Appendix E iPlanet Web Server User Interface

Path to Jar File. Specifies the path from which to import PKCS#11 modules in the form of .jar files.

OK. Saves your entries. You must restart the server in order for your changes to take effect.

Reset. Erases your changes and resets the elements in the page to the values they contained before your changes.

Help. Displays online help.

3.6 Server Root. Specifies the server root of Netscape Enterprise Server 3.6.

Alias. Specifies the alias mapped to the key-pair file and certificate file you associated it with in the Administration Server.

Password. Specifies the certificate key-pair password.

OK. Saves your entries. You must restart the server in order for your changes to take effect.

Reset. Erases your changes and resets the elements in the page to the values they contained before your changes.

Help. Displays online help.

• The Cluster Control Page
• The Add Remote Servers to Cluster Database Page


• The Modify Server Settings in Cluster Database Page


• The Remove Servers from Cluster Database Page

• About Clusters
• Preliminary Guidelines for Using Server Clusters


• Setting up a Cluster

Product selector. Specifies the type of server cluster you want to configure. All servers of that type appear listed by their unique server identifier. For example, if you select Web Server, Enterprise Edition, a list of all iPlanet Web Server, Enterprise Edition instances appear on the page. The cluster page changes to display fields that apply to that server type.

Check servers to control. Allows you the select any of the listed servers, change the information for all servers in the cluster, or unselect any servers you have chosen in the page.

Status. Displays whether the server is running or has stopped.

Start, stop, restart. Starts, stops, or restarts the remote servers.

View access, view error. Displays the specified number of lines from either the server's current access log or the error log.

Transfer. Transfers information in the selected configuration file from the selected server.

Status. Displays whether the server is running or has stopped.

Help. Displays online help.

Admin Server Protocol. Specifies the protocol used when contacting the remote administration server. Choose http for normal administration servers. Choose https if the remote administration server is running under SSL.

Admin Server Hostname. Specifies the host name of the remote administration server. If your DNS cannot resolve host names, enter the fully qualified host and domain name (for example, type www.mozilla.com).

Admin Server Port. Specifies the port number of the remote administration server.

OK. Saves your entries.

Reset. Erases your changes and resets the elements in the page to the values they contained before your changes.

Help. Displays online help.

Product Selector. Specifies the type of server you want to change. All servers of that type appear listed by their unique server identifier.

Check Servers To Be Modified. Allows you the select any of the listed servers, change the information for all servers in the cluster, or unselect any servers you have chosen in the page.

Admin Server Protocol. Specifies the protocol used when contacting the remote administration server. Choose http for normal administration servers. Choose https if the remote administration server is running under SSL.

Admin Server Hostname. Specifies the host name of the remote administration server. If your DNS cannot resolve host names, enter the fully qualified host and domain name (for example, type www.mozilla.com).

Admin Server Port. Specifies the port number of the remote administration server.

OK. Saves your entries.

Reset. Erases your changes and resets the elements in the page to the values they contained before your changes.

Help. Displays online help.

Product Selector. Specifies the type of server you want to delete. All servers of that type appear listed by their unique server identifier.

Check Servers To Be Removed. Allows you the select any of the listed servers, change the information for all servers in the cluster, or unselect any servers you have chosen in the page.

OK. Saves your entries.

Reset. Erases your changes and resets the elements in the page to the values they contained before your changes.

Help. Displays online help.

1. Click the Servers tab in the Administration Server.
2. Click Manage Servers. The Manage Servers page appears.
3. Select the iPlanet Web Server instance you want to manage, and click Manage. The Server Manager page appears.

http://hostname.domain-name: administration_port/ server_name/bin/index

• The Preferences Tab (Server Manager)
• The Programs Tab


• The Servlets Tab


• The Security Tab (Server Manager)


• The Status Tab


• The Styles Tab


• The Content Management Tab


• The Web Publishing Tab


• The Search Tab

• The Server On/Off Page
• The View Server Settings Page


• The Restore Configuration Page


• The Performance Tuning Page


• The Native Thread Pool Page (NT)


• The Generic Thread Pools Page (NT)


• The Thread Pools Page (Unix/Linux)


• The Global MIME Types Page


• The Network Settings Page


• The Custom Error Responses Page


• The Dynamic Configuration Files Page


• The Limit Symbolic Links Page (Unix/Linux)


• The Access Control List Management Page


• The Encryption On/Off Page (Server Manager)


• The Encryption Preferences Page (Server Manager)


• The Enforce Strong Security Requirements Page

Server On. Starts the server so that all listening ports are waiting for client connections.

