|1Global Configuration||
|^ The example
|link%|/wasd_root/example/WASD_CONFIG_GLOBAL.conf|configuration file|
can be used as a template.
|^ By default, the logical name |*WASD_CONFIG_GLOBAL||
locates a global configuration file. Simple editing of the configuration file
changes the rules. Alternatively the Server Administration page configuration
interface may be used. Changes to the global configuration file require a
server restart to put them into effect.
|^ The [IncludeFile] is a directive common to all WASD configuration, allowing
a separate file to be included as a part of the current configuration. See
|link|Include File Directive||.
|^ Some directives take a single parameter, such as an integer, string or
boolean value. Other directives can/must have multiple parameters. The
version 4 configuration requires the directive to be placed on a line by itself
and each separate parameter on a separate line following it. All parameter
lines apply to the most recently encountered directive.
|^ Note that all |/boolean|| directives are |/disabled|| (OFF) by default.
This is done so that there can be no confusion about what is enabled and
disabled by default. To use directive controlled facility it |*must|| be
explicitly enabled.
|^ Directives requiring |/periods|| (timeouts, lifetimes, etc.) can be
specified as a single integer (representing seconds, minutes, hours, etc.,
depending on the directive) or unambiguously using any one of
|/minutes:seconds||, |/hours:minutes:seconds| or
|/days-hours:minutes:seconds||.
|^ Changes to the global configuration file can be validated at the
command-line before restart. This detects and reports any syntactical and
fatal configuration errors but of course cannot check the |/intent| of the
rules.
|code|
$ HTTPD /DO=GLOBAL=CHECK
|!code|
|2Functional Groupings|
|table|
|~ |.2 |0_Authentication/Authorization|
|~ |. [AuthBasic] |. enable BASIC method
|~ |. [AuthCacheEntriesMax] |. maximum concurrent authentication cache entries
|~ |. [AuthCacheEntrySize] |. maximum authentication cache entry size in bytes
|~ |. [AuthCacheMinutes] |. minutes before explicitly reauthorizing user from sources
|~ |. [AuthDigest] |. enable DIGEST method
|~ |. [AuthDigestGetLife] |. DIGEST method GET lifetime
|~ |. [AuthDigestPutLife] |. DIGEST method PUT lifetime
|~ |. [AuthFailureLimit] |. retries allowed before username is marked as intruder
|~ |. [AuthFailurePeriod] |. period during which failure limit is applied
|~ |. [AuthFailureTimeout] |. period during which a recognised authentication failure is applied
|~ |. [AuthRevalidateLoginCookie] |. |/Obsolete for WASD v10.2.1 and following.||
|~ |. [AuthRevalidateUserMinutes] |. minutes before use needs to reenter password
|~ |. [AuthSysUafAcceptExpPwd] |. accept expired SYSUAF passwords
|~ |. [AuthSysUafLogonType] |. LOCAL, DIALUP, NETWORK (default), REMOTE
|~ |. [AuthSysUafPwdExpURL] |. redirection URL is SYSUAF password if expired
|~ |. [AuthSysUafUseAcme] |. |/Obsolete for WASD V9.3 and following.||
|~ |.2 |0_Buffer Sizes|
|~ |. [BufferQuotaDclOutput] |. allows sizing of script process SYS$OUTPUT mailbox quota
|~ |. [BufferSizeDclCgiHeader] |. number of bytes allocated to when processing a CGI response header
|~ |. [BufferSizeDclCgiPlusIn] |. number of bytes allocated to scripting process CGIPLUSIN mailbox
|~ |. [BufferSizeDclCommand] |. bytes allocated to scripting process SYS$COMMAND mailbox
|~ |. [BufferSizeDclOutput] |. bytes allocated to scripting process SYS$OUTPUT mailbox
|~ |. [BufferSizeNetFile] |. maximum bytes allocated to output buffer when transfering file content
|~ |. [BufferSizeNetMTU] |. adjust network buffer to this value of MTU (maximum transmission unit)
|~ |. [BufferSizeNetRead] |. bytes allocated to client request read buffer, and to the scripting process SYS$INPUT mailbox
|~ |. [BufferSizeNetWrite] |. bytes allocated to client output buffer
|~ |. [SocketSizeRcvBuf] |. bytes allocated to a network connection receive buffer
|~ |. [SocketSizeSndBuf] |. bytes allocated to network connection send buffer
|~ |.2 |0_Content-Type|
|~ |. [AddType] |. add a content-type
|~ |. [AddMimeTypesFile] |. add the contents of a standard MIME.TYPES file
|~ |. [CharsetConvert] |. conversion of one character set to another
|~ |. [CharsetDefault] |. default character set for text responses
|~ |. [StreamLF] |. enable and set maximum size of automatic Stream-LF conversion
|~ |.2 |0_Directory Listing|
|~ |. [AddIcon] |. path to icon for a specified content-type
|~ |. [AddBlankIcon] |. path to blank icon
|~ |. [AddDefaultIcon] |. path to default icon
|~ |. [AddDirIcon] |. path to directory icon
|~ |. [AddParentIcon] |. path to parent icon
|~ |. [AddUnknownIcon] |. path to icon for unknown content-type
|~ |. [DirAccess] |. enable and form of listing
|~ |. [DirBodyTag] |. specify HTML body tag of listing pages
|~ |. [DirDescriptionLines] |. number of HTML file lines searched for document title
|~ |. [DirLayout] |. layout of the various listing components
|~ |. [DirMetaInfo] |. add server and VMS directory information
|~ |. [DirNoImpliedWildcard] |. do not add wildcards to request if not present in path
|~ |. [DirNoPrivIgnore] |. ignore, do not report, privilege violations on files/directories
|~ |. [DirOwner] |. allow owner of file to be included in layout directive
|~ |. [DirPreExpired] |. pre-expire listing responses
|~ |. [DirReadMeFile] |. specify read-me files
|~ |. [DirWildcard] |. allow wildcards to be specified at all
|~ |.2 |0_File Cache|
|~ |. [CacheChunkKBytes] |. memory block allocation size
|~ |. [CacheEntriesMax] |. maximum number of files allowed in cache
|~ |. [CacheFileKBytesMax] |. maximum size of a file
|~ |. [CacheFrequentHits] |. identify active files
|~ |. [CacheFrequentPeriod] |. identify active file
|~ |. [CacheGuardPeriod] |. prevent early reloads
|~ |. [CacheTotalKBytesMax] |. maximum memory to be consumed by cache
|~ |. [CacheValidatePeriod] |. maximum period before the cache checks for file modification
|~ |.2 |0_HTTP/2|
|~ |. [Http2Protocol] |. enables/disables HTTP/2 on a global basis
|~ |. [Http2FrameSizeMax] |. maximum number of bytes in an HTTP/2 frame
|~ |. [Http2HeaderListMax] |. maximum number of bytes in a request or response header
|~ |. [Http2HeaderTableSize] |. maximum number of bytes in a request lookup table
|~ |. [Http2PingSeconds] |. period between RTT server-client pings
|~ |. [Http2StreamMax] |. number of concurrent streams (requests) permitted on a connection
|~ |. [Http2InitWindowSize] |. initial connection flow-control window size
|~ |.2 |0_Logging|
|~ |. [Logging] |. enable logging
|~ |. [LogExcludeHosts] |. hosts to be excluded from log
|~ |. [LogExtend] |. default allocation/extend in blocks
|~ |. [LogFile] |. provides part or all of log file name
|~ |. [LogFormat] |. nature and layout of log contents
|~ |. [LogNaming] |. how the log name is be constructed
|~ |. [LogPeriod] |. period at which new logs are created
|~ |. [LogPerInstance] |. create a separate log for each instance process
|~ |. [LogPerService] |. create a separate log for each configured service
|~ |. [LogPerServiceHostOnly] |. suppress service port number as component of log name
|~ |. [LogWriteFail503] |. generate 530 responses if the access log cannot be written
|~ |.2 |0_Operator Console and Log|
|~ |. [OpcomAdmin] |. Server Administration directives
|~ |. [OpcomAuthorization] |. authentication/authorization messages, e.g. failures
|~ |. [OpcomControl] |. CLI HTTPd control directives
|~ |. [OpcomHTTPd] |. HTTPd events (e.g. startup, exit, SSL private key password requests)
|~ |. [OpcomProxyMaint] |. proxy file cache maintenance
|~ |. [OpcomTarget] |. target operator for online messages
|~ |.2 |0_Miscellaneous|
|~ |. [Accept] |. restrictive list of host from which to accept requests
|~ |. [ActivityDays] |. activity graph duration
|~ |. [ConnectMax] |. maximum number of concurrent connections
|~ |. [DNSLookupClient] |. enable client host name lookup
|~ |. [DNSLookupLifeTime] |. host name lookup cache entry lifetime
|~ |. [DNSLookupRetry] |. number two second attempts to resolve client host name
|~ |. [EntityTag] |. provide a strong validator for file-system based resources
|~ |. [GzipAccept] |. advertise acceptance of GZIUP (deflated) request bodies
|~ |. [GzipFlush] |. period between GZIP buffer flushes
|~ |. [GzipResponse] |. enable GZIP (deflated) response bodies
|~ |. [InstanceMax] |. number of per-node server processes to maintain
|~ |. [InstancePassive] |. start multiple instances already in |/passive|| mode
|~ |. [Monitor] |. enable HTTPDMON data exchange
