Iplanet web server 6.0 ACL question

Similar Messages

• IPlanet Web Server acl to deny access to class C IP addresses

  Hi all,
  having not chance to modify an ACL from the iPlanet Web Server GUI (the application just make the acl file and anything else....), I am trying to modify it directly to deny access to all users having IP address starting with 172.
  The ACL file created from the iPlanet GUI is the following:
  version 3.0;
  acl "default";
  authenticate (user, group) {
  prompt = "iPlanet Web Server";
  allow (read, list, execute,info) user = "anyone";
  allow (write, delete) user = "all";
  acl "es-internal";
  allow (read, list, execute,info) user = "anyone";
  deny (write, delete) user = "anyone";
  I modified it by adding the following deny:
  root@webone /usr/iplanet/servers/httpacl # more generated.https-altorendimento.acl
  version 3.0;
  acl "default";
  authenticate (user, group) {
  prompt = "iPlanet Web Server";
  allow (read, list, execute,info) user = "anyone";
  allow (write, delete) user = "all";
  acl "es-internal";
  deny (read) ip = "172.*";
  deny (write, delete) user = "anyone";
  but, after applying the changes, I am still (I am on a 172.*.*.* workstation) allowed to access the resource. Then I changed the deny in the following way:
  root@webone /usr/iplanet/servers/httpacl # more generated.https-altorendimento.acl
  version 3.0;
  acl "default";
  authenticate (user, group) {
  prompt = "iPlanet Web Server";
  allow (read, list, execute,info) user = "anyone";
  allow (write, delete) user = "all";
  acl "es-internal";
  deny (read) user = "all";
  deny (write, delete) user = "anyone";
  nothing happened again. The access to the resource seems not related to the acl changes, although the acl are correctly referenced into the obj.conf file. Unfortunatelly, I do not have much experience in ACL.
  Is there anyone able to help me with that issue?
  Thank you so much
  enrico

  hi all,
  sorry for this delay, the matter was solved due to the Mozilla display capability for which this site (the one with the ACL) was not made. Once tried to display with Explorer all was ok and I was able to change the ACL accordingly.
  Sorry again, and thaks anyway
  enrico

• Netscape Messaging Server & iPlanet Web Server question

  The netscape messaging server (v 4.1) is receiving emails which are html-only formatted. Through webmail, the body appears to be empty. When checking the message store, the message is not empty. When accessing through webmail, we are able to view the emails that arrive in the html and plain text formats (both together) or plain text, but not those that arrive html-only. The webserver is iPlanet Web Server, Enterprise Edition.
  Is there any workaround for that, or is it a limitation of the web server?

  WEll, um,
  1. Netscape Messaging Server 4.xx, all versions have been End Of Support life for over 2 years.
  2. There is no web server involved, here. Messaging itself serves the http interface.
  3. Yes, there is a workaround. Upgrade. You're using very old bits, and the only real answer is for you to use a current product, if you need current features.
  Messaging Server 5.2p2 is considered "mature", though still under support. No new features are getting added.
  Messaging Server 6.2 is the current product. It's part of the Sun Java Enterprise System, and may be downloaded.

• Global data in a servlet using iPlanet Web Server

  Our configuration is an Applet->Servlet->JNI->C/C++ code.
  We have C code that does a number of lengthy mathematical calculations. This C code not only uses its own global variables but, it is also comprised of numerous subroutines that all call each other, reading and writing global C variables as they go. These globals are all isolated to the C code shareable object (.so) library that is included using the LoadLibrary call when the servlet is initialized.
  The problem is that in a multi-user environment (3-5 simultaneous users) we need to have each user have their own "copy" of the servlet (and the C code) so that users will not be accessing each other's global data. We can NOT have only one copy of the C code and define it as synchronized because the calculations that are performed can take a very long time and we can not hold off user requests while the firs user finishes.
  Our hope is that there is a way to configure the iPlanet Web server such that each new user that starts up a copy of the Applet/Servlet combination will get their own "space" so that they can work independently of any other user. We have at most 20 users of this system and only 3-5 simultaneous users so we should not have a problem with memory or CPU speed.
  If anyone has a solution, I would greatly appreciate it!

