Manualshelf

iTP Secure WebServer System Administrator's Guide (iTPWebSvr 6.0+)

ManualsBrandsHP ManualsServerHP NonStop G-Series
71727374757677787980
Planning the iTP Secure WebServer PATHMON
Environment
iTP Secure WebServer System Administrator’s Guide523346-002
3-6
Who Can Modify the Configuration Files?
Who Can Start/Stop the iTP Secure WebServer? on page 3-6
What TCP/IP Port Is the Distributor Process Monitoring? on page 3-6
Common Gateway Interface (CGI) Application Security Considerations on
page 3-7
Pathway CGI Server Class Considerations on page 3-7
Who Can Modify the Configuration Files?
By default, access to the /usr/tandem/webserver/admin/conf directory is
restricted to the owner of the directory structure. This is the user ID under which the
iTP Secure WebServer was installed, as described in Section 2, Installing the iTP
Secure WebServer. The directory owner can allow anyone access to the directory.
However, the system supervisor can always access the directory.
Who Can Start/Stop the iTP Secure WebServer?
The default iTP Secure WebServer configuration gives all users in the system execute
and read permission for the bin directory. Therefore, any individual can access the
bin/httpd file and specify a configuration file to start an iTP Secure WebServer. If
you wish to restrict users from starting their own servers, change the default security of
the bin directory and/or the security of the bin/httpd file.
What TCP/IP Port Is the Distributor Process Monitoring?
In its default, out-of-box configuration, the Distributor process monitors TCP/IP port
number 80. To use a different port, modify the port specification in the httpd.config
file. The Distributor process also can monitor multiple ports. For example, in the
httpd.stl.config file, you can specify a port to use with the Secure Sockets Layer
(SSL) or Private Communications Technology (PCT); the default value is 443. The
Accept and AcceptSecureTransport directives, described in Appendix A, Configuration
Directives, let you specify multiple IP addresses and port numbers. To ensure that
requests arrive only on a secure port, modify the httpd.config file to exclude the
Accept directive, then restart the server.
The iTP Secure WebServer Administration Server uses the ports you specify in
response to prompts from the install.WS script. By default, the nonsecure port is 8088,
and the secure port is 8089.
Ports in the range from 1 through 1024, including the default HTTP port (80), can be
used only by a process that has super ID privileges. Ports in the range from 1025
through 65536 can be used by all processes.
For ports with a value from 1 through 1024 (including the default), super ID users (for
example, super.webmastr) can access the port with no restriction. Use a super user ID
to install and start the iTP Secure WebServer. For security reasons, super.super is not
recommended.