Specifying general parameters in SREHTTP2.CFG

For example, these general parameters allow you to change the contents of 404 and 401 responses, to define SUPERUSERS, and to define DEFAULT documents.

Notes:

The SREHTTP2.CFG files (like all SREhttp/2 configuration files) are text files SREhttp/2 uses a default SREHTTP2.CFG file (typically located in the SREHTTP2\CFG directory). SREhttp/2 also uses host-specific versions of SREHTTP2.CFG (typically located in subdirectories under the SREHTTP2\CFG directory) (see HOSTDATA.HTM for more details on SREhttp/2's host-specific parameter files). You can use the SREhttp/2 configurator to modify parameters in any of the SREHTTP2.CFG files. There are a number of SREhttp/2 parameters that are not defined in SREhttp/2

Reading parameter values

List of parameters
The following parameters are set in SREHTTP2.CFG.	ACCEPT_RANGE ALWAYS_GET_PRIVS ADD_CHARSET ADD_SLASH ADDON_DIR CGIBIN_FLAG CHECK_MIMETYPE_FILE CHECK_401 DEFAULTS DIR_EXCLUSION DOMD5 FAIL_FILE GZIP_THESE HTACCESS LOG_SUPPRESS NOT_FOUND_FILE NO_CUSTOM_USERNAME PERMISSIONS_DEFAULT NOT_FOUND_FILE RECORD_ALL REALM_DEFAULT REQUIRES_DEFAULT SSI_EXTENSIONS SUPERUSERS VERBOSE

