AS/400e. TCP/IP Services and Applications Webserver(HTTP)

Transcription

1 AS/400e TCP/IP Services and Applications Webserver(HTTP)

2

3 AS/400e TCP/IP Services and Applications Webserver(HTTP)

4 Copyright International Business Machines Corporation 1998, All rights reserved. US Government Users Restricted Rights Use, duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp.

5 Contents Part 1. Web server (HTTP) Chapter 1. What s new for V4R Chapter 2. Print this topic Chapter 3. Web Server software requirements Chapter 4. Web Server hardware requirements Chapter 5. Other Web Server requirements Chapter 6. Getting started with HTTP Server Verifying your server installation Using your administration (ADMIN) server Starting your administration (ADMIN) server.. 14 Viewing your AS/400 Tasks page Viewing your server s front page Using the Configuration and Administration forms Changing ports for the administration (ADMIN) server Starting and stopping your server Creating a home page Creating a home page in a library Chapter 7. Supporting multiple Web sites on the HTTP Server Creating a server instance Deleting a server instance Changing server instance parameters Changing associated configurations Working with server instances Chapter 8. Storing and serving Web pages Working with Welcome directives and Pass directives Serving Web pages from the root (or /) file system 27 Serving Web pages from the QOpenSys file system 28 Serving Web pages from the QSYS.LIB file system 29 Serving Web pages from the QDLS file system.. 30 Serving Web pages from the QOPT file system.. 31 Serving Web pages from the UDFS file system Testing your URL routing Chapter 9. IBM HTTP Server administration Configuring HTTP Server Creating a configuration Deleting a configuration Displaying a configuration Controlling requests for your server resources Customizing your server request processing.. 37 Enabling and disabling methods Mapping requests to your server resources Improving server performance Changing TCP/IP configuration Customizing local cache Changing HTTP Server performance settings.. 39 Customizing error messages Configuring directory listings and welcome pages 41 Defining welcome pages Using icons in directory listings Using directory listings Displaying READ.ME text Configuring user directories Defining file extensions for multiformat processing 43 Making file extensions case-sensitive Tailoring pages to browser capabilities Associating file extensions with MIME types.. 44 Associating file extensions with MIME encodings 45 Associating file types with languages Chapter 10. IBM HTTP Server security 47 Managing Internet users Adding an Internet user Deleting an Internet user Changing Internet user passwords Listing your Internet users Protecting resources Working with document protection Creating protection setups Deleting protection setups Changing protection setups Creating access control lists Securing communications between users and Web sites Configuring your server for secure serving Using SSL with your server Storing and querying information with LDAP Using LDAP with configuration information.. 53 Creating an LDAP server setup Changing an LDAP server setup Deleting an LDAP server setup Securing your server against a telnet denial-of-service attack Chapter 11. Monitoring your server activity Working with logs Configuring your global log file settings Configuring your access log file Copyright IBM Corp. 1998, 2000 iii

6 Configuring your error log file Creating your extended log format Changing your extended log format Deleting your extended log format Working with reports Configuring your basic access reports Configuring your global report settings Configuring your Web usage mining access reports Creating a report template Changing a report template Deleting a report template Using the Web activity monitor Working with your server s SNMP subagent Chapter 12. Setting up your IBM HTTP Server as a proxy Configuring your server s proxy functions and SSL tunneling Configuring your proxy server s basic cache settings 68 Designating a port number for your proxy server. 68 Configuring a hierarchy of proxy servers Configuring advanced caching functions Working with caching filters Configuring cached file expiration Setting a time limit for cached files Working with other caching time limits Specifying which clients can use the proxy Chapter 13. Rating Web sites and serving rated Web information Setting up a PICS rating service and a PICS label bureau Maintaining your PICS rating service and label bureau Creating a PICS label Registering third-party rating services Requesting PICS label information Managing PICS labels Managing PICS labels for your Web site in each document Managing PICS labels for your Web site from a central file Chapter 14. Dynamic Web page content and Web applications Configuring your CGI settings Configuring your environment variables Configuring persistent CGI Using server-side includes Chapter 15. Setting up your Webserver search engine Creating a search index Updating a search index Merging a search index Deleting a search index Displaying index information Testing a search index Use the search engine Chapter 16. Other information about HTTP Server IBM HTTP Server concepts Agent log Application Server Manager Caching CGI GIF HTML Image map Internet users IP address JPEG Logs and reports Web server methods MIME Net.Data Proxy server Referrer log Server configuration Server instance SSL TCP/IP Validation list Virtual host iv AS/400e: TCP/IP Services and Applications Web server (HTTP)

7 Part 1. Web server (HTTP) The IBM HTTP Server for AS/400 is an implementation of IBM s cross platform Web server. With IBM HTTP Server you can serve multimedia objects, such as hypertext markup language (HTML) documents, to World Wide Web browser clients with your AS/400 system. In addition, this product is fully HTTP 1.1 compliant. You can use the server to create and manage Web sites for the Internet, intranets, or extranets. The following pages provide more in-depth information regarding the features and functionality of HTTP Server.. v Getting started with HTTP Server. v Supporting multiple Web sites on the HTTP Server. v Storing and serving Web pages the HTTP Server. v Administrating the HTTP Server. v Securing the HTTP Server. v Monitoring the HTTP Server activity. v Setting up the HTTP Server as a proxy. v Rating Web sites and serving rated Web information. v Using dynamic Web page content and Web applications. v Setting up your Webserver search engine. Make sure that you meet the software, hardware, other requirements for using your Web server. Additional resources are also available. Copyright IBM Corp. 1998,

8 2 AS/400e: TCP/IP Services and Applications Web server (HTTP)

9 Chapter 1. What s new for V4R5 The Search Administration forms contain new enhancements. These enhancements allow searches for information that is contained within META tags and TITLE tags on HTML documents: v v v v v The Create index form has additional fields that allow you to specify fields from TITLE tags, as well as those typically found in META tag fields. The simple and advanced Search forms now allow you to specify fields that are associated with the index being searched. Radio buttons have been added on Build a document list to allow the request to be processed either as an immediate or background task. A new Delete document list form allows you to delete a document list. A new View status of document list form allows you to view information about a document list. v A new Configure HTTP Search (CFGHTTPSCH) command allows you to perform all indexing functions from a command line or from a batch job. The Request processing heading under the configuration section of the forms, contains a new feature: v A new Test URL routing form shows how a URL matches and transforms according to various routing directives. From this form the Webmaster can see exactly how the directives affect the incoming URLs and more easily develop proper routing directives for his installation. Copyright IBM Corp. 1998,

10 4 AS/400e: TCP/IP Services and Applications Web server (HTTP)

11 Chapter 2. Print this topic You can view or download a PDF version of this document for viewing or printing. You must have Adobe Acrobat Reader installed to view PDF files. You can download a copy from Adobe home page. To view or download the PDF version, select Web server (HTTP) (about 572 KB or 104 pages). v v If you have more than one PDF, list the PDFs in a list (create a separate bullet for each PDF) instead of a paragraph. If you need to describe the content, then do so with an embedded list and short, descriptive list items. See the AS/400 Toolbox for Java V4R4 topic for ideas. To save a PDF on your workstation for viewing or printing: 1. Open the PDF in your browser (click the link above). 2. In the menu of your browser, click File. 3. Click Save As Navigate to the directory in which you would like to save the PDF. 5. Click Save. Copyright IBM Corp. 1998,

12 6 AS/400e: TCP/IP Services and Applications Web server (HTTP)

13 Chapter 3. Web Server software requirements Use the GO LICPGM command to check for the installation of these licensed programs. Running your Web server requires that you have the following software installed: v OS/400 Version 4 Release 4 (5769 SS1) v v v v v v IBM HTTP Server (5679 DG1) Your system requires one of the following IBM Cryptographic Access provider products if you plan to use secure sockets layer (SSL). Crypto Access Provider 40 bit for AS/400 (5769 AC1) Crypto Access Provider 56 bit for AS/400 (5769 AC2) Cryptographic Access Provider 128 bit (5769 AC3) Application Development ToolSet/400 (5769 PW1) is optional but preferred for creating your own home page on your AS/400. To use the Configuration and Administration forms you need a Web browser that supports the HTTP 1.0 or 1.1 protocol, frames, and Java Script. Browsers such as Netscape Navigator 3.0, Microsoft Internet Explorer 4.0, and NC Navigator will work with the Configuration and Administration forms browser interface. In order to view the log reports generated by the HTTP Server, you must use a browser which supports JVM or later (for instance, Netscape Navigator 4.05). In order to provide the required support for handling digital server certificates, used by SSL for secure Web serving, the Web server also requires OS/400 - Digital Certificate Manager (5769-SS1, option 34). Copyright IBM Corp. 1998,

14 8 AS/400e: TCP/IP Services and Applications Web server (HTTP)

15 Chapter 4. Web Server hardware requirements To run the Web server the following hardware is required: v Any AS/400 model that supports OS/400 V4R1 or later. v Any communication hardware adapter that is supported by the TCP/IP protocol stack. Copyright IBM Corp. 1998,

16 10 AS/400e: TCP/IP Services and Applications Web server (HTTP)

17 Chapter 5. Other Web Server requirements Java servlet support requirements. Servlets are ordinary Java programs that use additional packages (and the associated classes and methods) that are found in the Java servlet API. Running Java servlets is optional. Should you decide to implement them, you will also need: v The IBM AS/400 Developer Kit for Java (5769 JV1) v The IBM WebSphere Application server for AS/400 (5769 AS1) You have a servlet load automatically when the Web server starts, or when the first client requests the services of the servlet. Once loaded, servlets stay running, waiting for additional client requests. Servlets extend the capabilities of the Web server by creating a framework for providing requests, and/or response services, over the Web. A client sends a request to the server. The server sends the request information to the servlet. The servlet then constructs a response that the server sends back to the client. Because it is a Java program, the servlet can use all the capabilities of the Java language in constructing a response. It is also possible for servlets to interact with outside resources to construct a response. These resources could include files, databases, or other applications that are written in Java or other languages. The response to the client, therefore, can be a dynamic and unique response to the particular interaction rather than an existing HTML page. Special AS/400 authorities. Using the Configuration and the Administration forms requires a valid AS/400 user profile and password. You must have the following authorities to perform configuration and administration tasks: Your user profile must have *IOSYSCFG authority. v QUSRSYS *LIB: *CHANGE Note: Do not use QSECOFR as this type of user profile will not work with the HTTP Server. You must also have authority to the following files and commands: v QUSRSYS/QATMHTTPC: *ALL v QUSRSYS/QATMHTTPA: *ALL v QUSRSYS/QATMHINSTA: *ALL v QUSRSYS/QATMHINSTC: *ALL v CRTVLDL *CMD *USE v STRTCPSVR *CMD *USE v ENDTCPSVR *CMD *USE Authorizing users to view generated reports. Copyright IBM Corp. 1998,

18 All reports that are generated by the server are stored in the following IFS path: /QIBM/UserData/HTTPSVR/reports/'configname'/ Configname is the name of the server configuration file where the log reporting is enabled. The reports for each configuration are stored in separate directories. You can now authorize users to access only those reports that they require. These directories are created when the first reports are generated for a particular configuration. By default only the server s userid has access to read and write reports in this set of IFS directories. You can assign users, who wish to view all reports for all configurations, *RX access to the /QIBM/UserData/HTTPSVR/reports/ directory. If you do this before the system generates any reports, the user automatically gets the appropriate authority to the subdirectories and files below. You may want to give users access to the first reports generated for a configuration. You can do this by giving user profile *RX to the configname subdirectory and all the report files in that directory. Once the profile has *RX on the configname subdirectory, they automatically get read access to subsequent reports that are generated in that directory. 12 AS/400e: TCP/IP Services and Applications Web server (HTTP)

19 Chapter 6. Getting started with HTTP Server Before you can use or configure the IBM HTTP Server, you must perform the following activities: 1. Start TCP/IP. If you have verified the installation of your Web server and started TCP/IP, you can start your Web server. If you have started your administration (ADMIN) server, you can configure your Web server. 2. Verify your TCP/IP connections 3. Verify your Web server installation 4. Work with your administration (ADMIN) server You can then do the following: 1. Start your Web server. 2. Create your own configuration. 3. Creating a home page. 4. Configure the server to serve your home page. 5. Create your own server instance using your configuration. 6. Start your server instance. 7. Test your home page. You can do this by going to your browser and serving up your home page. 8. Work with your Web server security. If you feel that you are ready to have fun with your Web pages, take a look at dynamic Web content and Web applications. Verifying your server installation You must have the IBM HTTP Server installed with TCP/IP started with an active connection before you can use it. Before you check for your Web server, you need to have a connection to AS/400. Complete the following steps to see if your AS/400 has the Web server installed: 1. Start Operations Navigator. 2. Double-click the icon for your AS/400 server. 3. Double-click Network. 4. Double-click Internet. If the IBM HTTP Server icon appears, your AS/400 has the Web server installed. If the IBM HTTP Server icon does not appear, your AS/400 does not have the Web server installed. See the Software Installation Guide for help with AS/400 licensed program installation. You must have Internet access to view the book. You can now start your Web server. To configure your server, you must also start your administration (ADMIN) server. Copyright IBM Corp. 1998,

20 Using your administration (ADMIN) server Installation of your server includes an administration server instance that is named ADMIN. Starting the ADMIN server instance allows you to configure certain AS/400 products from a browser, including IBM HTTP Server. You must have the browser requirements and special AS/400 authorities to perform configuration and administration tasks. You must have your TCP/IP connection up, and TCP/IP must be started in order to run your ADMIN server instance. Starting the ADMIN server instance will allow you to perform these tasks: v View your AS/400 Tasks page. v View your server s Front page. v Use the Configuration and Administration forms. If you choose not to use the default port, you may change the ADMIN server port. Changing the language in which Web pages are presented. The language the server uses to present Web pages for the ADMIN server is based on the user ID with which you signed on and the languages installed on your AS/400 system. If necessary, you can use the Change User Profile (CHGUSRPRF) CL command to change the language identifier parameter of your user profile (the LANGID parameter in the list of additional parameters) by selecting another installed language. You may also need to change the coded character set identifier (CCSID) of your server to match the configuration of your browser. Starting your administration (ADMIN) server You must have TCP/IP started before you can start your ADMIN server. Starting the ADMIN server instance allows you to use the Configuration and Administration forms to configure your server, change the instance parameters, and global attribute values. Starting your ADMIN server also allows you to: v View your AS/400 Tasks page. v View your server s Front page. v Use the Configuration and Administration forms. v Change ADMIN server ports. Use Operations Navigator to start the ADMIN server instance: 1. Start Operations Navigator. 2. Double-click your AS/400 server in the main tree view of Operations navigator. 3. Double-click Network. 4. Double-click Servers. 5. Double-click TCP/IP. 6. Right-click HTTP Administration. 7. Click Start. You can stop the ADMIN server instance whenever you want to do so. Follow the instructions above. When you right-click HTTP Administration, click Stop. 14 AS/400e: TCP/IP Services and Applications Web server (HTTP)

21 The ADMIN server as shipped does not automatically start when you start TCP/IP. You must start it manually at least once. If you want the ADMIN server to start automatically when you start TCP/IP, you must change the server instance parameters. The configuration that is provided with ADMIN allows this server instance to protect the content it serves. However, when necessary, you can make some basic changes to the configuration, including the following: v v v Having the ADMIN server instance start automatically whenever you use the Start TCP/IP (STRTCP) command Configuring for HTTP secure transactions (SSL) Enabling access and error logging Your IBM HTTP Server provides both a secure and an unsecure connection. No matter what connection you use, the standard AS/400 security remains, and your server works from an AS/400 user profile (*USRPRF). This profile needs access to every object it serves or updates. Your server provides a secure connection after you: 1. Verify your server installation. 2. Install one of these three IBM Cryptographic Access Provider products: v 5769 AC1 v 5769 AC2 v 5769 AC3 3. Create a key for secure connections. 4. Send a certificate request, then receive the signed certificate from a widely-known certification authority (CA), such as VeriSign. This CA is designated as a trusted root on your server. You can use the CA that is shipped with the Digital Certificate Manager to issue your own certificates in an intranet environment. 5. Configure a server instance for Secure Sockets Layer (SSL) through the administration (ADMIN) server. You can stop, start, and restart other server instances on your Web server using the Configuration and Administration forms. Viewing your AS/400 Tasks page The AS/400 Tasks page gives you links to the IBM HTTP Server and other browser interfaces to AS/400 products. To view the Tasks page, you must start the administration (ADMIN) server instance. Then: 1. Direct a Web browser that supports frames and JavaScript to the following location: where your.server.name is the name of your AS/400 system, and sign on to the Tasks page with a valid USERID and password. The first time you view the AS/400 Tasks page, you must use the unsecure connection for serving Web documents. Keep in mind that the standard AS/400 security remains in effect and your server works from an AS/400 user profile (*USRPRF). That profile needs access to every object it serves or updates. 2. If you configured your administration (ADMIN) server instance for secure serving, go to Note: The default port numbers are 2001 and 2010, and you can change them in the TCP/IP host services table. Chapter 6. Getting started with HTTP Server 15

22 3. If the ADMIN server instance is not active on your system, or if you try going to the wrong port number, your browser request will time out (when attempting to connect to the ADMIN server) and you will not be prompted for a USERID and password. Viewing your server s front page To view your server s front page, click IBM HTTP Server for AS/400 on the AS/400 Tasks page. The front page of your server provides a valuable assortment of tools and information, including links to: Configuration and Administration A site that allows you to completely configure your server by filling in a set of forms. The forms use hypertext markup language (HTML). Sample Home Page A sample document that demonstrates how to use many of the HTML tags. IBM HTTP Server Web site From this Web site, you can learn more about IBM HTTP Server, find product information, and access related resources. You must have external Internet access to reach this page. Technical Studio for AS/400 From this Web site, you can learn about AS/400 workshops, tools, and technical information. You will find tips to make your AS/400 run faster, let you take advantage of late breaking technologies, and help you keep your professional edge. You must have external Internet access to reach this page. AS/400 Web Builder s Workshop From this Web site, you can find tips, tools, sample applications, and more to speed your entry into the world of Web computing with AS/400. You must have external Internet access to reach this page. AS/400 Tasks page Return to the AS/400 Tasks page to configure other AS/400 features, such as the Digital Certificate Manager or the IBM CommercePOINT etill for AS/400. Using the Configuration and Administration forms Starting the ADMIN server enables you to use the Configuration and Administration forms. These forms provide an easy way for you to configure your server by using a Web browser. For assistance, you can consult the help file which accompanies each form. Follow these steps to use the Configuration and Administration forms. 1. Using your browser, go to the AS/400 Tasks page by typing the following URL: Non-secure connection: Secure connection: where your.server.name is the name of your AS/400 system as specified in the Configure TCP/IP display, option AS/400e: TCP/IP Services and Applications Web server (HTTP)

