System-Wide Configuration
The System-Wide Configuration table is the starting point for administering Web Ten . It contains buttons for each of the major areas of Web Ten administration. Clicking on a button will present a table with forms for that specific area. Each of the areas and their tables and forms are discussed below.
Server Defaults
There are two key tables in Web Ten that control important configuration information for both the default server and any virtual hosts being served -- the Server Defaults table and the Virtual Host Configuration table. Certain items in the Virtual Host Configuration table may be inherited (see section See Inheritance) from the initial entries in the Server Defaults table.
The Server Defaults settings apply to incoming requests that use the default server name. These settings also apply to incoming requests for any virtual host name if the corresponding setting is inherited (i.e., not explicitly set in that Virtual Host Configuration table). See section See Virtual Host Configuration.
To change the Server Defaults , modify an existing option or group of options, and click on the Save Server Defaults button. If you have not yet saved your changes, use the Reset button to restore the information in your browser's page to what it was when the page was first accessed. Note that the Reset button does not make any changes to the server's settings; it simply undoes any typing you may have incorrectly entered into this page.
ServerAdmin
The ServerAdmin setting is an email address. This address is included in messages sent to a browser whenever a Web server error occurs. Users are encouraged to, and typically do, use this address to notify Webmasters of any problems they are experiencing with a Web server. The established convention is to use the email address " webmaster@your_domain.com ", but any valid email address is acceptable. The email address must be an existing email address on some other email server. Web Ten does not accept incoming email.
In the case of a virtual host, ServerAdmin is initially set to the email address " webmaster@virtualhost ", where " virtualhost " is replaced by the virtual host name. Alter this setting to reflect the email address of the Webmaster for this virtual host, or the Webmaster for this Web Ten system. Many Web sites follow the convention of using an email address " webmaster@virtualhost ". To preserve this convention for your Web Ten server, add this address to your email server, or make this address an alias to another existing email account on your email server.
If ServerAdmin is not set for a particular virtual host, the See ServerAdmin setting is inherited from the Server Defaults . In this case, the ServerAdmin entry in the Virtual Host Configuration table will be flagged with the Inherited indicator.
DirectoryIndex
The DirectoryIndex setting controls which file is returned when serving a request for a URL that points to a directory (i.e., ending with a "/"). When such a request is made, the DirectoryIndex is substituted for the URL, pointing the client request to a default file or CGI. If the DirectoryIndex is null, the contents of the directory will be listed on the returned page.
The Web Ten default DirectoryIndex is " default.html" , which corresponds to the defaults established by other Macintosh Web servers. The typical Apache setting of DirectoryIndex is " index.html ".
If the DirectoryIndex is not set for a virtual host, it will be inherited from Server Defaults , and the Inherited flag will be displayed.
ErrorLog
The ErrorLog entry in both the Server Defaults table and the Virtual Host Configuration table is the name of the file Web Ten uses to log information about Web server errors. If an ErrorLog file is not specifically set for a virtual host, the ErrorLog file setting in the Server Defaults table will be used.
TransferLog
The TransferLog setting is the name of the file Web Ten uses to log information about incoming requests. If TransferLog is not set for a particular virtual host, it will be inherited from the Server Defaults , and flagged accordingly. The TransferLog is set to "WebTen.log" by default and will be inherited by all virtual hosts that do not have their own TransferLog set.
LogFormat
The LogFormat setting is a string that controls the format of the log file. The log file can include literal characters copied from the log format setting and detailed information specific to the actual request that is being logged. Details are encoded using a percent sign ("%") followed by a letter. For example:
Each "%" followed by a letter is a directive to the Web server for a specific piece of information about the request being logged. For example, "%h" logs the name of the remote host placing the request. The order and set of literal characters and details included in the transfer log explicitly follow the order and set of literals and "%" letters in the LogFormat setting.
ApacheSSL provides a " c " symbol for custom logging, thus Web Ten can be configured with custom SSL log entries using the " c " symbol. For example, a LogFormat string to include the SSL version used in an access and the encryption algorithm or cipher used in an access should use:
If the TransferLog is not customized for a particular virtual host, the LogFormat setting will be inherited from the Server Defaults . This results from the TransferLog itself being inherited and utilizing the Server Defaults' LogFormat .
Web Ten can also create log files in a format compatible with WebSTAR log files. To enable this format, select the WebSTAR Format checkbox, and save the virtual host settings.
The cache will keep the log if the accelerator cache is "On". (This is the default.) As such, the LogFormat option entered into the Administration Server is not passed to the cache, and the LogFormat has no effect.
ScriptLog
The ScriptLog setting is the name of the file used to log information about errors in CGI scripts. This feature is meant to be used as an aid in debugging CGI scripts, and should not be used continuously on an active server.
The script log is stored in CGIErrors.log file in the top level logs folder.
The ErrorLog, TransferLog, ScriptLog and FTPLog files are available via the following password-protected URLs:
HostnameLookups
The HostnameLookups setting controls whether reverse DNS lookups are performed for each incoming request using the originator's IP address. Enabling HostnameLookups will generally increase the time necessary to satisfy each request, and thus increase the load on your server. However, without HostnameLookups , See Access Controls can be based only on IP addresses, not on host names or domain names. If HostnameLookups is disabled, IP addresses will be used in the See ErrorLog , See TransferLog and "FTPLog" , but these addresses can subsequently be resolved into host names, if necessary.
