[0001]
[0002]
[0003]
[0004]
[0005]
[0006]
[0007]
[0008]
[0009]
[0010]
[0011]
[0012]
[0013]
[0014]
[0015]
[0016]
[0017]
[0018]
[0019]
[0020]
[0021]
[0022]
[0023]
[0024]
[0025]
[0026]
[0027]
[0028]
[0029]
[0030]
[0031]
[0032]
[0033]
[0034]
[0035]
[0036]
[0037]
[0038]
[0039]
[0040]
[0041]
[0042]
[0043]
[0044]
[0045]
[0046]
[0047]
[0048]
[0049]
[0050]
[0051]
[0052]
[0053]
[0054]
[0055]
[0056]
[0057]
[0058]
[0059]
[0060]
[0061]
[0062]
[0063]
[0064]
[0065]
[0066]
[0067]
[0068]
[0069]
[0070]
[0071]
[0072]
[0073]
[0074]
[0075]
[0076]
[0077]
[0078]
[0079]
[0080]
[0081]
[0082]
[0083]
[0084]
[0085]
[0086]
[0087]
[0088]
[0089]
[0090]
[0091]
[0092]
[0093]
[0094]
[0095]
[0096]
[0097]
[0098]
[0099]
[0100]
[0101]
[0102]
[0103]
[0104]
[0105]
[0106]
[0107]
[0108]
[0109]
[0110]
[0111]
[0112]
[0113]
[0114]
[0115]
[0116]
[0117]
[0118]
[0119]
[0120]
[0121]
[0122]
[0123]
[0124]
[0125]
[0126]
[0127]
[0128]
[0129]
[0130]
[0131]
[0132]
[0133]
[0134]
[0135]
[0136]
[0137]
[0138]
[0139]
[0140]
[0141]
[0142]
[0143]
[0144]
[0145]
[0146]
[0147]
[0148]
[0149]
[0150]
[0151]
[0152]
[0153]
[0154]
[0155]
[0156]
[0157]
[0158]
[0159]
[0160]
[0161]
[0162]
[0163]
[0164]
[0165]
[0166]
[0167]
[0168]
[0169]
[0170]
[0171]
[0172]
[0173]
[0174]
[0175]
[0176]
[0177]
[0178]
[0179]
[0180]
[0181]
[0182]
[0183]
[0184]
[0185]
[0186]
[0187]
[0188]
[0189]
[0190]
[0191]
[0192]
[0193]
[0194]
[0195]
[0196]
[0197]
[0198]
[0199]
[0200]
[0201]
[0202]
[0203]
[0204]
[0205]
[0206]
[0207]
[0208]
[0209]
[0210]
[0211]
[0212]
[0213]
[0214]
[0215]
[0216]
[0217]
[0218]
[0219]
[0220]
[0221]
[0222]
[0223]
[0224]
[0225]
[0226]
[0227]
[0228]
[0229]
[0230]
[0231]
[0232]
[0233]
[0234]
[0235]
[0236]
[0237]
[0238]
[0239]
[0240]
[0241]
[0242]
[0243]
[0244]
[0245]
[0246]
[0247]
[0248]
[0249]
[0250]
[0251]
[0252]
[0253]
[0254]
[0255]
[0256]
[0257]
[0258]
[0259]
[0260]
[0261]
[0262]
[0263]
[0264]
[0265]
[0266]
[0267]
[0268]
[0269]
[0270]
[0271]
[0272]
[0273]
[0274]
[0275]
[0276]
[0277]
[0278]
[0279]
[0280]
[0281]
[0282]
[0283]
[0284]
[0285]
[0286]
[0287]
[0288]
[0289]
[0290]
[0291]
[0292]
[0293]
[0294]
[0295]
[0296]
[0297]
[0298]
[0299]
[0300]
[0301]
[0302]
[0303]
[0304]
[0305]
[0306]
[0307]
[0308]
[0309]
[0310]
[0311]
[0312]
[0313]
[0314]
[0315]
[0316]
[0317]
[0318]
[0319]
[0320]
[0321]
[0322]
[0323]
[0324]
[0325]
[0326]
[0327]
[0328]
[0329]
[0330]
[0331]
[0332]
[0333]
[0334]
[0335]
[0336]
[0337]
[0338]
[0339]
[0340]
[0341]
[0342]
[0343]
[0344]
[0345]
[0346]
[0347]
[0348]
[0349]
[0350]
[0351]
[0352]
[0353]
[0354]
[0355]
[0356]
[0357]
[0358]
[0359]
[0360]
[0361]
[0362]
[0363]
[0364]
[0365]
[0366]
[0367]
[0368]
[0369]
[0370]
[0371]
[0372]
[0373]
[0374]
[0375]
[0376]
[0377]
[0378]
[0379]
[0380]
[0381]
[0382]
[0383]
[0384]
[0385]
[0386]
[0387]
[0388]
[0389]
[0390]
[0391]
[0392]
[0393]
[0394]
[0395]
[0396]
[0397]
[0398]
[0399]
[0400]
[0401]
[0402]
[0403]
[0404]
[0405]
[0406]
[0407]
[0408]
[0409]
[0410]
[0411]
[0412]
[0413]
[0414]
[0415]
[0416]
[0417]
[0418]
[0419]
[0420]
[0421]
[0422]
[0423]
[0424]
[0425]
[0426]
[0427]
[0428]
[0429]
[0430]
[0431]
[0432]
[0433]
[0434]
[0435]
[0436]
[0437]
[0438]
[0439]
[0440]
[0441]
[0442]
[0443]
[0444]
[0445]
[0446]
[0447]
[0448]
[0449]
[0450]
[0451]
[0452]
[0453]
[0454]
[0455]
[0456]
[0457]
[0458]
[0459]
[0460]
[0461]
[0462]
[0463]
[0464]
[0465]
[0466]
[0467]
[0468]
[0469]
[0470]
[0471]
[0472]
[0473]
[0474]
[0475]
[0476]
[0477]
[0478]
[0479]
[0480]
[0481]
[0482]
[0483]
[0484]
[0485]
[0486]
[0487]
[0488]
[0489]
[0490]
[0491]
[0492]
[0493]
[0494]
[0495]
[0496]
[0497]
[0498]
[0499]
[0500]
[0501]
[0502]
[0503]
[0504]
[0505]
[0506]
[0507]
[0508]
[0509]
[0510]
[0511]
[0512]
[0513]
[0514]
[0515]
[0516]
[0517]
[0518]
[0519]
[0520]
[0521]
[0522]
[0523]
[0524]
[0525]
[0526]
[0527]
[0528]
[0529]
[0530]
[0531]
[0532]
[0533]
[0534]
[0535]
[0536]
[0537]
[0538]
[0539]
[0540]
[0541]
[0542]
[0543]
[0544]
[0545]
[0546]
[0547]
[0548]
[0549]
[0550]
[0551]
[0552]
[0553]
[0554]
[0555]
[0556]
[0557]
[0558]
[0559]
[0560]
[0561]
[0562]
[0563]
[0564]
[0565]
[0566]
[0567]
[0568]
[0569]
[0570]
[0571]
[0572]
[0573]
[0574]
[0575]
[0576]
[0577]
[0578]
[0579]
[0580]
[0581]
[0582]
[0583]
[0584]
[0585]
[0586]
[0587]
[0588]
[0589]
[0590]
[0591]
[0592]
[0593]
[0594]
[0595]
[0596]
[0597]
[0598]
[0599]
[0600]
[0601]
[0602]
[0603]
[0604]
[0605]
[0606]
[0607]
[0608]
[0609]
[0610]
[0611]
[0612]
[0613]
[0614]
[0615]
[0616]
[0617]
[0618]
[0619]
[0620]
[0621]
[0622]
[0623]
[0624]
[0625]
[0626]
[0627]
[0628]
[0629]
[0630]
[0631]
[0632]
[0633]
[0634]
[0635]
[0636]
[0637]
[0638]
[0639]
[0640]
[0641]
[0642]
[0643]
[0644]
[0645]
[0646]
[0647]
[0648]
[0649]
[0650]
[0651]
[0652]
[0653]
[0654]
[0655]
[0656]
[0657]
[0658]
[0659]
[0660]
[0661]
[0662]
[0663]
[0664]
[0665]
[0666]
[0667]
[0668]
[0669]
[0670]
[0671]
[0672]
[0673]
[0674]
[0675]
[0676]
[0677]
[0678]
[0679]
[0680]
[0681]
[0682]
[0683]
[0684]
[0685]
[0686]
[0687]
[0688]
[0689]
[0690]
[0691]
[0692]
[0693]
[0694]
[0695]
[0696]
[0697]
[0698]
[0699]
[0700]
[0701]
[0702]
[0703]
[0704]
[0705]
[0706]
[0707]
[0708]
[0709]
[0710]
[0711]
[0712]
[0713]
[0714]
[0715]
[0716]
[0717]
[0718]
[0719]
[0720]
[0721]
[0722]
[0723]
[0724]
[0725]
[0726]
[0727]
[0728]
[0729]
[0730]
[0731]
[0732]
[0733]
[0734]
[0735]
[0736]
[0737]
[0738]
[0739]
[0740]
[0741]
[0742]
[0743]
[0744]
[0745]
[0746]
[0747]
[0748]
[0749]
[0750]
[0751]
[0752]
[0753]
[0754]
[0755]
[0756]
[0757]
[0758]
[0759]
[0760]
[0761]
[0762]
[0763]
[0764]
[0765]
[0766]
[0767]
[0768]
[0769]
[0770]
[0771]
[0772]
[0773]
[0774]
[0775]
[0776]
[0777]
[0778]
[0779]
[0780]
[0781]
[0782]
[0783]
[0784]
[0785]
[0786]
[0787]
[0788]
[0789]
[0790]
[0791]
[0792]
[0793]
[0794]
[0795]
[0796]
[0797]
[0798]
[0799]
[0800]
[0801]
[0802]
[0803]
[0804]
[0805]
[0806]
[0807]
[0808]
[0809]
[0810]
[0811]
[0812]
[0813]
[0814]
[0815]
[0816]
[0817]
[0818]
[0819]
[0820]
[0821]
[0822]
[0823]
[0824]
[0825]
[0826]
[0827]
[0828]
[0829]
[0830]
[0831]
[0832]
[0833]
[0834]
[0835]
[0836]
[0837]
[0838]
[0839]
[0840]
[0841]
[0842]
[0843]
[0844]
[0845]
[0846]
[0847]
[0848]
[0849]
[0850]
[0851]
[0852]
[0853]
[0854]
[0855]
[0856]
[0857]
[0858]
[0859]
[0860]
[0861]
[0862]
[0863]
[0864]
[0865]
[0866]
[0867]
[0868]
[0869]
[0870]
[0871]
[0872]
[0873]
[0874]
[0875]
[0876]
[0877]
[0878]
[0879]
[0880]
[0881]
[0882]
[0883]
[0884]
[0885]
[0886]
[0887]
[0888]
[0889]
[0890]
[0891]
[0892]
[0893]
[0894]
[0895]
[0896]
[0897]
[0898]
[0899]
[0900]
[0901]
[0902]
[0903]
[0904]
[0905]
[0906]
[0907]
[0908]
[0909]
[0910]
[0911]
[0912]
[0913]
[0914]
[0915]
[0916]
[0917]
[0918]
[0919]
[0920]
[0921]
[0922]
[0923]
[0924]
[0925]
[0926]
[0927]
[0928]
[0929]
[0930]
[0931]
[0932]
[0933]
[0934]
[0935]
[0936]
[0937]
[0938]
[0939]
[0940]
[0941]
[0942]
[0943]
[0944]
[0945]
[0946]
[0947]
[0948]
[0949]
[0950]
[0951]
[0952]
[0953]
[0954]
[0955]
[0956]
[0957]
[0958]
[0959]
[0960]
[0961]
[0962]
[0963]
[0964]
[0965]
[0966]
[0967]
[0968]
[0969]
[0970]
[0971]
[0972]
[0973]
[0974]
[0975]
[0976]
[0977]
[0978]
[0979]
[0980]
[0981]
[0982]
[0983]
[0984]
[0985]
[0986]
[0987]
[0988]
[0989]
[0990]
[0991]
[0992]
[0993]
[0994]
[0995]
[0996]
[0997]
[0998]
[0999]
[1000]
[1001]
[1002]
[1003]
[1004]
[1005]
[1006]
[1007]
[1008]
[1009]
[1010]
[1011]
[1012]
[1013]
[1014]
[1015]
[1016]
[1017]
[1018]
[1019]
[1020]
[1021]
[1022]
[1023]
[1024]
[1025]
[1026]
[1027]
[1028]
[1029]
[1030]
[1031]
[1032]
[1033]
[1034]
[1035]
[1036]
[1037]
[1038]
[1039]
[1040]
[1041]
[1042]
[1043]
[1044]
[1045]
[1046]
[1047]
[1048]
[1049]
[1050]
[1051]
[1052]
[1053]
[1054]
[1055]
[1056]
[1057]
[1058]
[1059]
[1060]
[1061]
[1062]
[1063]
[1064]
[1065]
[1066]
[1067]
[1068]
[1069]
[1070]
[1071]
[1072]
[1073]
[1074]
[1075]
[1076]
[1077]
[1078]
[1079]
[1080]
[1081]
[1082]
[1083]
[1084]
[1085]
[1086]
[1087]
[1088]
[1089]
[1090]
[1091]
[1092]
[1093]
[1094]
[1095]
[1096]
[1097]
[1098]
[1099]
[1100]
[1101]
[1102]
[1103]
[1104]
[1105]
[1106]
[1107]
[1108]
[1109]
[1110]
[1111]
[1112]
[1113]
[1114]
[1115]
[1116]
[1117]
[1118]
[1119]
[1120]
[1121]
[1122]
[1123]
[1124]
[1125]
[1126]
[1127]
[1128]
[1129]
[1130]
[1131]
[1132]
[1133]
[1134]
[1135]
[1136]
[1137]
[1138]
[1139]
[1140]
[1141]
[1142]
[1143]
[1144]
[1145]
[1146]
[1147]
[1148]
[1149]
[1150]
[1151]
[1152]
[1153]
[1154]
[1155]
[1156]
[1157]
[1158]
[1159]
[1160]
[1161]
[1162]
[1163]
[1164]
[1165]
[1166]
[1167]
[1168]
[1169]
[1170]
[1171]
[1172]
[1173]
[1174]
[1175]
[1176]
[1177]
[1178]
[1179]
[1180]
[1181]
[1182]
[1183]
[1184]
[1185]
[1186]
[1187]
[1188]
[1189]
[1190]
[1191]
[1192]
[1193]
[1194]
[1195]
[1196]
[1197]
[1198]
[1199]
[1200]
[1201]
[1202]
