Sun ONE Web Server 6.1 Administrator's Guide

The Shut Down page allows you to stop the Administration Server. To start the server again, restart the service or use the icon in the program manager for Windows, or type ./start from the server_root/https-admserv directory for UNIX/Linux.

The Edit Listen Sockets Page

Before the server can process a request, it must accept the request via a listen socket, then direct the request to the correct virtual server. This page allows you to edit listen socket settings.

If you are accessing this page from the Server Manager, see The Edit Listen Socket Page in the Server Manager section.

Delete. To delete more than one listen sockets, check the corresponding check boxes, and click OK.

Listen Socket ID. The internal name for the listen socket. Used to define the listen socket(s) a virtual server is bound to. Click to edit the properties of the listen socket in The Edit Listen Socket Page.

IP Address. The IP address of the listen socket. Can be in dotted-pair or IPv6 notation. Can also be 0.0.0.0, any, or ANY or INADDR_ANY (all IP addresses). Configuring an SSL listen socket to listen on 0.0.0.0 is required if more than one virtual server is configured to it.

Port. The port number to create the listen socket on. Legal values are 1 - 65535. On UNIX, creating sockets that listen on ports 1 - 1024 requires superuser privileges. Configuring an SSL listen socket to listen on port 443 is recommended.

Security. Displays whether security is enabled or disabled for the listen socket.

Reset. Erases your changes and resets the elements in the page to the values they contained before your changes.

The Server Settings Page

On UNIX/Linux systems, you can use the Server Settings page to change the Administration Server user name.

Admin Server User. Specifies the user name under which the server runs. The server user should have restricted access to your system resources. You can often use a user named nobody in this situation. On some systems, however, nobody is not a valid user name. You may not want to give the user nobody group access to all files. If you do not use nobody, create a new UNIX/Linux user, such as adm, to be the server user.

On Windows, to change the user which the server runs as, use the Services item in the Control Panel.

Reset. Erases your changes and resets the elements in the page to the values they contained before your changes.

The Superuser Access Control Page

The Superuser Access Control page allows you to configure superuser access for the Administration Server. These settings affect only the superuser account. If the Administration Server uses distributed administration, you must set up access control for the administrators using Restrict Access link under the Global Settings tab.

Hostnames to allow. Allows the specified host name to access the Administration Server. You can use wildcard patterns to match multiple systems in a domain. For example, *sun.com matches a.sun.com and a.corp.sun.com. You can list multiple hosts by separating them with commas. Using host names is flexible; if a system’s IP address changes, you will not need to update the server.

IP Addresses to allow. Specifies the IP address to match any host not explicitly defined. The access control for the most complete match will be used. You can also type wildcard patterns. For example, 198.95.* matches 198.95.11.6 and 198.95.11.2. You can separate IP addresses by using commas. Using IP addresses is reliable; if a DNS lookup fails for the connected client, host name restriction cannot be used.

Authentication user name. Specifies the user name of the “superuser” server administrator. (This is the user name you entered during installation.) Only this user name can be used to log in to the Administration Server. This information is stored in the admpw file.See Changing the Superuser Settings for more information.

Authentication Password. Specifies the password of the administrator. The password can have up to 8 characters and can include any character other than control characters. If you leave the password field blank, the password remains unchanged.

Authentication Password (again). Confirms the password specified in the Authentication Password field. If what you enter is different from what you entered in the Password field, you will be prompted to try again.



Caution	If you use Netscape Directory Server to manage users and groups, you need to update the superuser entry in the directory before you change the user name or password in this page. If you do not update the directory first, you will not be able to access the Users & Groups pages in the Administration Server. To fix this, you must either access the Administration Server with an administrator account that does have access to the directory or update the directory using Netscape Directory Server’s administration server or configuration files.

Reset. Erases your changes and resets the elements in the page to the values they contained before your changes.

The Distributed Administration Page

The Distributed Administration page allows you to configure your servers to let multiple administrators change specific parts of the server.


Note	The default directory service should be LDAP for distributed administration to work.

Administrator group. Allows the specified group of administrators to bypass the Administration Server and go directly to the Server Manager for a specific server. Users in the administrator group have full access to the Administration Server, but this access can limited using access control. A user in the administrator group can make changes that affect other users, such as adding users or changing access control.


Caution	Once you create an access control list, the distributed administration group is added to that list. If you change the name of the administrator group, you must manually edit the access control list to change the group it references.

Reset. Erases your changes and resets the elements in the page to the values they contained before your changes.

The Access Logging Options Page

The Access Logging Options page allows you to specify what information is recorded in your server’s logs. Server log files can help you monitor your server’s activity and troubleshoot problems.


Note	You should not change the log format of a log that is already in use.

Editing. Specifies a resource to which custom logging is applied. If you choose a directory, custom logging applies only when the server receives a URL for that directory or any file in that directory. If you want to set up logging for individual virtual servers, use The Logging Settings Page in the Class Manager.

Wildcard. Specifies a wildcard pattern. The path used must be an absolute path to the file. For information on using wildcard patterns, see Wildcards Used in the Resource Picker.

Log client accesses? Specifies whether to include client accesses in your log files.

