ibm-information-center/dist/eclipse/plugins/i5OS.ic.rzaj4_5.4.0.1/rzaj45bchttpsec.htm

107 lines
7.0 KiB
HTML
Raw Permalink Normal View History

2024-04-02 14:02:31 +00:00
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html lang="en-us" xml:lang="en-us">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<meta name="security" content="public" />
<meta name="Robots" content="index,follow" />
<meta http-equiv="PICS-Label" content='(PICS-1.1 "http://www.icra.org/ratingsv02.html" l gen true r (cz 1 lz 1 nz 1 oz 1 vz 1) "http://www.rsac.org/ratingsv01.html" l gen true r (n 0 s 0 v 0 l 0) "http://www.classify.org/safesurf/" l gen true r (SS~~000 1))' />
<meta name="DC.Type" content="concept" />
<meta name="DC.Title" content="Web serving security" />
<meta name="abstract" content="When you provide access for visitors to your web site, you do not want to expose your viewers to information about how the site is set up and the coding that is used to generate the page." />
<meta name="description" content="When you provide access for visitors to your web site, you do not want to expose your viewers to information about how the site is set up and the coding that is used to generate the page." />
<meta name="DC.Relation" scheme="URI" content="rzaj45zrscenario1risks.htm" />
<meta name="DC.Relation" scheme="URI" content="rzaj45bejavasecurity.htm" />
<meta name="copyright" content="(C) Copyright IBM Corporation 1999, 2006" />
<meta name="DC.Rights.Owner" content="(C) Copyright IBM Corporation 1999, 2006" />
<meta name="DC.Format" content="XHTML" />
<meta name="DC.Identifier" content="rzaj45bchttpsec" />
<meta name="DC.Language" content="en-us" />
<!-- All rights reserved. Licensed Materials Property of IBM -->
<!-- US Government Users Restricted Rights -->
<!-- Use, duplication or disclosure restricted by -->
<!-- GSA ADP Schedule Contract with IBM Corp. -->
<link rel="stylesheet" type="text/css" href="./ibmdita.css" />
<link rel="stylesheet" type="text/css" href="./ic.css" />
<title>Web serving security</title>
</head>
<body id="rzaj45bchttpsec"><a name="rzaj45bchttpsec"><!-- --></a>
<!-- Java sync-link --><script language="Javascript" src="../rzahg/synch.js" type="text/javascript"></script>
<h1 class="topictitle1">Web serving security</h1>
<div><p>When you provide access for visitors to your web site, you do not
want to expose your viewers to information about how the site is set up and
the coding that is used to generate the page.</p>
<p>You want their visit to your page to be easy, fast, and seamless, with
all the work being done behind the scenes. As an administrator, you want to
ensure that your security practices do not negatively affect your Web site.
When using your iSeries™ as
a web server, consider these points:</p>
<ul><li>The server administrator must define directives for the server before
a client can interact with the HTTP server. There are two methods for creating
security checks: general server directives and server protection directives.
Any request to the web server must satisfy any and all restrictions that these
directives provide before the server honors the request.</li>
<li>You can create and edit these directives by using the server admin web
pages for server configuration. Server directives allow you to control the
overall behavior of the web server. Server protection directives allow you
to specify and control the security models the server uses for specific URLs
that the web server handles.</li>
<li>You can use map or pass directives and the server admin web pages to configure
the server. <ul><li>Use map or pass directives to mask the file names on your iSeries web
server. More specifically there are PASS server directives and MAP server
directives that control the directories from which the web server serves URLs.
You can also find an EXEC server directive that controls the libraries in
which CGI-BIN programs reside. <p>You define protection directives for each
server URL. Not all URLs require a protection directive. But, if you want
to control how a URL resource is accessed or by whom, then a protection directive
for that URL is required.</p>
</li>
<li>Also, you can use the server Admin web pages to configure the server rather
than using WRKHTTPCFG (Work with HTTP Configuration command) and typing the
directives. Working with protection directives through the command line interface
can be very complicated. Therefore, it is recommended that you use the Admin
web pages to ensure that you set up your directives correctly.</li>
</ul>
<div class="p">HTTP provides you with the capability to display data, but not alter
data in a database file. However, there are some applications you will write
that will need to update a database file. To do this, you can use CGI-BIN
programs. For instance, you may want to create forms that, once users complete
them, update an iSeries database.
As security administrator, you should monitor the authorizations of that user
profile and the functions that the CGI programs perform. Also, be sure to
evaluate what sensitive objects might have inappropriate public authority.
<div class="note"><span class="notetitle">Note:</span> Common Gateway Interface (CGI) is an industry standard for the exchange
of information between a web server and computer programs that are external
to it. The programs can be written in any programming language that is supported
on the operating system where the web server is running.</div>
</div>
<p>In
addition to using CGI programs in your web pages, you may want to use Java™.
You should understand Java security before you add Java to
your web pages.</p>
<p>The HTTP server provides an access log that you can
use to monitor both accesses and attempted accesses through the server.</p>
<p>The
proxy server receives HTTP requests from web browsers and resends them to
web servers. Web servers that receive these requests are only aware of the
proxy server IP address. They cannot determine the names or addresses of the
PCs that originated the requests. The proxy server can handle URL requests
for HTTP, File Transfer Protocol (FTP), Gopher, and WAIS.</p>
<p>You
can also use the HTTP proxy support of the <a href="http://www.iseries.ibm.com/products/http/httpindex.htm" target="_blank">IBM<sup>®</sup> HTTP Server for iSeries</a> <img src="www.gif" alt="Link outside&#xA;Information Center." /> to consolidate web access. The proxy server
can also log all URL requests that are for tracking purposes. You can then
review the logs to monitor use and misuse of network resources.</p>
</li>
</ul>
</div>
<div>
<div class="familylinks">
<div class="parentlink"><strong>Parent topic:</strong> <a href="rzaj45zrscenario1risks.htm" title="Use this information to learn about common Internet security risks for a number of popular Internet applications and services and measures that you can take to manage these risks.">Application security options</a></div>
</div>
<div class="relconcepts"><strong>Related concepts</strong><br />
<div><a href="rzaj45bejavasecurity.htm" title="Java programming is becoming increasingly widespread in today's computing environments.">Java Internet security</a></div>
</div>
</div>
</body>
</html>