[1203]
[1204]
[1205]
[1206]
[1207]
[1208]
[1209]
[1210]
[1211]
[1212]
[1213]
[1214]
[1215]
[1216]
[1217]
[1218]
[1219]
[1220]
[1221]
[1222]
[1223]
[1224]
[1225]
[1226]
[1227]
[1228]
[1229]
[1230]
[1231]
[1232]
[1233]
[1234]
[1235]
[1236]
[1237]
[1238]
[1239]
[1240]
[1241]
[1242]
[1243]
[1244]
[1245]
[1246]
[1247]
[1248]
[1249]
[1250]
[1251]
[1252]
[1253]
[1254]
[1255]
[1256]
[1257]
[1258]
[1259]
[1260]
[1261]
[1262]
[1263]
[1264]
[1265]
[1266]
[1267]
[1268]
[1269]
[1270]
[1271]
[1272]
[1273]
[1274]
[1275]
[1276]
[1277]
[1278]
[1279]
[1280]
[1281]
[1282]
[1283]
[1284]
[1285]
[1286]
[1287]
[1288]
[1289]
[1290]
[1291]
[1292]
[1293]
[1294]
[1295]
[1296]
[1297]
[1298]
[1299]
[1300]
[1301]
[1302]
[1303]
[1304]
[1305]
[1306]
[1307]
[1308]
[1309]
[1310]
[1311]
[1312]
[1313]
[1314]
[1315]
[1316]
[1317]
[1318]
[1319]
[1320]
[1321]
[1322]
[1323]
[1324]
[1325]
[1326]
[1327]
[1328]
[1329]
[1330]
[1331]
[1332]
[1333]
[1334]
[1335]
[1336]
[1337]
[1338]
[1339]
[1340]
[1341]
[1342]
[1343]
[1344]
[1345]
[1346]
[1347]
[1348]
[1349]
[1350]
[1351]
[1352]
[1353]
[1354]
[1355]
[1356]
[1357]
[1358]
[1359]
[1360]
[1361]
[1362]
[1363]
[1364]
[1365]
[1366]
[1367]
[1368]
[1369]
[1370]
[1371]
[1372]
[1373]
[1374]
[1375]
[1376]
[1377]
[1378]
[1379]
[1380]
[1381]
[1382]
[1383]
[1384]
[1385]
[1386]
[1387]
[1388]
[1389]
[1390]
[1391]
[1392]
[1393]
[1394]
[1395]
[1396]
[1397]
[1398]
[1399]
[1400]
[1401]
[1402]
[1403]
[1404]
[1405]
[1406]
[1407]
[1408]
[1409]
[1410]
[1411]
[1412]
[1413]
[1414]
[1415]
[1416]
[1417]
[1418]
[1419]
[1420]
[1421]
[1422]
[1423]
[1424]
[1425]
[1426]
[1427]
[1428]
[1429]
[1430]
[1431]
[1432]
[1433]
[1434]
[1435]
[1436]
[1437]
[1438]
[1439]
[1440]
[1441]
[1442]
[1443]
[1444]
[1445]
[1446]
[1447]
[1448]
[1449]
[1450]
[1451]
[1452]
[1453]
[1454]
[1455]
[1456]
[1457]
[1458]
[1459]
[1460]
[1461]
[1462]
[1463]
[1464]
[1465]
[1466]
[1467]
[1468]
[1469]
[1470]
[1471]
[1472]
[1473]
[1474]
[1475]
[1476]
[1477]
[1478]
[1479]
[1480]
[1481]
[1482]
[1483]
[1484]
[1485]
[1486]
[1487]
[1488]
[1489]
[1490]
[1491]
[1492]
[1493]
[1494]
[1495]
[1496]
[1497]
[1498]
[1499]
[1500]
[1501]
[1502]
[1503]
[1504]
[1505]
[1506]
[1507]
[1508]
[1509]
[1510]
[1511]
[1512]
[1513]
[1514]
[1515]
[1516]
[1517]
[1518]
[1519]
[1520]
[1521]
[1522]
[1523]
[1524]
[1525]
[1526]
[1527]
[1528]
[1529]
[1530]
[1531]
[1532]
[1533]
[1534]
[1535]
[1536]
[1537]
[1538]
[1539]
[1540]
[1541]
[1542]
[1543]
[1544]
[1545]
[1546]
[1547]
[1548]
[1549]
[1550]
[1551]
[1552]
[1553]
[1554]
[1555]
[1556]
[1557]
[1558]
[1559]
[1560]
[1561]
[1562]
[1563]
[1564]
[1565]
[1566]
[1567]
[1568]
[1569]
[1570]
[1571]
[1572]
[1573]
[1574]
[1575]
[1576]
[1577]
[1578]
[1579]
[1580]
[1581]
[1582]
[1583]
[1584]
[1585]
[1586]
[1587]
[1588]
[1589]
[1590]
[1591]
[1592]
[1593]
[1594]
[1595]
[1596]
[1597]
[1598]
[1599]
[1600]
[1601]
[1602]
[1603]
[1604]
[1605]
[1606]
[1607]
[1608]
[1609]
[1610]
[1611]
[1612]
[1613]
[1614]
[1615]
[1616]
[1617]
[1618]
[1619]
[1620]
[1621]
[1622]
[1623]
[1624]
[1625]
[1626]
[1627]
[1628]
[1629]
[1630]
[1631]
[1632]
[1633]
[1634]
[1635]
[1636]
[1637]
[1638]
[1639]
[1640]
[1641]
[1642]
[1643]
[1644]
[1645]
[1646]
[1647]
[1648]
[1649]
[1650]
[1651]
[1652]
[1653]
[1654]
[1655]
[1656]
[1657]
[1658]
[1659]
[1660]
[1661]
[1662]
[1663]
[1664]
[1665]
[1666]
[1667]
[1668]
[1669]
[1670]
[1671]
[1672]
[1673]
[1674]
[1675]
[1676]
[1677]
[1678]
[1679]
[1680]
[1681]
[1682]
[1683]
[1684]
[1685]
[1686]
[1687]
[1688]
[1689]
[1690]
[1691]
[1692]
[1693]
[1694]
[1695]
[1696]
[1697]
[1698]
[1699]
[1700]
[1701]
[1702]
[1703]
[1704]
[1705]
[1706]
[1707]
[1708]
[1709]
[1710]
[1711]
[1712]
[1713]
[1714]
[1715]
[1716]
[1717]
[1718]
[1719]
[1720]
[1721]
[1722]
[1723]
[1724]
[1725]
[1726]
[1727]
[1728]
[1729]
[1730]
[1731]
[1732]
[1733]
[1734]
[1735]
[1736]
[1737]
[1738]
[1739]
[1740]
[1741]
[1742]
[1743]
[1744]
[1745]
[1746]
[1747]
[1748]
[1749]
[1750]
[1751]
[1752]
[1753]
[1754]
[1755]
[1756]
[1757]
[1758]
[1759]
[1760]
[1761]
[1762]
[1763]
[1764]
[1765]
[1766]
[1767]
[1768]
[1769]
[1770]
[1771]
[1772]
[1773]
[1774]
[1775]
[1776]
[1777]
[1778]
[1779]
[1780]
[1781]
[1782]
[1783]
[1784]
[1785]
[1786]
[1787]
[1788]
[1789]
[1790]
[1791]
[1792]
[1793]
[1794]
[1795]
[1796]
[1797]
[1798]
[1799]
[1800]
[1801]
[1802]
[1803]
[1804]
[1805]
[1806]
[1807]
[1808]
[1809]
[1810]
[1811]
[1812]
[1813]
[1814]
[1815]
[1816]
[1817]
[1818]
[1819]
[1820]
[1821]
[1822]
[1823]
[1824]
[1825]
[1826]
[1827]
[1828]
[1829]
[1830]
[1831]
[1832]
[1833]
[1834]
[1835]
[1836]
[1837]
[1838]
[1839]
[1840]
[1841]
[1842]
[1843]
[1844]
[1845]
[1846]
[1847]
[1848]
[1849]
[1850]
[1851]
[1852]
[1853]
[1854]
[1855]
[1856]
[1857]
[1858]
[1859]
[1860]
[1861]
[1862]
[1863]
[1864]
[1865]
[1866]
[1867]
[1868]
[1869]
[1870]
[1871]
[1872]
[1873]
[1874]
[1875]
[1876]
[1877]
[1878]
[1879]
[1880]
[1881]
[1882]
[1883]
[1884]
[1885]
[1886]
[1887]
[1888]
[1889]
[1890]
[1891]
[1892]
[1893]
[1894]
[1895]
[1896]
[1897]
[1898]
[1899]
[1900]
[1901]
[1902]
[1903]
[1904]
[1905]
[1906]
[1907]
[1908]
[1909]
[1910]
[1911]
[1912]
[1913]
[1914]
[1915]
[1916]
[1917]
[1918]
[1919]
[1920]
[1921]
[1922]
[1923]
[1924]
[1925]
[1926]
[1927]
[1928]
[1929]
[1930]
[1931]
[1932]
[1933]
[1934]
[1935]
[1936]
[1937]
[1938]
[1939]
[1940]
[1941]
[1942]
[1943]
[1944]
[1945]
[1946]
[1947]
[1948]
[1949]
[1950]
[1951]
[1952]
[1953]
[1954]
[1955]
[1956]
[1957]
[1958]
[1959]
[1960]
[1961]
[1962]
[1963]
[1964]
[1965]
[1966]
[1967]
[1968]
[1969]
[1970]
[1971]
[1972]
[1973]
[1974]
[1975]
[1976]
[1977]
[1978]
[1979]
[1980]
[1981]
[1982]
[1983]
[1984]
[1985]
[1986]
[1987]
[1988]
[1989]
[1990]
[1991]
[1992]
[1993]
[1994]
[1995]
[1996]
[1997]
[1998]
[1999]
[2000]
[2001]
[2002]
[2003]
[2004]
[2005]
[2006]
[2007]
[2008]
[2009]
[2010]
[2011]
[2012]
[2013]
[2014]
[2015]
[2016]
[2017]
[2018]
[2019]
[2020]
[2021]
[2022]
[2023]
[2024]
[2025]
[2026]
[2027]
[2028]
[2029]
[2030]
[2031]
[2032]
[2033]
[2034]
[2035]
[2036]
[2037]
[2038]
[2039]
[2040]
[2041]
[2042]
[2043]
[2044]
[2045]
[2046]
[2047]
[2048]
[2049]
[2050]
[2051]
[2052]
[2053]
[2054]
[2055]
[2056]
[2057]
[2058]
[2059]
[2060]
[2061]
[2062]
[2063]
[2064]
[2065]
[2066]
[2067]
[2068]
[2069]
[2070]
[2071]
[2072]
[2073]
[2074]
[2075]
[2076]
[2077]
[2078]
[2079]
[2080]
[2081]
[2082]
[2083]
[2084]
[2085]
[2086]
[2087]
[2088]
[2089]
[2090]
[2091]
[2092]
[2093]
[2094]
[2095]
[2096]
[2097]
[2098]
[2099]
[2100]
[2101]
[2102]
[2103]
[2104]
[2105]
[2106]
[2107]
[2108]
[2109]
[2110]
[2111]
[2112]
[2113]
[2114]
[2115]
[2116]
[2117]
[2118]
[2119]
[2120]
[2121]
[2122]
[2123]
[2124]
[2125]
[2126]
[2127]
[2128]
[2129]
[2130]
[2131]
[2132]
[2133]
[2134]
[2135]
[2136]
[2137]
[2138]
[2139]
[2140]
[2141]
[2142]
[2143]
[2144]
[2145]
[2146]
[2147]
[2148]
[2149]
[2150]
[2151]
[2152]
[2153]
[2154]
[2155]
[2156]
[2157]
[2158]
[2159]
[2160]
[2161]
[2162]
[2163]
[2164]
[2165]
[2166]
[2167]
[2168]
[2169]
[2170]
[2171]
[2172]
[2173]
[2174]
[2175]
[2176]
[2177]
[2178]
[2179]
[2180]
[2181]
[2182]
[2183]
[2184]
[2185]
[2186]
[2187]
[2188]
[2189]
[2190]
[2191]
[2192]
[2193]
[2194]
[2195]
[2196]
[2197]
[2198]
[2199]
[2200]
[2201]
[2202]
[2203]
[2204]
[2205]
[2206]
[2207]
[2208]
[2209]
[2210]
[2211]
[2212]
[2213]
[2214]
[2215]
[2216]
[2217]
[2218]
[2219]
[2220]
[2221]
[2222]
[2223]
[2224]
[2225]
[2226]
[2227]
[2228]
[2229]
[2230]
[2231]
[2232]
[2233]
[2234]
[2235]
[2236]
[2237]
[2238]
[2239]
[2240]
[2241]
[2242]
[2243]
[2244]
[2245]
[2246]
[2247]
[2248]
[2249]
[2250]
[2251]
[2252]
[2253]
[2254]
[2255]
[2256]
[2257]
[2258]
[2259]
[2260]
[2261]
[2262]
[2263]
[2264]
[2265]
[2266]
[2267]
[2268]
[2269]
[2270]
[2271]
[2272]
[2273]
[2274]
[2275]
[2276]
[2277]
[2278]
[2279]
[2280]
[2281]
[2282]
[2283]
[2284]
[2285]
[2286]
[2287]
[2288]
[2289]
[2290]
[2291]
[2292]
[2293]
[2294]
[2295]
[2296]
[2297]
[2298]
[2299]
[2300]
[2301]
[2302]
[2303]
[2304]
[2305]
[2306]
[2307]
[2308]
[2309]
[2310]
[2311]
[2312]
[2313]
[2314]
[2315]
[2316]
[2317]
[2318]
[2319]
[2320]
[2321]
[2322]
[2323]
[2324]
[2325]
[2326]
[2327]
[2328]
[2329]
[2330]
[2331]
[2332]
[2333]
[2334]
[2335]
[2336]
[2337]
[2338]
[2339]
[2340]
[2341]
[2342]
[2343]
[2344]
[2345]
[2346]
[2347]
[2348]
[2349]
[2350]
[2351]
[2352]
[2353]
[2354]
[2355]
[2356]
[2357]
[2358]
[2359]
[2360]
[2361]
[2362]
[2363]
[2364]
[2365]
[2366]
[2367]
[2368]
[2369]
[2370]
[2371]
[2372]
[2373]
[2374]
[2375]
[2376]
[2377]
[2378]
[2379]
[2380]
[2381]
[2382]
[2383]
[2384]
[2385]
[2386]
[2387]
[2388]
[2389]
[2390]
[2391]
[2392]
[2393]
[2394]
[2395]
[2396]
[2397]
[2398]
[2399]
[2400]
[2401]
[2402]
[2403]
[2404]