23 2. Enter a valid AS/400 user ID and password. 3. Click IBM HTTP Server for AS/ At the front page for your server, click Configuration and Administration, and you will see the first page of the forms in your browser. The first form gives a description of the interface and instruction for using the forms. 5. From the page of General Configuration and of Administration, click Configurations. 6. From the menu, select a named server configuration that you want to configure. When you select a form, you see the current configuration values in its input fields. (If you have not changed your configuration since installation, these are the default values.) 7. From the menu of forms, click on the name of the form you need to configure your server (such as Global log file settings). 8. From any form, enter information about how you want to configure that particular part of your server. Each form provides instructions to assist you in deciding what changes to make. For further information, you can click the help icon at the top of each form. The help icon links you to a help page that provides detailed steps for using the form to perform particular tasks. 9. After you fill in the form, you must click Apply to update the configuration file with the changes that you made to the form. The Apply button is located below the input fields in each form. If you decide that you do not want to use the changes you made to the form, click Reset. This returns the fields on the form to the values prior to the changes you made. 10. If you clicked Apply, the form displays a message that indicates whether the server accepted the configuration changes that you specified. If the server accepts the input, the form displays a message that tells you that the server successfully updated the configuration. If the server does not accept the input, the server displays a message that explains what was wrong with the information you entered. Go back to the form to correct the information, and then click the Apply button again. From the form you may also want to click the help icon at the top of the form. The help pages explain how to fill in the form with valid entries. You must restart the server so that the changes you made to the configuration are saved and take effect. Updating some configuration forms will require you to stop the server and then start it again for the changes to take effect. Click on the help icon at the top of a form to view the help page for that form. This help page tells you if you need to restart the server or stop and start the server. When you make changes to any instance parameters, you will need to work with that instance to restart or stop and start that specific instance. The Configuration and Administration forms tell you what steps to take as you work through them. Note: You can use the menu of forms to go to a different form at any time. Changing ports for the administration (ADMIN) server The default HTTPserver port is 80 for non-secure transactions and port 443 for secure transactions. You should configure the ADMIN server on different ports than your other server instances. The ADMIN server comes with two selected ports, 2001 for non-secure transactions, and 2010 for secure transactions. These port numbers should work satisfactorily with most systems. However, these port assignments could cause conflicts if a TCP/IP application other than the ADMIN server uses the same port numbers and needs to run concurrently with the Chapter 6. Getting started with HTTP Server 17

24 ADMIN server. Most applications allow you to change ports, so if the conflicting application allows this, select a different number for that application. If you need to change the ports associated with the ADMIN server instance, use the TCP/IP services table. This table maps services to port numbers and AS/400 APIs that allow TCP/IP applications to determine the ports for the ADMIN server. To change ports by using the TCP/IP services table complete the following steps: 1. Type WRKSRVTBLE and press the Enter key. (The servers you need are right at the top of the list: as-admin-http, as-admin-https.) 2. To change the port associated with the server, go to the line you want to remove then type 4, press Enter, and then press Enter again to confirm. 3. On the Work with Service Table Entries screen, move to the top line of the table then type 3 and press ENTER. 4. Type the properties for the new server and port then press ENTER to add it to the table. Starting and stopping your server Creating a home page Before you start your Web server, you must verify that it is installed, and you must configure and start TCP/IP. This will allow you to configure your IBM HTTP Server. Note: To configure any server instance that uses the Configuration and Administration forms, the administration (ADMIN) instance must be running. Use the Working with server instances form to start, stop, and restart your server. You can use any hypertext markup language (HTML) document for your home page. Using the sample home page. Your Web server has a sample home page that you can use as a template for your own pages. To view the sample home page you must have the ADMIN server instance started. 1. Enter to view the AS/400 Tasks page with your browser. If you configured the ADMIN server for secure serving, enter to view the AS/400 Tasks page. 2. Click IBM HTTP Server on the AS/400 Tasks page to see your server s front page. 3. Click Sample Home Page to see the example. 4. From your Web browser, select Save As from the File menu on the menu bar. 5. Save the file with a name of welcome.html and then use your choice of editors to edit the new welcome.html file. 6. Send welcome.html to your AS/400 system by using the File Transfer Protocol (FTP) or Client Access. The integrated file systems on the AS/400 serves ASCII documents. If you use FTP, you have your choice of what method you use to move a file to the 18 AS/400e: TCP/IP Services and Applications Web server (HTTP)

25 AS/400. You can use SMB or NetServer with Operations Navigator to map drives and put files in the integrated file system, as well as FTP or Client Access. FTP can move documents to the integrated file system directories in ASCII when you use one of the following FTP subcommands. v From the server: v namefmt 1 From the client: quote site namefmt 1 After you enter this subcommand, you can put your home page in an integrated file system. For example, to put your file in the OpenSys file system, enter: put welcome.html /QOpenSys/websamp/welcome.html Using other sample text in a browser. You can also create your own home page that is based on this sample text: Sample welcome page <HTML> <HEAD> <TITLE>Sample Document</TITLE> </HEAD> <BODY> <H1>IBM HTTP Server</H1> <P>This document is served by the IBM HTTP Server. </BODY> </HTML> Another option is to create your home page in an AS/400 library. Once you create your page, from whatever source you choose, you need to authorize and enable your server to access and serve your home page. After the basics are set, you can embellish your Web pages in many ways. Many people use graphics formats like joint photographic experts group (JPEG), graphics interchange format (GIF), and image map. Creating a home page in a library You can create your home page on an AS/400 system by creating the hypertext markup language (HTML) document as a source physical file in an AS/400 library. 1. If you want to create a new source physical file, use the Create Source Physical (CRTSRCPF) command. CRTSRCPF FILE(WEBSAMP/HTMLDOC) RCDLEN(240) Note: The default record length for files on AS/400 is 80 (usable) characters. The maximum record length that you can edit on AS/400 is 240 characters. You can create files with greater record lengths on AS/400. If you do so you will not be able to edit them using the Start System Edit Utility (STRSEU) command. Chapter 6. Getting started with HTTP Server 19

26 2. Create a member for your home page by using the AS/400 Programming Development Manager (PDM). Use the Start PDM (STRTPDM) command if you have Application Development ToolSet/400 (5769-PW1) installed: STRPDM If the Application Development ToolSet/400 product is not installed you can use the Add Physical File Member (ADDPFM) command instead. ADDPFM FILE(WEBSAMP/HTMLDOC) MBR(SAMPLE) Select option three Work with members to see the Specify Members to Work with display. Press F6 to create a new source member and add it to the WEBSAMP/HTMLDOC physical file. Type the name of the source member SAMPLE and change the source type to HTML. Press Enter to bring up the editor and add the text of your home page to the member you just created. When you have finished creating your home page, press F3. 3. If you serve your home page from the QSYS.LIB and you did not use the AS/400 Programming Development Manager (PDM) to create your welcome page, you must change the source type of the member to HTML. Use the Change Physical File Member (CHGPFM) command: CHGPFM FILE(WEBSAMP/HTMLDOC) MBR(SAMPLE) SRCTYPE(HTML) 4. If you will be serving your home page from the integrated file system, you must convert the member you just created to ASCII format. Copy the member by using the Copy to Stream File (CPYTOSTMF) command to the integrated file system root directory or to one of the file systems your server supports. Once you create your page, from whatever source you choose, you will need to authorize and enable your server to access and serve your home page. 20 AS/400e: TCP/IP Services and Applications Web server (HTTP)

27 Chapter 7. Supporting multiple Web sites on the HTTP Server You may want to use one server to provide Web sites for multiple customers. For example, you might have two customers (customer A and customer B), both of whom want to make information about their companies available on the World Wide Web. Put both sites on the same machine if the number of requests for the information is not enough to justify a machine for each customer. With your server, you can use multiple Internet Protocol (IP) addresses, virtual hosts, or both to provide multiple Web sites on one server. To use multiple IP addresses your machine must have multiple network connections, however it is possible to specify multiple IP addresses on one network connection. Requests to the other server would have to include a port number. If your machine had two network connections, or one or more adapters, you can run one instance of the server. You can also assign each customer to a different IP address. For each IP address you would define a different host name. So customer A could be on IP address , and customer B could be on IP address You could then configure the server to serve a different set of information depending on the IP address from which the request arrives. Because the server can accept requests from the default port of each network connection, requests to either host name would not require a port number. With virtual hosts, you do not need additional hardware, and you can save IP addresses. However, clients must support HTTP 1.1 or HTTP 1.0 with 1.1 Extensions. You can run just one instance of the server and assign each customer to a different host name. In the domain name server, define all your host names and associate them with the lone IP address of your server. You can then configure the server to serve a different set of information depending on the host that is making the request. Requests do not require a port number because the server uses the default. Setting up your server to use multiple IP addresses or virtual hosts is very similar. For multiple IP addresses, you need to specify the IP address on which a request arrives. For virtual hosts, you need to specify the host name for which a request is made. When using multiple IP addresses you also need to specify config file directives, with the host name, for the 1.1 browsers to work. You can configure the server to serve different information for each customer. Do this by indicating that certain parts of your configuration apply only to requests that arrive on certain addresses or for certain hosts. You can configure three server parts to process requests that are based on the IP address on which they arrive, or the URL host name: v Welcome pages v Mapping rules v Access control Copyright IBM Corp. 1998,

28 Creating a server instance Deleting a server instance A server instance relates to starting your server. It is not, however, the same as starting your server. 1. You must start an individual server instance by working with the server instances form. 2. You are required to create server instances one at a time in order to run multiple server instances. 3. Once you have clients who use your server to run their Web page or pages, you can manage your system with the following: v Deleting an instance. v Changing an instance. 4. Instances use associated configurations. v If you wish to create your own configurations, you may do so. v You can also change the associated configuration of an instance. Once you create them, you must remember to authorize and enable your file system to serve the files you create. When you create a server instance, you must choose between using a unique IP address or the same IP address with a unique port. You must specify a configuration to associate with the new server instance. This configuration must already exist. Use the Configuration and Administration forms to create a server instance. 1. Click Server Instances. 2. Click Create server instance. 3. Enter a name in the Create server instance form that is provided. 4. Select an associated configuration from the same form. 5. Click the Create button. Creating one instance at a time is the only way to create multiple instances. If you decide not to keep it, you can delete an instance. Or, if you prefer, you can simply change the instance. As your client base grows and changes and you add or move employees, you may need to redefine your list of server instances. This includes removing instances from the list. Note: Once you delete a server instance, you cannot retrieve it. You must create an instance to replace the one deleted. If the server instance you selected is running, it stops before the system deletes it. The system does not delete the server configuration that is associated with this server instance. Use the Configuration and Administration forms to delete a server instance. 1. Click Server Instances. 22 AS/400e: TCP/IP Services and Applications Web server (HTTP)

29 2. Click Delete server instance. 3. The Delete server instance form will provide a list from which you must choose the server instance you wish to delete. 4. Click Delete to remove the server instance. If you do not wish to delete an instance entirely, you can simply change it. Changing server instance parameters Changes in your clientele and your employees may mean that you will want to change the parameters of a server instance you have created. For example, this task allows you to have a server instance, such as your administration (ADMIN) instance, start automatically when you start TCP/IP. Use the Configuration and Administration forms to change a server instance. 1. Click Server Instances. 2. Click Change instance parameters. 3. Select a server instance from the list on the first page of the Change instance parameters form that is provided. 4. Click Next. 5. Change the instance parameters as desired on page two of the Change instance parameters form. 6. Click the Apply button. 7. You must stop and start the server instance to save the changes you have made and have them take effect. You can create a new instance or delete an existing instance, rather than changing a current instance. You can also change an instance s associated configurations. Changing associated configurations When you create a server instance, you must select a configuration to use with the instance. At any time, you may choose to change which configuration the server instance uses. Use the Configuration and Administration forms to change a server instance s associated configuration. 1. Click Server Instances. 2. Click Change associated configuration. 3. In the Change associated configuration form that is provided, select a server instance and an associated configuration from the lists at the bottom of the form. 4. Click the Apply button. Chapter 7. Supporting multiple Web sites on the HTTP Server 23

30 Note that you are not allowed to change the associated configuration for the ADMIN instance. It is required to be the ADMIN configuration. Some configuration changes, such as changing the port, will require that you stop and start instances to activate the changes. You can control when changes to your configuration take effect. Make as many changes to a configuration as you want by using the forms. When you have the configuration the way you want it, you can restart or start and stop the correct server instances to activate the changes. You do not need to restart or stop and start the server instances after each configuration change. You can also create a configuration of your own, or simply display a configuration to view needed changes. Working with server instances You can define multiple HTTP servers and run them concurrently on an AS/400. Each server is an instance and is named. Working with server instances lets you select an instance and the action to perform on that instance. Once you select an instance, you can start, stop, restart, or monitor that instance. When starting the server instance, startup parameters that are specified are used by the server instance until the server is started again. Use the Configuration and Administration forms to work with a server instance. 1. Click Server Instances. 2. Click Work with server instances. 3. In the list on the Work with server instance form that is provided, select the instance with which you want to work. 4. Enter your startup parameters in the field that is provided on the form. 5. Click Start, Stop, Restart, ormonitor, as desired. There are several tasks that require you to use this form to restart or stop and start the instance involved. 24 AS/400e: TCP/IP Services and Applications Web server (HTTP)

31 Chapter 8. Storing and serving Web pages Understanding the AS/400 Integrated File System allows you to make decisions about storing your hypertext markup language (HTML) files. You also need to understand how you enable the server to serve the files. This includes understanding Pass directives and Welcome pages. The Integrated File System treats the library support and folders support as separate file systems. Before you start serving your home page from the Integrated File System, you must ensure that the world can access the files that you want to serve. You must grant the QTMHHTTP user profile or *PUBLIC the following authorities and permissions to enable Web serving with IBM HTTP Server for AS/400: v QTMHHTTP or *PUBLIC must have *USE authority to all AS/400 library system objects that you intend to serve. v If you use any of the log directives (such as the AccessLog or ErrorLog) with any Integrated File System directory name, the directory must exist, and QTMHHTTP or *PUBLIC must have *RWX authority. v The QTMHHTTP user profile or *PUBLIC must be granted *RX authority to all objects (HTML pages, graphics, and so on) that you intend to serve. v To use CGI on page 95 programs to access any of the objects you serve, the QTMHHTP1 user profile or *PUBLIC needs the same authority to the objects as QTMHHTTP. A file system provides the support that allows users and applications to access specific segments of storage that are organized as logical units. These logical units are files, directories, libraries, and objects. Each file system has a set of logical structures and rules for interacting with information in storage. These structures and rules may be different from one file system to another. From the perspective of structures and rules, the AS/400 support for accessing database files and various other object types through libraries can be thought of as a file system. Similarly, you can think of the AS/400 support for accessing documents (which are really stream files) through the folders structure as a separate file system. The following topics, listed in order of preference, will help you choose the file system, within the Integrated File System, that is right for you: v Serving Web pages from the root (or /) file system on page 27 v Serving Web pages from the QOpenSys file system on page 28 v Serving Web pages from the QSYS.LIB file system on page 29 v Serving Web pages from the QDLS file system on page 30 v Serving Web pages from the QOPT file system on page 31 v Serving Web pages from the UDFS file system on page 32 As you decide from which file system to serve files, you might want to consider the following: v Serving from the root (or /) directory gives you the fastest response times. v Will the tools you use to maintain your site be compatible with the file system you choose? v How easy must it be to move content from platform to platform? Copyright IBM Corp. 1998,

32 Remember that any individual server instance can serve content (CGI scripts; HTML files; graphics such as.jpegs, GIFs, and image maps; and so on) from many file systems at once. You can configure your server instances to serve content from whatever file systems suit your needs. It is possible, too, to develop your Web pages beyond the basics. Once your Web page has been created you may wish to test your URL routing. Working with Welcome directives and Pass directives Your server serves content depending on the order of statements or directives in the server configuration. If you are using the DEFAULT server instance, the server configuration that the server uses is CONFIG. If you are using an instance other than the DEFAULT instance, you will need to refer to the server configuration that is associated with the server instance. Two important directives affect your server s welcome page. They are the Welcome directive and the Pass directive. The server uses the Welcome directive to specify which file it serves when it receives a request that does not contain a specific file name. For example: WELCOME WELCOME.HTML In the above example the server looks for a file that is called welcome.html to serve as the welcome page. The other important directive that affects your server s welcome page is the Pass directive. The Pass directive specifies a template for requests your server accepts. If the request matches the template, the server responds by serving the appropriate document. For example: Pass / /QIBM/ProdData/HTTP/Public/HTML/Welcome.html In the above example, the template is blank. If the server receives a request with no directory or file name, it matches this template. Then, the server serves the welcome.html document. Use the Configuration and Administration forms to add Pass directives. 2. Click Request Processing. 3. Click Request routing. 4. Complete the Request routing form that is provided. 5. Click the Apply button. If you wish to activate your changes, you must restart the server. Not only are Pass directives and Welcome directives order dependent, but any combination of the PASS, EXEC, REDIRECT, FAIL, Service, Translate directives is also order dependent. You will need to add Pass directives after enabling any of the file systems: v Root (or /) 26 AS/400e: TCP/IP Services and Applications Web server (HTTP)

