Oracle iPlanet Web Proxy Server 4.0.14 Configuration File Reference

Listener Elements

The Listener elements are as follows:

LS

Defines an HTTP listen socket.

Note –

When you create a secure listen socket through the Server Manager, security is automatically turned on globally in magnus.conf. When you create a secure listen socket manually in server.xml, security must be turned on by editing magnus.conf.

Subelements

The following table describes subelements for the LS element.

Table 2–12 LS subelements


Element	Required	Description
DESCRIPTION	Zero or one	Contains a text description of the listen socket
SSLPARAMS	Zero or one	Defines Secure Socket Layer (SSL) parameters

Attributes

The following table describes attributes for the LS element.

Table 2–13 LS attributes


Attribute	Default	Description
`id`	None	(optional) The socket family type. A socket family type cannot begin with a number. When you create a secure listen socket in the `server.xml` file, security must be turned on in `magnus.conf`. When you create a secure listen socket in the Server Manager, security is automatically turned on globally in `magnus.conf`.
`ip`	Any	Specifies the IP address of the listen socket. The value can be in dotted-pair or IPv6 notation. The value can also be `any` for `INADDR_ANY`.
`port`	None	Port number on which to create the listen socket. Legal values are `1` - `65535`. On UNIX, creating sockets that listen on ports `1` - `1024` requires superuser privileges. Configuring an SSL listen socket to listen on port 443 is recommended. Two different IP addresses can’t use the same port.
`security`	`false`	(optional) Determines whether the listen socket runs SSL. Valid values are `on`, `off`, `yes`, `no`, `1`, `0`, `true`, `false`. You can turn SSL2 or SSL3 on or off and set ciphers using an `SSLPARAMS` subelement for this listen socket. The `Security` setting in the `magnus.conf` file globally enables or disables SSL by making certificates available to the server instance. Therefore, `Security` in `magnus.conf` must be turned `on` or security in `server.xml` does not work. For more information, see Chapter 3, Syntax and Use of the `magnus.conf` File.
`acceptorthreads`	`1`	(optional) Number of acceptor threads for the listener. The recommended value is the number of processors in the machine. Valid values are `1` - `1024`.
`family`	None	(optional) The socket family type. Valid values are `inet, inet6, and nca`. Use the value `inet6` for IPv6 listen sockets. When using the value of `inet6,` IPv4 addresses will be prefixed with `::ffff:` in the log file. Specify `nca` to make use of the Solaris Network Cache and Accelerator.
`blocking`	`false`	(optional) Determines whether the listen socket and the accepted socket are put into blocking mode. Use of blocking mode may improve benchmark scores. Valid values are `on`, `off`, `yes`, `no`, `1`, `0`, `true`, `false`.
`servername`	None	Tells the server what to put in the host name section of any URLs it sends to the client. This affects URL values that the server automatically generates. This value does not affect the URLs for directories and files stored in the server. This name should be the alias name if your server uses an alias. If you append a colon and port number, that port will be used in URLs the server sends to the client.

SSLPARAMS

Defines SSL (Secure Socket Layer) parameters.

Subelements

none

Attributes

The following table describes attributes for the SSLPARAMS element.