[2405]
[2406]
[2407]
[2408]
[2409]
[2410]
[2411]
[2412]
[2413]
[2414]
[2415]
[2416]
[2417]
[2418]
[2419]
[2420]
[2421]
[2422]
[2423]
[2424]
[2425]
[2426]
[2427]
[2428]
[2429]
[2430]
[2431]
[2432]
[2433]
[2434]
[2435]
[2436]
[2437]
[2438]
[2439]
[2440]
[2441]
[2442]
[2443]
[2444]
[2445]
[2446]
[2447]
[2448]
[2449]
[2450]
[2451]
[2452]
[2453]
[2454]
[2455]
[2456]
[2457]
[2458]
[2459]
[2460]
[2461]
[2462]
[2463]
[2464]
[2465]
[2466]
[2467]
[2468]
[2469]
[2470]
[2471]
[2472]
[2473]
[2474]
[2475]
[2476]
[2477]
[2478]
[2479]
[2480]
[2481]
[2482]
[2483]
[2484]
[2485]
[2486]
[2487]
[2488]
[2489]
[2490]
[2491]
[2492]
[2493]
[2494]
[2495]
[2496]
[2497]
[2498]
[2499]
[2500]
[2501]
[2502]
[2503]
[2504]
[2505]
[2506]
[2507]
[2508]
[2509]
[2510]
[2511]
[2512]
[2513]
[2514]
[2515]
[2516]
[2517]
[2518]
[2519]
[2520]
[2521]
[2522]
[2523]
[2524]
[2525]
[2526]
[2527]
[2528]
[2529]
[2530]
[2531]
[2532]
[2533]
[2534]
[2535]
[2536]
[2537]
[2538]
[2539]
[2540]
[2541]
[2542]
[2543]
[2544]
[2545]
[2546]
[2547]
[2548]
[2549]
[2550]
[2551]
[2552]
[2553]
[2554]
[2555]
[2556]
[2557]
[2558]
[2559]
[2560]
[2561]
[2562]
[2563]
[2564]
[2565]
[2566]
[2567]
[2568]
[2569]
[2570]
[2571]
[2572]
[2573]
[2574]
[2575]
[2576]
[2577]
[2578]
[2579]
[2580]
[2581]
[2582]
[2583]
[2584]
[2585]
[2586]
[2587]
[2588]
[2589]
[2590]
[2591]
[2592]
[2593]
[2594]
[2595]
[2596]
[2597]
[2598]
[2599]
[2600]
[2601]
[2602]
[2603]
[2604]
[2605]
[2606]
[2607]
[2608]
[2609]
[2610]
[2611]
[2612]
[2613]
[2614]
[2615]
[2616]
[2617]
[2618]
[2619]
[2620]
[2621]
[2622]
[2623]
[2624]
[2625]
[2626]
[2627]
[2628]
[2629]
[2630]
[2631]
[2632]
[2633]
[2634]
[2635]
[2636]
[2637]
[2638]
[2639]
[2640]
[2641]
[2642]
[2643]
[2644]
[2645]
[2646]
[2647]
[2648]
[2649]
[2650]
[2651]
[2652]
[2653]
[2654]
[2655]
[2656]
[2657]
[2658]
[2659]
[2660]
[2661]
[2662]
[2663]
[2664]
[2665]
[2666]
[2667]
[2668]
[2669]
[2670]
[2671]
[2672]
[2673]
[2674]
[2675]
[2676]
[2677]
[2678]
[2679]
[2680]
[2681]
[2682]
[2683]
[2684]
[2685]
[2686]
[2687]
[2688]
[2689]
[2690]
[2691]
[2692]
[2693]
[2694]
[2695]
[2696]
[2697]
[2698]
[2699]
[2700]
[2701]
[2702]
[2703]
[2704]
[2705]
[2706]
[2707]
[2708]
[2709]
[2710]
[2711]
[2712]
[2713]
[2714]
[2715]
[2716]
[2717]
[2718]
[2719]
[2720]
[2721]
[2722]
[2723]
[2724]
[2725]
[2726]
[2727]
[2728]
[2729]
[2730]
[2731]
[2732]
[2733]
[2734]
[2735]
[2736]
[2737]
[2738]
[2739]
[2740]
[2741]
[2742]
[2743]
[2744]
[2745]
[2746]
[2747]
[2748]
[2749]
[2750]
[2751]
[2752]
[2753]
[2754]
[2755]
[2756]
[2757]
[2758]
[2759]
[2760]
[2761]
[2762]
[2763]
[2764]
[2765]
[2766]
[2767]
[2768]
[2769]
[2770]
[2771]
[2772]
[2773]
[2774]
[2775]
[2776]
[2777]
[2778]
[2779]
[2780]
[2781]
[2782]
[2783]
[2784]
[2785]
[2786]
[2787]
[2788]
[2789]
[2790]
[2791]
[2792]
[2793]
[2794]
[2795]
[2796]
[2797]
[2798]
[2799]
[2800]
[2801]
[2802]
[2803]
[2804]
[2805]
[2806]
[2807]
[2808]
[2809]
[2810]
[2811]
[2812]
[2813]
[2814]
[2815]
[2816]
[2817]
[2818]
[2819]
[2820]
[2821]
[2822]
[2823]
[2824]
[2825]
[2826]
[2827]
[2828]
[2829]
[2830]
[2831]
[2832]
[2833]
[2834]
[2835]
[2836]
[2837]
[2838]
[2839]
[2840]
[2841]
[2842]
[2843]
[2844]
[2845]
[2846]
[2847]
[2848]
[2849]
[2850]
[2851]
[2852]
<!DOCTYPE html>
<!-- WASDOC AXP-2.0.0 (CGILIB AXP-1.9.9) -->
<!-- wasDOC Copyright (C) 2019,2020 Mark G.Daniel - Apache-2.0 licenced -->
<!-- 3-NOV-2021 02:50 -->
<noscript>NOTE: SOME FUNCTIONALITY EMPLOYS JAVASCRIPT</noscript>
<div id="erreport1" style="display:none;"></div>
<script>
function errorReport(string) {
for (var cnt = 1; cnt <= 2; cnt++) {
var err = document.getElementById('erreport'+cnt);
err.style.display = 'block';
err.innerHTML += string;
}
}
</script>
<style type="text/css">
html { font-family: arial, verdana, sans-serif; font-size:12pt; margin:1em; }
h1 { font-size:124%; font-style:bold;
margin-top:1em; margin-bottom:0.5em; }
h2 { font-size:120%; font-style:bold;
margin-top:1.1em; margin-bottom:0.4em; }
h3 { font-size:116%; font-style:bold;
margin-top:1.0em; margin-bottom:0.3em; }
h4 { font-size:112%; font-style:bold;
margin-top:1.1em; margin-bottom:0.3em; }
h5 { font-size:112%; font-style:bold;
margin-top:1.1em; margin-bottom:0.3em; }
h6 { font-size:112%; font-style:bold; padding:0; margin:0; }
h1 .text { text-decoration:underline; }
h1 .numb { padding-right:0.8em; }
h1 .numb:empty { display:none; padding-right:0; }
h2 .numb { padding-right:0.8em; }
h2 .numb:empty { display:none; padding-right:0; }
h3 .numb { padding-right:0.8em; }
h3 .numb:empty { display:none; padding-right:0; }
h4 .numb { padding-right:0.8em; }
h4 .numb:empty { display:none; padding-right:0; }
h5 .numb { display:none; padding-right:0; }
h6 .numb { display:none; padding-right:0; }
kbd { font-family:monospace; }
noscript { font-size:1.2em; }
p { line-height:1.1em; margin-top:1em; margin-bottom:1em; }
.chunk { font-size:130%; text-decoration:underline; }
.head {}
.high {}
.bold { font-weight:bold; }
.center { text-align:center; }
.italic { font-style:italic; }
.left { text-align:left; }
.nowrap { white-space:nowrap; }
.prewrap { white-space:pre; }
.right { text-align:right; }
.strike { text-decoration:line-through; }
.under { text-decoration:underline; }
.backlight { background-color:#f2f2f2; }
.display0 { display:none; }
img { max-width:100%; }
.imglink { }
.link { }
.blank { }
.list { margin-bottom:1em; }
.list li { margin-top:0.5em; }
.list0 li { margin-top:0; }
.item {}
.tabl { border-collapse:collapse; text-align:left; margin:0.4em 2em 0.5em 2em; }
.tabu { border-collapse:collapse; text-align:right; margin:0.4em 2em 0.5em 2em; }
.tabr { vertical-align:top; }
.tabh { padding:0.2em 0 0 2em; margin:0; }
.tabd { padding:0.1em 0 0 2em; margin:0; }
.tabh:first-of-type, td:first-of-type { padding-left:0; }
.tabu .tabh,
.tabu .tabd { border:1px solid gray; padding:0.2em 0.3em 0.2em 0.3em; }
.tab0 { border:none; visibility:hidden; max-width:1em;
white-space:nowrap; overflow:hidden; }
.tabauto { margin-left:auto; margin-right:auto; }
.tabr:empty { height:0.2em; }
.tabu .tabh:empty, .tabu .tabd:empty { border:none; visibility:hidden; }
.error { font-size:110%; color:black; background-color:yellow;
font-family:sans-serif; font-weight:bold; font-style:normal;
width:95%; border:solid 1px gray; padding:0.5em 1em 0.5em 1em; }
.error::before { content:'\026a0\00a0'; }
.image { }
.page { width:98%; border:1px dashed gray; margin:1.5em 0 1.8em 0; }
.epage { width:98%; border:1px dashed black; margin:1.5em 0 1.8em 0; }
.monosp { font-family:monospace; }
.ppage { display:none; }
.simple { list-style-type:none; }
.valtop { vertical-align:top; }
.valmid { vertical-align:middle; }
.valbot { vertical-align:bottom; }
.code { border-style:solid; border-width:0 0 0 1px; padding-left:1em;
font-family:monospace; white-space:pre; }
.block { }
.blockof { margin:0.4em 2em 0.5em 2em; }
.example { border-style:dashed; border-width:0 0 0 1px; padding-left:1em;
margin-top:0.5em; margin-bottom:0.5em; white-space:pre; }
.indent { margin-left:2em; margin-right:2em; }
.noindent { margin-left:0; margin-right:0; }
.inblock { display:inline-block; }
.mono { white-space:pre; font-family:monospace; }
.note { margin:0.4em 2em 0.5em 2em; page-break-inside:avoid; }
.note h5 { margin-top:0 }
.note_hr { width:80%; border:1px solid gray; }
.prop { padding-left:1em; margin-top:0.5em; margin-bottom:0.5em; }
.quote { border-style:dashed; border-width:0 0 0 1px; padding-left:1em;
margin-top:0.5em; margin-bottom:0.5em; }
.this { display:none; }
a:link,a:visited { color:black; text-decoration:none; }
a:hover,a:active { text-decoration:underline; }
a:focus { outline:0; }
:target:before { content:''; display:block; height:0.1em; margin:-0.1em; }
a.link:link, a.link:visited,a.link:active
{ color:midnightBlue; text-decoration:underline; text-decoration-style:solid; }
.TOC1cols1 { width:80%; max-width:80%; }
.TOC1cols2 { column-count:2; width:80%; max-width:80%; }
.TOC1cols3 { column-count:3; max-width:90%; max-width:90%; }
.TOC1cols4 { column-count:4; max-width:100%; max-width:100%; }
.TOC1table { margin-left:2em; white-space:nowrap; break-inside:auto; }
.TOC1table tr { vertical-align:top; text-align:left; break-inside:avoid; break-after:auto; }
.TOC1table td+td { padding:0 0 0 0.5em; }
.TOC1table .numb { width:3em; max-width:3em; }
.TOC1table .sepr { width:5em; max-width:6em; overflow:hidden; }
.TOC1table .majr { font-weight:bold; }
.TOC1table .text { white-space:normal; }
/* These are due to Firefox (at least <= 76) recalcitrant multi-column handling.
