WASD Hypertext Services - Technical Overview

The online Server Administration facility provides a rich collection of functionality, including server control, reports and configuration. Some of these are intended as general administration tools while other provide more detailed information intended for server debugging and development purposes.

  Server Administration Graphic

The value of the WATCH facility 19 - WATCH Facility as a general configuration and problem-solving tool cannot be overstated.

All server configuration files, with the execption of the authentication databases, are plain text and may be modified with any prefered editor. However the majority of these can also be administered online through a browser. In addition the update facility allows some administration of file system portions of the Web. See 22 - HTTPd Web Update.

Access to many portions of the package is constrained by file protections and directory listing access files. See 15.10.8 - SYSUAF Profile For Full Site Access for a method for circumventing these restrictions.

18.1 - Access Without Configuration

It is often a significant advantage for the inexperienced administrator on a new and largely unconfigured installation to be able to gain access to the facilities offered by Server Administration, particularly the WATCH facility (19 - WATCH Facility). This can be done quite simply by using the authentication skeleton-key (15.11 - Skeleton-Key Authentication). This allows the site administrator to register a username and password from the commnd-line that can be used to gain access to the server. In addition, the server ensures that requesting an otherwise non-authorized Server Administration facility generates a challenge which invokes a username/password dialog at the browser allowing the user to enter the previously registered username and password and gain access.

Method

• Register the skeleton-key username and password.

    $ HTTPD == "$HT_EXE:HTTPD.EXE"
    $! HTTPD == "$HT_EXE:HTTPD_SSL.EXE"
    $ HTTPD /DO=AUTH=SKELKEY=_username:password
  

  Note that the username must begin with an underscore, be at least 6 characters, is delimited by a colon, and that the password must be at least 8 characters. By default this username and password remains valid for 60 minutes. Choose strings that are less-than-obvious!

• Access the server via a browser and use the server Server Administration facility.

    http://the.host.name:port/httpd/-/admin/
  

• After use the skeleton-key may be explicitly cancelled if desired.

    $ HTTPD /DO=AUTH=SKELKEY=0
  

One established the site should make the Server Administration facility a configured facility of the site. The value of it's facilities cannot be overstated. The section 14.1 - SYSUAF/Identifier Authentication provides a short guide to setting up authorization for server administration purposes.

It is also recommended that for production sites the path to these reports be controlled via authentication and authorization, using both host and username restrictions, similar to the following:

  [WHATEVER-REALM]
  /httpd/-/admin/*  host.ip.addr,~WebMaster,~WhoEverElse,r+w

If a full authorization environment is not required but administration via browser is still desired restrict access to browsers executing on the server system itself, using an appropriate SYSUAF-authenticated username. Provision of a VMS account for server administration only is quite feasable, see 15.10.5 - Nil-Access VMS Accounts.

  [VMS]
  /httpd/-/admin/*  #localhost,~username,r+w

If SSL is in use (17 - Secure Sockets Layer) then username/password privacy is inherently secured via the encrypted communications. To restrict server administration functions to this secure environment add the following to the HTTPD$MAP configuration file:

  /httpd/-/admin/*  "403 Access denied."  ![sc:https]

When using the revise capability of the Server Administration facility is necessary to comply with all the requirements for Web update of files. This is discussed in general terms in 22 - HTTPd Web Update. Revision of server configuration files requires path permissions allowing write access for the username(s) doing the administration, as well as the required ACL on the target directory (in the following example HT_ROOT:[LOCAL]).

  [VMS]
  /httpd/-/admin/*  #localhost,~username,r+w
  /ht_root/local/*  #localhost,~username,r+w

It is possible to allow general access to the Server Administration facility and reports while restricting the ability to initiate server actions such as a restart! Using the WORLD realm against the path is necessary, for the obvious security reason, the server administration module will not allow itself to be used without an authenticated username, provided as a pseudo-authenticated "WORLD".

