WASD VMS Web Services - Install and Config

8 - Global Configuration

8.1 - Functional Groupings 8.2 - Alphabetic Listing
next previous contents full-page

The example configuration file can be used as a template.

By default, the logical name WASD_CONFIG_GLOBAL locates a global configuration file. Simple editing of the configuration file changes the rules. Alternatively the Server Administration page configuration interface may be used. Changes to the global configuration file require a server restart to put them into effect.

The [IncludeFile] is a directive common to all WASD configuration, allowing a separate file to be included as a part of the current configuration. See 4.1 - Include File Directive.

Some directives take a single parameter, such as an integer, string or boolean value. Other directives can/must have multiple parameters. The version 4 configuration requires the directive to be placed on a line by itself and each separate parameter on a separate line following it. All parameter lines apply to the most recently encountered directive.

Note that all boolean directives are disabled (OFF) by default. This is done so that there can be no confusion about what is enabled and disabled by default. To use directive controlled facility it must be explicitly enabled.

Directives requiring periods (timeouts, lifetimes, etc.) can be specified as a single integer (representing seconds, minutes, hours, etc., depending on the directive) or unambiguously using any one of minutes:seconds, hours:minutes:seconds or days-hours:minutes:seconds.

Changes to the global configuration file can be validated at the command-line before restart. This detects and reports any syntactical and fatal configuration errors but of course cannot check the intent of the rules.

$ HTTPD /DO=GLOBAL=CHECK

8.1 - Functional Groupings

Authentication/Authorization
[AuthBasic]enable BASIC method
[AuthCacheEntriesMax]maximum concurrent authentication cache entries
[AuthCacheEntrySize]maximum authentication cache entry size in bytes
[AuthCacheMinutes]minutes before explicitly reauthorizing user from sources
[AuthDigest]enable DIGEST method
[AuthDigestGetLife]DIGEST method GET lifetime
[AuthDigestPutLife]DIGEST method PUT lifetime
[AuthFailureLimit]retries allowed before username is marked as intruder
[AuthFailurePeriod]period during which failure limit is applied
[AuthFailureTimeout]period during which a recognised authentication failure is applied
[AuthRevalidateLoginCookie] Obsolete for WASD v10.2.1 and following.
[AuthRevalidateUserMinutes]minutes before use needs to reenter password
[AuthSysUafAcceptExpPwd]accept expired SYSUAF passwords
[AuthSysUafLogonType]LOCAL, DIALUP, NETWORK (default), REMOTE
[AuthSysUafPwdExpURL]redirection URL is SYSUAF password if expired
[AuthSysUafUseAcme]Obsolete for WASD V9.3 and following.

Buffer Sizes
[BufferSizeDclCgiHeader]number of bytes allocated to when processing a CGI response header
[BufferSizeDclCgiPlusIn]number of bytes allocated to scripting process CGIPLUSIN mailbox
[BufferSizeDclCommand]bytes allocated to scripting process SYS$COMMAND mailbox
[BufferSizeDclOutput]bytes allocated to scripting process SYS$OUTPUT mailbox
[BufferSizeNetFile]maximum bytes allocated to output buffer when transfering file content
[BufferSizeNetMTU]adjust network buffer to this value of MTU (maximum transmission unit)
[BufferSizeNetRead]bytes allocated to client request read buffer, and to the scripting process SYS$INPUT mailbox
[BufferSizeNetWrite]bytes allocated to client output buffer
[SocketSizeRcvBuf]bytes allocated to a network connection receive buffer
[SocketSizeSndBuf]bytes allocated to network connection send buffer

Content-Type
[AddType]add a content-type
[AddMimeTypesFile]add the contents of a standard MIME.TYPES file
[CharsetConvert]conversion of one character set to another
[CharsetDefault]default character set for text responses
[StreamLF]enable and set maximum size of automatic Stream-LF conversion

Directory Listing
[AddIcon]path to icon for a specified content-type
[AddBlankIcon]path to blank icon
[AddDefaultIcon]path to default icon
[AddDirIcon]path to directory icon
[AddParentIcon]path to parent icon
[AddUnknownIcon]path to icon for unknown content-type
[DirAccess]enable and form of listing
[DirBodyTag]specify HTML body tag of listing pages
[DirDescriptionLines]number of HTML file lines searched for document title
[DirLayout]layout of the various listing components
[DirMetaInfo]add server and VMS directory information
[DirNoImpliedWildcard]do not add wildcards to request if not present in path
[DirNoPrivIgnore]ignore, do not report, privilege violations on files/directories
[DirOwner]allow owner of file to be included in layout directive
[DirPreExpired]pre-expire listing responses
[DirReadMeFile]specify read-me files
[DirWildcard]allow wildcards to be specified at all

File Cache
[CacheChunkKBytes]memory block allocation size
[CacheEntriesMax]maximum number of files allowed in cache
[CacheFileKBytesMax]maximum size of a file
[CacheFrequentHits]identify active files
[CacheFrequentPeriod]identify active file
[CacheGuardPeriod]prevent early reloads
[CacheTotalKBytesMax]maximum memory to be consumed by cache
[CacheValidatePeriod]maximum period before the cache checks for file modification

HTTP/2
[Http2Protocol]enables/disables HTTP/2 on a global basis
[Http2FrameSizeMax]maximum number of bytes in an HTTP/2 frame
[Http2HeaderListMax]maximum number of bytes in a request or response header
[Http2HeaderTableSize]maximum number of bytes in a request lookup table
[Http2PingSeconds]period between RTT server-client pings
[Http2StreamMax]number of concurrent streams (requests) permitted on a connection
[Http2InitWindowSize]initial connection flow-control window size

Logging
[Logging]enable logging
[LogExcludeHosts]hosts to be excluded from log
[LogExtend]default allocation/extend in blocks
[LogFile]provides part or all of log file name
[LogFormat]nature and layout of log contents
[LogNaming]how the log name is be constructed
[LogPeriod]period at which new logs are created
[LogPerInstance]create a separate log for each instance process
[LogPerService]create a separate log for each configured service
[LogPerServiceHostOnly]suppress service port number as component of log name
[LogWriteFail503]generate 530 responses if the access log cannot be written

Operator Console and Log
[OpcomAdmin]Server Administration directives
[OpcomAuthorization]authentication/authorization messages, e.g. failures
[OpcomControl]CLI HTTPd control directives
[OpcomHTTPd]HTTPd events (e.g. startup, exit, SSL private key password requests)
[OpcomProxyMaint]proxy file cache maintenance
[OpcomTarget]target operator for online messages

Miscellaneous
[Accept]restrictive list of host from which to accept requests
[ActivityDays]activity graph duration
[ConnectMax]maximum number of concurrent connections
[DNSLookupClient]enable client host name lookup
[DNSLookupLifeTime]host name lookup cache entry lifetime
[DNSLookupRetry]number two second attempts to resolve client host name
[EntityTag]provide a strong validator for file-system based resources
[GzipAccept]advertise acceptance of GZIUP (deflated) request bodies
[GzipFlush]period between GZIP buffer flushes
[GzipResponse]enable GZIP (deflated) response bodies
[InstanceMax]number of per-node server processes to maintain
[InstancePassive]start multiple instances already in passive mode
[Monitor]enable HTTPDMON data exchange
[PipelineRequests]check for and process pipelined requests
[Port]default port
[ProcessMax]maximum number of concurrent requests being processed
[PutBinaryRFM]record format of uploaded file
[PutMaxKBytes]maximum size of a POST or PUT
[PutVersionLimit]maximum RMS file versions retained in a POST or PUT
[RegEx]enable regular expression matching
[Reject]proscriptive list of hosts from which request will be rejected
[RequestHistory]number of requests kept for request report
[SearchScript]path to default search script
[SearchScriptExclude]list of file extensions excluded from implied keyword search
[Service]list of host names and/or port to create services for (deprecated)
[ServiceNotFoundURL]redirection URL when a request service is not configured
[Welcome]list of file names that are checked for as home pages
[WWWimplied]virtual services host.name and www.host.name are treated as synonyms