ACCEPT_RANGE	Enable range requests. When enabled, SREhttp/2 will look for range headers, and return the appropriate range of a document. SREhttp/2 will also send Accept: range headers on most responses. Syntax:    ACCEPT_RANGE=0 : Disable    ACCEPT_RANTG=1 : Enable Example: accept_range=1
ALWAYS_GET_PRIVS	Always get privileges from usernames, and inhouseips, in the users.cfg database. Syntax: ALWAYS_GET_PRIVS=0 : only get privileges if required (if a selector requires some privilege) ALWAYS_GET_PRIVS=1 : always check usernames and inhouseips in the users.cfg file(s) This means that the user will be asked for a username & password even if a resource requires no privileges. In such cases (where the resource is available to all), if the client enters a random name (that is, a name that does not appear in a USERS.CFG file), he won't be assigned any additional client privileges. However he still will have access to the requested resource. Sometimes this matters, as when the request resource is SREhttp/2 addon that uses client privileges to assign priority. There is one exception to this: SUPERUSER clients (as defined by the SUPERUSERS parameter) will not be asked to supply a username. ALWAYS_GET_PRIVS=2 : Same as 1, but even SUPERUSERs are asked for a username Example: always_get_privs=0
ADD_CHARSET	For documents with a Content-Type of text/*, add a charset=xxx phrase to the Content-Type headers. This is an optional addition, but current practice suggest that this is good and proper. Syntax: ADD_CHARSET =0 Disable (do not add a charset=xx) ADD_CHARSET=xxx Add a charset=xxx to the Content-Type header of text/* documents Examples add_charset = 0 This could yield a response header of: Content-Type: text/html add_charset = ISO-8859-1 This could yield a response header of: Content-Type: text/html;charset=ISO-8859-1 (ISO-8859-1 is the standard, it was used in pre HTML 4.0 browsers)
ADD_SLASH	Check for directory request that does not end with a / If URI appears to refer to a directory (that is, has no .), but does not end with /, SREhttp/2 can append a / and redirect the client to this new URI. For example:   /myfiles/input will be redirected to   /myfiles/input/ Syntax: ADD_SLASH=0 = Disable (do not check & redirect) ADD_SLASH=1 = Enable Example: add_slash = 1
ADDON_DIR	Specify a host-specific addon directory If specified, ADDON_DIR is used instead of the default addon directory. Syntax: ADDON_DIR=0 ADDON_DIR=relative_dir ADDON_DIR=fully_qualified_directory Examples: addon_dir=0 Use the default addon directory (eg; x:\sre2003\srehttp2\addon) addon_dir=HERSITE Use the HERSITE subdirectory of the default addon directory (eg.; use D:\SRE\SREHTTP2\ADDON\HERSITE) addon_dir=F:\MISC\HISADDONS use this fully qualified directory
CGIBIN_FLAG	Substring used to idenfity CGI-BIN requests . If a selector contains CGIBIN_FLAG, it is assumed to be a request for a CGI-BIN script. Typically, the selector will start with CGIBIN_FLAG. However, as a means of specifying the directory to find the CGI-BIN script, you can precede the CGI-BIN flag with directory information. Example: cgibin_flag=CGI-BIN Notes: Do not start or end CGIBIN_FLAT with a / Examples of selectors: /CGI-BIN/TEST-CGI.CMD?sample1 /MYSCRIPTS/CGI-BIN/SCORES.CMD?yankees
CHECK_MIMETYPE_FILE	To determine the content-type (the mimetype) of a response, SREhttp/2 uses an extension-to-mimetype mapping strategy. Basically, the selector's extension (i.e.; HTML in FOO.HTML) is compared to a list of mappings, the mapping that contains the selector's extension also contains its mimetype. By default, SREhttp/2 will use a hard-coded set of mappings. You can add to, or override, these defaults, by changing the MIMETYPE.CFG configuration file(s). CHECK_MIMETYPE_FILE is used to control whether SREhttp/2 will always read this MIMETYPE.CFG, or it whether it reads MIMETYPE.CFG only when none of the default mappings work. CHECK_MIMETYPE_FILE=0 Only check MIMETYPE.CFG when no hardcoded extension-to-mimetype entry can be found. CHECK_MIMETYPE_FILE=1 Always check MIMETYPE.CFG; which means that MIMETYPE.CFG entries can override the hardcoded entries.
CHECK_401	CHECK_401 is used to deny access to clients with too many logon failures. The idea is to encumber hackers who are assaulting your site with random username/passwords. With CHECK_401 enabled, SREhttp/2 will check each request (using the client's IP address and the request string) to see if she has several recent failures. If so, access is immediately denied -- no attempt is made to check the username/password. After several minutes, this restriction is relaxed, and the client can try again (since legitimate clients are sometimes clumsy and forgetful). Syntax: CHECK_401=0 CHECK_401 is disabled CHECK_401=ntimes last_secs If the client has returned ntimes unrecognized username/passwords in the last last_secs seconds, then she will be locked out. Example: CHECK_401 = 5 300 Notes: This check is only performed if access privileges are required -- CHECK_401 is not used for public (freely accessible) resources. If you are using a custom logon procedure, this check is not performed. The check is performed on a client/host/resource specific basis. Thus, a client may be denied access to a resource /foo.htm, but will still be able to request /foo2.htm. Although weakening protection, this limitation is imposed in recognition of the possibility that requests from many innocent clients, along with one nefarious hacker, may be coming from the same proxy server. This strategy is vulnerable to a slow but steady stream of probes (once the oldest bad request is older then last_secs seconds, the client's request are considered).
