Frequently asked questions
This page answers frequently asked questions (FAQs) about IBM HTTP Server for i.
- Product
-
- Apache
-
- Setting up your server
-
- Startup
-
- Authentication
-
- CGI
-
- High Available Web server
-
- Proxy
-
- Features
-
- Additional support
-
- General
-
What other products are necessary for starting the *ADMIN server and using the IBM Web Administration?
The *ADMIN server and IBM Web Administration require a few additional products. If you don't have these products installed, you will not have full functionality and the *ADMIN server may not start. To see if you have all the required products on your i5/OS system, type:
GO LICPGM
This will take you to the work with licensed programs page. Choose number 10. Display Installed Licensed Programs. Look for one of the following 5722JV1 options. Any one of them is sufficient.
5722JV1 Option 3 Java Developer Kit 1.2
5722JV1 Option 5 Java Developer Kit 1.3
5722JV1 Option 6 Java Developer Kit 1.4
In addition, the following product options are necessary.
5722SS1 Option 12 Host Servers
5722SS1 Option 30 Qshell
5722JC1 Option *BASE IBM Toolbox for Java
Notes:
- The in-process (Tomcat) servlet engine will automatically use the highest version installed.
- JDK 1.2 is only an option on V5R2.
- JDK 1.3 is necessary for Websphere Application Server 5.x, Websphere Portal, and IBM Workplace support.
- JDK 1.4 is necessary for Websphere Application Server 6.x support.
For a complete list, reference the Redbook HTTP Server (powered by Apache): An Integrated Solution for IBM iSeries Servers (Chapter 2.1 - Before you Start).
Is the i5/OS version of Apache's source code available?
No, the i5/OS source code is not published.
Is it the same as the EBCDIC open-source Apache?
No, the i5/OS source code contains integration items optimized for i5/OS and will only run on an i5/OS.
How do I find out the version of Apache Server running on my i5/OS?
You can display the version using the -V option of the STRTCPSVR command. For example:
STRTCPSVR SERVER(*HTTP) HTTPSVR(APACHEDFT '-V')
How do I setup language support for an HTTP server?
Your i5/OS CCSID/codepage settings should be correctly configured for your primary language environment. To do this you must consider two settings:
- The CCSID value in Change HTTP Attributes (CHGHTTPA) CL command.
- The system value QCCSID
The correct values can be found by looking in Information Center Default system values for national language versions.
- Click on the language/feature code you will be testing.
-
- The Internet CCSID value will be used for CHGHTTPA
- The QCCSID value will be used to change the QCCSID system value
- Run the CL command CHGHTTPA and specify the value for the Internet CCSID. For example, to run in English:
CHGHTTPA CCSID(819)
- Run the CL command CHGSYSVAL SYSVAL(QCCSID) and specify the value found for the QCCSID value. For example, to run in English:
CHGSYSVAL SYSVAL(QCCSID) VALUE(37)
What are the valid characters in a server name?
When creating a new server, enter a name that does not contain any special characters. Some products or applications that use the server name such as Digital Certificate Manager cannot handle the use of special characters. A server name must begin with an alphabetic character and must not be longer than ten characters.
How do I enable the SSL port for the *ADMIN server?
Follow the instructions given in the Information Center at Set up SSL for the administration (ADMIN) server for HTTP Server.
Can directive or Alias contain spaces in the directory path?
Yes. You must enclose the directory path in quotes.
How can I avoid the Cross Site Tracing vulnerability ?
To turn this vulnerability off for HTTPS, add the following set of Rewrite directives both globally and in a context.
RewriteEngine On
RewriteCond %{REQUEST_METHOD} ^TRACE
RewriteRule .* - [F]
Why won't my server start?
If your server won't start, you can usually find the reason in the JOBLOG. To view JOBLOGs of server jobs that have ended abnormally, enter the command:
WRKSPLF SELECT(QTMHHTTP)
The most common reasons for the server failing to start are:
- The TCP/IP port is already in use - Change the server configuration to use a different port.
- Configuration directives are not valid - Correct the directive that is flagged in the JOBLOG.
