HTTP user manual

Revised for CPX 4.7.0.

Introduction
Virtual paths
URL processing
HTTP root directory
Default page
Access rights
Typical access problems and their solutions
HTTP site deploying

Http pages for IP traffic analysis (TRFA)

<<<<<<< mod_http_man.htm HyperText Tranfer Protocol port (HTTP)

======= Http port (HTTP)

>>>>>>> 1.3

Introduction

<<<<<<< mod_http_man.htm

Before using HTTP port of CPX you should decide about the next issues: =======

HTTP port can be used for representation service or user information on comfortable view. Before using HTTP port get answers for the next question:

>>>>>>> 1.3

Which kind of information you intend to offer (CPX built-in, disk files access, TRFA report)
Which kinds of information will you server represent (CPX built-in, disk files access, TRFA report)?
Where will you site be located on?
Whether you need user identification and individual access rights
Whether you need anonymous access
How many simultaneous users you expect to serve

<<<<<<< mod_http_man.htm Having decided on the the above issue you'll avoid errors in the site deploying. Follow next instruction to create your site easyly and quickly. =======

This information is allowed you to avoid errors for site deploying. Follow our instructions you will create you site easy and quickly. >>>>>>> 1.3

Virtual paths

<<<<<<< mod_http_man.htm

In CPX, files or built-in pages are all accessible under the so called Virtual paths. There are system virtual paths, which are not under user control, and there are virtual root paths which are user configurable.

Currently /sys/ is the system virtual path under which all built-in pages and system related files are published, for example /sys/trfa/trfa_info.html is the built-in page to access the traffic analysis service. Actually /sys/ correspond to the CPX working directory on disk (e.g. C:\4-7-0\). Only two special pages exists under the / path, they are login.htm and logout.htm, for ... login/logout purposes.

Virtual root paths are user configurable, and they allow to publish any local disk directory with a name immediately following the FQDN or the IP address. They are called "virtual root paths" because it is possible to specify only the the first name after the FQDN or the IP address, child directories will be automatically published with their name on disk. Note that since /sys/ is a reserved system virtual paths, it is not possible to configure /sys/ in the Virtual root paths table.

The whole name after the FQDN or the IP address is the complete virtual path. Either virtual root path or virtual path can be used to apply access rights, as shown in Access rights section.

Examples:

http://www.mysite.com/files/subdir1/index.hml
www.mysite.com is the FQDN
/files/ is the virtual root path
/files/subdir1/ is the virtual path
index.html is the document name

http://192.168.0.1/files/subdir1/index.hml
192.168.0.1 is the IP address
/files/ is the virtual root path
/files/subdir1/ is the virtual path
index.html is the document name
=======

Usually Virtual directories are used for hide real directory structure of disk from HTTP users. Moreover this feature allows to set flexible access rights for each directory. When you type URL on the address bar of you internet browser you always use virtual directories instead real. HTTP port will translate virtual directories to real itself. >>>>>>> 1.3

<<<<<<< mod_http_man.htm

A special case exists when the user wants to map a disk directory as the site root /, in which case the / is a virtual root path. If disk directory published as / contains a subdirectory with a name which is also configured as a virtual root path or is a system virtual path, the last take precedence. Similarly the system pages /login.htm and /logout.htm take precedence to files with the same names eventually present in the disk directory mapped to /.

URL processing

Any HTTP requests from a browser comes with the requested URL specified, here we describe how the URL is parsed and processed by the CPX HTTP port:

