File
|
Description
|
acl.ini
|
Stores Access Control Lists (ACL) used the by Security Manager.
Syntax
type.name = right {, right}
name
|
the name of the group defined in groups.ini,
user defined in users.ini or
host name, IP address or IP range defined in computers.ini.
IP addresses are the form
#.#.#.#,
where # is a number from 0 to 255.
IP ranges are in the form
#.#.#.#-#.#.#.#
or [#|*].[#|*].[#|*].[#|*],
where # is a number from 0 to 255 or * is for
any number in the range of 0 to 255.
|
right
|
one or more comma delimited list of rights defined in rights.ini.
* represents all access rights.
|
type
|
group, user, hostname, ip_address or
ip_range.
|
Example
group.admin = *
group.public = get,post
hostname.p2 = *
ip_address.168.192.0.10 = get,post
ip_range.168.192.0.* = get,post
ip_range.131.192.0.10-168.192.0.20 = get,post
|
aliases.ini
|
Stores aliases used in translating the requested URI to a physical file,
Servlet defined in servlets.ini or Servlet Context defined in
contexts.ini.
Syntax
alias = type:resource
alias
|
the URI, file extension, or MIME type that the request must match.
* is used specify the default Servlet Context.
|
type
|
file, filter, mime, servlet or context.
If not specified, file is the default type.
File is used when translating a URI to a specific physical file.
A Filter is a Servlet that is used when a reference is made to a
resource which ends with a specific file extension.
A MIME is a Servlet that is used when a reference is made to a
resource that returns content of the specified MIME type. MIME
definitions required that Servlet Chaining be enabled.
A Servlet is a Java Class that is invoked when a request matches a
specific URI.
A Servlet Context is used to maintain shared values across multiple
Servlets associated by a common base URI.
|
archives.ini
|
Stores information used by Configuration Archives.
Syntax
timestamp = path&description
description
|
a description to associate with the Configuration Archive.
|
path
|
the directory path that will contain the archived configuration files.
Configuration Archives are created in the ./archives directory
relative to the base directory, normally /iws.
|
timestamp
|
the date and time used to identify the Configuration Archive.
|
Example
20000719232214 = ./archives/20000719232214&base configuration
|
resource
|
the path to an existing physical file, the name of a servlet
defined in servlets.ini or the name of a context defined in
contexts.ini.
For physical files, $wwwroot will be replaced by the base directory of
requested virtual host.
When specifying a path each \ must be entered twice.
|
Example
/ = servlet:FileServlet
.shtml = filter:SSIncludeServlet
/tests = file:d:\\tests
application/x-compress = mime:CompressServlet
* = context:Default
|
computers.ini
|
Stores host names, IP addresses and IP ranges used by the Security Manager.
Syntax
name = hostname
address = ip_address
range = ip_range
address
|
the IP address in the form
#.#.#.#,
where # is a number from 0 to 255.
|
name
|
the host name.
|
range
|
the IP range in the form
#.#.#.#-#.#.#.#
or [#|*].[#|*].[#|*].[#|*],
where # is a number from 0 to 255 or * is for
any number in the range of 0 to 255.
|
Example
p2 = hostname
168.192.0.10 = ip_address
168.192.0.* = ip_range
131.192.0.10-168.192.0.20 = ip_range
|
contexts.ini
|
Contains Servlet Context definitions.
Syntax
alias = parameter{¶meter}...}
alias
|
the named associated with the Servlet Context.
Default is the default URI.
|
parameter
|
any parameters used during the initialization of the Servlet Context.
Zero or more & delimited key=value pairs can be
specified.
|
Example
Default =
|
country_codes.ini
|
Stores information used by Configuration Archives.
Syntax
code = name
code
|
the country's 2 letter code.
|
name
|
the name of the country.
|
Example
AW = ARUBA
|
dbpools.ini
|
Contains Connection Pool definitions.
Syntax
name = driver=driver&url=url{
&username=user_name}{&password=password}
&init_size=init_size&max_size=max_size
&timeout=timeout{&key=
value}...
driver
|
the JDBC driver for the database.
|
init_size
|
the number of connections to start off with when the server is started.