Server Off. Shuts the server down and stops all running processes. After you shut down the server, it may take a few seconds for the server to complete its shut-down process and for the status to change to off.

About This Server. Displays server version and third-party software information in the Version Information page.

Help. Displays online help.

Server Root. Specifies the path in which the server's binaries are stored.

Hostname. Specifies the fully qualified host name of this server (for example, www.mozilla.com).

Port. Specifies the port number servicing HTTP requests when no specific port number is specified. The default is port 80.

Error Log. Specifies the location of the error log. The error log captures all the requests which resulted in an error.

User (Unix/Linux). Specifies the user name under which the server runs. The server user should have restricted access to your system resources. You can often use a user named nobody in this situation. On some systems, however, nobody is not a valid user name. You may not want to give the user nobody group access to all files. If you do not use nobody, create a new Unix/Linux user, such as adm, to be the server user.

MTA Host. Specifies the name of the mail server that this server uses to send mail.

DNS. Allows you to enable the server to do a reverse lookup of a client's IP in the DNS database before executing a CGI script. Servlets also depend on this flag to do reverse lookup.

Security. Specifies whether SSL is running on this server.

NSAPI Library. Displays the absolute path to the NSAPI library.

NSAPI Functions. Displays the NSAPI functions called in the obj.conf file.

Additional Document Directory. Lists the additional directory path to the location of the server's web documents.

NSAPI. Displays the names and arguments of the server's NSAPIs.

Primary Document Directory. Specifies the root directory for documents. You need to change this value only if you change the root directory for documents in the Content Management page.

Restrict Access. Specifies whether access control lists (ACLs) are enabled. ACLs allow you to protect files or directories by implementing access control by user name, password, domain name, or IP address.

Index Filenames. Specifies the names of the file that the browser displays when no file name is specified in a URL. The file names are listed in order of preference.

Default MIME Type. Specifies the MIME type used if a file extension does not match any of the MIME types specified in mime.types file.

Directory Indexing. Specifies the default method for displaying the contents of a directory when there is no file matching one of the default file names. Choose a value from the drop-down list:

• Fancy. Displays each directory entry as a hyperlink with the file size, the last modified time, and an icon next to each entry to indicate the file type.
• Simple. Displays directory entries as plain text hyperlinks.
• None. Does not display directory contents.

Access Log. Specifies the path to the server access log. The access log captures all incoming requests to a server.

For the Style. Specifies information regarding the style, such as whether ACLs are enabled, the location of the NSAPI library, and so on.

Help. Displays online help.

The following elements are displayed:

Set number of sets of backups. Specifies the number of sets of backups. Click Change to apply the change.

Help. Displays online help.

https-server_name.acl. Contains the server access control lists.

magnus.conf. Contains global settings that the server uses for initialization.

obj.conf. Defines specific steps that the server takes to process instructions. In this file, you can specify path translations, and define how things such as cgi and servlet programs are handled.

mime.types. Specifies the path to the file containing the mapping of MIME types returned by the server.

jvml2.conf. Contains the configuration for the Java virtual machine (JVM).

servlets.properties. Contains the name of each servlet and its initialization parameters.

rules.properties. Contains virtual paths for servlets.

webpub.conf. Contains the system settings and file paths. In your server's obj.conf file, the search system initialization is mapped to the webpub.conf file. When you use the Search Configuration and Search Pattern Files pages, the data you input is reflected in the webpub.conf file.

Maximum Simultaneous Requests. Specifies an upper limit on the number of simultaneous requests accepted by the server. When a new request arrives, the server checks to see if it is already processing the maximum number of requests. If it has reached the limit, it defers processing new requests until the number of active requests drops below the maximum amount. Default is 512.

DNS Enabled. Allows you to enable the server to do a reverse lookup of a client's IP in the DNS database before executing a CGI script. Servlets also depend on this flag to do reverse lookup. DNS lookups can slow performance, especially on a server that uses extensive CGI. By default, DNS lookups are not allowed. Instead, hosts are identified by IP address in the CGI environment and in log files.