Proxy Serving
[ProxyCache]enable proxy caching
[ProxyCacheFileKBytesMax]maximum size of response for caching
[ProxyCacheDeviceCheckMinutes]minutes between check of cache device usage
[ProxyCacheDeviceDirOrg]flat 256 or 64x64 directory organization
[ProxyCacheDeviceMaxPercent]maximum percentage of cache device used before purge
[ProxyCacheDevicePurgePercent]during purge reduce by this many percent
[ProxyConnectPersistMax]connection persistence for this number of connections
[ProxyConnectPersistSeconds]connections persist for this number of seconds
[ProxyConnectTimeoutSeconds]the proxy to origin server connect times-out after this number of seconds
[ProxyNegativeSeconds]cache negative (failure) responses for this period
[ProxyCacheNoReloadSeconds]prevent pragma reloads for this period
[ProxyCachePurgeList]list of file ages used during purge
[ProxyCacheReloadList]list of file ages before realod from source
[ProxyCacheRoutineHourOfDay]hour of day routine cache purge occurs
[ProxyForwarded]add "Forwarded:" to requests
[ProxyHostLookupRetryCount]DNS resolution retry count
[ProxyReportLog]report failures to process log
[ProxyReportCacheLog]report cache failures to process log
[ProxyServing]enable proxy server
[ProxyVerifyRecordMax]enable proxy verification
[ProxyXForwardedFor]add "X-Forwarded-For:" to requests

Reports
[ErrorReportPath]path to script, SSI or "flat" error document
[ErrorRecommend]for server generated error include probable cause
[ReportBasicOnly]only ever generate reports containing basic details
[ReportMetaInfo]add server information to directory listings, etc.
[ServerAdmin]email address for server-related contact
[ServerAdminBodyTag]specify HTML body tag of Server Administration (menu) pages
[ServerReportBodyTag]specify HTML body tag of error and other report pages
[ServerSignature]add server information to the foot of error and other report pages

Timeout
[TimeoutHttp2Idle]period an HTTP/2 connection remains without processing a request
[TimeoutInput]period a connection can wait before sending request
[TimeoutNoProgress]period a response can continue without data transfer progress
[TimeoutOutput]period a response can continue to output
[TimeoutPersistent]period a connection is kept active after request conclusion

Scripting
[CgiStrictOutput]script output must be CGI compliant
[DclBitBucketTimeout]period a script continues after a client prematurely disconnects
[DclCgiPlusLifeTime]period of non-use before CGIplus process is deleted
[DclCleanupScratchMinutesMax]maximum minutes between WASD_SCRATCH cleanups
[DclCleanupScratchMinutesOld]cleanup files older than this
[DclDetachProcess]use detached scripting processes rather than subprocesses
[DclGatewayBG]enable raw TCP/IP socket for scripts
[DclHardLimit]maximum number of concurrent processes
[DclScriptProctor]proactive script and scripting environment startup
[DclScriptRunTime]script execution environment
[DclSoftLimit]maximum number of processes before proactive deletion begins
[DclSpawnAuthPriv]spawn subprocesses with account's authorized privileges
[DclZombieLifeTime]period of non-use before a CGI/CLI process is deleted
[DECnetReuseLifeTime]period of non-use before a DECnet process is released
[DECnetConnectListMax]maximum number of DECnet processes
[Scripting]enables and disables all scripting

Secure Socket
[SecureSocket]enable Secure Socket (TLS/SSL) (if built with SSL)
[SSLcert]server certificate file
[SSLcipherList]list of enabled/disable ciphers
[SSLinstanceCacheMax]multiple instance shared session cache maximum number of records
[SSLinstanceCacheSize]multiple instance shared session cache size of record
[SSLkey]server certificate private key
[SSLoptions]options flags
[SSLsessionCacheMax]session cache maximum records
[SSLsessionLifetime]session lifetime
[SSLstrictTransSec]HSTS maxiumum age in seconds
[SSLverifyPeer]verify client certificate
[SSLverifyPeerDataMax]maximum kBytes of request data buffered during renegotiation
[SSLverifyPeerCAFile]file of accepted CAs
[SSLverifyPeerDepth]depth of certificate chain
[SSLversion]TLS/SSL protocol versions supported

Server Side Includes
[SSI]enable Server Side Includes (SSI)
[SSIaccesses]allow access counting
[SSIexec]allow DCL commands
[SSIsizeMax]maximum source file size

WebDAV
[WebDAV]enable WebDAV support
[WebDAVCollectionDepth]test locking to this depth
[WebDAVlocking]enable WebDAV locking
[WebDAVlockingTimeoutDefault]set default lock timeout
[WebDAVlockingTimeoutMax]set maximumg lock timeout
[WebDAVmetaDir]location of metadata
[WebDAVquota]enable disk quota reporting

8.2 - Alphabetic Listing


  1. [Accept] host/domain name (default: all)

    One or more (comma-separated if on the same line) internet host/domain names, with "*" wildcarding for host/subdomain matching, to be explicitly allowed access. If DNS lookup is not enabled hosts must be expressed using literal addresses (see [DNSLookup] directive). Also see the [Reject] directive. Reject directives have precedence over Accept directives. The Accept directive may be used multiple times.

    Examples:

    [Accept]
    *.www.example.com
    131.185.250.*
    

  2. [ActivityDays] integer (default: 0)

    Specifies the number of days to record activity statistics, available in report form from the Server Administration facility. Zero disables this data collection. The maximum is 28 days. 11520 bytes per day, and 80640 per week, is required to store the per-minute data.

  3. [AddIcon] icon-URL ALT-text template (no default)

    Specifies a directory listing icon and alternative text for the mime content type specified in the template.

    Examples:

    [AddIcon]
    /icon/-/doc.gif    [HTM]  text/html
    /icon/-/text.gif   [TXT]  text/plain
    /icon/-/image.gif  [IMG]  image/gif
    

  4. [AddBlankIcon] icon-URL
    [AddDefaultIcon] icon-URL ALT-text
    [AddDirIcon] icon-URL ALT-text
    [AddParentIcon] icon-URL ALT-text
    [AddUnknownIcon] icon-URL ALT-text (no defaults)

    Specifies a directory listing icon for these non-content-type parts of the listing.

    Examples:
    [AddBlankIcon]    /icon/-/blank.gif    _____
    [AddDefaultIcon]  /icon/-/file.gif     [FIL]
    [AddDirIcon]      /icon/-/dir.gif      [DIR]
    [AddParentIcon]   /icon/-/back.gif     [<--]
    [AddUnknownIcon]  /icon/-/unknown.gif  [???] 
    
  5. [AddMimeTypesFile] file specification (no default)

    Add the content-types of a (de facto) standard MIME.TYPES file to the already configured [AddType] content-types. This binds a file suffix (extension, type) to a MIME content-type. Any specification in this file will supercede any previously defined via [AddType]. A MIME.TYPES file looks something like

    # MIME type			Extension
    application/msword            doc
    application/octet-stream      bin dms lha lzh exe class
    application/oda               oda
    application/pdf               pdf
    application/postscript        ai eps ps
    application/rtf               rtf
    

    The WASD server uses a number of extensions to provide additional information. See 4.7 - Content-Type Configuration.