|~ |. [NoticeInvalid] |. note the content of obviously invalid request headers
|~ |. [PipelineRequests] |. check for and process pipelined requests
|~ |. [Port] |. default port
|~ |. [ProcessMax] |. maximum number of concurrent requests being processed
|~ |. [PutBinaryRFM] |. record format of uploaded file
|~ |. [PutMaxKBytes] |. maximum size of a POST or PUT
|~ |. [PutVersionLimit] |. maximum RMS file versions retained in a POST or PUT
|~ |. [RegEx] |. enable regular expression matching
|~ |. [Reject] |. proscriptive list of hosts from which request will be rejected
|~ |. [RequestHistory] |. number of requests kept for request report
|~ |. [SearchScript] |. path to default search script
|~ |. [SearchScriptExclude] |. list of file extensions excluded from implied keyword search
|~ |. [Service] |. list of host names and/or port to create services for |*|/.(deprecated)||||
|~ |. [ServiceNotFoundURL] |. redirection URL when a request service is not configured
|~ |. [Welcome] |. list of file names that are checked for as home pages
|~ |. [WWWimplied] |. virtual services |/host.name|| and |/www.host.name|| are treated as synonyms
|~ |.2 |0_Proxy Serving|
|~ |. [ProxyCache...] |. |/obsolete from v12.0.0|
|~ |. [ProxyConnectPersistMax] |. connection persistence for this number of connections
|~ |. [ProxyConnectPersistSeconds] |. connections persist for this number of seconds
|~ |. [ProxyConnectTimeoutSeconds] |. the proxy to origin server connect times-out after this number of seconds
|~ |. [ProxyNegativeSeconds] |. cache negative (failure) responses for this period
|~ |. [ProxyForwarded] |. add "Forwarded:" to requests
|~ |. [ProxyHostLookupRetryCount] |. DNS resolution retry count
|~ |. [ProxyReportLog] |. report failures to process log
|~ |. [ProxyReportCacheLog] |. |/obsolete from v12.0.0|
|~ |. [ProxyServing] |. enable proxy server
|~ |. [ProxyVerifyRecordMax] |. enable proxy verification
|~ |. [ProxyXForwardedFor] |. add "X-Forwarded-For:" to requests
|~ |.2 |0_Reports|
|~ |. [ErrorReportPath] |. path to script, SSI or "flat" error document
|~ |. [ErrorRecommend] |. for server generated error include probable cause
|~ |. [ReportBasicOnly] |. only ever generate reports containing basic details
|~ |. [ReportMetaInfo] |. add server information to directory listings, etc.
|~ |. [ServerAdmin] |. email address for server-related contact
|~ |. [ServerAdminBodyTag] |. specify HTML body tag of Server Administration (menu) pages
|~ |. [ServerReportBodyTag] |. specify HTML body tag of error and other report pages
|~ |. [ServerSignature] |. add server information to the foot of error and other report pages
|~ |.2 |0_Timeout|
|~ |. [TimeoutHttp2Idle] |. period an HTTP/2 connection remains without processing a request
|~ |. [TimeoutInput] |. period a connection can wait before sending request
|~ |. [TimeoutNoProgress] |. period a response can continue without data transfer progress
|~ |. [TimeoutOutput] |. period a response can continue to output
|~ |. [TimeoutPersistent] |. period a connection is kept active after request conclusion
|~ |.2 |0_Scripting|
|~ |. [CgiStrictOutput] |. script output must be CGI compliant
|~ |. [DclBitBucketTimeout] |. period a script continues after a client prematurely disconnects
|~ |. [DclCgiPlusLifeTime] |. period of non-use before CGIplus process is deleted
|~ |. [DclCleanupScratchMinutesMax] |. maximum minutes between WASD_SCRATCH cleanups
|~ |. [DclCleanupScratchMinutesOld] |. cleanup files older than this
|~ |. [DclDetachProcess] |. use detached scripting processes rather than subprocesses
|~ |. [DclGatewayBG] |. enable raw TCP/IP socket for scripts
|~ |. [DclHardLimit] |. maximum number of concurrent processes
|~ |. [DclScriptProctor] |. proactive script and scripting environment startup
|~ |. [DclScriptRunTime] |. script execution environment
|~ |. [DclSoftLimit] |. maximum number of processes before proactive deletion begins
|~ |. [DclSpawnAuthPriv] |. spawn subprocesses with account's authorized privileges
|~ |. [DclZombieLifeTime] |. period of non-use before a CGI/CLI process is deleted
|~ |. [DECnetReuseLifeTime] |. period of non-use before a DECnet process is released
|~ |. [DECnetConnectListMax] |. maximum number of DECnet processes
|~ |. [Scripting] |. enables and disables all scripting
|~ |.2 |0_Secure Socket|
|~ |. [SecureSocket] |. enable Secure Socket (TLS/SSL) (if built with SSL)
|~ |. [SSLcert] |. server certificate file
|~ |. [SSLcipherList] |. enabled/disabled <= TLSv2.0 ciphers
|~ |. [SSLcipherSuites] |. enabled/disabled >= TLSv3.0 ciphers
|~ |. [SSLinstanceCacheMax] |. multiple instance shared session cache maximum number of records
|~ |. [SSLinstanceCacheSize] |. multiple instance shared session cache size of record
|~ |. [SSLkey] |. server certificate private key
|~ |. [SSLoptions] |. options flags
|~ |. [SSLsessionCacheMax] |. session cache maximum records
|~ |. [SSLsessionLifetime] |. session lifetime
|~ |. [SSLstrictTransSec] |. HSTS maxiumum age in seconds
|~ |. [SSLverifyPeer] |. verify client certificate
|~ |. [SSLverifyPeerDataMax] |. maximum kBytes of request data buffered during renegotiation
|~ |. [SSLverifyPeerCAFile] |. file of accepted CAs
|~ |. [SSLverifyPeerDepth] |. depth of certificate chain
|~ |. [SSLversion] |. TLS/SSL protocol versions supported
|~ |.2 |0_Server Side Includes|
|~ |. [SSI] |. enable Server Side Includes (SSI)
|~ |. [SSIaccesses] |. allow access counting
|~ |. [SSIexec] |. allow DCL commands
|~ |. [SSIsizeMax] |. maximum source file size
|~ |.2 |0_WebDAV|
|~ |. [WebDAV] |. enable WebDAV support
|~ |. [WebDAVCollectionDepth] |. test locking to this depth
|~ |. [WebDAVlocking] |. enable WebDAV locking
|~ |. [WebDAVlockingTimeoutDefault] |. set default lock timeout
|~ |. [WebDAVlockingTimeoutMax] |. set maximumg lock timeout
|~ |. [WebDAVmetaDir] |. location of metadata
|~ |. [WebDAVquota] |. enable disk quota reporting
|!table|
|2Alphabetic Listing|
|number|
|09accept_accept|
|item| |*.[Accept] |/file name||||
|^ A logical or physical file name locating a file containing |/accept|
directives.
|code|
[Accept]
WASD_CONFIG_ACCEPT
|!code|
|/ -or-|
|^ |*.[Accept] |/host/domain name||||
|/.(default: all)||
|^ One or more newline separated internet host/domain names and IP addresses.
, with "*" wildcarding for host/subdomain matching, to be explicitly allowed
access. Also see the [Reject] directive. Accept directives have precedence
over Reject directives.
|^ See |link|Connection_Accept_and_Reject||.
|code|
[Accept]
*.www.example.com
131.185.250.*
|!code|
|item| |*.[ActivityDays] |/integer||||
|/.(default: 0)||
|^ Specifies the number of days to record activity statistics, available in
report form from the Server Administration facility. Zero disables this data
collection. The maximum is 28 days. 11520 bytes per day, and 80640 per week,
is required to store the per-minute data.
|item| |*.[AddIcon] |/icon-URL| |/ALT-text| |/template| |/.(no default)| |
|^ Specifies a directory listing icon and alternative text for the mime
content type specified in the template.
|code|
[AddIcon]
/icon/-/doc.gif [HTM] text/html
/icon/-/text.gif [TXT] text/plain
/icon/-/image.gif [IMG] image/gif
|!code|
|item| |*.[AddBlankIcon] |/icon-URL||||
|^- |*.[AddDefaultIcon] |/icon-URL|| |/ALT-text||||
|^- |*.[AddDirIcon] |/icon-URL|| |/ALT-text||||
|^- |*.[AddParentIcon] |/icon-URL|| |/ALT-text||||
|^- |*.[AddUnknownIcon] |/icon-URL|| |/ALT-text||||
|/.(no defaults)||
|^ Specifies a directory listing icon for these non-content-type parts of the
listing.
|code|
[AddBlankIcon] /icon/-/blank.gif _____
[AddDefaultIcon] /icon/-/file.gif [FIL]
[AddDirIcon] /icon/-/dir.gif [DIR]
[AddParentIcon] /icon/-/back.gif [<--]
[AddUnknownIcon] /icon/-/unknown.gif [???]
|!code|
|item| |*.[AddMimeTypesFile] |/file specification|| || |/.(no default)||
|^ Add the content-types of a (de facto) standard MIME.TYPES file to the
already configured [AddType] content-types. This binds a file suffix
(extension, type) to a MIME content-type. Any specification in this file will
supercede any previously defined via [AddType]. A MIME.TYPES file looks
something like
|code|
# MIME type Extension
application/msword doc
application/octet-stream bin dms lha lzh exe class
application/oda oda
application/pdf pdf
application/postscript ai eps ps
application/rtf rtf
|!code|
|^ The WASD server uses a number of extensions to provide additional
information. See |link|Content-Type Configuration||.
|item| |*.[AddType] |/.suffix|| |/content-type||
[|/ftp:||] [|/rfm:||]
[|/script-name||] [|/description||] ||
|/.(no default)||
|^ Binds a file suffix (extension, type) to a mime content type.