Async DNS Enabled. Specifies whether asynchronous DNS is enabled. DNS causes multiple threads to be serialized when you use DNS services. If you do not want serialization, enable asynchronous DNS. You can enable it only if you have also enabled DNS. Enabling asynchronous DNS can improve your system's performance if you are using DNS.

DNS Cache Enabled. Determines whether to cache DNS entries. If you enable the DNS cache, the server can store hostname information after receiving it. If the server needs information about the client in the future, the information is cached and available without further querying. Caching DNS entries may slow down the server.

Size of DNS cache. Specifies the size of the DNS cache if you have enabled DNS. The DNS cache can contain 32 to 32768 entries; the default value is 1024 entries.

Expire entries (sec). Specifies the number of seconds to allow before DNS entries are deleted from the cache if you have enabled DNS. Cache entry expiration time can range from 1 second to 1 year (specified in seconds); the default value is 1200 seconds (20 minutes).

Listen Queue Size. Determines the size of the socket-level parameter that specifies the number of incoming connections the system will accept for that socket. If you manage a heavily used web site, make sure your system's listen-queue size is large enough to accommodate the listen-queue size setting from iPlanet Web Server. Setting the listen-queue size too high can degrade server performance. The listen-queue size was designed to prevent the server from becoming overloaded with connections it cannot handle. If your server is overloaded and you increase the listen-queue size, the server will only fall further behind.

HTTP Persistent Connection Timeout. Specifies the number of seconds the server will allow a client connection to remain open with no activity. A web client may keep a connection to the server open so that multiple requests to one server can be serviced by one network connection. Since a given server can handle a finite number of open connections (limited by active threads), a high number of open connections will prevent new clients from connecting. Setting the timeout to a lower value, however, may prevent the transfer of large files as timeout does not refer to the time that the connection has been idle. For example, if you are using a 2400 baud modem, and the request timeout is set to 180 seconds, then the maximum file size that can be transferred before the connection is closed is 432000 bits (2400 multiplied by 180).

OK. Saves your entries. You must click Apply on the top right side of the page for your changes to take effect. If you do not click Apply after you update information, your changes are retained so that you can view and edit it, even though the changes have not taken effect.

Reset. Erases your changes and resets the elements in the page to the values they contained before your changes.

Help. Displays online help.

Minimum Threads. Determines the minimum number of threads in the native thread pool. If unspecified, defaults to 1.

Maximum Threads. Determines the maximum number of threads in the native thread pool. If unspecified, defaults to 128. If you specify 1, you emulate single-threaded behavior.

Queue Size. Determines the number of threads that can wait in the queue for the thread pool. If all threads in the pool are busy, the next request-handling thread that tries to get in the queue is rejected, with the result that it returns a busy response to the client. It is then free to handle another incoming request instead of being tied up waiting in the queue. If unspecified, defaults to an unlimited size.

Stack Size (bytes). Determines the stack size of each thread in the native thread pool. The minimum value you can enter is 65536. Entering 0 specifies the default stack size for the operating system.

OK. Saves your entries. You must click Save and Apply for your changes to take effect.

Reset. Erases your changes and resets the elements in the page to the values they contained before your changes.

Help. Displays online help.

Name of Pool. Specifies the thread pool you are adding.

Minimum Threads. Determines the minimum number of threads in the thread pool.

Maximum Threads. Determines the maximum number of threads in the thread pool. If you specify 1, you emulate single-threaded behavior.

Queue Size. Determines the number of threads that can wait in the queue for the thread pool. If all threads in the pool are busy, the next request-handling thread that tries to get in the queue is rejected, with the result that it returns a busy response to the client. It is then free to handle another incoming request instead of being tied up waiting in the queue.

Stack Size (bytes). Determines the stack size of each thread in the thread pool. The minimum value you can enter is 65536. Entering 0 specifies the default stack size for the operating system.

OK. Saves your entries. You must click Save and Apply for your changes to take effect.

Reset. Erases your changes and resets the elements in the page to the values they contained before your changes.

Help. Displays online help.