  6. [AddType] .suffix content-type [ftp:] [rfm:] [script-name] [description] (no default)

    Binds a file suffix (extension, type) to a mime content type. The script name is used to auto-script against a specified file type. Use a hyphen as a place-holder and to indicate no auto-script. The description is used as documentation for directory listings.

    [AddType]
    .html  text/html   Web Markup Language
    .txt   text/plain  plain text
    .gif   image/gif   image (GIF)
    .hlb   text/x-script /Conan  VMS Help library
    .decw$book   text/x-script   /HyperReader    Bookreader book
    *  internal/x-unknown   application/octet-stream
    #*  internal/x-unknown  text/plain
    

    The content-type string may include a specific character set. In this way non-default sets (which is usually ISO-8859-1) can be specified for any particular site or any particular file type. Enclose the content-type string with double-quotation marks.

    [AddType]
    .html    "text/html; charset=ISO-8859-1"   HTML (ISO-8859-1)
    .html_5  "text/html; charset=ISO-8859-5"   Cyrillic HTML (ISO-8859-5)
    .html_r  "text/html; charset=KOI8-R"       Cyrillic HTML (KOI8-R)
    .txt     "text/plain; charset=ISO-8859-1"  plain text (ISO-8859-1)
    .txt_5   "text/plain; charset=ISO-8859-5"  Cyrillic text (ISO-8859-5)
    .txt_r   "text/plain; charset=KOI8-R"      Cyrillic text (KOI8-R)
    

    To provide additional information for correct handling of FTP transfers the transfer mode can be indicated after the content type using the FTP: keyword. One of three characters is used. An "A" indicates that this file type should be FTP transfered in ASCII mode. An "I" or a "B" indicates that this file type should be FTP transfered in Image (binary) mode.

    [AddType]
    .ps    application/postscript  ftp:A   Postscript document
    

    To specify a VMS record format for POST or PUT files use the RFM: keyword following the content-type. This record format will always be used when creating the file. The precedence for determining the created file record format is [AddType] RFM:, then any per-path PUT=RFM= mapping rule, then [PutBinaryRFM], then a default of UDF.

    [AddType]
    .doc    application/msword  rfm:STMCR   MS Word document
    

  7. [AuthBasic] ENABLED|DISABLED (default: DISABLED)

    Enables or disables BASIC username authentication.

  8. [AuthCacheEntriesMax] integer (default: 32)

    Maximum concurrent authentication cache entries. This needs to be sized adequately to prevent the cache from thrashing (too many attempted entries causing each to spend very little time in the cache before being replaced, only to need to be inserted again with the next attempted access).

  9. [AuthCacheEntrySize] integer (default: 768)

    Maximum size of an authentication cache entry. The only reason where this may need to be increased is where a site is using the /PROFILE functionality and one or more accounts have a particularly large number of rights identifiers.

  10. [AuthCacheMinutes] integer (default: 60)

    The number of minutes authentication information is cached before being revalidated from the authentication source. Zero disables caching (with a resultant impact on performance as each request requiring authentication is validated directly from the source).

  11. [AuthDigest] ENABLED|DISABLED (default: DISABLED)

    Enables or disables Digest username authentication.

  12. [AuthDigestGetLife] integer (default: 0)

    The number of seconds a digest nonce for a GET request (read) can be used before becoming stale.

  13. [AuthDigestPutLife] integer (default: 0)

    The number of seconds a digest nonce for a PUT (/POST/DELETE ... write) request can be used before becoming stale.

  14. [AuthFailureLimit] integer (default: 0)

    The number of unsuccessful attempts at authentication before the username is disabled. Once disabled any subsequent attempt is automatically refused without further reference to the authentication source. A disabled username can be reenabled by simply purging the cache. Parallels the purpose of SYSGEN parameter LGI_BRK_LIM.

  15. [AuthFailurePeriod] hh:mm:ss (default: 00:00:00)

    The period during which [AuthFailureLimit] is applied. Parallels the purpose of SYSGEN parameter LGI_BRK_TMO.

  16. [AuthFailureTimeout] hh:mm:ss (default: 00:00:00)

    The period during which which any intrusion aversion is applied. Parallels the purpose of SYSGEN parameter LGI_HID_TIM.

  17. [AuthRevalidateUserMinutes] integer (default: 60)

    The number of minutes between authenticated requests that user authentication remains valid before the user is forced to reenter the authentication information (via browser dialog). Zero disables the requirement for revalidation.

  18. [AuthSysUafAcceptExpPwd] ENABLED|DISABLED (default: DISABLED)

    If a SYSUAF authenticated password has expired (password lifetime has been reached) accept it anyway (in much the same way network logins are accepted in similar circumstances). This is very different to account expiry, after which authentication is always rejected.

  19. [AuthSysUafLogonType] LOCAL|DIALUP|NETWORK|REMOTE (default: NETWORK)

    When SYSUAF authentication is performed account access restrictions are checked. By default NETWORK restrictions are used but this global configuration parameter allows another to be specified.

  20. [AuthSysUafPwdExpURL] string (default: none)

    If a SYSUAF authenticated password is/has expired the request is redirected to this URL to change the password.

  21. [AuthSysUafUseAcme]

    Obsolete for WASD V9.3 and following.

  22. [BufferSizeDclCgiHeader] integer (default: 2048)

    The number of bytes allocated to store and process a script CGI response header.

  23. [BufferSizeDclCgiPlusIn] integer (default: 2048)

    The number of bytes (and hence BYTLM quota) permanently allocated to each scripting process CGIPLUSIN mailbox.

  24. [BufferSizeDclCommand] integer (default: 3072)

    The number of bytes (and hence BYTLM quota) permanently allocated to each scripting process SYS$COMMAND mailbox.

  25. [BufferSizeDclOutput] integer (default: 4096)

    The number of bytes (and hence BYTLM quota) permanently allocated to each scripting process SYS$OUTPUT mailbox.

  26. [BufferSizeNetFile] integer (default: none)

    The maximum bytes to be allocated to a buffer when transfering file content. For larger files this can improve both the reading of the file content from disk and when appropriately tuned to the local system the transmission of that content to the client, significantly increasing data rates. Limited to the $QIO maximum I/O unit of 65,535 bytes. Bigger is not always necessarily better (in the sense it always improves data rates).

  27. [BufferSizeNetMTU] integer (default: none)

    This more esoteric directive attempts to minimise network buffer transmission wastage by rounding the output buffer size up to the network interface MTU (maximum transmission unit). This can provide small improvements to transmission efficiency. For example a filled buffer of 4096 with an MTU of 1500 sends two 1500 byte packets and then one of 1096 bytes, theoretically wasting some 404 bytes. A potentially better choice of buffer size would be 4500. Setting this directive to 1500 would result in the server automatically rounding a [BufferSizeNetWrite] value (for example) from 4096 up to 4500.

  28. [BufferSizeNetRead] integer (default: 2048)

    The number of bytes allocated to the network read buffer (used for request header, POST body, etc.). Also the number of bytes (and hence BYTLM quota) permanently allocated to each scripting process SYS$INPUT mailbox (allowing a script to read a request body).

  29. [BufferSizeNetWrite] integer (default: 4096)

    Number of bytes allocated to the network write buffer. This buffer is used as the basic unit when transfering file contents (from cache or the file system), as an output buffer during SSI pocessing, directory listing, etc. During many activities multiple outputs are buffered into this storage before being written to the network.

  30. [Cache] ENABLED|DISABLED (default: DISABLED)

    File cache control.

  31. [CacheChunkKBytes] integer (default: 0)

    Granularity of memory blocks allocated to file data, in kilobytes.

  32. [CacheEntriesMax] integer (default: 0)

    Maximum number of files loaded into the cache before entries are reused removing the original contents from the cache.

