Defining Web rules: Difference between revisions

From m204wiki
Jump to navigation Jump to search
mNo edit summary
m (typo)
 
(17 intermediate revisions by 4 users not shown)
Line 1: Line 1:
Other web servers usually have a configuration file which defines the
Other web servers usually have a configuration file which defines the
rules by which the server will run.
rules by which the server will run.
The <var class="product">Janus Web Server</var> uses Janus
The <var class="product">[[Janus Web Server]]</var> uses Janus
subcommands.
subcommands.
These subcommands are typically executed in <var class="product">Model 204</var>'s
These subcommands are typically executed in <var class="product">Model&nbsp;204</var>'s
CCAIN stream or from a procedure.
CCAIN stream or from a procedure.
Because the rules become complex, and
Because the rules become complex, and
because Janus allows the rules to be changed while the server is
because Janus allows the rules to be changed while the server is
running, it is useful to keep the commands for defining a particular
running, it is useful to keep the commands for defining a particular
port in a <var class="product">Model 204</var> procedure.
port in a <var class="product">Model&nbsp;204</var> procedure.
   
   
For information about
For information about
the actions taken for the various subcommands of the
the actions taken for the various subcommands of the
<var>JANUS DEFINE</var> and <var>JANUS WEB</var> commands, see [[#Command execution order|"Command execution order"]].
<var>JANUS DEFINE</var> and <var>JANUS WEB</var> commands, see [[#Command execution order|Command execution order]].
   
   
Any number of web clients may simultaneously access a <var class="product">Model 204</var> online
Any number of web clients may simultaneously access a <var class="product">Model&nbsp;204</var> Online
that has <var class="product">Janus Web Server</var>, limited only by the number of <var class="product">Janus Web Server</var> threads the
that has <var class="product">Janus Web Server</var>, limited only by the number of <var class="product">Janus Web Server</var> threads the
site is licensed for.
site is licensed for.
   
   
Each web server is associated with a specific
Each web server is associated with a specific port number.
port number.
By convention, web servers usually run at port 80, and
By convention, web servers usually run at port 80, and
test ports typically use ports 8000, 8001, and 8080.
test ports typically use ports 8000, 8001, and 8080.
However, you may use any port number available on the <var class="product">Janus TCP/IP
However, you may use any port number available on the <var class="product">[[Janus TCP/IP Base]]</var>, from 1 to 65535.
Base</var>, from 1 to 65535.
If you want to have multiple port
If you want to have multiple port
numbers available for web clients, issue <var>JANUS DEFINE</var> commands for
numbers available for web clients, issue <var>JANUS DEFINE</var> commands for
<var>WEB</var> servers at those port numbers.
<var>WEB</var> servers at those port numbers.
==Automatic Web Rules==
Prior to version Model 204 Version 7.7, the following two web rules were automatically in force as soon as a port is defined:
<p class="code">JANUS WEB <portname> ON / OPEN FILE SIRIUS CMD 'INCLUDE JANWEB.HOMEPAGE.HTML'
JANUS WEB <portname> ON /JANWEB/* OPEN FILE SIRIUS CMD 'INCLUDE JANWEB.*'
</p>
As of Model 204 Version 7.7 there are no automatic web rules. Furthermore, as of RKTools V7.7 the demo code and Janus SSL maintenance application that allows you to generate self-signed security certificates and certificate requests, have been moved to M204PROC. To get the same access provided the old automatic rules the following two rules would need to be added to a web port:
<p class="code">JANUS WEB <portname> ON / OPEN FILE M204PROC CMD 'INCLUDE JANWEB.HOMEPAGE.HTML'
JANUS WEB <portname> ON /JANWEB/* OPEN FILE M204PROC CMD 'INCLUDE JANWEB.*'
</p>