CPX HTTP port does not offer virtual servers service, therefore the FQDN or the IP address are first removed from URL and the remaining is separated in virtual path and file name.
For example:
=======
How HTTP port translates requested URL:
>>>>>>> 1.3
- http://www.mysite.com/default.htm will be parsed into virtual path=/ and file name=default.htm.
- http://192.168.0.1/main_dir/sub_dir1/a_page.html will be parsed into virtual path=/main_dir/sub_dir1 and file name=a_page.html.
At this time HTTP does not know yet if file name is intended for a regular file or a subdirectory.
First of all HTTP checks if the virtual path is either /login.htm or /logout.htm. These pages are pages which have top priorities and overrides any other virtual system or root paths. If the URL is not for these priviledged pages, the story goes on ...
HTTP port checks if the virtual path correspond to a system virtual path, or if it can satisfy a record in the virtual root path table.
- If virtual path corresponds to a system virtual path, the appropriate system action is performed
- If virtual path satisfy a virtual root path record, the disk directory specified in the record will be accessed in the attempt to retrieve the file/directory specified in file name.
If requested file/directory does not exists:
HTTP port try do separate requested URL by directory and file names. For example for case when URL equal http:/mysite/default.htm It will be parsed to "/" and "default.htm".
If filename is absent then HTTP port: >>>>>>> 1.3
- For site root ("/") HTTP will try to load the start-page
- For any other virtual path HTTP will try to find directory default page. It is "default.htm" now.
- If this files cannot be found then HTTP suppose that user try to list a directory content.
=======
For HTTP root directory "/" will try to load default page
For any other directory will try to find directory default page. It is "default.htm" now.
If this file cannot be found then HTTP suppose that user try to list a directory content.

HTTP port tries to find directory name into virtual path table. If such virtual path is present then virtual path on URL will be replaced by phys-path for this record.

>>>>>>> 1.3

If virtual path for this directory not present HTTP port try to parse directory name on subdirectories and find the first of them on virtual path table. For example: directory that have been detected from URL is "/usr/admin/". Virtual path for "/usr/admin/" is not present on virtual paths table then directory name will be split on "/usr/" and /admin" and port will try to find "/usr/" on virtual path table.

If previous search was unsuccessful then directory name will be split on "/" and "usr/admin/" HTTP port will try to find record for HTTP root directory ("/") into virtual path table.

If path for HTTP root have not found then error 404 (file not found) will be returned.

For example let real disk directory structure has view:

C:\APP
C:\APP\HTTP
C:\APP\SMNP
C:\MY
C:\MY\TEMP
C:\ROOT

To use virtual directories we can allow access to these directories in view more comfortable for user.

[16:32:16] ABILIS_CPX: D HTTP PATH

- Not Saved (SAVE CONF), Not Refreshed (INIT) ---------------------------------

Parameter:   |Value:
------------------------------------------------------------------------------
PATH:         /
PHYS-PATH:    c:\root\
PATH:         /http/
PHYS-PATH:    c:\app\http\
PATH:         /snmp/
PHYS-PATH:    c:\app\snmp\
PATH:         /temp/
PHYS-PATH:    c:\my\temp\

Then if URL has view:

http://mysite/default.htm then HTTP server will try to find c:\root\default.htm file and send it to you.
http://mysite/http/mypage.htm then HTTP server will try to find c:\app\htt\mypage.htm
http://mysite/snmp/version1/main.page As you can see /snmp/version1/ does not present on virtual paths table and in this case HTTP server replace only a part of requested path (i.e. virtual directory will be used as parent directory for a real) c:\app\snmp\version1\main.page

HTTP root directory

Each WEB site usually have root directory. When you type http://my_site/ on the address bar your internet browser it means that you try to receive access to files into root directory of you site.

Two steps must be executed for creating root directory:

Create physical directory
Map virtual directory "/" to this physical directory

Below is represented view of HTTP virtual paths table with configured root directory.

[16:32:16] ABILIS_CPX: D HTTP PATH

- Not Saved (SAVE CONF), Not Refreshed (INIT) ---------------------------------

Parameter:   |Value:
------------------------------------------------------------------------------
PATH:         /
PHYS-PATH:    c:\app\http\

Note: You site will function and if you do not create HTTP root directory. You do not need on it for example if you planning to use you HTTP server for representing CPX built-in information only.

Default page

It will be useful to detect which page will user see if he does not select anyone. For example there is situation when user types link to root directory of you site http://my_site/. CPX HTTP port allows to setup this page through START-PAGE parameter.

You can use this possibility regardless of was or was not defined root directory for you site. As you know we can set any value for this parameter.
Note! If you use default page different from SYS (/sys/cpx.htm) to be sure that you have virtual path for this page otherwise HTTP port could not show you default page.