Current Thread Pools. Lists the current thread pools. To modify a thread pool, click Edit in the thread pool row. To delete a thread pool, click Remove in the thread pool row.

Name of Pool. Specifies the thread pool you are adding.

Minimum Threads. Determines the minimum number of threads in the pool.

Maximum Threads. Determines the maximum number of threads in the pool. If you specify 1, you emulate single-threaded behavior.

Queue Size. Determines the number of threads that can wait in the queue for the thread pool. If all threads in the pool are busy, the next request-handling thread that tries to get in the queue is rejected, with the result that it returns a busy response to the client. It is then free to handle another incoming request instead of being tied up waiting in the queue.

Stack Size (bytes). Determines the stack size of each thread in the pool. The minimum value you can enter is 65536. Entering 0 specifies the default stack size for the operating system.

OK. Saves your entries. You must click Save and Apply for your changes to take effect.

Reset. Erases your changes and resets the elements in the page to the values they contained before your changes.

Help. Displays online help.

Current Thread Pools. Lists the current thread pools. To modify a thread pool, click Edit in the thread pool row. To delete a thread pool, click Remove in the thread pool row.

New Type. Adds a new MIME type. Fill in the following fields:

Category. Specifies the category of the MIME type. Choose from the following options:

• type. MIME standard set of identifiers for content. MIME is a standard identifier that defines the type of media content and its format so that the heterogeneous client or server applications can interpret the multimedia content that they exchange. The MIME types file contains the default MIME types definitions that will be used for the server.
• enc. A response header field sent with compressed documents in addition to a document's MIME type. It indicates to the client browser the response data has been compressed or modified by a filter, so that the client can decompress the response data before presenting it to the user.
• lang. A language encoding header field specifying the language of the document.

Content-Type. Specifies the nature of the file. For example, the file could be text, video, and so forth. The receiving client (such as Netscape Navigator) uses the header string to determine how to handle the file, (for example, by starting a separate application or using a plug-in application).

File Suffix. Specifies all the file suffixes that will be associated with the content type. To specify more than one extension, separate the entries with a comma. File extensions must be unique; do not map one file extension to two MIME types.

Edit. Allows you to edit the category, content type, or file suffix of the MIME type.

Remove. Removes a MIME type.

Help. Displays online help.

Server Location (Unix/Linux). Displays the absolute path where the server's scripts, icons, and configuration files are stored.

Server User (Unix/Linux). Specifies the user name under which the server runs. The server user should have restricted access to your system resources. You can often use a user named nobody in this situation. On some systems, however, nobody is not a valid user name. You may not want to give the user nobody group access to all files. If you do not use nobody, create a new Unix/Linux user, such as adm, to be the server user.

Server Name. Specifies the fully qualified host name of this server (for example, www.mozilla.com).

Server Port. Specifies the TCP port number to which the server listens to requests. The port number can be any port from 1 to 65535.

Bind To Address. Specifies the IP address of the server.

MTA Host. Specifies the name of the mail server that this server uses to send mail.

OK. Saves your entries. You must click Apply on the top right side of the page for your changes to take effect. If you do not click Apply after you update information, your changes are retained so that you can view and edit it, even though the changes have not taken effect.

Reset. Erases your changes and resets the elements in the page to the values they contained before your changes.

Help. Displays online help.

Editing. Specifies a resource for which you want to customize error responses. If you choose a directory, the customized error responses apply only when the server receives a URL for that directory or any file in that directory.

Browse. Allows you to browse the file system and choose a portion of the server.

Wildcard. Specifies a wildcard pattern to edit. For information on using wildcard patterns, see Wildcards Used in the Resource Picker.

Error Code. Displays the following error codes which you can customize:

• Unauthorized. Specifies the file to display when users without access permissions try to access a document on the server that is protected by access control. You might send information on how they can get access.
• Forbidden. Specifies the file to display when the server does not have file system permissions to read something, or if the server is not permitted to follow symbolic links.
• Not Found. Specifies the file to display when the server cannot find a document or when it has been instructed to deny the existence of a document.
• Server Error. Specifies the file to display when the server is not configured properly or when a catastrophic error occurs, such as the system running out of memory or producing a core dump.

File. Specifies the files that contain your customized error messages.