33 v v v v v QOpenSys QSYS.LIB QDLS QOPT UDFS Use this same form to customize your server s request processing. Serving Web pages from the root (or /) file system The root (or / (slash)) file system takes full advantage of the stream file support and hierarchical directory structure of the Integrated File System. The root file system has the characteristics of the Disk Operating System (DOS) and IBM OS/2 (Operating System/2) file systems. You can serve content (HTML files; graphics such as.jpegs, GIFs, and image maps; and so on) from the root file system. To serve content from root, you must complete three steps. 1. Storing your home page in the root file system. In the root file system, use the Create Directory (CRTDIR) CL command to create a directory: CRTDIR DIR(WEBSAMP) You can then copy your home page and other related files into that directory by using file transfer protocol (FTP) or by using a PC with Client Access/400. Authorizing your server to serve your home page from the root file system. Authorize the HTTP profile QTMHHTTP to serve your home page. For root, use the Change Authority (CHGAUT) command: CHGAUT OBJ('/WEBSAMP') USER(QTMHHTTP) DTAUT(*RX) CHGAUT OBJ('/WEBSAMP/WELCOME.HTM') USER(QTMHHTTP) DTAAUT(*RX) Enabling your server to serve your home page from the root file system. When a client uses a URL to request a document from the server and the URL refers to a directory with no file specified, the server searches the directory for a name specified on a Welcome directive. Without a specified Welcome directive, the default name is Welcome.html. If you intend to serve welcome files from the root file system, you will need two welcome directives in your configuration file: Welcome Welcome.htm Welcome Welcome.html Use the Configuration and Administration forms to add Welcome directives to your configuration. a. Click Configurations. b. Click Directories and Welcome Page. c. Click Welcome page. d. Complete the Welcome page form that is provided. e. Click the Apply button. Chapter 8. Storing and serving Web pages 27

34 If you wish to activate your changes, you must stop and start the server. Serving Web pages from the QOpenSys file system The open systems file system is compatible with UNIX-based open system standards, such as the Portable Operating System Interface for Computer Environments (POSIX) and the X/Open Portability Guide (XPG). Like the root (/) file system, it takes advantage of the stream file and directory support that is provided by the Integrated File System. In addition, it supports case-sensitive object names. You can serve content (HTML files; graphics such as.jpegs, GIFs, and image maps; and so on) from the QOpenSys file system. To serve content from QOpenSys, you must complete three steps. 1. Storing your home page in the QOpenSys file system. Create a directory or folder in which to store your home page as well as other documents. In the QOpenSys file system use the CRTDIR command to create a directory: CRTDIR DIR('/QOpenSys/websamp') Substitute the name of your directory where WEBSAMP appears in the example. You must grant *RX rights to the QTMHTTP user profile for every directory in the path from where you serve documents. You can then copy your home page and other related files into that directory by using file transfer protocol (FTP) or by using a PC with Client Access/ Note: File names in the QOpenSys are case sensitive. Authorizing your server to serve your home page from the QOpenSys file system. To authorize your server to serve your home page from QOpenSys, authorize the HTTP profile QTMHHTTP to your home page by using the Change Authorization (CHGAUT) command: CHGAUT OBJ('/QOpenSys/WEBSAMP') USER(QTMHHTTP) DTAUT(*RX) CHGAUT OBJ('/QOpenSys/WEBSAMP/WELCOME.HTM') USER(QTMHHTTP) DTAAUT(*RX) Enabling your server to serve your home page from the QOpenSys file system. When a client uses a URL to request a document from the server and the URL refers to a directory with no file specified, the server searches the directory for a name specified on a Welcome directive. The default name is Welcome.html for an unspecified Welcome directive. If you intend to serve welcome files from the QOpenSys file system, you will need two welcome directives in your configuration file: Welcome Welcome.htm Welcome Welcome.html 28 AS/400e: TCP/IP Services and Applications Web server (HTTP)

35 Use the Configuration and Administration forms to add Welcome directives to your configuration. a. Click Configurations. b. Click Directories and Welcome Page. c. Click Welcome page. d. Complete the Welcome page form that is provided. e. Click the Apply button. If you wish to activate your changes, you must stop and start the server. Serving Web pages from the QSYS.LIB file system The library file system supports the AS/400 library structure. This file system provides access to database files and all of the other AS/400 object types that the library support manages. You can serve content (HTML files; CGI scripts; and so on) from the QSYS.LIB file system. To serve content from QSYS.LIB, you must complete four steps. To store your home page in the QSYS.LIB, you will need to create a library in QSYS.LIB. This stores your HTML file and other related documents and objects. In the following example, we use WEBSAMP simply as a sample name. 1. Create a separate file. You must also create a separate file, which we will call HTMLDOC. In QSYS.LIB, use the Create Library (CRTLIB) command to create a user library: CRTLIB LIB(WEBSAMP) Now proceed to create the HTML.DOC file: CRTSRCPF FILE(WEBSAMP/HTMLDOC) RCDLEN(240) Store your home page in the QSYS.LIB file system.you must use SEU or DFU to create a member in the file with the welcome page. Or, you may use file transfer protocol (FTP) to move a member into the file with the welcome page. Authorize your server to serve your home page from the QSYS.LIB file system. Authorize the HTTP profile QTMHHTTP to serve your home page. For the QSYS.LIB, use the Grant Object Authority (GRTOBJAUT) command: GRTOBJAUT OBJ(WEBSAMP/HTMLDOC) OBJTYPE(*FILE) USER(QTMHHTTP) AUT(*USE) after you create the HTMLDOC file. Enabling your server to serve your home page from the QSYS.LIB file system. When a client uses a URL to request a document from the server and the URL refers to an AS/400 file with no member specified, the server searches the file Chapter 8. Storing and serving Web pages 29

36 for a member with a name specified on a Welcome directive. The default name is Welcome for an unspecified Welcome directive. The member source type must be HTML. Use the Configuration and Administration forms to add Welcome directives to your configuration. a. Click Configurations. b. Click Directories and Welcome Page. c. Click Welcome page. d. Complete the Welcome page form that is provided. e. Click the Apply button. If you wish to activate your changes, you must stop and start the server. Serving Web pages from the QDLS file system The document library services file system supports the folders structure. It provides access to documents and folders. You should use this file system if the data you want to serve resides in the AS/400 PC Support Shared Folders of the AS/400 office support. You can also use this file system if you intend to use Office or PC Support Shared Folders to populate the data you want to serve. You can serve content (HTML files; CGI scripts; graphics such as.jpegs, GIFs, and image maps; and so on) from the QDLS file system. To serve content from QDLS, you must complete three steps. 1. Storing your home page in the QDLS file system. Create a directory or folder in which to store your home page as well as other documents. In the QDLS file system, use the Create Folder (CRTFLR) command to create a folder: CRTFLR(WEBSAMP) Substitute the name of your folder where WEBSAMP appears in the example. 2. You can then copy your home page and other related files into that directory by using file transfer protocol (FTP) or by using a PC with Client Access/400. Authorizing your server to serve your home page from the QDLS file system. To authorize your server to serve your home page from QDLS, follow these steps: a. Add a directory entry to the system distribution directory for the QTMHHTTP user profile. You can use the Work with Directory Entries (WRKDIRE) CL command or use the administrative function of OfficeVision. b. Authorize the HTTP profile QTMHHTTP to your home page by using the Change Authorization (CHGAUT) command: 30 AS/400e: TCP/IP Services and Applications Web server (HTTP)

37 CHGAUT OBJ('/QDLS/WEBSAMP') USER(QTMHHTTP) DTAUT(*RX) 3. CHGAUT OBJ('/QDLS/WEBSAMP/WELCOME.HTM') USER(QTMHHTTP) DTAAUT(*RX) Enabling your server to serve your home page from the QDLS file system. When a client uses a URL to request a document from the server and the URL refers to a directory with no file specified, the server searches the directory for a name specified on a Welcome directive. The default name is Welcome.html for an unspecified Welcome directive. If you intend to serve welcome files from the QDLS file system, you will need two welcome directives in your configuration file: Welcome Welcome.htm Welcome Welcome.html Use the Configuration and Administration forms to add Welcome directives to your configuration. a. Click Configurations. b. Click Directories and Welcome Page. c. Click Welcome page. d. Complete the Welcome page form that is provided. e. Click the Apply button. If you wish to activate your changes, you must stop and start the server. Serving Web pages from the QOPT file system The optical file system provides access to stream data that is stored on optical media, such as CD-ROM. You can serve content (HTML files; graphics such as.jpegs, GIFs, and image maps; and so on) from the QOPT file system. To serve content from QOPT, you must complete three steps. 1. Storing your home page in the QOPT file system. Create a directory or folder in which to store your home page as well as other documents. In the QOPT file system, use the Create Folder (CRTFLR) command to create a folder: CRTFLR(QOPT/WEBSAMP) Substitute the name of your folder where WEBSAMP appears in the example. 2. You can then copy your home page and other related files into that directory. Authorizing your server to serve your home page from the QOPT file system. To authorize your server to serve your home page from QOPT, authorize the HTTP profile QTMHHTTP to your home page by using the Change Authorization (CHGAUT) command: Chapter 8. Storing and serving Web pages 31

38 CHGAUT OBJ('/QOPT/WEBSAMP') USER(QTMHHTTP) DTAUT(*RX) 3. CHGAUT OBJ('/QOPT/WEBSAMP/WELCOME.HTM') USER(QTMHHTTP) DTAAUT(*RX) Enabling your server to serve your home page from the QOPT file system. When a client uses a URL to request a document from the server and the URL refers to a directory with no file specified, the server searches the directory for a name specified on a Welcome directive. The default name is Welcome.html for an unspecified Welcome directive. If you intend to serve welcome files from the QOPT file system, you will need two welcome directives in your configuration file: Welcome Welcome.htm Welcome Welcome.html Use the Configuration and Administration forms to add Welcome directives to your configuration. a. Click Configurations. b. Click Directories and Welcome Page. c. Click Welcome page. d. Complete the Welcome page form that is provided. e. Click the Apply button. If you wish to activate your changes, you must stop and start the server. Serving Web pages from the UDFS file system The user-defined file system resides on the Auxiliary Storage Pool (ASP) of your choice. You can create and manage this file system. You can serve content (HTML files; graphics such as.jpegs, GIFs, and image maps; and so on) from the UDFS file system. To serve content from UDFS, you must complete three steps. 1. Storing your home page in the UDFS file system. Create the directory where you will mount your UDFS. This must be in the Root or QOpenSys file system. You can use an existing directory, but its contents will be masked when your UDFS is mounted. Use the Create Directory (CRTDIR) command to create the directory: CRTDIR(UDFSMOUNT) or CRTDIR(QOpenSys/UDFSMOUNT) Create the UDFS using the Create UDFS (CRTUDFS) command: CRTUDFS UDFS(/dev/qaspXX/name.udfs) 32 AS/400e: TCP/IP Services and Applications Web server (HTTP)

39 Substitute the name of your UDFS where name appears in the example. Substitute a valid Auxiliary Storage Pool (ASP) number where the XX appears in the example. The other parts of the path name must appear as in the example above. Use the Mount (MOUNT) command to mount your UDFS on the directory: MOUNT TYPE(*UDFS) MFS(/dev/qaspXX/name.udfs) MNTOVRDIR(UDFSMOUNT) Substitute your UDFS name where name appears in the example. Substitute a valid Auxiliary Storage Pool (ASP) number where the XX appears in the example. The rest of the MFS name must appear as in the example. Substitute the directory name you want to mount where UDFSMOUNT appears in the example. The Mount will not survive an IPL, so you will either have to manually Mount your UDFS after an IPL or put the Mount command in your startup program. In the UDFS file system, use the Create Directory (CRTDIR) command to create a folder: CRTDIR(UDFSMOUNT/WEBSAMP) Substitute the name of your UDFS mount directory where UDFSMOUNT appears in the example You can then copy your home page and other related files into that directory by using file transfer protocol (FTP) or by using a PC with Client Access/400. Authorizing your server to serve your home page from the UDFS file system. To authorize your server to serve your home page from UDFS, authorize the HTTP profile QTMHHTTP to your home page by using the Change Authorization (CHGAUT) command: CHGAUT OBJ('/UDFSMOUNT/WEBSAMP') USER(QTMHHTTP) DTAUT(*RX) CHGAUT OBJ('/UDFSMOUNT/WEBSAMP/WELCOME.HTM') USER(QTMHHTTP) DTAAUT(*RX) Enabling your server to serve your home page from the UDFS file system. When a client uses a URL to request a document from the server and the URL refers to a directory with no file specified, the server searches the directory for a name specified on a Welcome directive. The default name is Welcome.html for an unspecified Welcome directive. If you intend to serve welcome files from the UDFS file system, you will need two welcome directives in your configuration file: Welcome Welcome.htm Welcome Welcome.html Use the Configuration and Administration forms to add Welcome directives to your configuration. a. Click Configurations. b. Click Directories and Welcome Page. c. Click Welcome page. d. Complete the Welcome page form that is provided. e. Click the Apply button. Chapter 8. Storing and serving Web pages 33

40 Testing your URL routing If you wish to activate your changes, you must stop and start the server. This form will be available under the Configuration section of the forms. The Webmaster would first select a configuration from the menu, and then click on the ôtest URL routingö form under the ôrequest Processingö heading. This form is useful if you wish to understand the routing directives for your server, which in turn determine how your server processes URLs. When the form first appears, the results table shows the routing information for the URL /. Complete the following steps in order to test URL routing: 1. Enter the URL to test in the URL to test field. For example: 2. Click Test to perform the test. The URL specified is tested against the existing routing directives. The results appear in the table showing all directives (even if they do not apply to the URL tested). Also note the Enable case sensitive mapping rules option above the table. This indicates whether the URL that matches the routing directives is case sensitive or not. The table provides the following information: v Action: The routing directive found in the configuration file. v URL template: The URL template provided on the directive. v Replacement file path: The optional replacement path from the directive. v Server address: The optional IP host name or address specified on the directive. v Matched: A Yes or No value that indicates if this directive applies to the URL that is being tested. v New URL: The new URL, file, or program possibly transformed based on the replacement path specified on this directive. For more information concerning the Test URL routing form please feel free to consult the on-line help. 34 AS/400e: TCP/IP Services and Applications Web server (HTTP)

41 Chapter 9. IBM HTTP Server administration Configuring HTTP Server Administration tasks give your server structure by setting up attributes. You cannot work with administration until your administration (ADMIN) server is running. Then you are free to make as many or as few changes as you wish. You need not follow a step-by-step process to set up most server attributes, but you should configure your server before proceeding to the other tasks. After you configure your server, you can manage user access to your server and decide who will have access to your server resources. Administration also means improving your server s performance. You can work with your server in a variety of ways: v Customize your error messages so they are appropriate to your system. v Set up directory listings and welcome pages to suit your needs. v Define file extensions for multiformat processing so you can work with MIME on page 98. Most of these attributes use defaults. You may choose to keep these settings, or you may prefer to change them as you get to know your IBM HTTP Server. Your server has built-in default configurations. But configuring your server allows you to change those default settings to your needs. You can do the following with configurations: v Create a configuration of your own. v Delete an existing configuration. v Display a configuration of your choosing When you create a server instance, you must specify a configuration to use with it. Server instances can share the same configuration file. However, in a case where you configure logging and reporting in a configuration, only one server instance should use that configuration. Note: To work with your server configurations, start the administration (ADMIN) server. Creating a configuration The default configurations will most likely not suit your particular needs (The default request routing rule is to Fail all requests and the default proxy settings are OFF) so you will have to make a configuration which works for you. The Create configuration form allows you to create an empty configuration, or a new configuration based on an existing configuration. You can then modify the new configuration to suit your needs. Use the Configuration and Administration forms to create a configuration on your IBM HTTP Server. Copyright IBM Corp. 1998,

42 2. Click Create configuration. 3. Complete the Create configuration form that is provided. 4. Click the Apply button. After you create a configuration, you must restart the server instances using that configuration in order to activate the changes. If you decide to delete a configuration, you may do so. You can also display a configuration to view its attributes. Deleting a configuration If you decide that a configuration is no longer serving a need on your IBM HTTP Server, it can simply be removed. You may want to display a configuration before deleting it, because once it is removed the only recourse is to create a new configuration. Use the Configuration and Administration forms to delete a configuration from your IBM HTTP Server. 2. From the list in the navigation bar, choose the configuration you wish to delete. 3. Click Delete configuration. 4. Click Delete to remove the configuration you selected. Note: If you did not specify the configuration before clicking on the Configurations topic, you must go back and do so. Or you can select the configuration in the navigation bar list and click Delete configuration again. Displaying a configuration Before you choose to create a new configuration or to delete an existing configuration, you may want to see the values of current configurations. Use the Configuration and Administration forms to display a configuration on your IBM HTTP Server. 2. From the list in the navigation bar, choose the configuration you wish to display. 3. Click Display configuration. The system displays the configuration that you selected. Note: If you did not specify the configuration you wanted to display before clicking on the Configurations topic, you must go back and do so. Or you can select the configuration in the navigation bar list and click the Display configuration subtopic again. 36 AS/400e: TCP/IP Services and Applications Web server (HTTP)

43 Controlling requests for your server resources Just as you want to protect your server itself, you will want to control access to your server. You can do this with any of these three tasks: Customizing how requests are processed. Enabling and disabling methods. Mapping requests to your server resources. Testing your URL routing to determine the manner in which your server will process URLs. These are all administration issues, but you may also work directly with security issues and monitoring requests. Customizing your server request processing The IBM HTTP Server application programming interfaces (API) allow you to extend the server s base functions with your own customized processing routines. The Server API allows you to extend the server s base functions. You can write extensions to do customized processing, such as: v Enhance the basic authentication or replace it with a site-specific process. v Add error handling routines to track problems or alert for serious conditions. v Detect and track information that comes in from the requesting client, such as server referrals and user agent code. Use the Configuration and Administration forms to customize your server request processing. 2. Click Request Processing. 3. Click Server API application processing. 4. Complete the Server API application processing form that is provided. 5. Click the Apply button. Enabling and disabling methods When the server receives a URL request, the request header asks the server to perform one of the HTTP methods. In order for the server to perform the HTTP method and deliver the document, you must enable the method on the server. Use the Configuration and Administration forms to enable and disable your server method. 2. Select a configuration from the pulldown menu in the navigation bar. 3. Click Request Processing. 4. Click Methods. Chapter 9. IBM HTTP Server administration 37