Plug-In / Apple CGI Settings
After, HostnameLookups, the remaining buttons control various settings for plug-ins and Apple CGIs.
WSAPIRequests
The WSAPIRequests setting controls whether the Web server will service requests to/from WebSTAR API-style ACGIs and plug-ins. This setting is "On" by default and enables the use of such ACGIs and plug-ins. The Virtual Host Configuration table also contains the WSAPIRequests entry which, if not specifically set, will be inherited and flagged accordingly.
ACGIBinOnly
The ACGIBinOnly setting controls whether Apple CGIs are permitted to be executed from within any folder or only from within the cgi-bin folder. The default setting is "Off", which enables Apple CGIs to be executed from within any folder. The Virtual Host Configuration table also contains the ACGIBinOnly entry which, if not specifically set, will be inherited and flagged accordingly.
RequestFiltering
The RequestFiltering setting controls whether a virtual host will allow "filter" plug-ins to service a request. Filter plug-ins receive the incoming HTTP request before processing has begun. The filter plug-in may modify the request URL before passing it back to Web Ten for processing. The default setting is "On", which enables URL filtering within a plug-in. (For more information, see section See Plug-In Administration.) The Virtual Host Configuration table also contains the RequestFiltering entry which, if not specifically set, will be inherited and flagged accordingly.
PIAccessControl
The PIAccessControl flag controls whether security plug-ins may participate in determining whether access should be granted or denied by the server on a per request basis. The default setting is "On", enabling security plug-ins. Security plug-ins may be selectively disabled by each virtual host.
PreProcessor
This is a virtual URL to a plug-in acting as a preprocessor (preceded by a slash "/"). PreProcessors are run after plug-in filtering is applied and before any access control checking by the server. For example, to have the WebCatalog Plug-in act as a preprocessor, use the entry "/WEBCATALOG_PI" where "WEBCATALOG_PI" is the Action Handler for the WebCatalog Plug-in. See section See Action Handlers for more information on Action Handlers.
PIPreProcessing
The PIPreProcessing flag selectively disables plug-in preprocessors for a virtual host. By default, plug-in preprocessing is enabled and inherited.
PostProcessor
This is a virtual URL to a plug-in action, preceded by a slash ("/"). Plug-ins acting as PostProcessors receive notification of a completed request. For example, to have the WebCatalog Plug-in act as a postprocessor, use the entry "/WEBCATALOG_PI" where "WEBCATALOG_PI" is the Action Handler for the WebCatalog Plug-in. See section See Action Handlers for more information on Action Handlers.
PIPostProcessing
The PIPostProcessing flag selectively disables plug-in postprocessors for a virtual host. By default, plug-in postprocessing is enabled and inherited.
Error File Settings
There is a button at the top of each page containing the Virtual Host Configuration table and the Server Defaults table that allows you access the Error Files settings. These settings specify the file to be returned to the client when a Web server error occurs. When such an error occurs, the originally requested page is not returned to the client; instead, the corresponding error file is returned.
To associate an error file to a specific error, select the error code from the pull-down list and type the path to the error file into the text field. Then click the Save Error Files button. To change an error code for an existing error file or to change the name of an error file, change the selection in the pull-down list or modify the error file name in an existing text edit field. Then click Save Error Files to submit the change.
Error Files Table
" 403: Access to the requested page is denied. "
" 404: The requested page does not exist. "
are usually mapped to files with simple messages explaining those errors. However, any of the error cases, from the most common to the most obscure, can be mapped to any URL (including a CGI) for advanced error logging and reporting.
Alias Settings
There is a button at the top of each of the Virtual Host Configuration and Server Defaults tables that allows you to access the Alias Settings for the corresponding virtual host or the default aliases for all virtual hosts.
Alias settings specify components of URLs that are "aliased" or mapped to different folders. When a request is received with a URL that contains one of the aliases, the data returned to the client comes from the specified folder or file.
Aliases may also specify a target folder that contains CGIs (or scripts) rather than normal data. In this case, the alias is referred to as a ScriptAlias and is represented in the Alias Settings table using a checkbox.
WebTen's initial Server Default settings contain several Aliases used by the WebTen Administration Server, the WebTen documentation, and in the examples. These aliases all begin with the string " webten_ ". The default cgi-bin is also specified in this table.
Alias Settings Table
To create a new alias, enter the component of the URL to be aliased into the URL Path field of the Alias Settings table and enter the path to the folder or file containing the aliased data in the Directory or File field. If the URL Path or the target represents a folder, it should begin and end with a "/". If it represents a file, it should not end with a "/". If the aliased folder contains CGI scripts, check the ScriptAlias checkbox. Click Save Aliases to save these settings.
The specified target may reside anywhere within the WebTen hierarchy; it does not necessarily have to reside in the DocumentRoot folder for the virtual host servicing the request. The path to the target of the alias always begins in the WebTen folder.
Redirect Settings
There is a button at the top of each of the Virtual Host Configuration and Server Defaults tables that allows you to access the Redirect Settings for the corresponding virtual host or the default redirects for all virtual hosts.
