File
|
Description
|
acl.ini
|
Stores Access Control Lists (ACL) used by Security Manager.
Syntax
type.name = right {, right}
name
|
the name of the group defined in groups.ini,
user defined in users.ini or
host name, IP address or IP range defined in computers.ini.
IP addresses are the form
#.#.#.#,
where # is a number from 0 to 255.
IP ranges are in the form
#.#.#.#-#.#.#.#
or [#|*].[#|*].[#|*].[#|*],
where # is a number from 0 to 255 or * is for
any number in the range of 0 to 255.
|
right
|
one or more comma delimited list of rights defined in rights.ini.
* represents all access rights.
|
type
|
group, user, hostname, ip_address or
ip_range.
|
Example
group.admin = *
group.public = get,post
hostname.p2 = *
ip_address.168.192.0.10 = get,post
ip_range.168.192.0.* = get,post
ip_range.131.192.0.10-168.192.0.20 = get,post
|
aliases.ini
|
Stores aliases used in translating the requested URI to a physical file or to
a servlet defined in servlets.ini.
Syntax
alias = type:resource
alias
|
the URI, file extension, or MIME type that the request must match.
|
type
|
file, filter, mime or servlet.
If not specified, file is the default type.
|
resource
|
the path to an existing physical file
or the name of a servlet defined in servlets.ini
$wwwroot will be replaced by the base directory of requested virtual
host.
When specifying a path each \ must be entered twice.
|
Notes
File is used when translating a URI to a specific physical file.
A Filter is a Servlet that is used when a reference is made to a
resource which ends with a specific file extension.
A Servlet is a Java Class that is invoked when a request matches a
specific URI.
A MIME is a Servlet that is used when a reference is made to a
resource that returns content of the specified MIME type. MIME
defintions required that Servlet Chaining be enabled.
Example
/ = servlet:FileServlet
.shtml = filter:SSIncludeServlet
/tests = file:d:\\tests
application/x-compress = mime:CompressServlet
|
computers.ini
|
Stores host names, IP addresses and IP ranges used by Security Manager.
Syntax
name = hostname
address = ip_address
range = ip_range
address
|
the IP address in the form
#.#.#.#,
where # is a number from 0 to 255.
|
name
|
the host name.
|
range
|
the IP range in the form
#.#.#.#-#.#.#.#
or [#|*].[#|*].[#|*].[#|*],
where # is a number from 0 to 255 or * is for
any number in the range of 0 to 255.
|
Example
p2 = hostname
168.192.0.10 = ip_address
168.192.0.* = ip_range
131.192.0.10-168.192.0.20 = ip_range
|
dbpools.ini
|
Contains Connection Pool definitions.
Syntax
name = driver=driver&url=url{&username=user_name}{&password=password}&init_size=init_size&max_size=max_size
driver
|
the JDBC driver for the database.
|
init_size
|
the number of connections to start off with when the server is started.
10 is the default for iServer.
The initial size must be a value greater than 1.
|
max_size
|
the maximum number of connections to allow.
10 is the default for iServer.
The value must be equal to or greater than the value for initial size.
|
name
|
the name of the connection pool.
|
password
|
any password associated with the specified user ID.
If not specified then null will be used.
|
url
|
the URL to the database.
|
user_name
|
any user ID used to access the database.
If not specified then null will be used.
|
Notes
Using connection Pools may improve a server's performance.
Example
iob = driver=sun.jdbc.odbc.JdbcOdbcDriver &url=jdbc:odbc:iob &init_size=10&max_size=20
|
groups.ini
|
Stores Group definitions used by Security Manager.
Syntax
group_name = user_name{,user_name}
group_name
|
the name of the Group.
|
user_name
|
the users in the group.
One or more comma delimited usernames defined in users.ini.
|
Example
public = guest
|
hosts.ini
|
Used to store Virtual Host definitions.
Syntax
hostname = root_dir
hostname
|
the name of the server.
* is the default server name to use when none of the defined hosts
names match.
|
root_dir
|
the root directory for html files and documents.
./wwwroot is the default for iServer.
./public_html is also a popular value used by Web Servers.
All references to files are made relative the base directory.
|
Example
* = ./servlets/default
iob = ./servers/iob
|
iws.ini
|
Contains general parameters used by iServer.
Syntax
backlog = backlog
connection_pools = dbpools_enabled
connections = connections
default = default_file
directory = dir_access_enabled
dns_lookup = dns_lookup_enabled
ip_address = ip_address
keep_alive = keep_alive_enabled
keep_alive_timeout = keep_alive_timeout
keep_alive_requests = keep_alive_requests
max_connections = max_connections
password = password
port = port
preload_servlets = servlets
remote_admin = remote_admin_enabled
security = security_enabled
servlet_chaining = servlet_chaining_enabled
shell = shell_access_enabled
shutdown_delay = shutdown_delay
timeout = timeout
username = user_name
backlog
|
the maximum number of pending request to queue.