44 5. Complete the Methods form that is provided. 6. Click the Apply button. You can also monitor requests to your server and customize logs and reports that are returned on those requests. Mapping requests to your server resources Mapping requests define the virtual layout of your server s Web resources. By providing a specific route to your server resources, your server will determine how to handle various resource requests. Mapping directives are, by default, case insensitive. There is a new directive, called RuleCaseSense, which allows this to be configured from the Basic form. You can specify resource mapping directives as part of the server s configuration. These directives associate a request template with the actual path to a document or resource. The server checks each request against these directives in the order that they appear. The server determines the requested resource s location and whether or not the server will accept that request. Use mapping directives (Exec, Fail, Map, Pass, and Redirect) to control which requests your server accepts and to map URL requests to your actual files. You can use the mapping directives to create a virtual hierarchy of Web resources. You can then change the physical location of files or directories without affecting the virtual layout. Even if your server sends documents from the different file systems, it can present a virtual layout. The server applies the mapping directives in the order they appear in the configuration file. This changes when the server accepts or rejects a request, or when there are no more directives that apply to the request. For further information on mapping directives, see the IBM HTTP Server Webmaster s Guide. You must have Internet access to view the book. Use the Configuration and Administration forms to setup the resource mapping directives. 2. Click Request Processing. 3. Click Request routing. 4. Complete the Request routing form that is provided. 5. Click the Apply button. This same form lets you work with Pass directives and Welcome directives. You can also monitor requests to your server and customize logs and reports that are returned on those requests. 38 AS/400e: TCP/IP Services and Applications Web server (HTTP)

45 Improving server performance Everyone wants their IBM HTTP Server to run as efficiently and effectively as possible. Many different things affect performance: v Machine CPU v Memory v DASD v Number of users v Number of threads v Communication line speed v File system that is used for storage v Amount of logging configured The tasks below help control your IBM HTTP Server s performance. v Adjusting your TCP/IP configurations v Storing popular material in a local cache v Changing your performance settings to suit your needs Changing TCP/IP configuration Follow this link to learn how to adjust your TCP/IP configurations. Customizing local cache Your Web server has access to the files in your file system. Your server copies the files it accesses most often to local storage, called a local cache. Each time a user requests that page, the server verifies that the file has not changed from the stored copy. The server serves a changed page from its source, while it serves an unchanged page from the local cache. Use the Configuration and Administration forms to customize local caching for your server configurations. 2. Click System Management. 3. Click Local caching. 4. Complete the Local caching form that is provided. 5. Click the Apply button. You can also monitor requests to your server, creating logs and reports to give you more information on how people use your system and Web pages. This will help you to work with your Web page structure and local caching. Changing HTTP Server performance settings The most obvious way to improve performance is to go directly to the performance settings. You can use these settings to your advantage by making choices to fit your needs. Each time your server receives a request from a client, it uses a thread to perform the requested action. (The server uses one thread when not performing DNS Chapter 9. IBM HTTP Server administration 39

46 lookup. The server uses two threads when performing DNS lookup.) The server first checks to see if any threads are available. If so, the server uses available threads to process the request. If no threads are available and the server has not reached the maximum number of active threads, the server starts new threads to process the request. If the server has reached the maximum number of active threads, the server holds the request until threads become available. When a request finishes, the threads it was using become idle at which point they are available for the server to use again. If your server is running at maximum capacity on a sustained, non-stop basis, you might experience some affect on system performance of your machine. Decreasing the number of requests to the server alleviates this temporary situation, allowing the server to catch up on servicing requests. The impact on system performance is an indication that the MaxActiveThreads directive might be set too high for your machine. Specifying a number on the MaxActiveThreads directive that is too high affects the performance of the server as it attempts to satisfy browser requests. You can experiment with lowering the number that is specified for the MaxActiveThreads directive until you see no affect on system performance. A good starting point would be half of the previous setting. For example, if you had the MaxActiveThreads directive set to 100, try setting it to 50. You may want to lower it even further, but remember that when no threads are available, the server holds requests until more threads are available. Note: Lowering the MaxActiveThreads directive might result in increased numbers of rejected connections when the server reaches capacity. Increasing the number that is specified for the MaxActiveThreads directive decreases the number of rejected connections when the server reaches capacity. But this results in an increasing affect on system performance. You decide how you want to balance ability to service sustained large numbers of requests with ability to tolerate performance effects. Changes you make to the Performance form influence the performance of your server. If your server is performing too slowly, it may be due to any of these: v Your network speed. v The traffic on your local area network (LAN). v The number of clients requesting from your server. v The number of threads set on your server. Use the Configuration and Administration forms to change the performance settings of your IBM HTTP Server. 2. Click Systems Management. 3. Click Performance. 4. Complete the Performance form that is provided. 5. Click the Apply button. 40 AS/400e: TCP/IP Services and Applications Web server (HTTP)

47 Customizing error messages You can use local caching to load your most in-demand files into the server s memory at startup time. Use the PersistTimeout and MaxPersistRequest directives to specify the characteristics of a persistent connection. A persistent connection allows the server to accept multiple requests and to send responses over the same TCP/IP connection. Overall throughput increases because the server does not have to establish a separate TCP/IP connection for each request and response. Also, this uses the TCP/IP connection more efficiently because clients can make multiple requests without waiting for the server to respond to each request. Your server has error messages set to default, but you can change these messages to better suit your particular needs. For example, you can change a message to include more information about the cause of the problem and suggest possible solutions to it. For internal networks, you might provide a contact person for your users to call. You can find a list of error conditions, causes, and default messages in the IBM HTTP Server Webmaster s Guide. Use the Configuration and Administration forms to customize the error messages for your IBM HTTP Server. 2. Click Error message customization. 3. Complete the Error message customization form that is provided. 4. Click the Apply button. You may want to work with your error logs as more people use your services. You can also archive your error logs for the same reason. Configuring directory listings and welcome pages Directory listings and welcome pages are important aspects of your Web server. Configuring your directory listings determines how your directories will look. Configuring welcome pages controls how your server responds to an incoming request that contains a directory name. Use the following topics to set up your directory listings and welcome pages. v Defining welcome pages on page 42 v Using icons in directory listings on page 42 v Using directory listings on page 42 v Displaying READ.ME text on page 43 v Configuring user directories on page 43 Chapter 9. IBM HTTP Server administration 41

48 Defining welcome pages By default, the server will look for a welcome file for client requests that do not include a specific file name. It determines which file to serve by matching the list of welcome pages to the files in the directory. The first match it finds is the file it will return. Use the Configuration and Administration forms to define welcome pages. 2. Click Directories and Welcome Page. 3. Click Welcome page. 4. Complete the Welcome page form that is provided. 5. Click the Apply button. You must restart your server to activate the changes you made. Using icons in directory listings The product provides icons for your server directory listings, but you can change how your server uses them in the following ways: v Showing icons on directory listings. v Defining the directory icon and alternate text. v Defining the parent directory list icon and alternate text. v Defining the unknown file type icon and alternate text. v Defining the directory list head icon and alternate text. v Specifying icons to bind to MIME on page 98 content-types or encoding-types. Use the Configuration and Administration forms to specify the icons that are used in your directory listings. 2. Click Directories and Welcome Page. 3. Click Directory icons. 4. Complete the Directory icons form that is provided. 5. Click the Apply button. Using directory listings A directory listing shows files and subdirectories that are contained in the directory. The server shows each subdirectory item or each file on a separate line along with information about each item. Use the Configuration and Administration forms to specify how your server works with directory listings. 2. Click Directories and Welcome Page. 3. Click Directory list contents. 4. Complete the Directory list contents form that is provided. 5. Click the Apply button. 42 AS/400e: TCP/IP Services and Applications Web server (HTTP)

49 Displaying READ.ME text When your server creates any directory listing, it searches the directory for a file that is named README. This README file usually contains a brief description of the directory contents. Use the Configuration and Administration forms to specify how your server works with README files. 2. Click Directories and Welcome Page. 3. Click README text. 4. Choose a display option on the README text form that is provided. 5. Click the Apply button. Configuring user directories User directories are subdirectories of your AS/400 system s directories where individual Internet users store and publish their own Web documents. Use the Configuration and Administration forms to specify how your server works with user directories. 2. Click Directories and Welcome Page. 3. Click User directories. 4. Enter a user subdirectory in the User directories form that is provided. 5. Click the Apply button. You may also use the QSYS.LIB file system to put user directories into effect. To do this, use files within libraries, rather than subdirectories on your AS/400 system. Configuring user directories goes hand in hand with allowing access to your server resources and other security issues. Defining file extensions for multiformat processing You can configure your server to associate meta-information from file headers with file extensions. Meta-information usually takes the form of a valid set of HTTP response headers that describe the file that is being served, but not the file s content. Meta-information consists of MIME on page 98 type, encoding quality, character set, language, and browser (agent) type. Your IBM HTTP Server can include this meta-information in its HTTP responses to clients. You can set up meta-information with these tasks: v Making file extensions case-sensitive on page 44 v Tailoring pages to browser capabilities on page 44 Chapter 9. IBM HTTP Server administration 43

50 v Associating file extensions with MIME types v Associating file extensions with MIME encodings on page 45 v Associating file types with languages on page 45 Making file extensions case-sensitive This task will specify whether you want your Web server to distinguish between uppercase and lowercase letters in file extensions. Although our directives are case insensitive, the case of the URL, and the directive, is preserved when accessing the file system. Use the Configuration and Administration forms to define file extensions as case-sensitive or noncase-sensitive. 2. Select the configuration with which you would like to work. 3. Click Languages and Encoding. 4. Click File extension definitions. 5. Check the Not case-sensitive or the Case-sensitive box, as per your preference, in the File extension definitions form that is provided. 6. Click the Apply button. Tailoring pages to browser capabilities Your Web server uses automatic browser detection to tell it the capabilities of a requesting browser. Use the Configuration and Administration forms to define your automatic browser detection. 2. Click Languages and Encoding. 3. Click Automatic browser detection. 4. Complete the Automatic browser detection form that is provided. 5. Click the Apply button. Associating file extensions with MIME types This task allows you to create or change a list of file extensions that you want to bind to MIME on page 98 content types or subtypes. The MIME extension to the Internet mail standard defines the methods which package file contents. You can use a list to associate file extensions with MIME types or subtypes. The server considers any file with an extension that matches an entry in the list as packaged with the associated MIME type or subtype. Use the Configuration and Administration forms to set your server MIME types. 2. Click Languages and Encoding. 3. Click MIME types. 44 AS/400e: TCP/IP Services and Applications Web server (HTTP)

51 4. Complete the MIME types form that is provided. 5. Click the Apply button. Associating file extensions with MIME encodings This task allows you to create or change a list of file extensions that you want to bind to MIME on page 98 encodings. The MIME extension to the Internet mail standard defines the methods that are used to encode files. You can use a list of file extensions to associate with MIME encodings. The server considers any file with a file extension that matches an entry in the list as encoded with the associated MIME encoding method. Use the Configuration and Administration forms to set your server MIME encodings. 2. Click Languages and Encoding. 3. Click MIME encodings. 4. Complete the MIME encodings form that is provided. 5. Click the Apply button. Associating file types with languages This task allows you to create or change a list of file extensions that you want to bind to languages. If you intend to have files in multiple languages, you can use a list of file extensions to associate the files with the specific languages. The server considers any file with an extension that matches an entry in the list to be in the associated language. Use the Configuration and Administration forms to set language associations for file types. 2. Click Languages and Encoding. 3. Click Languages. 4. Complete the Languages form that is provided. 5. Click the Apply button. Chapter 9. IBM HTTP Server administration 45

52 46 AS/400e: TCP/IP Services and Applications Web server (HTTP)

53 Chapter 10. IBM HTTP Server security Managing Internet users Electronic commerce, intra-company communications, and record keeping have made security a crucial issue. In the sections that are listed below, you will see how your IBM HTTP Server provides security options on a variety of levels. These items cover both the internal communication of your company and external communication with your clients. You can use one of these types of protection by itself or use two or three of these together. User name and password protection. With user authentication, you specify user names that you want requesters to use to access your protected resources. The manage web user access section can be your first step in setting up user authentication. Secure Sockets Layer (SSL) client authentication. With this type of protection, you can configure the server to use the SSL security protocol for data encryption and client/server authentication. Use the secure communications section to help you set up SSL. Address template protection. With this type of protection, you use address templates to specify valid requester addresses for the different types of requests. Use the working with document protection section to help you set up address template protection. Lightweight Directory Access Protocol (LDAP) You might choose to use the LDAP server to store user identification and password information. Use the Storing and querying information with LDAP on page 53 to help. Secure against denial-of-service attack Choose the Securing your server against a telnet denial-of-service attack on page 55 section to learn how to set your default settings to detect such an attack. When you take security precautions with your server you may want to limit the users who access your server. With user authentication you can configure your server to allow or deny these users access to specific resources on your system. These users can be defined as AS/400 user profiles, or they can be defined within AS/400 validation lists. Users defined within AS/400 validation lists are known as Internet users. You can create a validation list containing Internet users by adding an Internet user. Validation lists reside in AS/400 libraries and are required when adding a user unless you are adding the user to a group file. If you enter a validation list that does not exist, the system will create it for you. You can implement user authentication with a validation list, which can contain Internet users, or AS/400 user profiles and their passwords. For additional security you can use SSL client authentication, by itself, or in combination with user authentication. Both user authentication and SSL client authentication are defined Copyright IBM Corp. 1998,

54 in protection setups and access control lists. Consult the protected resource section for assistance in creating protection setups for user authentication and SSL client authentication. Adding an Internet user You can add user names and passwords for access to your server. Internet users exist independently of AS/400 user profiles, and only your IBM HTTP Server uses them. Use the Configuration and Administration forms to add a user to your IBM HTTP Server. 1. Click Internet Users. 2. Click Add Internet user. 3. Complete the Add Internet user form that is provided. 4. Click the Apply button. Once you add an Internet user to your system, you can perform the following tasks: v Change that user s password. v Delete that user. v List your Internet users. v Create a protection setup for user authentication or SSL client authentication. You may also want to examine your communication security options as you expand the use of your Web server. Deleting an Internet user Before you choose to delete an Internet user from your server, you may want to look at a list of your current users. A deleted user cannot be retrieved; you can only add a user over again. You also have the option of changing a user password. You can delete an Internet user from a validation list, group file, group, all groups within a group file, or all of these at once. Internet users exist independently of AS/400 user profiles, and only your IBM HTTP Server uses them. Use the Configuration and Administration forms to delete a user from your server. 1. Click Internet Users. 2. Click Delete Internet user. 3. Complete the Delete Internet user form that is provided, entering the user information. 4. Click Delete to remove the Internet user you selected. Changing Internet user passwords For security reasons, it may become periodically necessary to change Internet user passwords in your IBM HTTP Server. Changing passwords is an easy way to 48 AS/400e: TCP/IP Services and Applications Web server (HTTP)

55 protect yourself and your clients. You can view the information you will want to change by listing your Internet users, if you wish. Use the Configuration and Administration forms to change user passwords in your IBM HTTP Server. 1. Click Internet Users. 2. Click Change Internet user password. 3. Complete the Change Internet user password form that is provided. 4. Click the Apply button. Listing your Internet users You will want to check the list of users to verify any changes you make. This function is also useful to keep you aware of who is on your user list. Protecting resources Use the Configuration and Administration forms to list your server users. 1. Click Internet Users. 2. Click List Internet users. 3. Enter a validation list in the List Internet users form that is provided. 4. Click Next for a list of the Internet users in the validation list you specified. The system displays a list of Internet users for the validation list that you selected. Most likely, you will not want everyone to have access to all the information on your server. For example, you probably would not want everyone to have access to your common gateway interface (CGI) programs. You can restrict access that is based on user name and password, the IP address, host name of the requester, validation lists, or client certificates. You can use AS/400 object security to protect your CGI programs and your documents in the file system. The server will honor the AS/400 object security by swapping to the user profile you specify in your protection setup. User profile QTMHHTT1 is the default profile for CGI programs and QTMHHTTP is the default profile for all other resources. Protection setups define how the server should control access to the resources being protected. These can be named to allow the same protection setup to protect multiple URLs on your server, or inlined to protect a single URL. A Protect directive activates protection for a request. A protection setup is a group of protection subdirectives. The Protect directive identifies the protection setup that the server should use. It can also define the protection setup as part of the directive. The subdirectives comprising a protection setup work together to define how the server should control access to the resources being protected. v Work with document protection. v Create a protection setup. v Delete a protection setup you have created. Chapter 10. IBM HTTP Server security 49

56 v Change a protection setup. You can use an ACL file to create specific authorizations to limit access to specific files on a directory that is already protected by a protection setup. You can use a protection setup to define the first level of access control, and then setup an ACL file to further limit access. Working with document protection With document protection, you can do the following: v v v v Specify URLs to protect on your server. Specify which clients can use your server as a proxy. Replace protection for URLs on your server. Remove protection for URLs on your server. You can also activate different protection rules for a request that is based on the IP address or host on which the request arrives. For example, you might want to specify that a request beginning / cgi-bin/ received on address is protected by the rules in a protection setup named PROT-A. You can specify that the same request received on address is protected by the rules in a protection setup named PROT-B. Use the Configuration and Administration forms to work with your document protection setup. 2. Click Protection. 3. Click Document protection. 4. Complete the Document protection form that is provided. 5. Click the Apply button. Creating protection setups A protection setup is a group of protection subdirectives. These subdirectives work together to define how the server should control access to the resources being protected. When the server receives a request that matches a protected URL request template, the server activates protection. The server goes to the protection setup that is associated with the matching template to determine how to control access to the protected resources. When working with protection setups you may choose to restrict access based on HTTP method, client host name, client IP address, specific users or specific groups. You can use the Mask subdirectives on the protection setup forms to work with this type of protection. 50 AS/400e: TCP/IP Services and Applications Web server (HTTP)