DEFAULTS	List of default names to use when request ends with a / When an URI ends in a /, SREhttp/2 will look for a file named in the DEFAULTS parameter. DEFAULTS should be a space delimited list of file names. Notes: The DEFAULTS advanced option can be used to specify a selector-specfic value of DEFAULTS. The first of the DEFAULTS files, that exists in the requested directory, is used. A * in one of the DEFAULTS is converted to the subdirectory name. For example, given a   DEFAULTS item of *.html,   and a request for /foo/bar/, then SREhttp/2 will look for   /foo/bar/bar.html. For / requests, * is converted to INDEX Do not include a path when specifying file names DEFAULTS is also used to resolve requests to the home page ( a request for /) DEFAULT is checked after internal redirection If you end DEFAULTS with !DIR, then if none of the files can be found, SREhttp/2 will generate a listing of the directory. See DIR_EXCLUSION for notes on how to exclude specific files and subdirectories from appearing in these directory listings. The NO_DIR permission can suppress the use of !DIR on a selector-specific basis. Example: defaults=*.html index.htm index.sht !DIR
DIR_EXCLUSION	Directory exclusion list. DIR_EXCLUSION is used when a !DIR option in DEFAULTS is used. DIR_EXCLUSION should be a space delimited list of file and subdirectory patterns (may contain wildcards). Notes: Filenames that match a filename pattern in DIR_EXCLUSION (do not include path information) will not be displayed. Subdirectory names that match a subdirectory pattern in DIR_EXCLUSION will not be displayed. To identify a subdirectory, append a / Example: dir_exclusion=PASSWORD.* PASSWD.* USERS.* USER.* HTACCESS* PRIVATE/ SYSTEM/
DOMD5	Create an Content-MD5 response header for (almost) all responses If enabled, SREhttp/2 can add a Content-MD5 headers to almost all responses. Content-MD5 headers, which take a moment or two to create, can be used by http/1.1 aware clients as a test for accurate transfer Syntax: DOMD5=0 : Disable (do not generate a Content-MD5 response header) DOMD5=1 : Enable   Example: domd5=1 Note: The MD5 is computed after pre-response procedures have been run, but before instance manipulation procedures. Thus, if GZIP-as-a-content-encoding is used (say, through the GZIP.REX pre-response procedure), then the MD5 will be the value of the GZIP'ed contents. However, if range extraction occurs, the MD5 will be computed using the entire response (i.e.; the entire file), and not just the portion actually sent to the client.
FAIL_FILE	How to respond when access is denied FAIL_FILE is used when a client is denied access to a resource, as when none of her client-privileges matches a required-privilege. When this happens, FAIL_FILE controls what kind of response is returned to the client. FAIL_FILE= -1 Terse denial: Do not send a message, and do not ask for authorization. Hint: this is useful when combined with dynamic privileges FAIL_FILE= 0 Send a simple authorization response (a 401 response that contains WWW-Authenticate response header). FAIL_FILE= 1 If a selector-specific failure file is specified, use it. Otherwise, send an authorization response. FAIL_FILE= filename.ext Send the contents of the file to the client. If filename.ext is not fully qualified, it is assumed to be relative to the host-specific CFG directory (or, relative to the default CFG directory). This is not used if a selector-specific failure file has been specified. If the FAIL_FILE is an HTML document server side includes are NOT attempted. However, a few special substitutions will occur These special substitutions are: <!--#URL--> phrases are substituted with the request selector. <!--#SERVER--> phrases are substituted with the servername. <!-- #MESSAGE --> phrases are substituted with a short description of the reason for failure <!-- #LINK --> phrases are substituted with a "forced" URL: which points back to this resource, and forces an "ask authorization" if access is denied. It is highly recommended that a #LINK be included. Otherwise, the client will be unable to enter a new username/password, should his first entry be misspelled (or if he had previously used a different username/password for a different resource on the same realm of your site). Notes: When FAIL_FILE=0 or FAIL_FILE=-1, selector-specific failure files are not used, even if one has been specified (in ATTRIBS.CFG). When FAIL_FILE=1 or FAIL_FILE=filename.ext, selector-specific failure fail files are used, if one is available. That is, given a choice of a default and a selector-specific access failure file, the selector-specific version is always used. #LINK generates a special form of URI in the response returned to the client. The effect is to force SREhttp/2 to request authorization should the current username/password be incorrect; thereby avoiding an annoying recursive trap. In some cases (such as when dynamic privileges are used to control access to .GIF files), you may want to use an FAIL_FILE that does not contain a #LINK.   Examples:    FAIL_FILE=0    FAIL_FILE=accfail1.txt    FAIL_FILE=D:\sre\srehttp2\accfail.htm
GZIP_THESE	Do on-the-fly GZIP encoding This enables on-the-fly gzip encoding as a transfer coding. Syntax: GZIP_THESE=0 : No GZIP_THESE=1 : Static files only (except files with .gz, .lzh, or .zip extension) GZIP_THESE=2 : Dynamic response only GZIP_THESE=3 : All responses   Notes: you can change the do not gzip these extensions by including a space delimited list of extensions after the 1 (or 3) Example: Gzip_these=1 ZIP ARC GZ ARJ LZH On-the-fly GZIP encoding will only be done if the client indicates it can accept gzip as a transfer-encoding.   Example: gzip_these=0
HTACCESS	Use, do not use, or disable the HTACCESS access control method. HTACCESS is a file system method, using .HTACCESS files in the directory containing a resource. This is in contrast to the request selector method based on required privileges that are set in the (possibly host-specific) ATTRIBS.CFG file. HTACCESS can take the following values: 0   do not use HTACCESS 1   use HTACCESS -1   disable HTACCESS Note that: the selector-specific HTACCESS and NO_HTACCESS permissions can override HTACCESS=1 and HTACCESS=0 (respectively). However, when HTACCESS=-1, HTACCESS will never be used (regardless of the values of the permissions). Example:  HTACCESS=0