==Sample Web Rules Deck==
==Sample Web rules deck==
Here is a typical set of rules for defining a <var class="product">Janus Web Server</var> port,
Here is a typical set of rules for defining a <var class="product">Janus Web Server</var> port,
associating Web rules with it, and starting it:
associating Web rules with it, and starting it:
<p class="code">&#42; First make sure the port definition isn't
<p class="code">&#42; First make sure the port definition isn't already there:
&#42; already there.
&#42;
&#42;
JANUS FORCE WEBBY
JANUS FORCE WEBBY
JANUS DELETE WEBBY
JANUS DELETE WEBBY
&#42;
&#42;
&#42; Then define WEBBY at port 80, allowing 300
&#42; Then define WEBBY at port 80, allowing 300 connections,
&#42; connections, opening a file and executing a
&#42; opening a file and executing a UTABLE command:
&#42; UTABLE command.
&#42;
&#42;
JANUS DEFINE WEBBY 80 WEBSERV 300 WEBUSER -
JANUS DEFINE WEBBY 80 WEBSERV 300 WEBUSER -
Line 54: Line 41:
       CMD 'UTABLE LSTBL 12000'
       CMD 'UTABLE LSTBL 12000'
&#42;
&#42;
&#42; Then define a group of IP addresses that will
&#42; Then define a group of IP addresses that will be granted
&#42; be granted access to the port (deleting previous
&#42; access to the port (deleting previous definitions first):
&#42; definitions first).
&#42;
&#42;
JANUS DELETEIPGROUP PRIVILEGED
JANUS DELETEIPGROUP PRIVILEGED
Line 62: Line 48:
       198.242.244.0-3 169.231.0.0-24 184.194.222.7
       198.242.244.0-3 169.231.0.0-24 184.194.222.7
&#42;
&#42;
&#42; Then define a group of user IDs that will be
&#42; Then define a group of user IDs that will be granted access
&#42; granted access to the port (deleting previous
&#42; to the port (deleting previous definitions first):
&#42; definitions first).
&#42;
&#42;
JANUS DELETEUSGROUP CLOWNS
JANUS DELETEUSGROUP CLOWNS
JANUS DEFINEUSGGROUP CLOWNS MILKY* BOZO*
JANUS DEFINEUSGGROUP CLOWNS MILKY* BOZO*
&#42;
&#42;
&#42; Specify any redirection &mdash; here we transfer
&#42; Specify any redirection &mdash; here we transfer any requests
&#42; any requests for Java applications to another
&#42; for Java applications to another web server:
&#42; web server.
&#42;
&#42;
JANUS WEB WEBBY NOREDIRECT
JANUS WEB WEBBY NOREDIRECT
Line 77: Line 61:
       http://sirius-software.com:8080/java/*.jav
       http://sirius-software.com:8080/java/*.jav
&#42;
&#42;
&#42; Revoke all access globally to clear old rules,
&#42; Revoke all access globally to clear old rules, then re-grant
&#42; then re-grant access based on the above-defined
&#42; access based on the above-defined groups:
&#42; groups.
&#42;
&#42;
JANUS WEB WEBBY DISALLOW *
JANUS WEB WEBBY DISALLOW *
Line 86: Line 69:
JANUS WEB WEBBY DISALLOW IPADDR 198.242.244.41
JANUS WEB WEBBY DISALLOW IPADDR 198.242.244.41
&#42;
&#42;
&#42; Specify content type with the TYPE subcommand.
&#42; Specify content type with the TYPE subcommand:
&#42;
&#42;
JANUS WEB WEBBY TYPE *.PDF application/pdf
JANUS WEB WEBBY TYPE *.PDF application/pdf
&#42;
&#42;
&#42; Use "ON" commands to specify actions that are
&#42; Use "ON" commands to specify actions that are taken
&#42; taken when incoming requests contain the
&#42; when incoming requests contain the specified string:
&#42; specified string.
&#42;
&#42;
JANUS WEB WEBBY ON /*.HTML SEND HTML_*
JANUS WEB WEBBY ON /*.HTML SEND HTML_*
Line 102: Line 84:
Each execution of a <var>[[JANUS WEB]]</var> subcommand adds to the set of rules for
Each execution of a <var>[[JANUS WEB]]</var> subcommand adds to the set of rules for
the specified <var class="product">Web Server</var> port.
the specified <var class="product">Web Server</var> port.
Individual rules cannot be deleted nor
Individual rules cannot be deleted nor modified; all rules can be deleted only by stopping and deleting the
modified; all rules can be deleted only by stopping and deleting the
port definition.
port definition.
However, this should not be necessary, as long as you
However, this should not be necessary, as long as you follow two guidelines:
follow two guidelines:
<ol>
<ol>
<li>Specify the most general rules first and most specific last.
<li>Specify the most general rules first and most specific last.
Line 116: Line 96:
defined.
defined.
For example, look at the <var>[[JANUS WEB ALLOW|ALLOW]]</var> directives:
For example, look at the <var>[[JANUS WEB ALLOW|ALLOW]]</var> directives:
The first rule
The first rule eliminates all previous permissions with a <code>DISALLOW *</code> before any <var>ALLOW</var>s
eliminates all previous permissions with a <code>DISALLOW *</code> before any <var>ALLOW</var>s
are specified.
are specified.
   