57 Use the Configuration and Administration forms to create protection setups. 2. Click Protection. 3. Click Create protection setup. 4. Complete the Create protection setup form that is provided. If you use SSL on page 100 client authentication, then the server requests certificates from any clients that make secure requests. The server establishes a secure connection whether or not the client has a valid certificate. You can protect your resources based on valid client certificates, certificates with particular Distinguished Name (DN) information, certificates that you associate with AS/400 user profiles, and certificates that you associate with validation lists. Deleting protection setups Deleting a protection setup will permanently remove the protection setup from the server configuration. To replace it, you will need to create another protection setup. Use the Configuration and Administration forms to delete protection setups. 2. From the menu in the navigation bar, select the configuration with which you want to work. 3. Click Protection. 4. Click Delete protection setup. 5. Select a protection setup in the configuration you chose from the list on the Delete protection setup form that is provided. 6. Click Delete to remove the protection setup you selected. Changing protection setups Changing a protection setup will change what server resources the setup protects as well as how the setup protects them. Use the Configuration and Administration forms to change existing protection setups. 2. Click Protection. 3. Click Change protection setup. 4. Choose a protection setup from the list on the Change protection setup form that is provided. Chapter 10. IBM HTTP Server security 51

58 Creating access control lists Access control provides directory level protection. The access control lists (ACL) form displays any ACL rules that are already specified for the ACL file. The form also allows you to add new rules as well as replace or remove existing rules. Use the Configuration and Administration forms to set up an ACL file. 1. Click Access Control lists.. 2. Complete the Access Control lists form that is provided. You receive confirmation when your server processes the form. Securing communications between users and Web sites IBM HTTP Server provides HTTP secure (HTTPS) transactions with the SSL on page 100 protocol. This protocol ensures that data transferred between a client and a server remains private. It allows the client to authenticate the identity of the server and the server to authenticate the identity of the client. You can work with SSL and specify SSL client authentication in protection setups and access control lists (ACL) on your Web server. Consult the protected resource section for assistance in creating protection setups for user authentication and SSL client authentication. Once your server has a digital certificate, SSL-enabled browsers like the Netscape Navigator can communicate securely with your server by using SSL. To do this, you need to configure your server for secure serving. With SSL, you can easily establish a security-enabled Web site on the Internet or on your corporate intranet. You can also install digital certificates on the clients in your network so the server can authenticate connections without prompting for a user ID or password. In order to configure security, you will need one of the following IBM Cryptographic Access Provider products installed on your system. v Crypto Access Provider 40 bit for AS/400 (5769-AC1) v Crypto Access Provider 56 bit for AS/400 (5769-AC2) v Cryptographic Access Provider 128 bit (5769-AC3) You cannot run secure serving without one of these products. Configuring your server for secure serving To configure your server for secure Web serving, you need to use SSL. You must also obtain a digital server certificate to be used by SSL for your Web server instances. Digital Certificate Manager (DCM) can be used to obtain a new, or register an existing, certificate for any secure server instance of the IBM HTTP Server for AS/400. It should be noted, however, that DCM is a separately installable product for the AS/400 and does not come with IBM HTTP Server. You can access DCM through your AS/400 Tasks page. For more information, look at DCM in the Information Center. Then use the Configuration and Administration forms to register HTTP Server with DCM (see Using the Configuration and Administration forms on page 16). 2. Click Security configuration. 3. Complete the Security Configuration form that is provided. 52 AS/400e: TCP/IP Services and Applications Web server (HTTP)

59 4. Click the Apply button.you receive confirmation when your server processes the form. Filling in this form generates an Application ID which you will need in order to complete the security configuration. 5. Click Digital Certificate Manager. 6. Click Work with Applications. 7. Complete the Work with Applications form that is provided. Using SSL with your server You can provide secure Web serving when you run HTTP traffic over the SSL on page 100 protocol. To use SSL, your server must have a digital certificate. This is how a retail company on the Internet allows users to look through the merchandise without security. These same users then fill out order forms and send their credit card numbers by using security. A browser that does not support HTTPS cannot request URLs by using HTTP over SSL. The non-ssl browsers will not allow the submission of forms that need secure submission. Storing and querying information with LDAP Lightweight directory access protocol (LDAP) is a directory service protocol that provides access to a directory over a Transmission Control Protocol (TCP) or SSL connection. It lets you store information in that directory service and query it in a database fashion. The LDAP directory service follows a client/server model where one or more LDAP servers contain the directory data. An LDAP client, for example IBM HTTP Server, connects to the LDAP server and makes a request. The LDAP Server performs the directory search and responds with the result. The LDAP server may be located on your AS/400 (AS/400 Directory Services) or on other systems. LDAP servers can be used by the IBM HTTP Server for server configuration or user authentication. Using LDAP support allows multiple HTTP servers to share configuration information. You can use LDAP to retrieve configuration information. You can create, change, or delete your LDAP server setup. Using LDAP with configuration information Storing information on an Lightweight Directory Access Protocol (LDAP) server allows applications to share the information. Use the Configuration and Administration forms to specify the LDAP server setup and information necessary to retrieve configuration information from a LDAP server. 2. Click LDAP. 3. Click LDAP includes. 4. Complete the LDAP includes form that is provided. 5. Click the Apply button. Chapter 10. IBM HTTP Server security 53

60 Creating an LDAP server setup Storing information on an Lightweight Directory Access Protocol (LDAP) server allows applications to share the information. The server associates information on an LDAP server with server attributes. The server generates a query that is based on attributes and sends it to the LDAP server, and the LDAP server returns the respective values. Use the Configuration and Administration forms to create your LDAP server setup. 2. Click LDAP. 3. Click Create LDAP server setup. 4. Complete page one of the Create LDAP server setup form that is provided. 5. Click the Next button. 6. Complete page two of the Create LDAP server setup form that is provided. 7. Click the Apply button. Changing an LDAP server setup Storing information on an Lightweight Directory Access Protocol (LDAP) server allows applications to share the information. The server associates information on an LDAP server with server attributes. The server generates a query that is based on attributes and sends it to the LDAP server, and the LDAP server returns the respective values. Use the Configuration and Administration forms to change your LDAP server setup. 2. Click LDAP. 3. Click Change LDAP server setup. 4. Select a LDAP server setup from the list on page one of the Change LDAP server setup form that is provided. 5. Click the Next button. 6. Complete page two of the Change LDAP server setup form that is provided. 7. Click the Apply button. Deleting an LDAP server setup Storing information on an Lightweight Directory Access Protocol (LDAP) server allows applications to share the information. 54 AS/400e: TCP/IP Services and Applications Web server (HTTP)

61 The server associates information on an LDAP server with server attributes. The server generates a query that is based on attributes and sends it to the LDAP server, and the LDAP server returns the respective values. Use the Configuration and Administration forms to delete your LDAP server setup. 2. Click LDAP. 3. Click Delete LDAP server setup. 4. Select a LDAP server setup from the list on the Delete LDAP server setup form that is provided. 5. Click Delete to remove the LDAP server setup you selected. Securing your server against a telnet denial-of-service attack An attack could result in a denial of service to your Web server. The configuration to protect against attacks has default settings, but you may want to change them to suit your individual needs. Your server can detect a denial-of-service attack by measuring the time-out of certain clients requests. If the server does not receive a request from the client, then your server determines that a telnet denial-of-service attack is in progress. This occurs after making the initial client connection to your server. The server s default is to perform attack detection and penalization. However, this default may not be right for your environment. If all access to your server is through a firewall or proxy server or Internet Service Provider, then the telnet denial-of-service protection is built into each of these entities. You should turn off the telnet denial-of-service protection for this server instance so that the server does not falsely detect a denial-of-service condition. Use the Configuration and Administration forms to configure your server s detection and response to denial-of-service incidents. 2. Click System Management. 3. Click Denial of service. 4. Complete the Denial of service form that is provided. 5. Click the Apply button. You may also monitor requests to your server. Chapter 10. IBM HTTP Server security 55

62 56 AS/400e: TCP/IP Services and Applications Web server (HTTP)

63 Chapter 11. Monitoring your server activity Working with logs While logging and reporting are related, your IBM HTTP Server treats them separately. You configure logs to collect information from various sources in your server. You configure reports to deliver specific information from the logs. Logs and reports exist for you to keep track of and examine the activities concerning your server. Monitoring your server activity allows you to make informed choices about performance and presentation. It takes some of the guesswork out of managing your Web site. Your server defines reports within a configuration file to work against the access log files that are defined in that same configuration file. Multiple server instances can share the same configuration file. However, server instances that want to use logging and reporting must have their own configuration files with their own logging and reporting directives. This eliminates the problem where only one server instance can be writing to the log files at one time. Doing it this way also allows for a higher level of security when reports for each server are in a different directory. Your server also has a Web activity monitor and a simple network management protocol, both of which you can configure. Your server can be configured to create a variety of logs. Each day at midnight, the server closes the logs for that day and creates new logs. Either the log file extension or the log file name will contain the date information for the log. The access log contains entries for page requests made to the server. The HTTP server can be configured to write information to the access log in the common or extended format. These two log formats are industry standard. Therefore, log files generated in the Common or Extended format are compatible with many of the log analysis products that are available in the industry.the access log contains information such as the following: v The date and time v The requester s host name or IP address v The URI for the request v The return code v The number of bytes served If the extended log format is being used, the access log will also contain: v The user agent (ie. the type of browser used to make the request) v The refering page If you are using the extended log format you can optionally tailor the access information that is written to each access log entry. Copyright IBM Corp. 1998,

64 The server also creates an error log that includes errors that are encountered by your server s clients, such as timing out or not getting access. You may be satisfied with the default settings for your logs, but you can configure them to better suit your needs. You can perform the following tasks to alter the default settings for logging: v Configure global log file settings. v Configure your access log file. v Configure your error log file. v Create your extended log format. v Change your extended log format. v Delete your extended log format. You can also control maintenance of aged access and error logs. Old access and old error logs are handled separately. When you configure them through their individual forms, you may choose to maintain just the access logs, or just the error logs, or both differently. The maintenance options for old log files are: v You can save them (in the same directory with the same name). v You can remove them if they are older than a certain number of days. (All logs older than a certain age are deleted. The system still keeps the newest logs.) v You can remove them if they are larger than a certain number of megabytes. (The system deletes the oldest log until the total number of megabytes for all log files is smaller than the number of megabytes specified.) v You can have a user exit program run against them to handle specific maintenance needs (rename them, move them to another directory, and so on). The server performs maintenance of the logs once a day at midnight. Configuring your global log file settings This task allows you to configure the log time format and the file format for log files. The time format is how the server enters the time in the log file for each request. Configuring the file format determines which of the following formats your log files use. v Common v Data description specification (DDS) v Extended log format Use the Configuration and Administration forms to configure your global log file settings. 2. From the list in the navigation bar, select a configuration with which to work. 3. Click Logging. 4. Click Global log file settings. 5. Choose a log time format on the Global log file settings form that is provided. 6. Choose a log file format on the Global file settings form that is provided. 58 AS/400e: TCP/IP Services and Applications Web server (HTTP)

65 7. Click the Apply button. Configuring your access log file For each access request the Web server receives, the server logs the entry in the access log file. The access log file contains the time, date, host name or IP address of the client making the request and other related information. Use this information to determine who is making the request, such as current customers or new customers, and their preferences and interests. Other logging information is useful when performing problem determination of server errors. This form also allows you to configure how your server archives access log files. If you configure access log files for maintenance, access, agent, and referrer logs are affected. Each of these three log types is affected in the same way, but the server treats them separately. Maintenance options do not affect proxy access and cache access logs. The server always keeps these logs. Use the Configuration and Administration forms to configure your access log file. 2. Click Logging. 3. Click Access log file. 4. Complete the Access log file form that is provided. 5. Click the Apply button. Configuring your error log file You can define your error log to suit your needs. You can use your error logs with coded character set indentifier (CCSID) values and languages as necessary. To work with your error logs and translatable text, you will need to configure for NLS-enabled logging. Your server s access log format does not include translatable text, so configuring for NLS-enabled logging affects only your server s error log. The task below allows you to set up your error logs to your preferred CCSID value and language, or to alter those items for an existing log file. The CCSID and NLS-enablement appear in the first two fields of the Error log file form below. This form also allows you to configure how your server archives the logs. Configure maintenance of the error files, affects the error log files. Error logs contain information about the errors reported by the server. The error log maintenance options also affect the CGI on page 95 error log files. CGI error logs contain error information written by a user s CGI program. The maintenance options for old log files are: v You can save them (in the same directory with the same name). Chapter 11. Monitoring your server activity 59

66 v v v You can remove them if they are older than a certain number of days. (All logs older than a certain age are deleted. The system still keeps the newest logs.) You can remove them if they are larger than a certain number of megabytes. (The system deletes the oldest log until the total number of megabytes for all log files is smaller than the number of megabytes specified.) You can have a user exit program run against them to handle specific maintenance needs (rename them, move them to another directory, and so on). Use the Configuration and Administration forms to work with your error log file. 2. Click Logging. 3. Click Error log file. 4. Complete the Error log file form that is provided. 5. Click the Apply button. Creating your extended log format Using the extended format allows the access log files to save more data. This also allows more control over which data is saved in the access log files. By default, extended log format captures access, referrer, and agent log information into one access log file. The extended log format can also be used to customize the data that is saved in each access log entry. Separately configured referrer and agent logs will log the agent and referrer data. You can configure the extended format access log file to contain that same data. In this situation, the server logs the agent and referrer information in the individual logs, and also logs the information in the access logs. Use the Configuration and Administration forms to configure the extended log format. 2. Click Logging. 3. Click Create extended log format. 4. Complete page one of the Create extended log format form that is provided. 5. Click the Next button. 6. Complete page two of the Create extended log format form. 7. Click the Apply button. Changing your extended log format This task allows you to change parameters that apply only to a particular format name. Use the Configuration and Administration forms to change your extended log format. 2. Click Logging. 60 AS/400e: TCP/IP Services and Applications Web server (HTTP)

67 3. Click Change extended log format. 4. Select a Log format name from the menu on the Change extended log format form that is provided. 5. Click the Next button. 6. Complete page two of the Change extended log format form. 7. Click the Apply button. Deleting your extended log format Use the Configuration and Administration forms to delete an extended log format. Working with reports 2. Click Logging. 3. Click Delete extended log format. 4. Select a Log format name from the menu on the Delete extended log format form that is provided. 5. Click Delete to remove the extended log format which you have selected. Reports are based on the results of the logs you have configured. As with logs, you have control over the settings for reports. You can configure for reporting on two levels: basic and Web usage mining. Basic reporting is a more general form of reporting. Web usage mining tackles more of the details. Your server allows you to do the following tasks to set up your reporting: v Configure your basic access reports. v Configure your global report settings. v Configure your Web usage mining access reports. v Create a report template. v Change a report template. v Delete a report template. Configuring your basic access reports The Access reports - Basic form is an interactive interface for generating basic reports. Basic access reports display information generated from your access logs. Basic access reports are not generated unless they are enabled. Basic activity reports provide the following types of reports: v Host reports provide a list of Host names or IP addresses of visitors to your Web site. By double-clicking on an entry in the list you can display the URL requested, date, time, and bytes transfered. v Method reports provide a list of methods requested by visitors to your Web site. By double-clicking on an entry in the list you can display the URL requested, date, time, and bytes transfered. Chapter 11. Monitoring your server activity 61

68 v v Code reports provide a list of results based on return codes from programs running on your Web site. By double-clicking on an entry in the list you can display the URL requested, date, time, and code returned. URL reports provide a list of URLs accessed by visitors to your Web site. By double-clicking on an entry in the list you can display the name of the host making the request, date, time, and bytes transfered. Use the Configuration and Administration forms to configure your basic access reports. 2. Click Log Reporting. 3. Select a configuration with which you want to work. 4. Click Access reports Basic. 5. Select a template name from the menu on the Access reports Basic form that is provided. 6. Click the Next button. 7. Complete page two of the the Access reports Basic form. 8. Click the Apply button. Configuring your global report settings You can configure the reports for generation at a certain time each day. Regardless of which option you select, the log files still close at midnight. When generating reports at a certain time of day, the server generates the reports for the previous day s log files. The server also generates the reports for the current day for log entries already made that day. When generating the reports on a regular time interval, the reports generate based on the contents of the log file already that day. If there are no complete reports for the current day, the server generates the reports for the previous day. This task also allows you to configure your server for archiving reports on both a basic and a Web usage mining level. Use the Configuration and Administration forms to configure the time of day for report generation. 2. Click Log reporting. 3. From the navigation bar menu, choose a configuration with which you would like to work. 4. Click Global report settings. 5. Complete the Global report settings form that is provided. 6. Click the Apply button. Once you set up the Global report settings form, you will want to use the statistics it provides. 62 AS/400e: TCP/IP Services and Applications Web server (HTTP)

69 Configuring your Web usage mining access reports The Access reports-web usage mining form lets you view detailed weekly and daily reports that are based on data from access log files, agent log files, and referrer log files. The detailed access statistics tell you the sequence of Web pages a user clicked through during a visit. These reports can tell you where people enter and exit from your Web site and which Web pages as a group are visited most. You can see the browsing patterns and identify user behavior, which in turn allows you to better organize your Web pages. Once configured, the server automatically generates reports which are not tailorable except through the standard report templates. You can monitor details of access statistics in these ways: v User-based v Path-based v Group-based The server provides daily reports for all three types of statistics. In addition, the server provides a week-to-date user-based report. Use the Configuration and Administration forms to view your detailed access statistics reports. 2. Click Log reporting. 3. From the navigation bar menu, choose a configuration with which you wish to work. 4. Click Access Reports-Web usage mining. 5. Choose a template name from the Access Reports-Web usage mining form that is provided. 6. Click the Apply button. Clicking Apply will provide a screen of all three types of statistics. From that screen, you can navigate to further details on the information if you wish. User-based Web usage mining statistics reports User-based statistics help you to understand how users move through your Web site. The server records each user session as the sequence of HTML on page 95 links followed by a specific user. If a user remains idle for some pre-specified period of time, the server considers the next sequence of links to be a new user session. The user-based reports show: v Most frequently accessed pages, organized by user count. v v v v v Most frequent IP addresses from which users come to visit your site, organized by user count. Distribution of user sessions both in duration and in number of pages accessed (bar charts are also supported when viewed with a Java-enabled browser). Most frequent external link (referrer) to your site. These are the pages from which users most frequently enter your site. Most frequent page from which a user exits your site. Most frequently used agents or browsers. Chapter 11. Monitoring your server activity 63