Log File. Specifies the absolute path for the access log file. As a default, the log files are kept in the logs directory in the server root. If you specify a partial path, the server assumes the path is relative to the logs directory in the server root.

If you are editing the entire server, the default value for this field is $accesslog, the variable that denotes the access log file for the server and virtual servers in the configuration file.

Record. Specifies whether the server should record domain names or IP addresses of the systems accessing the server in the access log.

Format. Specifies which type of log file format to use in the access log. You can select from the following:

Use Common Logfile Format. Includes client’s host name, authenticated user name, date and time of request, HTTP header, status code returned to the client, and content length of the document sent to the client, or

Only Log. Allows you to choose which information will be logged. You can choose from the following:

Client hostname. The hostname (or IP address if DNS is disabled) of the client requesting access.

Authenticate user name. If authentication was necessary, you can have the authenticated user name listed in the access log.

System date. The date and time of the client request.

Full request. The exact request the client made.

Status. The status code the server returned to the client.

Content length. The content length, in bytes, of the document sent to the client.

HTTP header, “referer”. The referer specifies the page from which the client accessed the current page. For example, if a user was looking at the results from a text search query, the referer would be the page from which the user accessed the text search engine. Referers allow the server to create a list of backtracked links.

HTTP header, “user-agent”. The user-agent information—which includes the type of browser the client is using, its version, and the operating system it’s running on—comes from the User-agent field in the HTTP header information the client sends to the server.

Method. The HTTP request method used (GET, PUT, POST, etc.).

URI. Universal Resource Identifier. The location of a resource on the server. For example, for http://www.a.com:8080/special/docs, the URI is special/docs.

Query string of the URI. Anything after the question mark in a URI. For example, for
http://www.a.com:8080/special/docs?find_this, the query string of the URI is find_this.

Protocol. The transport protocol and version used.

Custom Format. Allows you to create a customized format for your access log. For more information about the parameters you should use for your custom format, see Setting Access Log Preferences.

Reset. Erases your changes and resets the elements in the page to the values they contained before your changes.

The Error Logging Options Page

The Error Log Preferences page allows you to configure what information is recorded in your server’s error logs. Server error log files can help you monitor your server’s activity and troubleshoot problems.

Error Log File Name. Specifies the file that stores messages from the server

Log Level. Specifies the amount of information that can be logged in the errors log. The options are:

finest: indicates a highly detailed tracing message.

finer: indicates a fairly detailed tracing message.

fine: a message level providing tracing information.

info: a message level for informational messages.

warning: a message level indicating a potential problem.

failure: a message level indicating a failure

config: message level for static configuration messages.

security: a message level for a security issue.

catastrophe: a message level indicating a serious failure.

Log VSID. Check this if you want virtual server IDs to be displayed in the virtual server logs. This is useful if multiple VS elements share the same log file.

LogStdout. Check this if you want stdout output to be redirected to the errors log.

Log Stderr. Check this if you want stderr output to be redirected to the errors log.

Log To Console (UNIX only). Check this to redirect log messages to the console.

Use System Logging. Check this if you want to use the UNIX syslog service or Windows Event Logging to produce and manage logs.

Create Console (Windows Only). Check this to create a Windows console for stderr output.

Reset. Erases your changes and resets the elements in the page to the values they contained before your changes.

The View Access Log Page

If you are accessing this page from the Server Manager, see The View Access Log Page in the Server Manager section.

If you are accessing this page from the Virtual Server Manager, see The View Access Log Page in the Virtual Server Manager section.

The View Access Log page allows you to configure a customized view of the information about requests to the server and the responses from the server.

About Log Files

Viewing an Access Log File

Number of entries. Specifies the number of entries to retrieve (starting with the most recent).

Only show entries with. Specifies a string or a character to filter the log entries. Case is important; the case of the string or character specified in this field must match the case of the entry in the access log. For example, if you want to see only access log entries that contain POST, type “POST.”

Reset. Erases your changes and resets the elements in the page to the values they contained before your changes.

Last number accesses to access. Displays the access log entries with the parameters specified in the upper section of this page.

The View Error Log Page

If you are accessing this page from the Server Manager, see The View Error Log Page in the Server Manager section.

If you are accessing this page from the Virtual Server Manager, see The View Error Log Page in the Virtual Server Manager section.

The View Error Log allows you to configure a customized view of the errors the server has encountered as well as the informational messages about the server, such as when the server was started and who has tried unsuccessfully to log in to the server.

About Log Files

Viewing the Error Log File

Number of errors to view? Specifies the number of entries to retrieve (starting with the most recent).

Only show entries with. Specifies a string or a character to filter the log entries. Case is important; the case of the string or character specified in this field must match the case of the entry in the error log. For example, if you want to see only those error messages that contain warning, type “warning.”

Reset. Erases your changes and resets the elements in the page to the values they contained before your changes.

Last number errors. Displays the error log entries with the parameters specified in the upper section of this page.

The Preferences Tab

The Shut Down Page

The Edit Listen Sockets Page

The Server Settings Page

The Superuser Access Control Page

The Distributed Administration Page

The Access Logging Options Page

The Error Logging Options Page

The View Access Log Page

The View Error Log Page