50 is the default for iServer.
The number specified must be greater than or equal to 0.
|
connections
|
the default number of threads to startup.
25 is the default for iServer.
The number specified must be greater than or equal to 5.
|
dbpools_enabled
|
whether or not to enable defined connection pools.
Use y to enable and n to disable.
y is the default for iServer.
Setting this value to y may improve performance.
|
default_file
|
the name of the default html document to retrieve, if non was specified.
index.html is the default for iServer.
|
dir_access_enabled
|
whether to allow directories to be displayed.
Use y to enable and n to disable.
n is the default for iServer.
Setting this value to y is potentially a security hole.
iServer uses the template directory.html in
installdir/html/ when display directories, where
installdir is the directory where iServer was installed.
|
dns_lookup_enabled
|
whether to lookup the name of the remote client.
Use y to enable and n to disable.
If set to n then the IP address of the remote client will be used.
n is the default for iServer.
Setting this value to y may have a negative impact on performance.
|
ip_address
|
the IP address or the host name to listen to.
* indicates any ip address or host name.
* is the default for iServer.
|
keep_alive_enabled
|
used to indicate whether the connection should be kept opened between requests.
Use y to enable and n to disable.
y is the default for iServer.
Setting this value to n may have a negative impact on performance.
|
keep_alive_requests
|
the maximum number of consecutive requests that will be allowed before the
connection is closed.
5 is the default for iServer.
-1 can be used to always keep the connection alive. Using this value
is dangerous and opens the server to denial of service attacks.
The number must be at least 5.
Setting this value too large may result in denial of service.
|
keep_alive_timeout
|
The maximum number of seconds to service a client requests before clossing
the connection.
30 seconds is the default for iServer.
-1 can be used to always keep the connection alive. Using this value
is dangerous and opens the server to denial of service attacks.
The number must be 15 or more seconds.
Setting this value too large may result in denial of service.
|
max_connections
|
the maximum number of threads to startup.
50 is the default for iServer.
The value must be greater than or equal to the number of connections.
|
password
|
the password of the administrator.
admin is the default password.
|
port
|
the port number to use, a value from 1 to 65536.
8080 is the default for iServer.
80 is the default for Web Servers.
Only one application at a time can use any given port number.
|
remote_admin_enabled
|
whether to allow computers other than localhost (127.0.0.1) to administer iServer.
Use y to enable and n to disable.
y is the default for iServer.
Setting this value to y is potentially a security hole.
|
user_name
|
The username of the administrator.
admin is the default username.
|
security_enabled
|
whether to check if a client can access resources being requested.
Use y to enable and n to disable.
y is the default for iServer.
Setting this value to y may have a negative impact on performance.
|
servlet_chaining_enabled
|
whether to allow Servlet chaining.
Use y to enable and n to disable.
n is the default for iServer.
Setting this value to y may have a negative impact on performance.
|
servlets
|
any Servlets defined in servlets.ini to preload.
Zero or more comma delimied list of Servlet aliases.
Normally FileServlet is loaded.
|
shell_access_enabled
|
whether to allow CGI scripts and SSI #exec to have shell access.
Use y to enable and n to disable.
n is the default for iServer.
Setting this value to y is potentially a security hole.
|
shutdown_delay
|
the number of seconds to wait for requests being processed to complete before
shutting down the server.
60 seconds is the default for iServer.
-1 can be used to wait for all requests to finish processing. Using
this value may result in the server hanging while trying to shutdown waiting
for a request the will never complete.
|
timeout
|
the number of milliseconds to wait for the client to respond before closing
the connection.
300000 milliseconds, 5 minutes, is the default for iServer.
If -1 is used the connection will never to timeout. Using this
value is dangerous and opens the server to denial of service attacks.
If the value is less 1000 then 1000 will be used.
|
Notes
Administrators should immediately change the default Username/Password from
the Server form [Login > Monitor > Control Panel > Manage >
Server].
Username/Password should not be any obvious word, easily guessed terms,
should be at least 8 characters and should contain letters,
numeric and symbols.
Additionally Username/Password should be kept private, with limited
controlled disclosure and should be changed frequently.
Example
connections = 25
max_connections = 50
timeout = 300000
ip_address = *
port = 8080
directory = n
default = index.html
shell = n
username = admin
password = admin
keep_alive = y
keep_alive_timeout = 30
keep_alive_requests = 5
preload_servlets = FileServlet
preload_filters =
security = y
connection_pools = y
shutdown_delay = 60
dns_lookup = n
backlog = 50
remote_admin = y
servlet_chaining = n
|
loggers.ini
|
Contains values used by the Logger.