  [VMS]
  /httpd/-/admin/control/*  #localhost,~username,r+w
  [WORLD]
  /httpd/-/admin/* r

With a single instance (6.2 - Server Instances) access to Server Administration reports, etc. is always serviced by the one server process. If multiple instances are configured in common with all requests administration requests will be serviced by any one of the associated processes depending on the indeterminate current state of the round-robin distribution.

There are many circumstances where it is preferable to access only the one server. This can be accomplished for two differing objectives.

1. To facilitate access to a specific instance's Server Administration page, including instance-specific reports etc. This is provided through the use of an administration service port (Administration Services) available from the Server Administration page.

2. The Server Administration page (Control Section) and the command-line (5.5.2.6 - Instances) provides the capability to explicitly set the number of instances supported, overriding any configuration directive. After explicitly setting this using either means the server must be restarted. The explicit startup setting remains in effect until it's changed to "max" allowing the HTTPD$CONFIG configuration directive [InstanceMax] to once again determine the number of instances required.

The latter approach is particularly useful when performing detailed WATCH activities (19 - WATCH Facility).

When multiple per-node instances are executing the Server Administration pages and reports all include an indication of which process serviced the request. When accessing no instance in particular the process name is presented in parentheses after the page title

  HTTPd wasd.dsto.defence.gov.au:80
  Server Administration  (HTTPd:80)

  HTTPd wasd.dsto.defence.gov.au:80
  Server Administration - HTTPd:80

The server provides a number of internally generated reports. Some of these are of general interest. Others are more for evaluating WASD behaviour and performance for development purposes. These are listed in the approximate order in which they occur top-to-bottom, left-to-right in the menu layout.

It is possible to use this facility standalone, without configuring authorization (18.1 - Access Without Configuration).

• Statistics - Server process up-time, CPU-time and other resources consumed, number of connections processed, number of requests of each HTTP method, type of processing involved (HTTPd module used), number of bytes processed, etc.

• Log - Display the server process (SYS$OUTPUT) log.

• Configuration - A tabular summary of the server's current configuration. This is a convenient method for viewing the information from the HTTPD$CONFIG file.

• Services - A tabular report listing the current services (virtual servers) and the service-specific parameters.

• Messages - A tabular report of the server's current message database, multiple languages shown if configured that way.

• Mapping - All loaded mapping rules and any cached USER rule paths. A selector allows rules applying only to one particular virtual server to be displayed.

• Path Authorization - If authorization is in use (15 - Authentication and Authorization) this report lists the paths with associated authorization and access control.

• User Authentication - List any users that have been authorized since the server was last started, the realm authorized from, the group it applies to (if any), and what the user's capabilities are (allowed HTTP methods). A time-stamp and counters provide additional information.

• Secure Sockets - The SSL report lists counts of the number of SSL transactions initiated and completed, along with session cache statistics for the currently connected SSL service. It also lists the ciphers available and current session information. Other reports allow the Certificate Authority (CA) database to be view and edited, if available due to X.509 authentication being enabled.

• Cache - Allows monitoring of cache behaviour and performance, as well as the files currently in the cache (20 - Cache).

• DCL Scripting - Provides some DCL, CGI and CGIplus scripting information.

  DCL module statistics (same information as displayed in the server statistics report). These are cumulative for the entire life of the system (unless zeroed).

  Subprocess information shows how many actual subprocesses exist at the time of the report, as indicated by the PID and bolded, non-zero liftime (in minutes). The soft-limit specifies how many CGIplus scripts are allowed to continue existing before the least used is deleted and the hard-limit show how many subprocesses may actually exist at any one time (the margin allows for subprocess deletion latency). A count of how many times the CGIplus subprocesses have been explicitly purged (button available on this report page). The life-time of zombie processes (in minutes, zero implying use of zombies is disabled) and the number that have been purged due to expiry. CGIplus subprocess life-time (in minutes, zero implying indefinite), the number purged due to life-time expiry and the number of CGIplus subprocesses that the server has actually purged (deleted) to maintain the soft-limit margin specified above.