The script name is used to auto-script against a specified file type. Use a
hyphen as a place-holder and to indicate no auto-script. The description is
used as documentation for directory listings.
|code|
[AddType]
.html text/html Web Markup Language
.txt text/plain plain text
.gif image/gif image (GIF)
.hlb text/x-script /Conan VMS Help library
.decw$book text/x-script /HyperReader Bookreader book
* internal/x-unknown application/octet-stream
#* internal/x-unknown text/plain
|!code|
|^ The content-type string may include a specific character set. In this way
non-default sets (which is usually ISO-8859-1) can be specified for any
particular site or any particular file type. Enclose the content-type string
with double-quotation marks.
|code|
[AddType]
.html "text/html; charset=ISO-8859-1" HTML (ISO-8859-1)
.html_5 "text/html; charset=ISO-8859-5" Cyrillic HTML (ISO-8859-5)
.html_r "text/html; charset=KOI8-R" Cyrillic HTML (KOI8-R)
.txt "text/plain; charset=ISO-8859-1" plain text (ISO-8859-1)
.txt_5 "text/plain; charset=ISO-8859-5" Cyrillic text (ISO-8859-5)
.txt_r "text/plain; charset=KOI8-R" Cyrillic text (KOI8-R)
|!code|
|^ To provide additional information for correct handling of FTP transfers the
transfer mode can be indicated after the content type using the FTP: keyword.
One of three characters is used. An "A" indicates that this file type
should be FTP transfered in ASCII mode. An "I" or a "B"
indicates that this file type should be FTP transfered in Image (binary) mode.
|code|
[AddType]
.ps application/postscript ftp:A Postscript document
|!code|
|^ To specify a VMS record format for POST or PUT files use the RFM: keyword
following the content-type. This record format will always be used when
creating the file. The precedence for determining the created file record
format is [AddType] RFM:, then any per-path PUT=RFM= mapping rule, then
[PutBinaryRFM], then a default of UDF.
|code|
[AddType]
.doc application/msword rfm:STMCR MS Word document
|!code|
|item| |*.[AuthBasic] |=ENABLED\|DISABLED||||
|/.(default: DISABLED)||
|^ Enables or disables BASIC username authentication.
|item| |*.[AuthCacheEntriesMax] |/integer||||
|/.(default: 32)||
|^ Maximum concurrent authentication cache entries. This needs to be sized
adequately to prevent the cache from thrashing (too many attempted entries
causing each to spend very little time in the cache before being replaced, only
to need to be inserted again with the next attempted access).
|item| |*.[AuthCacheEntrySize] |/integer||||
|/.(default: 768)||
|^ Maximum size of an authentication cache entry. The only reason where this
may need to be increased is where a site is using the /PROFILE functionality
and one or more accounts have a particularly large number of rights
identifiers.
|item| |*.[AuthCacheMinutes] |/integer||||
|/.(default: 60)||
|^ The number of minutes authentication information is cached before being
revalidated from the authentication source. Zero disables caching (with a
resultant impact on performance as each request requiring authentication is
validated directly from the source).
|item| |*.[AuthDigest] |=ENABLED\|DISABLED||||
|/.(default: DISABLED)||
|^ Enables or disables Digest username authentication.
|item| |*.[AuthDigestGetLife] |/integer||||
|/.(default: 0)||
|^ The number of seconds a digest nonce for a GET request (read) can be used
before becoming stale.
|item| |*.[AuthDigestPutLife] |/integer||||
|/.(default: 0)||
|^ The number of seconds a digest nonce for a PUT (/POST/DELETE ... write)
request can be used before becoming stale.
|item| |*.[AuthFailureLimit] |/integer||||
|/.(default: 0)||
|^ The number of unsuccessful attempts at authentication before the username
is disabled. Once disabled any subsequent attempt is automatically refused
without further reference to the authentication source. A disabled username
can be reenabled by simply purging the cache.
Parallels the purpose of SYSGEN parameter LGI_BRK_LIM.
|item| |*.[AuthFailurePeriod] |/hh:mm:ss||||
|/.(default: 00:00:00)||
|^ The period during which [AuthFailureLimit] is applied.
Parallels the purpose of SYSGEN parameter LGI_BRK_TMO.
|item| |*.[AuthFailureTimeout] |/hh:mm:ss||||
|/.(default: 00:00:00)||
|^ The period during which which any intrusion aversion is applied.
Parallels the purpose of SYSGEN parameter LGI_HID_TIM.
|item| |*.[AuthRevalidateUserMinutes] |/integer||||
|/.(default: 60)||
|^ The number of minutes between authenticated requests that user
authentication remains valid before the user is forced to reenter the
authentication information (via browser dialog). Zero disables the requirement
for revalidation.
|item| |*.[AuthSysUafAcceptExpPwd] |=ENABLED\|DISABLED||||
|/.(default: DISABLED)||
|^ If a SYSUAF authenticated password has expired (password lifetime has
been reached) accept it anyway (in much the same way network logins are
accepted in similar circumstances). This is very different to
|/account expiry||, after which authentication is always rejected.
|item| |*.[AuthSysUafLogonType]
|=LOCAL\|DIALUP\|NETWORK\|REMOTE||||
|/.(default: NETWORK)||
|^ When SYSUAF authentication is performed |/account access
restrictions|| are checked. By default NETWORK restrictions are used but this
global configuration parameter allows another to be specified.
|item| |*.[AuthSysUafPwdExpURL] |/string||||
|/.(default: none)||
|^ If a SYSUAF authenticated password is/has expired the request is redirected
to this URL to change the password.
|item| |*.[AuthSysUafUseAcme]||
|^ |/Obsolete for WASD V9.3 and following.||
|item| |*.[BufferQuotaDclOutput] |/integer||||
|/.(default: [BufferSizeDclOutput] + 256)||
|^ The number of bytes allocated to script SYS$OUTPUT mailbox capacity. The
[BufferSizeDclOutput] sets the maximum record size and [BufferQuotaDclOutput]
the total number of bytes that can be outstanding at any given time.
|item| |*.[BufferSizeDclCgiHeader] |/integer||||
|/.(default: 2048)||
|^ The number of bytes allocated to store and process a script CGI response
header.
|item| |*.[BufferSizeDclCgiPlusIn] |/integer||||
|/.(default: 2048)||
|^ The number of bytes (and hence BYTLM quota) permanently allocated to each
scripting process CGIPLUSIN mailbox.
|item| |*.[BufferSizeDclCommand] |/integer||||
|/.(default: 3072)||
|^ The number of bytes (and hence BYTLM quota) permanently allocated to each
scripting process SYS$COMMAND mailbox.
|item| |*.[BufferSizeDclOutput] |/integer||||
|/.(default: 4096)||
|^ The number of bytes (and hence BYTLM quota) permanently allocated to each
scripting process SYS$OUTPUT mailbox.
|item| |*.[BufferSizeNetFile] |/integer||||
|/.(default: none)||
|^ The maximum bytes to be allocated to a buffer when transfering file
content. For larger files this can improve both the reading of the file
content from disk and when appropriately |/tuned|| to the local system
the transmission of that content to the client, significantly increasing data
rates. Limited to the $QIO maximum I/O unit of 65,535 bytes. Bigger is not
always necessarily better (in the sense it always improves data rates).
|item| |*.[BufferSizeNetMTU] |/integer||||
|/.(default: none)||
|^ This more esoteric directive attempts to minimise network buffer
transmission wastage by rounding the output buffer size up to the network
interface MTU (maximum transmission unit). This can provide small improvements
to transmission efficiency. For example a filled buffer of 4096 with an MTU of
1500 sends two 1500 byte packets and then one of 1096 bytes, theoretically
wasting some 404 bytes. A potentially better choice of buffer size would be
4500. Setting this directive to 1500 would result in the server automatically
rounding a [BufferSizeNetWrite] value (for example) from 4096 up to 4500.
|item| |*.[BufferSizeNetRead] |/integer||||
|/.(default: 2048)||
|^ The number of bytes allocated to the network read buffer (used for request
header, POST body, etc.). Also the number of bytes (and hence BYTLM quota)
permanently allocated to each scripting process SYS$INPUT mailbox (allowing
a script to read a request body).
|item| |*.[BufferSizeNetWrite] |/integer||||
|/.(default: 4096)||
|^ Number of bytes allocated to the network write buffer. This buffer is used
as the basic unit when transfering file contents (from cache or the file
system), as an output buffer during SSI pocessing, directory listing, etc.
