The Internet Connection Server is operational once you install it. After you have the server installed and running, you will probably want to change some parts of the default configuration file to make the server meet your own particular needs.
This chapter describes the two different ways you can change your server's configuration. It also describes some of the most common configuration tasks you will want to perform after installation.
You can configure the server either by using the Internet Connection Server Configuration and Administration Forms or by editing the server's configuration file.
The Internet Connection Server comes with a tool called the Configuration and Administration Forms. The tool is a combination of CGI programs and HTML forms that provide an easy way for you to configure your server.
Once Internet Connection Server is running, you can use the Configuration and Administration Forms. You can use the forms from IBM WebExplorer (or any other Web browser). The browser can be on the same machine as the server or on any remote client that has access to the server.
Following are the steps for using the Configuration and Administration Forms. Before following the steps, you should disable caching on your browser. Also, if you are configuring your server remotely from a browser that uses that specific server as its proxy server, you should disable the proxy server setting on your browser.
Enter the user name and password you specified in the Administrator ID and Password fields during installation. If you did not change the installation defaults, the authorized user name is webadmin and the authorized password is webibm. If you did not change the defaults during installation, it is strongly recommended that you do so now to prevent unauthorized access to your server configuration. See "Controlling Access to the Configuration and Administration Forms".
After you enter an authorized user name and password, the tool starts and you go to the Configuration and Administration Forms page.
When you go to a form, it is displayed with the current configuration values in its input fields. (If you haven't changed your configuration since installation, these are the default values.)
Each form provides instructions to assist you in deciding what changes to make. For further information, you can click on the help icon at the bottom of each form. The help icon links you to a help page that provides detailed steps for using the form to perform particular tasks.
If you decide you do not want to use the changes you made to the form, click on Reset. This returns the fields on the form to the values they had when you first came to the form.
Note: A few of the form pages have more than one set of Apply and Reset buttons. These pages are actually treated as multiple forms. If you click on Apply or Reset, the action takes place only for the portion of the page associated with that set of buttons.
If the input was not accepted, you see a Configuration Error page explaining what was wrong with the information you entered. Go back to the form and try to correct the information. From the form you may also want to link to the help information.
If the Confirmation page does not contain a Restart Server button, then you need to stop your server and start it again for the configuration changes you made to take effect. For instructions on stopping and starting your server, see "Starting and Stopping the Server".
The other way to configure the Internet Connection Server is by editing the configuration file.
By default, the configuration file is named httpd.cnf is in the \WWW\bin directory.
The configuration file is made up of statements called directives. You change your configuration by editing the configuration file, updating the directives, and saving your changes.
You can make your changes take effect by restarting the server, unless you changed the Port directive.
If you changed one of the directives in the above list, you must stop the server and start it again.
For instructions on restarting, stopping, and starting your server, see "Starting and Stopping the Server".
Chapter 8. "Using the Configuration File" contains descriptions of each of the configuration file directives.
The Configuration and Administration Forms are protected with a user name and password. After installation, your server has one authorized user name and one password that can be used to access the Configuration and Administration Forms.
You specified the authorized user name and password in the Administrator ID and Password fields during installation. If you did not change the installation defaults, the authorized user name is webadmin and the authorized password is webibm.
The user name and password are stored in the ADMIN.PWD password file, which is located in the path specified by the SET ETC statement in your CONFIG.SYS file.
If you have not yet changed the default user name or password, you should do so now to prevent unauthorized access to the Configuration and Administration Forms.
You use the htadm command to control user names, passwords, and password files. See "htadm Command" for complete instructions on how to use the htadm command.
If you just want to change the password for the default user name,
you would enter the htadm command as follows:
htadm -passwd d:\setetc\ADMIN.PWD user-name password
In the above example:
For more information about limiting access to the resources on your server, see Chapter 7. "Protecting Your Server".
At some point you may decide to change the directory your server uses for its document root directory. See "Understanding the Document Root Directory" for a description of the document root directory and its default value.
