These topics discuss methods for securing the IBM® HTTP server for authorized users and preventing access to the HTTP server.
The HTTP server provides World Wide Web browser clients with access to system multimedia objects, such as HTML (Hypertext Markup Language) documents. It also supports the Common Gateway Interface (CGI) specification. Application programmers can write CGI programs to extend the functionality of the server.
The administrator can use Internet Connection Server or IBM HTTP server to run multiple servers concurrently on the same system. Each server that is running is called a server instance. Each server instance has a unique name. The administrator controls which instances are started and what each instance can do.
A user (Web site visitor) never sees a system Sign On display. However, the system administrator must explicitly authorize all HTML documents and CGI programs by defining them in HTTP directives. In addition, the administrator can set up both resource security and user authentication (user ID and password) for some or all requests.
An attack by a hacker could result in a denial of service to your Web server. Your server can detect a denial-of-service attack by measuring the timeout of certain clients’ requests. If the server does not receive a request from the client, then your server determines that a denial-of-service attack is in progress. This occurs after making the initial client connection to your server. The server’s default is to detect attacks.