JANUS WEB exception rules
JANUS WEB ON, TYPE, and REDIRECT rules can also be used to assign special URLs to handle exception conditions. Exception conditions are conditions that are outside the normal course of Janus Web Server application processing. To specify an exception handling rule, simply issue the appropriate JANUS WEB rule with the name of the exception condition specified for the URL, as in the following:
JANUS WEB WEBPORT ON REQCANCEL OPEN FILE EXCPROC CMD 'I REQCANCEL'
Exception rules must be specified with the complete exception condition name (with no wildcards) in the URL. A rule that contains a wildcard in the URL is not applied to an exception condition, even if the wildcard string matches the exception condition.
For example, the following rule will not be applied to a REQCANCEL condition, even though technically
.REQCANCEL matches the * (asterisk) wildcard string.
JANUS WEB WEBPORT ON * CMD WEBSYS
Valid exception handlers are:
|Invoked when EOD is ON.
|Invoked when a browser requests a URL that it is forbidden to view. This is different from UNAUTHORIZED (described below): a URL is "forbidden" if no matter what userid the user logs on to, they are not permitted to view the URL. Such a URL is likely one that is restricted to browsers or proxies with certain IP addresses.
|Invoked when a login for a user fails for whatever reason. This exception handler could presumably determine the cause of the error by:
|Invoked when a user successfully changes his or her password. This can be used to send an explanatory page explaining the somewhat odd behavior of browsers after a password change.
|Invoked when a web request requires terminal input at command level, and it has not issued a $Web_Done (or done a $WEB_PROC_SEND without MORE). This will only happen if the NOAUTODONE parameter was issued on the appropriate JANUS DEFINE or JANUS WEB ON command. This exception handler can be useful in catching conditions that would result in raw Model 204 error messages being sent back to the browser, such as
M204.1169: CAN'T INCLUDE procname or
M204.1126: SUBSYSTEM subsys MUST BE STARTED.
|Invoked when a port has the WEBLOGCOOKIE parameter set but a browser does not provide the login cookie for a public URL.
|Invoked when a URL without an associated JANUS WEB ON RULE is requested. This handler can be useful to redirect requests for invalid URLs back to a common home page, or to return a "prettier" error page than the standard Janus Web Server "Not found" page.
|Invoked when a login is required for the requested URL but the browser has not sent a userid and password. The default action in this situation, the sending of a "401 Unauthorized" to the browser, is probably the correct action in almost all cases. However, you can use a NOUSERID exception handler to customize the "Unauthorized" message to something like "Userid and password required."
|Invoked when there is an error opening a file or group in the JANUS DEFINE command for the port or the JANUS WEB ON rule for the requested URL.
|Invoked when a User Language procedure that is processing a JANUS WEB ON rule is cancelled. This handler can be useful to return a "prettier" error page than the standard Janus Web Server "Internal server error" page. It can also be used to log error diagnostics or send an error notification to appropriate people.
|Invoked when a Janus Web Server thread is restarted, RESTART is not allowed on any rules except REDIRECT. This handler can be useful to return a "prettier" error page than the standard Janus Web Server "Internal server error" page. It can also be used to send an error notification to appropriate people. The time and last error message at the time of the restart are added to the redirect URL as isindex data.
|Invoked when there are no common ciphers between the Janus Web Server SSL port and the browser. The most common cause of this is a browser that does not have high-grade (128-bit RC4) encryption, but the Janus Web Server port has been configured to accept only high-grade encryption connections. An SSLCIPHERERR rule can return a page to the browser that explains the problem, and it can even contain links to download a browser with high-grade security.
|Invoked when a user tries to connect to an SSL port defined with the SSLCLCERTR parameter but does not present a client certificate. This can be useful in presenting a user with the information that a client certificate is required and how such a certificate might be obtained.
|Invoked when a user tries to connect using an SSL protocol version that is not being allowed. Generally this would be used to respond to attempts to connect to Janus Web Server using SSL V2 when only SSL V3 is being allowed.
|Invoked when a login is required for the requested URL and the browser has sent a valid userid and password, but the userid is not authorized to retrieve the requested URL, that is, the URL is restricted to certain userids. The default action in this situation, the sending of a "401 Unauthorized" to the browser, results in a logon pop-up window being presented to the end-user by the browser, making it possible for the end-user to logon to a different userid.
Unfortunately, there is no way for a user to distinguish the logon pop-up window presented as a result of "valid userid and password but userid not authorized" from that presented because of an invalid userid or password. In addition, allowing the user to change userids does not make sense in the case where an end-user only has a single userid.
To deal with these problems, A