During many activities multiple outputs are buffered into this storage before
being written to the network.
|item| |*.[Cache] |=ENABLED\|DISABLED||||
|/.(default: DISABLED)||
|^ File cache control.
|item| |*.[CacheChunkKBytes] |/integer||||
|/.(default: 0)||
|^ Granularity of memory blocks allocated to file data, in kilobytes.
|item| |*.[CacheEntriesMax] |/integer||||
|/.(default: 0)||
|^ Maximum number of files loaded into the cache before entries are reused
removing the original contents from the cache.
|item| |*.[CacheFileKBytesMax] |/integer||||
|/.(default: 0)||
|^ Maximum size of a file before it is not a candidate for being cached, in
kilobytes.
|item| |*.[CacheFrequentHits] |/integer||||
|/.(default: 0)||
|^ Minimum, total number of hits an entry must sustain before being a
candidate for [CacheFrequentPeriod] assessment.
|item| |*.[CacheFrequentPeriod] |/hh:mm:ss||||
|/.(default: 00:00:00)||
|^ If a file has been hit at least [CacheFrequentHits] times in total and the
last was within the period here specified it will not be a candidate for reuse.
See |link|Cache Configuration||.
|item| |*.[CacheGuardPeriod] |/integer||||
|/.(default: 15)||
|^ During this period subsequent |/reloads|| (no-cache) requests will
not result in the entry being revalidated or reloaded. This can guard period
can help prevent unnecessary file system activity.
|item| |*.[CacheEntriesMax] |/integer||||
|/.(default: 0)||
|^ |/Obsolete for WASD V8.0 and following.||
|item| |*.[CacheTotalKBytesMax] |/integer||||
|/.(default: 0)||
|^ Maximum memory allocated to the cache, in kilobytes.
|item| |*.[CacheValidatePeriod] |/hh:mm:ss||||
|/.(default: 00:00:00)||
|^ The interval after which a cache entry's original, content revision time
is revalidated against the file's current revision time. If not the same the
contents are declared invalid and reloaded.
|item| |*.[CharsetConvert] |/string||||
|/.(default: none)||
|^ Document and CGI script output can be dynamically converted from one
character set to another using the standard VMS NCS conversion library. This
directive provides the server with character set aliases (those that are for
all requirements the same) and which NCS conversion function may be used to
convert one character set into another. The general format is
|code|
document-charset accept-charset[,accept-charset..] [NCS-function-name]
|!code|
|^ When this directive is configured the server compares each text response's
character set (if any) to each of the directive's |/document charset||
string. If it matches it then compares each of the |/accepted
charset|| (if multiple) to the request "Accept-Charset:" list of accepted
characters sets. If the same is is either accepted as-is or if a conversion
function specified converted by NCS as the document is transfered.
|code|
windows-1251 windows-1251,cp-1251
windows-1251 koi8-r koi8r_to_windows1251_to_koi8r
koi8-r koi8-r,koi8
koi8-r windows-1251,cp-1251 koi8r_to_windows1251
|!code|
|item| |*.[CharsetDefault] |/string||||
|/.(default: none)||
|^ The default character set sent in the response header for text documents
(plain and HTML). English language sites should specify ISO-8859-1, other
Latin alphabet sites, ISO-8859-2, 3, etc. Cyrillic sites might wish to specify
ISO-8859-5 or KOI8-R, and so on.
|item| |*.[CgiStrictOutput]
|=ENABLED\|DISABLED||||
|/.(default: DISABLED)||
|^ A script must output a full HTTP or CGI-compliant response. If a
plain-text stream is output an error is reported (being the more common
behaviour for servers). Errors in output can be disagnosed using the WATCH
facility.
|item| |*.[ConnectMax] |/integer||||
|/.(default: 200)||
|^ The maximum number of concurrent client connections before a
"|/server too busy right now ... try again shortly||" error
is returned to the client.
|item| |*.[DclBitBucketTimeout] |/hh:mm:ss||||
|/.(default: 0)||
|^ Period a script is allowed to continue processing before being terminated
after a client prematurely disconnects. An approptiate setting allows most
scripts to conclude elegantly and be available for further use. This improves
scripting efficiency significantly. Setting this period to zero terminates
scripts (and their associated processes) immediately a client is detected as
having disconnected.
|item| |*.[DclCleanupScratchMinutesMax] |/integer||||
|/.(default: 0)||
|^ Whenever the last scripting process is removed from the system, or this
number of minutes maximum (whichever occurs first), scan the WASD_SCRATCH
directory (if logical defined and it exists) deleting all files that are older
than [DclCleanupScratchMinutesOld] minutes. Setting to zero disables
WASD_SCRATCH scans.
|item| |*.[DclCleanupScratchMinutesOld] |/integer||||
|/.(default: 0)||
|^ When performing a [DclCleanupScratchMinutesMax] scan delete files that are
older than this value (or the value specified by [DclCleanupScratchMinutesMax],
whichever is the larger).
|item| |*.[DclCgiPlusLifeTime] |/hh:mm:ss||||
|/.(default: 0)||
|^ If non-zero the CGIplus process is terminated the specified period after it
last processed a request (idle for that period). Adjusting the period to suit
the site allows frequently used persistent scripts and scripting engines to
remain resident while more sporadically accessed ones do not remain
unecessarily. If this value is zero (or unconfigured) the idle timeout is one
hour.
|item| |*.[DclDetachProcess]
|=ENABLED\|DISABLED||||
|/.(default: DISABLED)||
|^ By default scripts are executed within server processes. When enabled
this instructs the server to create detached processes. This side-steps the
issues of having pooled process quotas and also allows non-server-account
scripting and in particular "Scripting Overview, Introduction".
|item| |*.[DclDetachProcessPriority] |/integer[,integer]||||
|/.(default: same as server)||
|^ When detached scripting processes are created it is possible to assign them
base priorities lower that the server itself. This directive takes one or two
(comma-separated) integers that determine how many priorities lower than the
server scripting processes are created. The first integer determines server
processes. A second, if supplied, determines user scripts. User scripts may
never be a higher priority that server scripts.
|code|
[DclDetachProcessPriority] 1
[DclDetachProcessPriority] 0,1
[DclDetachProcessPriority] 1,2
|!code|
The first of these examples would set both server and user script
processes one below the server process. The second, server scripts at the same
priority and user scripts one below. The last, server scripts one below, and
user scripts two below.
|item| |*.[DclGatewayBG]
|=ENABLED\|DISABLED||||
|/.(default: DISABLED)||
|^ When enabled, non-SSL, process script CGI environments have a CGI
variable WWW_GATEWAY_BG created containing the device name
(BG|/nnnn||:) of the TCP/IP socket connected to the client. This
socket may be accessed by the script for transmission of data directly to the
script bypassing the server entirely. This is obviously much more efficient
for certain classes of script. For purposes of accurate logging the server
does need to be informed of the quantity of data transfered using a CGI
callout. See "Scripting Environment" document.
|item| |*.[DclHardLimit] |/integer||||
|/.(default: 0)||
|^ The maximum number of DCL/CGI script processing processes that may ever
exist concurrently (works in conjunction with [DclSoftLimit].
|item| |*.[DclScriptProctor] |/string||||
|/.(default: none)||
|^ Script proctoring proactively creates and maintains specific persistent
scripts and scripting environments (RTEs). It is intended for those
environments that have some significant startup latency.
|^- See |link%|../scripting/##|WASD Web Services - Scripting||
for further information.
|item| |*.[DclScriptRunTime] |/string||||
|/.(default: none)||
|^ One or more file type (extension) specification and scripting verb pairs.
See "Scripting Overview, Runtime".
|item| |*.[DclSoftLimit] |/integer||||
|/.(default: 0)||
|^ The number of DCL/CGI script processing processes after which idle
processes are deleted to make room for new ones. The [DclHardLimit] should
be approximately 25% more than the [DclSoftLimit]. The margin exists to allow
for occasional slow run-down of deleted/finishing processes. If these
limits are not set (i.e. zero) they are calculated with [ProcessMax] using
"[DclSoftLimit] = [ProcessMax]" and "[DclHardLimit] =
[DclSoftLimit] + [DclSoftLimit] / 4".
|item| |*.[DclSpawnAuthPriv]
|=ENABLED\|DISABLED||||
|/.(default: DISABLED)||
|^ By default, when a DCL/scripting subprocess is spawned it inherits the
server's currently enabled privileges, which are |*none||, not
even TMPMBX or NETMBX. If this parameter is enabled the subprocess is created
with the server account's SYSUAF-authorized privileges (which should never be
other than NETMBX and TMPMBX). Use with caution.
|item| |*.[DclZombieLifeTime] |/hh:mm:ss||||
|/.(default: 00:00:00)||
|^ If this value is zero the use of persistant DCL processes is disabled.