Redirect settings specify URLs that are "redirected" or mapped to different servers. When a request is received with a URL that contains one of the redirected entries, the client is instructed (via a return code) to access the data from a different server using the provided URL.Redirect responses contain a reply code and may contain a URL. The reply code can be chosen from a pull-down list.
WebTen does not initially contain any Redirect settings. The following picture shows an example Redirect Settings table with a single fictitious entry.
Redirect Settings Table
To create a redirect entry, select the redirect reply code from the pull-down list and enter the URL to be redirected into the URL Path field of the Redirect Settings table. If necessary, enter the new URL in the Destination URL field. Click Save Redirects to save these settings.
Some reply codes require a destination URL and some do not. If you select a reply code that requires a destination URL and do not provide one, an error will be reported. If you select a reply code that does not require a destination URL and one is provided, the destination URL will be discarded when the settings are saved.
Plug-In Administration
The WebTen Plug-In Administration table displays information about each currently installed plug-in. This information includes the name of the plug-in, its version number (if the plug-in provides a version number), its Action Handler and its suffix.
Web Ten Plug-In Administration Table
Some plug-ins provide their own Web-based administrative interfaces. In these cases, a link to that plug-in's home page is also provided in the WebTen Plug-In Administration table.
If the Web
Ten
cache is enabled, plug-in administration is handled at a different port number than the server's port. This difference may make it necessary to re-enter a Web
Ten
administrator's user name and password when accessing the
WebTen Plug-In Administration
table. Also, if you wish to directly access a plug-in's home page (without first displaying the
WebTen Plug-In Administration
table and following the links it contains), the port number to use will always be one more than the server's port number. For example, if the server is using port 80, the plug-in administration is available on port 81. If the Web
Ten
cache is not enabled, the plug-in administration pages are accessible on the same port number as the Web
Ten
server.
See section See Plug-ins and Apache Modules for instructions on installing Plug-Ins in WebTen.
Proxy Settings
The Proxy Settings table contains some options that control the proxy capabilities of Apache. For more information on Apache and proxy service, see the on-line Apache documentation.
ProxyRequests
The ProxyRequests setting controls whether the proxy service is "On" or "Off". This setting is "Off" by default. If ProxyRequests is set to "On", the Squid Accelerator Cache should be turned off.
CacheSize
The CacheSize setting controls the disk space, in Kbytes, that the proxy cache files may consume. The proxy service may periodically use disk space beyond this setting, but the proxy "garbage collection" scheme will recover this space after the fact.
CacheGcInterval
The CacheGcInterval setting controls the time, in hours, that the proxy "garbage collection" scheme waits between checks to see if the proxy cache size has exceeded its CacheSize setting. If it has, files are deleted from the proxy cache until its disk space consumption is less than the CacheSize setting.
CacheMaxExpire
The CacheMaxExpire setting controls the time, in hours, that a file in the proxy cache may be retained without checking with its origin server. This setting enforces a maximum time that a file may be out of date, even if an expiry date was supplied with the original file.
CacheLastModifiedFactor
If the origin HTTP server did not supply an expiry date for the document, estimate one using the following formula:
expiry-period = time-since-last-modification * <factor>
For example, if the document was last modified 10 hours ago, and "< factor >" is 0.1, then the expiry period will be set to 10*0.1 = 1 hour.
If the expiry period would be longer than that set by CacheMaxExpire , the latter takes precedence.
CacheDefaultExpire
If the document is retrieved via a protocol that does not support expiry times, use "< time >" hours as the expiry time. CacheMaxExpire does not override this setting.
NoCache
The NoCache directive specifies a list of words, hosts and/or domains, separated by spaces. HTTP and anonymous FTP documents matching any words, hosts or domains are not cached by the proxy server. During startup, the proxy module will also attempt to determine IP addresses of any list items which may be host names. These IP addresses will also be cached for use in the match list. In the following example:
NoCache some_host.co.uk widgets.doodads.com
" widgets.doodads.com " would also be matched if referenced by IP address. Note that " doodads " would also be sufficient to match " doodads.com ". Note also that " NoCache * " disables caching completely.
Remote Proxies
Remote proxy servers are other proxy servers that this proxy server may interact with to satisfy a proxy request.
ProxyRemote
The ProxyRemote setting specifies which remote proxy servers are accessible to this proxy server. Each line in the ProxyRemote text edit field defines a " <match> " string and a " <remote-server> " to service URLs that match that string. The match string and the remote server are separated by a space.
The " <match> " string is either the name of a URL scheme that the remote server supports, a partial URL for which that remote server should be used, or an asterisk (" * ") to indicate that server should be contacted for all requests.
The " <remote-server> " field is the URL for the remote proxy server. Its syntax is " http://<hostname>[:port] ". Here are some example entries in the Remote Proxies table:
http://goodguys.com/ http://mirrorguys.com:8000
ftp http://ftpproxy.mydomain.com:8080
In the last example, the proxy will forward FTP requests, encapsulated as yet another HTTP proxy request, to another proxy which will then handle them as FTP requests.
ProxyPass
The ProxyPass setting allows remote servers to be mapped into the space of the local server. The local server does not act as a proxy in the conventional sense, but appears to be a mirror of the remote server.
