             NetWare Web Server 2.51 Release Document
                         README.TXT



Copyright (c) 1995, 1996 Novell, Inc.   All Rights Reserved.



THIS WORK IS SUBJECT TO U.S. AND INTERNATIONAL COPYRIGHT LAWS AND
TREATIES. NO PART OF THIS WORK MAY BE USED, PRACTICED, PERFORMED,
COPIED, DISTRIBUTED, REVISED, MODIFIED, TRANSLATED, ABRIDGED,
CONDENSED, EXPANDED, COLLECTED, COMPILED, LINKED, RECAST,
TRANSFORMED, OR ADAPTED WITHOUT THE PRIOR WRITTEN CONSENT OF
NOVELL, INC. ANY USE OR EXPLOITATION OF THIS WORK WITHOUT
AUTHORIZATION COULD SUBJECT THE PERPETRATOR TO CRIMINAL AND CIVIL
LIABILITY.

                            DISCLAIMER
 
Novell, Inc. makes no representations or warranties with respect 
to this software, and specifically disclaims any express or 
implied warranties of merchantability, title, or fitness for a 
particular purpose.

Distribution of this software is forbidden without the express 
written consent of Novell, Inc.

Novell will not be responsible for any data loss that might 
result from implementing this software. Novell strongly 
recommends a backup be made before installing this software.

******************************************************************
                             CAUTION
****************************************************************** 
Always back up your system before implementing any program/utility
revision involving the low-level functions of NetWare, including 
re-linking of operating system .OBJ files, bindery utilities, and 
drive and volume operation.

******************************************************************
                            CONTENTS
******************************************************************
Welcome to the NetWare Web Server 2.51 product! This document 
contains last-minute information that is not included in the 
documentation. It includes the following sections:

     Installing the Product
          Server requirements
          NetWare Language Support

     Running the Administration Utility (WEBMGR.EXE)
          Workstation Requirements
          NDS Login
          Using the Network Button
               
     Configuring the Product
          Setting the NetWare Rights
          Checking the SYS:ETC\RESOLV.CFG File
          Adding New Icons

     Perl Interpreter Limitations
          
     Running the Product with Other Software
          SFT III Support
          DBCS Compatibility
          MPR 3.1 Compatibility
 
     Accessing the Online Documentation

     Performance Tuning
          PTFs
          Adjusting the Maximum Number of Threads
      
     User Access Control
          Resrict Access to All Valid Users
          Restrict Using Individual Users' Names
          Restrict Access Using User Groups

     Script Security

     Controllng Access to LCGI NLMs

     Restrictions and Known Problems
          WEBMGR.EXE Deletion of Comments in *.CFG Files
          Adding the NetBasic LoadableModule Directive for Upgrades 

======================
Installing the Product
======================

Server Requirements
================================================
* CPU: Intel Pentium-, 80486-, 80386-based PC (80486
  or higher recommended).
* File Storage: Hard disk with minimum 3 MB available for the    
  product software (not including storage for user-supplied
  hypertext documents).
* Memory: 16 MB total RAM.
* Network Operating System: NetWare 4.11.
* The TCPIP NLM must be configured and loaded.

NetWare Language Support
========================
NetWare Web Server 2.51 only supports the English language. When 
you install NetWare Web Server on a NetWare server with the 
LANGUAGE parameter set to French, Italian, German, or Spanish, 
the NetWare Web Server installation module will automatically 
load using English. There is no need for you to change the 
LANGUAGE parameter value. 


===============================================
Running the Administration Utility (WEBMGR.EXE)
===============================================

Workstation Requirements
========================
* CPU: Intel Pentium-, 80486-, or 80386-based PC.
* File Storage: Hard disk with minimum 1 MB available.
* Memory: At least 8 MB RAM.
* Operating System: Windows 3.1, Windows for Workgroups 3.11,
  or Windows 95.
* Network Protocols: NetWare client (VLM or Client 32). WinSock 1.1
  compliant TCP/IP stack.

NDS Login
=========
In order to restrict directory access to authenticated NDS users,
you must be logged in to the NDS tree containing the Web Server 
before you launch the administration utility (WEBMGR.EXE). If you
are not logged in to NDS, the Network users list will be empty.

Using the Network Button
========================
If you notice that the Network button does not work inside the
administration utility (WEBMGR.EXE), you may have an old
COMMDLG.DLL in the C:\WINDOWS or C:\WINDOWS\SYSTEM directory.  If
you have a newer version of this DLL, you can simply delete the
old version.  If you only have the old version, you must delete
the old COMMDLG.DLL and install a newer version to get the
Network button to work.


=======================
Configuring the Product
=======================

Setting the NetWare Rights
==========================
To maintain the security of your server, you should set the
NetWare rights as follows:

* Set the rights to the \CONFIG directory (SYS:WEB\CONFIG
  by default) so that the people responsible for administering
  the Web server are the only people with rights to this 
  directory.
* Set the rights to the scripts directories (SYS:WEB\SCRIPTS, 
  SYS:WEB\SCRIPTS\PERL and any other script or extension 
  directories you create) so that only people responsible for 
  writing, managing, or editing the scripts have appropriate
  rights to these directories.