   
The <var>DEFINE</var> command near the top of the sample rules specifies a World
The <var>[[JANUS DEFINE]]</var> command near the top of the sample rules specifies a World
Wide Web server to be created at port 80 and to be called <code>WEBBY</code>.
Wide Web server to be created at port 80 and to be called <code>WEBBY</code>.
It
It allows up to 300 simultaneous connections, and connections requesting
allows up to 300 simultaneous connections, and connections requesting
URLs that don't require logons will appear in <var class="product">Model&nbsp;204</var> as being
URLs that don't require logons will appear in <var class="product">Model 204</var> as being
associated with the user ID <code>WWWUSER</code> (in the journal, in <var>LOGWHO</var> commands, etc.).
associated with the userid <code>WWWUSER</code> (in the journal, in <var>LOGWHO</var>
commands, etc.).
   
   
A group named <code>WEBDOCS</code> is opened.
A group named <code>WEBDOCS</code> is opened.
The <code>CMD</code> sets <var>LSTBL</var> to 12000 for WWW
The <code>CMD</code> sets <var>LSTBL</var> to 12000 for WWW users.
users.
URL processing is handled by rules specified on <var>JANUS WEB</var>
URL processing is handled by rules specified on <var>JANUS WEB</var>
subcommands &mdash; this is the default processing when <var>CMD</var> doesn't re-route
subcommands &mdash; this is the default processing when <var>CMD</var> doesn't re-route
processing to either an APSY or a <var class="product">User Language</var> procedure.
processing to either an APSY or a <var class="product">SOUL</var> procedure.
   
   
The <var>JANUS WEB</var> subcommand defines how the web server will act.
The <var>JANUS WEB</var> subcommand defines how the web server will act.
Most of the other
Most of the other commands are common to any Janus port.
commands are common to any Janus port.
See <var>[[JANUS WEB]]</var>
for the full <var>JANUS WEB</var> command syntax.


==Command execution order==
==Command execution order==
Line 151: Line 124:
These commands are always the first to execute on any port.
These commands are always the first to execute on any port.
For Web Servers, the <var>OPEN</var> command might open the file containing HTML
For Web Servers, the <var>OPEN</var> command might open the file containing HTML
procedures, and the <var>CMD</var> command can be used to reset <var>UTABLE</var> settings.</p>
procedures, and the <var>CMD</var> command can be used to reset <var>UTABLE</var> settings. </p></li>
 