  The C library is shareable. But you don't want it to be shared. That's your question summarized, isn't it?
  You probably can't prevent it from being shared, so to prevent multiple use of it you would have to queue up the requests to be done one at a time. WynEaston's suggestion of having the servlet implement SingleThreadModel would help, but I believe the servlet spec allows servers to run multiple copies of a servlet that does that (as opposed to running a single copy in multiple threads).
  Your other alternative is to rewrite the math in Java, or at least in some object-oriented language where you don't need global variables (which are the source of your problem). All right, I can already hear you saying "But that wouldn't be as fast!" Maybe not, but that isn't everything. Now you have a problem in queueing theory: do you want a single server that's fast, but jobs have to wait for it, or do you want multiple servers that aren't as fast, but jobs don't have to wait? That's a question you would have to evaluate based on the usage of your site, and it isn't an easy one.

• Calling servlet problem in iPlanet web server.

  Hello, friends.
  I have installed iPlanet web server 6.0. After installation I am using the default virtual server only. Thus, for all testing pages also, I use the default Document Root only (C:\iplanet\servers\docs\testsite) (I think, here "docs" is the default document root, right? If I am wrong, please correct me). I have got 2 JSP pages and 1 servlet. I put the JSP pages, into "testsite" folder and put the servlet into a folder called "myservlets" (C:iplanet\servers\docs\myservlets).
  The jsp1.jsp page calls the servlet.class and in return the servlet redirects to jsp2.jsp page.
  My question is: what paths should I use in jsp1.jsp file and in servlet.class file?
  Thanks in Advance for all your help,
  ~ Nirav

  There is a major security breach in authenticating
  iPlanet Web Server 6.0 SP3 and SP4 using Sun ONE
  Directory Server. Using a valid user id, any
  password except null string would allow user access
  the restricted resources. iPlanet Web Server 6.0 SP5
  and 4.1 SP12 worked fine with similar configuration.Did you get an answer for this?
  We are having the exact same problems with our iPlanet Web server 6.0 SP3.
  thank you.