CGI. Specifies that the file that you specified is a CGI script, and specifies the absolute path to the file or CGI script that you want to return for that error code.

OK. Saves your entries. You must click Apply on the top right side of the page for your changes to take effect. If you do not click Apply after you update information, your changes are retained so that you can view and edit it, even though the changes have not taken effect.

Reset. Erases your changes and resets the elements in the page to the values they contained before your changes.

Help. Displays online help.

Editing. Specifies a resource for which you want to customize error responses. If you choose a directory, the customized error responses apply only when the server receives a URL for that directory or any file in that directory.

Browse. Allows you to browse the files in your server.

Wildcard. Specifies a wildcard pattern to edit. For information on using wildcard patterns, see Wildcards Used in the Resource Picker.

Status message: Dynamic Configuration Is/Is Not Enabled for This Resource. Specifies whether dynamic configuration is enabled. You can enable .nsconfig files in iPlanet Web Server, but you have to manually enable .htaccess files.

Base Directory from URL. Specifies the location where the server starts its search for configuration files from the document root.

Base Directory. Specifies the location where the server starts its search for configuration files from the file system directory.

File Name. Specifies the name of the configuration file to search for within the base directory.

Search. Searches for the file name in either subdirectories or in the base directory.

Disabled Types. Specifies the file types to disable in the directories where dynamic configuration is enabled.

OK. Saves your entries. You must click Apply on the top right side of the page for your changes to take effect. If you do not click Apply after you update information, your changes are retained so that you can view and edit it, even though the changes have not taken effect.

Reset. Erases your changes and resets the elements in the page to the values they contained before your changes.

Help. Displays online help.

Editing. Specifies a resource for which you want to configure symbolic links. If you choose a directory, the symbolic links will apply only when the server receives a URL for that directory or any file in that directory.

Browse. Allows you to browse the file system and choose a portion of the server.

Wildcard. Specifies a wildcard pattern to edit. For information on using wildcard patterns, see Wildcards Used in the Resource Picker.

Allow soft file system links. Specifies whether to allow soft file system links. A symbolic link consists of two files, an original file that contains the data, and another that points to the original file. Symbolic links are more flexible than hard links. Symbolic links can be used across different file systems and can be linked to directories.

Allow hard file system links. Specifies whether to allow hard file system links. A hard link is really two file names that point to the same set of data blocks; the original file and the link are identical. For this reason, hard links cannot be on different file systems.

From Directory. Specifies the path where the server should start looking for file system links. If you enter an absolute path, the server treats the path you give as a prefix. When it recognizes that prefix in a request, the server checks any directories following the prefix for file system links. If you type a partial path, the server looks for the partial path you give as a sub-string of the incoming request. If you enter nolinks, the server looks for a directory called nolinks in the incoming request; if it finds that directory, it checks all following directories for file system links.

OK. Saves your entries. You must click Apply in the upper right portion of the page in order for your changes to take effect.

Reset. Erases your changes and resets the elements in the page to the values they contained before your changes.

Help. Displays online help.

• What Is Access Control?
• How Access Control Works


• Restricting Access to Your Web Site


• Access Control Examples

Editing. Specifies a resource to manage.

Browse. Specifies only a portion of the server.

Wildcard. Specifies a wildcard pattern to edit. For information on using wildcard patterns, see Wildcards Used in the Resource Picker.

Edit Access Control. Edits the access control list for the selected resource.

Editing. Specifies a resource to manage.

Edit Access Control. Edits the selected access control list.

Editing. Specifies a resource to manage.

Edit Access Control. Edits the selected access control list.

Help. Displays online help.

Action. specifies whether to deny or allow access to the users, groups, or hosts.

Users/Groups. Allows you to specify user and group authentication when you click "anyone." The bottom frame allows you to configure User-Group authentication. By default, no users or groups outside of the group admin can access Administration Server resources. For more information, see Specifying Users and Groups.

From Host. Allows you to specify the computers you want to include in the rule when you click "anyplace". In the bottom frame, you can enter wildcard patterns of host names or IP addresses to allow or deny. For more information, see Specifying Host Names and IP Addresses.