10 is the default for iServer.
The initial size must be a value greater than 1.
|
key
|
the id of any optional parameter used by the JDBC driver during the creation of the Connection Pool.
|
max_size
|
the maximum number of connections to allow.
20 is the default for iServer.
The value must be equal to or greater than the value for initial size.
|
name
|
the name of the connection pool.
|
password
|
any password associated with the specified user ID.
If not specified then null will be used.
|
timeout
|
the maximum number of minutes that an inactive connection will remain open in
the connection pool before it is closed.
30 minutes is the default for iServer.
-1 is used to always keep the connection open in the pool while the
server is running.
The number must be at least 1.
Setting this value too large or to -1 may result in database
connection timeouts and setting this value to small may impact performance
and memory requirements.
This parameter is ignored when Connection Pool Interval in Server,
connection_pool_interval in iws.ini, is set to -1.
|
url
|
the URL to the database.
|
user_name
|
any user ID used to access the database.
If not specified then null will be used.
|
value
|
the value of any optional parameter used by the JDBC driver during the creation of the Connection Pool.
|
Notes
Using connection Pools may improve a server's performance.
Example
iob = driver=sun.jdbc.odbc.JdbcOdbcDriver &url=jdbc:odbc:iob &init_size=10&max_size=20
|
groups.ini
|
Stores Group definitions used by the Security Manager.
Syntax
group_name = user_name{,user_name}
group_name
|
the name of the Group.
|
user_name
|
the users in the group.
One or more comma delimited usernames defined in users.ini.
|
Example
public = guest
|
hosts.ini
|
Used to store Virtual Host definitions.
Syntax
hostname = root_dir
hostname
|
the name of the server.
* is the default server name to use when none of the defined hosts
names match.
|
root_dir
|
the root directory for html files and documents.
./wwwroot is the default for iServer.
./public_html is also a popular value used by Web Servers.
All references to files are made relative the base directory.
|
Example
* = ./servlets/default
iob = ./servers/iob
|
iws.ini
|
Contains general parameters used by iServer.
Syntax
backlog = backlog
connections = connections
connection_pool_interval = connection_pool_interval
default = default_files
directory = dir_access_enabled
dns_lookup = dns_lookup_enabled
ip_address = ip_address
keep_alive = keep_alive_enabled
keep_alive_timeout = keep_alive_timeout
keep_alive_requests = keep_alive_requests
max_connections = max_connections
password = password
port = port
preload_servlets = servlets
remote_admin = remote_admin_enabled
security = security_enabled
servlet_chaining = servlet_chaining_enabled
shell = shell_access_enabled
shutdown_delay = shutdown_delay
ssl = ssl_enabled
tempdir = tempdir
timeout = timeout
username = user_name
backlog
|
the maximum number of pending request to queue.
50 is the default for iServer.
The number specified must be greater than or equal to 0.
|
connections
|
the default number of threads to startup.
25 is the default for iServer.
The number specified must be greater than or equal to 5.
|
connection_pool_interval
|
the number of minutes between running the Connection Pool Monitor.
5 minutes is the default for iServer.
-1 can be used to keep connections open in the pool. Using
this value may result in database connection timeouts.
The number must be at least 1.
Setting this value too small may impact performance and setting this value
too large can result in database connection timeouts.
|
default_files
|
the name of the default html document to use when one is not specified.
index.html is the default for iServer.
Zero or more comma delimited file names can be specified.
|
dir_access_enabled
|
whether to allow directories to be displayed.
Use y to enable and n to disable.
n is the default for iServer.
Setting this value to y is potentially a security hole.
iServer's FileServlet uses directory.html and directory_item.tf
in iws_dir/html/ when display directories, where
iws_dir is the directory where iServer was installed or deployed.
|
dns_lookup_enabled
|
whether to lookup the name of the remote client.
Use y to enable and n to disable.
If set to n then the IP address of the remote client will be used.
n is the default for iServer.
Setting this value to y may have a negative impact on performance.
|
ip_address
|
the IP address or the host name to listen to.