Web search "Split table into css columns, issue in Firefox" (stackoverflow).
"Good grief, Charlie Brown!" */
.TOC1cols2 table,
.TOC1cols2 tbody,
.TOC1cols2 tr,
.TOC1cols3 table,
.TOC1cols3 tbody,
.TOC1cols3 tr,
.TOC1cols4 table,
.TOC1cols4 tbody,
.TOC1cols4 tr { display:block; padding:0; }
.TOC2cols1 { width:60%; max-width:60%; }
.TOC2cols2 { column-count:2; width:70%; max-width:70%; }
.TOC2cols3 { column-count:3; width:80%; max-width:80%; }
.TOC2cols4 { column-count:4; width:90%; max-width:90%; }
.TOC2table { margin-left:2em; white-space:nowrap; break-inside:auto; }
.TOC2table tr { vertical-align:top; text-align:left; break-inside:avoid; break-after:auto; }
.TOC2table .numb { font-weight:bold; padding-right:0.5em; }
.TOC2table .text { width:100%; white-space:normal; }
/* see "recalcitrant" above */
.TOC2cols2 table,
.TOC2cols2 tbody,
.TOC2cols2 tr,
.TOC2cols3 table,
.TOC2cols3 tbody,
.TOC2cols3 tr,
.TOC2cols4 table,
.TOC2cols4 tbody,
.TOC2cols4 tr { display:block; padding:0; }
.NAVtable { margin:0.1em 0 0 2em; }
.NAVtable td { font-size:110%; font-weight:bold; padding:0; margin:0; }
.NAVtable a { padding:0 0.5em 0 0.5em; text-decoration:none; }
.IDXcols1 { width:80%; max-width:80%; }
.IDXcols2 { column-count:2; width:90%; max-width:90%; }
.IDXcols3 { column-count:3; width:95%; max-width:95%; }
.IDXcols4 { column-count:4; width:100%; max-width:100%; }
.IDXtable { margin:1em 0 1em 2em; white-space:nowrap; break-inside:auto; }
.IDXtable tr { vertical-align:top; text-align:left; break-inside:avoid; break-after:auto; }
.IDXtable .alpha { font-weight:bold; min-width:2em; }
.IDXtable .text { width:100%; white-space:normal; }
.IDXtable .para:before { content:'\00b6\00a0'; }
/* see "recalcitrant" above */
.IDXcols2 table,
.IDXcols2 tbody,
.IDXcols2 tr,
.IDXcols3 table,
.IDXcols3 tbody,
.IDXcols3 tr,
.IDXcols4 table,
.IDXcols4 tbody,
.IDXcols4 tr { display:block; padding:0; }
.insight { background-color:cyan; font-family:monospace;
padding:0 0.2em 0 0.2em; margin:0 0.2em 0 0.2em;
font-size:100%; font-style:normal; font-weight:normal;
text-decoration:none; }
.wasdoc { font-family: "Lucida Console", Monaco, monospace;
letter-spacing:-0.07em; }
@media screen { .blank::after { content:"\2924"; }
.print { display:none; }
}
@media print {
table { page-break-inside:avoid; }
.noprint { display:none; }
.page { border:none; page-break-after: always; }
.epage { display:none; }
.ppage { page-break-after:always; }
.NAVtable { display:none; }
.NAVprint { display:block!important; }
}
@page { margin:2cm 1cm 2cm 1cm; }
</style>
<!-- source:0000_config.wasdoc -->
<style type="text/css">._smiley::after { font-size:150%; vertical-align:middle; content:'\263a' }</style>
<style type="text/css">._frowny::after { font-size:150%; vertical-align:middle; content:'\2639' }</style>
<a id="0." href="#"></a>
<title>WASD Configuration – Request Processing Configuration</title>
<a id="10." href="#"></a>
<a id="10.requestprocessingconfiguration" href="#"></a>
<a id="requestprocessingconfiguration" href="#"></a>
<h1 class="head chunk">WASD Configuration</h1>
<h1 class="head"><span class="numb">10.</span><span class="text">Request Processing Configuration</span></h1>
<div class="TOC2cols2">
<table class="TOC2table">
<tr><td><a href="config010.html#10.1.ruleinterpretation"><span class="numb">10.1</span><span class="text">Rule Interpretation</span></a>
<tr><td><a href="config010.html#10.2.vmsfilesystemspecifications"><span class="numb">10.2</span><span class="text">VMS File System Specifications</span></a>
<tr><td><a href="config010.html#10.3.traditionalfilespecificationsods2"><span class="numb">10.3</span><span class="text">Traditional File Specifications (ODS-2)</span></a>
<tr><td><a href="config010.html#10.4.extendedfilespecificationsods5"><span class="numb">10.4</span><span class="text">Extended File Specifications (ODS-5)</span></a>
<tr><td><a href="config010.html#10.4.1.charactersinrequestpaths"><span class="numb">10.4.1</span><span class="text">Characters In Request Paths</span></a>
<tr><td><a href="config010.html#10.4.2.filenameambiguity"><span class="numb">10.4.2</span><span class="text">File Name Ambiguity</span></a>
<tr><td><a href="config010.html#10.4.3.charactersinservergeneratedpaths"><span class="numb">10.4.3</span><span class="text">Characters In Server-Generated Paths</span></a>
<tr><td><a href="config010.html#10.5.rules"><span class="numb">10.5</span><span class="text">Rules</span></a>
<tr><td><a href="config010.html#10.5.1.mappassfailrules"><span class="numb">10.5.1</span><span class="text">MAP, PASS, FAIL Rules</span></a>
<tr><td><a href="config010.html#10.5.2.redirectrule"><span class="numb">10.5.2</span><span class="text">REDIRECT Rule</span></a>
<tr><td><a href="config010.html#10.5.3.userrule"><span class="numb">10.5.3</span><span class="text">USER Rule</span></a>
<tr><td><a href="config010.html#10.5.4.execuxecandscriptscriptmappingrules"><span class="numb">10.5.4</span><span class="text">EXEC/UXEC and SCRIPT, Script Mapping Rules</span></a>
<tr><td><a href="config010.html#10.5.5.setrule"><span class="numb">10.5.5</span><span class="text">SET Rule</span></a>
<tr><td><a href="config010.html#10.6.reversemapping"><span class="numb">10.6</span><span class="text">Reverse Mapping</span></a>
<tr><td><a href="config010.html#10.7.mappingexamples"><span class="numb">10.7</span><span class="text">Mapping Examples</span></a>
<tr><td><a href="config010.html#10.8.virtualservers"><span class="numb">10.8</span><span class="text">Virtual Servers</span></a>
<tr><td><a href="config010.html#10.9.conditionalmapping"><span class="numb">10.9</span><span class="text">Conditional Mapping</span></a>
<tr><td><a href="config010.html#10.10.mappinguserdirectoriestildecharacterquotquot"><span class="numb">10.10</span><span class="text">Mapping User Directories (tilde character ("~"))</span></a>
<tr><td><a href="config010.html#10.10.1.usingthesysuaf"><span class="numb">10.10.1</span><span class="text">Using The SYSUAF</span></a>
<tr><td><a href="config010.html#10.10.2.withoutusingthesysuaf"><span class="numb">10.10.2</span><span class="text">Without Using The SYSUAF</span></a>
<tr><td><a href="config010.html#10.11.crossoriginresourcesharing"><span class="numb">10.11</span><span class="text">Cross Origin Resource Sharing</span></a>
</table>
</div>
<table class="NAVtable NAVprint"><tr>
<td><a href="javascript:window.history.back();">↩︎</a>
<td><a href="config009.html#9.">↖︎</a>
<td><a href="config000.html#0.">↑︎</a>
<td><a href="config011.html#11.">↘︎</a>
<td><a href="javascript:window.history.forward();">↪︎</a>
</table>
<p> By default, the logical name <span class="high bold">WASD_CONFIG_MAP</span> locates a common mapping
rule file. Simple editing of the mapping file and reloading into the running
server changes the processing rules. The [IncludeFile] is a directive common
to all WASD configuration, allowing a separate file to be included as a part of
the current configuration (<a class="link" href="config002.html#2.1.includefiledirective">2.1 Include File Directive</a>).
<p> Mapping rules are used for a number of different request processing
purposes.
<ol class="list">
<li class="item"> To map a request <span class="high italic">path</span> onto the VMS file system. That is, to
map from web-space into file-space.
<li class="item"> To map from file-space back into web-space. There is often not a
one-to-one correspondance between file specifcations and web paths.
<li class="item"> To process a request path according to specified criteria resulting in an
effective path that is different to that supplied with the request.
<li class="item"> To identify requests requiring script activation and to parse the script
from the path portion of that request. The path portion is then independently
re-mapped.
<li class="item"> To conditionally map to different end-results based on one or more
criteria of the request or environment.
<li class="item"> To provide differing virtual sites depending on the actual service
accessed by the client.
</ol>
<p> Mapping is basically for server-internal purposes only. The only time the
path information of the request itself is modified is when a script component
is removed. At all other times the path information remains unchanged. Path
authorization is always applied to the path supplied with the request.
<p> Rules are given a basic consistency check when loaded (i.e. server
startup, map reload, etc.) If there is an obvious problem (unknown rule,
missing component, etc., path not absolute) a warning message is generated and
the rule is not loaded into the database. This will not cause the server
startup to fail. These warning messages may be found in the server process
log.
<p> Changes to the mapping configuration file can be validated at the
command-line before reload or restart. This detects and reports any
syntactical and fatal configuration errors but of course cannot check the
<span class="high italic">intent</span> of the rules.
<div class="blockof code">$ HTTPD /DO=MAP=CHECK
</div>
<p> A server's currently loaded mapping rules may also be interrogated from the
Server Administration menu (see
<a class="link blank" target="_blank" href="../features/#serveradministration">Server Administration</a> of
<a class="link blank" target="_blank" href="../features/#0.">WASD Features and Facilities</a>).
<a id="10.1" href="#"></a>
<a id="10.1.ruleinterpretation" href="#"></a>
<a id="ruleinterpretation" href="#"></a>
<h2 class="head"><span class="numb">10.1</span><span class="text">Rule Interpretation</span></h2>
<p> The rules are scanned from first towards last, until a matching final rule
is encountered (PASS, EXEC, SCRIPT, FAIL, REDIRECT, UXEC and USER) when the
mapping pass concludes. Non-final rules (MAP and SET) perform the appropriate
action and continue to the next rule. One, two or more passes through the
rules may occur due to implicit processing (if the path contains a script
component) or by explicit restart (SET <span class="high italic">map=restart</span>).
<a id="10.1.0.0.1" href="#"></a>
<a id="10.1.stringmatching" href="#"></a>
<a id="stringmatching" href="#"></a>
<h5 class="head"><span class="text">String Matching</span></h5>
<p> The basis of path mapping is string pattern matching, comparing the request
specified path, and optionally other components of the request when using
configuration conditionals (<a class="link" href="config005.html#5.conditionalconfiguration">5. Conditional Configuration</a>), to a series of
patterns, usually until one of the patterns matches, at which stage some
processing is performed. Both wildcard and regular expression based pattern
matching is available. All rules have a <span class="high italic">template</span> (string pattern to match
against the path). Some rules have a <span class="high italic">result</span> (how to restructure the
components matching from the template).
<ul class="list">
<li class="item"> The <span class="high bold">template</span> may contain one or more asterisk ("*") wildcard symbols,
or a regular expression with optional grouping operators. This is pattern
matched against the request path (<a class="link" href="config004.html#4.stringmatching">4. String Matching</a>). If neither is
present then the path must match the <span class="high italic">template</span> exactly.
