HTTP Server for i

What other products are necessary for starting the *ADMIN server and using the IBM Web Administration?

The *ADMIN server and IBM Web Administration require a few additional products. If you don't have these products installed, you will not have full functionality and the *ADMIN server may not start. To see if you have all the required products on your IBM i system, type: 

 GO LICPGM

This will take you to the work with licensed programs page. Choose number 10. Display Installed Licensed Programs. Look for one of the following 5722JV1 options. Any one of them is sufficient. 

 5722JV1   Option 3   Java Developer Kit 1.2
 5722JV1   Option 5   Java Developer Kit 1.3
 5722JV1   Option 6   Java Developer Kit 1.4

In addition, the following product options are necessary.

 5722SS1   Option 12      Host Servers
 5722SS1   Option 30      Qshell
 5722JC1   Option *BASE   IBM Toolbox for Java

Notes:

• The in-process (Tomcat) servlet engine will automatically use the highest version installed.
• JDK 1.2 is only an option on V5R2.
• JDK 1.3 is necessary for Websphere Application Server 5.x, Websphere Portal, and IBM Workplace support.
• JDK 1.4 is necessary for Websphere Application Server 6.x support.
  For a complete list, reference the Redbook HTTP Server (powered by Apache): An Integrated Solution for IBM iSeries Servers (Chapter 2.1 - Before you Start).

Back to top

Is the IBM i version of Apache's source code available?

No, the IBM i source code is not published.

Is it the same as the EBCDIC open-source Apache?

No, the IBM i source code contains integration items optimized for IBM i and will only run on an IBM i.

How do I find out the version of Apache Server running on my IBM i?

You can display the version using the -V option of the STRTCPSVR command. For example:

 STRTCPSVR SERVER(*HTTP) HTTPSVR(APACHEDFT '-V')

Back to top

How do I setup language support for an HTTP server?

Your IBM i CCSID/codepage settings should be correctly configured for your primary language environment. To do this you must consider two settings:

1. The CCSID value in Change HTTP Attributes (CHGHTTPA) CL command.
2. The system value QCCSID

The correct values can be found by looking in Information Center Default system values for national language versions.

1. Click on the language/feature code you will be testing.

• The Internet CCSID value will be used for CHGHTTPA
• The QCCSID value will be used to change the QCCSID system value

2. Run the CL command CHGHTTPA and specify the value for the Internet CCSID. For example, to run in English:

 CHGHTTPA CCSID(819)

3. Run the CL command CHGSYSVAL SYSVAL(QCCSID) and specify the value found for the QCCSID value. For example, to run in English:

 CHGSYSVAL SYSVAL(QCCSID) VALUE(37)

What are the valid characters in a server name?

When creating a new server, enter a name that does not contain any special characters. Some products or applications that use the server name such as Digital Certificate Manager cannot handle the use of special characters.   A server name must begin with an alphabetic character and must not be longer than ten characters. 

How do I enable the SSL port for the *ADMIN server?

Follow the instructions given in the Information Center at Set up SSL for the administration (ADMIN) server for HTTP Server.

Can directive  or Alias contain spaces in the directory path?

Yes. You must enclose the directory path in quotes.

How can I avoid the  Cross Site Tracing vulnerability ? (link resides outside of ibm.com)
To turn this vulnerability off for HTTPS, add the following set of Rewrite directives both globally and in a  context.

 RewriteEngine On
 RewriteCond %{REQUEST_METHOD} ^TRACE
 RewriteRule .* - [F]

Back to top

Why won't my server start?

If your server won't start, you can usually find the reason in the JOBLOG. To view JOBLOGs of server jobs that have ended abnormally, enter the command:
 WRKSPLF SELECT(QTMHHTTP)

The most common reasons for the server failing to start are: 

• The TCP/IP port is already in use - Change the server configuration to use a different port. 
• Configuration directives are not valid - Correct the directive that is flagged in the JOBLOG. 
• SSL Initialization failed - This can occur if SSL for the server is enabled AND one or more of the following is true.
  • A Cryptography product (5722-AC1, 5722-AC2, or 5722-AC3) is not installed. 
  • The keyring file (certificate store or key database file) does not exist. 
  • The server does not have authority to the keyring file (certificate store or key database file).
  • The keyring file (certificate store or key database file) password is expired. 
  • The keyring file (certificate store or key database file) does not match the format of the installed Cryptography product. 