70 Path-based Web usage mining statistics reports Path-based statistics identify paths that are used to travel through your Web pages. Each user path is a sequence of HTML on page 95 pages that are chosen by a user and can reveal the user s actual browsing behavior. Path-based statistics tell you how users actually follow the HTTP links embedded in a Web presentation. Group-based Web usage mining statistics reports Group-based statistics give you the groups of pages most frequently visited during a user session. This helps you to see which groups of pages are most popular. A user session can contain multiple paths; and the group of pages that are frequently visited in a session may not lie on the same path. By examining the path-based and group-based statistics, you can obtain valuable information to improve the organization and connections of your Web presentation. Creating a report template This task allows you to configure a report template to your specifications. Use the Configuration and Administration forms to create a report template. 2. Click Log Reporting. 3. Click Create report template. 4. Complete page one of the Create report template form that is provided. 5. Click the Next button. 6. Complete page two of the Create report template form. 7. Click the Apply button. Changing a report template Use the Configuration and Administration forms to change a report template. 2. Select a configuration with which you want to work. 3. Click Log Reporting. 4. Click Change report template. 5. Select a template name from the menu in the Change report template form that is provided. 6. Click the Next button. 7. Make your desired changes to page two of the Change report template form. 8. Click the Apply button. Deleting a report template Use the Configuration and Administration forms to delete a report template. 2. Select a configuration with which you want to work. 3. Click Log Reporting. 4. Click Delete report template. 64 AS/400e: TCP/IP Services and Applications Web server (HTTP)

71 5. Select a template name from the Delete report template form that is provided. 6. Click the Delete button to remove the report template you selected. Using the Web activity monitor The Web activity monitor allows you to display server performance, network performance, status statistics, and access log entries. You can do this without being on the same machine running the server. Use the Configuration and Administration forms to access the Web activity monitor. 1. Click Server Instances. 2. Click Work with server instances. 3. Choose a server instance from the menu on the Work with server instances form that is provided. 4. Enter your startup parameters on the same form. 5. Click Monitor to bring up a form which will show you the information on the server instance you selected. You can monitor the following: v Activity (connections, response times, throughput, number of requests, number of errors) v Network (amount of outgoing and incoming data) v Access (access log entries) v Proxy Access (proxy access log entries) Note that in order to monitor Access and Proxy Access information, the server being monitored must have these logging features enabled. Working with your server s SNMP subagent A network management system is an application that runs continuously. The system monitors, reflects status of, and controls a network. Simple network management protocol (SNMP) is the network management standard. It communicates management information with devices in a network. The network devices typically have an SNMP agent and one or more subagents. The SNMP agent talks to the network management station or responds to command line SNMP requests. The SNMP subagent retrieves and updates data and gives that data to the SNMP agent to communicate back to the requester. Your server provides an SNMP management information base and SNMP subagent. This allows you to use any SNMP-capable network management system to monitor your server s health, throughput, and activity. The management information base data describes the managed Web server, reflects current and recent server status, and provides server statistics. You need to perform the following tasks when you work with SNMP: 1. Explicitly enable SNMP support by using the SNMP server configuration directive. 2. Provide a community name to allow user access to the SNMP information. Chapter 11. Monitoring your server activity 65

72 3. Customize an address for use by management. The network management system retrieves management information base values from other devices. It then can notify you if the server exceeds specified threshold values are exceeded. You can then proactively tune or fix server problems before they become server outages. Note: Every device that is managed or that manages must have an SNMP agent. Use the Configuration and Administration forms to work with your SNMP. 2. Click System Management. 3. Click SNMP. You can do the next three tasks in the SNMP form that is provided by the above instructions: 1. To enable or disable SNMP, select or deselect the Enable SNMP box provided. 2. To provide a community name for SNMP, enter a community name in the Community name space that is provided. 3. To customize an address to receive SNMP problem reports, enter the appropriate address in the Add address space that is provided. 66 AS/400e: TCP/IP Services and Applications Web server (HTTP)

73 Chapter 12. Setting up your IBM HTTP Server as a proxy A proxy server can act as an important part of your security system. It ensures control and caching for your communications. A proxy server retrieves files from other servers. It then caches the files on the local server to improve performance for subsequent requests for the same file. This only works if you configure caching. You can use a proxy along with a firewall. 1. Your first step in setup is to configure your proxy server functions and configure Secure Sockets Layer (SSL) tunneling. 2. You then have the choice of completing any or all of these options: v Configure your server s basic caching settings v Designate a port number for your proxy server v Configure a hierarchy of proxy servers v Configure your server s advanced caching functions 3. Next, you can specify which clients can use the proxy. 4. And then, configure your server for secure serving. Configuring your server s proxy functions and SSL tunneling To configure your server as a proxy, you need to specify the protocols for which you want your server to act as a proxy. You can do this by filling in the Proxy server settings form for the protocols for which this server functions as a proxy. The wide success of Secure Sockets Layer ( SSL on page 100) has made extension of the current WWW proxy protocol vital. This would allow an SSL client to open a secure tunnel through the proxy. Some Web browsers, such as Netscape Navigator, use SSL tunneling to establish a secure connection to a destination server through a proxy. The proxy can be a base or secure server. When tunneling SSL, the proxy must not have access to the data that you transfer in either direction. This is for security considerations. The proxy should only know the source and target addresses for the information as well as any user authentication information. Because SSL tunneling is generic, you can use it to access resources on different ports. Use the Configuration and Administration forms to configure your basic proxy functions and SSL tunneling. 2. Click Proxy Settings. 3. Click Proxy server settings. 4. Complete the Proxy server settings form that is provided. To activate SSL tunneling, complete the SSL tunneling ports field and enable SSL tunneling. 5. Click the Apply button. Once you have configured your proxy server, you can create others and then create a hierarchy of proxy servers for yourself. Copyright IBM Corp. 1998,

74 Configuring your proxy server s basic cache settings Perform this step if you want your proxy server to also act as a caching proxy server. Within an intranet you may want to set up a server as a caching proxy to reduce the amount of traffic on the network. In large networks you can connect a hierarchy of caching proxies. A client request cascades up through the hierarchy of servers until it retrieves the document from a server s cache. The request retrieves an uncached document from the actual server where the document resides. Use the Configuration and Administration forms to configure your server s basic cache settings. 2. Click Proxy Settings. 3. Click Caching settings. 4. Complete the Caching settings form that is provided. 5. Click the Apply button. Designating a port number for your proxy server Perform this step only if you want your proxy server to listen to a port number other than the HTTP default port number. The HTTP default port number is 80. Here are three possible reasons you would want to change the default port number: v You might have a special numbering convention at your company. v v You might have applications pick their port numbers from a certain limited range. Your port 80 might already be used by some other application. Note: You cannot listen to the port if the server is active. The port is only active when an application is actively using it. Use the Configuration and Administration forms to designate a port number. 2. Click Basic. 3. In the Basic form that is provided, change the Default port field to the port on which you want the proxy to listen. The default value for this field is 80. Some other commonly used port numbers for proxy servers are 8080 and Click the Apply button. If you wish to keep your changes, you must restart the server. Configuring a hierarchy of proxy servers You can specify that the server route certain requests to another proxy server. This allows you to chain together a hierarchy of proxy servers. 68 AS/400e: TCP/IP Services and Applications Web server (HTTP)

75 Use the Configuration and Administration forms to configure a hierarchy of proxy servers. 2. Click Proxy Settings. 3. Click Proxy chaining and nonproxy domains. 4. In the Proxy chaining and nonproxy domain form provided, click Insert Before. 5. From the list that is provided, select the protocol for which you are specifying a URL. 6. In the URL field, enter the URL for direction of requests for that protocol. 7. Enter any nonproxy domains in the field that is provided. 8. Click the Apply button. Configuring advanced caching functions You can further develop your server s caching functions with any of the four topics below: v Using caching filters. v Configuring cached file expiration. v Setting a time limit for cached files. v Using other caching time limits. Working with caching filters Your server s caching filters allow you to choose which files your server should cache and which files your server should not cache. Use the Configuration and Administration forms to work with your caching filters. 2. Click Proxy Settings. 3. Click Caching filters. 4. Complete the Caching filters form that is provided. 5. Click the Apply button. Configuring cached file expiration This task lets you set time limits for keeping unused cached files. You can set the time limit that determines when unused cached files expire. When you choose to remove all documents that do not contain expiration time information in their header, the server removes any files of this type matching the specified template after the corresponding time. This setting overrides expiration dates in the files URL request headers. When the server runs the garbage collection process, the server removes cached files that expired. Since web sites update their pages and change their URLs without warning, setting time limits for your cached files ensures that your server retrieves the most current information. Use the Configuration and Administration forms to work with your cached file expiration. Chapter 12. Setting up your IBM HTTP Server as a proxy 69

76 2. Click Proxy Settings. 3. Click Cached file expiration. 4. Complete the Cached file expiration form that is provided. 5. Click the Apply button. Setting a time limit for cached files This task lets you set the time limit that determines when unused cached files expire. When you choose to remove unused cached files after a specified expiration time, the server removes any unused cached file. This setting overrides expiration dates in the files URL request headers. When the server runs the garbage collection process, it removes expired cached files. Since web sites update their pages and change their URLs without warning, setting time limits for your cached files ensures that your server retrieves the most current information. Use the Configuration and Administration forms to set time limits for cached files. 2. Click Proxy Settings. 3. Click Time limit for cached files. 4. Complete the Time limit for cached files form that is provided. 5. Click the Apply button. Working with other caching time limits This task lets you set the time limit that determines when unused HTTP, File Transfer Protocol (FTP), or Gopher cached files expire. This setting overrides expiration dates in the files URL request headers. When the server runs the garbage collection process, it removes expired cached files. Since web sites update their pages and change their URLs without warning, setting time limits for your cached files ensures that your server retrieves the most current information. Use the Configuration and Administration forms to work with other caching time limits. 2. Click Proxy Settings. 3. Click Other caching time limits. 4. Complete the Other caching time limits form that is provided. 5. Click the Apply button. Specifying which clients can use the proxy You can use the server s protection function to control which clients can use your server as a proxy. This is part of controlling access to your server. 70 AS/400e: TCP/IP Services and Applications Web server (HTTP)

77 Use the Configuration and Administration forms to specify which clients can use your server as a proxy. 2. Click Protection. 3. Click Document protection. 4. Complete the Document protection form that is provided. 5. Click the Apply button. Chapter 12. Setting up your IBM HTTP Server as a proxy 71

78 72 AS/400e: TCP/IP Services and Applications Web server (HTTP)

79 Chapter 13. Rating Web sites and serving rated Web information Platform for Internet Content Selection (PICS) enables Internet users to filter the material they encounter while surfing the web. Users can accept or reject the material based on its ratings. This filtering allows parents, businesses, schools, or discerning individuals to block access to inappropriate and objectionable material. For the most up-to-date PICS information, see the World Wide Web consortium s PICS web site. You need access to the Internet to reach this site. The specifications published at this web site enable: v People who publish information on the Web to rate and label their own documents. These can be HTML files or other files that contain images, sound or animations. v Independent rating services to rate and label documents published by other Web sites and to distribute the labels to whomever requests them. v Internet users to use their browsers to request these labels and determine how to handle rated and unrated information. How Web clients use PICS PICS-enabled clients allow the users to determine which rating services they want to use and, for each rating service, which ratings are acceptable and which are unacceptable. For example, a family might choose a rating service that rates documents according to their sexual content. the rating service might have a low rating for romance, a higher rating for passionate kissing, and yet higher ratings for more explicit sexual activity. The parents might decide that documents containing romance are the highest acceptable rating for their household. they would then configure their browser to reject all documents that are unrated or contain a higher rating from this rating service. In another example, the Hi-Tek Systems Corporation could label its own documents with a For Hi-Tek Use only and could equip all its employees with browsers configured to accept only documents with a for Hi-Tek Use Only and could equip all their employees with browsers configured to accept only documents with this rating. There are several steps in this process. v The client sends a request. When a PICS enabled client requests a document, it indicates in the request which rating services are of interest. For example, assume these parents had configured their browser to evaluate rating labels from The Best rating service. When their children click a link to an HTML document, the browser request would also ask for the rating labels that were assigned to the document by this rating service. v The server sends a response. Assume the PICS-enabled server has a copy of the labels the client is requesting. When the server receives the client s request, it sends the labels along with the Copyright IBM Corp. 1998,

80 v v requested document. However, if the server does not support PICS or does not have copies of labels from that particular rating service, it sends the requested document anyway. The client checks the server response first. The client first checks to see if the requested rating labels are imbedded in the document (in the meta-information) or if they were sent along with the document. Some clients might accept rating information that is embedded in the file. Others might require a separate label from a registered rating service and a guarantee that it was created by that service. If the client successfully finds the label information it wanted, it evaluates the rating and either displays the document or blocks it and displays a message. The client contacts the rating service, if necessary. If the client does not receive the label information with a requested document from the server, it might send a subsequent request directly to the rating service asking for the label information for that document. This requires a second connection, which takes longer and can discourage future visits to that site. The browser waits until the label information is returned before it displays any data. Using a rating service to rate your site With the IBM HTTP Server you can store and serve rating labels for the documents you publish. If you choose this option, you will want to start by registering a third-party rating service. Setting up a rating service The web server also enables you to act as a rating service or label bureau by providing a means for you to maintain and distribute rating labels for your site or other web sites. Setting up a PICS rating service and a PICS label bureau Because many Webmasters will want their pages rated, you have an opportunity to provide a service to a large number of web sites. v v Content providers will contact your organization to request that you rate their Web site and provide them with the labels so that they will be able to serve the labels along with their Web documents. Clients will connect to your server electronically to request labels for pages they are attempting to view when they cannot get the label information with the requested pages. The PICS configuration file provides you with the means to manage the labels for other Web sites and transmit them when requested. The PICS specifications enable anyone to set up a rating service, define the criteria by which they rate Web sites and documents, and then provide the ratings. With PICS support, you can establish your server as a rating service and maintain and distribute labels for other web sites. You can rate documents at a Web site individually or use wildcard characters to quickly assign the same rating to all or part of a site s offerings. You will need to create these labels and your own RAT file, you can use the PICS configuration file to manage these labels from a central point. Your server will then be able to automatically send the rating labels you have assigned when a client requests them. 74 AS/400e: TCP/IP Services and Applications Web server (HTTP)

81 If a Web site that you have rated requests the labels for their pages, you can also provide them with all their current ratings. Unfortunately, the World Wide Web Consortium has not yet defined a standard for the label bureaus or rating services to send a Web site all their label information. This means that the method for this exchange will have to be determined by the rating services and the web site that asked for them. This task allows you to configure your server as a Platform for Internet Content Selection (PICS) rating service. You will need to define a rating system and create your own RAT file. Check the World Wide Web Consortium s PICS specification machine-readable for instructions format on how of the to RAT do this. file. ItYou includes will also the need syntaxtofor specify the a URL for PICS-enabled clients and servers to use when they use their browsers to contact your server for labels. The default setting is internal which means the labels are stored on your server. This setting provides the best performance. You need access to the Internet to reach this site. Use the Configuration and Administration forms to register your own rating service. 2. Click PICS Local. 3. Click Register your own rating service. 4. Complete the Register your own rating service form that is provided. 5. Click the Apply button. Then, you may want to create a PICS label. Maintaining your PICS rating service and label bureau Creating a PICS label This task allows you to manage PICS labels for other web sites from a central point and serve them when clients request them. You can add, change, and delete the label entries that associate specific documents or pages with your rating labels. Use the Configuration and Administration forms to maintain PICS label entries for other Web sites. 2. Click PICS Local. 3. Click Maintain PICS label entries for other Web sites. 4. Complete the Maintain PICS label entries for other Web sites form that is provided. 5. Click the Search button and the Selected PICS label entries for other Web sites form shows your search results. 6. Complete the Selected PICS label entries for other Web sites form. 7. Click the Apply button. If you decide to act as a rating service, you will need to create PICS files. When webmaster s contact you and ask for a rating you will send them these files. PICS label extensions Chapter 13. Rating Web sites and serving rated Web information 75

82 The IBM HTTP Server has added extensions to save repetitious data entry and to allow you to add comments. Comments for your own use You can insert comments for your own use into label files. Begin these comments lines with #. Lines beginning with # are not sent to clients. This type of comments is an addition to the comment statements used inside labels, which are sent to clients. Additional variables You can insert the following variables in label files: v %%URL%% The current URL will be substituted for this variable. When the server receives a request for a rating label that contains %%URL%%, it replaces this variable with the correct for statement before sending the label. v Note: Do not use this variable on generic labels (those that apply to multiple files). %%SERVICENAME%% The service name requested will be substituted for this variable. When the server receives a request for a rating label that contains %%SERVICENAME%%, it replaces this variable with the correct service statement before sending the label. Use the Configuration and Administration forms to create a PICS label. 2. Click PICS Local. 3. Click PICS labels for your own rating service. 4. Complete the PICS labels for your own rating service form that is provided. 5. Click the Apply button. You need to store all your Platform for Internet Content Selection (PICS) rating labels in a threadsafe integrated file system on your server. The system stores each rating label in a separate file. After you have created PICS files you may want assistance Maintaining your PICS files Registering third-party rating services Use this task to register the third-party rating services whose Platform for Internet Content Selection (PICS) rating labels your web site will use. Any individual or organization can offer content labels for information on the Internet and serve as a rating service. You can use your server to start a rating service and label bureau. Whether you use a rating service or act as your own rating service, you ll work with label files and rating files. Label files usually carry the.lbl extension while rating files carry the.rat extension. Before you can register a rating service, you must have a copy of its RAT file stored on your server. The RAT file describes the rating system and provides the identifying URL for the service. You also need to get the rating labels from the 76 AS/400e: TCP/IP Services and Applications Web server (HTTP)