If non-zero the |/zombie|| process is terminated the specified
period after it last processed a request. This helps prevent zombie processes
from clogging up a system. See "Scripting Environment" document.
|item| |*.[DECnetReuseLifeTime] |/hh:mm:ss||||
|/.(default: 00:00:00)||
|^ Period a DECnet scripting connection is maintained with the network task.
Zero disables connection reuse.
|item| |*.[DECnetConnectListMax] |/integer||||
|/.(default: 0)||
|^ The size of the list used to manage connections for DECnet scripting. Zero
effectively allows the server to use as many DECnet scripting connections as
demanded.
|item| |*.[DirAccess] |=ENABLED\|DISABLED\|SELECTIVE||||
|/.(default: DISABLED)||
|^ Controls directory listings. |=SELECTIVE|| allows access
only to those directories containing a file
|=.WWW_BROWSABLE||. The WASD HTTPd directory access
facility always ignores directories containing a file named
|=.WWW_HIDDEN||. Also see the [DirWildcard]
directive.
|item| |*.[DirBodyTag] |/string||||
|/.(default: )||
|^ Specifies the HTML tag for directory listing pages. This
allows some measure of site "look-and-feel" in page colour, background,
etc. to be employed.
|item| |*.[DirDescriptionLines] |/integer||||
|/.(default: 0)||
|^ Non-Zero enables HTML file descriptions during listings. Generating HTML
descriptions involves opening each HTML file and searching for
... and ...
text to generate the
description. This is an obviously resource-intensive activity and on busy
servers or systems may be disabled. Any non-zero number specifies the number
of lines to be searched before quitting. Set to a very high number to search
all of files' contents (e.g. 999999).
|item| |*.[DirLayout] |/string||||
|/.(default: I__L__R__S__D)||
|^ Allows specification of the directory listing layout. This is a short,
case-insensitive string that specifies the included fields, relative placement
and optionally the width of the fields in a directory listing. Each field is
controlled by a single letter and optional leading decimal number specifying
its width. If a width is not specified an appropriate default applies. An
underscore is used to indicate a single space and is used to separate the
fields (two consecutive works well).
|simple#|
|item| |*C|| - creation date
|item| |*D|| - description (generally best specified last)
|simple#|
|item| |*D:L|| - for files, make a link out of the description text
|!simple#|
|item| |*I|| - icon (takes no field-width attribute)
|simple#|
|item| |*L|| - link (highlighted anchor using the name of the file)
|item| |*L:F|| - file-system name (for ODS-5 displays spaces, etc.)
|item| |*L:N|| - name-only, do not display the extension
|item| |*L:U|| - force name to upper-case
|!simple#|
|item| |*N|| - name (no link, why bother? who knows!)
|item| |*O|| - owner (can be disabled)
|item| |*R|| - revision date
|item| |*S|| - size
|simple#|
|item| |*S:B|| - in bytes (comma-formatted)
|item| |*S:D|| - decimal kilos (see below)
|item| |*S:F|| - kilo and mega are displayed to one decimal place
|item| |*S:K|| - in kilo-bytes (and fractions thereof)
|item| |*S:M|| - in mega-bytes (and fractions thereof)
|!simple#|
|item| |*U|| - upper-case file and directory names (must be the
first character)
|!simple#|
|^ The following shows some examples:
|code|
[DirLayout] I__L__R__S__D
[DirLayout] I__L__R__S:b__D
[DirLayout] I__15L__S__D
[DirLayout] UI__15L__S__D
[DirLayout] 15L__9R__S
[DirLayout] 15N_9C_9R_S
[DirLayout] I__L__R__S:d__D
[DirLayout] 25D:l__S:b__C__R
|!code|
|^ The size of files is displayed by default as 1024 byte kilos. When using
the "S:k", "S:m" and "S:f" size modifiers the size is
displayed as 1000 byte kilos. If it is prefered to have the default display
in 1000 byte kilos then set the directory listing layout using:
|code|
[DirLayout] I__L__R__S:d__D
|!code|
|^ If unsure of the kilo value being used check the
"" information in the directory listing.
|item| |*.[DirMetaInfo] |=ENABLED\|DISABLED||||
|/.(default: DISABLED)||
|^ Includes, as information, the software ID of the server
and any relevant VMS file information.
|item| |*.[DirNoImpliedWildcard] |=ENABLED\|DISABLED ||||
|/.(default: DISABLED)||
|^ When a directory is accessed having no file or type component and there is
no welcome page available a directory listing is generated. By default any
other directory accessed from this listing has the implied wildcards "*.*"
added, consequently forcing directory listings. If enabled, this directive
ensures no wildcards are added, so subsequent directories accessed with
welcome pages display the pages, not a forced listing.
|item| |*.[DirNoPrivIgnore] |=ENABLED\|DISABLED ||||
|/.(default: DISABLED)||
|^ To prevent browsing through directories (perhaps due to inadvertant
mapping) that have file permissions allowing no WORLD access the server stops
listing and reports the error the first time a protection violation occurs.
This behaviour may be changed to ignore the violation, listing only those files
to which it has access.
|item| |*.[DirOwner] |=ENABLED\|DISABLED| |
|/.(default: DISABLED)||
|^ Allows specification and display of the RMS file owner information.
|item| |*.[DirPreExpired] |=ENABLED\|DISABLED| |/.(default: DISABLED)| |
|^ Directory listings and trees may be |/pre-expired||. That is, the
listing is reloaded each time the page is referenced. This is convenient in
some environments where directory contents change frequently, but adds
considerable over-head and so is disabled by default. Individual directory
listings may have the default behaviour over-ridden using syntax similar to the
following examples:
|code|
/dir1/dir2/*.*?httpd=index?expired=yes
/dir1/dir2/*.*?httpd=index?expired=no
/tree/dir2/?httpd=index?expired=yes
/tree/dir1/dir2/?httpd=index?expired=no
|!code|
|item| |*.[DirReadme] |=TOP\|BOTTOM \|
OFF|||| |/.(default: DISABLED)||
|^ If any of the files provided using the [DirReadMeFile] directive are
located in the directory the contents are included at the top or bottom of the
listing (or not at all). Plain-text are included as plain-text, HTML are
included as HTML allowing markup tags to be employed.
|item| |*.[DirReadMeFile] |=file.suffix||||
|/.(no default)||
|^ Specifies the names and order in which a directory is checked for
|/read-me|| files. This can be enabled or disabled using the
[DirReadme] directive. Plain-text are included as plain-text, HTML are
included as HTML allowing markup tags to be employed.
|^ Examples:
|code|
[DirReadMeFile]
readme.html
readme.htm
readme.
readme.txt
readme.1st
|!code|
|item| |*.[DirWildcard] |=OFF\|ON||||
|/.(default: DISABLED)||
|^ This enables the facility to |/force|| the server to provide a
directory listing by providing a wildcard file specification, even if there is
a home (welcome) document in the directory. This should not be confused with
the [DirAccess] directive which controls directory listing itself.
|item| |*.[DNSLookupClient] |=ENABLED\|DISABLED||||
|/.(default: DISABLED)||
|^ Enables or disables connection request host name resolution. This
functionality may be expensive (in terms of processing overhead) and make
serving granularity coarser if DNS is involved. If not enabled and logging
is, the entry is logged against the literal internet address. If not enabled
any [Accept], [Reject] or conditional directive, etc., must be expressed as a
literal address.
|item| |*.[DNSLookupLifetime] |/hh:mm:ss||||
|/default 00:10:00||
|^ The period for which a host name/address is cached (applies to both client
lookup and proxy host lookup).
|item| |*.[DNSLookupRetry] |/integer||||
|/.(default: 2)||
|^ The number of attempts, at two second intervals, made to resolve a host
name/address (applies to both client lookup and proxy host lookup).
|item| |*.[EntityTag] |=ENABLED\|DISABLED||||
|/.(default: ENABLED)||
|^ An entity tag is a client-opaque string used in strong cache validation.
WASD generates this using the on-disk file identification (FID) and binary
last-modified date-time (RDT). This is then used as a definitive identifier
for a specified on-disk resource fixed in file-system space-time (hmmm, sounds
like an episode of Star Trek).
|item| |*.[ErrorReportPath] |/string [status...]||||
|/.(default: none)||
|^ Specifies the |*URL-format path|| to an optional, error reporting SSI
document or script. See |link|Error reporting||. This path can subsequently be
remapped during request processing. Optional, space-separated HTTP status
codes restrict the path to those codes, with the remainder handled by
server-internal reporting.
|item| |*.[ErrorRecommend] |=ENABLED\|DISABLED||||
|/.(default: DISABLED)||
|^ Provides a short message recommending action when reporting an error to a
client. For example, if a document cannot be found it may say:
|code|
|/.(document, or bookmark, requires revision)||
|!code|
|item| |*.[GzipAccept] |/integer||||
|/.(default: 0)||
|^ Enables GZIP encoding of request bodies.