Checking the SYS:ETC\RESOLV.CFG File
====================================
If there is a SYS:ETC\RESOLV.CFG file on your server, 
the Web server will automatically try to query the DNS
name servers listed in the file. If DNS is not used on
your network or the RESOLV.CFG file is incorrect, you 
will notice delayed response times on your Web server.

Therefore, if your server has a SYS:ETC\RESOLV.CFG file
you should make sure that

* DNS is used on your network
* The SYS:ETC\RESOLV.CFG file syntax is correct
* The DNS name servers listed in the file are up and running

Adding New Icons
================
The NetWare Web Server includes default icons for use with
the automatic directory indexing feature. You can map your
own icons to specific filename extensions by adding the
following directive to the SYS:WEB\CONFIG\SRM.CFG file:

AddIcon /icons/name_of_icon_file .filename_extension

You can add as many AddIcon directives as you want. You
can also use this directive to change the icon that
is displayed for files with a specific filename
extension.

============================
Perl Interpreter Limitations
============================
The Perl Interpreter NLM has the following functional
limitations:

* The chmod function can only be used to set 
  file permissions to 0x000 (read only)
  or 0x777 (read write).

* The opendir and readdir functions are currently
  unsupported. 

=======================================
Running the Product with Other Software
=======================================
 
SFT III Support
===============
This product is compatible with SFT III. 

DBCS Compatibility
==================
The NetWare Web Server can serve DBCS documents.  However, the
server will not perform any translation.  Therefore, the function
of RCGI extensions in DBCS environments is currently undefined.

MPR 3.1 Compatibility
=====================
If you are running the Multi Protocol Router 3.1 in conjunction 
with the Web Server, improve Web Server performance by 
downloading and installing the MPR31A.EXE patch. 


==================================
Accessing the Online Documentation
==================================

The NetWare Web Server publishes both static and dynamic
documents.  The Dynamic Web Page Programmer's Guide is an HTML
document describing how to create dynamic documents and publish
them on the Web Server.  It includes information on creating
dynamic web pages using BASIC and Perl scripts, NLMs written to
the Remote Common Gateway Interface (RCGI), and NLMs written to
the Local Common Gateway Interface (LCGI).

The guide is available on the Web Server CD
(file:///CD_DRIVE:/products/webserv/disk1/web/docs/online/wpguide/index.htm
where CD_DRIVE is the drive letter of the CD_ROM). It is also
available on the Web Server
(http://SERVER/online/wpguide/index.htm where SERVER is the
server's hostname or IP address).

==================
Performance Tuning
==================

PTFs (Product Temporary Fix)
============================
When running the Web Server in SMP environments, make sure you
have installed all the current SMP PTFs.

Additionally, if you have enabled the NDS browser, you should 
make sure you have all the current Directory Service (DS) PTFs 
installed. If you experience out of memory errors, you may 
achieve better performance by adjusting the maximum number 
of threads.

You can search for and download PTFs from Novell's Support Web Site at 
http://support.novell.com/home/

Adjusting the Maximum Number of Threads
=======================================
The MaxThreads parameter is defined in the HTTPD.CFG file found 
in SYS:WEB\CONFIG directory. The MaxThreads parameter can be 
changed to enhance the Web Server performance. Valid values are
1 to 256. The default is 16. 

You can adjust the MaxThreads value to suit your network
environment. Before adjusting the MaxThreads, you should
carefully consider the ramifications of increasing the
MaxThreads. Increasing the value does not necessarily increase
performance. In fact, it could decrease performance and
available memory on the server as each thread is processed by the
Web Server and has acquired memory.
 
You should consider the following when adjusting MaxThreads:

* The memory available on the server.

* That each thread acquires approximately 30K of memory.

* The expected load on the Web Server (number of inbound requests
  for the Web Server to service).

* Whether any Perl, BASIC, RCGI, or LCGI programs are supported. 
  (These processes may use additional threads or memory.)

* The memory and processing requirements of any NetWare or 
  third-party products that are also installed on the server.

* Any additional memory required by the server to support long
  file names.

To determine an appropriate setting, set up your Web Server 
and monitor the Peak Requests field of the Web Server Console
Information Log for a reasonable period (a week). This field 
lists a value in the form A/B, where A is the maximum number of 
concurrent requests handled by the Web Server since it has been
running and B is the current MaxThreads setting. If you set the 
MaxThreads equal to the A value, the Web Server should have 
adequate threads to handle its peak load. You may also want to 
define a few extra threads if you anticipate a future increase
in load. 

===================
User Access Control 
===================

There are three different methods for restricting global
directory access using NDS authentication:

1. Restrict access to all valid users 
2. Restrict access using individual user names
3. Restrict access using user groups

These restriction methods are mutually exclusive. Choose one
method and use only that method.

For local directory access control, please refer to the
sample ACCESS.WWW file in the WEB\SAMPLES\CONFIG directory.