An example of why you might want to change your document root directory is if you are creating a new set of HTML documents for your server to use. While you are creating the new documents, you might want to keep them on a directory not accessible to the server. When the new documents are ready, you can change your document root directory rather than copying and replacing the documents on your current document root directory.
Follow these steps to change your document root directory:
After restarting, the server begins to use the new document root directory.
This section describes:
Clients connected to a proxy server can ask the server to retrieve documents for them from other servers. Optionally, you can also use caching to have the proxy server store the documents it retrieves from other servers in a local cache. The server can then respond to subsequent requests for the same documents without having to retrieve them from other servers. This can improve response time.
Within an internal network you may want to set up a server as a caching proxy to reduce the amount of traffic on the network. In large networks you can connect a hierarchy of caching proxies. A client request cascades up through the hierarchy of servers until the document is retrieved from a server's cache or from the actual server where the document resides.
You can also set up your server to be a proxy with access to the external network through a firewall machine, such as the Internet Connection Secured Network Gateway. A firewall machine is connected to both your internal network and the external Internet. Users of the internal network are inside the firewall, but the proxy server allows them to have access to the Internet. The firewall machine can also be set up to prevent external machines from reaching your internal network.
Follow these steps to configure your server as a caching proxy:
From the Configuration and Administration Forms page, click on Request Routing to display your current list of mapping rules.
From the Request Routing form, do the following:
For example, to enable your server to act as a proxy for requests
using the common protocols that the server itself can serve,
you would enter one of the following:
http:*
ftp:*
gopher:*
wais:*
If you do not want your proxy server to be able to return its own local files, you must remove the Pass rules that accept requests for local documents and Exec rules that accept requests to run local CGI programs. With the default configuration, this would mean removing the Pass rule for the document root directory and the Exec rule for requests beginning with /cgi-bin/.
From the Request Routing form, do the following:
Return to the Configuration and Administration Forms page and click on Basic.
From the Basic form, do the following:
From the Configuration and Administration Forms page, click on Caching Settings.
From the Caching Settings form, do the following:
Once the changes take effect, your server runs as a caching proxy.
You can use the server's protection function to control which clients can use your server as a proxy.
The default configuration file contains commented lines that you can use as a basis for controlling access to your proxy. For this reason, it is easier to accomplish this task by editing the configuration file than by using the Configuration and Administration Forms.
Follow these steps to define which clients can use your server as a proxy:
By default, the configuration file is named httpd.cnf and is in the \WWW\BIN directory.
# Protection PROXY-PROT { # ServerId YourProxyName # Mask @(*.ibm.com, 128.141.*.*, *.ncsa.uiuc.edu) # } # Protect http:* PROXY-PROT # Protect ftp:* PROXY-PROT # Protect gopher:* PROXY-PROT # Protect wais:* PROXY-PROT
Note: In order to use host name templates, you must set the DNS-Lookup directive to On. If the DNS-Lookup directive is set to Off (the default), you can use IP address templates only. See "DNS-Lookup - Specify whether you want to look up host names of clients".
You can also choose to use the DeleteMask, PutMask, and GetMask subdirectives instead of the Mask subdirective. This enables you to further limit access to the proxy. See "Rules for Specifying User Names, Group Names, and Address Templates" for information on how to specify host name or IP address templates on the mask subdirectives. See Chapter 7. "Protecting Your Server" for details on all the different ways you can set up protection on your server.
The server will now act as a proxy only for clients and requests that meet the specifications on the mask subdirectives.
The steps under "Configuring a Caching Proxy Server" describe how you can have the same server act as both a proxy and a standard server. You may, however, want to have two different servers running on the same host; one acting as a proxy and another acting as a standard server.
To run two different servers in this way, you would need to start each server with a different configuration file. Only the configuration file for the server you want to act as a proxy would contain the protocol Pass rules. You would also need to make sure that the configuration files caused each server to listen to a different port and write to different log files.
You can designate one of the servers to start automatically and start the other one from the command line with the whttpg command. You would use the -r flag on the whttpg command to tell the second server where to look for its separate configuration file. See "whttpg Command" for more information on using the whttpg command.