Rights. Allows you to specify access rights to files and directories on your web site. In addition to allowing or denying all access rights, you can specify a rule that allows or denies partial access rights. For example, you can give people read-only access rights to your files, so they can view the information but not change the files. This is particularly useful when you use the web publishing feature to publish documents.

Extra. Allows you to specify a customized ACL entry. This is useful if you use the access control API to customize ACLs. For more information, see Writing Customized Expressions.

Continue. Specifies that the next line in the access control rule chain is evaluated before the server determines if the user is allowed access. When creating multiple lines in an access control entry, it's best to work from the most general restrictions to the most specific ones.

Trash Can Icon. Deletes the corresponding line from the access control rules.

Access Control Is On. Specifies whether access control is enabled.

New Line. Adds a default ACL rule to the bottom row of the table. You can use the up and down arrows in the left column to move the rule.

Response when Denied. Specifies the response a user sees when denied access. You can vary the message for each access control object. By default, the user is sent a message saying that the file was not found (the HTTP error code 404 Not Found is also sent).

Submit. Saves your entries.

Revert. Erases your changes and resets the elements in the page to the values they contained before your changes.

Help. Displays the online help.

Allow. Allows the user, group, or host access.

Deny. Denies the user, group, or host access.

Update. Saves your entries.

Reset. Erases your changes and resets the elements in the page to the values they contained before your changes.

Help. Displays the online help.

Anyone (No Authentication). Allows everyone access to the resource. No authentication is required.

Authenticated people only. Allows only authenticated users and groups to access the resource. Choose from the following options:

• All in the Authentication Database. Allows all users and groups in the LDAP directory.
• Only the Following People. Allows only the users and groups specified. Click List under Group or User to list or search for groups and users in the LDAP directory.

Prompt for Authentication. Allows you specify message text that appears in the authentication dialog box. You can use this text to describe what the user needs to enter. Depending on the operating system, the user will see about the first 40 characters of the prompt. Netscape Navigator and Netscape Communicator cache the username and password and associate them with the prompt text. This means that if the user accesses areas (files and directories) of the server that have the same prompt, the user will not have to retype usernames and passwords. Conversely, if you want to force users to reauthenticate for various areas, you must change the prompt for the ACL on that resource.

Authentication Methods.. Specifies the method the server uses when getting authentication information from the client.

• Default uses the default method you specify in the obj.conf file, or "Basic" if there is no setting in obj.conf. If you check Default, the ACL rule doesn't specify a method in the ACL file. Default is the best choice because you can easily change the methods for all ACLs by editing one line in the obj.conf file.
• Basic uses the HTTP method to get authentication information from the client. The username and password are only encrypted if encryption is turned on for the server.
• SSL uses the client certificate to authenticate the user. If you use this method, SSL must be turned on for the server. If you have encryption on, you can combine Basic and SSL methods.
• Other uses a custom method you create using the access control API.

Authentication Database. Lets you select a database that the server uses to authenticate users. The default setting means the server looks for users and groups in an LDAP directory. However, you can configure individual ACLs to use different databases. You can specify different databases and LDAP directories in the file server_root/userdb/dbswitch.conf. Then, you can choose the database you want to use in the ACL by selecting it in the drop-down list. If you use the access control API to use a custom database (for example, to use an Oracle or Informix database), you can type the name of the database in the "Other" field in the User/Group window.

Update. Saves your entries.

Reset. Erases your changes and resets the elements in the page to the values they contained before your changes.

Help. Displays the online help.

Any place. Allows any machine access to the resource.

Only from. Allows only the specified host names or IP address access to the resource. You specify this restriction by using wildcard patterns that match the machines' host names or IP addresses. For example, to allow or deny all computers in a specific domain, you would enter a wildcard pattern that matches all hosts from that domain, such as *.iplanet.com.

Update. Saves your entries.

Reset. Erases your changes and resets the elements in the page to the values they contained before your changes.

Help. Displays the online help.

All Access Rights. Allows the user, group, or host all access rights: read, write, execute, delete, list, and info.

