iTP Secure WebServer System Administrator's Guide (Version 7.0)
Configuration Directives
iTP Secure WebServer System Administrator’s Guide—523346-012
A-61
Region Commands
RequireSecureTransport [-nossl -nopct -auth [user-list]]
The RequireSecureTransport command requires that the SSL or PCT secure
transport protocol be used for connections. This command supersedes the
RequireSSL command available in earlier versions of the iTP Secure WebServer.
The RequireSecureTransport command takes the following options:
-nossl
Forbids the use of SSL for connections.
-nopct
Forbids the use of PCT for connections.
-auth [user-list]
Requires client authentication. The optional list of users (user-list) can be a
Tcl list of acceptable client DNs. If no list is present, any authentication can be
used. The Web client’s certificate must be validated by the iTP Secure
WebServer. (To allow access when the iTP Secure WebServer cannot validate
the certificate, use the CGI variables either inside a region or in a CGI
program.)
An error occurs if you try to use RequireSecureTransport -auth if
authentication was not requested or required by an AcceptSecureTransport
directive.
The following examples show how to use the RequireSecureTransport
command in a Region directive.
To forbid any nonsecure connection from accessing an area prefixed by/secure:
Region /secure* {
RequireSecureTransport
}
To forbid PCT connections from an area prefixed by SSL/:
Region /SSL/* {
RequireSecureTransport -nopct
}
To forbid SSL connections from an area prefixed by PCT/:
Region /PCT* {
RequireSecureTransport -nossl
}
ScriptTimeout time-in-seconds
The ScriptTimeout command sets the period (in seconds) that the iTP Secure
WebServer allows a CGI program to send its output to a Web client. The default
value is 300 seconds; do not specify a value greater than 1073741824. If the