystem mainly for performance reasons. I'm using /QOpenSys because compared to the IFS root, this is case sensitive and thus closer to real UNIX semantics.
Using source physical files
You can also serve web pages from source physical files. Each member is a separate HTML document. Because the naming scheme is predefined by OS/400 a lot of page-individual configuration needs to be done:
# Pages via QSYS.LIB
Pass /index.html /QSYS.LIB/QGPL.LIB/MYSITE.FILE/INDEX.MBR
Pass /impressum.html /QSYS.LIB/QGPL.LIB/MYSITE.FILE/IMPRESSUM.MBR
Pass /dse.html /QSYS.LIB/QGPL.LIB/MYSITE.FILE/DSE.MBR
Redirect / /index.html
Compared to the IFS, there are quite some restrictions and other considerations:
- The free formatting capability of HTML source often yields some very long lines along many short ones. Since the
QSYS.LIB
is hosting record-oriented files exclusively, this might result in considerable overhead of allocated storage, and probably more data to be read from disk. - You can't meaningfully store binary streams (images) in source PFs. One way to deal with this is to imbed a Base64 encoded copy in the HTML
<img src>
tag. The Base64 decoding ignores line wrapping, so you can fill up lines to the maximum configured length. Example:
<img src="data:image/jpeg;base64,base64-encoded-text-goes-here">
- The member type must be
HTML
. Anything else will be sent with a MIME type oftext/plain
.- This precludes using CSS files, because they will be delivered with the wrong MIME type. You can work around this by using server side includes with the
include virtual
HTML comment directive. You need to enable imbeds in the server configuration, though.- The configuration documentation states that files refer to IFS includes only, but
include virtual
works just fine with QSYS.LIB members. They need to be referred with a Pass directive, though.
- The configuration documentation states that files refer to IFS includes only, but
- This precludes using CSS files, because they will be delivered with the wrong MIME type. You can work around this by using server side includes with the
If you prefer to edit members with SEU, SRC PFs should be created with rcdlen(134)
, yielding a maximum line length of 122. No sideways scrolling is necessary with this setting on a 27×132 (emulated) terminal, while maintaining ample horizontal space for formatting purposes.
Why would one serve HTML pages from the apparently cumbersome QSYS.LIB
filesystem? I have not gathered measurements yet, but I'd expect better performance. It's well known that even the IFS isn't exactly a speed wonder. On older and slower machines, this can truly make a difference.
Links
- HTTP Server for AS/400 Webmaster's Guide, GC41-5434-05
- AS/400 HTTP Server Performance and Capacity Planning, IBM RedBook SG24-5645-00
- Cool Title About the AS/400 and Internet, SG24-4815-01.
- Writing persistent CGI programs, IBM.com