<li class="item"> The <span class="high bold">result</span> may contain one or more asterisk ("*") substitution
symbols. The <span class="high italic">result</span> wildcards are expanded to replace the matching strings
of the respective <span class="high italic">template</span> wildcards or pattern groups. Specified wildcard
substitution is available (<a class="link" href="config004.html#4.4.expressionsubstitution">4.4 Expression Substitution</a>). Characters
represented by wildcards in the <span class="high italic">template</span> not represented by a corresponding
wildcard in the <span class="high italic">result</span> are ignored. Non-wildcard <span class="high italic">result</span> characters are
directly inserted in reconstructed path. Non-wildcard characters in the
<span class="high italic">template</span> are ignored. If the <span class="high italic">result</span> contains no wildcards it completely
replaces the URL path.
</ul>
<a id="10.1.0.0.2" href="#"></a>
<a id="10.1.virtualservers" href="#"></a>
<a id="virtualservers" href="#"></a>
<h5 class="head"><span class="text">Virtual Servers</span></h5>
<p> As described in <a class="link" href="config002.html#2.3.virtualservices">2.3 Virtual Services</a> virtual service syntax may be used
with mapping rules to selectively apply rules to one specific service. If
virtual services are configured rule interpretation sees only rules common to
all services and those specific to its own service (host address and port). In
all other aspects rule interpretation applies as described above.
<a id="10.1.0.0.3" href="#"></a>
<a id="10.1.processingoverhead" href="#"></a>
<a id="processingoverhead" href="#"></a>
<h5 class="head"><span class="text">Processing Overhead</span></h5>
<p> Naturally, each rule that needs to be processed adds a little to consumed
CPU, introduces some latency, and ultimately reduces throughput. The
test-bench has shown this to be acceptably small compared to the overall costs
of responding to a request. Using the ApacheBench tool on a COMPAQ
Professional Workstation XP1000 with 2048MB, VMS V8.3, TCP/IP Service 5.7 and
WASD v10.1, with a simple access to <span class="high monosp">/wasd_root/exercise/0k.txt</span> showed
approximately 744 requests/second throughput using the following mapping file.
<div class="blockof code">pass /wasd_root/exercise/*
</div>
<p> After adding various quantities of the same intervening rule
<div class="blockof code">pass /wasd_root/example/*
pass /wasd_root/example/*
.
.
.
pass /wasd_root/example/*
pass /wasd_root/exercise/*
</div>
the following results were derived.
<div class="blockof block center"><a id="10.1.0.0.4" href="#"></a>
<a id="10.1.mappingoverhead" href="#"></a>
<a id="mappingoverhead" href="#"></a>
<h5 class="head"><span class="text">Mapping Overhead</span></h5>
<p> <table class="tabu tabauto">
<tr class="tabr">
<th class="tabh">Rule Count
<th class="tabh">Requests/S
<th class="tabh">Throughput
<tr class="tabr">
<td class="tabd">0
<td class="tabd">744
<td class="tabd">baseline
<tr class="tabr">
<td class="tabd">100
<td class="tabd">701
<td class="tabd">-5.8%
<tr class="tabr">
<td class="tabd">200
<td class="tabd">665
<td class="tabd">-10.6%
<tr class="tabr">
<td class="tabd">500
<td class="tabd">571
<td class="tabd">-23.3%
<tr class="tabr">
<td class="tabd">1000
<td class="tabd">461
<td class="tabd">-38.4%
</table>
</div>
<p> Although this is a fairly contrived set-up and actual real-world rule-sets
are more complex than this, even one hundred rules is a <span class="high under">very</span> large
set, and it does indicate that for all intents and purposes mapping rules may
be used to achieve desired objectives without undue concern about impact on
server throughput.
<a id="10.2" href="#"></a>
<a id="10.2.vmsfilesystemspecifications" href="#"></a>
<a id="vmsfilesystemspecifications" href="#"></a>
<h2 class="head"><span class="numb">10.2</span><span class="text">VMS File System Specifications</span></h2>
<p> The VMS file system in mapping rules is always assumed to begin with a
device or concealed device logical. Specifying a Master File Directory (MFD)
component, the [000000] is completely optional, although always implied. The
mapping functions will always insert one if required for correct file system
syntax. That is, if the VMS file system mapping of a path results in a file in
a top-level directory an MFD is inserted if not explicitly present in the
mapping. For example, both of the following paths
<div class="blockof code">/dka100/example.txt
/dka100/000000/example.txt
</div>
would result in a mapping to
<div class="blockof code">DKA100:[000000]EXAMPLE.TXT
</div>
The MFD is completely optional when both specifying paths in mapping
rules and when supplying paths in a request. Similarly, when supplying a path
that includes directory components, as in
<div class="blockof code">/dka100/dir1/dir2/example.txt
/dka100/000000/dir1/dir2/example.txt
</div>
both mapping to
<div class="blockof code">DKA100:[DIR1.DIR2]EXAMPLE.TXT
</div>
<div class="note">
<a id="10.2.0.0.1" href="#"></a>
<a id="10.2.logicalnames" href="#"></a>
<a id="logicalnames" href="#"></a>
<h5 class="head center"><span class="text">LOGICAL NAMES</span></h5>
<hr class="note_hr">
When using logical names in file system mappings they must be able to be used
as concealed devices and cannot be logical equivalents of directory
specifications. You must be able to perform a
<div class="blockof code">$ DIRECTORY logical-name:[000000]
</div>
to be able to use the specification as a WASD mapping rule.
<hr class="note_hr">
</div>
<p> Concealed device logicals are created using the following syntax:
<div class="blockof code">$ DEFINE LOGICAL_NAME device:[dir1.dir2.]
$ DEFINE LOGICAL_NAME /TRANSLATION=CONCEALED physical_device:[dir1.dir2.]
$ DEFINE LOGICAL_NAME /TRANSLATION=CONCEALED -
physical_device1:,physical_device2:
$ DEFINE LOGICAL_NAME /TRANSLATION=CONCEALED -
physical_device3:[dir1.dir2.],physical_device4:[dir1.dir3.]
</div>
<p> The logical name may be multi-valued and provided the DIRECTORY command can
be used successfully with them (as described above) should be amenable to WASD
directory listing producing equivalent results.
<a id="10.3" href="#"></a>
<a id="10.3.traditionalfilespecificationsods2" href="#"></a>
<a id="traditionalfilespecificationsods2" href="#"></a>
<h2 class="head"><span class="numb">10.3</span><span class="text">Traditional File Specifications (ODS-2)</span></h2>
<p> For ODS-2 volumes, when during rule mapping of a path to a VMS file
specification an RMS-invalid character (e.g. "+") or syntax (e.g.
multiple periods) is encountered a dollar symbol is substituted in an attempt
to make it acceptable. This functionality is often useful for document
collections imported to the local web originating from, for instance, a Unix
site that utilizes non-VMS file system syntax. The default substitution
character may be changed on a per-path basis using the SET rule (<a class="link" href="config010.html#10.5.5.setrule">10.5.5 SET Rule</a>).
<a id="10.4" href="#"></a>
<a id="10.4.extendedfilespecificationsods5" href="#"></a>
<a id="extendedfilespecificationsods5" href="#"></a>
<h2 class="head"><span class="numb">10.4</span><span class="text">Extended File Specifications (ODS-5)</span></h2>
<p> OpenVMS Alpha V7.2 introduced a new on-disk file system structure, ODS-5.
This brings to VMS in general, and WASD and other Web servers in particular, a
number of issues regarding the handling of characters previously not
encountered during (ODS-2) file system activities. ODS-2 and ODS-5 volumes
should be automatically distinguished by the server however it is possible to
<span class="high italic">force</span> interpretation using a path mapping rule (<a class="link" href="config010.html#10.5.5.setrule">10.5.5 SET Rule</a>).
<a id="10.4.1" href="#"></a>
<a id="10.4.1.charactersinrequestpaths" href="#"></a>
<a id="charactersinrequestpaths" href="#"></a>
<h3 class="head"><span class="numb">10.4.1</span><span class="text">Characters In Request Paths</span></h3>
<p> There is a standard for characters used in HTTP requests paths and query
strings (URLs). This includes conventions for the handling of reserved
characters, for example "?", "+", "&", "=" that have specific meanings in a
request, characters that are completely forbidden, for example white-space,
control characters (0x00 to 0x1f), and others that have usages by convention,
for example the "~", commonly used to indicate a username mapping. The request
can otherwise contain these characters provided they are URL-encoded (i.e. a
percentage symbol followed by two hexadecimal digits representing the
hexadecimal-encoded character value).
<p> There is also an RMS standard for handling characters in extended file
specifications, some of which are forbidden in the ODS-2 file naming
conventions, and others which have a reserved meaning to either the
command-line interpreter (e.g. the space) or the file system structure (e.g.
the ":", "[", "]" and "."). Generally the allowed but reserved characters can
be used in ODS-5 file names if escaped using the "^" character. For example,
the ODS-2 file name "THIS_AND_THAT.TXT" could be named "This^_^&^_That.txt" on
an ODS-5 volume. More complex rules control the use of character combinations
with significance to RMS, for instance multiple periods. The following file
name is allowed on an ODS-5 volume, "A-GNU-zipped-TAR-archive^.tar.gz", where
the non-significant period has been escaped making it acceptable to RMS.
<p> Of course characters absolutely forbidden in request paths must still be
URL-encoded, the most obvious example is the space. RMS will accept the file
name "This^ and^ that.txt" (i.e. containing escaped spaces) but the request
path would need to be specified as "This%20and%20that.txt".
<p> Unlike for ODS-2 volumes, ODS-5 volumes do not have "invalid" characters, so
no processing is performed to ensure RMS compliance.
<a id="10.4.2" href="#"></a>
<a id="10.4.2.filenameambiguity" href="#"></a>
<a id="filenameambiguity" href="#"></a>
<h3 class="head"><span class="numb">10.4.2</span><span class="text">File Name Ambiguity</span></h3>
<p> ODS-5 allows for some file name ambiguity in web-space.
<p> For example the file name
<div class="blockof code">This^_is^_an^_EXAMPLE^.txt.;1
</div>
would be presented to the client as
<div class="blockof code">This is an EXAMPLE.txt
</div>
which when provided in a URL as
<div class="blockof code">This%20is%20an%20EXAMPLE.txt
</div>
and translated from that URL into the file specification
<div class="blockof code">This^_is^_an^_EXAMPLE.txt;1
</div>
of course will not be able to be accessed.
<p> In addition, the two files
<div class="blockof code">This^_is^_an^_EXAMPLE.txt;1
This^_is^_an^_EXAMPLE^.txt.;1
</div>
are distinct in the file-system, independently parsed from the
directory structure, presented by a web directory listing (and WebDAV resource
property list) as consecutive entries having the same name, with only the
accessible file name actually available.
<div class="blockof code">This is an EXAMPLE.txt
This is an EXAMPLE.txt
</div>
<p> To avoid this situation a potentially ambiguous file name containing an
escaped period and no type (extension) is ignored by directory listings and
WebDAV property lists. When an ambiguous file name is detected it is reported
in WATCH reports.
<p> While these sorts of situations are corner-cases it is best to try and avoid
<span class="high italic">interesting</span> file names that can challenge the rather convoluted VMS
file-system environment.
<a id="10.4.3" href="#"></a>
<a id="10.4.3.charactersinservergeneratedpaths" href="#"></a>
<a id="charactersinservergeneratedpaths" href="#"></a>
<h3 class="head"><span class="numb">10.4.3</span><span class="text">Characters In Server-Generated Paths</span></h3>
<p> When the server generates a path to be returned to the browser, either in a
viewable page such as a directory listing or error message, or as a part of the
HTTP transaction such as a redirection, the path will contain the URL-encoded
equivalent of the <span class="high italic">canonical form</span> of an extended file specification
escaped character. For example, the file name "This^_and^_that.txt"
will be represented by "This%20and%20that.txt".
<p> When presenting a file name in a viewable page the general rule is to also
provide this URL-equivalent of the unescaped file name, with a small number of
exceptions. The first is a directory listing where VMS format has been
requested by including a version component in the request file specification.
The second is in similar fashion, but with the <span class="high italic">tree</span> facility,
displaying a directory tree. The third is in the navigation page of the
<span class="high italic">UPDate</span> menu. In all of the instances the canonical form of the
extended file specification is presented (although any actual reference to the
file is URL-encoded as described above).
<a id="10.5" href="#"></a>
<a id="10.5.rules" href="#"></a>
<a id="rules" href="#"></a>
<h2 class="head"><span class="numb">10.5</span><span class="text">Rules</span></h2>
<p> These are the categories of mapping rules.
<ul class="list">
<li class="item"> Map paths to the file system, and to other paths:
<ul class="list simple list0">
<li class="item"> MAP
<li class="item"> PASS
<li class="item"> FAIL
<li class="item"> REDIRECT
<li class="item"> USER
</ul>
<li class="item"> Provide access to scripting:
<ul class="list simple list0">
<li class="item"> EXEC
<li class="item"> SCRIPT
<li class="item"> UXEC
</ul>
<li class="item"> Sets characteristics against particular paths:
<ul class="list simple list0">
<li class="item"> SET
</ul>
</ul>
<a id="10.5.1" href="#"></a>
<a id="10.5.1.mappassfailrules" href="#"></a>
<a id="mappassfailrules" href="#"></a>
<h3 class="head"><span class="numb">10.5.1</span><span class="text">MAP, PASS, FAIL Rules</span></h3>
<ol class="list">
<li class="item"> <span class="high bold">map <span class="high italic">template result</span></span>
<p> If the URL path matches the template, substitute the <span class="high italic">result</span>
string for the path and use that for further rule processing. Both template
and result paths must be absolute (i.e. begin with "/").
