Internet Connection Secure Server Webmaster's Guide

Documentation
IBM Internet Connection Secure Server

Webmaster's Guide

Version 4.2 for Windows** NT
GC31-8488-00

Welcome!

Information road map

What's new in Version 4.2

Part 1. Basic Configuration

Chapter 1. Changing the default configuration

Configuring your server

Using the Configuration and Administration forms

Editing the configuration file

Controlling access to the Configuration and Administration forms

Copying files

Changing the default home page

Understanding the document root directory

Changing your document root directory

Understanding the welcome pages

Creating your own home page

Running your server as a proxy

Caching documents on your proxy server

Setting up your proxy server

Step 1. Configure basic proxy functions

Step 2. Configure basic caching functions

Step 3. Designate a port number for your proxy server

Step 4. Configure advanced proxy functions

Step 5. Configure advanced caching functions

Step 6. Specify which clients can use the proxy

Step 7. Set up a secure connection

Running your server with multiple IP addresses or virtual hosts

Multiple IP addresses

Virtual hosts

Setting up your server to use multiple IP addresses or virtual hosts

Backing up files

Chapter 2. Starting to use your server

Starting and stopping the server

Starting from the Services panel with Windows NT

Starting from the Internet Connection Secure Server icon

Starting from the command prompt

Starting multiple instances of the server

Restarting from the Internet Connection Secure Server window

Restarting from the Configuration and Administration forms

Stopping the server

Part 2. Advanced Configuration

Chapter 3. Using the configuration file

Overview of directives

Basic - Specify required settings

BindSpecific - Specify if the server binds to one or all IP addresses

DNS-Lookup - Specify whether you want to look up host names of clients

HostName - Specify the fully qualified domain name or IP address for the server

imbeds - Specify whether server-side includes will be dynamically imbedded

Port - Specify the port on which you want the server to listen for requests

ServerRoot - Specify the directory where the server program is installed

Directories and Welcome Page - Set viewing options

AddBlankIcon - Specify the icon URL used to align the heading of directory listings

AddDirIcon - Specify the icon URL for directories on directory listings

AddIcon - Bind an icon to a MIME content-type or encoding-type

AddParentIcon - Specify the icon URL for a parent directory on directory listings

AddUnknownIcon - Specify the icon URL for unknown file types on directory listings

AlwaysWelcome - Specify if a welcome file is returned for all directory requests

DirAccess - Control directory listings

DirReadme - Control directory README files

DirShowBrackets - Use brackets around alternative text on directory listings

DirShowBytes - Show byte count for small files on directory listings

DirShowCase - Use case when sorting files on directory listings

DirShowDate - Show date last modified on directory listings

DirShowDescription - Show descriptions for files on directory listings

DirShowHidden - Show hidden files on directory listings

DirShowIcons - Show icons in directory listings

DirShowMaxDescrLength - Set the maximum description length on directory listings

DirShowMaxLength - Set the maximum length for file names on directory listings

DirShowMinLength - Set the minimum length for file names on directory listings

DirShowSize - Show file size on directory listings

IconPath - Specify the path for the directory listing internal icons

Welcome - Specify names of welcome files

User directories

HomeDir - Specify the directory that contains user subdirectories

UserDir - Specify the name of the accessible subdirectory off of user subdirectories

Logging and Reporting - Customize access and error logs and generate access reports

AccessLog - Name the path for the access log file

AccessLogArchive - Remove existing access, agent, or referer log files or run a user exit

AccessLogExcludeURL - Suppress log entries for specific files or directories

AccessLogExcludeMethod - Suppress log entries for files or directories requested by a given method

AccessLogExcludeMimeType - Suppress log entries for specific MIME types

AccessLogExcludeReturnCode - Suppress log entries for specific return codes

AccessLogExpire - Remove existing access log files when they reach a given age in days

AccessLogSizeLimit - Remove existing access log files when they reach a given collective size

AccessReportDescription - Give a short description of the report to be created

AccessReportExcludeURL - Suppress from the report the log entries for specific files or directories

AccessReportIncludeURL - Include in the report only log entries for specific files or directories

AccessReportExcludeHostName - Suppress from the report the log entries for specific host names

AccessReportIncludeHostName - Include in the report only log entries for specific host names

AccessReportExcludeMethod - Suppress from the report the log entries of a given method type

AccessReportExcludeReturnCode - Suppress from the report the log entries with a given return code

AccessReportRoot - Name the path for the root directory where access log reports are stored

AccessReportTemplate - Name the report template

AccessReportTopList - Specify the top number of items on

AgentLog - Name the path for the agent log file

CacheAccessLog - Specify the path for the cache access log files

CgiErrorLog - Name the path for the CGI error log file

ErrorLog - Name the file where you want to log internal server errors

ErrorLogArchive - Remove existing error or CGI error log files or run a user exit