  Each of the allocated subprocess data structures is listed. There may be zero up to hard-limit items listed here depending on demand for DCL activities and the life of the server. Items with a PID shown indicate an actual subprocess existing. This can be a zombie subprocess or a CGIplus subprocess. If no subprocess is indicated then the other information represents the state the last time the item's associated subprocess completed. Information includes the script (URL-style path) or DCL command, total count of times the item has been used and the last time it was. The zombie count indicates the number of time the same subprocess finished a request and entered the zombie state. The CGIplus column indicates it is/was a CGIplus script and shows the total number of times that particular script has been/was used. If the subprocess is currently in use the client information show the client host name.

  If any subprocesses are associated with any data structure a purge button is provided that forces all subprocesses to be deleted. This can be useful if a new script image is compiled and it is required all scripts now use this. If a script is currently processing a request the subprocess deletion occurs when that processing is complete. The purge button does not force a subprocess to delete, so a second button forces all subprocesses to delete immediately. This can be used to forceably clear errant scripts, etc., but be warned script processing is indiscrimately stopped!

• DECnet Scripting - DECnet module information shows totals for DECnet scripting usage and the DECnet connection list.

  This list will grow, up to the specified configuration maximum, as conconurrent scripting demand occurs. Maintained connections are indicated by the bolded, non-zero lifetime (in minutes). When this reaches zero the task is disconnected. The current/last task for that connection is indicated, along with the number of times the connection was reused and a total number of uses for that list item.

  Purge and force buttons allow current links to be broken after request completion or forcibly disconnected.

• Lock - Lists the names and status of all lock resources used to manage single and multiple instances across single systems or a cluster. This report is more relevant for evaluating and debugging WASD behaviour.

• Match - To assist with the refinement of string matching patterns (11 - String Matching) this report allows the input of target and match strings and allows direct access to the server's wildcard and regular expression matching routines. Successful matches show the matching elements and a substitution field (11.4 - Expression Substitution) allows resultant strings to be assessed.

• Memory - Provides a report and does an integrity check on each of the Virtual Memory (VM) zones employed by the WASD HTTPd.

• Process - Lists all processes on the current system owned by the server account. From this list a process can be selected to have a "SHOW PROCESS /ALL" performed on it, displayed on a report page.

• Proxy - If proxy serving is enabled a report providing statistics on the various HTTP methods used, network and cache traffic, cache reads and writes, requests not cachable, and host name lookup are provided. This may used to help guage the effectiveness of the cache.

• Request - Lists current requests (always shows at least your own connection accessing this report :^) and if enabled by configuration an optional history list of the most recent requests (enabled by the configuration parameter [RequestHistory]). Current requests may be selected for one-shot WATCH-processing reports from this page (19 - WATCH Facility).

  Two other diagnostic tools are available from the same link. The first, WATCH-peek Report, providing a snapshot of the contents selected internal fields and data structures of the request. This is primarily intended as a problem investiagtion and development tool, and will be of limited value without an understanding of server internals. The second accesses the "peek" internals plus a one-shot WATCH-processing report.

  For servers handling a great quantity of concurrent traffic this can generate a very large report. The Supervisor report can also provide a profile of the servers current load.

• Supervisor - Provides a simple table displaying each timer list and any associated request count. Shows how many requests are set be scanned and evaluated for continued processing every so-many seconds. For very busy servers this is another method for gaining an idea of the traffic profile (this is perhaps more meaningful for those with an understanding of WASD internals).

• System - Shows the system, all users, memory and CPU status as a single report.

• Throttle - This report provides a list of paths with throttle rules mapped against them. It provides the throttle values along with current and history activity counters.

• Activity - Provide a graphical snapshot of server activity of a given period.