* indicates any ip address or host name.
* is the default for iServer.
|
keep_alive_enabled
|
used to indicate whether the connection should be kept opened between requests.
Use y to enable and n to disable.
y is the default for iServer.
Setting this value to n may have a negative impact on performance.
|
keep_alive_requests
|
the maximum number of consecutive requests that will be allowed before the
connection is closed.
5 is the default for iServer.
-1 can be used to always keep the connection alive. Using this value
is dangerous and opens the server to denial of service attacks.
The number must be at least 5.
Setting this value too large may result in denial of service.
|
keep_alive_timeout
|
The maximum number of seconds to service a client requests before closing
the connection.
30 seconds is the default for iServer.
-1 can be used to always keep the connection alive. Using this value
is dangerous and opens the server to denial of service attacks.
The number must be 15 or more seconds.
Setting this value too large may result in denial of service.
|
max_connections
|
the maximum number of threads to startup.
50 is the default for iServer.
The value must be greater than or equal to the number of connections.
|
password
|
the password of the administrator.
admin is the default password.
|
port
|
the port number to use, a value from 1 to 65536.
8080 is the default port for iServer.
80 is the default port for Web Servers.
443 is the default port for SSL Web Servers.
Only one application at a time can use any given port number.
|
remote_admin_enabled
|
whether to allow computers other than localhost (127.0.0.1) to administer iServer.
Use y to enable and n to disable.
y is the default for iServer.
Setting this value to y is potentially a security hole.
|
user_name
|
The username of the administrator.
admin is the default username.
|
security_enabled
|
whether to check if a client can access resources being requested.
Use y to enable and n to disable.
y is the default for iServer.
Setting this value to y may have a negative impact on performance.
|
servlet_chaining_enabled
|
whether to allow Servlet chaining.
Use y to enable and n to disable.
n is the default for iServer.
Setting this value to y may have a negative impact on performance.
|
servlets
|
any Servlets defined in servlets.ini to preload.
Zero or more comma delimited list of Servlet aliases.
Normally FileServlet is loaded.
|
shell_access_enabled
|
whether to allow CGI scripts and SSI #exec to have shell access.
Use y to enable and n to disable.
n is the default for iServer.
Setting this value to y is potentially a security hole.
|
shutdown_delay
|
the number of seconds to wait for requests being processed to complete before
shutting down the server.
60 seconds is the default for iServer.
-1 can be used to wait for all requests to finish processing. Using
this value may result in the server hanging while trying to shutdown waiting
for a request the will never complete.
|
ssl_enabled
|
whether Secure Socket Layer (SSL) is enabled.
Use y to enable and n to disable.
n is the default for iServer.
Setting this value to y requires Java 1.2.0 or later and may have a
negative impact on performance.
|
tempdir
|
the temporary directory used by the servlet context manager.
./temp is the default for iServer.
If a relative directory is specified then the temporary directory is relative to the iServer's base directory.
|
timeout
|
the number of milliseconds to wait for the client to respond before closing
the connection.
300000 milliseconds, 5 minutes, is the default for iServer.
If -1 is used the connection will never to timeout. Using this
value is dangerous and opens the server to denial of service attacks.
If the value is less 1000 then 1000 will be used.
|
Notes
Administrators should immediately change the default Username/Password from
the Server form [Login > Monitor > Control Panel > Manage >
Server].
Username/Password should not be any obvious word, easily guessed terms,
should be at least 8 characters and should contain letters,
numeric and symbols.
Additionally Username/Password should be kept private, with limited
disclosure and should be changed frequently.
Example
connections = 25
max_connections = 50
timeout = 300000
ip_address = *
port = 8080
directory = n
default = index.html
shell = n
username = admin
password = admin
keep_alive = y
keep_alive_timeout = 30
keep_alive_requests = 5
preload_servlets = FileServlet
security = y
connection_pools = y
shutdown_delay = 60
dns_lookup = n
backlog = 50
remote_admin = y
servlet_chaining = n
ssl = n
|
keystore.ini
|
Contains Keystore parameters used by Secure Socket Layer (SSL) service.