See |link|GZIP Encoding||.
|item| |*.[GzipFlushSeconds] |/integer||||
|/.(default: 0)||
|^ Adjusts the maxiumum period period between GZIP buffer flushes.
See |link|GZIP Encoding||.
|item| |*.[GzipResponse] |/integer||[|/integer,integer||]||
|/.(default: 0)||
|^ Enables GZIP encoding (deflation) for suitable requests and responses.
Valid values are 1 for minimum compression (and minimum resource usage) through
to 9 for maxiumum compression (and maximum resource usage). The value 9 is
recommended. See |link|GZIP Encoding||.
|item| |*.[Http2Protocol]||
|*enable||\||*disable||
|/.(default: disable)||)
|^ Enable or disable (default) HTTP/2 for all services. The default for a
service follows the global setting. A service must explicitly disable HTTP/2
if that is required.
|item| |*.[Http2FrameSizeMax] |/integer||||
|/.(default: 65535)||
|^ The maximum permitted size (in octets) of an HTTP/2 frame sent from the
client.
|item| |*.[Http2HeaderListMax] |/integer||||
|/.(default: 65535)||
|^ The maximum permitted size (in bytes) of a request header sent from the
client.
|item| |*.[Http2HeaderTableMax] |/integer||||
|/.(default: 4096)||
|^ The maximum permitted size (in bytes) of a request header compression
table.
|item| |*.[Http2PingSeconds] |/hh:mm:ss||||
|/.(default: 00:05:00)||
|^ The period at which HTTP/2 pings are sent from the server to the client to
calculate the (then) Round Trip Time (RTT) of the connection.
|item| |*.[Http2StreamMax] |/integer||||
|/.(default: 32)||
|^ Maximum number of concurrent streams (requests) supported by the
connection.
|item| |*.[Http2InitWindowSize] |/integer||||
|/.(default: 65535)||
|^ Initial flow-control window size (in bytes).
|item| |*.[InstanceMax]
|/integer||\||=CPU||||
|/.(default: 1)||
|^ Number of per-node server processes to create and maintain.
If set to "CPU" once instance per CPU is created.
|item| |*.[InstancePassive] |=ENABLED\|DISABLED||||
|/.(default: DISABLED)||
|^ Start a multiple instance server already in |/passive|| mode.
|item| |*.[Logging] |=ENABLED\|DISABLED||||
|/.(default: DISABLED)||
|^ Enables or disables the request log. Logging can slow down request
processing and adds overhead. The log file name must be specified using the
/LOG qualifier or WASD_CONFIG_LOG logical name (|link|Logical Names||).
|item| |*.[LogExcludeHosts] |/string||||
|/.(default: none)||
|^ One or more (comma-separated if on the same line) internet host/domain
names, with "*" wildcarding for host/subdomain matching, requests from
which are not placed in any log files. If DNS lookup is not enabled hosts must
be expressed using literal addresses (see [DNSLookup] directive). Use for
excluding local or web-maintainer's host from logs.
|^ Example:
|code|
[LogExcludeHosts]
*.www.example.com
131.185.250.*
|!code|
|item| |*.[LogExtend] |/integer||||
|/.(default: 0)||
|^ Number of blocks allocated when when a log file is opened or extended. If
set to zero it uses the process default (SET RMS_DEFAULT /EXTEND_QUANTITY).
|item| |*.[LogFile] |/string||||
|/.(default: none)||
|^ Provides some or all of the access log file name.
See |link|Log Per-Period||.
|item| |*.[LogFormat] |/string||||
|/.(default: COMMON)||
|^ Specifies one of three pre-defined formats, or a user-definable format.
See |link|Log Format||.
|item| |*.[LogNaming] |/string||||
|/.(default: none)||
|^ When [LogPeriod] or [LogPerService] directives are used to generate
multiple log files this directive may be used to modify the naming of the file.
See |link|Log Naming||.
|item| |*.[LogPeriod] |/string||||
|/.(default: none)||
|^ Specifies a period at which the log file is changed.
See |link|Log Per-Period||.
|item| |*.[LogPerInstance] |=ENABLED\|DISABLED||||
|/.(default: DISABLED)||
|^ When multiple instances are configured (see
|link%|../features/##Instances and Environments| of
|link%|../features/##|WASD Features and Facilities||)
create a separate log for each. This has significant performance advantages.
See |link|Log Per-Instance||.
|item| |*.[LogPerService] |=ENABLED\|DISABLED||||
|/.(default: DISABLED)||
|^ When multiple services are specified (|\(hd_virtual_services)||)
a separate log file will be created for each if this is enabled. See
|link|Log Per-Service||.
|item| |*.[LogPerServiceHostOnly] |=ENABLED\|DISABLED||||
|/.(default: DISABLED)||
|^ When generating a log name do not make the port number part of it. This
effectively provides a single log file for all ports provided against a host
name (e.g. a standard HTTP service on port 80 and an SSL service on port 443
would have entries in the one file). See |link|Log Per-Service||.
|item| |*.[LogWriteFail503] |=ENABLED\|DISABLED||||
|/.(default: DISABLED)||
|^ After an access log record fails to write all subsequent requests return a
503 service unavailable response until records can be successfully written
again. This can be used to prevent access to server resources unless an access
audit log is available.
|item| |*.[Monitor] |=ENABLED\|DISABLED||||
|/.(default: DISABLED)||
|^ Allows monitoring via the HTTPDMON utility. Adds slight request processing
overhead.
|item| |*.[NoticeInvalid] |/integer||||
|/.(default: 999)||
|^ The server process log records obviously invalid request headers.
|code|
%HTTPD-W-NOTICED, 16-OCT-2022 22:09:40, REQUEST:2666, CHAR \x03 at 0 of 44
-NOTICED-I-SERVICE, http://klaatu.lan:80
-NOTICED-I-CLIENT, 94.232.47.167
-NOTICED-I-HTTP, 1
-NOTICED-I-RXTX, err:0/0 raw:44/0 net:44/0
0300002C 27E00000 00000043 6F6F6B69 653A206D 73747368 6173683D 446F6D61 ...,'......Cookie: mstshash=Doma
696E0D0A 01000800 03000000 in..........
|!code|
|^ These can consume considerable storage and clutter the log. The integer 0
disables such reporting; 1 reports the notice only; and 2..|/n| the specified
number of data lines (999 the default and effectively any size request).
|^ The equivalent /DO=NOTICE=INVALID=|/integer| provides the same command-line
based but ad hoc control.
|item| |*.[OpcomAdmin] |=ENABLED\|DISABLED||||
|/.(default: DISABLED)||
|^ Report to operator log and any enabled operator console (see [OpcomTarget])
server administration directives originating from the Server Administration
Menu, for example path map reload, server restart, etc.
|item| |*.[OpcomAuthorization] |=ENABLED\|DISABLED||||
|/.(default: DISABLED)||
|^ Report events related to authentication/authorization. For example
username-password validation failures.
|item| |*.[OpcomControl] |=ENABLED\|DISABLED||||
|/.(default: DISABLED)||
|^ Report HTTPD/DO=|/directive|| control events, both the command-line
directive and the server's response.
|item| |*.[OpcomHTTPd] |=ENABLED\|DISABLED||||
|/.(default: DISABLED)||
|^ Report events concerning the server itself. For example, server startup
and exit (either normally or with error status).
|item| |*.[OpcomProxyMaint] |=ENABLED\|DISABLED||||
|/.(default: DISABLED)||
|^ Report events related to proxy server cache maintenance. For example, the
commencement of file cache reactive and proactive purging, the conclusion of
this purge, both with cache device statistics.
|item| |*.[OpcomTarget] |/string||||
|/.(default: DISABLED)||
|^ This enables OPCOM messaging and specifies the target for the OPCOM
reports. This must be set to a target to enable OPCOM messages, irrespective
of the setting of any of the other [Opcom...] directives. These messages are
added to SYS$MANAGER:OPERATOR.LOG and displayed at the specified operator's
console if enabled (using REPLY/ENABLE=target). The operator log provides a
"permanent" record of server events. Possible settings include
CENTRAL, NETWORK, SECURITY, OPER1 |...| OPER12, etc.
|item| |*.[PipelineRequests] |=ENABLED\|DISABLED||||
|/.(default: ENABLED)||
|^ Pipelining refers to multiple requests being sent over an assumed
persistent connection without waiting for the response from previous requests.
