Chapter 6. Changing the Default Configuration

The Internet Connection Server is operational once you install it. After you have the server installed and running, you will probably want to change some parts of the default configuration file to make the server meet your own particular needs.

This chapter describes the two different ways you can change your server's configuration. It also describes some of the most common configuration tasks you will want to perform after installation.


Configuring the Server

You can configure the server either by using the Internet Connection Server Configuration and Administration Forms or by editing the server's configuration file.

Using the Configuration and Administration Forms

The Internet Connection Server comes with a tool called the Configuration and Administration Forms. The tool is a combination of CGI programs and HTML forms that provide an easy way for you to configure your server.

Once Internet Connection Server is running, you can use the Configuration and Administration Forms. You can use the forms from IBM WebExplorer (or any other Web browser). The browser can be on the same machine as the server or on any remote client that has access to the server.

Following are the steps for using the Configuration and Administration Forms. Before following the steps, you should disable caching on your browser. Also, if you are configuring your server remotely from a browser that uses that specific server as its proxy server, you should disable the proxy server setting on your browser.

  1. Using your browser, go to the Internet Connection Server Front Page. (See "Viewing the Internet Connection Server Front Page".)

  2. Click on Configuration and Administration Forms.

  3. If you have not used the Configuration and Administration Forms since starting your browser, you will be prompted for a user name and password.

    Enter the user name and password you specified in the Administrator ID and Password fields during installation. If you did not change the installation defaults, the authorized user name is webadmin and the authorized password is webibm. If you did not change the defaults during installation, it is strongly recommended that you do so now to prevent unauthorized access to your server configuration. See "Controlling Access to the Configuration and Administration Forms".

    After you enter an authorized user name and password, the tool starts and you go to the Configuration and Administration Forms page.

  4. From the Configuration and Administration Forms page you can link to each of the input forms by clicking on the form name.

    When you go to a form, it is displayed with the current configuration values in its input fields. (If you haven't changed your configuration since installation, these are the default values.)

  5. From any form, enter information about how you want to configure that particular part of your server.

    Each form provides instructions to assist you in deciding what changes to make. For further information, you can click on the help icon at the bottom of each form. The help icon links you to a help page that provides detailed steps for using the form to perform particular tasks.

  6. After you fill in the form, you must click on Apply to indicate you want to update the server configuration with the changes you made. The Apply button is located below the input fields on each form.

    If you decide you do not want to use the changes you made to the form, click on Reset. This returns the fields on the form to the values they had when you first came to the form.

    Note: A few of the form pages have more than one set of Apply and Reset buttons. These pages are actually treated as multiple forms. If you click on Apply or Reset, the action takes place only for the portion of the page associated with that set of buttons.

  7. If you clicked on Apply, the server shows you a message indicating whether your input was accepted. If the input was accepted, you see a Confirmation page that tells you what configuration directives were updated.

    If the input was not accepted, you see a Configuration Error page explaining what was wrong with the information you entered. Go back to the form and try to correct the information. From the form you may also want to link to the help information.

  8. If the Confirmation page contains a Restart Server button, you can click on it to have the server restart and begin using the configuration changes you just made.

    If the Confirmation page does not contain a Restart Server button, then you need to stop your server and start it again for the configuration changes you made to take effect. For instructions on stopping and starting your server, see "Starting and Stopping the Server".

Editing the Configuration File

The other way to configure the Internet Connection Server is by editing the configuration file.

By default, the configuration file is named httpd.cnf is in the \WWW\bin directory.

The configuration file is made up of statements called directives. You change your configuration by editing the configuration file, updating the directives, and saving your changes.

You can make your changes take effect by restarting the server, unless you changed the Port directive.

If you changed one of the directives in the above list, you must stop the server and start it again.

For instructions on restarting, stopping, and starting your server, see "Starting and Stopping the Server".

Chapter 8. "Using the Configuration File" contains descriptions of each of the configuration file directives.


Controlling Access to the Configuration and Administration Forms

The Configuration and Administration Forms are protected with a user name and password. After installation, your server has one authorized user name and one password that can be used to access the Configuration and Administration Forms.

You specified the authorized user name and password in the Administrator ID and Password fields during installation. If you did not change the installation defaults, the authorized user name is webadmin and the authorized password is webibm.