Syntax
authenticate_client = authenticate_client
key_algorithm = key_algorithm
keystore_file = keystore_file
keystore_password = keystore_password
keystore_type = keystore_type
protocol = protocol
provider_classfile = provider_classfile
authenticate_client
|
whether to authenticate the client.
Use y to enable and n to disable.
n is the default for iServer.
Setting this value to y may have a negative impact on performance.
|
keystore_file
|
the name of file that will store the certificates, normally
./config/keystore.db.
|
keystore_password
|
the password used to protect the keystore.
password is the default password.
|
keystore_type
|
the type of keystore, normally JKS.
|
protocol
|
the security protocol, normally TLS.
Transport Layer Security (TLS) version 1.0 is supported.
|
provider_classfile
|
the Java Cryptography Architecture (JCA) provider, normally
com.sun.net.ssl.internal.ssl.Provider.
iServer's Secure Socket Layer (SSL) support uses Java 2 JCE and JSSE
extensions.
|
Example
authenticate_client = n
key_algorithm = SunX509
keystore_file = ./config/keystore.db
keystore_password = password
keystore_type = JKS
protocol = TLS
provider_classfile = com.sun.net.ssl.internal.ssl.Provider
|
locales.ini
|
Contains locales used by Request/Response Objects.
Syntax
locale = encoding
encoding
|
the ISO code for the locale.
|
locale
|
the locale's identifier.
* is the default locale to use when none of the defined locales match.
|
Example
* = ISO-8859-1
en = ISO-8859-1
es = ISO-8859-1
|
logger.ini
|
Contains values used by the Logger.
Syntax
ignore_exceptions = ignore_exceptions
log_access = log_access_enabled
log_events = log_events_enabled
log_errors = log_errors_enabled
service = class_file{?parameter{¶meter}...}
class_file
|
the Java Class in the form package.class of the Logger
to use.
The CLASSPATH will be searched for the specified Logger.
|
ignore_exceptions
|
any exceptions to ignore.
Zero or more Java Exception classes can be specified.
java.net.SocketException is the default.
|
log_access_enabled
|
whether or not to log requests.
y is the default for iServer.
Setting this value to n will result in no access log being
maintained. Setting this value to y may have a negative impact on
performance.
|
log_errors_enabled
|
whether or not to log errors.
y is the default for iServer.
Setting this value to n will result in no log being maintained for
errors. Setting this value to y may have a negative impact on
performance.
|
log_events_enabled
|
whether or not to log events.
y is the default for iServer.
Setting this value to n will result in no log being maintained for
events. Setting this value to y may have a negative impact on
performance.
|
parameter
|
any parameters used during the initialization of the Logger.
Zero or more & delimited key=value pairs can be
specified.
|
Example
log_access = y
log_events = y
log_errors = y
service = stec.iws.FileLogger ?basedir=./logs &access_log_template=default &log_rollover_interval=weekly &interval=0
|
messages.ini
|
Stores error codes and messages returned to client on error.
Syntax
error_code = title{;message}
error_code
|
the HTTP return code to associate with this message.
|
message
|
any message to display for this error code.
|
title
|
the title to display and return to the client in the header.
|
Notes
Messages are used when sending a reply to the client or when returning an
error message.
iServer uses the template messages.html in
iws_dir/html/ when generating messages, where
iws_dir is the directory where iServer was installed or deployed.
Title and Message may contain CGI variables delimited by %. Some of
the CGI variables are:
request_uri - the requested URI.
request_method - the request method.
Example
405 = 405 Method Not Allowed: %request_method% ;The method specified %request_method% is not supported.
|
mimetypes.ini
|
Contains mime types used in response to client.
Syntax
extension = mime_type
extension
|
the file extension, .extension, the resource must match in
order for the associated MIME to be used.
* is the default MIME type to use when none of the defined file
extensions match.
|
mime_type
|
the MIME type to associate with the file extension.
|
Notes
A mime type is an association between a resources extension and MIME type.