Such behaviour with capable clients and servers can significantly reduce
response latency.
|item| |*.[Port] |/integer||||
|/.(default: 80)||
|^ IP port number for server to bind to. For anything other than a
command-line server control this parameter is overridden by anything supplied
via the [Service] |*|/.(deprecated)|||| directive.
|item| |*.[ProcessMax] |/integer||||
|/.(default: 100)||
|^ The maximum number of concurrent client request being processed before a
"|/server too busy right now ... try again shortly||" error
is returned to the client. If not explicitly set this defaults to the same
value as [ConnectMax]. This directive allows a larger number of persistent
connections to be maintained than are concurrently being processed at any given
moment.
|item| |*.[ProxyCache...]|
|^ Proxy caching obsolete from v12.0.0.
|item| |*.[ProxyConnectPersistMax] |/integer||||
|/.(default: 100)||
|^ The maximum number of established connections that are maintained to remote
servers.
|item| |*.[ProxyConnectPersistSeconds] |/hh:mm:ss||||
|/.(default: 00:00:30)||
|^ Period for which the established connections persist. At expiry the
connection is closed.
|item| |*.[ProxyConnectTimeoutSeconds] |/hh:mm:ss||||
|/.(default: 00:00:30)||
|^ Period for which the proxy server will attempt to establish a network
connection to the origin (remote) server.
|item| |*.[ProxyForwarded]
|=BY\|DISABLED\|FOR\|ADDRESS||||
|/.(default: DISABLED)||
|^ BY enables the addition of a proxy request header line providing
information that the request has been forwarded by another agent. The added
header line would look like "Forwarded: by http://server.name.domain
(HTTPd-WASD/n.n.n OpenVMS/AXP Digital-TCPIP SSL)". If the FOR variant is used
the field included the host name (or ADDRESS) the request is being forwarded on
behalf of, as in "Forwarded: by http://server.name.domain
(HTTPd-WASD/n.n.n OpenVMS/AXP Digital-TCPIP SSL) for host.name.domain".
|item| |*.[ProxyHostLookupRetryCount] |/integer||||
|/.(default: 0)||
|^ When the server is resolving the name of a remote host the request may
timeout due to up-stream DNS server latencies. This parameter allows a number
of retries, at five second intervals, to be enabled.
|item| |*.[ProxyReportLog] |=ENABLED\|DISABLED||||
|/.(default: DISABLED)||
|^ Enables or disables the server process log reporting siginificant proxy
processing events.
|item| |*.[ProxyReportCacheLog]|
|^ Proxy caching obsolete from v12.0.0.
|item| |*.[ProxyServing] |=ENABLED\|DISABLED||||
|/.(default: DISABLED)||
|^ Enables or disables proxy serving on a whole-of-server basis, irrespective
of any proxy services that might be configured.
|item| |*.[ProxyUnknonwRequestFields] |=ENABLED\|DISABLED||||
|/.(default: DISABLED)||
|^ When enabled propagates all request fields provided by the client
through to the proxied server. When disabled only propagates fileds that WASD
recognises.
|item| |*.[ProxyVerifyRecordMax] |/integer||||
|/.(default: 0)||
|^ Obscure functionality; see WASD Proxy Service feature.
|item| |*.[ProxyXForwardedFor]
|=ADDRESS\|DISABLED\|ENABLED\|UNKNOWN||||
|/.(default: DISABLED)||
|^ Enables the addition of a proxy request header line providing the host name
on behalf of which the request is being proxied. The added header line would
look like "X-Forwarded-For: host.name.domain". THE ADDRESS variant
provides the IP address, and the UNKNOWN variant substitutes
"unknown" for the host. This field is degined to be compatible with
the |/Squid|| de facto standard field of the same name. Any request
with an existing "X-Forwarded-For:" field has the local information
appended to the existing as a comm-separated list. The first host in the field
should be the original requesting client.
|item| |*.[PutBinaryRFM]
|/FIX512\|STM\|STMCR\|STMLF\|UDF||||
|/.(default: UDF)||
|^ Record format for a non-text HTTP POST or PUT upload into the file-system.
Has a per-path equivalent. The precedence for determining the created file
record format is [AddType] RFM:, then any per-path PUT=RFM= mapping rule, then
[PutBinaryRFM], then the default of UDF.
|item| |*.[PutMaxKBytes]
|/integer||||
|/.(default: 250)||
|^ Maximum size of an HTTP POST or PUT method request in Kilobytes. Has a
per-path equivalent.
|item| |*.[PutVersionLimit] |/integer||||
|/.(default: 3)||
|^ File created using the POST or PUT methods have the specified version limit
applied.
|item| |*.[RegEx] |=ENABLED\|DISABLED||||
|/.(default: DISABLED)||
|^ Enable regular expression matching. With the possibility of the reserved
character "^" being used in existing mapping rules regular expression string
matching (|link|String Matching||) is only available after enabling this
directive.
|^ The default syntax is POSIX EGREP but can be specified by substituting for
|=ENABLED|| one of the following keywords; AWK, ED, EGREP,
GREP, POSIX_AWK, POSIX_BASIC, POSIX_EGREP, POSIX_EXTENDED, POSIX_MINIMAL_BASIC,
POSIX_MINIMAL_EXTENDED, SED. When changed from the default |/enabled||
(WASD) case-insensitivity is lost.
|09reject_reject|
|item| |*.[Reject] |/file name||||
|^ A logical or physical file name locating a file containing |/reject|
directives.
|code|
[Reject]
WASD_CONFIG_REJECT
|!code|
|/ -or-|
|^ |*.[Reject] |/host/domain name||||
|/.(default: none)||
|^ One or more newline separated internet host/domain
names, with "*" wildcarding for host/subdomain matching, to be
explicitly denied access. If DNS lookup is not enabled hosts must be expressed
using literal addresses (see [DNSLookup] directive). Also see the [Accept]
directive. Accept directives have precedence over reject directives.
|^ Example:
|code|
[Reject]
*.www.example.com
131.185.250.*
|!code|
|^ See |link|Connection_Accept_and_Reject||.
|item| |*.[ReportBasicOnly] |=ENABLED\|DISABLED||||
|/.(default: DISABLED)||
|^ Only ever supply basic information in a report (|link|Error Reporting||).
|item| |*.[ReportMetaInfo] |=ENABLED\|DISABLED||||
|/.(default: DISABLED)||
|^ Includes in detailed reports, as information, the
software ID of the server and any relevant VMS file information.
|item| |*.[RequestHistory] |/integer||||
|/.(default: 0)||
|^ The server can keep a list of the most recent requests accessible from the
Server Administration page. This value determines the number kept. Zero
disables the facility. Each retained request consumes 256 bytes and adds a
small amount of extra processing overhead.
|item| |*.[Scripting] |=ENABLED\|DISABLED||||
|/.(default: ENABLED)||
|^ Enables and disables |*all|| scripting mechanisms. This
includes CGI and CGIplus, DECnet-based OSU and CGI, and SSI
directives that DCL processes to provide <--#dcl -->,
<--#exec -->, etc.
|item| |*.[SearchScript] |/path||||
|/.(no default)||
|^ Specifies the |*URL-format path|| to the default query-string
keyword search script. This path can subsequently be remapped during request
processing.
|^ Example:
|code|
[SearchScript] /wasd_root/script/query
|!code|
|item| |*.[SearchScriptExclude] |/list||||
|/.(no default)||
|^ Provides a list of file types that are excluded from an implied keyword
search. This is useful for client-side (browser-side) active processing that
may require a query string to pass information. This query string would
normally be detected by the server and if not in a format to be meaningful to
itself is then considered as an implied (HTML ) keyword
search, with the approriate script being activiated.
|^ Example:
|code|
[SearchScriptExclude] .HTA,.HTL
|!code|
|item| |*.[SecureSocket] |=ENABLED\|DISABLED||||
|/.(default: DISABLED)||
|^ Enable the Secure Sockets Layer (SSL) Transport Layer Security (TLS) if the
server has been built with that option. See
|link%|../features/##Transport Layer Security| of
|link%|../features/##|WASD Features and Facilities||).
|item| |*.[ServerAdmin] |/string||||
|/.(no default)||
|^ Specifies the contact email address for server administration issues.
Included as a "mailto:" link in the server signature if
[ServerSignature] is set to |/email||.
|item| |*.[ServerAdminBodyTag] |/string||||
|/.(default: )||
|^ Specifies the HTML tag for server administration and
administration report pages. This allows some measure of control over the
"look-and-feel" of page and link colour, etc.. for the administrator.
|item| |*.[ServerReportBodyTag] |/string||||
|/.(default: )||
|^ Specifies the HTML tag for server error and other report
pages. This allows some measure of site "look-and-feel" in page colour,
background, etc. to be maintained.
|item| |*.[ServerSignature]
|=ENABLED\|EMAIL\|DISABLED||||
|/.(default: DISABLED)||
|^ The server signature is a short identifying string added to server
generated error and other report pages. It includes the server software name
and version, along with the host name and port of the service. Setting this to
|/email|| makes the host name a |/mailto:|| link containing the
address specified by the [ServerAdmin] directive.
|item| |*.[Service] |/string||||
|/.(no default)|| |*|/.(deprecated)||||
|^ This parameter allows SSL, multi-homed hosts and multiple port serving to
be specified.
|item| |*.[ServiceNotFoundURL] |/string||||
|/.(no default)||
|^ Provides a default path for reporting a virtual host does not exist, see
|link|Unknown Virtual Server||.
|item| |*.[SocketSizeRcvBuf] |/integer||||
|/.(no default)||
|^ Number of bytes allocated at the device-driver level for a network
connection receive buffer. See
|link%|../install/##VMS Server Account++in++WASD Install||.
|item| |*.[SocketSizeSendBuf] |/integer||||
|/.(no default)||
|^ Number of bytes allocated at the device-driver level for a network
connection send buffer. Later versions of TCP/IP Services seem to have
large default values for this. MultiNet and TCPware are reported to improve
transfers of large responses by increasing low default values.