  33. [CacheFileKBytesMax] integer (default: 0)

    Maximum size of a file before it is not a candidate for being cached, in kilobytes.

  34. [CacheFrequentHits] integer (default: 0)

    Minimum, total number of hits an entry must sustain before being a candidate for [CacheFrequentPeriod] assessment.

  35. [CacheFrequentPeriod] hh:mm:ss (default: 00:00:00)

    If a file has been hit at least [CacheFrequentHits] times in total and the last was within the period here specified it will not be a candidate for reuse. See 11 - Cache Configuration.

  36. [CacheGuardPeriod] integer (default: 15)

    During this period subsequent reloads (no-cache) requests will not result in the entry being revalidated or reloaded. This can guard period can help prevent unnecessary file system activity.

  37. [CacheEntriesMax] integer (default: 0)

    Obsolete for WASD V8.0 and following.

  38. [CacheTotalKBytesMax] integer (default: 0)

    Maximum memory allocated to the cache, in kilobytes.

  39. [CacheValidatePeriod] hh:mm:ss (default: 00:00:00)

    The interval after which a cache entry's original, content revision time is revalidated against the file's current revision time. If not the same the contents are declared invalid and reloaded.

  40. [CharsetConvert] string (default: none)

    Document and CGI script output can be dynamically converted from one character set to another using the standard VMS NCS conversion library. This directive provides the server with character set aliases (those that are for all requirements the same) and which NCS conversion function may be used to convert one character set into another. The general format is

    document-charset  accept-charset[,accept-charset..]  [NCS-function-name]
    

    When this directive is configured the server compares each text response's character set (if any) to each of the directive's document charset string. If it matches it then compares each of the accepted charset (if multiple) to the request "Accept-Charset:" list of accepted characters sets. If the same is is either accepted as-is or if a conversion function specified converted by NCS as the document is transfered.

    windows-1251 windows-1251,cp-1251
    windows-1251 koi8-r koi8r_to_windows1251_to_koi8r
    koi8-r koi8-r,koi8
    koi8-r windows-1251,cp-1251 koi8r_to_windows1251
    

  41. [CharsetDefault] string (default: none)

    The default character set sent in the response header for text documents (plain and HTML). English language sites should specify ISO-8859-1, other Latin alphabet sites, ISO-8859-2, 3, etc. Cyrillic sites might wish to specify ISO-8859-5 or KOI8-R, and so on.

  42. [CgiStrictOutput] ENABLED|DISABLED (default: DISABLED)

    A script must output a full HTTP or CGI-compliant response. If a plain-text stream is output an error is reported (being the more common behaviour for servers). Errors in output can be disagnosed using the WATCH facility.

  43. [ConnectMax] integer (default: 200)

    The maximum number of concurrent client connections before a "server too busy right now ... try again shortly" error is returned to the client.

  44. [DclBitBucketTimeout] hh:mm:ss (default: 0)

    Period a script is allowed to continue processing before being terminated after a client prematurely disconnects. An approptiate setting allows most scripts to conclude elegantly and be available for further use. This improves scripting efficiency significantly. Setting this period to zero terminates scripts (and their associated processes) immediately a client is detected as having disconnected.

  45. [DclCleanupScratchMinutesMax] integer (default: 0)

    Whenever the last scripting process is removed from the system, or this number of minutes maximum (whichever occurs first), scan the WASD_SCRATCH directory (if logical defined and it exists) deleting all files that are older than [DclCleanupScratchMinutesOld] minutes. Setting to zero disables WASD_SCRATCH scans.

  46. [DclCleanupScratchMinutesOld] integer (default: 0)

    When performing a [DclCleanupScratchMinutesMax] scan delete files that are older than this value (or the value specified by [DclCleanupScratchMinutesMax], whichever is the larger).

  47. [DclCgiPlusLifeTime] hh:mm:ss (default: 0)

    If non-zero the CGIplus process is terminated the specified period after it last processed a request (idle for that period). Adjusting the period to suit the site allows frequently used persistent scripts and scripting engines to remain resident while more sporadically accessed ones do not remain unecessarily. If this value is zero (or unconfigured) the idle timeout is one hour.

  48. [DclDetachProcess] ENABLED|DISABLED (default: DISABLED)

    By default scripts are executed within server processes. When enabled this instructs the server to create detached processes. This side-steps the issues of having pooled process quotas and also allows non-server-account scripting and in particular "Scripting Overview, Introduction".

  49. [DclDetachProcessPriority] integer[,integer] (default: same as server)

    When detached scripting processes are created it is possible to assign them base priorities lower that the server itself. This directive takes one or two (comma-separated) integers that determine how many priorities lower than the server scripting processes are created. The first integer determines server processes. A second, if supplied, determines user scripts. User scripts may never be a higher priority that server scripts.

    [DclDetachProcessPriority]  1
    [DclDetachProcessPriority]  0,1
    [DclDetachProcessPriority]  1,2
    
    The first of these examples would set both server and user script processes one below the server process. The second, server scripts at the same priority and user scripts one below. The last, server scripts one below, and user scripts two below.

  50. [DclGatewayBG] ENABLED|DISABLED (default: DISABLED)

    When enabled, non-SSL, process script CGI environments have a CGI variable WWW_GATEWAY_BG created containing the device name (BGnnnn:) of the TCP/IP socket connected to the client. This socket may be accessed by the script for transmission of data directly to the script bypassing the server entirely. This is obviously much more efficient for certain classes of script. For purposes of accurate logging the server does need to be informed of the quantity of data transfered using a CGI callout. See "Scripting Environment" document.

  51. [DclHardLimit] integer (default: 0)

    The maximum number of DCL/CGI script processing processes that may ever exist concurrently (works in conjunction with [DclSoftLimit].

  52. [DclScriptProctor] string (default: none)

    Script proctoring proactively creates and maintains specific persistent scripts and scripting environments (RTEs). It is intended for those environments that have some significant startup latency.

    See WASD Web Services - Scripting for further information.

  53. [DclScriptRunTime] string (default: none)

    One or more file type (extension) specification and scripting verb pairs. See "Scripting Overview, Runtime".

  54. [DclSoftLimit] integer (default: 0)

    The number of DCL/CGI script processing processes after which idle processes are deleted to make room for new ones. The [DclHardLimit] should be approximately 25% more than the [DclSoftLimit]. The margin exists to allow for occasional slow run-down of deleted/finishing processes. If these limits are not set (i.e. zero) they are calculated with [ProcessMax] using "[DclSoftLimit] = [ProcessMax]" and "[DclHardLimit] = [DclSoftLimit] + [DclSoftLimit] / 4".

  55. [DclSpawnAuthPriv] ENABLED|DISABLED (default: DISABLED)

    By default, when a DCL/scripting subprocess is spawned it inherits the server's currently enabled privileges, which are none, not even TMPMBX or NETMBX. If this parameter is enabled the subprocess is created with the server account's SYSUAF-authorized privileges (which should never be other than NETMBX and TMPMBX). Use with caution.

  56. [DclZombieLifeTime] hh:mm:ss (default: 00:00:00)

    If this value is zero the use of persistant DCL processes is disabled. If non-zero the zombie process is terminated the specified period after it last processed a request. This helps prevent zombie processes from clogging up a system. See "Scripting Environment" document.

  57. [DECnetReuseLifeTime] hh:mm:ss (default: 00:00:00)

    Period a DECnet scripting connection is maintained with the network task. Zero disables connection reuse.

  58. [DECnetConnectListMax] integer (default: 0)

    The size of the list used to manage connections for DECnet scripting. Zero effectively allows the server to use as many DECnet scripting connections as demanded.