ErrorLogExpire - Remove existing error log files when they reach a given age in days

ErrorLogSizeLimit - Remove existing error log files when they reach a given collective size

LogFormat - Specify common or old log file format

LogTime - Specify GMT or local time stamps in log files

LogToGUI - Specify whether access log writes to GUI

NoLog - Suppress log entries for specific hosts or domains matching a template

RefererLog - Name the path for the referer log file

ReportDataCompressionProgram - Specify path to the compression program

ReportDataUnCompressionProgram - Specify path to the uncompression program

ReportDataCompressionSuffix - Specify the suffix appended to the compressed file

ReportProcessOldLogs - Check for old logs in the log directory

ReportDataSizeLimit - Remove existing access data files when they reach a given collective size

ReportDataArchive - Specify whether to remove existing accessdata files

ReportDataExpire - Remove existing access data files when they reach a given age in days

Access control - Set up access control for the server

DefProt - Specify default protection setup for requests that match a template

Protect - Activate protection setup for requests that match a template

Protection - Define a named protection setup within the configuration file

Protection Subdirectives

SSL client authentication subdirectives

Security - Set up network security for the server

KeyFile - Set name for key ring file

NormalMode - Turn port on or off for HTTP

SSLClientAuth - Enable SSL client authentication

SSLMode - Turn port on or off for SSL

SSLPort - Set port for SSL security

Multi-format processing - Define file extensions for multi-format processing

Multi-Format Processing

AddLanguage - Specify the language of files with particular extension

AddEncoding - Specify the MIME content encoding of files with particular extension

AddCharSet - Specify the character set documents are encoded in

AddType - Specify the data type of files with particular extension

SuffixCaseSense - Specify whether extension definitions are case sensitive

AddClient - Specify file extensions for requesting clients

Resource mapping - Redirect URLs

Exec - Run a CGI program for matching requests

Fail - Reject matching requests

Map - Change matching requests to a new result string

Pass - Accept matching requests

Redirect - Send matching requests to another server

InheritEnv - Specify which environment variables are inherited by CGI programs

DisInheritEnv - Specify which environment variables are disinherited by CGI programs

Error message customization - Customize error messages the server returns to clients

ErrorPage - Specify a customized message for a particular error condition

Timeouts - Close connections automatically

InputTimeout - Specify input timeout setting

OutputTimeout - Specify output timeout setting

ScriptTimeout - Specify script timeout setting

Methods - Set method acceptance

Disable - Disable HTTP methods

Enable - Enable HTTP methods

Meta-Information - Name meta-information files and directories

MetaDir - Specify name of subdirectory for meta-information files

MetaSuffix - Specify the extension for meta-information files

ICAPI application processing - Specify ICAPI applications for request processing

ServerInit - Customize the Server Initialization step

PreExit - Customize the PreExit step

Authentication - Customize the Authentication step

NameTrans - Customize the Name Translation step

Authorization - Customize the Authorization step

ObjectType - Customize the Object Type step

Service - Customize the Service step

PICSDBLookup - Customize the PICS label retrieval step

DataFilter - Customize the Data Filter step

Log - Customize the Log step

Error - Customize the Error step

PostExit - Customize the PostExit step

ServerTerm - Customize the Server Termination step

Servlet API Support - Configure the server for Java servlet API support

EnableJavaServletSupport - Enable the server to support Java servlets

MaxActiveJavaThreads - Specify threads for request processing

ServletLog - Specify a log file for Java servlet messages

ServletDir - Specify the directory for Java servlets

Servlet - Specify a servlet's initialization parameters

Proxy server settings - Configure server as a proxy

CacheDefaultExpiry - Specify default expiration time for files that do not have an expiration date

CacheExpiryCheck - Turn cache expirations off

CacheLastModifiedFactor - Specify fraction of Last-Modified time to be used for determining expiration date

CacheLimit_1 - Specify lower limit for cached file size

CacheLimit_2 - Specify upper limit for cached file size

CacheLockTimeOut - Specify how long a file being cached can remain locked

CacheNoConnect - Specify stand alone cache mode

CacheOnly - Cache only files with URLs that match a template

CacheRoot - Specify cache root directory

CacheSize - Specify cache size

CacheUnused - Specify how long to keep unused cached files that match a template

Caching - Turn proxy caching on/off

ftp_proxy - Specify a proxy server for this proxy to connect to for FTP requests

Gc - Turn garbage collection on or off

GcDailyGc - Specify a daily time for garbage collection

GcMemUsage - Specify how much memory to use for garbage collection

gopher_proxy - Specify a proxy server for this proxy to connect to for Gopher requests

http_proxy - Specify a proxy server for this proxy to connect to for HTTP requests