A files MIME, Multipurpose Internet Mail Extension, type is a Web protocol
for defining a files type.
Example
* = application/octet-stream
.htm = text/html
.html = text/html
|
realms.ini
|
Used to store Realm definitions.
Syntax
alias = class_file{?parameter{¶meter}...}
alias
|
the name of the Realm.
|
class_file
|
the Java Class in the form package.class of the Realm
to use.
The CLASSPATH will be searched for the specified Realm.
|
parameter
|
any parameters used during the initialization of the Realm.
Zero or more & delimited key=value pairs can be
specified.
|
Notes
A Realm is a Java Class that is invoked to check access rights when a request
matches a Resource.
Example
msaccess = stec.iws.DatabaseRealm ?driver=sun.jdbc.odbc.JdbcOdbcDriver &url=jdbc:odbc:iserver.msaccess &username=admin&password=admin
|
resources.ini
|
Stores resources protected by the Security Manager.
Syntax
alias = realm&type.name
alias
|
the URI to protect.
|
name
|
the name of the group defined in groups.ini,
user defined in users.ini or
host name, IP address or IP range defined in computers.ini.
IP addresses are the form
#.#.#.#,
where # is a number from 0 to 255.
IP ranges are in the form
#.#.#.#-#.#.#.#
or [#|*].[#|*].[#|*].[#|*],
where # is a number from 0 to 255 or * is for
any number in the range of 0 to 255.
|
realm
|
the name of a realm defined in realms.ini
|
type
|
group, user, hostname, ip_address or
ip_range.
|
Example
/samples/protected = default&group.admin
|
rights.ini
|
Contains access rights by the Security Manager.
Syntax
name =
name
|
the request method.
Normally get, post and *.
* represents all access rights.
|
Example
* =
get =
post =
|
servlets.ini
|
Used to store Servlet definitions.
Syntax
alias = class_file{?parameter{¶meter}...}
alias
|
the name of the Servlet.
|
class_file
|
the Java Class in the form package.class of the Servlet
to use.
The CLASSPATH will be searched for the specified Servlet.
|
parameter
|
any parameters used during the initialization of the Servlet.
Zero or more & delimited key=value pairs can be
specified.
|
Notes
A Servlet is a Java Class that is invoked when a request matches a specific
URI.
Example
FileServlet = stec.iws.FileServlet
CgiServlet = stec.iws.CgiServlet ?bindir=./cgi-bin&exec=c:\\command.com /c
|
session.ini
|
Contains parameters used by the Sessions Manager.
Syntax
timeout = timeout
interval = interval
source= source
name= name
comment= comment
domain= domain_name
path= uri
max_age= max_age
secure= secured
comment
|
any comments for the session cookie.
iServer Session Cookie is the default for iServer.
Used only when source is set to Cookie.
|
domain_name
|
the domain of the session cookie.
Used only when source is set to Cookie.
|
interval
|
used to schedule to session manager to remove invalid sessions every n
minutes.
5 minutes is the default for iServer.
-1 can be used to never remove invalid sessions. Using this value
is will increase memory requirements and may have a negative impact on
performance.
The number must be at least 1 minute.
Setting this value too large or too small may impact performance and memory
requirements.
|
max_age
|
the maximum number of seconds that a session cookie exists.
-1 is used to maintain the session cookie while the browser is
running.
-1 is the default for iServer.
Used only when Source is set to Cookie.
|
name
|
the name of the session identifier.
iwsSessionID is the default for iServer.
|
secured
|
whether the session cookie should only be sent by the client to the server
using a secure protocol.
y send to cookie using a secure protocol.
n do not send the cookie using a secure protocol.
n is the default for iServer.
This parameter should only be set to y when the server first sends
the session cookie to the client using a secure protocol.
Used only when source is set to Cookie.
|
source
|
the mechanism used to maintain a session's identifier on the client.
Cookie results in a cookie being automatically created on the client's
browser to maintain the session identifier.
URL indicates that the session identifier will be manually
maintained by appending it to all the links. Response.encodeUrl() will
need to be used in servlet generated pages.