HOME_DIR	The ~ user/home directory The string specified in home_dir replaces a ~ in the selector. Advanced users option: If you include a /$/DIRNAME in HOME_DIR, then: the $ will be replaced by the word following the ~, and this new value of HOME_DIR will replace the ~. Example: If HOME_DIR = USERS/$/WWW then the selector: /~GERALD/AUGUST/HELLO.TXT yields USERS/GERALD/WWW/AUGUST/HELLO.TXT
LOG_SUPPRESS	Suppress writing of log information SREhttp/2 can record information to a COMMON, BROWSER, and REFERER log files. LOG_SUPPRESS can be used to suppress this recording (on a host-specific basis), Syntax: LOG_SUPPRESS=0 : Allow recording of log information LOG_SUPPRESS=1 : Do not record log information   Notes: The LOGS.CFG configuration file is also used to control how & when to log information to the common, browser, and referer log files. Note that LOGS.CFG can not be changed on-the-fly. The LOG and NO_LOG permissions can be used on a selector-specific basis.
NOT_FOUND_FILE	File to use instead of generic 404 "not found" response. Do not include a pathname--SREhttp/2 will use a file of this name in the requested-files own directory, or in the SREHTTP2 directory (if its not available in the own directory). Notes: NOT_FOUND_FILE is not used with literal redirection If this file ends with one of the ssi_extensions, server side includes will be attempted. To suppress this (and use a generic message), use NOT_FOUND_FILE=0 Special feature: !procname.cmd means: call procname.cmd as an external procedure If procname.cmd is not fully qualified, it will interpreted as being relative to the SREHTTP2 directory. An example of such a file is MTCHFILE.REX (in the SREHTTP2\PROCS directory) -- it contains details on what arguments are passed to this class of procedures. Examples    not_found_file=!procs\mtchfile.rex    not_found_file=notfound.sht
NO_CUSTOM_USERNAME	To suppress use of the CUSTOM_USERNAME procedure on a host-specific basis, use NO_CUSTOM_USERNAME: NO_CUSTOM_USERNAME=1 : do not call the CUSTOM_USERNAME procedure NO_CUSTOM_USERNAME=0 : do call the CUSTOM_USERNAME procedure Notes: NO_CUSTOM_USERNAME is ignored if a CUSTOM_USERNAME procedure is not specified. By default (if NO_CUSTOM_USERNAME is not specified), then CUSTOM_USERNAME will be called. That is, by default: NO_CUSTOM_USERNAME=0 If you specify NO_CUSTOM_USERNAME=1 in the default SREHTTP2.CFG file, then you'll need to specify NO_CUSTOM_USERNAME=0 in the SREHTTP2.CFG files of any non-superceding host (assuming you want to call the CUSTOM_USERNAME procedure on requests to such a host). You can use the NO_CUSTOM_USERNAME permission To suppress use of the CUSTOM_USERNAME procedure on a selector specific basis.
PERMISSIONS_DEFAULT	Default permissions. This is used when the selector does not match any of the selector-specific entries in the default or host-specific ATTRIBS.CFG file(s). PERMISSIONS_DEFAULT can be blank (no default permissions), or it can be a space delimited list of permissions (or just one permission). The currently recognized permissions are: NO_SSI DO_SSI NO_SSP CACHE NOCACHE LOG NO_LOG NO_CUSTOM_USERNAME PUT DELETE NO_DIR HTACCESS NO_HTACCESS Examples: permissions_default= permissions_default=NO_LOG NO_SSI
PUT_OVERWRITE	Allow PUT method requests to overwrite pre-existing files The PUT method, as well some SREhttp/2 addons, allows clients to upload files to the server. PUT_OVERWRITE controls whether pre-existing files will be deleted. Syntax: 0   Do not allow files to be overwritten. This can not be changed on a selector specific basis. 1  Do not allow files to be overwritten. However, this can be changed by setting the SET PUT_OVERWRITE 1 selector specific option. 2   Allow files to be overwritten. However, this can be changed by setting the SET PUT_OVERWRITE 0 selector specific option.   Note: By default, PUT files will be written to the UPLOAD directory of SREHTTP2. This can be modified by using a virtual directory.
RECORD_ALL	Use this to keep a running count for all requested selectors. These counts will be kept in the SREHTTP2\WORKDATA\requests.cnt data series file. Each record in this SRE2003 data series will contain uri (domain name and selector) ct : the number of times this has been requested, datestamp: the time and date of the most recent request. RECORD_ALL=0 Do not keep this running count RECORD_ALL=1 Keep a running count of all requests, but strip off anything after a ?. RECORD_ALL=2 Same as 1, but do NOT strip stuff following a ?. This can lead a lot of trivial (1 hit) entries, so it should be used with care.
REALM_DEFAULT	The default realm name The default realm name is displayed on client's authorization screen. This is used if a selector-specific realm has not been specified (in ATTRIBS.CFG). Example: realm_default=Our site
REQUIRES_DEFAULT	Default required privileges. This is used when the selector does not match any of the selector-specific entries in the default or host-specific ATTRIBS.CFG file(s). Suggested values are: 0 No access control, anyone can obtain this selector * Any valid user (with a username/password) can obtain this selector This is more stringent then 0 SUPERUSER superusers only. Example: requires_default= *
SSI_EXTENSIONS	List of "ssi-html" extensions. Documents with these extensions will be processed for server-side-includes. You can also use selector-specific permissions to indicate HTML files that should be processed for SSIs. Example: ssi_extensions=SHTML SHT
SUPERUSERS	Space delimited list of "superuser" ip addresses. SUPERUSERS are granted unimpeded access to all resources. Must be numerical addresses wildcards are NOT allowed SUPERSERS=0 if you have no superusers. Examples:    superusers=0    superusers=192.11.5.2
VERBOSE	Status message verbosity Status messages are written to the PMPRINTF window. VERBOSE=0 Few messages written. VERBOSE=1 Some messages written. VERBOSE=2 More messages written. VERBOSE=3 Too many messages written.