<li><var>[[JANUS WEB REDIRECT|REDIRECT]]</var>/<var>[[JANUS WEB NOREDIRECT|NOREDIRECT]]</var>
<li><var>[[JANUS WEB REDIRECT|REDIRECT]]</var>/<var>[[JANUS WEB NOREDIRECT|NOREDIRECT]]</var>
<p>
<p>
Any requests that are being handled outside the Web Server are
Any requests that are being handled outside the Web Server are
immediately routed out.</p>
immediately routed out. </p></li>
 
<li><var>[[JANUS WEB ALLOW|ALLOW]]</var>/<var>[[JANUS WEB DISALLOW|DISALLOW]]</var>
<li><var>[[JANUS WEB ALLOW|ALLOW]]</var>/<var>[[JANUS WEB DISALLOW|DISALLOW]]</var>
<p>
<p>
Access security rules are applied.
Access security rules are applied.
Anytime a <code>USER</code> or <code>USGROUP</code> is specified, <var class="product">Model204</var> logon processing
Anytime a <code>USER</code> or <code>USGROUP</code> is specified, <var class="product">Model&nbsp;204</var> logon processing
is invoked. </p>
is invoked. </p></li>
 
<li><var>[[JANUS WEB TYPE]]</var> definitions
<li><var>[[JANUS WEB TYPE]]</var> definitions
<p>
<p>
Datatype (mime) specifications are applied to URLs.   </p>
Datatype (mime) specifications are applied to URLs. </p></li>
 
<li><var>OPEN</var> and <var>CMD</var> processing from the <var>JANUS DEFINE</var> command
<li><var>OPEN</var> and <var>CMD</var> processing from the <var>JANUS DEFINE</var> command
<p>
<p>
The <var>OPEN</var> and <var>CMD</var> commands on the <var>DEFINE</var> statement can initiate
The <var>OPEN</var> and <var>CMD</var> commands on the <var>DEFINE</var> command can initiate
a generic web driver procedure to be used to collect
a generic web driver procedure to be used to collect
usage activity for the port &mdash; perhaps based on URL, userid, or IP
usage activity for the port &mdash; perhaps based on URL, user ID, or IP
address.   </p>
address. </p></li>
 
<li><var>[[JANUS WEB ON]]</var> directives
<li><var>[[JANUS WEB ON]]</var> directives
<p>
<p>
The <var>[[JANUS WEB ON#open|OPEN]]</var> parameter in an <var>ON</var> rule opens a file or group specific to the
The <var>[[JANUS WEB ON#open|OPEN]]</var> parameter in an <var>ON</var> rule opens a file or group specific to the
URL, and the <var>[[JANUS WEB ON#cmd|CMD]]</var>, <var>[[JANUS WEB ON#SEND pname|SEND]]</var>, or <var>[[JANUS WEB ON#RECV pname|RECEIVE]]</var> parameter indicates the action to be
URL, and the <var>[[JANUS WEB ON#cmd|CMD]]</var>, <var>[[JANUS WEB ON#SEND pname|SEND]]</var>, or <var>[[JANUS WEB ON#RECV pname|RECEIVE]]</var> parameter indicates the action to be
taken for matching URLs. </p>
taken for matching URLs. </p></li>
</ol>
</ol>
   