• Integrating iPlanet Web Server 6.0 with SunOne App Server 7.0

  I am experiencing problems integrating iPlanet Web Server 6.0 with SunOne App Server 7.0
  My magnus.conf is
  #ServerRoot /usr/iplanet/servers/https-test
  ServerID https-test
  ServerName sulev016.eur.gep.ge.com
  ErrorLog /usr/iplanet/servers/https-test/logs/errors
  PidLog /usr/iplanet/servers/https-test/logs/pid
  User root
  MtaHost localhost
  DNS off
  Security off
  ClientLanguage en
  AdminLanguage en
  DefaultLanguage en
  RqThrottle 128
  StackSize 131072
  CGIWaitPid on
  TempDir /tmp/https-test-ab0d7966
  Init fn=flex-init access="$accesslog" format.access="%Ses->client.ip% - %Req->vars.auth-user% [%SYSDATE%] \"%Req->reqpb.clf-request%\" %Req->srvhdrs.clf-status% %Req->srvhdrs.content-length%"
  Init fn=load-types mime-types=mime.types
  Init fn="load-modules" shlib="/usr/iplanet/servers/bin/https/lib/libNSServletPlugin.so" funcs="NSServletEarlyInit,NSServletLateInit,NSServletNameTrans,NSServletService" shlib_flags="(global|now)"
  Init fn="NSServletEarlyInit" EarlyInit=yes
  Init fn="NSServletLateInit" LateInit=yes
  Init fn="load-modules" shlib="/usr/iplanet/servers/plugins/passthrough/bin/libpassthrough.so" funcs="init-passthrough,auth-passthrough,check-passthrough,service-passthrough" NativeThread="no"
  Init fn="init-passthrough"
  ==========================================
  my obj.conf is
  <Object name=default>
  NameTrans fn="assign-name" from="(/OMS|/OMS/*)" name="passthrough"
  NameTrans fn="NSServletNameTrans" name="servlet"
  NameTrans fn="pfx2dir" from="/servlet" dir="/usr/iplanet/servers/docs/servlet" name="ServletByExt"
  NameTrans fn=pfx2dir from=/mc-icons dir="/usr/iplanet/servers/ns-icons" name="es-internal"
  NameTrans fn="pfx2dir" from="/manual" dir="/usr/iplanet/servers/manual/https" name="es-internal"
  NameTrans fn=document-root root="$docroot"
  PathCheck fn=unix-uri-clean
  PathCheck fn="check-acl" acl="default"
  PathCheck fn=find-pathinfo
  PathCheck fn=find-index index-names="index.html,home.html"
  ObjectType fn=type-by-extension
  ObjectType fn=force-type type=text/plain
  Service type="magnus-internal/jsp" fn="NSServletService"
  Service method=(GET|HEAD) type=magnus-internal/imagemap fn=imagemap
  Service method=(GET|HEAD) type=magnus-internal/directory fn=index-common
  Service method=(GET|HEAD) type=*~magnus-internal/* fn=send-file
  AddLog fn=flex-log name="access"
  </Object>
  <Object name=cgi>
  ObjectType fn=force-type type=magnus-internal/cgi
  Service fn=send-cgi user="$user" group="$group" chroot="$chroot" dir="$dir" nice="$nice"
  </Object>
  <Object name="servlet">
  ObjectType fn=force-type type=text/html
  Service fn="NSServletService"
  </Object>
  <Object name="jsp092">
  ObjectType fn="type-by-extension"
  ObjectType fn="change-type" type="magnus-internal/jsp092" if-type="magnus-internal/jsp"
  Service fn="NSServletService" type="magnus-internal/jsp092"
  </Object>
  <Object name="ServletByExt">
  ObjectType fn=force-type type=magnus-internal/servlet
  Service type="magnus-internal/servlet" fn="NSServletService"
  </Object>
  <Object name="es-internal">
  PathCheck fn="check-acl" acl="es-internal"
  </Object>
  <Object name="passthrough">
  ObjectType fn="force-type" type="magnus-internal/passthrough" Service type="magnus-internal/passthrough" fn="service-passthrough" servers="http://3.224.68.131:81"
  Error reason="Bad Gateway" fn="send-error" uri="$docroot/badgateway.html"
  </Object>
  The requests are not passing through to the app server when i try to access it through port 80.
  Presently I am testing my appln over port 81 on the app server.
  Thanks and Regards
  Vineet Guliani

  Each ObjectType and Service directive should begin on a new line. You appear to have placed two directives on a single line.

• IPlanet Web Server 6.1 ERROR ,URGENT

  I've Installed iPlanet Web Server 6.1 in Solaris 9 I have installed iPlanet 6.0 too its working good but 6.1 is sending this error when strating up.
  warning: CORE3283: stderr: There was an error trying to initialize the HPI library.
  warning: CORE3283: stderr: Please check your installation, HotSpot does not work correctly
  warning: CORE3283: stderr: when installed in the JDK 1.2 Solaris Production Release, or
  warning: CORE3283: stderr: with any JDK 1.1.x release.
  catastrophe: CORE4005: Internal error: unable to create JVM
  failure: CORE4009: Failed to load JVM (check your JRE)
  failure: CORE3187: Late initialization failed: Error running init function load-modules: initialization of /aplicaciones/bin/https/lib/libj2eeplugin.so failed
  Can enybody Help me with this???
  THANX!!