83 third-party rating service. You may be able to retrieve these automatically using the Request Label Entries from Third-Party Rating Service form. Use the Configuration and Administration forms to register a third-party rating service. 2. Click PICS Third-Party. 3. Click Register third-party rating services. 4. Complete the Register third-party rating services form that is provided. 5. Click the Apply button. You may want assistance requesting PICS labels after you ve set up the rating service. Requesting PICS label information Managing PICS labels Perform this task to request label entries from a third-party rating service. If the third-party rating service has a Domino Go Webserver or IBM HTTP Server, you can electronically request rating labels for all the documents on your Web site that the third-party service has rated. You will receive both rating labels and PICS configuration file label entries as a response to your request. Both types of information are automatically stored on your server in the directory that is specified on the form. The directory must exist, and you must authorize the server authorized to write to that directory. If the third-party rating service has not rated your Web site, it will return a response that indicates that it does not have the information you requested. Note: For a faster response time, rating labels for your site should reside at your site. That way the your server doesn t have to call the rating bureau s server to fulfill the request for rating information, instead it can supply the rating information from it s own copy of the label file. Use the Configuration and Administration forms to request PICS label information. 2. Click PICS Third-Party. 3. Click Request label entries from third-party rating services. 4. Complete the Request label entries from third-party rating services form that is provided. 5. Click the Apply button. After you request the labels you might want assistance managing the PICS labels. In general, a label file is a text file that contains a label. Labels for a Web site can be: v Self-assessed according to your own criteria. v Self-assessed according to published criteria of a voluntary rating service. v Assessed by a third-party rating service according to the service s criteria. Chapter 13. Rating Web sites and serving rated Web information 77

84 Once the ratings are established, you use label information to create PICS-compliant rating labels, store the labels in the root (/) file system, and use the PICS configuration file to manage and transmit them. You will need to store both the RAT file and the rating labels in files on your server. The RAT file should be available from a rating service s Web site. The rating labels must be stored one label per file. Let the system automatically store the transmitted rating labels and RAT file and update your PICS configuration file for you. You can only do this when electronically requesting labels for a third-party rating service that has a Domino Go Webserver-based Web server You can use any directories, subdirectories, and file names that make sense at your site and for your implementation. We recommend that web sites have a separate directory or subdirectory for each third-party rating service that they use. This is required for automatic updates when requesting labels from rating services that have the Domino Go Webserver of the IBM HTTP Server. Our examples use a file extension of.lbl on each rating label file. This is also the extension for any label files the server transmits electronically. Managing PICS labels for your own web site Follow these steps to store rating labels in your file system and configure your server so it sends these labels when clients request them. 1. Obtain a copy of the RAT file from the rating services you want to use and store it in your file system or your server. 2. If you are getting rating labels from a third-party rating service that has Domino Go Webserver or the IBM HTTP Server use the on-line Configuration and Administration forms to request the labels and the entries for your PICS configuration file electronically. When you receive these files, your server will automatically be updated for you. If you are not getting rating labels from a third-party rating service that has the Domino go Webserver or the IBM HTTP Server. v v v v Obtain the ratings from the third-party rating service or rate your own documents. Create labels according to the format published in the PICS specification. Store the labels in separate files, one label per file, in your server s file system. Tell your server which documents are rated, where the actual rating labels can be found, and which rating service provided the labels. You do this by adding entries to the PICS configuration file to associate the rated documents with their label files. You can use the on-line Configuration and Administration forms to update and maintain this file or you can edit it manually. Managing PICS labels for your Web site in each document You can edit your HTML files and embed PICS ratings information in the meta element of the document header. This process is entirely manual and therefore time-consuming, error-prone, and difficult to maintain. Because the header is a part of the HTML file, you can t include non-html files such as images. It does not incorporate any security mechanisms (message digest, digital signature, and so on) to guarantee label validity. This may be important to the requesting client. The 78 AS/400e: TCP/IP Services and Applications Web server (HTTP)

85 PICS specification explains how you can embed rating information in each document. You need access to the Internet to reach this site. Managing PICS labels for your Web site from a central file The Web server s PICS support allows you to store the rating labels for all the documents on your Web site and manage them from a central file. The server sends labels along with your Web pages when a client requests them. In addition to the rating labels, you must also have a PICS-compliant rating system description file that describes the rating system used to rate your documents. These are called RAT files, usually have a.rat extension, and rating services will provide them along with their labels. Use the Configuration and Administration forms to configure label entries for your Web site. 2. Click PICS Third-Party. 3. Click Maintain PICS label entries for your Web site. 4. Complete the Maintain PICS label entries for your Web site form that is provided. 5. Click the Search button. Chapter 13. Rating Web sites and serving rated Web information 79

86 80 AS/400e: TCP/IP Services and Applications Web server (HTTP)

87 Chapter 14. Dynamic Web page content and Web applications HTML on page 95 documents or Web pages are either static or dynamic. Static Web pages exist as static HTML files on the Web server. Dynamic Web pages exist only as temporary documents to satisfy a specific individual request. Dynamic Web pages enable the user to interact with the Web server; for example, to order merchandise over the Web. Although your IBM HTTP Server serves both static and dynamic Web pages, dynamic Web pages do not reside on the server. You can create dynamic Web pages by using CGI on page 95 application programs. When the server receives a request from the user s browser, it passes this request to the CGI application program. The CGI program processes the request and passes the response to the server. The server then passes the response back to the browser. That response could be the results of a search, text that is extracted from a database, or a form for the user to complete. The form of the response depends on the design of the Web site. The IBM HTTP Server for AS/400 Web Programming Guide provides information about writing CGI programs for AS/400. It includes environment variables, application program interface (API), Persistent CGI, sample programs, and more. You must have Internet access to view the book. Your IBM HTTP Server allows you to configure three things related to CGI: v CGI settings v Environment variables v Persistent CGI You can also use server-side includes to insert information into CGI programs and HTML documents. Configuring your CGI settings The CGI settings control how your server handles conversions between EBCDIC and ASCII for CGI input and output. The value specified here is the default conversion mode for the server and can be overridden by an optional parameter on the Exec or Service directive on the Request Routing form. If the server is configured to convert between ASCII and EBCDIC, entity bodies with text/* or application/x-www-form-url encoded Content-Types will be checked for a charset tag. If found, the server will convert the corresponding ASCII CCSID to the EBCDIC CCSID of the job. If not found, the server will use the value of the DefaultNetCCSID configuration directive as the CCSID to convert from. Use the Configuration and Administration forms to configure your CGI settings. 2. Click CGI. 3. Click CGI settings. 4. Complete the CGI settings form that is provided. 5. Click the Apply button. Copyright IBM Corp. 1998,

88 Configuring your environment variables When the server runs a CGI program, it passes information about the request and about the server itself to the CGI program using environment variables. You can perform this task to specify which environment variables you want your CGI programs to inherit and which ones you do not want your CGI programs to inherit. A list of CGI environment variables can be found in the IBM HTTP Server Web Programming Guide. You must have Internet access to view this book. Configuring persistent CGI Use the Configuration and Administration forms to configure your environment variables. 2. Click CGI. 3. Click Environment variables. 4. Complete the Environment variables form that is provided. 5. Click the Apply button. Persistent CGI is an extension to the CGI interface. It allows a CGI program to remain active across multiple browser requests and maintain a session with that client. This allows files to remain open, the state to be maintained, and long running database transactions to be committed or rolled-back based on end-user input. You must write the AS/400 CGI program by using named activation groups which allows the program to remain active after returning to the server. The CGI program notifies the server it wants to remain persistent using the Accept-HTSession CGI header as the first header it returns. This header defines the session ID associated with this instance of the CGI program and does not return to the browser. Subsequent URL requests to this program must contain the session ID as the first parameter after the program name. The server uses this ID to route the request to that specific instance of the CGI program. The CGI program should regenerate this session ID for each request. We strongly recommend that you use Secure Sockets Layer (SSL) for persistent and secure business transaction processing. Use the Configuration and Administration forms to configure persistent CGI. 2. Click CGI. 3. Click Persistent CGI. 4. Complete the Persistent CGI form that is provided. 5. Click the Apply button. 82 AS/400e: TCP/IP Services and Applications Web server (HTTP)

89 Using server-side includes Server-side includes enable you to insert information into CGI programs and HTML documents that the server sends to the client. You may do this processing of Web pages before the server sends the page to the client. The current date, the file size, and the last change date of a file are examples of the kind of information that you can include in Web pages you send to the client. Before using server-side includes on your server, there are a few issues you should consider. One issue is performance. Performance can be significantly impacted when the server processes files while sending them. Another issue is security. Letting ordinary users process commands can be a security risk. Be very careful when you decide in which directories you use server-side includes. You should also note that you cannot refer to files recursively. For example, if you are processing the file sleepy.html, and the program finds <!#include file= sleepy.html >, then the server doesn t detect the error and the server loops until stopped. However, you can refer to other, separate files within files. For example, the file that you name sleepy.html could refer to a file that you name bashful.html. That same file bashful.html could refer to the file that you name dopey.html. Use the Configuration and Administration forms to use server-side includes. 2. Click Basic. 3. Complete the Basic form that is provided, selecting a server-side include option. 4. Click the Apply button. Chapter 14. Dynamic Web page content and Web applications 83

90 84 AS/400e: TCP/IP Services and Applications Web server (HTTP)

91 Chapter 15. Setting up your Webserver search engine The AS/400 Webserver search engine allows you to perform full text searches on html and text files that are stored in an AS/400 file system from any Web browser. The AS/400 Webserver search engine is available at no charge with the IBM HTTP Server for AS/400 (5769 DG1) starting in V4R4. Note: The Webserver search engine for V4R4 is available only through PTFs. See for PTFs and AS/400 Webserver Search Engine-Getting Started. AS/400 Webserver search engine features. v Indexes documents for fast searching. The AS/400 Webserver Search Engine indexes html or text files into a format that allows you to quickly search a large number of documents. You can create multiple indexes and place documents from multiple directories in a single index. v Exact word indexing. The AS/400 Webserver Search Engine uses an exact word indexing scheme rather than a keyword indexing scheme which many search engines use. The search engine indexes all words; it leaves nothing out. Exact word indexing provides for faster index building and more precise searching than keyword indexing, but does require additional disk space. The search engine searches documents by using consecutive character matching, which is essential for proper support of double byte languages. v Search functions. The AS/400 Webserver Search Engine supports search capabilities such as: Exact search. Fuzzy search. Wild card search. English word stemming. Case sensitive search. Boolean search. Document ranking. v Customizable search forms. The search forms and search results form are completely customizable by the end user by using the Net.Data scripting language. This gives the user the ability to specify the type of search that is performed and the display of the results. The information that can optionally be displayed on the results page includes: Number of documents that satisfy the search. Number of search term occurrences. Number of documents returned on this page. The URL associated with each document. The document s ranking. Last change date and size. Any and all of this information can be displayed however the user wants. v Web based administration. Administration of the search indexes is handled as part of the IBM HTTP Server Configuration and Administration Web pages. The search administration forms allow you to do the following: Create an index. Copyright IBM Corp. 1998,

92 Update an index. Merge an index. Delete an index. View the status of an index. Build a document list. Build a URL mapping rules file. Search an index. v Multiple language support. The AS/400 Webserver Search Engine supports multiple national languages that include double byte languages Chinese, Japanese, and Korean. You can use the AS/400 Webserver search engine in conjunction with or instead of the NetQuestion search engine that was introduced with AS/400 V4R3. Once you set up your search indexes, you can use a Web browser form to enter a search query to search for documents that are contained in these indexes. The search engine produces a list of links to the documents that contain the desired information. Clicking on a URL displays the document contents. Set up a search site: 1. You must decide what documents you want to have searched as a group. You must store the documents you want to index in an integrated file system directory and its subdirectories, or into QSYS file members. 2. Then you create an index which will process each of your documents into a form that users can search efficiently and quickly. 3. You can test the search index by using the search forms that are provided. You must change the sample Net.Data macros to provide the appropriate search interface for your users.then update the configuration file to enable access to this macro. 4. Finally, add a link to Web pages that will support the search. A fast information retrieval system does not sequentially scan through documents; this would take too long. Instead, it operates on an existing document index. You can think of a document index as consisting of a limited version of the original document, stored together with the document names. The retrieval system searches through the index for the names of the documents that contain the terms that are requested. You can index and search for documents in either the integrated file system, or QSYS file system. It makes sense to index together those documents that share a common topic. This helps to focus the search results, eliminating topics that might contain the search query but that are irrelevant to the main topic of the index. Once you create separate indexes for different groups of documents to your index, you can do the following: v Update the indexes with new or changed documents. v Merge these added documents into the main index. v Delete an index. v Display an index. The search engine handles documents in many languages, including Japanese, Simplified Chinese, Traditional Chinese, and Korean. 86 AS/400e: TCP/IP Services and Applications Web server (HTTP)

93 Creating a search index In order to allow users to search for documents on this site, you must create a search index. The search index holds your documents in a searchable form. There are several options you can select to customize the searches to be made on the set of documents. Use this task to create a new search index and to specify these options. You cannot change the index characteristics once you create the index, but you can add, replace, or delete documents from the index. Use the Configuration and Administration forms to create your search engine index. 1. Click Search Administration. 2. Click Create search index. 3. Enter an index name. 4. Enter an index directory (or use the default). 5. Enter an index description (optional). 6. Click the Apply button. 7. Enter the directory name that contains the files you want indexed. See Building a document list below. 8. Select the index attributes you want to use. 9. Click the radio button to create a mapping rules file from this configuration. See Building a URL mapping rules file below. 10. Select the configuration file you will use for your configuration directives. 11. Enter the prefix to use for URL address or leave this space blank. 12. Click the Apply button. 13. Copy the sample search macro from /QIBM/ProdData/HTTP/Public/HTTPSVR/Sample_search.ndm to your own directory. 14. Change the sample search macro to use your index and index directory. 15. Add a link to the search engine on your web page. 16. Create a server instance that uses the configuration file you created above. 17. Start the server instance. 18. Enter the URL for your web page on the browser. After completing the above task, you should test the index. Building a document list You can build a document list by using the Build document list form rather than the Create search index form: 1. Click Search Administration. 2. Click Build document list. 3. Complete the Build document list form that is provided. 4. Click the Apply button. The system creates a document list file. Building a URL mapping rules file You can build a URL mapping rules file by using a Build URL mapping rules file form rather than the Create search index form: Chapter 15. Setting up your Webserver search engine 87

94 Updating a search index Merging a search index 1. Click Search Administration. 2. Select an index name from the pulldown list in the navigation bar. 3. Click Build URL mapping rules file. 4. Complete the Build URL mapping rules file form that is provided. 5. Click the Apply button. Use this task to add entries to the index for new or changed documents. The server automatically puts the index entry for newly added documents into a supplemental index. The server performs subsequent searches against both the primary and supplemental index. When you create a new search index, you create the primary or main index. When you add documents, the server creates and updates the supplemental index. The server rewrites only the supplemental index when you add documents. You can update an existing index by adding new or changed documents to the index or by deleting a set of documents from the index. Use the Configuration and Administration forms to update a search index. 1. Click Search Administration. 2. Select an index name from the pulldown list in the navigation bar. 3. Click Update search index. 4. Complete the Document list and Indexing options sections of the Update search index form that is provided. 5. Click the Apply button. Building a document list You can build a document list by using the Build document list form rather than the Update search index form: 1. Click Search Administration. 2. Click Build document list. 3. Complete the Build document list form that is provided. 4. Click the Apply button. The system creates a document list file. When you create a new index, the search engine service creates a set of files that form the primary index. When you update an index, the system creates additional files in a secondary index. As the size of the secondary grows, the amount of redundant information between the primary and secondary index increases. You should periodically merge the primary and the secondary indexes into one index so that you can recover disk space. 88 AS/400e: TCP/IP Services and Applications Web server (HTTP)

95 Deleting a search index Displaying index information Testing a search index When the index merges, the supplemental index, created when you updated the index, merges into the primary or main index. For rapid on-line indexing, the supplemental index should be merged into the primary index before it becomes too large. Use the Configuration and Administration forms to merge supplemental indexes into the main index. 1. Click Search Administration. 2. Select an index name from the pulldown list in the navigation bar. 3. Click Merge search index. 4. Choose a processing option. 5. Click the Apply button. If you no longer need an index, you can delete the index to recover disk space. This deletes all of the index files, but does not affect the original documents. Use the Configuration and Administration forms to delete a search index. 1. Click Search Administration. 2. Select an index from the pulldown list in the navigation bar. 3. Click Delete search index. 4. Choose a processing option. 5. Click Delete to confirm the removal of the specified index. You can view the status of a search index to determine how the system created the index or whether you need to merge your index. Use the Configuration and Administration forms to display index information. 1. Click Search Administration. 2. Select an index name from the pulldown list in the navigation bar. 3. Click View status of search index. The system displays the index you selected. Test your index by searching for various words and phrases you know are in the indexed documents. To test the index, do the following: 1. Find the Search link. 2. Select an index that you want to search. 3. Enter a search string. Chapter 15. Setting up your Webserver search engine 89