Only the Following Rights. Allows the user, group, or host only the selected access rights. Choose from the following:

• Read. Allows a user view a file. Read access right includes the HTTP methods GET, HEAD, POST, and INDEX.
• Write. Allows a user change or delete a file. Write access right includes the HTTP methods PUT, DELETE, MKDIR, RMDIR, and MOVE. To delete a file, a user must have both write and delete privileges.
• Execute. Allows a user to execute server-side applications, such as CGI programs and Java applets.
• Delete. Allows a user who also has write privileges to delete a file or directory.
• List. Allows a user to get directory information. The user can get a list of the files in that directory. This applies to Web Publisher and to directories that do not contain an index.html file.
• Info. Allows a user to get headers (http_head method). This is mainly used by the Web Publisher.

Update. Saves your entries.

Reset. Erases your changes and resets the elements in the page to the values they contained before your changes.

Help. Displays the online help.

Customize Expressions. Allows you to enter custom expressions for an ACL in the text box. You can use this feature if you are familiar with the syntax and structure of ACL files. For more information on customized expressions, see Writing Customized Expressions, and ACL File Syntax.

Update. Saves your entries.

Reset. Erases your changes and resets the elements in the page to the values they contained before your changes.

Help. Displays the online help.

Respond with the Default File (Redirection Off). Displays the HTTP error code 404 Not Found error when the file being requested is not found.

Respond with the Following URL: (Redirection On). Specifies a URL or the absolute path to a text or HTML file in your server's document root that you want to send to users when they are denied access. Be sure the server has read access to this file on your system—it's a good idea to have the file in a directory under the server root.

• About iPlanet Web Server Security
• Using Secure Sockets Layer (SSL)


• Additional Server Security Considerations

Encryption. Specifies whether encryption is activated for the server.

Port Number. Specifies the port number that the server runs on. Port numbers can be any number from 1 to 65535; however, the standard secure server port is 443.

OK. Saves your entries. You must click Apply on the top right side of the page for your changes to take effect. If you do not click Apply after you update information, your changes are retained so that you can view and edit it, even though the changes have not taken effect.

Reset. Erases your changes and resets the elements in the page to the values they contained before your changes.

Help. Displays online help.

Allow. Specifies which SSL versions the server allows. Choose one or both of the following:

• SSL version 2. An older version of SSL that clients may use.
• SSL version 3. A more recent and more secure version of SSL.

Require Client Certificates (Regardless of Access Control). Specifies whether the server should refuse any client who does not have a client certificate from a trusted CA.

SSL 2.0 Ciphers. Specifies which algorithms for the 2.0 version of SSL to use in encryption.

SSL 3.0 Ciphers. Specifies which algorithms for the 3.0 version of SSL to use in encryption.

OK. Saves your entries. You must click Apply on the top right side of the page for your changes to take effect. If you do not click Apply after you update information, your changes are retained so that you can view and edit it, even though the changes have not taken effect.

Reset. Erases your changes and resets the elements in the page to the values they contained before your changes.

Help. Displays online help.

• Specifying Ciphers
• Setting Stronger Ciphers

Editing. Specifies the resource for which you want to require the secret key size.

Browse. Allows you to browse your file system.

Wildcard. Specifies a wildcard pattern. For information on using wildcard patterns, see Wildcards Used in the Resource Picker.

Require 168 Bit or Larger Secret Key Size for Access. Specifies that the client must have a minimum of 168 bits in the secret key in order to successfully gain access to the server. This option is available only in the domestic version of iPlanet Web Server.

Require 128 Bit or Larger Secret Key Size for Access. Specifies that the client must have a minimum of 128 bits in the secret key in order to successfully gain access to the server. This option is available only in the domestic version of iPlanet Web Server.

Require 56 Bit or Larger Secret Key Size for Access. Specifies that the client must have a minimum of 58 bits in the secret key in order to successfully gain access to the server.

No Restrictions on Secret Key Size. Specifies that there are no minimum requirements on the secret key size.

Reject Access with File. Specifies a path to the file that will be served when the secret key size restriction is not met. If no file is specified, the server returns a "Forbidden" error.

OK. Saves your entries. You must click Apply on the top right side of the page for your changes to take effect. If you do not click Apply after you update information, your changes are retained so that you can view and edit it, even though the changes have not taken effect.

Reset. Erases your changes and resets the elements in the page to the values they contained before your changes.

Help. Displays online help.