Each line in the ProxyPass text edit field defines a "< local url >" and a "< remote server >". These fields are separated by a space character.
The "< local url >" is the name of a local virtual path. The "< remote server >" is the URL for the remote server. Suppose the local server has address " http://wibble.org ". Typing the following:
will cause a local request for:
http://wibble.org/mirror/foo/bar
Proxy Access
The Proxy Access settings control two things. The Domain Name Restrictions control which hosts may use this Web Ten server as a proxy server. The ProxyBlock acts as a censor list by restricting access to certain URLs, such as pornographic material.
Domain Name Restrictions
The Domain Name Restrictions control which hosts may use this Web Ten server as a proxy server. These restrictions are applied the same way as Web Ten domain name restrictions are applied to any file or folder. See section See Domain Name-Based Restrictions for more information.
ProxyBlock
The ProxyBlock directive specifies a list of words, hosts and/or domains, separated by spaces. HTTP, HTTPS and FTP document requests to matched words, hosts or domains are blocked by the proxy server. The proxy module will also attempt to determine IP addresses of list items which may be host names during startup, and cache them for match test as well. For example, if the ProxyBlock table contained:
Access to any URL containing the words " nudes " or " games " and to " some_host.com " would be restricted. " some_host.com " would also be matched if referenced by IP address. Note that referencing " some_host " would also be sufficient to match " some_host.com ". Note also that the wild card " * " blocks connections to all sites.
Server Controls
The Server Controls table provides some useful information about the current state and version numbers of the Web and cache servers. The buttons on the Server Controls page provide a means for the Web Ten administrator to examine and control certain aspects of the Web Ten server.
The Server Controls page first checks on the current state of the Web server. If the server is active, its version number is displayed in the top row of the table; otherwise the word "unavailable" appears. Similarly, if the accelerator cache is active, its version number is displayed in the next row. If the cache has been explicitly turned off in the Cache Settings , that row is not displayed in the table.
Start/Stop Server
If the Web server is active, the Stop Server button is provided in the row of buttons above the Server Controls table. Clicking on this button will stop the Web server.
If the Web server is not active, the Start Server button is provided in the row of buttons above the Server Controls table. Clicking on this button will start the Web server.
Server Status
The Server Status button provides a connection to Apache's internal status information. This information includes details about the server's version, the current memory available in the system, the time the server was started, CPU usage, and current connections states.
Cache Status
The Cache Status button provides a connection to Squid's internal status information. Squid's information is divided into a pull-down list of categories pertaining to all aspects of Squid's operation.
Server Info
The Server Info button provides a connection to Apache's current configuration information. This information includes details about which modules are included in this instance of Apache and what its current configuration settings are for each module.
Restart Server
The Restart Server button is shown only if the Web server is currently active. Clicking on this button will cause the Web server to completely restart its operation, without shutting down and restarting Web Ten . Restarting the server reloads the Apache and Squid configuration files, as well as any plug-ins in the Plug-Ins folder. If changes are made directly to these files without using the Web Ten Administration Server, or if plug-ins are added to the Plug-Ins folder, it is necessary to restart the server in order for these changes to take effect.
Flush Cache
The Flush Cache button is shown only if the Web server is currently active and the cache is configured to be "On". Clicking on this button will cause the Web server to completely restart its operation, including a flush of the contents of the accelerator cache.
Messages
During startup, the Web server creates a log file which records the loading of each plug-in it finds. It also records informational Web system messages.
Clicking on the Messages button will display the contents of the WebTen.status file in the tenon/logs folder.
Startup Log
During normal startup, Web Ten maintains a log file of the startup activities. Under normal circumstances there is little need to examine this file; however, in the event of startup problems, some useful information may be found here.
Clicking on the Startup Log button will display the contents of the Startup Log file.
System Errors
This log file is a cumulative record of Web server system errors. Under normal circumstances, there is little need to examine this file; however, errors that may cause the Web server to misbehave or stop serving Web content are recorded here. Clicking on the System Errors button will display the contents of the WebTen.syserrs file in the tenon/logs folder.
Config Log
Web Ten 's preferences are checked each time Web Ten is started. If there have been any changes to the preference settings since the last time Web Ten was started, Web Ten does some additional startup actions which pass those changes on to the Web Ten configuration files. These additional startup actions are recorded in the WebTen.config file in the tenon/logs folder.
Under normal circumstances there is little need to examine this file; however, some useful information concerning startup and configuration problems may be found here.
Web Ten Version Number
Web Ten 's version number is available from the Mac OS Finder "Get Info" menu command applied to the Web Ten application.
Aall Web Ten updates are recorded in the WebTen.updates file in the tenon/logs folder. This file records the initial version of Web Ten that was installed, as well as any updates that are applied.
The Flush Cache CGI and the WebTen Messages, Startup Log, System Errors, Config Log and version number files are available via the following password-protected URLs:
Action Handlers
Action Handlers are an entity internal to Apache. They are used to map files with certain MIME extensions, or files with certain suffixes, to specific actions. These actions may be internal to Apache, or they may be external actions (i.e., CGIs).