<li class="item"> <span class="high bold">pass <span class="high italic">template</span> </span>
<br> <span class="high bold">pass <span class="high italic">template result</span> </span>
<br> <span class="high bold">pass <span class="high italic">template "999 message text"</span> </span>
<br> <span class="high bold">pass <span class="high italic">template "200 $command"</span> </span>
<p> If the URL path matches the template, substitute the result if present (if
not just use the original URL path), processing no further rules.
<p> The <span class="high italic">result</span> should be a either a physical VMS file system
specification in URL format or an <span class="high italic">HTTP status-code message</span> (see
below). If there is a direct correspondance between the <span class="high italic">template</span>
and <span class="high italic">result</span> the result may be omitted.
<div class="note"><a id="10.5.1.0.0.1" href="#"></a>
<a id="10.5.1.note" href="#"></a>
<a id="note" href="#"></a>
<h5 class="head center"><span class="text">Note</span></h5>
<hr class="note_hr">
The PASS directive is also used to <span class="high italic">reverse-map</span> VMS file
specifications to the URL path format equivalent.
See <a class="link" href="config010.html#10.6.reversemapping">10.6 Reverse Mapping</a>.
<hr class="note_hr">
</div>
<p> <span class="high bold">An HTTP status-code message</span> can be provided as a result.
The server then generates a response corresponding to that status code
containing the supplied message. Status-code results should be enclosed in
one of single or double quotes, or curly braces. See examples. A
3<span class="high italic">nn</span> status results in a redirection response with the message text
comprising the location. Codes 4<span class="high italic">nn</span> and 5<span class="high italic">nn</span> result in
an error message. Other code ranges (e.g. 0, 1<span class="high italic">nn</span>, 2<span class="high italic">nn</span>,
etc.) simply cause the connection to be immediately dropped, and can be used
for that purpose (i.e. no indication of why!)
<p> <span class="high bold">A 200 with following $</span> will cause the DCL script processor to
execute the command. The output will be returned to the client.
<li class="item"> <span class="high bold">fail <span class="high italic">template</span>
<p> If the URL path matches the template, prohibit access, processing no
further rules. The template path must be absolute (i.e. begin with
"/").
</span>
</ol>
<a id="10.5.2" href="#"></a>
<a id="10.5.2.redirectrule" href="#"></a>
<a id="redirectrule" href="#"></a>
<h3 class="head"><span class="numb">10.5.2</span><span class="text">REDIRECT Rule</span></h3>
<ol class="list">
<li class="item"> <span class="high bold">redirect <span class="high italic">template</span> <span class="high italic">result</span></span>
<p> If the URL path matches the template, substitute the <span class="high italic">result</span>
string for the path. Process no further rules. Redirection rules can provide
result URLs in one of a number of formats, each with a slightly different
behaviour.
<ol class="list">
<li class="item"> The <span class="high italic">result</span> can be a full URL
("http://host.domain/path/to/whatever"). This is used to redirect
requests to a specific service, usually on a another host. A
<span class="high italic">result</span> may or may not contain a fixed query string
("/path/to/whatever?one=two").
<li class="item"> If the scheme (e.g. "http:") is omitted the scheme of the current
request is substituted. This allows HTTP requests to be transparently
redirected via HTTP and HTTPS (SSL) requests via HTTPS (e.g.
"//host.domain/path/to/whatever", note the leading double-slash).
<li class="item"> In a similar fashion both the scheme and the host name may be omitted
(e.g. "///path/to/whatever", note the leading triple-slash). The server then
substitutes the appropriate request scheme and host name before returning the
redirection to the client.
<li class="item"> If the scheme is provided but no host component the current request's
host information is substituted and the redirection made using that (e.g.
"https:///secure/path/to/whatever". This effectively allows a request to be
redirected from standard to SSL, or from SSL to standard HTTP on the same
server.
<li class="item"> As a variation on this, if no host but a port number is present, the
redirection is to the (presumably) non-standard port on that same host.
<p> See <a class="link" href="config010.html#10.7.mappingexamples">10.7 Mapping Examples</a> for examples of each of these.
<li class="item"> Alternatively, it may be just a path ("/path/to/whatever", a single
leading slash), which will cause the server to <span class="high under">internally</span> generate an
entire new request structure to process the new path (i.e. request redirection
is not returned to the client).
<div class="note"><a id="10.5.2.0.0.1" href="#"></a>
<a id="10.5.2.note" href="#"></a>
<a id="note" href="#"></a>
<h5 class="head center"><span class="text">Note</span></h5>
<hr class="note_hr">
Internal redirection (as this is termed) is a fundamental mechanism available
with WASD to completely change the request path and/or query string components
for the request - transparently to the client. It is essentially a complete
rewrite of the request.
<hr class="note_hr">
</div>
<li class="item"> Full request URI rewriting (path and any query string) is available using
the <span class="high italic">map=uri</span> path SETing (<a class="link" href="config010.html#10.5.5.setrule">10.5.5 SET Rule</a>).
<li class="item"> Only if the <span class="high under">last</span> character in the <span class="high italic">result</span> is a question mark ("?")
will any query string in the original be propagated into the redirection URL
(that is the original request "/original/test.txt?plus=query" is mapped using
"redirect /original/* /path/to/*?" does the resulting URL become
"/path/to/test.txt?plus=query").
</ol>
</ol>
<a id="10.5.3" href="#"></a>
<a id="10.5.3.userrule" href="#"></a>
<a id="userrule" href="#"></a>
<h3 class="head"><span class="numb">10.5.3</span><span class="text">USER Rule</span></h3>
<p> The USER rule maps a VMS user account default device and directory (i.e.
<span class="high italic">home</span> directory) into a request path. That is, the base location for the
request is obtained from the VMS systems SYSUAF file. This is usually invoked
by a request path in the form "/~username/", see
<a class="link" href="config010.html#10.9.mappinguserdirectories">‘Mapping User Directories’ in 10.9 Conditional Mapping</a> for more detailed information.
<ol class="list">
<li class="item"> <span class="high bold">user <span class="high italic">template</span> <span class="high italic">result</span></span>
<p> If the path matches the template then the result is substituted, with the
following conditions. At least one wildcard must be present. The first
wildcard in the result substitutes the username's home directory into the path
(in place of the "~username"). Any subsequent wildcard(s) substitute
corresponding part(s) of the original path.
<p> If the user DANIEL's default device and directory were
<div class="blockof code">USER$DISK:[DANIEL]
</div>
the following rule
<div class="blockof code">user /~*/* /*/www/*
</div>
would result in the following path being mapped and used
<div class="blockof code">/user$disk/daniel/www/
</div>
</ol>
<div class="note"><a id="10.5.3.0.0.1" href="#"></a>
<a id="10.5.3.note" href="#"></a>
<a id="note" href="#"></a>
<h5 class="head center"><span class="text">Note</span></h5>
<hr class="note_hr">
Accounts that possess SYSPRV, are CAPTIVE, have been DISUSERED or that have
expired passwords will not be mapped. A "directory not found" error
report is returned.
<hr class="note_hr">
</div>
<a id="10.5.4" href="#"></a>
<a id="10.5.4.execuxecandscriptscriptmappingrules" href="#"></a>
<a id="execuxecandscriptscriptmappingrules" href="#"></a>
<h3 class="head"><span class="numb">10.5.4</span><span class="text">EXEC/UXEC and SCRIPT, Script Mapping Rules</span></h3>
<p> Also see <a class="link blank" target="_blank" href="../scripting/#0.">WASD Scripting Environment</a> for further
information.
<p> The EXEC/UXEC and SCRIPT directives have the <span class="high bold">variants
EXEC+/UXEC+ and SCRIPT+</span>. These behave in exactly the same fashion and
simply mark the rule as representing a CGIplus script environment.
<p> The EXEC/UXEC rules maps script <span class="high bold">directories</span>.
<p> The SCRIPT rules maps script <span class="high bold">file names</span>. It behaves a
little differently to the EXEC rule, essentially supplying in a single rule the
effect of a MAP then an EXEC rule.
<p> Both rules must have a <span class="high italic">template</span> and <span class="high italic">result</span>, and
both must end in a wildcard asterisk. The placement of the wildcards and the
subsequent functionality is slightly different however. Both template
and result paths must be absolute (i.e. begin with "/").
<ol class="list">
<li class="item"> <span class="high bold">exec <span class="high italic">template result</span> </span>
<p> The EXEC rule requires the <span class="high italic">template</span>'s asterisk to immediately
follow the slash terminating the directory specification containing the
scripts. The script name follows immediately as part of the wildcard-matched
string. For example:
<div class="blockof code">exec /htbin/* /wasd_root/script/*
</div>
<p> If the URL path matches the template, the result, including the first
slash-terminated part of the wildcard-matched section, becomes the URL format
physical VMS file specification the script to be executed. What remains of the
original URL path is used to create the path information. Process no further
rules.
<p> Hence, the EXEC rule will match multiple script specifications without
further rules, the script name being supplied with the URL path. Hence any
script (i.e. procedure, executable) in the specified directory is accessible,
a possible security concern if script management is distributed.
<li class="item"> <span class="high bold">exec <span class="high italic">template (run-time-environment)result</span> </span>
<p> A variation on the "exec" rules allows a Run-Time Environment (RTE)
to be mapped. An RTE is a persistant scripting environment not unlike CGIplus.
The essential difference is an RTE provides an environment in which a variety
of scripts can be run. It is often an interpreter, such as Perl, where the
advantages of persistance (reduced response latency and system impact) are
available. For more information on RTEs and how they operate see the
<a class="link blank" target="_blank" href="../scripting/#0.">WASD Scripting Environment</a> document.
<p> The RTE executable is specified in parentheses prefixed to the mapping
result, as show in this example:
<div class="blockof code">exec /pl-bin/* (cgi-bin:[0000000]perlrte.exe)/wasd_root/src/perl/*
</div>
<li class="item"> <span class="high bold">script <span class="high italic">template result</span> </span>
<p> The SCRIPT rule requires the <span class="high italic">template</span>'s asterisk to
immediately follow the <span class="high italic">unique string</span> identifying the script in the
URL path. The wildcard-matched string is the following path, and supplied to
the script. For example:
<div class="blockof code">script /conan* /wasd_root/script/conan*
</div>
<p> If the URL path matches the template, the result becomes the URL format
physical VMS file specification for the DCL procedure of the script to be
executed (the default file extension of ".COM" is not required). What
remains of the original URL path is used to create the path information.
Process no further rules.
<div class="note"><a id="10.5.4.0.0.1" href="#"></a>
<a id="10.5.4.note" href="#"></a>
<a id="note" href="#"></a>
<h5 class="head center"><span class="text">Note</span></h5>
<hr class="note_hr">
The wildcard asterisk is best located immediately after the unique script
identifier. In this way there does not need to be any path supplied with the
script. If even a slash follows the script identifier it may be mapped into a
file specification that may or may not be meaningful to the script.
<hr class="note_hr">
</div>
<p> Hence, the SCRIPT rule will match only the script specified in the
<span class="high italic">result</span>, making for finely-granular scripting at the expense of a
rule for each script thus specified. It also implies that only the script name
need precede any other path information.
<p> It may be thought of as a more efficient implementation of the equivalent
functionlity using two CERN rules, as illustrated in the following example:
<div class="blockof code">map /conan* /script/conan*
exec /cgi-bin/* /cgi-bin/*
</div>
<li class="item"> <span class="high bold">uxec <span class="high italic">template result</span> </span>
<p> The UXEC rule is an analog to the EXEC rule, except it is used to map user
scripts. It requires two mapping asterisks, the first for the username, the
second for the script name. It must be used in conjunction with a SET
<span class="high italic">script=as=~</span> rule. For example:
<div class="blockof code">SET /~*/cgi-bin/* script=as=~
UXEC /~*/cgi-bin/* /*/www/cgi-bin/*
</div>
<p> For further information see <a class="link" href="config010.html#10.10.1.useraccountscripting">‘User Account Scripting’ in 10.10.1 Using The SYSUAF</a> and the
<a class="link blank" target="_blank" href="../scripting/#introduction">Introduction</a> of
<a class="link blank" target="_blank" href="../scripting/#0.">WASD Scripting Environment</a>.
</ol>
<a id="10.5.4.0.1" href="#"></a>
<a id="10.5.4.scriptlocation" href="#"></a>
<a id="scriptlocation" href="#"></a>
<h5 class="head"><span class="text">Script Location</span></h5>
<p> It is conventional to locate script images in WASD_ROOT:[AXP-BIN] or
WASD_ROOT:[X86_64-BIN] (depending on the platform), and procedures, etc. in
WASD_ROOT:[CGI-BIN]. These multiple directories are accessible via the single
search list logical CGI-BIN.
<p> Script files can be located in area completely outside of the WASD_ROOT tree.
Two approaches are available.
<ol class="list">
<li class="item"> Modify the search list CGI-BIN to include the additional directories.
Only should be done with extreme care.
