Manualshelf

iTP Secure WebServer System Administrators Guide (Version 7.5+)

ManualsBrandsHP ManualsServerHP Integrity NonStop H-Series
41424344454647484950
The benefits of assigning a smaller number of servers with a higher number of threads per server
include:
In a process, all threads share system resources such as swap space and file opens, including
opens to cache files.
No system dispatching is required to switch among threads in the same process.
Assigning a larger number of processes with a lower number of threads per server has different
benefits:
Load balancing is increased across processors.
Less susceptibility to processor and process failures, and better fault isolation
The TANDEM_RECEIVE_DEPTH environment variable has no meaning for server classes other than
httpd or servlet.
Security for the Server's Pathway Environment
When you plan your configuration of the PATHMON environment for the iTP Secure WebServer,
you can take certain steps to enhance the security of the environment itself. These sections discuss
how to manage the security of your data and provide for secure transactions:
“Configuring for Secure Transport” (page 53)
“Managing the iTP Secure WebServer Using Scripts” (page 82)
These subsections discuss issues to consider with respect to the iTP Secure WebServer PATHMON
environment:
“Who Can Modify the Configuration Files?” (page 50)
“Who Can Start/Stop the iTP Secure WebServer?” (page 50)
“What TCP/IP Port Is the Distributor Process Monitoring?” (page 50)
“Common Gateway Interface (CGI) Application Security Considerations” (page 51)
“Pathway CGI Server Class Considerations” (page 51)
Who Can Modify the Configuration Files?
By default, access to the /usr/tandem/webserver/admin/conf directory is restricted to the
owner of the directory structure. This is the user ID under which the iTP Secure WebServer was
installed, as described in “Installing the iTP Secure WebServer” (page 34). The directory owner
can allow anyone access to the directory. However, the system supervisor can always access the
directory.
Who Can Start/Stop the iTP Secure WebServer?
The default iTP Secure WebServer configuration gives all users in the system execute and read
permission for the bin directory. Therefore, any individual can access the bin/httpd file and
specify a configuration file to start an iTP Secure WebServer. If you want to restrict users from
starting their own servers, change the default security of the bin directory or the security of the
bin/httpd file.
What TCP/IP Port Is the Distributor Process Monitoring?
In its default, out-of-box configuration, the Distributor process monitors TCP/IP port number 80. To
use a different port, modify the port specification in the httpd.config file. The Distributor process
also can monitor multiple ports. For example, in the httpd.stl.config file, you can specify a
port to use with the Transport Layer Security (TLS) or Secure Sockets Layer (SSL); the default value
is 443. The Accept and AcceptSecureTransportdirectives, described in “Configuration
Directives” (page 198), let you specify multiple IP addresses and port numbers. To check that requests
50 Planning the iTP Secure WebServer PATHMON Environment