Action Handlers Table
Before a MIME type or a suffix can be mapped to an action, a handler for that action must be defined. Web Ten includes several internal handlers for specific actions. These handlers are displayed in the lower portion of the table and cannot be changed. User-defined handlers can be created for any of the existing MIME types. Use the pull-down list of MIME types or type in a user-defined name, such as "Frontier" in "See Action Handlers Table". Enter the path to the external action (CGI), and click on the Save Handlers button to submit your changes.
The external actions (CGIs) associated with user-defined handlers must be explicitly added to Web Ten . See section See Using CGIs for more information.
Configuring Plug-In Actions
Installed plug-ins typically register an action and suffix mapping automatically when Web Ten is launched. A plug-in's registered action and suffix are displayed in section See Plug-In Administration. If a plug-in does not register a suffix or you want to add a suffix to be handled by the plug-in, the Action Handler table must be modified.
Configuring a Plug-In Action
To configure a suffix for a plug-in, add the registered plug-in action to the empty "Action" field. Leave the "Action Handler" field blank. Save the new settings. Then, using the MIME Extensions table, add the desired suffix extension and map it to the plug-in action.
Adding a Plug-In Extension
See See Customizing WebTen in See Appendix C for an example of adding an additional suffix to a plug-in.
MIME Extensions
There are two MIME Extensions tables -- the User-Defined MIME Extensions table and the Built-In MIME Extensions table. Both MIME Extensions tables map a file name, by its extension, to a MIME type. The extension or MIME type is then mapped to one of the action handlers to control what actions should be taken when any file with this extension is requested. Action handlers can be defined for both MIME types and extensions. If a handler is defined for a specific extension, it overrides any handler specified for that extension's MIME type.
To map a new extension to a MIME type or action handler, enter the new extension into the empty text edit field in the top line of the User-Defined MIME Extensions table. Then enter the corresponding MIME type or select a handler from the pull-down list, or do both. Click Save MIME Extensions to submit the changes.
MIME Extensions Table
To change an existing extension, its MIME type, or its handler, modify the extension or MIME type in the text edit field or select a different handler from the pull-down list. Then click on Save MIME Extensions to submit the changes.
Web Ten includes a long list of well-known extensions and their corresponding MIME types. These extensions are displayed in the Built-In MIME Extensions table, accessible via the Built-In Extensions button, and cannot be explicitly changed. However, these default extensions can be overridden by entering the extension in the empty text edit field in the User-Defined MIME Extensions table, and assigning it a different MIME type. This extension will then appear in that table, and the default setting will no longer appear in the Built-In MIME Extensions table. If this extension is subsequently removed, the default setting will remain and will reappear in the Built-In MIME Extensions table. Overriding the default extensions in the Built-In MIME Extensions table is not recommended, as this setting affects all files with this extension on this server. To explicitly override the default MIME type settings for a specific file or folder, see section See MIME Type Overrides.
The MIME Typing System
The HTTP protocol requires every document served by a Web server to have a "type". By examining the type, a browser can determine how to display the information. For example, an HTML document simply needs to be formatted, a graphics document may require rendering, and an audio file will need to be passed to an application that can deal with the computer's sound system.
MIME (Multipurpose Internet Mail Extensions), originally developed to support multimedia internet mail, is used by the HTTP protocol to describe a document's content. The MIME typing system allows virtually any type of document to be displayed or executed through a browser.
A common way to distinguish one file type from another is to add a distinctive extension to its name. When a browser requests a particular file, the HTTP server determines its MIME type by looking at the file's extension.
Web Ten may be configured (on a directory or file basis) to map any file name extension to any MIME type (see section See Action Handler Overrides). The following table contains some of the basic file extensions and their interpretation:
MIME Types and File Extensions
Apache includes a lookup table to determine which MIME type to use, based on the file name extension. A complete list of MIME types is displayed in the MIME Extensions table (see section See MIME Extensions) accessible via the Web Ten Administration Server.
MIME Languages
The MIME Languages table provides a means for mapping a file name, by its extension, to a language. The Web server takes no special action based on the language, but the given language is passed back to the client (in the HTTP header) for any specific interpretation in the browser.
To map a new file name extension to a language, enter the extension in the empty text edit field in the first row of the table, and select a language from the pull-down list. Then click Save MIME Languages to submit the new setting.
To change an existing setting, either modify the extension in the text edit field or select a new language from the pull-down list. Then click Save MIME Languages to submit the changes.
MIME Encodings
The MIME Encodings table provides a means for mapping a file name, by its extension, to a MIME encoding. The Web server takes no special action based on the encoding, but the given encoding is passed back to the client (in the HTTP header) for any specific interpretation in the browser.
To map a new file name extension to an encoding, enter the extension in the empty text edit field in the first row of the table, and enter an encoding in the second text edit field. Then click Save MIME Encodings to submit the new setting.
To change an existing setting, modify the extension or the encoding in their respective text edit fields. Then click Save MIME Encodings to submit the changes.
Users
Web Ten provides a set of realm-based access controls that can restrict access to a particular file or folder based on user names and passwords. (See section See Realm-Based Requirements.) Web Ten also provides FTP service based on user names and passwords. User names and passwords for both realm-based access controls and FTP service are entered in the Users table.