See |link%|../install/##VMS Server Account++in++WASD Install||.
|item| |*.[SSI] |=ENABLED\|DISABLED||||
|/.(default: DISABLED)||
|^ Enables or disables Server Side Includes (HTML pre-processing).
|item| |*.[SSIaccesses] |=ENABLED\|DISABLED||||
|/.(default: DISABLED)||
|^ Enables or disables Server Side Includes (HTML pre-processing) file access
counter.
|item| |*.[SSIexec] |=ENABLED\|DISABLED||||
|/.(default: DISABLED)||
|^ Enables or disables Server Side Includes (HTML pre-processing) DCL
execution functionality.
|item| |*.[SSIsizeMax] |/integer||||
|/.(default: 0 (128kB))||
|^ SSI source files a completely read into memory before processing. This
allows the maximum size to be expanded beyond the default.
|item| |*.[SSLcert] |/string||||
|/.(no default)||
|note><|
|0TLS/SSL Configuration|
See
|link%|../features/##Transport Layer Security| of
|link%|../features/##|WASD Features and Facilities||).
|^-Server command line /SSL= parameter equivalents override the [SSL..]
directives.
|!note|
|^ TLS/SSL server certificate file path.
|item| |*.[SSLcipherList] |/string||||
|/.(default is OpenSSL defined)||
|^ A colon-separated list (OpenSSL syntax) of <= TLSv2.0 ciphers allowed to be
used by clients to connect to SSL services. The use of this parameter might
allow the selection of stronger ciphers to be forced to be used or the
connection not allowed to procede.
|item| |*.[SSLcipherSuites] |/string||||
|/.(default is OpenSSL defined)||
|^ A colon-separated list (OpenSSL syntax) of >= TLSv3.0 ciphers allowed to be
used by clients to connect to SSL services. The use of this parameter might
allow the selection of stronger ciphers to be forced to be used or the
connection not allowed to procede.
|item| |*.[SSLinstanceCacheMax] |/integer||||
|/.(no default)||
|^ TLS/SSL multiple WASD instance, shared session cache. Maximum number of
shared records.
|item| |*.[SSLinstanceCacheSize] |/integer||||
|/.(no default)||
|^ TLS/SSL multiple WASD instance, shared session cache. Size in bytes of each
individual record.
|item| |*.[SSLkey] |/string||||
|/.(no default)||
|^ TLS/SSL server certificate private key file path. The private key is
commonly enbedded into the certificate file.
|item| |*.[SSLoptions] |/string||||
|/.(no default)||
|^ Alphanumeric flags supported by WASD or hexadecimal value applied to the
SSL option of OpenSSL.
|item| |*.[SSLsessionCacheMax] |/integer||||
|/.(no default)||
|^ Single WASD instance, shared session cache. Maximum number of records.
Records are dynamically sized.
|item| |*.[SSLsessionLifetime] |/hh:mm:ss||||
|/.(no default)||
|^ The default maximum period for session reuse is five minutes. This may be
set globally using the this directive or on a per-service basis using the
per-service equivalent [ServiceSSLsessionLifetime].
|item| |*.[SSLstrictTransSec] |/hh:mm:ss||||
|/.(no default)||
|^ When non-zero represents the number of seconds, or maximum age, of a
HSTS "Strict-Transport-Security:" response header field. See
|link%|../features/##Transport Layer Security| of
|link%|../features/##|WASD Features and Facilities||.
There is an equivalent per-service directive.
|item| |*.[SSLverifyPeer] |=ENABLED\|DISABLED||||
|/.(default: DISABLED)||
|^ To access this service a client must provide a verified CA client
certificate.
|item| |*.[SSLverifyPeerCAfile] |/string||||
|/.(default: none)||
|^ Specifies the location of the collection of Certificate Authority (CA)
certificates used to verify a peer certificate (VMS file specification).
|item| |*.[SSLverifyPeerDataMax] |/integer||||
|/.(default: 1024)||
|^ When a client certificate is requested for authentication via TLS/SSL
renegotiation this is the maximum kilobytes POST/PROPFIND/PUT data buffered
during the renegotiation. There is an equivalent per-service directive.
|item| |*.[SSLverifyPeerDepth] |/integer||||
|/.(default: 0)||
|^ Level through a certificate chain a client is verified to.
|item| |*.[SSLversion] |/string||||
|/.(default: TLS family of protocols)||
|^ The abbreviation for the TLS/SSL protocol version allowed to be used to
connect to an SSL service. Using the directive a service may select prefered
protocols.
|item| |*.[StreamLF] |/integer||||
|/.(default: 0 (disabled))||
|^ Enables or disables automatic conversion of VARIABLE record format
documents (files) to STREAM-LF, which are much more efficient with this server.
The integer is the maximum size of a file in kilobytes that the server will
attempt to convert. Zero disables any conversions.
|item| |*.[StreamLFpaths] |/string||||
|/.(no default)||
|^ |/.(Retired in v5.3, mapping SET rule provides this now, see
|link|SET Rule||)||.
|item| |*.[TimeoutHttp2idle] |/hh:mm:ss||||
|/.(default: 01:00:00)||
|^ The maximum period of time before an idle HTTP/2 connection is issued with
a GOAWAY frame. An idle HTTP/2 connection is one where it has not processed a
request.
|item| |*.[TimeoutInput] |/hh:mm:ss||||
|/.(default: 00:01:00)||
|^ Period allowing a connection request to be in progress without
submitting a complete request header before terminating it.
|item| |*.[TimeoutPersistent] |/hh:mm:ss||||
|/.(default: 0)||
|^ The period a persistent connection with the client is maintained after the
conclusion of a request. Connection persistence improves the overall
performance of the server by reducing the number of discrete TCP/IP connections
that need to be established.
|item| |*.[TimeoutNoProgress] |/hh:mm:ss||||
|/.(default: 00:02:00)||
|^ Period allowing request output to continue without any increase
in the number of bytes transfered. This directive is targeted at identifying
and eliminating requests that have stalled.
|item| |*.[TimeoutOutput] |/hh:mm:ss||||
|/.(default: 00:10:00)||
|^ Period allowing a request to be output before terminating it.
This directive sets an absolute maximum time a request can continue to receive
output.
|item| |*.[WebDAV] |=ENABLED\|DISABLED||||
|/.(default: DISABLED)||
|^ Enable WEBdav on a server-wide basis (see
|link%|../features/##WebDAV| of
|link%|../features/##|WASD Features and Facilities||).
|item| |*.[WebDAVlocking] |=ENABLED\|DISABLED||||
|/.(default: DISABLED)||
|^ Enable WebDAV locking.
|item| |*.[WebDAVlockCollectionDepth] |/integer||||
|/.(default: 0)||
|^ Ancestor directory locking depth.
|item| |*.[WebDAVlockTimeoutDefault] |/ddd-hh:mm:ss||||
|/.(default: 01:00:00)||
|^ Set default locking period.
|item| |*.[WebDAVlockTimeoutMax] |/ddd-hh:mm:ss||||
|/.(default: 7-00:00:00)||
|^ Maximum locking period.
|item| |*.[WebDAVmetaDir] |/string||||
|/.(default: same as data file)||
|^ Location of metadata files.
|item| |*.[WebDAVquota] |=ENABLED\|DISABLED||||
|/.(default: DISABLED)||
|^ Enable disk quota reporting.
|item| |*.[Welcome] |/file.suffix||||
|/.(no default)||
|^ Specifies the names and order in which a directory is checked for home page
files. If no home page is found a directory listing is generated.
|code|
[Welcome]
index.html
index.htm
home.html
home.htm
|!code|
|^ Dynamic home pages (script or interpreter engine driven, e.g. Perl, PHP)
may be deployed using a combination of the [Welcome] and [DclScriptRunTime]
directives.
|code|
[Welcome]
index.html
index.htm
index.php
index.pl
[DclScriptRunTime]
.PHP $CGI-BIN:[000000]PHPWASD.EXE
.PL $CGI-BIN:[000000]PERLRTE
|!code|
|item| |*.[WWWimplied] |=ENABLED\|DISABLED||||
|/.(default: DISABLED)||
|^ When enabled considers |/www.host.name|| and |/host.name||
to be the same virtual service. If a request being processed has a virtual
host of |/www.host.name|| and the service matching, rule matching or
authentication matching process encounters a |/host.name|| virtual
service it is considered match. A request with a virtual host of
|/host.name|| does not match a service of |/www.host.name||.
|!number|