List of FRONTPG.INI Settings

Configuring Server Extensions Parameters

Default Server Extensions Parameters

Other Security-related Server Extensions Parameters

Additional Server Extension Configuration Parameters

Parameters That Can Also Be Set in the FrontPage Explorer

Configuring Server Extensions Parameters

Some features of the FrontPage 98 Server Extensions can be controlled by setting parameters in the appropriate sections of the frontpg.ini file. The frontpg.ini is in the Windows NT directory. The appropriate sections for each virtual server are titled [Port <IPAddress>:<port>] for multihosted servers or just [Port <port>] for single-hosted servers. , global settings are stored in the [FrontPage 3.0] section. The default setting in the software for each of these parameters is 0, unless otherwise noted. The parameter syntax is as follows: Parameter=value

For Example: Logging=1

Placing the parameter in the [FrontPage 3.0] section of the frontpg.ini will affect all ports and all web servers installed on that server. Placing the parameter in the [Port <IPAddress>:<port>] section will affect only that port.

Default Server Extensions Parameters

The FrontPage 98 Server Extensions install with the following parameters set as indicated. This default configuration minimizes the host server's vulnerability.

NoAbsoluteFileResults

Initial value after installation: Non-zero. A non-zero value for this parameter forces the default (Save Results), Registration, and Discussion FrontPage form handling components write only to a file within the customer's web content area. It prevents these FrontPage Components from writing to an absolute file path.

NoServerFileResults

Initial value after installation: Non-zero. A non-zero value for this parameter prevents the default (Save Results), Registration, and Discussion FrontPage form handling components from writing to the _vti_log directory in the customer's document root (Setting the NoServerFileResults parameter to zero can be useful to allow customers to save the output generated from the Save Results, Registration, and Discussion FrontPage Components to the _vti_log directory in the server's root web). As a security measure, the author.log file in the _vti_log directory records all authoring actions on the web when the Logging parameter is set (see below). The non-zero value for NoServerFileResults prevents an author from "covering his tracks" by overwriting or modifying the author.log file.

NoExecutableCgiUpload

Initial value after installation: Non-zero. When set to a non-zero value, authors cannot upload files to a directory marked executable, and cannot mark a directory executable. Setting this parameter to a non-zero value completely prevents authors from uploading and executing Active Server Pages (ASP), Internet Database Connector Pages (IDC), PERL Scripts (PL), CGI scripts and ISAPI extensions. To only restrict authors ability to upload and execute CGI scripts and ISAPI extensions use the AllowExecutableScripts configuration parameter, below.

Other Security-related Server Extensions Parameters

The following web configuration parameters are not included in the default installation of the FrontPage 98 Server Extensions, but can be added by editing the Server Extensions configuration file. When set as indicated below, these options can increase the overall security of FrontPage.

Logging

When set to a non-zero value, authoring operations are logged to _vti_log/author.log in the root web. Each operation is logged with the current time, the remote host, the author's user name, the name of the web, the operation performed, and per-operation data. In the event of a security breach, this log file can be analyzed for authoring activity on the customer's web. Default value = 0.

AllowExecutableScripts

When set to a non-zero value, FrontPage will set the executable bit on files within executable directories. So, when directories are marked as executable, all files within the directory will also be marked as executable. If authors are permitted to upload into executable directories (because the NoExecutableCgiUpload parameter, above, is zero), then by setting this parameter to a non-zero value, authors will be able to execute newly uploaded CGI scripts and ISAPI extensions because they will be marked as executable. If this parameter is zero and NoExecutableCgiUpload is also zero, authors will be able to upload and use ASP and IDC files but not CGI or ISAPI files.

AccessControl

When this parameter is set to zero, FrontPage AccessControl is completely disabled. In general this is not recommended. Turning off AccessControl requires that the access control on the _vti_bin directories be set manually whenever a sub-web is created. Until this is done, anyone can author against the web. The advantage to AccessControl is that a knowledgeable webmaster who has set custom access control permissions will not have work re-written by FrontPage. This also causes the FrontPage Explorer to disable the Permissions command on the FrontPage Explorer's Tools menu. Default = 1.

RestrictIISUsersAndGroups

This parameter enables user and group list restrictions, thereby preventing a FrontPage end user from seeing all NT accounts on the server. This parameter can be enabled globally or on a per-service basis, and restrictions can be overridden on a per-server basis. Setting the key to 1 enables restrictions. If the users and groups restrictions are enabled for a given service, the extenders look for an NT group named in the following format:

FP_ServiceName[_Subweb]

Where ServiceName is the service's IP address and Port number combination on a multihosted IIS2/3 machine and Subweb is the name of the sub-web. On a single-hosted machine, the ServiceName portion is simply the port number. To specify a root web's restriction group, the _Subweb portion is omitted.