The user name and password are stored in the ADMIN.PWD password file, which is located in the path specified by the SET ETC statement in your CONFIG.SYS file.

If you have not yet changed the default user name or password, you should do so now to prevent unauthorized access to the Configuration and Administration Forms.

You use the htadm command to control user names, passwords, and password files. See "htadm Command" for complete instructions on how to use the htadm command.

If you just want to change the password for the default user name, you would enter the htadm command as follows:

htadm -passwd d:\setetc\ADMIN.PWD user-name password

In the above example:

For more information about limiting access to the resources on your server, see Chapter 7. "Protecting Your Server".


Changing Your Document Root Directory

At some point you may decide to change the directory your server uses for its document root directory. See "Understanding the Document Root Directory" for a description of the document root directory and its default value.

An example of why you might want to change your document root directory is if you are creating a new set of HTML documents for your server to use. While you are creating the new documents, you might want to keep them on a directory not accessible to the server. When the new documents are ready, you can change your document root directory rather than copying and replacing the documents on your current document root directory.

Follow these steps to change your document root directory:

  1. From the Configuration and Administration Forms page, click on Request Routing.

  2. On the Request Routing form, do the following

    1. Select the Replace button.

    2. Change the Index field to the number of the Pass rule that has /* as its URL request template.

    3. Change the Action field to Pass.

    4. Enter /* in the URL request template field.

    5. Enter your new document root directory in the Replacement file path field.

    6. Click on Apply.

  3. From the Confirmation page, click on Restart Server.

    After restarting, the server begins to use the new document root directory.


Running Your Server as a Caching Proxy

This section describes:

Overview of Caching Proxy Servers

Clients connected to a proxy server can ask the server to retrieve documents for them from other servers. Optionally, you can also use caching to have the proxy server store the documents it retrieves from other servers in a local cache. The server can then respond to subsequent requests for the same documents without having to retrieve them from other servers. This can improve response time.

Within an internal network you may want to set up a server as a caching proxy to reduce the amount of traffic on the network. In large networks you can connect a hierarchy of caching proxies. A client request cascades up through the hierarchy of servers until the document is retrieved from a server's cache or from the actual server where the document resides.

You can also set up your server to be a proxy with access to the external network through a firewall machine, such as the Internet Connection Secured Network Gateway. A firewall machine is connected to both your internal network and the external Internet. Users of the internal network are inside the firewall, but the proxy server allows them to have access to the Internet. The firewall machine can also be set up to prevent external machines from reaching your internal network.

Configuring a Caching Proxy Server

Follow these steps to configure your server as a caching proxy:

  1. The first step to configuring your server as a proxy is to specify which protocols you want your server to be able to act as a proxy for. You do this by adding Pass rules for the protocols to your server's list of mapping rules. The Pass rules are actually what give your server the capability to act as a proxy.

    From the Configuration and Administration Forms page, click on Request Routing to display your current list of mapping rules.

    From the Request Routing form, do the following:

    1. Select the Insert after button.

    2. Change the Index field to the number of the last entry in the list.

    3. Change the Action field to Pass.

    4. In the URL request template field, enter a URL template for a protocol you want your server to be able to act as a proxy for.

      For example, to enable your server to act as a proxy for requests using the common protocols that the server itself can serve, you would enter one of the following:

      http:*
      ftp:*
      gopher:*
      wais:*

    5. Leave the Replacement file path field blank.

    6. Click on Apply.

    7. After receiving confirmation that the server accepted the change, click on Previous Form.

    8. If you want to add Pass rules for other protocols, return to step . 1.

  2. Perform this step only if you do not want your proxy server to be able to return its own local files. (If you do want your proxy server to be able to return its own local files, do nothing. Simply keep the Pass and Exec rules for your local files along with the protocol Pass rules.)

    If you do not want your proxy server to be able to return its own local files, you must remove the Pass rules that accept requests for local documents and Exec rules that accept requests to run local CGI programs. With the default configuration, this would mean removing the Pass rule for the document root directory and the Exec rule for requests beginning with /cgi-bin/.