  Hello Dear Friend Urgent Programmer
  I'am Alfonso Franco member of Sun Developer
  that is requested your questions Look:
  1 - Please check out your System is ready to download this iPlanet Web Server 6.1
  2- Suppose that you System is ready needs to
  configure your setup add/remove program in
  you computer that matches with the Web Server
  3- if continue the problem error after this
  analize very fine the problem and for end
  we going to create the exact library and
  port in it's Servers with a Java Program Database .
  well my friend expect that thoses advice may serve something to solve this
  problem for more contact to [email protected] to follow helping sincerely as "Good Programmer "

• FW: iPlanet Web Server 4.x Advisory

  All--
  A message from iPlanet about iWS:
  Recommend Immediate Patch/Upgrade
  We are writing to inform you of an important upgrade recommendation. iPlanet
  has identified a security vulnerability in the iPlanet Web Server Enterprise
  Edition 4.x products. This problem does not affect any Web Server releases
  prior to the 4.x versions, however it does affect all iPlanet applications
  operating on the Web Server platform.
  A patch and implementation instructions to address the problem are now
  available on the iPlanet.com Tech Support site at
  http://www.iplanet.com/support/. Without this patch/upgrade, the problem
  will persist and affect your site's data security, potentially leading to a
  data corruption event.
  iPlanet urges all iPlanet Web Server customers to upgrade immediately to
  prevent any potential data security risks, and we apologize for any
  inconvenience that this may cause you.
  If you have additional technical questions, please call your technical
  support contact.
  Sincerely,
  Annelies Habermacher
  Vice President, Worldwide Customer Support
  iPlanet E-Commerce Solutions
  See the following links for more information:
  http://atstake.com/research/advisories/2001/index.html#041601-1
  http://www.kb.cert.org/vuls/id/276767
  The iPlanet JATO Team

  Can you provide the error logs file of the instance which fails to start?
  Thanks

• Query on Support of IPLANET WEB SERVER

  Hi
  Kindly note that as in Download section I am not able to see the IPLANET WEB SERVER in WEB SERVER CATEGORY. As when i click on Sun One web Server in some of the location it shows that "formerly iplanet web server" As I have one doubt regarding that whether Now the support & Newer version for IPLANET WEB SERVER has been dropped from Sun ? If I want to download Iplane web server 6.0 from where I can get it ?

  At first it is iPlanet web server, then Sun ONE web server. Now it is called Sun Java System Web Server. 7.0 is the current version.
  Check this web page for support related questions:
  http://www.sun.com/software/products/web_srvr/lifecycle.xml
  Download the last known release of Sun ONE web server 6.0 from:
  http://www.sun.com/download/products.xml?id=43a84f89

• IPlanet Web Server 6.0 SP3-4: authenticating succeeds with bogus password

  There is a very serious problem with ACL configured to authenticate against the ldap server.
  Going through the Global settings, if you configure it to use a Ldap server and then configure the ACL to allow only the authenticated users... however, by typing a bogus password, as long as userid is correct, I can get access to the URL pages.
  Previously, I have responded to "Thuan Nguyen" in the subject "Problem authenticating iPlanet Web Server 6.0 SP3 and SP4 with LDAP", regarding authentication to the Ldap with bogus password.
  I have emailed and called in to inform SUN of this severe security problem with their Web Server, but I don't even know if this information is getting through.
  Isn't there anyone out there who can also confirm this?
  And if there is any existing workarounds for this?
  Thank you.

  This is documented in the 6.0 SP5 (and higher)
  release notes as fixed problem 4770629, and,
  according to the SP5 release notes, "All users of
  previous versions of Sun ONE Web Server are strongly
  recommended to install this service pack."
  Note that the problem only occurs when the LDAP entry
  lacks a uid.Thanks for the info. However, the LDAP server I'm using does have the UID value.
  Regardless, I will try the SP5 and get back to you.
  Thank you.

• Any way to capture output from iPlanet Web Server V6 at socket level?

  Hi,
  I'm wondering if it's possible to configure the iPlanet Web Server (V6) so that I can capture the full request and response of a hit and "log" them to another process. Something like a pipeline of NSAPI modules would be ideal. I've written similar code for Apache, IIS, and Tomcat and am wondering if this is possible for iPlanet?
  Thanks.

  Hi, I was wondering if you ever received a response to your question. If so, can you please share it with me?
  Thanks,
  Tracy
  [email protected]

• Hi, I am using HP11 and iPlanet web server. When trying to upload files over HTTP using FORM ENCTYPE="multipart/form-data" that are bigger than a few Kilobytes i get a 408 error. (client timeout).

