iTP Secure WebServer System Administrators Guide (Version 7.5+)

ManualsBrandsHP ManualsServerHP Integrity NonStop H-Series

241

242

243

244

245

246

247

248

249

250

-notls1.1

Prevents the use of TLS 1.1 for connections.

-notls1.2

Prevents the use of TLS 1.2 for connections.

-auth [user-list]

Requires client authentication. The optional list of users (user-list) can be a Tcl list of acceptable

client DNs. If no list is present, any authentication can be used. The Web client’s certificate must

be validated by the iTP Secure WebServer. (To allow access when the iTP Secure WebServer

cannot validate the certificate, use the CGI variables either inside a region or in a CGI program.)

An error occurs if you try to use RequireSecureTransport -auth if authentication was not

requested or required by an AcceptSecureTransportdirective.

The following examples show how to use the RequireSecureTransport command in a Region

directive.

• To prevent any nonsecure connection from accessing an area prefixed by /secure:

Region /secure* {

RequireSecureTransport

}

• To prevent TLS connections from an area prefixed by SSL/:

Region /SSL/* {

RequireSecureTransport -notls

}

• To prevent SSL connections from an area prefixed by TLS/:

Region /TLS/* {

RequireSecureTransport -nossl

}

ScriptTimeout time-in-seconds

The ScriptTimeout command sets the period (in seconds) that the iTP Secure WebServer allows

a CGI program to send itsoutput to a Web client. The default value is 300 seconds; do not specify

a value greater than 1073741824. If the program has not exited within the set time, the request

is canceled, the connection is closed, and the CGI process is sent a termination signal.

The ScriptTimeout command overrides the global specification set by the ScriptTimeout

directive. For further information about using the ScriptTimeout directive, see “ScriptTimeout”

(page 246).

SendHeader header

The SendHeader command causes a specified HTTP header (header) to be included in the

server's response to a Web client request. Use HTTP headers to enable (or disable) particular client

features (such as caching) or to modify client behavior. For example:

SendHeader "Pragma: nocache"

Recognition of headers by clients is client-dependent. Consult the applicable client documentation

for header-recognition information concerning particular clients.

SI_Department departmentID -attribute value [- attribute value ...]

The SI_Department command functions in the same manner as the SI_Department directive

(see “SI_Department” (page 254)), but applies only to the specified region. It accepts all the attributes

listed in “Anonymous Ticket Attributes” (page 242).

Regions that do not contain an SI_Department command inherit the default attributes of the iTP

Secure WebServer or the department.

To use SI_Department command in a Region directive, enter the following:

Region /foo/* {

SI_Department 5 -ForceTicketInUrl On

SI_RequireSI 5 20 30

}

Region 241