ibm-information-center/dist/eclipse/plugins/i5OS.ic.rzamv_5.4.0.1/rzamvtcphttp.htm

77 lines
4.8 KiB
HTML
Raw Normal View History

2024-04-02 14:02:31 +00:00
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html lang="en-us" xml:lang="en-us">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<meta name="security" content="public" />
<meta name="Robots" content="index,follow" />
<meta http-equiv="PICS-Label" content='(PICS-1.1 "http://www.icra.org/ratingsv02.html" l gen true r (cz 1 lz 1 nz 1 oz 1 vz 1) "http://www.rsac.org/ratingsv01.html" l gen true r (n 0 s 0 v 0 l 0) "http://www.classify.org/safesurf/" l gen true r (SS~~000 1))' />
<meta name="DC.Type" content="concept" />
<meta name="DC.Title" content="Security considerations for using IBM HTTP server" />
<meta name="abstract" content="These topics discuss methods for securing the IBM HTTP server for authorized users and preventing access to the HTTP server." />
<meta name="description" content="These topics discuss methods for securing the IBM HTTP server for authorized users and preventing access to the HTTP server." />
<meta name="DC.Relation" scheme="URI" content="rzamvtcpsetupsecurity.htm" />
<meta name="DC.Relation" scheme="URI" content="rzamvtcpstophttp.htm" />
<meta name="DC.Relation" scheme="URI" content="rzamvtcpcontrolhttp.htm" />
<meta name="copyright" content="(C) Copyright IBM Corporation 2006" />
<meta name="DC.Rights.Owner" content="(C) Copyright IBM Corporation 2006" />
<meta name="DC.Format" content="XHTML" />
<meta name="DC.Identifier" content="tcphttp" />
<meta name="DC.Language" content="en-us" />
<!-- All rights reserved. Licensed Materials Property of IBM -->
<!-- US Government Users Restricted Rights -->
<!-- Use, duplication or disclosure restricted by -->
<!-- GSA ADP Schedule Contract with IBM Corp. -->
<link rel="stylesheet" type="text/css" href="./ibmdita.css" />
<link rel="stylesheet" type="text/css" href="./ic.css" />
<title>Security considerations for using IBM HTTP server</title>
</head>
<body id="tcphttp"><a name="tcphttp"><!-- --></a>
<!-- Java sync-link --><script language="Javascript" src="../rzahg/synch.js" type="text/javascript"></script>
<h1 class="topictitle1">Security considerations for using IBM HTTP server</h1>
<div><p>These topics discuss methods for securing the IBM<sup>®</sup> HTTP
server for authorized users and preventing access to the HTTP server.</p>
<p>The HTTP server provides World Wide Web browser clients with access to
system multimedia objects, such as HTML (Hypertext Markup Language) documents.
It also supports the Common Gateway Interface (CGI) specification. Application
programmers can write CGI programs to extend the functionality of the server. </p>
<p>The administrator can use Internet Connection Server or IBM HTTP server
to run multiple servers concurrently on the same system. Each server that
is running is called a server instance. Each server instance has a unique
name. The administrator controls which instances are started and what each
instance can do.</p>
<div class="important"><span class="importanttitle">Important:</span> You must have the *ADMIN instance of the HTTP server
running when you use a Web browser to configure or administer any of the following: <ul><li>Firewall for iSeries™</li>
<li>Internet Connection Server</li>
<li>Internet Connection Secure Server</li>
<li>IBM HTTP
Server</li>
</ul>
</div>
<p>A user (Web site visitor) never sees a system Sign On display. However,
the system administrator must explicitly authorize all HTML documents and
CGI programs by defining them in HTTP directives. In addition, the administrator
can set up both resource security and user authentication (user ID and password)
for some or all requests. </p>
<p>An attack by a hacker could result in a denial of service to your Web server.
Your server can detect a denial-of-service attack by measuring the timeout
of certain clients requests. If the server does not receive a request from
the client, then your server determines that a denial-of-service attack is
in progress. This occurs after making the initial client connection to your
server. The servers default is to detect attacks.</p>
</div>
<div>
<ul class="ullinks">
<li class="ulchildlink"><strong><a href="rzamvtcpstophttp.htm">Prevent HTTP access</a></strong><br />
This article discusses the steps for preventing users from accessing the HTTP server.</li>
<li class="ulchildlink"><strong><a href="rzamvtcpcontrolhttp.htm">Control access to the HTTP server</a></strong><br />
This article discusses considerations for protecting the contents of your Web site.</li>
</ul>
<div class="familylinks">
<div class="parentlink"><strong>Parent topic:</strong> <a href="rzamvtcpsetupsecurity.htm" title="The following information guides you through the process of setting up TCP/IP security.">Set up TCP/IP security</a></div>
</div>
</div>
</body>
</html>