Configuration des paramètres de communication
Les sections suivantes décrivent des informations générales sur le serveur WebSEAL:
- "Configuring WebSEAL for HTTP requests"
- "Configuring WebSEAL for HTTPS requests"
- "Restricting connections from specific SSL versions"
- "Timeout parameters for HTTP/HTTPS communication"
- "Additional WebSEAL server timeout parameters"
Configuring WebSEAL for HTTP requests
WebSEAL typically handles many HTTP requests from unauthenticated users. For example, it is common to allow anonymous users read-only access to selected documents on the public section of your Web site.
Parameters for handling HTTP requests over TCP are located in the [server] stanza of the webseald.conf configuration file.
Enabling/disabling HTTP access
Enable or disable HTTP access during WebSEAL configuration:
http = {yes|no}
Setting the HTTP access port value
The default port for HTTP access is 80:
http-port = 80
To change to port 8080, for example, set:
http-port = 8080
Configuring WebSEAL for HTTPS requests
Parameters for handling HTTP requests over SSL (HTTPS) are located in the [server] stanza of the webseald.conf configuration file.
Enabling/disabling HTTPS access
Enable or disable HTTPS access during WebSEAL configuration:
https = {yes|no}
Setting the HTTPS access port value
The default port for HTTPS access is 443:
https-port = 443
To change to port 4343, for example, set:
https-port = 4343
Restricting connections from specific SSL versions
You can independently enable and disable connectivity for SSL (Secure Sockets Layer) version 2, SSL version 3, and TLS (Transport Layer Security) version 1. The parameters that control connections for specific SSL and TLS versions are located in the [ssl] stanza of the webseald.conf configuration file. By default, all SSL and TLS versions are enabled.
[ssl] disable-ssl-v2 = no disable-ssl-v3 = no disable-tls-v1 = no
Timeout parameters for HTTP/HTTPS communication
WebSEAL uses the IBM Global Security Kit (GSKit) implementation of SSL. When WebSEAL receives a request from an HTTPS client, GSKit SSL establishes the initial handshake and maintains session state.
WebSEAL supports the following timeout parameters for HTTP and HTTPS communication. These parameters are located in the [server] stanza of the webseald.conf configuration file.
- client-connect-timeoutOnce the initial handshake has occurred, this parameter dictates how long WebSEAL holds the connection open for the initial HTTP or HTTPS request. The default is 120 seconds.
[server] client-connect-timeout = 120
- persistent-con-timeoutAfter the first HTTP request and server response, this parameter controls maximum number of seconds WebSEAL holds an HTTP persistent connection open before it is shutdown. The default value is 5 seconds.
[server] persistent-con-timeout = 5
Additional WebSEAL server timeout parameters
The following additional timeout parameters are set in the webseald.conf configuration file:
| Parameter | Description | Default Value (seconds) |
|---|---|---|
| [junction] http-timeout |
The timeout value for sending to and reading from a back-end server over a TCP junction.
| 120 |
| [junction] https-timeout |
The timeout value for sending to and reading from a back-end server over an SSL junction.
| 120 |
| [cgi] cgi-timeout |
The timeout value for sending to and reading from a local CGI process.
| 120 |
| [junction] ping-time |
WebSEAL performs a periodic background ping of each junctioned server to determine whether it is running. WebSEAL will not try more often than once every 300 seconds (or whatever value is set).
| 300 |
[ Top of Page | Previous Page | Next Page | Table of Contents | Index ]
Aucun commentaire:
Enregistrer un commentaire