Syntax
log_access = log_access_enabled
log_events = log_events_enabled
log_errors = log_errors_enabled
service = class_file{?parameter{¶meter}...}
class_file
|
the Java Class in the form package.class of the Logger
to use.
The CLASSPATH will be searched for the specified Logger.
|
log_access_enabled
|
whether or not to log requests.
y is the default for iServer.
Setting this value to n will result in no access log being
maintained. Setting this value to y may have a negative impact on
performance.
|
log_errors_enabled
|
whether or not to log errors.
y is the default for iServer.
Setting this value to n will result in no log being maintained for
errrors. Setting this value to y may have a negative impact on
performance.
|
log_events_enabled
|
whether or not to log events.
y is the default for iServer.
Setting this value to n will result in no log being maintained for
events. Setting this value to y may have a negative impact on
performance.
|
parameter
|
any parameters used during the initialization of the Logger.
Zero or more & delimited key=value pairs can be
specified.
|
Example
log_access = y
log_events = y
log_errors = y
service = stec.iws.FileLogger ?basedir=./logs &access_log_template=default &log_rollover_interval=weekly &interval=0
|
messages.ini
|
Stores error codes and messages returned to client on error.
Syntax
error_code = title{;message}
error_code
|
the HTTP return code to associate with this message.
|
message
|
any message to display for this error code.
|
title
|
the title to display and return to the client in the header.
|
Notes
Messages are used when sending a reply to the client or when returning an
error message.
iServer uses the template messages.html in
installdir/html/ when generating messages.
Title and Message may contain CGI variables delimited by %. Some of
the CGI variables are:
request_uri - the requested URI.
request_method - the request method.
Example
405 = 405 Method Not Allowed: %request_method% ;The method specified %request_method% is not supported.
|
mimetypes.ini
|
Contains mime types used in response to client.
Syntax
extension = mime_type
extension
|
the file extension, .extension, the resource must match in
order for the associated MIME to be used.
* is the default MIME type to use when none of the defined file
extensions match.
|
mime_type
|
the MIME type to associate with the file extension.
|
Notes
A mime type is an association between a resources extension and MIME type.
A files MIME, Multipurpose Internet Mail Extension, type is a Web protocol
for defining a files type.
Example
* = application/octet-stream
.htm = text/html
.html = text/html
|
realms.ini
|
Used to store Realm definitions.
Syntax
alias = class_file{?parameter{¶meter}...}
alias
|
the name of the Realm.
|
class_file
|
the Java Class in the form package.class of the Realm
to use.
The CLASSPATH will be searched for the specified Realm.
|
parameter
|
any parameters used during the initialization of the Realm.
Zero or more & delimited key=value pairs can be
specified.
|
Notes
A Realm is a Java Class that is invoked to check access rights when a request
matches a Resource.
Loaded Realms a prefixed with an *.
Example
msaccess = stec.iws.DatabaseRealm ?driver=sun.jdbc.odbc.JdbcOdbcDriver &url=jdbc:odbc:iserver.msaccess &username=admin&password=admin
|
resources.ini
|
Stores resources protected by the Security Manager.
Syntax
alias = realm&type.name
alias
|
the URI to protect.
|
name
|
the name of the group defined in groups.ini,
user defined in users.ini or
host name, IP address or IP range defined in computers.ini.
IP addresses are the form
#.#.#.#,
where # is a number from 0 to 255.
IP ranges are in the form
#.#.#.#-#.#.#.#
or [#|*].[#|*].[#|*].[#|*],
where # is a number from 0 to 255 or * is for
any number in the range of 0 to 255.
|
realm
|
the name of a realm defined in realms.ini
|
type
|
group, user, hostname, ip_address or
ip_range.
|
Example
/samples/protected = default&group.admin
|
rights.ini
|
Contains access rights by the Security Manager.
Syntax
name =
name
|
the request method.
Normally get, post and *.
* represents all access rights.
|
Example
* =
get =
post =
|
servlets.ini
|
Used to store Servlet definitions.
Syntax
alias = class_file{?parameter{¶meter}...}
alias
|
the name of the Servlet.
|
class_file
|
the Java Class in the form package.class of the Servlet
to use.
The CLASSPATH will be searched for the specified Servlet.
|
parameter
|
any parameters used during the initialization of the Servlet.
Zero or more & delimited key=value pairs can be
specified.
|
Notes
A Servlet is a Java Class that is invoked when a request matches a specific
URI.
Example
FileServlet = stec.iws.FileServlet
CgiServlet = stec.iws.CgiServlet ?bindir=./cgi-bin&exec=c:\\command.com /c
|
session.ini
|
Contains parameters used by Sessions Manager.
Syntax
timeout = timeout
interval = interval
source= source
name= name
comment= comment
domain= domain_name
path= uri
max_age= max_age
secure= secured
comment
|
any comments for the session cookie.
iServer Session Cookie is the default for iServer.