  59. [DirAccess] ENABLED|DISABLED|SELECTIVE (default: DISABLED)

    Controls directory listings. SELECTIVE allows access only to those directories containing a file .WWW_BROWSABLE. The WASD HTTPd directory access facility always ignores directories containing a file named .WWW_HIDDEN. Also see the [DirWildcard] directive.

  60. [DirBodyTag] string (default: <BODY>)

    Specifies the HTML <BODY> tag for directory listing pages. This allows some measure of site "look-and-feel" in page colour, background, etc. to be employed.

  61. [DirDescriptionLines] integer (default: 0)

    Non-Zero enables HTML file descriptions during listings. Generating HTML descriptions involves opening each HTML file and searching for <TITLE>...</TITLE> and <H1>...</H1> text to generate the description. This is an obviously resource-intensive activity and on busy servers or systems may be disabled. Any non-zero number specifies the number of lines to be searched before quitting. Set to a very high number to search all of files' contents (e.g. 999999).

  62. [DirLayout] string (default: I__L__R__S__D)

    Allows specification of the directory listing layout. This is a short, case-insensitive string that specifies the included fields, relative placement and optionally the width of the fields in a directory listing. Each field is controlled by a single letter and optional leading decimal number specifying its width. If a width is not specified an appropriate default applies. An underscore is used to indicate a single space and is used to separate the fields (two consecutive works well).

    C - creation date
    D - description (generally best specified last)
    D:L - for files, make a link out of the description text
    I - icon (takes no field-width attribute)
    L - link (highlighted anchor using the name of the file)
    L:F - file-system name (for ODS-5 displays spaces, etc.)
    L:N - name-only, do not display the extension
    L:U - force name to upper-case
    N - name (no link, why bother? who knows!)
    O - owner (can be disabled)
    R - revision date
    S - size
    S:B - in bytes (comma-formatted)
    S:D - decimal kilos (see below)
    S:F - kilo and mega are displayed to one decimal place
    S:K - in kilo-bytes (and fractions thereof)
    S:M - in mega-bytes (and fractions thereof)
    U - upper-case file and directory names (must be the first character)

    The following shows some examples:

    [DirLayout]       I__L__R__S__D
    [DirLayout]       I__L__R__S:b__D
    [DirLayout]       I__15L__S__D
    [DirLayout]       UI__15L__S__D
    [DirLayout]       15L__9R__S
    [DirLayout]       15N_9C_9R_S
    [DirLayout]       I__L__R__S:d__D
    [DirLayout]       25D:l__S:b__C__R
    

    The size of files is displayed by default as 1024 byte kilos. When using the "S:k", "S:m" and "S:f" size modifiers the size is displayed as 1000 byte kilos. If it is prefered to have the default display in 1000 byte kilos then set the directory listing layout using:

    [DirLayout]       I__L__R__S:d__D
    

    If unsure of the kilo value being used check the "<META>" information in the directory listing.

  63. [DirMetaInfo] ENABLED|DISABLED (default: DISABLED)

    Includes, as <META> information, the software ID of the server and any relevant VMS file information.

  64. [DirNoImpliedWildcard] ENABLED|DISABLED (default: DISABLED)

    When a directory is accessed having no file or type component and there is no welcome page available a directory listing is generated. By default any other directory accessed from this listing has the implied wildcards "*.*" added, consequently forcing directory listings. If enabled, this directive ensures no wildcards are added, so subsequent directories accessed with welcome pages display the pages, not a forced listing.

  65. [DirNoPrivIgnore] ENABLED|DISABLED (default: DISABLED)

    To prevent browsing through directories (perhaps due to inadvertant mapping) that have file permissions allowing no WORLD access the server stops listing and reports the error the first time a protection violation occurs. This behaviour may be changed to ignore the violation, listing only those files to which it has access.

  66. [DirOwner] ENABLED|DISABLED (default: DISABLED)

    Allows specification and display of the RMS file owner information.

  67. [DirPreExpired] ENABLED|DISABLED (default: DISABLED)

    Directory listings and trees may be pre-expired. That is, the listing is reloaded each time the page is referenced. This is convenient in some environments where directory contents change frequently, but adds considerable over-head and so is disabled by default. Individual directory listings may have the default behaviour over-ridden using syntax similar to the following examples:

    /dir1/dir2/*.*?httpd=index?expired=yes
    /dir1/dir2/*.*?httpd=index?expired=no
    /tree/dir2/?httpd=index?expired=yes
    /tree/dir1/dir2/?httpd=index?expired=no
    

  68. [DirReadme] TOP|BOTTOM | OFF (default: DISABLED)

    If any of the files provided using the [DirReadMeFile] directive are located in the directory the contents are included at the top or bottom of the listing (or not at all). Plain-text are included as plain-text, HTML are included as HTML allowing markup tags to be employed.

  69. [DirReadMeFile] file.suffix (no default)

    Specifies the names and order in which a directory is checked for read-me files. This can be enabled or disabled using the [DirReadme] directive. Plain-text are included as plain-text, HTML are included as HTML allowing markup tags to be employed.

    Examples:

    [DirReadMeFile]
    readme.html
    readme.htm
    readme.
    readme.txt
    readme.1st
    

  70. [DirWildcard] OFF|ON (default: DISABLED)

    This enables the facility to force the server to provide a directory listing by providing a wildcard file specification, even if there is a home (welcome) document in the directory. This should not be confused with the [DirAccess] directive which controls directory listing itself.

  71. [DNSLookupClient] ENABLED|DISABLED (default: DISABLED)

    Enables or disables connection request host name resolution. This functionality may be expensive (in terms of processing overhead) and make serving granularity coarser if DNS is involved. If not enabled and logging is, the entry is logged against the literal internet address. If not enabled any [Accept], [Reject] or conditional directive, etc., must be expressed as a literal address.

  72. [DNSLookupLifetime] hh:mm:ss default 00:10:00

    The period for which a host name/address is cached (applies to both client lookup and proxy host lookup).

  73. [DNSLookupRetry] integer (default: 2)

    The number of attempts, at two second intervals, made to resolve a host name/address (applies to both client lookup and proxy host lookup).

  74. [EntityTag] ENABLED|DISABLED (default: ENABLED)

    An entity tag is a client-opaque string used in strong cache validation. WASD generates this using the on-disk file identification (FID) and binary last-modified date-time (RDT). This is then used as a definitive identifier for a specified on-disk resource fixed in file-system space-time (hmmm, sounds like an episode of Star Trek).

  75. [ErrorReportPath] string [status...] (default: none)

    Specifies the URL-format path to an optional, error reporting SSI document or script. See 4.10 - Error Reporting. This path can subsequently be remapped during request processing. Optional, space-separated HTTP status codes restrict the path to those codes, with the remainder handled by server-internal reporting.

  76. [ErrorRecommend] ENABLED|DISABLED (default: DISABLED)

    Provides a short message recommending action when reporting an error to a client. For example, if a document cannot be found it may say:

    (document, or bookmark, requires revision)
    

  77. [GzipAccept] integer (default: 0)

    Enables GZIP encoding of request bodies. See 4.4 - GZIP Encoding.

  78. [GzipFlushSeconds] integer (default: 0)

    Adjusts the maxiumum period period between GZIP buffer flushes. See 4.4 - GZIP Encoding.

  79. [GzipResponse] integer[integer,integer] (default: 0)

    Enables GZIP encoding (deflation) for suitable requests and responses. Valid values are 1 for minimum compression (and minimum resource usage) through to 9 for maxiumum compression (and maximum resource usage). The value 9 is recommended. See 4.4 - GZIP Encoding.