In addition to the SREHTTP2.CFG host-specific parameters described above, there are several other host-specific parameters set by SREhttp/2. They can be read using avalue=SREH2_VALUE(varname,,host_nickname)

   CFG_DIR      -- host-specific configuration directory 
   SUPERCEDING  -- host-specific "superceding host" flag 

The following non-host specific parameters are set in the SREH2INI.RXX file (it's the SREhttp/2 initialization procedure, look for it in the SREHTTP/2 directory) -- some of them are user-configurable. They can be read using avalue=SRE_VALUE(varname,,'SRE')

1. some filenames and directory names:

   H2_TEMP_DIR          -- for temporary files. 
   H2_WORKDATA_DIR      -- for counter and other semi-permanent files  
   H2_ADDON_DIR_DEFAULT -- the default addon directory, used as the
                           root directory of host-specific addon-directories.
                           Note that SREhttp/2 use the ADDON_DIR parameter 
                           (set in SREHTTP2.CFG) to determine where to look for
                           addons. If the ADDON_DIR is not specified, then 
                           H2_ADDON_DIR_DEFAULT is used.                     
   H2_CGIBIN_DIR        -- default directory for cgi-bin scripts
   H2_LOG_DIR           -- for common log files
   H2_CFG_DIR           -- root directory for SREhttp/2 configuration files
   H2_HOSTDATA_FILE     -- file containing SREhttp/2 host definitions
   H2_PROCS_DIR         --  directory containing pre-response, etc. procs
   H2_FILECACHE_DIR     -- directory for SSI and other "cached files"
   H2_UPLOAD_DIR        -- default directory for file uploads
   

2. some advanced parameters:

   ADD_SLASH     :  1 to treat /abc/def requests as "request for def directory"
   CSH_INTERP_FILES : Size of the "INTERPRET FILE" cache
   CSH_H2_HITS   :  Size of the "SSI repetitive hits" cache
   CSH_DYNAMIC_PRIVS : Size of the dynamic-privileges cache
   CSH_CHECK_401  : Size of Check-401 cache 
   DIGEST_AUTH   :  1 to enable digest-authentication
   EMPTY_PATH_OK :  1 to enable support for empty cgi-bin "paths" 
   ENABLE_HTTP11 :  1 to report server as HTTP/1.1   
   ENABLE_CGI_PIECES  : 1 or 2 to enable sending of CGI-BIN output in "pieces"
   FILEREXX_DLL :   1 if FILEREXX.DLL procedures are availalble, 0 otherwise
                    This should never be 0!
   HTACCESS_FILE :  Name to use for HTACCESS files. The default is .HTACCESS.
   H2_FILECACHE_MAXFILES : max # of files to store in FILECACHE_DIR (0 means disable)
   INTERPRET_TYPES : a list matching file extensions to PERL, PHP, and other interpreters
   KEY_PREFACE  :  if non-0, add a preface to SSI-html keyphrases
   MAX_REPEATS  :   Max # of repeat ATTRIBs lookups, given internal redirection
   PROXY_CACHE  :   Controls what Cache-Control headers are added 
   UNZIP_DLL    :   1 of UNZIP.DLL procedures are available, 0 otherwise
                    This should never be 0!