  The statistics are stored in a permanent global section and so carry-over between server restarts. Where multiple instances are executing the data represents an accumulation of all instances' processing. It is enabled by the configuration parameter [ActivityDays]. The Server Administration facility provides several, represented as a period of hours before the present time. Number of requests and bytes sent to the client are represented by a histogram with respective means for each by a line graph. A bar across the column of the request histogram indicates the peak number of concurrent requests during the period. A greyed area indicates no data available for that time (i.e. before the latest server startup, or in the future).

  Server startup and shutdown events are indicated by solid, vertical lines the full height of the graph (see example for a restart event).

  startup - green

  shutdown - black

  restart - grey

  error exit - red

  Activity data is accumulated on a per-minute basis. This is the maximum granularity of any report. When reports are selected that can display less than this one minute granularity (i.e. with periods greater than four hours) the value shown is the peak of the number of minutes sampled for display. This better represents the load on the server than would a mean of those samples.

  The graph is an image map, various regions of which allow the selection of other reports with different periods or durations. This allows previous periods to be examined at various levels of detail using the graph for navigation. Various sections may have no mapping as appropriate to the current report.

  For multiple hour reports the upper and lower sections have distinct functions. The middle 50% of the upper section allows the same end time (most commonly the current hour) to be examined over twice the current period, in this case it would be over eight hours. The left 25% allows the previous fours hours to be viewed (if such data exists), and for non-current reports the right 25% allows the next four hours to be viewed. The lower half can be divided into sections representing hours or days depending on the period of the current report. This allows that period to be viewed in greater detail. For single hour reports this section, of course, is not mapped.

  Remember that the URL of the mapped section will be displayed in the status bar of the browser. As the URL contains time components it is not a difficult task to decipher the URL displayed to see the exact time and period being selected.

    Server Activity Graphic

• WATCH - This report provides an online, real-time, in-browser-window view of request processing on the running server. See 19 - WATCH Facility for details.

The server provides a comprehensive configuration revision facility.

• Configuration - A form-driven interface allows the current configuration of the server to be altered online. This configuration may then be saved to the on-disk file and then the server could be restarted using the new parameters. The source of the current configuration can be either the server itself (from it's volatile, in-memory parameters) or from the on-disk configuration file. In addition it is possible to directly edit and update the on-disk file.

• Services - A form-driven interface allows service (virtual server) configuration. It is also possible to directly edit and update the on-disk file. The server must be restarted for service changes to take effect.

• Messages - A form-driven interface allows the the server messages to be modified. It is also possible to directly edit and update the on-disk file. The server can then be restarted to use the modified database (18.6 - HTTPd Server Action).

• Mapping - No form-driven interface is currently available for changing the mapping rules. However it is possible to directly edit and update the on-disk file. The mapping rules could then be reloaded, changing the current server rules (18.6 - HTTPd Server Action).

• Path Authorization - No form-driven interface is currently available for changing the path authorization configuration. However it is possible to directly edit and update the on-disk file. The path authorization directives could the be reloaded, changing the current server authorization (18.6 - HTTPd Server Action).

• User Authentication - User authentication comprises a number of dialogues that allow the WASD-specific (HTA) authentication databases to be administered. These include:

  creating databases

  deleting databases

  accessing databases for administering usernames

  listing usernames within databases

  adding usernames

  deleting usernames

  modifying username permissions and other data

  reseting in-server (cached) authentication information

  Chapter 15 - Authentication and Authorization covers authentication detail.

• Site Log - This accesses a plain-text file that could be used to record server or other significant site configuration changes if desired. Two methods of access are provided.
  1. Site-Log - open the file for editing, placing a date/time/author timestamp at the top

  2. Edit - open the file editing

  The file name and/or location may be specified using HTTPD$SITELOG (Logical Names).

Many of the server activites listed above require server account write access to the directory in which the configuration files are stored. Where an autononmous scripting account is in use (7.5 - Scripting) this poses minimal threat to server configuration integrity.