For example: Let's set value of START-PAGE parameter equal "/usr/default.htm"

[18:45:45] ABILIS_CPX: D P PO:HTTP

PO:915 ------------------------------------------------------------------------
HTTP   lowpo:901   ACT:NO   locport:80     sesnum:12        COOKIE-TOUT:1440   
       IPSRC:*                             IPSRCLIST:#      
       WDIR:C:\APP\HTTP\                   
       START-PAGE:/usr/default.htm

Then right HTTP virtual path table will have view:

[16:32:16] ABILIS_CPX: D HTTP PATH

- Not Saved (SAVE CONF), Not Refreshed (INIT) ---------------------------------

Parameter:   |Value:
------------------------------------------------------------------------------
PATH:         /usr/
PHYS-PATH:    c:\app\http\

Access rights

HTTP server realizes access rights management on base user's rights. It means that all requests are executed with some user's rights. We will separate two different situations:

Authorized request
Anonymous request

Authorized request is request executed by user that has gone through authorization procedure. During authorization procedure user must insert his username and password on the special system page. This page has URL http://you_site/login.htm You do not need any additional operations (for example create virtual directory or set user access rights) for access to this page. It is allow always and for all user. If registration procedure finished successful:

Such user is present on user's table
This user has rights to use HTTP port
Password is valid

then HTTP port tries to save cookie with user's registration information.

Note! Cookie must be allowed on you Internet browser otherwise HTTP port cannot detect user for the next HTTP request.

Lifetime of cookie is restricted. It means that If you executed you last request for this user more time ago than restricted time you will need to repeat authorization procedure.

After then you have added virtual paths for you HTTP site you need to set access rights for this paths. HTTP port is allow to set the next rights for each virtual path for each user:

For files: read, write, delete, rename
For directory: list directory content, create, delete, rename
Grant/Deny access to subdirectories
Grant/Deny access in depend of HTTP session secure parameters PLAIN/SSL

Note! You must remember two important things:

HTTP port does not set any access rights for new paths by default. It means that you will not have an access to this path if access rights will not be added by hand.
In order to avoid problems with not authorized access to you site to be very careful when you work with access rights.

Typical access problems and theirs solutions

Description	Reason	Solution
You cannot get access to any files for some virtual path	Access rights for this virtual path are not set.	Set access rights
You cannot get access to subdirectory located on this virtual path	Value of RECUR parameter for this virtual path is NO	Set RECUR parameter to Yes
Access rights for this virtual path are set but you still cannot get access to files	1. To be sure that current user has rights to use HTTP port. See command F USER 2. To be sure that current user has rights to load files.	1. Enable HTTP for current user 2. Enable files reading right for this user
You have added virtual path for some user's home directory (for example /leo/ ) and set some access rights for this path. You have also added "home.htm" page to this directory. When you type http://my_site/leo/home.htm you see this page successfully. However when you type http://my_site/leo you see "Access forbidden" page. How can you avoid this message ?	1. If you can grant access to some user to see content of this directory than make sure that this user has necessary rights. 2. Add default page for this directory.	1. Enable directory listing right for this user. 2. Default page for any directory has name "default.htm". You can rename "home.htm" to "default.htm" and this page will be automatic showed on http://my_site/leo request.

HTTP site deploying

Description on base configuration

HTTP port is installed.
CPX disk contains logical drive C:
Physical directory C:\USR contains two user's directory C:\USR\LEO and C:\USER\DEN
HTTP port will be allowed as for anonymous access as for two registered users Leo and Den
Anonymous user will have rights to see HTTP port default page and user's default pages. Registered users will have rights to see content of personal directories.

Step 1. Check directory structure

[[11:07:48] ABILIS_CPX:sys dir c:\usr\

Directory listing of c:\usr\

.                                                 DIR    02/09/2003   14:54:52
..                                                DIR    02/09/2003   14:54:52
PUB                                               DIR    02/09/2003   14:54:52
DEN                                               DIR    17/02/2004   03:03:56
LEO                                               DIR    07/08/2004   11:04:50

Found 5 directories, 0 files.
Total 501 MB, Used 418 MB, Free 83 MB.

[11:07:57] ABILIS_CPX:

Step 2. Check HTTP port parameters.

Will be sure that HTTP port is enabled and ran (ACT:YES).