- SSL Initialization failed - This can occur if SSL for the server is enabled AND one or more of the following is true.
-
- A Cryptography product (5722-AC1, 5722-AC2, or 5722-AC3) is not installed.
- The keyring file (certificate store or key database file) does not exist.
- The server does not have authority to the keyring file (certificate store or key database file).
- The keyring file (certificate store or key database file) password is expired.
- The keyring file (certificate store or key database file) does not match the format of the installed Cryptography product.
|
|
|
What can I do when HTTP server is not accepting Kerberos Authorization?
There are many possible problems that can occur when using Kerberos Authentication. Many of these are outside the i5/OS environment (for example, Windows platform, Active Directory directory service, as well as network issues). The following steps cover some of the most frequent problems in the Microsoft Windows environment.
- Download Microsoft Kerberos Tray and use it to verify that the correct tickets are being obtained.
- Under Internet Explorer options (Tools ->Internet Options, then Advanced tab), make sure Enable Integrated Windows Authentication (requires restart) is selected.
- Make sure the timezone and date/time on your i5/OS is the same timezone and date/time as on your Active Directory domain. On i5/OS, the time zone value can be seen using this CL command:
WRKSYSVAL SYSVAL(QTIMZON)
More troubleshooting and information about Windows based single signon can be found in the Red book Windows-based Single Signon and the EIM Framework on the IBM eServer i5/OS Server
An example scenario of single signon with the i5/OS HTTP server can be found in Red book IBM HTTP Server (powered by Apache): An Integrated Solution for IBM eServer iSeries Servers (Chapter 6, Section 6.3)
Can the Server Side Include (SSI) echo directive display the values of standard CGI variables?
Yes. Use the echo directive to display the value for specified environment variables (including the standard CGI variables) using the var tag. If a variable is not found, a (None) is displayed. Both the set of standard CGI variables and the SSI specific environment variables that can be displayed using echo are listed in Environment Variables on HTTP Server.
Do I need to modify my CGI programs running on other Apache platforms to run under i5/OS?
Yes. To port your CGI programs to i5/OS you'll need to recompile them and move your data libraries and directories. See Porting to i5/OS.
Can I run CGI in more than one language using only one HTTP server?
Starting in V5R4, you can run CGI in various languages using one server. Customize your directory container using directives CGIJobCCSID (new in V5R4), DefaultNetCCSID (allowed in a container starting in V5R4), and CGIConvMode. There are two different methods you might want to consider for doing this. You can use a different library for each separate language or use the URI to determine the language of the user.
How do I avoid the HTTP server doing any conversions of data passed to and from a CGI program?
Any CGI program with a name that begins with nph_ is considered a no-parse header CGI program. This means that the server does no conversions on the data and adds no headers back in the response from the CGI program. The CGI programmer is in total control and is responsible for parsing the request and then sending all of the necessary headers back with the response.
How do I compile a CGI program in UTF-8 mode?
See Installing and running a UTF-8 ILE C CGI - Example.
How do I allow the HTTP server to handle invalid escapes in POST data?
If you have, for example, an XML file containing a "%" which does not indicate an escaped character, (for example, you have text such as "discount is 10%") or you have POST data that you do not want to fail because of invalid escape sequences, follow these conditions:
- Text must contain only single byte (SBCS) data. Multi-byte data will fail.
- CGI input conversion mode must be MIXED.
- Client request must contain Content-Type: header with the value of text/xml (case insensitive).
- If a charset is specified with the Content-Type: header, it must be a single byte character set.
- Invalid Unicode escapes will be allowed in single byte data but not allowed in multi-byte data.
How can I improve the performance of my CGI program?
The performance of your CGI program is dependent on the characteristics of your CGI program as well as how the request is handled by the server.
One way to improve the performance of your CGI program is to specify a named activation group on the compile rather than taking the default. For more information, see CGI programs and activation groups in the Information Center.
The following contains information about improving the performance of CGI request handling by your server.