    From the Request Routing form, do the following:

    1. Select the Remove button.

    2. Change the Index field to the number of the Pass rule that has /* as its URL request template.

    3. Click on Apply.

    4. From the Confirmation page, click on Previous Form to go back to the Request Routing form.

    5. Select the Remove button.

    6. Change the Index field to the number of the Exec rule that has /cgi-bin/* as its URL request template.

    7. Click on Apply.

  3. Perform this step only if you want your proxy server to listen to a port number other than the HTTP default of 80.

    Return to the Configuration and Administration Forms page and click on Basic.

    From the Basic form, do the following:

    1. Change the Default port number field to the port you want the proxy to listen to. The default value for this field is 80. Some other commonly used port numbers for proxy servers are 8080 and 8008.

    2. Click on Apply.

  4. Perform this step to make your proxy server a caching proxy server.

    From the Configuration and Administration Forms page, click on Caching Settings.

    From the Caching Settings form, do the following:

    1. Check the Enable proxy caching box.

    2. If you have more than 5 megabytes of disk space to use for caching files, change the Cache size field to a larger number.

    3. In the Root directory for cached files field, enter the absolute path name of the directory where you want to keep cached files. Make sure the directory you specify has at least as much disk space available as you enter for Cache size.

    4. In the Filename in which to log cache access field, enter the absolute path and file name of the file you want to use for logging cache access.

    5. Keep the default values for the other fields.

    6. Click on Apply.

  5. You can use the forms listed under Proxy Settings on the Configuration and Administration Forms page to change the defaults for the various other caching proxy settings. Using these forms, you can control which files are cached, how long the files are cached, when files expire, and when the cache is cleaned.

  6. For the last step, you "go live" with your proxy server by activating the configuration changes you have made. Depending on whether you changed the server's port number, do one of the following: See "Starting and Stopping the Server" for more information on starting and restarting.

    Once the changes take effect, your server runs as a caching proxy.

Controlling Who Can Use the Proxy

You can use the server's protection function to control which clients can use your server as a proxy.

The default configuration file contains commented lines that you can use as a basis for controlling access to your proxy. For this reason, it is easier to accomplish this task by editing the configuration file than by using the Configuration and Administration Forms.

Follow these steps to define which clients can use your server as a proxy:

  1. Use the text editor of your choice to open the configuration file.

    By default, the configuration file is named httpd.cnf and is in the \WWW\BIN directory.

  2. Find the following commented Protection and Protect directives:
    # Protection PROXY-PROT {
    #       ServerId        YourProxyName
    #       Mask            @(*.ibm.com, 128.141.*.*, *.ncsa.uiuc.edu)
    # }
    # Protect  http:*    PROXY-PROT
    # Protect  ftp:*     PROXY-PROT
    # Protect  gopher:*  PROXY-PROT
    # Protect  wais:*    PROXY-PROT
    

  3. Remove the comment character (#) from each of the lines.

  4. Change the Mask subdirective so that it contains templates for the host names or IP addresses of the clients you want to be able to use your server as a proxy.

    Note: In order to use host name templates, you must set the DNS-Lookup directive to On. If the DNS-Lookup directive is set to Off (the default), you can use IP address templates only. See "DNS-Lookup - Specify whether you want to look up host names of clients".

    You can also choose to use the DeleteMask, PutMask, and GetMask subdirectives instead of the Mask subdirective. This enables you to further limit access to the proxy. See "Rules for Specifying User Names, Group Names, and Address Templates" for information on how to specify host name or IP address templates on the mask subdirectives. See Chapter 7. "Protecting Your Server" for details on all the different ways you can set up protection on your server.

  5. Save the configuration file with the changes you make.

  6. Restart the server.

    The server will now act as a proxy only for clients and requests that meet the specifications on the mask subdirectives.

Running a Proxy and Standard Server on the Same Host

The steps under "Configuring a Caching Proxy Server" describe how you can have the same server act as both a proxy and a standard server. You may, however, want to have two different servers running on the same host; one acting as a proxy and another acting as a standard server.

To run two different servers in this way, you would need to start each server with a different configuration file. Only the configuration file for the server you want to act as a proxy would contain the protocol Pass rules. You would also need to make sure that the configuration files caused each server to listen to a different port and write to different log files.

You can designate one of the servers to start automatically and start the other one from the command line with the whttpg command. You would use the -r flag on the whttpg command to tell the second server where to look for its separate configuration file. See "whttpg Command" for more information on using the whttpg command.


[ Top of Page | Previous Page | Next Page | Table of Contents ]