1. Specifically map the /ht_root/local/ path and mark it as access always requiring authorization (ensure this is one on the first mappings in the file and certainly before any other /ht_root/ ones).

     # HTTPD$MAP
     pass /ht_root/local/* auth=all
   

2. Add appropriate authorization rules (example from 14.1 - SYSUAF/Identifier Authentication).

     # HTTPD$AUTH
     ["Web Admin"=WASD_WEBADMIN=id]
     /httpd/-/admin/* r+w
     /ht_root/local/* r+w
   

3. Update access to the directory can be applied using the SECHAN utility (23.11 - SECHAN Utility).

     $ SECHAN /WRITE HT_ROOT:[000000]LOCAL.DIR
     $ SECHAN /WRITE HT_ROOT:[LOCAL]
   

4. Load the new mapping and authorization rules.

     $ HTTPD /DO=MAP
     $ HTTPD /DO=AUTH=LOAD
   

If a site is using SYSUAF authentication and security profiles enabled using the /PROFILE startup qualifier (15.10.7 - SYSUAF Security Profile) then a more restrictive set up is possible, retaining the default no-access to the [LOCAL] directory. This relies on the administering account(s) having read and write access to the [LOCAL] directory. It is then not necessary to grant that to the server account. It is possible to limit the application of VMS user profiles. This is an example.

  # HTTPD$MAP
  set /ht_root/local/* profile auth=all
  set * noprofile

To use this approach perform steps 1, 2 and 4 from above, substituting the following for step 3.

  $ SECHAN /PACKAGE HT_ROOT:[000000]LOCAL.DIR
  $ SECHAN /PACKAGE HT_ROOT:[LOCAL]
  $ SECHAN /CONTROL HT_ROOT:[000000]LOCAL.DIR

The server allows certain run-time actions to be initiated. Many of these functions can also be initiated from the command line, see 5.5.2 - Server Command Line Control.

When multiple servers are executing on a single node or within a cluster a JavaScript-driven checkbox appears in the bottom left of the administration menu. Checking that box applies any subsequently selected action to all servers!

Control Section

• Server Restart/restartNOW/restartQuiet/Exit/exitNOW - The difference between restart/exit and restartNOW/exitNOW is the former waits for any current requests to be completed, while the latter does it immediately regardless of any current connections. The restartQuiet variant continues processing until demand drops to zero for more than one second at which point it commences restart. If the browser has JavaScript enabled a cautionary alert requesting confirmation is generated (otherwise there is no confirmation).

• Logging On/Off/Flush - The HTTPD$LOG logical must be configured to allow access logging to be enabled and disabled from this menu.

• Caching On/Off/Purge - Caching may be enabled and disabled in an ad hoc fashion using these controls. When being disabled after being enabled all previous data is retained. If subsequently reenabled that data is then again available for use. This allows convenient assessment of the subject or even object benefits on the cahing. If purged all entries in the cache are removed.

• Instance Startup - An instance value may be set that overrides the configuration directive [InstanceMax] at next startup. This may be used to change the number of server processes on an ad hoc basis. Reset to "max" to return to configuration control. Note that this can be applied to the current node only or to all servers within a cluster, and that a subsequent restart is required.

• Statistics Zeroed - All counters are zeroed (except the number-of-times-zeroed counter!)

• Mapping Rules Reload - Reloads the path mapping rules from the on-disk file into the running server, clears the user SYSUAF mapping cache.

  Caution! If changing CGIplus script mapping it is advised to restart the server rather than reload. Some conflict is possible when using new rules while existing CGIplus scripts are executing.

• Path Authorization Reload - Reloads the path authorization directives from the on-disk file into the running server.

• User Authentication Cache Purge - For efficiency reasons authenticated user information is cached for a limited period within the running server. All this cached information may be completely purged using this action, forcing subsequent requests to be reauthenticated from the on-disk database.