Cookie is the default for iServer.
URL should be used when cookies are not supported or allowed
by the client.
|
timeout
|
the maximum number of minutes that a session can exist without being accessed
before it is invalidated.
30 minutes is the default for iServer.
-1 is used to maintain all sessions while the server is running.
Setting this value too large or to -1 may impact performance and
memory requirements.
|
uri
|
the URI of the session cookie.
%base_uri% will be replaced by the requested uri.
Used only when source is set to Cookie.
|
Example
timeout = 30
interval = 5
source=cookie
name=iwsSessionID
comment=iServer Session Cookie
domain=
path=
max_age=-1
secure=n
|
templates.ini
|
Stores templates used by the Logger.
Syntax
name = text
name
|
the name of the Access Log Template.
|
text
|
the field mask to use.
Templates may contain literal text and the following variables delimited by
%:
|
Variable
|
Description
|
base_uri
|
The requested uri.
|
content_length
|
The number of bytes sent to the client.
|
date
|
The current date in mm/dd/yy format.
|
edate
|
The current date in yyyy/mm/dd format.
|
error_code
|
Extended error code.
|
host
|
The name of the host server the request was sent to.
|
ldate
|
The current date in mm/dd/yyyy format.
|
local_address
|
The IP address of the server the request was sent to.
|
port
|
The port used.
|
protocol
|
The request protocol.
|
referer
|
The URL from where the request was made.
|
remote_address
|
The IP address of the client making the request.
|
remote_host
|
The name of the client making the request.
|
remote_user
|
The client's name.
|
response_time
|
The number of milliseconds the server spent processing the client's request.
|
request_length
|
The number of bytes sent by the client.
|
request_method
|
The request method being made.
|
request_uri
|
The request made by the client.
|
query_string
|
Any form parameters sent.
|
server_service
|
The server service being processing the request.
|
status_code
|
The status code the server sent to the client.
|
time
|
The current time in hh:mm:ss format.
|
timestamp
|
The current date/time in mm/dd/yyyy:hh:mm:ss timezone format.
|
user_agent
|
The client making the request.
|
xdate
|
The current date in yyyy-mm-dd format.
|
xtimestamp
|
The current date/time in dd/mmm/yyyy:hh:mm:ss timezone format.
|
Notes
Access Log Templates are used for specifying the fields that the logger will
record in each access log entry.
Example
clf = %remote_address% - - [%timestamp%] "%request_method% %request_uri% %protocol%" %status_code% %content_length%
|
users.ini
|
Stores User definitions used by the Security Manager.
Syntax
user_name = {password}
password
|
any password.
|
user_name
|
the name of the User.
|
Notes
Username/Password should not be any obvious word, easily guessed terms,
should be at least 8 characters and should contain letters, numeric and
symbols.
Additionally Username/Password should be kept private, with limited
disclosure and should be changed frequently.
Example
guest = guest
|
workgroup.ini
|
Contains Workgroup Server definitions used by the Status Monitor.
Syntax
protocol%3A%2F%2Faddress%3Aport = {user_name},{password}
address
|
the host name or IP address of the server.
IP addresses are the form
#.#.#.#,
where # is a number from 0 to 255.
|
password
|
the password of the administrator.
|
port
|
the port number to use, a value from 1 to 65536.
8080 is the default port for iServer.
80 is the default port for Web Servers.
443 is the default port for SSL Web Servers.
|
protocol
|
the Web protocol to use, [http|https].
http is the default protocol for iServer.
http is the default protocol for Web Servers.
https is the default protocol for SSL Web Servers.
|
port
|
the port number to use, a value from 1 to 65536.
8080 is the default port for iServer.
80 is the default port for Web Servers.
443 is the default port for SSL Web Servers.
|
user_name
|
the username of the administrator.
|
Notes
Workgroup Servers are used by the Status Monitor.
Additionally Username/Password should be kept private, with limited
disclosure and should be changed frequently.
Example
HTTP%3A%2F%2Fp2%3A8080 = admin,admin
HTTP%3A%2F%2Fp3%3A80 = ,
|