   
Line 180: Line 158:
order for the first match; that is, the last matching rule specified
order for the first match; that is, the last matching rule specified
takes precedence over all previous rules.
takes precedence over all previous rules.
==Automatic Web rules==
As an aid to initially setting up and testing server ports, Janus Web Server currently applies the following built-in (assembler code) rules. They are in effect unless disabled or overridden by user-supplied <var>JANUS WEB</var> rules:
<p class="code">JANUS WEB <i>portname</i> DISALLOW *
JANUS WEB <i>portname</i> TYPE ANY * TEXT/PLAIN
JANUS WEB <i>portname</i> TYPE ANY *.HTML TEXT/HTML
JANUS WEB <i>portname</i> TYPE ANY / TEXT/HTML 
JANUS WEB <i>portname</i> TYPE ANY *.HTM TEXT/HTML
JANUS WEB <i>portname</i> TYPE ANY *.GIF IMAGE/GIF
JANUS WEB <i>portname</i> TYPE ANY *.JPEG IMAGE/JPEG
JANUS WEB <i>portname</i> TYPE ANY *.JPG IMAGE/JPEG </p>                               
These rules take effect for a Janus port specified by a <var>JANUS DEFINE <i>portname</i></var> command.
===Notes===
<ul>
<li>Prior to Model&nbsp;204 version 7.6, the following two rules were also automatically in force as soon as a port was defined:
<p class="code">JANUS WEB <i>portname</i> ON / OPEN FILE SIRIUS CMD 'INCLUDE JANWEB.HOMEPAGE.HTML'
JANUS WEB <i>portname</i> ON /JANWEB/* OPEN FILE SIRIUS CMD 'INCLUDE JANWEB.*' </p>
<p>
These rules set up access to the Janus Web sample home page and to demonstration application procedures. As of Model&nbsp;204 7.6, there are no automatic <var>JANUS WEB ON</var> rules, so the above rules need to be manually added to a port just like any other rules. </p>
<p>
Furthermore, as of [[RKTools]] version 7.7, the code for the Janus Network Security SSL maintenance application, which provides for generation of self-signed security certificates and certificate requests, and the code for the Janus Web demonstration applications resides in the <code>M204PROC</code> file instead of in the <code>SIRIUS</code> file. To get the same access to a web port that the old automatic rules provided, these are the rules to add manually for the port: </p>
<p class="code">JANUS WEB <i>portname</i> ON / OPEN FILE M204PROC CMD 'INCLUDE JANWEB.HOMEPAGE.HTML'
JANUS WEB <i>portname</i> ON /JANWEB/* OPEN FILE M204PROC CMD 'INCLUDE JANWEB.*'
</p></li>
<li>Prior to Model&nbsp;204 version 7.6, the default <var>ALLOW</var> rule for non-SSL Web ports was:
<p class="code">JANUS WEB <i>portname</i> ALLOW *
</p>
<p>
This rule made all non-SSL web pages public. Model&nbsp;204 7.6 maintenance zaps change the automatic <var>ALLOW</var> rule to: </p>
<p class="code">JANUS WEB <i>portname</i> DISALLOW *
</p>
<p>
This rule means that a system administrator must explicitly define <var>ALLOW</var> rules to enable users to access non-SSL ports. </p>
<blockquote class="note"><b>Notes:</b>
<ul>
<li>With version 7.6 zap 76Z090 or version 7.7 zap 77Z420, you can make the default <var>ALLOW</var> rule as it was in version 7.5 and earlier (<code>ALLOW *</code>) by turning on the 1 bit of the <var>[[WEBDFLT parameter|WEBDFLT]]</var> parameter:
<p class="code">RESET WEBDFLT=1</p></li>
<li>If the Janus port definition includes the <var>[[SSL (JANUS DEFINE parameter)|SSL]]</var> parameter, the default <var>DISALLOW/ALLOW</var> rule was and is:
<p class="code">JANUS WEB <i>portname</i> DISALLOW *
JANUS WEB <i>portname</i> ALLOW * USER <i>user</i> </p></li>
</ul>
</blockquote ></li>
</ul>


==See also==
==See also==

Latest revision as of 20:50, 10 February 2017

Other web servers usually have a configuration file which defines the rules by which the server will run. The Janus Web Server uses Janus subcommands. These subcommands are typically executed in Model 204's CCAIN stream or from a procedure. Because the rules become complex, and because Janus allows the rules to be changed while the server is running, it is useful to keep the commands for defining a particular port in a Model 204 procedure.

For information about the actions taken for the various subcommands of the JANUS DEFINE and JANUS WEB commands, see Command execution order.

Any number of web clients may simultaneously access a Model 204 Online that has Janus Web Server, limited only by the number of Janus Web Server threads the site is licensed for.