Back to top

What can I do when HTTP server is not accepting Kerberos Authorization?

There are many possible problems that can occur when using Kerberos Authentication. Many of these are outside the IBM i environment (for example, Windows platform, Active Directory directory service, as well as network issues). The following steps cover some of the most frequent problems in the Microsoft Windows environment.

1. Download Microsoft Kerberos Tray (link resides outside of ibm.com) and use it to verify that the correct tickets are being obtained.
2. Under Internet Explorer options (Tools ->Internet Options, then Advanced tab), make sure Enable Integrated Windows Authentication (requires restart) is selected.
3. Make sure the timezone and date/time on your IBM i is the same timezone and date/time as on your Active Directory domain. On IBM i, the time zone value can be seen using this CL command:

     WRKSYSVAL SYSVAL(QTIMZON)

More troubleshooting and information about Windows based single signon can be found in the Red book Windows-based Single Signon and the EIM Framework on the IBM eServer IBM i Server

An example scenario of single signon with the IBM i HTTP server can be found in Red book IBM HTTP Server (powered by Apache): An Integrated Solution for IBM eServer iSeries Servers (Chapter 6, Section 6.3)

Back to top

Can the Server Side Include (SSI) echo directive display the values of standard CGI variables?

Yes. Use the echo directive to display the value for specified environment variables (including the standard CGI variables) using the var tag. If a variable is not found, a (None) is displayed. Both the set of standard CGI variables and the SSI specific environment variables that can be displayed using echo are listed in Environment Variables on HTTP Server. 

Do I need to modify my CGI programs running on other Apache platforms to run under IBM i?

Yes. To port your CGI programs to IBM i you'll need to recompile them and move your data libraries and directories. See .

Can I run CGI in more than one language using only one HTTP server?

Starting in V5R4, you can run CGI in various languages using one server. Customize your directory container using directives CGIJobCCSID (new in V5R4), DefaultNetCCSID (allowed in a container starting in V5R4), and CGIConvMode. There are two different methods you might want to consider for doing this. You can use a different library for each separate language or use the URI to determine the language of the user.

How do I avoid the HTTP server doing any conversions of data passed to and from a CGI program?

Any CGI program with a name that begins with nph_ is considered a no-parse header CGI program. This means that the server does no conversions on the data and adds no headers back in the response from the CGI program. The CGI programmer is in total control and is responsible for parsing the request and then sending all of the necessary headers back with the response.

How do I compile a CGI program in UTF-8 mode?

See Installing and running a UTF-8 ILE C CGI - Example.

How do I allow the HTTP server to handle invalid escapes in POST data?

If you have, for example, an XML file containing a "%" which does not indicate an escaped character, (for example, you have text such as "discount is 10%") or you have POST data that you do not want to fail because of invalid escape sequences, follow these conditions:

• Text must contain only single byte (SBCS) data. Multi-byte data will fail.
• CGI input conversion mode must be MIXED.
• Client request must contain Content-Type: header with the value of text/xml (case insensitive).
• If a charset is specified with the Content-Type: header, it must be a single byte character set.
• Invalid Unicode escapes will be allowed in single byte data but not allowed in multi-byte data.

How can I improve the performance of my CGI program?

The performance of your CGI program is dependent on the characteristics of your CGI program as well as how the request is handled by the server.

One way to improve the performance of your CGI program is to specify a named activation group on the compile rather than taking the default. For more information, see CGI programs and activation groups in the Information Center.

The following contains information about improving the performance of CGI request handling by your server.

By default, if not running in the PASE environment, the CGI server job sets both the current directory and current library for each CGI request. The current directory is the path name of the CGI program library, for example, /QSYS.LIB/MYLIB.LIB/ and the current library is the library containing the CGI program, for example MYLIB. Once the CGI request has completed, the current library is changed to QHTTPSVR. These two actions can degrade the performance of each CGI request.

Starting in V5R4, you can improve the performance of each request with the following configuration changes.