  80. [Http2Protocol] enable|disable (default: disable))

    Enable or disable (default) HTTP/2 for all services. The default for a service follows the global setting. A service must explicitly disable HTTP/2 if that is required.

  81. [Http2FrameSizeMax] integer (default: 65535)

    The maximum permitted size (in octets) of an HTTP/2 frame sent from the client.

  82. [Http2HeaderListMax] integer (default: 65535)

    The maximum permitted size (in bytes) of a request header sent from the client.

  83. [Http2HeaderTableMax] integer (default: 4096)

    The maximum permitted size (in bytes) of a request header compression table.

  84. [Http2PingSeconds] hh:mm:ss (default: 00:05:00)

    The period at which HTTP/2 pings are sent from the server to the client to calculate the (then) Round Trip Time (RTT) of the connection.

  85. [Http2StreamMax] integer (default: 32)

    Maximum number of concurrent streams (requests) supported by the connection.

  86. [Http2InitWindowSize] integer (default: 65535)

    Initial flow-control window size (in bytes).

  87. [InstanceMax] integer|CPU (default: 1)

    Number of per-node server processes to create and maintain. If set to "CPU" once instance per CPU is created.

  88. [InstancePassive] ENABLED|DISABLED (default: DISABLED)

    Start a multiple instance server already in passive mode.

  89. [Logging] ENABLED|DISABLED (default: DISABLED)

    Enables or disables the request log. Logging can slow down request processing and adds overhead. The log file name must be specified using the /LOG qualifier or WASD_CONFIG_LOG logical name (3.5 - Logical Names).

  90. [LogExcludeHosts] string (default: none)

    One or more (comma-separated if on the same line) internet host/domain names, with "*" wildcarding for host/subdomain matching, requests from which are not placed in any log files. If DNS lookup is not enabled hosts must be expressed using literal addresses (see [DNSLookup] directive). Use for excluding local or web-maintainer's host from logs.

    Example:

    [LogExcludeHosts]
    *.www.example.com
    131.185.250.*
    

  91. [LogExtend] integer (default: 0)

    Number of blocks allocated when when a log file is opened or extended. If set to zero it uses the process default (SET RMS_DEFAULT /EXTEND_QUANTITY).

  92. [LogFile] string (default: none)

    Provides some or all of the access log file name. See 4.12.2 - Log Per-Period.

  93. [LogFormat] string (default: COMMON)

    Specifies one of three pre-defined formats, or a user-definable format. See 4.12.1 - Log Format.

  94. [LogNaming] string (default: none)

    When [LogPeriod] or [LogPerService] directives are used to generate multiple log files this directive may be used to modify the naming of the file. See 4.12.5 - Log Naming.

  95. [LogPeriod] string (default: none)

    Specifies a period at which the log file is changed. See 4.12.2 - Log Per-Period.

  96. [LogPerInstance] ENABLED|DISABLED (default: DISABLED)

    When multiple instances are configured (see #BADREF(cr_server_instances) WASD Web Services - Features and Facilities ). create a separate log for each. This has significant performance advantages. See 4.12.4 - Log Per-Instance.

  97. [LogPerService] ENABLED|DISABLED (default: DISABLED)

    When multiple services are specified (4.3 - Virtual Services) a separate log file will be created for each if this is enabled. See 4.12.3 - Log Per-Service.

  98. [LogPerServiceHostOnly] ENABLED|DISABLED (default: DISABLED)

    When generating a log name do not make the port number part of it. This effectively provides a single log file for all ports provided against a host name (e.g. a standard HTTP service on port 80 and an SSL service on port 443 would have entries in the one file). See 4.12.3 - Log Per-Service.

  99. [LogWriteFail503] ENABLED|DISABLED (default: DISABLED)

    After an access log record fails to write all subsequent requests return a 503 service unavailable response until records can be successfully written again. This can be used to prevent access to server resources unless an access audit log is available.

  100. [Monitor] ENABLED|DISABLED (default: DISABLED)

    Allows monitoring via the HTTPDMON utility. Adds slight request processing overhead.

  101. [OpcomAdmin] ENABLED|DISABLED (default: DISABLED)

    Report to operator log and any enabled operator console (see [OpcomTarget]) server administration directives originating from the Server Administration Menu, for example path map reload, server restart, etc.

  102. [OpcomAuthorization] ENABLED|DISABLED (default: DISABLED)

    Report events related to authentication/authorization. For example username-password validation failures.

  103. [OpcomControl] ENABLED|DISABLED (default: DISABLED)

    Report HTTPD/DO=directive control events, both the command-line directive and the server's response.

  104. [OpcomHTTPd] ENABLED|DISABLED (default: DISABLED)

    Report events concerning the server itself. For example, server startup and exit (either normally or with error status).

  105. [OpcomProxyMaint] ENABLED|DISABLED (default: DISABLED)

    Report events related to proxy server cache maintenance. For example, the commencement of file cache reactive and proactive purging, the conclusion of this purge, both with cache device statistics.

  106. [OpcomTarget] string (default: DISABLED)

    This enables OPCOM messaging and specifies the target for the OPCOM reports. This must be set to a target to enable OPCOM messages, irrespective of the setting of any of the other [Opcom...] directives. These messages are added to SYS$MANAGER:OPERATOR.LOG and displayed at the specified operator's console if enabled (using REPLY/ENABLE=target). The operator log provides a "permanent" record of server events. Possible settings include CENTRAL, NETWORK, SECURITY, OPER1 ... OPER12, etc.

  107. [PipelineRequests] ENABLED|DISABLED (default: ENABLED)

    Pipelining refers to multiple requests being sent over an assumed persistent connection without waiting for the response from previous requests. Such behaviour with capable clients and servers can significantly reduce response latency.

  108. [Port] integer (default: 80)

    IP port number for server to bind to. For anything other than a command-line server control this parameter is overridden by anything supplied via the [Service] (deprecated) directive.

  109. [ProcessMax] integer (default: 100)

    The maximum number of concurrent client request being processed before a "server too busy right now ... try again shortly" error is returned to the client. If not explicitly set this defaults to the same value as [ConnectMax]. This directive allows a larger number of persistent connections to be maintained than are concurrently being processed at any given moment.

  110. [ProxyCache] ENABLED|DISABLED (default: DISABLED)

    Enables or disables proxy caching on a whole-of-server basis, irrespective of any proxy services that might be configured for caching.

  111. [ProxyCacheFileKBytesMax] integer (default: 256)

    Maximum size of a cache file in kilobytes before it will not be cached.

  112. [ProxyCacheNegativeSeconds] hh:mm:ss (default: 00:05:00)

    Negative (unsuccessful) responses are cached for this period.

  113. [ProxyCacheRoutineHourOfDay] integer (default: 0)

    Hour of day for routine cache purge (00-23).

  114. [ProxyCacheDeviceCheckMinutes] integer (default: 15)

    Interval in minutes between checking space availablility on cache device. If space is not available a reactive purge is initiated.

  115. [ProxyCacheDeviceDirOrg] FLAT256|64X64 (default: FLAT256)

    Organization of directories on the proxy cache device. The first provides a single level structure with a possible 256 directories at the top level and files organized immediately below these. For versions of VMS prior to V7.2 exceeding 256 files per directory, or a total of approximately 65,000 files, incurs a significant performance penalty for some directory operations. The second organization involves two levels of directory, each with a maximum of 64 directories. This allows for approximately 1,000,000 files before encountering the 256 files per directory issue.

  116. [ProxyCacheDeviceMaxPercent] integer (default: 85)

    The maximum percentage in use on the cache device before a reactive purge is scheduled. If device usage exceeds this limit no more cache files are created.