Examples:

FP_157.55.49.66:80_MySubweb

FP_80_MySubweb

Restriction groups are global groups and are not restricted to be groups on the local machine.

Additional Server Extension Configuration Parameters

These Server Extension configuration parameters do not have an effect on the security of FrontPage, but are relevant to concerns that a Web presence provider may have.

ReformatHtml

Setting this parameter to "Y" or a non-zero value will cause the FrontPage 98 Server Extensions to reformat all HTML pages when they are uploaded to the web server. Setting a zero value for this parameter causes only pages with FrontPage Components to be reformatted. Default = "N"

UpperCaseTags

When set to "Y" or a non-zero value, converts all HTML tags to upper-case when the FrontPage 98 Server Extensions reformats HTML pages. Defaults to 0.

PreserveTagCase

When set to "Y" or a non-zero value, attempts to preserve the case of HTML tag attributes when the FrontPage 98 Server Extensions reformats HTML pages. Note that the tag itself will always be upper- or lower-case according to the UpperCaseTags attribute. Defaults to 0.

TextMemory

When set to zero, turns off full-text indexing of your webs. When set to a non-zero value, sets how many megabytes the text-indexing allocates for its hash-tables and other data structures. Defaults to 1.

NoIndexServer

Setting this parameter to 1 communicates to FrontPage that it should not use the IIS Index Server and that it should use the FreeWAIS search engine that is included in FrontPage 98. Default value = 0, indicating that if FrontPage detects the presence of the Index Server, it will use it as the search engine for this server.

SMTPHost

This parameter is set to the name or IP address of a host running an SMTP daemon, such as Exchange on NT. When a user submits a form whose results are to be sent via Email, the FrontPage Server Extensions connect to the SMTP daemon to deliver the mail. By default FrontPage assumes the daemon is listening on port 25 (the standard for SMTP) but you can override this by appending ":xx" to the name, where the xx is the port to use. Normally you will set either SMTPHost or SendmailCommand, but not both, because SendmailCommand takes priority over SMTPHost. Examples:

SMTPHost=mail.example.microsoft.com

SMTPHost=test:10000

SMTPHost=127.0.0.1

MailSender

This parameter sets the user name to use as the "from" account when sending Email. Specifically, it is used as the argument to the "SEND FROM:" command in SMTP. The default for SMTP is user@host, where "user" is the current user account and "host" is the current host name.

SendMailCommand

This parameter sets the name of a program to which Email should be piped. Typically this will be sendmail, but it could be any program. Before invoking the command, all occurrences of "%r" are replaced with the recipient of the mail. The per cent sign character followed by any other character is replaced by that character. Example:

SendmailCommand=/usr/lib/sendmail %r

MailCharSet

This parameter can be used to override the character set attribute of the content-type header.

MailEncoding

This parameter can be used to override the content transfer encoding attribute of the content-type header.

CacheMaxDocMeta

This integer parameter sets the maximum number of documents in the cache. The default value is 512 (files)

CacheMaxInclude

This integer parameter sets the size in MB of the include file cache. The default value is 16.

CacheMaxImage

This integer parameter sets the size in MB of the image file cache. The default value is 16.

Parameters That Can Also Be Set in the FrontPage Explorer

The following parameters can be set in the FrontPage Explorer under the Tools menu's Web Settings command in the Advanced tab. Using these parameters will set the defaults for the web, however these settings will not be updated in the FrontPage Explorer's user interface.

NoClientImageMaps

When this parameter is set to 1, it prevents FrontPage from generating HTML that supports client-side image map processing. By default, FrontPage can generate both client-side and server-side HTML by not setting this parameter and by selecting a server-side ImageMapFormat.

ImageMapFormat

This parameter sets the server image-map style. Valid parameters include: FrontPage, NCSA, CERN, Netscape, or <None>. If you select <None>, FrontPage will not generate HTML to support server-side image map processing.

ImageMapURLPrefix

This parameter sets the server-relative URL of the server-side handler for the selected image-map style. If style (ImageMapFormat) is FrontPage, server-side image maps are handled automatically. For other styles, provide the name and location of a handler.

ScriptLanguage

This parameter sets the scripting language for the scripts that are automatically generated to enforce any data validation settings you apply to form fields. Valid parameters include VBScript, JavaScript, or None.