Manualshelf

iTP Secure WebServer System Administrator's Guide (iTPWebSvr 5.1+)

ManualsBrandsHP ManualsServerHP NonStop G-Series
61626364656667686970
Planning the iTP Secure WebServer PATHMON
Environment
iTP Secure WebServer System Administrator’s Guide522659-001
3-6
What TCP/IP Port Is the Distributor Process
Monitoring?
What TCP/IP Port Is the Distributor Process Monitoring?
In its default, out-of-box configuration, the Distributor process monitors TCP/IP port
number 80. To use a different port, modify the port specification in the httpd.config file.
The Distributor process also can monitor multiple ports. For example, in the
httpd.stl.config file, you can specify a port to use with the Secure Sockets Layer (SSL)
or Private Communications Technology (PCT); the default value is 443. The Accept and
AcceptSecureTransport directives, described in Appendix A, Configuration Directives
,
let you specify multiple IP addresses and port numbers. To ensure that requests arrive
only on a secure port, modify the httpd.config file to exclude the Accept directive, then
restart the server.
The iTP Secure WebServer Administration Server uses the ports you specify in response
to prompts from the install.WS script. By default, the nonsecure port is 8088, and the
secure port is 8089.
Ports in the range from 1 through 1024, including the default HTTP port (80), can be
used only by a process that has super ID privileges. Ports in the range from 1025
through 65536 can be used by all processes.
For ports with a value from 1 through 1024 (including the default), super ID users (for
example, super.webmastr) can access the port with no restriction. Use a super user ID to
install and start the iTP Secure WebServer. For security reasons, super.super is not
recommended.
Common Gateway Interface (CGI) Application Security Considerations
The system administrator must consider the user ID that will configure and start the iTP
Secure WebServer environment. The user ID determines the security restrictions for the
server classes within the environment. CGI programs and scripts are spawned by the
generic-cgi.pway server class. The owner of the generic-cgi.pway process is determined
as follows:
1. If the iTP Secure WebServer environment is started by the
super ID, the spawned
CGI process inherits the rights of this ID and has access to any and all system
functions. If you are allowing users to write and execute their own CGI-type
programs, this behavior is not desirable.
2. If the environment is started by the super ID, the spawned CGI process inherits the
restrictions placed upon super ID users.
3. If the environment is started by a non-super ID, the CGI program is restricted by the
security of that user ID.
Pathway CGI Server Class Considerations
A Pathway CGI application inherits its user ID from the iTP Secure WebServer
environment, and has the same considerations as for a generic-CGI application.