Go to main content
Oracle® ZFS Storage Appliance Security Guide, Release OS8.7.0

Exit Print View

Updated: July 2017
 
 

HTTP Data Service

HTTP provides access to filesystems using the HTTP and HTTPS protocols and the HTTP extension Web-based Distributed Authoring and Versioning (WebDAV). This lets clients access shared filesystems through a web browser or as a local filesystem, if their client software supports it.

The HTTPS server uses either a self-signed security certificate or a customer-supplied certificate. To obtain a customer-supplied certificate, you must generate a Certificate Signing Request (CSR) and send it to the Certificate Authority (CA) for signature. After the signed certificate is returned from the CA, it can be installed on the appliance. If a certificate is signed by a non-root CA, you must also obtain certificates from the second- and higher-level CAs. For more information on certificate management, please refer to the Oracle ZFS Storage Appliance Administration Guide.

The following properties are available:

  • Require Client Login - Clients must authenticate before share access is allowed, and files they create will have their ownership. If this is not set, files created will be owned by the HTTP service with user "nobody".

  • Protocols - Select which access methods to support: HTTP, HTTPS, or both.

  • HTTP Port (for incoming connections) - HTTP port, the default is port 80.

  • HTTPS Port (for incoming secure connections) - HTTP port, the default port is 443.

When Require Client Login is enabled, the Oracle ZFS Storage Appliance denies access to clients that do not supply valid authentication credentials for a local user, an NIS user, or an LDAP user. Active Directory authentication is not supported. Only basic HTTP authentication is supported. Unless HTTPS is being used, this transmits the username and password unencrypted, which may not be appropriate for all environments. If Require Client Login is disabled, the appliance does not try to authenticate credentials.

Regardless of authentication, permissions are not masked from created files and directories. Newly created files have permissions read and write by everyone. Newly created directories have permissions read, write, and execute by everyone.