<li class="item"> Use mapping rules to make the script accessible. This can be done by
using the EXEC or SCRIPT rule to specify the directory directly as in these
examples
<div class="blockof code">exec /mycgi-bin/* /site_local_scripts/bin/*
script /myscript* /web/myscripts/bin/myscript.exe*
</div>
or by using the MAP rules to make a hierarchy of script locations obvious
and accessible, as in this example
<div class="blockof code">map /cgi-bin/myscripts/* /cgi-bin_myscripts/*
exec /cgi-bin_myscripts/* /web/myscripts/bin/*
</div>
</ol>
<a id="10.5.4.0.2" href="#"></a>
<a id="10.5.4.execdirectoriesandexecfiles" href="#"></a>
<a id="execdirectoriesandexecfiles" href="#"></a>
<h5 class="head"><span class="text">EXEC Directories and EXEC Files</span></h5>
<p> Generally directories are specified as locations for script files. This is
the more common application, with the EXEC rules used as in this example
<div class="blockof code">exec /cgi-bin/* /cgi-bin/*
</div>
<p> Mapping a file type into an EXEC behaviour is also supported. This allows
all files within the specified path and with the matching file suffix
(extension) to be activated as scripts. Of course a script runtime must be
available for the server to be able activate it. The following example
demonstrates mapping all files ending in .CGI in the /web/ tree as executable
scripts.
<div class="blockof code">exec /web/*.cgi* /web/*.cgi*
</div>
<div class="note">
<a id="10.5.4.0.3" href="#"></a>
<a id="10.5.4.warning" href="#"></a>
<a id="warning" href="#"></a>
<h5 class="head center"><span class="text">WARNING</span></h5>
<hr class="note_hr">
Remember scripts are <span class="high bold">executables</span>. Enabling scripting in a
general user area allows <span class="high bold">any</span> user to write and execute any
script, by default under the scripting account. Deploy with discretion.
<hr class="note_hr">
</div>
<a id="10.5.5" href="#"></a>
<a id="10.5.5.setrule" href="#"></a>
<a id="setrule" href="#"></a>
<h3 class="head"><span class="numb">10.5.5</span><span class="text">SET Rule</span></h3>
<p> The SET rule does not change the mapping of a path, it just sets one or
more characteristics against that path that affect the subsequent processing
in some way. It is a general purpose rule that conveniently allows the
administrator to tell the server to process requests with particular paths in
some ad hoc and generally useful fashion. Most SET parameters are single
keywords that act as boolean switches on the request, some require parameter
strings. Multiple space-separated parameters may be set against against the one
path in a single SET statement.
<ul class="list">
<li class="item"> <span class="high bold">ACCEPT=LANG=<span class="high italic"><parameter></span> – </span>
Allows a path to be marked for language-variant document processing.
<table class="tabl">
<tr class="tabr under">
<th class="tabh">Rule
<th class="tabh">Description
<tr class="tabr">
<tr class="tabr">
<td class="tabd">ACCEPT=LANG= DEFAULT=<span class="high italic"><language></span>
<td class="tabd">sets the default language
<tr class="tabr">
<td class="tabd">ACCEPT=LANG= CHAR=<span class="high italic"><character></span>
<td class="tabd">sets the delimiting character
<tr class="tabr">
<td class="tabd">ACCEPT=LANG= VARIANT=<span class="high italic"><name>|<type></span>
<td class="tabd">allows the alternate file-type variant to be specified
<tr class="tabr">
<td class="tabd">ACCEPT=LANG= (DEFAULT=<span class="high italic"><language></span>, <br>
CHAR=<span class="high italic"><character></span>)
<td class="tabd">sets both (etc.)
<tr class="tabr">
<td class="tabd">NOACCEPT=LANG
<td class="tabd">disables language variant processing (on a subtree for example)
</table>
<p> For detailed configuration information see <a class="link" href="config002.html#2.8.languagevariants">2.8 Language Variants</a>.
<li class="item"> <span class="high bold">ALERT[=<span class="high italic"><keyword></span>] – </span>
Marks a path as being of specific interest. When a request containing this
path is detected by the server it puts a message into the the server process
log and perhaps of greater immediate usefulness the increase in alert hits is
detected by HTTPDMON and this (optionally) provides an audible alert. The
following is ordered according to how early in processing the alert is
signalled.
<table class="tabl">
<tr class="tabr under">
<th class="tabh">Rule
<th class="tabh">Description
<tr class="tabr">
<tr class="tabr">
<td class="tabd">ALERT=MAP
<td class="tabd">generates this alert immediately after path mapping (i.e.
before the request actually begins being processed)
<tr class="tabr">
<td class="tabd">ALERT=AUTH
<td class="tabd">after authorization (i.e. when any remote username has
been resolved)
<tr class="tabr">
<td class="tabd">ALERT=<span class="high italic"><integer></span>
<td class="tabd">if the response HTTP status
matches the specific integer
<tr class="tabr">
<td class="tabd">ALERT=END
<td class="tabd">at the conclusion of process (the default)
<tr class="tabr">
<td class="tabd">NOALERT
<td class="tabd">cancels alerts on this path (perhaps subpath)
</table>
<li class="item"> <span class="high bold">AUTH=<span class="high italic"><keyword></span> – </span>
Changes the specified characteristic during subsequent authorization
processing.
<table class="tabl">
<tr class="tabr under">
<th class="tabh">Rule
<th class="tabh">Description
<tr class="tabr">
<tr class="tabr">
<td class="tabd">[NO]AUTH=ALL
<td class="tabd">All requests matching this path must have been subject
to authorization or fail with a forbidden status. This is a per-path
requivalent of implementing the per-server /AUTHORIZE=ALL policy, and is a
little "belt and braces" in a certain sense, but does permit a site to
further avoid unintended information leakage (in this case through the failure
ensure a given path has authorization).
<tr class="tabr">
<td class="tabd">[NO]AUTH=ONCE
<td class="tabd">If a request path contains both a script component
and a resource component by default the WASD server makes sure both parts are
authorized before allowing access. This can be disabled using this path
setting. When this is done only the original request path undergoes
authorization.
<tr class="tabr">
<td class="tabd">AUTH=REVALIDATE=<span class="high italic"><hh:mm:ss></span>
<td class="tabd">Authorization is
cancelled and the client requested to reenter the username and password if
this period expires between authorized requests. Overrides configuration
directive [AuthRevalidateUserMinutes].
<tr class="tabr">
<td class="tabd">AUTH=SYSUAF= PWDEXPURL=<span class="high italic"><string></span>
<td class="tabd">Parallels the
[AuthSysUafPwdExpURL] configuration directive, allowing it to be set on a
per-path or virtual service basis.
</table>
<li class="item"> <span class="high bold">CACHE=<span class="high italic"><keyword></span> – </span>
The default is to cache files (when caching is enabled,
<a class="link" href="config009.html#9.cacheconfiguration">9. Cache Configuration</a>).
<table class="tabl">
<tr class="tabr under">
<th class="tabh">Rule
<th class="tabh">Description
<tr class="tabr">
<tr class="tabr">
<td class="tabd">CACHE=NONE
<td class="tabd">disables caching of files matching this rule
<tr class="tabr">
<td class="tabd">CACHE=EXPIRES=0
<td class="tabd">cancels previous mapped expiry
<tr class="tabr">
<td class="tabd">CACHE=EXPIRES=DAY
<td class="tabd">expires on change of day
<tr class="tabr">
<td class="tabd">CACHE=EXPIRES=HOUR
<td class="tabd">expires on change of hour
<tr class="tabr">
<td class="tabd">CACHE=EXPIRES=MINUTE
<td class="tabd">expires on change of minute
<tr class="tabr">
<td class="tabd">CACHE=EXPIRES=<span class="high italic"><period></span>
<td class="tabd">sets the expiry period for the entry
<tr class="tabr">
<td class="tabd">CACHE=GUARD=<span class="high italic"><period></span>
<td class="tabd">sets the guard period (no reload) for the cache entry
<tr class="tabr">
<td class="tabd">CACHE=MAX=<span class="high italic"><integer></span>
<td class="tabd">cache files up to this many kilobytes (overrides [CacheFileKBytesMax])
<tr class="tabr">
<td class="tabd">CACHE=[NO]CGI
<td class="tabd">cache CGI-compliant (script) responses
<tr class="tabr">
<td class="tabd">CACHE=[NO]FILE
<td class="tabd">cache files matching this rule (the default)
<tr class="tabr">
<td class="tabd">CACHE=[NO]NET
<td class="tabd">cache any network output
<tr class="tabr">
<td class="tabd">CACHE=[NO]NPH
<td class="tabd">cache NPH (non-parse-header script) responses
<tr class="tabr">
<td class="tabd">CACHE=[NO]SCRIPT
<td class="tabd">cache both CGI and NPH responses
<tr class="tabr">
<td class="tabd">CACHE=[NO]SSI
<td class="tabd">cache SSI document responses
<tr class="tabr">
<td class="tabd">CACHE=[NO]QUERY
<td class="tabd">cache (script) regardless of containing a query string
<tr class="tabr">
<td class="tabd">CACHE=[NO]PERM
<td class="tabd">permanently cache these files
</table>
<li class="item"> <span class="high bold">CGIPLUSIN=<span class="high italic"><keyword></span> – </span>
Provides control over how CGIplus records on the CGIPLUSIN stream are carriage
controlled and how the stream is terminated. A little esoteric certainly; ask
Alex Ivanov ;-)
<table class="tabl">
<tr class="tabr under">
<th class="tabh">Rule
<th class="tabh">Description
<tr class="tabr">
<tr class="tabr">
<td class="tabd">CGIPLUSIN=CC=NONE
<td class="tabd">no carriage control
<tr class="tabr">
<td class="tabd">CGIPLUSIN=CC=LF
<td class="tabd">each record has a trailing line feed (0x0a)
<tr class="tabr">
<td class="tabd">CGIPLUSIN=CC=CR
<td class="tabd">a trailing carriage return (0x0d)
<tr class="tabr">
<td class="tabd">CGIPLUSIN=CC=CRLF
<td class="tabd">a trailing line feed then carriage return (0x0d0a)
<tr class="tabr">
<td class="tabd">CGIPLUSIN=[NO]EOF
<td class="tabd">the end of the record stream is indicated using an end-of-file
</table>
<li class="item"> <span class="high bold">CGIPREFIX=<span class="high italic"><string></span> – </span>
CGI environment variable names are by default prefixed with "WWW_".
This may be changed on a per-path basis using this SET rule. To remove the
prefix altogether for selected scripts use "CGIprefix=".
<li class="item"> <span class="high bold">CHARSET=<span class="high italic"><string></span> – </span>
This setting allows overriding of the server default ([CharsetDefault]
configuration parameter) content-type character set (in the response header)
for text files (plain and HTML). A string is required as in the following
example, "charset=ISO-8859-5".
<li class="item"> <span class="high bold">CLIENT=<span class="high italic"><keyword></span> – </span>
Client IP address data is often used during conditional mapping and as
represented by CGI variable data in scripts and interpreter environments. This
setting allows an up-stream proxy/accelerator to provide the actual client IP
address via request header and have that data substitute for the instrinsic IP
address of the up-stream proxy. This provides a level of transparency to
server processing via such a proxy.
<table class="tabl">
<tr class="tabr under">
<th class="tabh">Rule
<th class="tabh">Description
<tr class="tabr">
<tr class="tabr">
<td class="tabd">CLIENT=FORWARDED
<td class="tabd">Substitute the (first) address from the
"Forwarded": request header. Return a 403 status if no
"Forwarded:" header present.
<tr class="tabr">
<td class="tabd">CLIENT=IF=FORWARDED
<td class="tabd">As above but the absence of a
"Forwarded:" request header is not fatal.
<tr class="tabr">
<td class="tabd">CLIENT=LITERAL=<span class="high italic"><string></span>
<td class="tabd">Substitue the
following string. Intended for testing purposes.
<tr class="tabr">
<td class="tabd">CLIENT=RESET
<td class="tabd">Reset the substituted client data to the original
(up-stream proxy).
<tr class="tabr">
<td class="tabd">CLIENT=XFORWARDEDFOR
<td class="tabd">Substitute the (first) address from the
"X-Forwarded-For": request header. Return a 403 status if no
"X-Forwarded-For:" header present.
<tr class="tabr">
<td class="tabd">CLIENT=IF=XFORWARDEDFOR
<td class="tabd">As above but the absence of a
"X-Forwarded-For:" request header is not fatal.
</table>
<li class="item"> <span class="high bold">CONTENT=<span class="high italic"><string></span> – </span>
The content-type of a file is normally determined by the file's type
(extension). This setting allows files matching the template to be returned
with the specified content-type. The content-type must be specified as a
parameter, e.g. "content=application/binary".
<li class="item"> <span class="high bold">CSS=<span class="high italic"><URI>|<URL></span> – </span>
Provides a path (URI) or full URL to a stylesheet for a WASD-generated page
(e.g. a directory listing). Adds a
<div class="blockof code"><LINK REL="stylesheet" TYPE="text/css" HREF="<span class="high italic">uri</span>">
</div>
to the page HTML header.
<li class="item"> <span class="high bold">DICT=<span class="high italic"><key>=<value></span> – </span>
Set a dictionary entry. See <a class="link" href="config005.html#5.5.dictionary">5.5 Dictionary</a>.
<li class="item"> <span class="high bold">DIR=<span class="high italic"><keyword></span> – </span>
Allows directory listing to be controlled on a per path basis. These
parallel the coresponding configuration [Dir..] directives.