Restrict Access to All Valid Users
==================================
To restrict access to all valid users, start the WEBMGR.EXE 
administration utility, go to the User Access tab, and check 
the "All valid users" check box.

To eliminate the need for all users to have to type in the 
fully-qualified user name, you can manually edit the 
AuthUserMethod line in the ACCESS.CFG file and specify a 
user context, such as "AuthUserMethod nds .eng.icd.novell".

AuthUserMethod defines the default authentication context so
that end-users do not have to key it in at the user name and
password prompt. However, if different users belong to different
contexts, choose the context that the majority of the users are
in and define that context in the AuthUserMethod line. Users not
in the defined context will have to key in the fully-qualified 
user name (preceded with a dot), such as ".jsmith.eng.icd.novell".
 
If you use this method, you should not use the individual 
user name method or the user group method.

Restrict Access Using Individual User Names
=============================================
Use this method only when the number of users is less than
25 and all users belong to the SAME NDS context.

To restrict access using individual user names, start the 
WEBMGR.EXE administration utility, go to the User Access tab,
type in the NDS context (same for all the users), and select 
no more than 25 users. 

If you restrict access using this method, when a user reads 
a restricted directory and is prompted for the user name and 
password, the user can key in just the user name. The NDS 
context is not needed.

If you use this method, you should not use the all valid users
method or the user group method. 

Restrict Access Using User Groups
=================================
To restrict access using user groups, a user group must first
be defined using NetWare NWADMIN utility. To enable this user 
group, manually edit the ACCESS.CFG file, adding the following 
two lines in the appropriate place.

  AuthGroupMethod nds .ou1.ou2.o
  Require group .groupname.context

The AuthGroupMethod defines the default authentication context
so that end-users do not have to key it at the user name and 
password prompt. However, if a user group consists of users
in different contexts, choose the context that the majority of 
the users are in and define that context in the AuthGroupMethod
line. Users in a different context will have to key in the 
fully-qualified user name.

The Require group line simply defines the user group. The user 
group name should be in the fully-qualified format and preceded 
by a dot(.).

For example, to restrict access to the web\docs directory to the 
user group techies.icd.novell which consists of users mostly from
the context of .eng.icd.novell, the following lines should be in
the <Directory docs> section:

  AuthType Basic
  AuthName local
  AuthGroupMethod nds .eng.icd.novell
  <Limit GET>
  Require group .techies.icd.novell
  </Limit>

If you use this method, you should not use the all valid users
method or the individual user name method. 


===============
Script Security
===============

As scripts allow users to run processes on your server, it is important
to implement proper security measures for all scripts on your server. 
Implement the following measures to ensure security:

* Access to all directories containing scripts should be strictly 
  controlled. Only the people responsible for writing, managing, and
  editing scripts should have read and write rights to the script 
  directories (SYS:WEB\SCRIPTS, SYS:WEB\SCRIPTS\PERL, 
  SYS:NETBASIC\WEB, and any other script directories you create). 
* Only authorized scripts should be placed in the script directories.
  Authorized scripts should be throughly tested and debugged before 
  being released into a production environment.
* Scripts should be designed and written with security in mind and
  should access resources on the server in ways that do not jeopardize
  the security of the server.


==============================
Controllng Access to LCGI NLMs
==============================

The NetWare Web Server provides a special method to restrict access to 
LCGI programs, such as NetBasic and NDS Object Browser. To restrict
access to LCGI programs, create an ACCESS.WWW file in the directory 
where the LCGI program resides. When a user requests an LCGI server 
extension in this directory, he will be prompted for a userid and 
password.

It is important to note, once a user is authenticated to use the 
NetBasic LCGI extension, full access to all available NetBasic scripts 
is allowed. You cannot selectively place access control on different 
NetBasic scripts. Once a user is authenticated to use the NDS Object 
Browser, browsing to all available trees in NDS and all public object
information is allowed.

Refer to the User Access Control section for details on how to set up 
the ACCESS.WWW file. By default, access to NetBasic is not restricted.
When NDS browsing is enabled from the WEBMGR, access is not 
restricted.


===============================
Restrictions and Known Problems
===============================

WEBMGR.EXE Deletion of Comments in *.CFG Files
==============================================
The administration utility (WEBMGR.EXE) does not support user
comments in *.CFG files. If you manually edit these files 
and add comments by preceding lines with a pound sign (#), 
these lines will be deleted when you run the WEBMGR utility. 
A set of sample *.CFG files with full comments is provided
in the WEB\SAMPLES\CONFIG\ directory. 

Adding the NetBasic LoadableModule Directive for Upgrades 
=========================================================
If you are upgrading to Web Server 2.51, in order to allow users
to issue requests to NetBasic scripts, you must manually edit 
the SRM.CFG file and add a LoadableModule directive to map URL 
requests to the NetBasic NLM (CGI2NMX.NLM). 

Add the following directive to the SRM.CFG file:

  LoadableModule  /netbasic/  sys:web/lcgi/netbasic/cgi2nmx.nlm  