To enter a new user name and password, type the user name into the empty text edit field in the first row of the table. Type a corresponding password into the second text edit field. The password will not be displayed as it is typed. Instead, bullet characters will be displayed (so type carefully). Click the Save Users button to submit the new user name and password.
Click on the FTP checkbox to enable FTP access for this user. If FTP access is enabled, select an FTP Home for this user. The FTP Home is the folder that this user will be given access to when they FTP into Web Ten . Users can be restricted to access only a particular virtual host, only the anonymous FTP hierarchy, or they can be allowed access to all of the virtual hosts, including the anonymous FTP hierarchy. If no FTP Home is selected, the default allows access to all of the virtual hosts. Of course, this is enabled only if the FTP checkbox is checked.
Once a user name and password have been entered and the form has been submitted, the new entry will show up in the table. Passwords are always displayed as if they contain eight characters, regardless of how many characters are actually in the password.
Groups
Web Ten provides a set of realm-based access controls that can restrict access to a particular file or folder based on groups of users (each with their own password).
To enter a new group, type the group name into the empty text edit field in the first row of the table. Click the Save Groups button to submit the new group. Once a group has been entered, the new entry will show up in alphabetical order in the Groups table.
Groups Table
To change an existing group name, modify the name in the text edit field and click Save Groups to submit the change.
To select which users are to be members of a group, click on any button in the Group List column. The See Users in Group table will be displayed.
The Web Ten Administration Server uses a special group named WebTenAdmin . Members of this group are permitted access to the Web Ten administration pages, and may make changes to the Web Ten configuration, including adding and deleting users and groups. If the WebTenAdmin group is deleted, or if this group is empty, access to the Web Ten Administration Server is completely cut off. In this case, use the Admin menu item and follow the instructions in section See Set Admin Password to add an initial user to this special WebTenAdmin group.
Users in Group
The Users in Group table controls which users are included in a specific group. To select users for inclusion in a group, click on each privileged user within the scrollable list of all users. Simply clicking on a user's name will select that individual user. Hold the <shift> key and click to select a series of users, or hold the <Apple> key (<control> key on non-Macs) to individually select any combination of users. When a user is selected for inclusion in the group, the user's name will be highlighted. Click on Save Users in Group to submit the selected users.
Import and Export
Import and Export provide a means to manage Web Ten 's Users and Groups databases from a text file. The file contains one entry per line, listing a user's name, group, and password. Importing from such a file will read each line of the file, extract valid entries, and append them to the Users and Groups databases as appropriate. Conversely, exporting the Users and Groups databases creates a text file (suitable for editing and subsequent importing) containing a line for each entry in the current Users and Groups databases.
The Import Users and Export Users buttons are accessible from either the Users table or the Groups table. Clicking on these buttons presents a simple form for entering the name of the file to be imported from or exported to, and buttons to select either the Import or Export action.
Exporting
To export the current Users and Groups databases, type in a file name and click on the Export Users button. The exported file will be placed in the tenon folder and will overwrite any existing file of the same name. A table of exported entries is also displayed in your browser.
The exported file is a text file with a Macintosh creator and type of MUMM/BINA. Depending on your choice of Macintosh text editor, it may be necessary to convert this file to type "TEXT" before reading it.
Importing
To import a list of user names, groups and passwords, it is first necessary to create a file of the proper format. Typically, the easiest way to get started is to create a file by exporting the current Users and Groups databases. However, you can create an import file from scratch by following the format below. Web Ten 's import format is also compatible with the import file format used by WebSTAR. Import files must be converted to creator and type "MUMM/TEXT" or "MUMM/BINA" before being imported into Web Ten .
Importing can either append the imported entries into the existing Users and Groups databases, or it can be an "exclusive" import. "Exclusive" imports completely replace the existing Users and Groups databases, and thus create only the entries found in the imported file.
Place the file to be imported in the tenon folder. If the import is to be an "exclusive" import, select the Exclusive Import checkbox. Type the name of the file into the Import/Export form and click on the Import Users button. A table reporting on the success of each imported entry is displayed in your browser. Imported entries are appended to the previously existing set of Users and Groups .
File Formats
Each line of the Import and Export files must be formatted as follows. Blank lines and lines beginning with a " # " (comment lines) are ignored.
username·groupname unencrypted-password
username*groupname encrypted-password
username*groupname encrypted-password <ftp-home>
Note that the "·" (<option>-8) separating the user name and group name indicates that the password is unencrypted, while " * " (<shift>-8) indicates that the password is encrypted. The user name field must begin in the first column of the file. Every user name in Web Ten must be unique. If a user is a member of more than one group, one line must exist (with the same user name and password) for each group to which the user belongs.
The ftp-home entry is optional. If it exists, FTP access is enabled for the user in the folder indicated by <ftp-home>. If the ftp-home entry is omitted, FTP access is disabled.
Web Ten will accept either encrypted or unencrypted imported passwords. When Web Ten exports passwords, it writes out the passwords in the encrypted form. This is more secure than writing out passwords in unencrypted form, as anyone who reads or accesses the exported file will not have access to the user's passwords, and thus will not be able to access that user's realms. The encrypted passwords are, however, still acceptable for copying or modifying the user name and group entries before importing these changes back into the Web Ten system. Also note that in a default Web Ten installation, access to the tenon folder is restricted. Therefore, exported files are not accessible to anyone browsing this server.