By default, if not running in the PASE environment, the CGI server job sets both the current directory and current library for each CGI request. The current directory is the path name of the CGI program library, for example, /QSYS.LIB/MYLIB.LIB/ and the current library is the library containing the CGI program, for example MYLIB. Once the CGI request has completed, the current library is changed to QHTTPSVR. These two actions can degrade the performance of each CGI request.
Starting in V5R4, you can improve the performance of each request with the following configuration changes.
- The current directory
-
- The current library
-
How can I change the library list for my CGI program?
This can be done using the SetEnv directive with the QIBM_CGI_LIBRARY_LIST environment variable and a list of the libraries. Be sure to uppercase the library names and separate them by semi-colons. For example:
SetEnv QIBM_CGI_LIBRARY_LIST "MIME;CGIURL;CGILIBL"
The listed libraries replace the libraries in the user part of the library list. When the CGI program has finished processing, these libraries will be removed from the library list and the library list will be restored to what it was before the CGI program ran.
How do I enable the HTTP server to be HA?
Follow the instructions given in infoCenter for Highly available Web server cluster on HTTP Server.
Is it possible to do Proxy chaining with authentication?
Yes, however you can only authenticate through the first server in the proxy chain.
Is it possible to block specific HTTPS requests when using an Apache proxy server?
Yes. Use and directives to deny CONNECT on the specific hosts. For example, the following will block https://www.foo.com requests:
Deny from all
Does IBM support Tomcat?
Yes, please reference the information found in the Information Center at About Tomcat.
Does the Search Engine support non-text-based (ie. non-html) files such as .PDF?
No. Review the information found at Webserver Search Engine - Getting Started for more details concerning the Search Engine. p>
How do I get Java Servlet support?
Java servlet support comes with IBM WebSphere Application Server. The latest information can be found at IBM Websphere Application Server site.
Does i5/OS Apache support Java?
Yes. You can serve Java applets, using an Apache server. Using Websphere Application Server, you can also serve Servlets and JSPs from Apache. HTTP Server does not support running Java CGI programs as of V5R3. If you have Java CGI applications, you should migrate those applications to Java servlets using WebSphere Application Server or the integrated ASF Tomcat servlet engine.
Can I run ASPs (Active Server Pages)on i5/OS?
Apache on i5/OS does not currently include ASP support.
Why do I need Websphere (what is it anyway)?
WebSphere Application Server for i5/OS (WAS) is needed to serve JSPs and Servlets from Apache. It is the Application Server of choice on i5/OS.
What characters are valid in a URL?
The specification for URLs, RFC1738, limits the use of allowed characters to only a limited subset of the US-ASCII character set (2.2 URL Character Encoding Issues):
"The lower case letters "a"--"z", digits, and the characters plus ("+"), period("."), and hyphen ("-") are allowed.... In addition, octets may be encoded by a character triplet consisting of the character "%" followed by the two hexadecimal digits (from"0123456789ABCDEF") which forming (sic) the hexadecimal value of the octet. (The characters "abcdef" may also be used in hexadecimal encodings.)"
To insert, for example, the French accented à, you would use %E0 instead of the letter.
How can I change the CCSID attribute for all my IFS files?
You need to run the following CL command, specifying CCSID-value as the desired CCSID:
CHGATR OBJ('/www/directory/') ATR(*CCSID)
VALUE( CCSID-value) SUBTREE(*ALL)
How can I improve the performance from my HTTP server?
Follow the instructions given in Red book IBM HTTP Server (powered by Apache): An Integrated Solution for IBM eServer iSeries Servers (Chapter 10)
What do I need to do to use the QNTC file system?
- Ensure the user ID(s) that are to be used to access QNTC have the same password on the i5/OS system and the NT server.
- Ensure that user IDs have authority to access the shares on the NT server.
- Make sure the connectivity between i5/OS and the NT machine is setup correctly.
Note: The user profile that is authorized to the QNTC sharepoint /QNTC directory, must be the same as the user specified on the ServerUserid directive.
How can I monitor the number of hits to my web site?
Here are a few ways to monitor how many visitors are going to your site.
- Use the IBM Web Administration for i5/OS real-time server statistics to see the number of requests.
- Download a hit counter to add to your web page. There are many available for free.
| 