  117. [ProxyCacheDevicePurgePercent] integer (default: 1)

    The percentage by which the cache device usage is attempted to be reduced when a reactive purge is initiated.

  118. [ProxyCacheNoReloadSeconds] integer (default: 0)

    Prevents pragma reloads actually retrieving the file from the source host again until the period expires. This is designed to limit concurrent or repeated reloads of files into the cache unecessarily. Thirty seconds is probably an adequate period balancing effect against a user legitimately needing to recache the document.

  119. [ProxyCachePurgeList] string (default: 168,48,24,8,0)

    A list of comma-separated integers representing the sequence of last accessed period in hours used during a progressive reactive purge.

  120. [ProxyCacheReloadList] string (default: 1,2,4,8,12,24,48,96,168)

    A list of comma-separated integers representing the sequence of age in hours used when determining whether a cache file's contents should be reloaded.

  121. [ProxyConnectPersistMax] integer (default: 100)

    The maximum number of established connections that are maintained to remote servers.

  122. [ProxyConnectPersistSeconds] hh:mm:ss (default: 00:00:30)

    Period for which the established connections persist. At expiry the connection is closed.

  123. [ProxyConnectTimeoutSeconds] hh:mm:ss (default: 00:00:30)

    Period for which the proxy server will attempt to establish a network connection to the origin (remote) server.

  124. [ProxyForwarded] BY|DISABLED|FOR|ADDRESS (default: DISABLED)

    BY enables the addition of a proxy request header line providing information that the request has been forwarded by another agent. The added header line would look like "Forwarded: by http://server.name.domain (HTTPd-WASD/n.n.n OpenVMS/AXP Digital-TCPIP SSL)". If the FOR variant is used the field included the host name (or ADDRESS) the request is being forwarded on behalf of, as in "Forwarded: by http://server.name.domain (HTTPd-WASD/n.n.n OpenVMS/AXP Digital-TCPIP SSL) for host.name.domain".

  125. [ProxyHostLookupRetryCount] integer (default: 0)

    When the server is resolving the name of a remote host the request may timeout due to up-stream DNS server latencies. This parameter allows a number of retries, at five second intervals, to be enabled.

  126. [ProxyReportLog] ENABLED|DISABLED (default: DISABLED)

    Enables or disables the server process log reporting siginificant proxy processing events, such as cache maintenance activity.

  127. [ProxyReportCacheLog] ENABLED|DISABLED (default: DISABLED)

    Enables or disables the server process log reporting of proxy caching activity.

  128. [ProxyServing] ENABLED|DISABLED (default: DISABLED)

    Enables or disables proxy serving on a whole-of-server basis, irrespective of any proxy services that might be configured.

  129. [ProxyUnknonwRequestFields] ENABLED|DISABLED (default: DISABLED)

    When enabled propagates all request fields provided by the client through to the proxied server. When disabled only propagates fileds that WASD recognises.

  130. [ProxyVerifyRecordMax] integer (default: 0)

    Obscure functionality; see WASD Proxy Service feature.

  131. [ProxyXForwardedFor] ADDRESS|DISABLED|ENABLED|UNKNOWN (default: DISABLED)

    Enables the addition of a proxy request header line providing the host name on behalf of which the request is being proxied. The added header line would look like "X-Forwarded-For: host.name.domain". THE ADDRESS variant provides the IP address, and the UNKNOWN variant substitutes "unknown" for the host. This field is degined to be compatible with the Squid de facto standard field of the same name. Any request with an existing "X-Forwarded-For:" field has the local information appended to the existing as a comm-separated list. The first host in the field should be the original requesting client.

  132. [PutBinaryRFM] FIX512|STM|STMCR|STMLF|UDF (default: UDF)

    Record format for a non-text HTTP POST or PUT upload into the file-system. Has a per-path equivalent. The precedence for determining the created file record format is [AddType] RFM:, then any per-path PUT=RFM= mapping rule, then [PutBinaryRFM], then the default of UDF.

  133. [PutMaxKBytes] integer (default: 250)

    Maximum size of an HTTP POST or PUT method request in Kilobytes. Has a per-path equivalent.

  134. [PutVersionLimit] integer (default: 3)

    File created using the POST or PUT methods have the specified version limit applied.

  135. [RegEx] ENABLED|DISABLED (default: DISABLED)

    Enable regular expression matching. With the possibility of the reserved character "^" being used in existing mapping rules regular expression string matching (6 - String Matching) is only available after enabling this directive.

    The default syntax is POSIX EGREP but can be specified by substituting for ENABLED one of the following keywords; AWK, ED, EGREP, GREP, POSIX_AWK, POSIX_BASIC, POSIX_EGREP, POSIX_EXTENDED, POSIX_MINIMAL_BASIC, POSIX_MINIMAL_EXTENDED, SED. When changed from the default enabled (WASD) case-insensitivity is lost.

  136. [Reject] host/domain name (default: none)

    One or more (comma-separated if on the same line) internet host/domain names, with "*" wildcarding for host/subdomain matching, to be explicitly denied access. If DNS lookup is not enabled hosts must be expressed using literal addresses (see [DNSLookup] directive). Also see the [Accept] directive. Reject directives have precedence of Accept directives. The Reject directive may be used multiple times.

    Example:

    [Reject]
    *.www.example.com
    131.185.250.*
    

  137. [ReportBasicOnly] ENABLED|DISABLED (default: DISABLED)

    Only ever supply basic information in a report (4.10 - Error Reporting).

  138. [ReportMetaInfo] ENABLED|DISABLED (default: DISABLED)

    Includes in detailed reports, as <META> information, the software ID of the server and any relevant VMS file information.

  139. [RequestHistory] integer (default: 0)

    The server can keep a list of the most recent requests accessible from the Server Administration page. This value determines the number kept. Zero disables the facility. Each retained request consumes 256 bytes and adds a small amount of extra processing overhead.

  140. [Scripting] ENABLED|DISABLED (default: ENABLED)

    Enables and disables all scripting mechanisms. This includes CGI and CGIplus, DECnet-based OSU and CGI, and SSI directives that DCL processes to provide <--#dcl -->, <--#exec -->, etc.

  141. [SearchScript] path (no default)

    Specifies the URL-format path to the default query-string keyword search script. This path can subsequently be remapped during request processing.

    Example:

    [SearchScript] /wasd_root/script/query
    

  142. [SearchScriptExclude] list (no default)

    Provides a list of file types that are excluded from an implied keyword search. This is useful for client-side (browser-side) active processing that may require a query string to pass information. This query string would normally be detected by the server and if not in a format to be meaningful to itself is then considered as an implied (HTML <ISINDEX>) keyword search, with the approriate script being activiated.

    Example:

    [SearchScriptExclude] .HTA,.HTL
    

  143. [SecureSocket] ENABLED|DISABLED (default: DISABLED)

    Enable the Secure Sockets Layer (SSL) Transport Layer Security (TLS) if the server has been built with that option. See "WASD VMS Web Services - Features and Facilities"; 4 - Transport Layer Security WASD Web Services - Features and Facilities .

  144. [ServerAdmin] string (no default)

    Specifies the contact email address for server administration issues. Included as a "mailto:" link in the server signature if [ServerSignature] is set to email.

  145. [ServerAdminBodyTag] string (default: <BODY>)

    Specifies the HTML <BODY> tag for server administration and administration report pages. This allows some measure of control over the "look-and-feel" of page and link colour, etc.. for the administrator.

  146. [ServerReportBodyTag] string (default: <BODY>)

    Specifies the HTML <BODY> tag for server error and other report pages. This allows some measure of site "look-and-feel" in page colour, background, etc. to be maintained.