  Hi, I am using HP11 and iPlanet web server. When trying to upload files over HTTP using FORM ENCTYPE="multipart/form-data" that are bigger than a few Kilobytes i get a 408 error. (client timeout). It is as if the server has decided that the client has timed out during the file upload. The default setting is 30 seconds for AcceptTimeout in the magnus.conf file. This should be ample to get the file across, even increasing this to 2 minutes just produces the same error after 2 minutes. Any help appreciated. Apologies if this is not the correct forum for this, I couldn't see one for iPlanet and Web, many thanks, Kieran.

  Hi,
  You didnt mention which version of IWS. follow these steps.
  (1)Goto Web Server Administration Server, select the server you want to manage.
  (2)Select Preference >> Perfomance Tuning.
  (3)set HTTP Persistent Connection Timeout to your choice (eg 180 sec for three minutes)
  (4) Apply changes and restart the server.
  *Setting the timeout to a lower value, however, may    prevent the transfer of large files as timeout does not refer to the time that the connection has been idle. For example, if you are using a 2400 baud modem, and the request timeout is set to 180 seconds, then the maximum file size that can be transferred before   the connection is closed is 432000 bits (2400 multiplied by 180)
  Regards
  T.Raghulan
  [email protected]

• Can iDSIE (Meta-directory) be used as a single authentication point from iPlanet Web Server for multiple databases using direct "or" indirect connectors?

  Basically, the latest release of iPlanet Web Server forces the user/group information source to be an LDAP database. Currently, the user accounts are in Active Directory, NT, Oracle and NetWare Directory Service in this heterogeneous environment.
  What I am looking for is a meta-directory product which can do two things:
  1-Single authentiation point for users in mulitple databases from iPlanet Web Server.
  2-Single administration point for all of the databases listed above.
  For example, can I add/modify/delete a user account at the meta-directory level and have this propagate to all of the databases listed above reducing the administration to one meta-directory product?

  With an Virtual Directory solution, you can authenticate Iplanet Web Server against nearly anything including any LDAPv3 Directory Server, Microsoft Active Directory, Windows NT Domains, Oracle RDBMS, IBM DB2 RDBMS, Microsoft SQL, and others.
  All of this is done dynamically and doesn't require any heavyweight synchronization process. The Virtual Directory acts as a dynamic schema / DIT / data translation engine for different types of repositories.
  OctetString's Virtual Directory Engine is one such example. You can download a 30 day evaluation copy at:
  http://www.octetstring.com
  It will take you all of 30 minutes to get iPlanet Web Server authenticated against and using groups from things like Oracle RDBMS, Windows NT Domains, or Active Directory.

• Using iPlanet Web Server 6.0 (with ASP or JSP), is it possible to create a StarOffice, Word or Acrobat document using a template and merging it with data from a database (say Oracle)?

   

  Hi,
  It is possible, But it has to be done through codes and iPlanet Web Server has nothing to do with it. But if you want to create the word document by ASP you have to install ASP plugin like ChilliASP (from Chilisoft) with iPlanet Web Server.Merging with database can be done through your code.
  To know more abt creating word doc through ASP try this link
  http://web.ukonline.co.uk/vance/code/aspworddoc.pdf
  Regards,
  T.Raghulan.

• Works in Tomcat but not in iPlanet Web server

  I have a servlet which first generates a form which has one input field, when user fills in the text field and submits the form it is posted to same servlet. The posted data is processed and redirected to another servlet. Everything works fine on Tomcat3.2 but fails to work on iPlanet web server and throws HTTP Error 500.
  Can someone help me with this? What might be the problem?

  Don't know whey it worked in Tomcat and not in iPlanet, but the reason is because I missed '/' in getRequestDispatcher() methoc
  public RequestDispatcher getRequestDispatcher(java.lang.String path)
  The pathname must begin with a "/" and is interpreted as relative to the current context root.