Used only when source is set to Cookie.
|
domain_name
|
the domain of the session cookie.
Used only when source is set to Cookie.
|
interval
|
used to schedule to session manager to remove invalid sessions every n
minutes.
5 minutes is the default for iServer.
-1 can be used to never remove invalid sessions. Using this value
is will increase memory requirements and may have a negative impact on
performance.
The number must be at least 1 minute.
Setting this value too large or too small may impact performance and memory
requirements.
|
max_age
|
the maximum number of seconds that a session cookie exists.
-1 is used to maintain the session cookie while the browser is
running.
-1 is the default for iServer.
Used only when Source is set to Cookie.
|
name
|
the name of the session identifier.
iwsSessionID is the default for iServer.
|
secured
|
whether the session cookie should only be sent by the client to the server
using a secure protocol.
y send to cookie using a secure protocol.
n do not send the cookie using a secure protocol.
n is the default for iServer.
This parameter should only be set to y when the server first sends
the session cookie to the client using a secure protocol.
Used only when source is set to Cookie.
|
source
|
the mechanism used to maintain a session's identifier on the client.
Cookie results in a cookie being automatically created on the client's
browser to maintain the session identifier.
URL indicates that the session identifier will be manually
maintained by appending it to all the links. Response.encodeUrl() will
need to be used in servlet generated pages.
Cookie is the default for iServer.
URL should be used when cookies are not supported or allowed
by the client.
|
timeout
|
the maximum number of minutes that a session can exist without being accessed
before it is invalidated.
30 minutes is the default for iServer.
-1 is used to maintain all sessions while the server is running.
Setting this value too large or to -1 may impact performance and
memory requirements.
|
uri
|
the URI of the session cookie.
%base_uri% will be replaced by the requested uri.
Used only when source is set to Cookie.
|
Example
timeout = 30
interval = 5
source=cookie
name=iwsSessionID
comment=iServer Session Cookie
domain=
path=
max_age=-1
secure=n
|
templates.ini
|
Stores templates used by Logger.
Syntax
name = text
name
|
the name of the Access Log Template.
|
text
|
the text to be replaced.
Templates may contain literal text and the following variables delimited by %.
|
Variable
|
Description
|
base_uri
|
The requested uri.
|
content_length
|
The number of bytes sent to the client.
|
date
|
The current date in mm/dd/yy format.
|
edate
|
The current date in yyyy/mm/dd format.
|
error_code
|
Extended error code.
|
host
|
The name of the host server the request was sent to.
|
ldate
|
The current date in mm/dd/yyyy format.
|
local_address
|
The IP address of the server the request was sent to.
|
port
|
The port used.
|
protocol
|
The request protocol.
|
referer
|
The URL from where the request was made.
|
remote_address
|
The IP address of the client making the request.
|
remote_host
|
The name of the client making the request.
|
remote_user
|
The client's name.
|
response_time
|
The number of milliseconds the server spent processing the client's request.
|
request_length
|
The number of bytes sent by the client.
|
request_method
|
The request method being made.
|
request_uri
|
The request made by the client.
|
query_string
|
Any form parameters sent.
|
server_service
|
The server service being processing the request.
|
status_code
|
The status code the server sent to the client.
|
time
|
The current time in hh:mm:ss format.
|
timestamp
|
The current date/time in mm/dd/yyyy:hh:mm:ss timezone format.
|
user_agent
|
The client making the request.
|
Notes
Access Log Templates are used for specifying the fields that the logger will
record in each access log entry.
Example
clf = %remote_address% - - [%timestamp%] "%request_method% %request_uri% %protocol%" %status_code% %content_length%
|
users.ini
|
Stores User definitions used by Security Manager.
Syntax
user_name = {password}
password
|
any password.
|
user_name
|
the name of the User.
|
Notes
Username/Password should not be any obvious word, easily guessed terms,
should be at least 8 characters and should contain letters, numeric and
symbols.
Additionally Username/Password should be kept private, with limited
controlled disclosure and should be changed frequently.
Example
guest = guest
|
workgroup.ini
|
Contains Workgroup Server definitions used by Status Monitor.
Syntax
address%3aport = {user_name},{password}
address
|
the host name or IP address of the server.
IP addresses are the form
#.#.#.#,
where # is a number from 0 to 255.
|
password
|
the password of the administrator.
|
port
|
the port number to use, a value from 1 to 65536.
8080 is the default for iServer.
80 is the default for Web Servers.
|
user_name
|
the username of the administrator.
|
Notes
Workgroup Servers are used by the Status Monitor.
Additionally Username/Password should be kept private, with limited
controlled disclosure and should be changed frequently.
Example
p2%3a8080 = admin,admin
p3%3a80 = ,
|