[10:40:23] ABILIS_CPX:d p po:915

PO:915 ------------------------------------------------------------------------
HTTP   lowpo:901   ACT:YES  locport:80     sesnum:12        COOKIE-TOUT:5
       IPSRC:*                             IPSRCLIST:#
       WDIR:C:\APP\HTTP\
       START-PAGE:SYS (/sys/cpx.htm)
PO:901 ------------------------------------------------------------------------
TCP    sesnum:27   tcpwin:2048

Step 3. Add HTTP users.

Will be sure that added users have right to use HTTP port.

[10:47:37] ABILIS_CPX:d user

- Not Saved (SAVE CONF) -------------------------------------------------------

USER:                             PASSWORD:  ENABLED: PPP: FTP: HTTP:
------------------------------------------------------------------------------
admin                             *********  YES      YES  YES  YES
den                               *********  YES      NO   NO   YES
leo                               *********  YES      NO   NO   YES

Step 4. Add virtual paths for site root directory and users home directories.

[11:29:43] ABILIS_CPX:d http path

Parameter:   |Value:
------------------------------------------------------------------------------
PATH:         /
PHYS-PATH:    C:\
------------------------------------------------------------------------------
PATH:         /den/
PHYS-PATH:    C:\USR\DEN\
------------------------------------------------------------------------------
PATH:         /leo/
PHYS-PATH:    C:\USR\LEO\
------------------------------------------------------------------------------
PATH:         /pub/
PHYS-PATH:    C:\usr\pub\
------------------------------------------------------------------------------

Step 5. Set access rights.

[11:29:38] ABILIS_CPX:d http rights

------------------------------------------------------------------------------
ID: PATH:
       USER:                            FILE: DIR:  RECUR: PROT:
------------------------------------------------------------------------------
  3 /
       anonymous                        r---  l---  NO     PLAIN,SSL
------------------------------------------------------------------------------
  5 /den/
       anonymous                        r---  ----  YES    PLAIN,SSL
       den                              r---  l---  YES    PLAIN,SSL
------------------------------------------------------------------------------
  4 /leo/
       anonymous                        r---  ----  YES    PLAIN,SSL
       leo                              r---  l---  YES    PLAIN,SSL
------------------------------------------------------------------------------
  2 /pub/
       anonymous                        r---  l---  NO     PLAIN,SSL
------------------------------------------------------------------------------
  1 /sys/
       admin                            r---  l---  YES    PLAIN,SSL
       anonymous                        r---  ----  NO     PLAIN,SSL
------------------------------------------------------------------------------

Step 6. Add default pages into user home directories.

Create and add user's default page. Place this pages to user's home directory. Note: You can use FTP port for it. Information about FTP port configuration see on FTP manual.

[11:16:44] ABILIS_CPX:sys dir C:\USR\LEO\

Directory listing of C:\USR\LEO\

.                                                 DIR    07/08/2004   11:04:50
..                                                DIR    07/08/2004   11:04:50
default.htm                                       4990   06/07/2004   01:05:24

Found 2 directories, 1 files.
Total 501 MB, Used 418 MB, Free 83 MB.

[11:23:04] ABILIS_CPX:sys dir C:\USR\DEN\

Directory listing of C:\USR\DEN\

.                                                 DIR    17/02/2004   03:03:56
..                                                DIR    17/02/2004   03:03:56
default.htm                                       4990   06/07/2004   01:05:24

Found 2 directories, 1 files.
Total 501 MB, Used 418 MB, Free 83 MB.

Step 7. Check HTTP configuration

Check CPX home page
- Type http://my_site and make sure that you see site home page.
Check anonymous access to users home pages
- Type http://my_site/leo and make sure that you see Leo's home page.
- Type http://my_site/den and make sure that you see Den's home page.
Try to login as LEO or as DEN. Make sure that you can still see site and user's home pages.
Make sure that you can see you home directory. For it:
- Rename C:\USR\LEO\default.htm file to readme.htm
- Login as LEO
- Type http://my_site/leo
- Make sure that you see list of files on Loe's home directory
- Login as some other user. For example DEN.
- Type http://my_site/leo again
- Make sure that you see Forbidden access page

Print this page