Each web server is associated with a specific port number. By convention, web servers usually run at port 80, and test ports typically use ports 8000, 8001, and 8080. However, you may use any port number available on the Janus TCP/IP Base, from 1 to 65535. If you want to have multiple port numbers available for web clients, issue JANUS DEFINE commands for WEB servers at those port numbers.

Sample Web rules deck

Here is a typical set of rules for defining a Janus Web Server port, associating Web rules with it, and starting it:

* First make sure the port definition isn't already there: * JANUS FORCE WEBBY JANUS DELETE WEBBY * * Then define WEBBY at port 80, allowing 300 connections, * opening a file and executing a UTABLE command: * JANUS DEFINE WEBBY 80 WEBSERV 300 WEBUSER - WWWUSER OPEN GROUP WEBDOCS - CMD 'UTABLE LSTBL 12000' * * Then define a group of IP addresses that will be granted * access to the port (deleting previous definitions first): * JANUS DELETEIPGROUP PRIVILEGED JANUS DEFINEIPGROUP PRIVILEGED - 198.242.244.0-3 169.231.0.0-24 184.194.222.7 * * Then define a group of user IDs that will be granted access * to the port (deleting previous definitions first): * JANUS DELETEUSGROUP CLOWNS JANUS DEFINEUSGGROUP CLOWNS MILKY* BOZO* * * Specify any redirection — here we transfer any requests * for Java applications to another web server: * JANUS WEB WEBBY NOREDIRECT JANUS WEB WEBBY REDIRECT *.jav - http://sirius-software.com:8080/java/*.jav * * Revoke all access globally to clear old rules, then re-grant * access based on the above-defined groups: * JANUS WEB WEBBY DISALLOW * JANUS WEB WEBBY ALLOW IPGROUP PRIVILEGED JANUS WEB WEBBY ALLOW USGROUP CLOWNS JANUS WEB WEBBY DISALLOW IPADDR 198.242.244.41 * * Specify content type with the TYPE subcommand: * JANUS WEB WEBBY TYPE *.PDF application/pdf * * Use "ON" commands to specify actions that are taken * when incoming requests contain the specified string: * JANUS WEB WEBBY ON /*.HTML SEND HTML_* JANUS WEB WEBBY ON /*.GIF SEND GIF_* JANUS WEB WEBBY ON /COMMAND/* CMD * JANUS START WEBBY

Each execution of a JANUS WEB subcommand adds to the set of rules for the specified Web Server port. Individual rules cannot be deleted nor modified; all rules can be deleted only by stopping and deleting the port definition. However, this should not be necessary, as long as you follow two guidelines:

  1. Specify the most general rules first and most specific last.
  2. Specify a first rule that will clear all related rules.

That is why the above examples specify a global rule first that revokes all previous definitions before new privileges or directives are defined. For example, look at the ALLOW directives: The first rule eliminates all previous permissions with a DISALLOW * before any ALLOWs are specified.

The JANUS DEFINE command near the top of the sample rules specifies a World Wide Web server to be created at port 80 and to be called WEBBY. It allows up to 300 simultaneous connections, and connections requesting URLs that don't require logons will appear in Model 204 as being associated with the user ID WWWUSER (in the journal, in LOGWHO commands, etc.).

A group named WEBDOCS is opened. The CMD sets LSTBL to 12000 for WWW users. URL processing is handled by rules specified on JANUS WEB subcommands — this is the default processing when CMD doesn't re-route processing to either an APSY or a SOUL procedure.

The JANUS WEB subcommand defines how the web server will act. Most of the other commands are common to any Janus port.

Command execution order

JANUS WEB rules are executed in a strict order which guarantees consistent access control and processing for URLs.

That order is:

  1. OPEN and CMD processing from the JANUS DEFINE subcommand.

    These commands are always the first to execute on any port. For Web Servers, the OPEN command might open the file containing HTML procedures, and the CMD command can be used to reset UTABLE settings.