MaxContentLengthBuffer - Set the size of the buffer for dynamic data generated by the server

no_proxy - Connect directly to domains matching templates

NoCaching - Do not cache files with URLs that match a template

ProxyAccessLog - Name the path for the proxy access log file

SocksServer - Specify a Socks server through which the proxy will pass requests

wais_proxy - Specify a proxy server for this proxy to connect to for WAIS requests

Performance settings - Define performance settings

CacheLocalFile - Specify files you want to load in memory at start up

CacheLocalMaxBytes - Specify maximum amount of memory to use for file caching

CacheLocalMaxFiles - Specify the maximum number of files for caching

LiveLocalCache - Specify whether the cache is updated when a cached file is modified

MaxActiveThreads - Specify the maximum number of threads to have active

ServerPriority - Specify the priority you want your server to have on your system

MaxPersistRequest - Specify the maximum number of requests to receive on a persistent connection

PersistTimeout - Specify time to wait for the client to send another request

UseACLs - Specify whether ACL files will be checked

UseMetaFiles - Specify whether meta files will be used

System Management - Define system management settings

SNMP - Enabling and disabling SNMP support

SNMPCommunityName - Providing a security password for SNMP

WebMasterEmail - Creating an e-mail address to receive SNMP problem reports

Chapter 4. Customizing logs and reports

Tailoring the logs your server keeps

Specifying global settings for all logs

Specifying options for the access, agent, and referer logs

Specifying options for the error logs

Sample scenario for configuring log files

Specifying the path for the proxy server's cache access log

Tailoring the reports your server creates

Overview of report templates

Creating a report template

Viewing reports

Sample scenarios for configuring reports

Chapter 5. Customizing your Web site

Displaying page count, date, time, and text on a Web page

Configuration instructions

Options

Using server-side includes to insert information into CGI programs and HTML documents

Considerations for using server-side includes

Preparing to use server-side includes

Format for server-side includes

Directives for server-side includes

Chapter 6. Rating Web sites and serving rated Web information

Who can rate Web sites

How Web clients use PICS

How the Internet Connection Secure Server helps you manage PICS labels

PICS for Web site administrators

PICS for rating services and label bureaus

How to manage PICS labels from a central file

Storing the PICS files on your server

Managing PICS labels for your own Web site

Starting a PICS rating service and label bureau

How to create PICS labels

PICS label extensions

How to request PICS label information

How to update the PICS configuration file

Using the online Configuration and Administration forms

Editing the PICS configuration file manually

Using wildcards in the PICS configuration file

Chapter 7. Protecting your server

Protection methods

Step 1. Activating protection

Step 2. Passing the requests

Step 3. Deciding what type of protection to use

User name and password protection

Address template protection

How the server processes requests

Step 4. Creating protection setups

Identifying the protection setup to requesters

Specifying the type of authentication

Pointing to the password file

Pointing to a server group file

Specifying valid user names, groups, and addresses

Creating protection setups for SSL client authentication

Step 5. Limiting access to individual files

Using server group files

Using Access Control List (ACL) files

Protection example (without SSL client authentication)

Protection example (with SSL client authentication)

Chapter 8. Managing your Web server

Simple Network Management Protocol

SNMP commands and protocol

Object IDs and variable names for the Internet Connection Secure Server MIB

Creating an e-mail address to receive SNMP problem reports

Enabling SNMP on your NT system

Providing a security password for SNMP

Enabling and disabling SNMP support

Turning the SNMP support on and off from the whttpg command

Monitoring server performance and status

Using the Server Activity Monitor function

Using the Windows NT Performance Monitor

Part 3. Security

Chapter 9. Making your communications secure

Security concepts

The Internet is a postal service

What is security?

What is encryption?

What is authentication?

Using the security built into the server

Managing your keys, certificates, and trusted roots

Working with keys

Setting the default key

Deleting a key

Exporting a key

Importing a key

Obtaining a certificate

Using trusted root keys

Designating a key as a trusted root

Removing a trusted root key

Chapter 10. Using Secure Sockets Layer (SSL)

Overview of SSL security

Step 1. Setting up SSL

Fill in Security Configuration form

Fill in Create Key and Request Certificate form

Fill in Receive Certificate Form

Step 2. Specifying SSL client authentication in protection setups and ACL files

Step 3. Using SSL with your server

Chapter 11. Acting as a certification authority for a private Web network

Becoming a CA

Create CA's public-private key pair and request CA's certificate

Receive CA's certificate

Designate the CA key as a trusted root

Processing certificates as a CA

Use certutil command to process client and server certificates

Chapter 12. Supported key lengths and encryption modes

Public and private keys

SSL encryption modes

Part 4. Appendixes

Appendix A. Command reference

Appendix B. Notices

Programming interface information

Trademarks

Appendix C. Glossary

Appendix D. Bibliography

[ Top of Page | Next Page ]

Table of Contents