Cache Settings
Clicking the Cache button reveals a Cache Settings table. The Cache Settings table contains options that control the Web Ten memory cache. This cache is object-based and keeps the most recently accessed Web pages in memory, making these pages immediately accessible for subsequent requests. Web Ten 's high-performance benchmarks are achieved via extensive use of this memory cache. After changing the Cache Settings , click on the Save Cache Settings button to preserve your changes.
AcceleratorCache
The AcceleratorCache setting controls the Squid cache. The default setting is "On". Turning the cache to "Off" will save some memory, so this setting might be useful for servers that are running low on memory. Turning the cache to "Off" will also affect the performance of the server.
supercache_enable
The supercache_enable setting controls whether Web Ten 's high-performance caching capability is enabled. This feature is disabled by default. If you are logging to disk (which most webmasters do,) then you will not be able to take advantage of supercache because the supercache operates on such a low level that its activity can not be logged.
cache_mem
The cache_mem setting controls how much memory, in Mbytes, the cache will use. This setting represents the high-water mark for memory use. The cache will only consume as much memory as it needs, up to this value. The default setting is 4 Mbytes.
cache_swap
The cache_swap setting controls how much disk space the cache will use in Mbytes the cache will use. This setting represents the high-water mark for disk usage. The cache will only consume as much disk space as it needs, up to this value. The default setting is 100 Mbytes.
swap_level1_dirs
The swap_level1_dirs setting controls how many level 1 (top level) directories the cache will use to organize its cached entries on the disk. The default setting is 2.
Advanced Settings
The Advanced Settings table contains some options that control the inner workings of the Web server. Your choice for these settings may be influenced by certain conditions, such as how much memory the Web Ten system has, the expected rate of "hits", the size of the average transfer, the number of simultaneous transfers, and the access bandwidth of the Web server or the clients.
StartServers
The StartServers setting controls how many Web server processes are created when the server is initially started. The number of Web server processes may be dynamically changed (depending on the server's load), so changing this setting has minimal effect once the server is up and has serviced its first few requests.
MaxClients
The MaxClients setting controls the number of requests that can be processed simultaneously. If the MaxClients are concurrently in progress, subsequent requests are not necessarily lost. Instead, they are queued until an existing request has completed.
MaxSpareServers
The MaxSpareServers setting controls the number of idle (i.e., not currently servicing any request) Web server processes. If the number of idle processes exceeds this number, the excess processes are terminated.
MinSpareServers
The MinSpareServers setting controls the number of idle (i.e., not currently servicing any request) Web server processes. If the number of idle processes is smaller than this number, extra Web server processes are instantiated at a rate of one per second.
MaxRequestsPerChild
The MaxRequestsPerChild setting controls the number of requests each Web server process will service. Web server processes service one request at a time. However, upon completing one request, they may begin servicing another.
Increasing the number of requests each Web server process services reduces the overhead of instantiating and terminating Web server processes. Restricting this number reduces the likelihood of accidental loss of system resources, as these resources are recovered when a process exits. Also, the dynamic control over the number of currently running processes responds to a reduction in load by allowing some Web server processes to exit without instantiating replacements. Therefore, in this case, a smaller number of MaxRequestsPerChild leads to a faster reduction in Web server processes.
If the MaxRequestsPerChild is set to zero, a Web server process will never expire.
Port
The Port setting controls on which port number the Web server accepts incoming connections. The Web server accepts incoming connections on all its IP addresses using the port number specified in the Port setting.
TimeOut
The TimeOut setting controls the maximum time (in seconds) that the Web server will wait for receipt of a complete incoming request once any initial part of an incoming request is received. The TimeOut setting also controls the maximum time the Web server will wait to completely send a response. If the sizes of the files used in the Web transfers are large, and the client's or server's network bandwidth is slow, the TimeOut setting must be increased to compensate.
KeepAlive
The KeepAlive setting controls whether or not the Web server permits multiple incoming requests (from a single client) in a single connection. Using KeepAlive reduces the overhead of connection establishment and termination for each incoming request.
MaxKeepAliveRequests
The MaxKeepAliveRequests setting controls the number of incoming requests a client may embed in a single connection. The MaxKeepAliveRequests setting is ignored if See KeepAlive is "Off".
KeepAliveTimeout
The KeepAliveTimeout setting controls the length of time (in seconds) the Web server will wait for additional incoming requests in a single connection. If the KeepAliveTimeout expires, a client can still send additional requests; however, a new connection establishment overhead is incurred. The KeepAliveTimeout setting is ignored if See KeepAlive is "Off".
PITCPOpenTimeout
The PITCPOpenTimeout setting controls how long (in seconds) Web Ten will wait for a connection to be established when a plug-in attempts to open a TCP connection. The default setting is ten seconds.
ACGIReplyTimeout
The ACGIReplyTimeout setting controls how long (in seconds) Apple CGIs are given to complete their operation and return their results. The default setting is 60 seconds.
ACGIEventExtensions
The ACGIEventExtensions setting controls whether Web Ten adds custom virtual host parameters to the " sdoc " Apple Event sent to Apple CGIs during request processing. For backward compatibility with older Macintosh CGIs, ACGIEventExtensions may need to be "Off".