• The CGI Directory Page
• The CGI as a File Type Page


• The Query Handler Page


• The WAI Administration Page


• The WINCGI Directory Page (Windows NT)


• The Shell CGI Directory Page (Windows NT)


• The Activate Server-Side JavaScript Page

URL Prefix. Specifies the URL prefix for the CGI directory. The text you type in this field appears as the directory for the CGI programs in URLs.

http://yourserver.domain.com/cgi-bin/program-name

CGI Directory. Specifies the absolute path of the CGI directory. This this directory does not have to be under your document root.

OK. Saves your entries. You must click Apply on the top right side of the page for your changes to take effect. If you do not click Apply after you update information, your changes are retained so that you can view and edit it, even though the changes have not taken effect.

Reset. Erases your changes and resets the elements in the page to the values they contained before your changes.

Help. Displays online help.

Current CGI Directories. Lists all CGI directories currently defined for the server. To modify a CGI directory, click Edit in the directory row. To delete a CGI directory, click Remove in the directory row.

Editing. Specifies the resource you want to specify as a shell CGI type. If you choose a directory, all the files in that directory will be treated as a shell CGI script.

Browse. Allows you to browse your file system.

Wildcard. Specifies a wildcard pattern. For information on using wildcard patterns, see Wildcards Used in the Resource Picker.

Activate CGI as a File Type. Activates CGI as a file type and associates a file extension with the shell CGI feature in the server, such as an association for files with the .pl extension. When the server gets a request for a file with that extension, the server knows to treat the file as a shell CGI file by calling the executable associated in Windows NT with that file extension. If you activated CGI, WinCGI, and shell CGI file types, you must specify a unique suffix for each type of CGI. For example, you cannot use the suffix .exe for both a CGI program and a shell CGI program.

OK. Saves your entries. You must click Apply on the top right side of the page for your changes to take effect. If you do not click Apply after you update information, your changes are retained so that you can view and edit it, even though the changes have not taken effect.

Reset. Erases your changes and resets the elements in the page to the values they contained before your changes.

Help. Displays online help.

Editing. Specifies a resource to edit. If you choose a directory, the query handler you specify runs only when the server receives a URL for that directory or any file in that directory.

Browse. Allows you to browse your file system.

Wildcard. Specifies a wildcard pattern. For information on using wildcard patterns, see Wildcards Used in the Resource Picker.

Default Query Handler. Specifies the absolute path for the CGI program used as the default for the resource you chose.

OK. Saves your entries. You must click Apply on the top right side of the page for your changes to take effect. If you do not click Apply after you update information, your changes are retained so that you can view and edit it, even though the changes have not taken effect.

Reset. Erases your changes and resets the elements in the page to the values they contained before your changes.

Help. Displays online help.

Enable WAI Services. Enables Internet Inter-ORB Protocol (IIOP) support in the server. You may have other (non-WAI) applications that need this support. If you need IIOP support, enable WAI services.

OK. Saves your entries. You must click Apply on the top right side of the page for your changes to take effect. If you do not click Apply after you update information, your changes are retained so that you can view and edit it, even though the changes have not taken effect.

Reset. Erases your changes and resets the elements in the page to the values they contained before your changes.

Help. Displays online help.

• Installing Windows NT CGI Programs
• Specifying a Windows NT CGI Directory


• Specifying Windows NT CGI as a File Type

URL Prefix. Specifies the URL prefix you want to use for the WINCGI directory. That is, the text you type appears as the directory for the Windows CGI programs in URLs.

The URL prefix can be different from the real Windows CGI directory you specify in the WINCGI Directory field.

WINCGI directory. Specifies the location of the CGI directory as an absolute path. This directory does not have to be under your document root.

Enable Script Tracing. Specifies whether your server will use script tracing. CGI parameters are passed from the server to Windows CGI programs through files, which the server normally deletes after the Windows CGI program finishes execution. If you enable script tracing, these files are retained in a /temp directory or wherever the environment variables TMP and TEMP are pointing. Also, any window that the Windows CGI program brings up is shown when script tracing is enabled.

OK. Saves your entries. You must click Apply on the top right side of the page for your changes to take effect. If you do not click Apply after you update information, your changes are retained so that you can view and edit it, even though the changes have not taken effect.

Reset. Erases your changes and resets the elements in the page to the values they contained before your changes.

Help. Displays online help.