• The current directory
  • The current directory is set to the path name of the library containing your CGI program.
  • To disable changing the current directory, add the following directive to your configuration:

   SetEnv QIBM_CGI_CHANGE_CURDIR  
   N

• The current library
  • The current library is set to the library containing your CGI program and will be changed to QHTTPSVR when the request is completed.
  • To disable changing the current library, add this directive to your configuration:

   SetEnv QIBM_CGI_CHANGE_CURLIB  
   N

How can I change the library list for my CGI program? This can be done using the SetEnv directive with the QIBM_CGI_LIBRARY_LIST environment variable and a list of the libraries. Be sure to uppercase the library names and separate them by semi-colons. For example:

 SetEnv QIBM_CGI_LIBRARY_LIST "MIME;CGIURL;CGILIBL"

The listed libraries replace the libraries in the user part of the library list. When the CGI program has finished processing, these libraries will be removed from the library list and the library list will be restored to what it was before the CGI program ran.

Back to top

How do I enable the HTTP server to be HA?

Follow the instructions given in infoCenter for Highly available Web server cluster on HTTP Server.

Back to top

Is it possible to do Proxy chaining with authentication?

Yes, however you can only authenticate through the first server in the proxy chain.

Is it possible to block specific HTTPS requests when using an Apache proxy server?

Yes. Use  and  directives to deny CONNECT on the specific hosts. For example, the following will block https://www.foo.com requests:

          Deny from all

Back to top

How do I get Java Servlet support?

Java servlet support comes with IBM WebSphere Application Server. The latest information can be found at IBM Websphere Application Server site.

Does IBM i Apache support Java?

Yes. You can serve Java applets, using an Apache server. Using Websphere Application Server, you can also serve Servlets and JSPs from Apache. HTTP Server does not support running Java CGI programs as of V5R3. If you have Java CGI applications, you should migrate those applications to Java servlets using WebSphere Application Server or the integrated ASF Tomcat servlet engine.

Can I run ASPs (Active Server Pages)on IBM i?

Apache on IBM i does not currently include ASP support.

Why do I need Websphere (what is it anyway)?

WebSphere Application Server for IBM i (WAS) is needed to serve JSPs and Servlets from Apache. It is the Application Server of choice on IBM i.

Back to top

What characters are valid in a URL?

The specification for URLs, RFC1738 (link resides outside of ibm.com), limits the use of allowed characters to only a limited subset of the US-ASCII character set (2.2 URL Character Encoding Issues):

"The lower case letters "a"--"z", digits, and the characters plus ("+"), period("."), and hyphen ("-") are allowed.... In addition, octets may be encoded by a character triplet consisting of the character "%" followed by the two hexadecimal digits (from"0123456789ABCDEF") which forming (sic) the hexadecimal value of the octet. (The characters "abcdef" may also be used in hexadecimal encodings.)"

To insert, for example, the French accented à, you would use %E0 instead of the letter.

How can I change the CCSID attribute for all my IFS files?
You need to run the following CL command, specifying CCSID-value as the desired CCSID:

 CHGATR OBJ('/www/directory/') ATR(*CCSID)
     VALUE(CCSID-value) SUBTREE(*ALL)

How can I improve the performance from my HTTP server?

Follow the instructions given in  Red book IBM HTTP Server (powered by Apache): An Integrated Solution for IBM eServer iSeries Servers (Chapter 10)

What do I need to do to use the QNTC file system?

• Ensure the user ID(s) that are to be used to access QNTC have the same password on the IBM i system and the NT server.
• Ensure that user IDs have authority to access the shares on the NT server.
• Make sure the connectivity between IBM i and the NT machine is setup correctly.

Note: The user profile that is authorized to the QNTC sharepoint /QNTC directory, must be the same as the user specified on the ServerUserid directive.

How can I monitor the number of hits to my web site?

Here are a few ways to monitor how many visitors are going to your site.

• Use the IBM Web Administration for IBM i real-time server statistics to see the number of requests.
• Download a hit counter to add to your web page. There are many available for free.

Back to top

• WebSphere Application Server for i
• Zend and IBM i
• Integrated Web Services for i
• Integrated Web Application Server for i
• Net.Data for i

• IBM HTTP Server (powered by Apache): An Integrated Solution for IBM eServer iSeries Servers