  147. [ServerSignature] ENABLED|EMAIL|DISABLED (default: DISABLED)

    The server signature is a short identifying string added to server generated error and other report pages. It includes the server software name and version, along with the host name and port of the service. Setting this to email makes the host name a mailto: link containing the address specified by the [ServerAdmin] directive.

  148. [Service] string (no default) (deprecated)

    This parameter allows SSL, multi-homed hosts and multiple port serving to be specified.

  149. [ServiceNotFoundURL] string (no default)

    Provides a default path for reporting a virtual host does not exist, see 4.3.2 - Unknown Virtual Server.

  150. [SocketSizeRcvBuf] integer (no default)

    Number of bytes allocated at the device-driver level for a network connection receive buffer. See 3 - Server Account and Environment.

  151. [SocketSizeSendBuf] integer (no default)

    Number of bytes allocated at the device-driver level for a network connection send buffer. Later versions of TCP/IP Services seem to have large default values for this. MultiNet and TCPware are reported to improve transfers of large responses by increasing low default values. See 3 - Server Account and Environment.

  152. [SSI] ENABLED|DISABLED (default: DISABLED)

    Enables or disables Server Side Includes (HTML pre-processing).

  153. [SSIaccesses] ENABLED|DISABLED (default: DISABLED)

    Enables or disables Server Side Includes (HTML pre-processing) file access counter.

  154. [SSIexec] ENABLED|DISABLED (default: DISABLED)

    Enables or disables Server Side Includes (HTML pre-processing) DCL execution functionality.

  155. [SSIsizeMax] integer (default: 0 (128kB))

    SSI source files a completely read into memory before processing. This allows the maximum size to be expanded beyond the default.

  156. [SSLcert] string (no default)
    TLS/SSL Configuration

    See "WASD VMS Web Services - Features and Facilities"; 4 - Transport Layer Security WASD Web Services - Features and Facilities .
    Server command line /SSL= parameter equivalents override the [SSL..] directives.

    TLS/SSL server certificate file path.

  157. [SSLcipherList] string (no default)

    A colon-separated list (OpenSSL syntax) of TLS/SSL ciphers allowed to be used by clients to connect to SSL services. The use of this parameter might allow the selection of stronger ciphers to be forced to be used or the connection not allowed to procede.

  158. [SSLinstanceCacheMax] integer (no default)

    TLS/SSL multiple WASD instance, shared session cache. Maximum number of shared records.

  159. [SSLinstanceCacheSize] integer (no default)

    TLS/SSL multiple WASD instance, shared session cache. Size in bytes of each individual record.

  160. [SSLkey] string (no default)

    TLS/SSL server certificate private key file path. The private key is commonly enbedded into the certificate file.

  161. [SSLoptions] string (no default)

    Alphanumeric flags supported by WASD or hexadecimal value applied to the SSL option of OpenSSL.

  162. [SSLsessionCacheMax] integer (no default)

    Single WASD instance, shared session cache. Maximum number of records. Records are dynamically sized.

  163. [SSLsessionLifetime] hh:mm:ss (no default)

    The default maximum period for session reuse is five minutes. This may be set globally using the this directive or on a per-service basis using the per-service equivalent [ServiceSSLsessionLifetime].

  164. [SSLstrictTransSec] hh:mm:ss (no default)

    When non-zero represents the number of seconds, or maximum age, of a HSTS "Strict-Transport-Security:" response header field. See "WASD VMS Web Services - Features and Facilities"; 4 - Transport Layer Security WASD Web Services - Features and Facilities . There is an equivalent per-service directive.

  165. [SSLverifyPeer] ENABLED|DISABLED (default: DISABLED)

    To access this service a client must provide a verified CA client certificate.

  166. [SSLverifyPeerCAfile] string (default: none)

    Specifies the location of the collection of Certificate Authority (CA) certificates used to verify a peer certificate (VMS file specification).

  167. [SSLverifyPeerDataMax] integer (default: 1024)

    When a client certificate is requested for authentication via TLS/SSL renegotiation this is the maximum kilobytes POST/PROPFIND/PUT data buffered during the renegotiation. There is an equivalent per-service directive.

  168. [SSLverifyPeerDepth] integer (default: 0)

    Level through a certificate chain a client is verified to.

  169. [SSLversion] string (default: TLS family of protocols)

    The abbreviation for the TLS/SSL protocol version allowed to be used to connect to an SSL service. Using the directive a service may select prefered protocols.

  170. [StreamLF] integer (default: 0 (disabled))

    Enables or disables automatic conversion of VARIABLE record format documents (files) to STREAM-LF, which are much more efficient with this server. The integer is the maximum size of a file in kilobytes that the server will attempt to convert. Zero disables any conversions.

  171. [StreamLFpaths] string (no default)

    (Retired in v5.3, mapping SET rule provides this now, see 12.5.5 - SET Rule).

  172. [TimeoutHttp2idle] hh:mm:ss (default: 01:00:00)

    The maximum period of time before an idle HTTP/2 connection is issued with a GOAWAY frame. An idle HTTP/2 connection is one where it has not processed a request.

  173. [TimeoutInput] hh:mm:ss (default: 00:01:00)

    Period allowing a connection request to be in progress without submitting a complete request header before terminating it.

  174. [TimeoutPersistent] hh:mm:ss (default: 0)

    The period a persistent connection with the client is maintained after the conclusion of a request. Connection persistence improves the overall performance of the server by reducing the number of discrete TCP/IP connections that need to be established.

  175. [TimeoutNoProgress] hh:mm:ss (default: 00:02:00)

    Period allowing request output to continue without any increase in the number of bytes transfered. This directive is targeted at identifying and eliminating requests that have stalled.

  176. [TimeoutOutput] hh:mm:ss (default: 00:10:00)

    Period allowing a request to be output before terminating it. This directive sets an absolute maximum time a request can continue to receive output.

  177. [WebDAV] ENABLED|DISABLED (default: DISABLED)

    Enable WEBdav on a server-wide basis (see "WASD VMS Web Services - Features and Facilities"; 6 - WebDAV WASD Web Services - Features and Facilities ).

  178. [WebDAVlocking] ENABLED|DISABLED (default: DISABLED)

    Enable WebDAV locking.

  179. [WebDAVlockCollectionDepth] integer (default: 0)

    Ancestor directory locking depth.

  180. [WebDAVlockTimeoutDefault] ddd-hh:mm:ss (default: 01:00:00)

    Set default locking period.

  181. [WebDAVlockTimeoutMax] ddd-hh:mm:ss (default: 7-00:00:00)

    Maximum locking period.

  182. [WebDAVmetaDir] string (default: same as data file)

    Location of metadata files.

  183. [WebDAVquota] ENABLED|DISABLED (default: DISABLED)

    Enable disk quota reporting.

  184. [Welcome] file.suffix (no default)

    Specifies the names and order in which a directory is checked for home page files. If no home page is found a directory listing is generated.

    [Welcome]
    index.html
    index.htm
    home.html
    home.htm
    

    Dynamic home pages (script or interpreter engine driven, e.g. Perl, PHP) may be deployed using a combination of the [Welcome] and [DclScriptRunTime] directives.

    [Welcome]
    index.html
    index.htm
    index.php
    index.pl
    
    [DclScriptRunTime]
    .PHP $CGI-BIN:[000000]PHPWASD.EXE
    .PL $CGI-BIN:[000000]PERLRTE
    

  185. [WWWimplied] ENABLED|DISABLED (default: (DISABLED))

    When enabled considers www.host.name and host.name to be the same virtual service. If a request being processed has a virtual host of www.host.name and the service matching, rule matching or authentication matching process encounters a host.name virtual service it is considered match. A request with a virtual host of host.name does not match a service of www.host.name.


next previous contents full-page