Table 2–14 SSLPARAMS attributes


Attribute	Default	Description
`servercertnickname`	`Server-Cert`	The nickname of the server certificate in the certificate database or the PKCS#11 token. In the certificate, the name format is tokenname:nickname. Including the tokenname: part of the name in this attribute is optional.
`ssl2`	`false`	(optional) Determines whether SSL2 is enabled. Valid values are `on`, `off`, `yes`, `no`, `1`, `0, true,` and `false`. If both SSL2 and SSL3 are enabled for a virtual server, the server tries SSL3 encryption first. If that encryption fails, the server tries SSL2 encryption.
`ssl2ciphers`	None	(optional) A space-separated list of the SSL2 ciphers used with the prefix + to enable or - to disable, for example, +rc4. Allowed values are `rc4`, `rc4export`, `rc2`, `rc2export`, `idea`, `des`, `desede3`.
`ssl3`	`true`	(optional) Determines whether SSL3 is enabled. Valid values are `on`, `off`, `yes`, `no`, `1`, `0`, `true` and `false`. If both SSL2 and SSL3 are enabled for a virtual server, the server tries SSL3 encryption first. If that encryption fails, the server tries SSL2 encryption.
`ssl3tlsciphers`	none	(optional) A space-separated list of the SSL3 ciphers used with the prefix + to enable or - to disable, for example, +rsa_des_sha. Allowed SSL3 values are `rsa_rc4_128_md5`, `rsa_3des_sha`, `rsa_des_sha`, `rsa_rc4_40_md5`, `rsa_rc2_40_md5`, `rsa_null_md5`. Allowed TLS values are `rsa_des_56_sha`, `rsa_rc4_56_sha`.
`tls`	`true`	(optional) Determines whether TLS is enabled. Valid values are `on`, `off`, `yes`, `no`, `1`, `0`, `true`, and `false`.
`tlsrollback`	`true`	(optional) Determines whether TLS rollback is enabled. Valid values are `on`, `off`, `yes`, `no`, `1`, `0`, `true`, and `false`. TLS rollback should be enabled for Microsoft Internet Explorer 5.0 and 5.5.
`clientauth`	`false`	(optional) Determines whether SSL3 client authentication is performed on every request, independent of ACL-based access control. Valid values are `on`, `off`, `yes`, `no`, `1`, `0`, `true`, and `false`.

MIME

The MIME element defines MIME types.

The most common way that the server determines the MIME type of a requested resource is by invoking the type-by-extension directive in the ObjectType section of the obj.conf file. The type-by-extension function does not work if no MIME element has been defined in the SERVER element.

Subelements

The following table lists the subelements for the MIME element.

Table 2–15 Mime subelements


Element	Required	Description
`TYPE`	Zero or more	Specifies the mime type of the requested resource.

Attributes

The following table describes attributes for the MIME element.

Table 2–16 MIME attributes


Attribute	Default	Description
`id`	None	Internal name for the MIME types listing. The MIME types name cannot begin with a number.
`file`	None	The name of a MIME types file. For more information, see Chapter 6, MIME Types

TYPE

Defines the type of the requested resource.

Subelements

None

Attributes

The following table describes attributes for the TYPE element.

Table 2–17 TYPE attributes


Attribute	Default	Description
`type`	None	Defines the type of the requested resource
`language`	None	Defines the content language
`encoding`	None	Defines the content-encoding
`extensions`	None	Defines the file extensions associated with the specified resource

ACLFILE

References one ACL file.

Subelements

The following table describes subelements for the ACLFILE element.

Table 2–18 ACLFILE subelements


Element	Required	Description
DESCRIPTION	Zero or one	Contains a text description of the `ACLFILE` element

Attributes

The following table describes attributes for the ACLFILE element.

Table 2–19 ACLFILE attributes


Attribute	Default	Description
`id`	None	Internal name for the ACL file listing. An ACL file listing name cannot begin with a number.
`file`	None	A space-separated list of ACL files. Each ACL file must have a unique name. For information about the format of an ACL file, see the Proxy Server Administration Guide. The name of the default ACL file is `generated.https-server-id.acl`, and the file resides in the `server_root/server-id/httpacl` directory. To use this file, you must reference it in `server.xml`.

USERDB

Defines the user database used by the server.

Subelements

The following table describes subelements for the USERDB element.

Table 2–20 USERDB subelements


Element	Required	Description
DESCRIPTION	Zero or one	Contains a text description of this element

Attributes

The following table describes attributes for the USERDB element.

Table 2–21 USERDB attributes


Attribute	Default	Description
`id`	None	The user database name in the server’s ACL file. A user database name cannot begin with a number.
`database`	None	The user database name in the `dbswitch.conf` file.
`basedn`	None	(optional) Overrides the base DN lookup in the `dbswitch.conf` file. However, the `basedn` value is still relative to the base DN value from the `dbswitch.conf` entry.
`certmaps`	None	(optional) Specifies which certificate mapped to LDAP entry mappings defined in `certmap.conf` to use. If the certificate is not present, all mappings are used. All lookups based on mappings in `certmap.conf` are relative to the final base DN of the server.