  2. REDIRECT/NOREDIRECT

    Any requests that are being handled outside the Web Server are immediately routed out.

  3. ALLOW/DISALLOW

    Access security rules are applied. Anytime a USER or USGROUP is specified, Model 204 logon processing is invoked.

  4. JANUS WEB TYPE definitions

    Datatype (mime) specifications are applied to URLs.

  5. OPEN and CMD processing from the JANUS DEFINE command

    The OPEN and CMD commands on the DEFINE command can initiate a generic web driver procedure to be used to collect usage activity for the port — perhaps based on URL, user ID, or IP address.

  6. JANUS WEB ON directives

    The OPEN parameter in an ON rule opens a file or group specific to the URL, and the CMD, SEND, or RECEIVE parameter indicates the action to be taken for matching URLs.

Within the above order, the JANUS WEB rules are searched in reverse order for the first match; that is, the last matching rule specified takes precedence over all previous rules.

Automatic Web rules

As an aid to initially setting up and testing server ports, Janus Web Server currently applies the following built-in (assembler code) rules. They are in effect unless disabled or overridden by user-supplied JANUS WEB rules:

JANUS WEB portname DISALLOW * JANUS WEB portname TYPE ANY * TEXT/PLAIN JANUS WEB portname TYPE ANY *.HTML TEXT/HTML JANUS WEB portname TYPE ANY / TEXT/HTML JANUS WEB portname TYPE ANY *.HTM TEXT/HTML JANUS WEB portname TYPE ANY *.GIF IMAGE/GIF JANUS WEB portname TYPE ANY *.JPEG IMAGE/JPEG JANUS WEB portname TYPE ANY *.JPG IMAGE/JPEG

These rules take effect for a Janus port specified by a JANUS DEFINE portname command.

Notes

  • Prior to Model 204 version 7.6, the following two rules were also automatically in force as soon as a port was defined:

    JANUS WEB portname ON / OPEN FILE SIRIUS CMD 'INCLUDE JANWEB.HOMEPAGE.HTML' JANUS WEB portname ON /JANWEB/* OPEN FILE SIRIUS CMD 'INCLUDE JANWEB.*'

    These rules set up access to the Janus Web sample home page and to demonstration application procedures. As of Model 204 7.6, there are no automatic JANUS WEB ON rules, so the above rules need to be manually added to a port just like any other rules.

    Furthermore, as of RKTools version 7.7, the code for the Janus Network Security SSL maintenance application, which provides for generation of self-signed security certificates and certificate requests, and the code for the Janus Web demonstration applications resides in the M204PROC file instead of in the SIRIUS file. To get the same access to a web port that the old automatic rules provided, these are the rules to add manually for the port:

    JANUS WEB portname ON / OPEN FILE M204PROC CMD 'INCLUDE JANWEB.HOMEPAGE.HTML' JANUS WEB portname ON /JANWEB/* OPEN FILE M204PROC CMD 'INCLUDE JANWEB.*'

  • Prior to Model 204 version 7.6, the default ALLOW rule for non-SSL Web ports was:

    JANUS WEB portname ALLOW *

    This rule made all non-SSL web pages public. Model 204 7.6 maintenance zaps change the automatic ALLOW rule to:

    JANUS WEB portname DISALLOW *

    This rule means that a system administrator must explicitly define ALLOW rules to enable users to access non-SSL ports.

    Notes:

    • With version 7.6 zap 76Z090 or version 7.7 zap 77Z420, you can make the default ALLOW rule as it was in version 7.5 and earlier (ALLOW *) by turning on the 1 bit of the WEBDFLT parameter:

      RESET WEBDFLT=1

    • If the Janus port definition includes the SSL parameter, the default DISALLOW/ALLOW rule was and is:

      JANUS WEB portname DISALLOW * JANUS WEB portname ALLOW * USER user

See also