MyopicPlugInMode
A number of plug-ins and CGIs designed for Macintosh Web servers that do not support virtual hosting are in wide use today. We refer to these plug-ins as "Virtual Host-Challenged", or myopic plug-ins. Myopic plug-ins and CGIs assume that a Web server supports a single, static, top-level document root and that virtual hosting is accomplished by prepending a unique path or folder name to each request for a virtual host's content. (The standard Apache way of supporting virtual hosts is to allow each virtual host to have a unique, top level document root.)
When MyopicPlugInMode is "Off", Web Ten supports any numbers of document roots (one for each virtual host) and there is no need to prepend anything to requests for a virtual host's content. With this default "Off" setting, myopic plug-ins and CGIs will not work properly for any of Web Ten 's virtual hosts, other than the default virtual host.
When MyopicPlugInMode is "On", Web Ten checks and filters each incoming request. If the request is for a virtual host and that virtual host's DocumentRoot is not explicitly set (i.e., the DocumentRoot setting is inherited from the default virtual host) and the virtual host has an explicit ServerPath ( ServerPath specifies the sub-folder where that virtual host's content resides), the ServerPath will be prepended to the URL. In this mode, myopic plug-ins or CGIs will work with any of Web Ten 's virtual hosts.
Myopic CGIs require some additional configuration under Web Ten . A Finder alias of the CGI application residing at the Web Ten root level folder must be placed in each virtual hosts's DocumentRoot folder for proper operation with a Web Ten virtual host. The Action Handler (see section See Action Handlers) for the myopic CGI should be of the form:
where <thecgi> is the name of the CGI.
When MyopicPlugInMode is turned "On" and the Advanced Settings are saved, the Web Ten Administration Server checks and modifies the configuration of each existing virtual host. If the virtual host's DocumentRoot matches its ServerPath (this is the default when virtual hosts are created with MyopicPlugInMode "Off"), the DocumentRoot setting is changed to inherited , making this virtual host accessible to work with myopic plug-ins.
When MyopicPlugInMode is turned "Off" and the Advanced Settings are saved, the Web Ten Administration Server checks and modifies the configuration of each existing virtual host. If the virtual host's DocumentRoot is inherited (the default when virtual hosts are created with MyopicPlugInMode "On"), the DocumentRoot setting is changed to match the ServerPath setting, restoring the virtual host's configuration for proper operation without concessions for myopic plug-ins.
Any individual virtual host can override MyopicPlugInMode (when it is "On") by clearing its ServerPath setting or by explicitly adding a DocumentRoot setting in that virtual host's configuration.
Contact your plug-in vendors for the latest information about their plug-ins and their compatibility with Web Ten 's true virtual hosting.
Direct Access to Configuration Files
When you configure Web Ten by using the browser-based administration tool, the Web Ten user experience is exactly like using a Macintosh application. However, because the components that make up Web Ten are so rich in features, we have made the native Apache and Squid configuration files accessible. This means that UNIX-savvy Macintosh users can use any Macintosh editor to directly edit the raw Apache and Squid configuration files.
The advantages of this dual approach are many fold. Having the configuration files available makes it easy to later configure other systems in a similar way. Having access to the configuration files means that expert users can take advantage of features that are not yet exported into the point-and-click browser interface. Finally, users can easily integrate new Apache modules into Web Ten without having to wait for browser-aware versions to come from Tenon. The best of both worlds -- UNIX and Macintosh tightly integrated with no surprises either way.
Macintosh File Creators and File Types
Every Macintosh file has a name, as well as "creator" and "type" fields. These four-letter fields indicate which application created the file and what kind of a file it is. Macintosh files also have two forks, or streams of data -- the "data fork" and the "resource fork". When Web Ten is serving a file, it serves the contents of the data fork of that file. This is consistent with other Macintosh Web servers. Macintosh Web content creation tools are also designed with this in mind (i.e., they save their Web content in the data forks of their resultant files).
In order to serve both forks of a Macintosh file (e.g., to deliver a Macintosh application or a Microsoft Word document in its complete Word format), it is necessary to convert these files to a format suitable for transferring on the Web. Many conversion and compression tools exist on the Macintosh that encode both forks of the original Macintosh file into the data fork of a new file. This new file may then be transferred on the Web, and re-converted to its original format on the destination system. File name extensions and MIME types are used to tell the destination systems what tool and format the original file was converted with.
CGIs are not "served" in this traditional sense, rather they are launched and run on the Web server. The output they produce is passed back to the browser. In order to run a Web Ten binary, Perl or shell CGI, the CGI must be set to the proper creator or type. Web Ten requires the creator "MUMM" and type "BINA" for binary CGIs, and the type "TEXT" for Perl and shell CGIs. CodeBuilder (a companion development tool from Tenon) automatically produces files with the proper creator and type when building binary CGIs for Web Ten . Perl and shell CGIs are simply text files, and can be produced with any Macintosh text editor.
When using Web Ten 's built-in FTP to upload CGI scripts to the /cgi-bin directory, the appropriate execution settings for CGI scripts will automatically be turned on. Likewise, when using Web Ten 's FTP to upload text, the correct creator and type fields and carriage return/line feed mappings are generated.