96 Use the search engine 4. Click the Submit button. The search engine service displays the results of your search. Considerations when using the Webserver Search Engine Creating indexes You can create indexes on any HTML documents or text files that are stored in the AS/400 file system. This includes documents that are stored in AS/400 source physical files (the /QSYS.LIB directory). However, the document library system (/QDLS) is not supported. For best performance, we recommend that you store HTML documents in the root file system (/). The index directory must be in the Integrated File System file system and not in the QSYS.LIB file system. You should only include HTML files or text files in your index. Indexing other file types such as GIFs, JPEGs, or other images could adversely affect indexing and search performance. Keeping index information up to date Although HTML documents usually contain relatively static information, their content does change from time to time and new HTML documents are constantly being added. Your search index needs to keep pace with these changes. The Update search index option of the Search Administration form helps you do that. You will want to update your search index whenever your HTML documents change or you add new documents. Search administration places new and changed documents into an index directory called a supplemental index. It does this so as to not disrupt searches that are currently going on in the main index. Although searches and updates can take place at the same time, it does take extra CPU cycles to update the index. For that reason, you may want to consider running updates during non-peak hours. The index update operation is very much like the initial index creation. You provide a list of documents you want to update. The search engine processes this list and updates the index accordingly. The Update search index form can automatically build you a document list, or you can build it separately using the Build document list form. This list may be used to either add or delete a set of documents from the index. The main index is created at the first indexing, and the supplemental index is created and updated by adding documents. Only the supplemental index is rewritten when you add documents. You should keep the supplemental index comparatively small by periodically merging the index by using the Merge search index form. When you merge the supplemental index to the main index the whole index is rewritten. This takes time depending on the size of index. For large indexes, select to do the merge as a background task. Document list processing v If you are adding or changing documents in the index, each document in the document list is examined to see if it has already been indexed. If so, the system will check whether it has changed since it was last indexed. The system does this check by using the lastchange date of the document. If the document is new, the system adds it to the supplemental index. If the document has changed, the 90 AS/400e: TCP/IP Services and Applications Web server (HTTP)

97 v system deletes it from the main index and adds to the supplemental index. If the document is unchanged, the system ignores it. If you are deleting documents from the index, the system examines each document in the document list to see if it is currently in the index. If it is in the index, the system deletes it from either the main or supplemental index. If the document is not currently in the index, the system ignores it. There is no automatic way of building a document list for documents you want to delete. You will have to determine what documents the system has removed from the directory and build the document list by using source entry utility (SEU) or the EDTF command. The document list is simply a text file with one entry per line. Each entry is the fully qualified path of each document that was indexed. Searching for documents When searching for words in a document you can enter one or more search words, or you may enter a search phrase. Double quotes must surround a search phrase. For example you may enter the phrase internet computing to find those two words together exactly as shown. If a phrase includes double quotes within the phrase, you must double up those quotes for a proper search string. For example to find a phrase such as The ultimate source you would enter the search string The ultimate source. To search for ultimate, you would enter the search string ultimate. Incorrect syntax of double quotes will cause an error to occur. You can specify a query to search the textual content of documents that you have indexed. The result of a search is a list of documents that match the query. If you click on the document URL, the search engine displays the document contents. The search value can be any of the following: v A single search argument that the search must find in a qualifying document. v Two or more search arguments that must satisfy a proximity condition, such as occurring within a single sentence of a qualifying document. v A free-text search argument that can consist of a single word, a phrase, or a sentence. A search argument is one or several such terms, at least one of which must be found. You can mask a word or phrase in a search term by defining appropriate masking characters (also called global or wildcard characters). When a search is complete, the results page shows a list of documents that were found by the search. The search service lists the most relevant documents first. The search service displays the title and the URL of the document. You can specify a query to search the textual content of documents that you have indexed. To search for documents in an index, do the following: 1. Click Search Administration. 2. Select an index name from the pulldown list in the navigation bar. 3. Click Search index. 4. Enter the terms and criteria for your search in the Search for documents in an index form that is provided. 5. Click the Search button. Chapter 15. Setting up your Webserver search engine 91

98 The result of a search is a list of documents that match the query. These results display the title and the URL of the document. If you click on the document URL, the search engine displays the document contents. To build a URL mapping rules file: 1. Click Search Administration. 2. Select an index name from the pulldown list in the navigation bar. 3. Click Build URL mapping rules file. 4. Complete the Build URL mapping rules file form that is provided. 5. Click the Apply button. 92 AS/400e: TCP/IP Services and Applications Web server (HTTP)

99 Chapter 16. Other information about HTTP Server Use any of the following resources for information on your Web server. There is also a list of concept definitions available at this site. Configuration and Administration form help. You can use your Web browser (such as Netscape Navigator or Microsoft Internet Explorer) to work with the IBM HTTP Server Configuration forms and Administration forms. With your Web browser and the forms you can perform all of the configuration and administrative tasks on your server. A list of options in the left frame of the window helps you navigate through all the configuration and administrative tasks. For instance with the Add Internet Users form you can grant Internet access to additional users. The new users only have access to the Web server resources you specify, and they do not have actual AS/400 User Profiles. You can use any browser capable of handling Java script and frames to work with the forms. Each Configuration and Administration form features a help window you can consult for assistance as you complete configuration tasks or server administration tasks. You use a browser, just as you are using now, to interact with the Configuration and Administration forms and the corresponding help files. You can access the help files by clicking the question mark icon in the title of any form. IBM HTTP Server for AS/400 Webmaster s Guide. The IBM HTTP Server Webmaster s Guide describes the advanced function and configuration of your server. This book contains procedures for changing configurations, using server directives, making your communications secure, protecting your server, enabling logging of server activity, and troubleshooting problems. You must have Internet access to view this book. IBM HTTP Server Web Programming Guide. The IBM HTTP Server for AS/400 Web Programming Guide tells you how to write external programs that interact with the Web server. The Web Programming Guide includes details on working with CGI, Server API, and Java servlets. You must have Internet access to view this book. World wide Web sites. Bookmark the IBM HTTP Server for AS/400 Web site for the latest information and updates to the Web server product. You must have Internet access to reach this site. Copyright IBM Corp. 1998,

100 IBM HTTP Server concepts This is your quick access to definitions for common topics that the Web serving articles mention. Many articles link to the concepts that are listed below, as they are relevant to particular subjects. v Agent log v Application Server Manager v Caching v CGI on page 95 v GIF on page 95 v HTML on page 95 v Image map on page 96 v Internet users on page 96 v IP address on page 96 v JPEG on page 96 v Logs and reports on page 96 v Web server methods on page 96 v MIME on page 98 v Net.Data on page 98 v Proxy server on page 98 v Referrer log on page 98 v Server configuration on page 99 v Server instance on page 99 v SSL on page 100 v TCP/IP on page 100 v Validation list on page 100 v Virtual host on page 100 Agent log The agent log indicates which Web browser the client used to access a Web page. By default, the server writes an entry to the agent log each time a client sends the server a request. For every entry that is made in the access log, the agent log has a corresponding entry. This entry indicates the browser that is used to display the page or file that is requested by the client. Application Server Manager Application Server Manager is a separate product from your IBM HTTP Server. If you choose to configure your server to allow or support servlets, then you might want to do additional configuring with the Application Server Manager. Caching Your cache stores materials which are in demand. This means that the system does not need to search for the original source every time these materials are accessed. Changes you make to the Local caching form influence the performance of your server. Using local caching, you can specify files you want to load into the server s memory each time you start the server. By keeping your most frequently-cached files loaded in the server s memory, you can improve your server s response time for those files. For example, if you load your server s welcome page into memory 94 AS/400e: TCP/IP Services and Applications Web server (HTTP)

101 at startup by adding it to the cache list, the server can handle requests for the page much more quickly than if it had to read the file from a disk. Keep in mind that for each file you load into memory, you are making that amount of memory unavailable for other uses which can affect performance. Proxy caching allows you to have the proxy server store the documents it retrieves from other servers in a local cache. The server can then respond to subsequent requests for the same documents without having to retrieve them from other servers. This can improve response time. This also allows users of your internal network to access documents on the Internet. CGI Common gateway interface (CGI) is a standard that is supported by almost all Web servers. It defines how information is exchanged between a Web server and an external program (CGI program). The CGI specification dictates how CGI programs get their input and how they produce any output. CGI programs process data that is received from browser clients. For example, the client fills out a form and sends the information back to the server. GIF HTML GIF might be the most common file extension you see on the Internet because it produces a lower quality image than the.jpeg. The files are smaller, and they download faster than.jpeg files. A smaller graphic file will appear faster to anyone who views your page. You can use Hypertext markup language (HTML) to create your Web pages. HTML is a simple tagging language that is widely used on most of the Web pages on the Internet. You can view the HTML source code on any page with your browser, whether it is an Internet Web page or an intranet Web page. Most browsers allow for viewing the source code of a Web site you visit. Within a View menu, the menu names for this task may vary by browser. Netscape Navigator uses Page source while Internet Explorer uses Source. When you view the HTML, you will see that it uses a series of tags to structure the page. Each tag appears in brackets. For instance, if you want your product name to appear in bold type, it would look like this: <B>IBM HTTP SERVER</B> For an easy way to learn about HTML and generate ideas for your Web pages, spend some time by viewing pages on the Internet. When you find a page that looks interesting, view the document source to get an idea on how to structure your own pages. You can also search the Internet for tutorials and instructional pages on HTML. You can create your HTML pages by using any editor capable of producing flat text files. However, if you use a simple text editor, such as Windows Notepad, you will have to manually type each HTML tag. If you do not want to type the tags, you can use an HTML editor. If you search the Internet for HTML editors, you will Chapter 16. Other information about HTTP Server 95

102 find that many editors available on a try-before-you-buy-basis. Some word processing programs and desktop publishing programs will let you transform your documents into HTML format. Soon, you will get an idea of how the HTML tags work. Then you can create your own pages or use the sample page as a template. You might plan to use graphics in your site, too. Image map Many sites make great use of graphic files by using them as navigation tools, known as image maps. If you find a graphic to click on that gets you to another page, you might be using an image map. Searching the Internet for information on image maps will give you ideas on how to use them and how to create them. Internet users In the broadest terms, an Internet user is anyone who uses the Web. You may want to narrow that definition for using your server. Internet users may be employees on your internal intranet, clients on the Internet, or both. Keep in mind that the two groups of Internet users may have very different needs. Internet users are defined in validation lists and exist independently of AS/400 user profiles, and only your IBM HTTP Server uses them. IP address The Internet Protocol (IP) address is an identification code for Internet or intranet communication. The address identifies each sender and receiver, with code for the network as well as the particular station from which the message is sent. An example of an IP address would be JPEG JPEG might be the format you choose if your graphics are photographs and preserving the color is important to you. Because they display a high quality image with more colors than a.gif file, the.jpeg files are larger and require a longer download time. If you use a.jpeg file on your Web page, make sure that it is worth the wait for anyone visiting your page. Logs and reports You configure logs to collect information from various sources in your server. You configure reports to deliver specific information from the logs. Logs and reports exist for you to keep track of and examine the activities concerning your server. Web server methods When your server receives a URL request, the request header contains coding that asks the server to perform one of its supported tasks. These tasks are known as methods. Your server supports the following methods: v Get Enable the generic envelope type (GET) method and the server returns whatever data the URL identifies. If the URL refers to an executable program, the server returns the output of the program. Enabled 96 AS/400e: TCP/IP Services and Applications Web server (HTTP)

103 v v is the default setting. Head Enable the HEAD method and the server returns the HTTP document header without the document body. Enabled is the default setting. Post Select POST to indicate that the input to the CGI program will be passed to the CGI program in the standard input stream. Disabled is the default setting for every server instance except administration (ADMIN). The server administrator handles POST method requests submitted by a remote HTTP client by selecting Exec as the Action on the Request routing form. This enables CGI programs to run. Unless you select Exec to enable CGI programs, the server will not honor a request to run a CGI program. Selecting Exec can enable all the CGI programs in a library, or it can enable only specific programs within various libraries. v v v v Note: The ADMIN server instance uses the POST method to submit configuration updates. If you disable this method for the ADMIN server instance, you will not be able to make server configuration updates by using the administration forms. By default, the POST method is enabled for the ADMIN server instance. Options Enable the OPTIONS method and the request information about the communications options on the request or the response chain that is identified by the URL. This method allows a client to determine the options and requirements associated with an object, or the capabilities of a server. No action on or retrieval of the object is necessary. Enabled is the default setting. Trace Enable the TRACE method and the server echoes the request message sent by the client. This method allows the client to see what is being received at the other end of the request chain. The client can then use that data for testing or diagnostic information. The content type of the response is message/http Enabled is the default setting. Connect Enable the CONNECT method and your server can establish an SSL tunneling session between a client (such as Netscape Navigator) and a remote server through a proxy server. The sessions between the client and the proxy and between the proxy and the remote server are secure. The proxy cannot access the data sent to the client. The proxy server can be a base or secure server. Disabled is the default setting. To enable SSL tunneling, go to the Proxy server settings and specify an SSL tunneling port. Put The request contains data and a URL. The server stores the resource identified in the URL. If the resource already exists, PUT replaces it. If the resource does not exist, PUT creates it. Because PUT typically lets clients add or Chapter 16. Other information about HTTP Server 97

104 replace information on your server you must use protection setups to define who can use this method for which files. Disabled v is the default setting. Delete Enable the Delete method and the server deletes the object identified by the URL. After the object is deleted, the URL is not valid. Because delete typically lets clients delete information from your server, you must use protection setups to define who can use this method and which files can be deleted. Disabled is the default setting. MIME Multipurpose Internet Mail Extension (MIME) is what allows users to send information over in forms other than simple text. MIME allows for electronic transmission of audio, video, applications, images, and so forth. Many MIME types, such as GIFs and PostScript files, are predefined. You can also define your own MIME types. MIME types allow Web browsers to output files which are not in an HTML format. Net.Data A sample Net.Data search and a Net.Data search results macro are available for you to customize the Web pages that users will see when using the search engine. You can change the HTML, add graphics, or reorganize the page as you choose. Do not change any functional parts of the macro, since this may cause errors in the underlying code. Edit a copy of the macros, choose a directory to contain them, and then set up a configuration file which allows access to these macros. Proxy server Clients can ask a proxy server to retrieve documents on its behalf from other servers. In this way, the proxy server performs as both an HTTP Server and a client. It is a server with respect to clients making requests and it is a client with respect to other servers. You can configure your IBM HTTP Server to handle HTTP proxy requests in addition to regular HTTP requests. You may configure your server to function strictly as a proxy, or as both a proxy and a normal server. The proxy server s greatest advantage is that it s cache can serve all of your users. This improves response time for frequently requested Internet sites. Running a proxy server increases the traffic on your server. You may want to set up a separate server instance as your proxy server. Referrer log The referrer log identifies the Web page that refered (or linked to) the requested Web page. If the server is configured to log the referrer, the server writes an entry to the referrer log each time a client sends the server a request. For each entry that 98 AS/400e: TCP/IP Services and Applications Web server (HTTP)

105 is made in the access log, the referrer log has a corresponding entry. This entry indicates which page refered to the page that the client requested. If no page refered to the requested page, the entry is two quotation marks ( ). If a single page accesses images or other files, they will look like separate requests. Each will have a separate entry in these log files. The referrer information can also be logged in the access log if the extended log format is being used. If the access log is configured to use the extended log format, and the referrer log is also configured, the server will log the referrer for each request in both the access log entry and the referrer log. Server configuration The behavior of an instance of your IBM HTTP Server is controlled by the configuration for that instance. The server uses the information in a configuration to determine how to respond to requests from a client browser. A configuration is actually a file made up of statements called directives. Each configuration has a single unique name. You can change the directive statements by using the Configuration and Administration forms. Your server has default settings for its configurations. However, you can create and delete your own configurations, change configurations once you create them, and display current values for a configuration. Server instance The term instance describes each separate server when a single system starts multiple Web servers. Multiple HTTP servers may be defined and running concurrently on an AS/400. Each of those servers is called an instance and is named. The Web server uses configuration files as a basis for the server instances. The server comes with a configuration file called CONFIG and another configuration file called ADMIN. It also comes with two server instances; the ADMIN (*ADMIN) server instance (which is based on the ADMIN configuration) and the DEFAULT server instance (which is based on the CONFIG configuration). Because you can run multiple server instances, you have the ability to support multiple Web sites from the same Web server on your AS/400. Running multiple server instances on a single AS/400 server is analogous to running multiple HTTP server machines (for example, multiple PC servers), each with a single instance. Each server instance runs in the QHTTPSVR subsystem. Each instance consists of one HTTP server job in the QHTTPSVR subsystem, along with one or more helper jobs. Depending on the needs of your business, you can run multiple server instances that are customized to the needs of your clients. For example, you may choose to run one server instance for your Internet clients, and one server instance for your intranet clients. Chapter 16. Other information about HTTP Server 99

106 SSL Secure Sockets Layer (SSL) is a program layer that is set between an application and the Internet s TCP/IP layers. SSL provides security between a client and your server in message transmission, allowing the server to authenticate the identity of the clients. SSL uses a security exchange to secure the TCP/IP connection between the client and the server. The exchange occurs after the TCP/IP connection is established. During the exchange, the client and server agree on the security keys that they will use for the session, and the client authenticates the server. After that, your server uses SSL to encrypt and decrypt all of the information in both the request and the server response. This information includes the following: v The URL that the client requests v The contents of any form that you submit v Access authorization information (such as user names and passwords) v All data sent between the client and the server TCP/IP Transmission Control Protocol/Internet Protocol (TCP/IP) is the language that is spoken by computers. For more information on the basics of TCP/IP, see the TCP/IP configuration fastpath. Validation list Your system uses validation lists in conjunction with protection setups and access control lists to limit access to your server resources. Each validation list contains a list of Internet users and their passwords. Each Internet user has one valid password defined for it. A validation list is an AS/400 object of type *VLDL that stores user names and passwords for use in access control. Validation lists are case-sensitive. Validation lists reside in AS/400 libraries and are required when adding a user unless you are adding the user to a group file. If you enter a validation list that does not exist, the system will create it for you. Virtual host This is one of the main services you can provide with your IBM HTTP Server. Virtual hosting with your server keeps your clients from having to purchase and maintain additional hardware, and you can save on IP addresses. A virtual host is similar to a server instance, but the server instance provides the specific information for each user on a virtual host. With virtual hosts, you can run just one instance of the server and assign each customer to a different host. In the domain name server, you define your hosts and associate them with the IP address of your server. You can then configure the server to serve a different set of information depending on the host that is making the request. Requests do not require a port number. Clients must support HTTP 1.1 or HTTP 1.0 with 1.1 extensions. 100 AS/400e: TCP/IP Services and Applications Web server (HTTP)

107

108 Printed in U.S.A.