<table class="tabl">
<tr class="tabr under">
<th class="tabh">Rule
<th class="tabh">Description
<tr class="tabr">
<tr class="tabr">
<td class="tabd">DIR=[NO]ACCESS
<td class="tabd">allows directory listing
<tr class="tabr">
<td class="tabd">DIR=ACCESS=SELECTIVE
<td class="tabd">allows directory listing if the directory contain
the file .WWW_BROWSABLE
<tr class="tabr">
<td class="tabd">DIR=DELIMIT=<span class="high italic"><keyword></span>
<td class="tabd">header, footer, both, none
<tr class="tabr">
<td class="tabd">DIR=[NO]ILINK
<td class="tabd">icon plain-text link can be disabled
<tr class="tabr">
<td class="tabd">DIR=[NO]IMPLIEDWILDCARD
<td class="tabd">add wildcards if not in path
<tr class="tabr">
<td class="tabd">DIR=SORT=<span class="high italic"><column></span>
<td class="tabd">pre-sort a listing
<tr class="tabr">
<td class="tabd">DIR=STYLE=<span class="high italic"><keyword></span>
<td class="tabd">set the style of a directory listing
<p> <ul class="list simple list0">
<li class="item"> "ANCHOR" the v8.2 thru v10.3 WASD style
<li class="item"> "DEFAULT" the current WASD style (v10.4 and later)
<li class="item"> "HTDIR" Alex Ivanov's HTdir style
<li class="item"> "ORIGINAL" WASD traditional style (before v8.2)
<li class="item"> "SORT" listing sortable on column
<li class="item"> "TABLE" using HTML table layout (v10.4 and later)
<li class="item"> "<span class="high italic">above</span>2" any of the above without horizontal rules
</ul>
<tr class="tabr">
<td class="tabd">DIR=TARGET=<span class="high italic"><string></span>
<td class="tabd">open the file in another window
<p> <ul class="list simple list0">
<li class="item"> "_blank" opens the file in a new window or tab
<li class="item"> "_self" in the same frame
<li class="item"> "_parent" in the parent frame
<li class="item"> "_top" in the full body of the window
<li class="item"> "<span class="high italic">framename</span>" in the named frame
</ul>
<tr class="tabr">
<td class="tabd">DIR=THESE=<span class="high italic"><filespec></span>
<td class="tabd">restrict listing to
specified filename(s)
<tr class="tabr">
<td class="tabd">DIR=TITLE=<span class="high italic"><keyword></span>
<td class="tabd">format the title
of the window (tab)
<p> <ul class="list simple list0">
<li class="item"> "0" (digit zero) suppress any title
<li class="item"> "1..99" where 1 is the top-level directory (device), 2 is the
second-level directory, 3 … 99 the current directory
<li class="item"> "DEFAULT" the default for the directory <span class="high italic">style</span>
<li class="item"> "OWNER" the VMS account owning the directory
<li class="item"> "REMOTE" the remote user name (for X509 authentication the
certificate common-name)
<li class="item"> "THIS=<string>" a literal string
</ul>
<tr class="tabr">
<td class="tabd">DIR=VERSIONS=<span class="high italic"><integer></span>
<td class="tabd">list the specified
maximum number of file versions, or if an asterisk all versions
<tr class="tabr">
<td class="tabd">DIR=[NO]WILDCARD
<td class="tabd">allow a directory listing to be "forced"
by including wildcards in the path
</table>
<li class="item"> <span class="high bold">[NO]EXPIRED – </span>
This setting allows files in the specified paths to be sent pre-expired. The
browser should always then reload them whenever accessed.
<li class="item"> <span class="high bold">HTML=<span class="high italic"><keyword>=<string></span> – </span>
Allows the <BODY> tag, and header and/or footer characteristics and text to be
added to selected server generated pages such as directory listings and error
messages.
<table class="tabl">
<tr class="tabr under">
<th class="tabh">Rule
<th class="tabh">Description
<tr class="tabr">
<tr class="tabr">
<td class="tabd">HTML=BODYTAG=
<td class="tabd">specifies the page <BODY> tag
characteristics (e.g. html=bodytag="BGCOLOR=#ffffff")
<tr class="tabr">
<td class="tabd">HTML=HEADER=
<td class="tabd">the page header text
<tr class="tabr">
<td class="tabd">HTML=HEADERTAG=
<td class="tabd">the <TD> tag characteristics of the
header table (e.g. html=headertag="BGCOLOR=#cccccc")
<tr class="tabr">
<td class="tabd">HTML=FOOTER=
<td class="tabd">the page footer text
<tr class="tabr">
<td class="tabd">HTML=FOOTERTAG=
<td class="tabd">the <TD> tag characteristics of the
footer table
</table>
<p> The <span class="high italic">headertag</span> and <span class="high italic">footertag</span> directives also allow
the full table tag to be specified, allowing greater flexibility with these
parts of the page (e.g. html=footertag="<TABLE BORDER=1
CELLPADDING=10 CELLSPACING=0><TR><TD BGCOLOR=#cccccc>".
<li class="item"> <span class="high bold">HTTP=<span class="high italic"><parameter></span> – </span>
Explicitly sets an aspect of the HTTP request header.
<table class="tabl">
<tr class="tabr under">
<th class="tabh">Rule
<th class="tabh">Description
<tr class="tabr">
<tr class="tabr">
<td class="tabd">HTTP=ACCEPT-CHARSET=<span class="high italic"><string></span>
<td class="tabd">the "Accept-Charset:" field
<tr class="tabr">
<td class="tabd">HTTP=ACCEPT-LANGUAGE=<span class="high italic"><string></span>
<td class="tabd">the "Accept-Language:" field
</table>
<li class="item"> <span class="high bold">HTTP2=<span class="high italic"><parameter></span> – </span>
Controls an aspect of an HTTP/2 connection, or initiates an action on that
connection.
<table class="tabl">
<tr class="tabr under">
<th class="tabh">Rule
<th class="tabh">Description
<tr class="tabr">
<tr class="tabr">
<td class="tabd">HTTP2=PROTOCOL=1.1
<td class="tabd">send the client an HTTP_1_1_REQUIRED error whcich should cause it to re-request
as HTTP/1.1
<tr class="tabr">
<td class="tabd">HTTP2=SEND=GOAWAY[=<span class="high italic"><integer></span>]
<td class="tabd">send the client a connection GOAWAY frame with optional error number
<tr class="tabr">
<td class="tabd">HTTP2=SEND=PING
<td class="tabd">send the client an HTTP/2 ping
<tr class="tabr">
<td class="tabd">HTTP2=SEND=RESET[=<span class="high italic"><integer></span>]
<td class="tabd">send the client a stream (request) reset (close) with optional error number
<tr class="tabr">
<td class="tabd">HTTP2=WRITE=<span class="high italic">LOW|NORMAL|HIGH</span>
<td class="tabd">this stream (request) will write to the network at the specified priority
relative to other data on the connection
</table>
<li class="item"> <span class="high bold">INDEX=<span class="high italic"><string></span> – </span>
This setting provides the "Index of" (directory listing) format string
for directory paths matching the template. It uses the same formatting as can
be supplied with a URL and overrides any query string passed via any URL.
<li class="item"> <span class="high bold">[NO]LOG – </span>
When server access logging is enabled the default is to log all requests. The
NOLOG setting suppresses logging for requests involving the specified path
template.
<li class="item"> <span class="high bold">MAP=<span class="high italic"><parameter></span> – </span>
Controls aspects of the mapping processing itself (from that point in the rules
onwards of course).
<table class="tabl">
<tr class="tabr under">
<th class="tabh">Rule
<th class="tabh">Description
<tr class="tabr">
<tr class="tabr">
<td class="tabd">[NO]MAP=ELLIPSIS
<td class="tabd">By default the use of the VMS file specification
ellipsis wilcard ("...") is not allowed. This enables this for the
path specified. Use with caution.
<tr class="tabr">
<td class="tabd">[NO]MAP=ONCE
<td class="tabd">Normally, when a script has been identified during
mapping, the resultant path information is also mapped in a second pass. This
can be suppressed by SETing the path as MAP=ONCE. The resultant path is then
given to the script without further processing.
<tr class="tabr">
<td class="tabd">MAP=RESTART
<td class="tabd">Causes an immediate change to the order of rule
processing. Instead of the next rule, the first rule in the configuration is
processed. This is intended to remove the need for copious repetition in the
rule set. A common or set of common processing blocks can be established near
the start of the rule set and be given requests from processing points further
down in the rules. It is intended to be used only once or perhaps twice and
will abort the request if it occurs too often. Can be detected using the
<span class="high italic">restart:</span> conditional (<a class="link" href="config005.html#5.3.conditionalkeywords">5.3 Conditional Keywords</a>). Use with caution!
Injudicious use would make unexpected mappings expected!
<tr class="tabr">
<td class="tabd">[NO]MAP=ROOT=<span class="high italic"><string></span>
<td class="tabd">Prefixes the results
of following rules with the specified path so that they are all subordinate to
it. This also populates the DOCUMENT_ROOT CGI variable. See
<a class="link" href="config002.html#2.2.documentroot">‘Document Root’ in 2.2 Site Organisation</a>.
<tr class="tabr">
<td class="tabd">[NO]MAP=SET=IGNORE
<td class="tabd">All path SETings following an IGNORE are
completely ignored (not applied to the mapping or request characteristics)
until a subsequent NOINGORE is encountered.
<tr class="tabr">
<td class="tabd">[NO]MAP=SET=REQUEST
<td class="tabd">All path SETings following a NOMAP=SET=REQUEST
are only applied to the mapping and not to the request's characteristics until
a subsequent MAP=SET=REQUEST is encountered. Intended for use during callouts.
These can be detected using the <span class="high italic">callout:</span> conditional
(<a class="link" href="config005.html#5.3.conditionalkeywords">5.3 Conditional Keywords</a>).
<tr class="tabr">
<td class="tabd">[NO]MAP=URI
<td class="tabd">Normally mapping is performed on the request path.
This SETing replaces the path with the full, raw, request URI (undecoded path
plus any query string). This allows subsequent mapping rules to be applied to
the full URI and therefore path components to be remapped into query components,
and query components into path components (using specified substitution, see
<a class="link" href="config004.html#4.4.expressionsubstitution">4.4 Expression Substitution</a>).
</table>
<li class="item"> <span class="high bold">NOTEPAD=[+]<span class="high italic"><string></span> – </span>
The <span class="high italic">request notepad</span> is a string storage area that can be used to store and
retrieve ad hoc information during path mapping and subsequent authorization
processing. Multiple <span class="high italic">notepad=string</span> set against the one request override
previous settings unless preceded by a leading plus symbol, when it appends.
These contents then can be subsequently detected using the <span class="high italic">notepad:</span>
conditional keyword (<a class="link" href="config005.html#5.3.1.notepadkeyword">5.3.1 Notepad: Keyword</a>) or the obsolescent 'NO' mapping
conditional.
<li class="item"> <span class="high bold">ODS=<span class="high italic"><keyword></span> – </span> Directs the server on how to process file names
for naming conventions other than ODS-2 (the default). Be sure to add an
asterisk at the end of the specific ODS path otherwise only the top-level will
set!
<table class="tabl">
<tr class="tabr under">
<th class="tabh">Rule
<th class="tabh">Description
<tr class="tabr">
<tr class="tabr">
<td class="tabd">ODS=2
<td class="tabd">is basically redundant, because if a path is not indicated as
anything else it is assumed to be ODS-2. This can be used for clarity in the
mapping rules if required.
<tr class="tabr">
<td class="tabd">ODS=5
<td class="tabd">is used to indicate that a particular path maps to files on
an ODS-5 (EFS) volume and so the names may comply to extended specifications.
This changes the way file names are processed, including for example the
replacement of invalid RMS characters (see below).
<tr class="tabr">
<td class="tabd">ODS=ADS
<td class="tabd">is used to process file names that are encoded using the
Advanced Server (PATHWORKS 6) schema.
<tr class="tabr">
<td class="tabd">ODS=NAME=<span class="high italic">8BIT|UTF8|DEFAULT</span>
<td class="tabd">When a file is PUT (created) using WebDAV or upload, for non-7bit ASCII
file names use native ODS-5 8bit syntax (default) or UTF-8 encoded character
sequences.
<tr class="tabr">
<td class="tabd">ODS=PWK
<td class="tabd">is used for processing file names encoded using the
PATHWORKS 4/5 schema.
<tr class="tabr">
<td class="tabd">ODS=SMB
<td class="tabd">is a synonym for ODS=ADS and makes clear the path is also
being served by Samba.
<tr class="tabr">
<td class="tabd">ODS=SRI
<td class="tabd">for file names encoded using the SRI schema (used by
MultiNet and TCPware NFS, FTP and other utilities).
</table>
<li class="item"> <span class="high bold">QUERY-STRING=<span class="high italic"><string></span> – </span>
Set the request's query string to that specified in the directive. Overloads
any current query string. Specify URL-encoded if the characters require it.
<li class="item"> <span class="high bold">PROXY=<span class="high italic"><parameter></span> – </span>
Sets an aspect of proxy request processing.
<table class="tabl">
<tr class="tabr under">
<th class="tabh">Rule
<th class="tabh">Description
<tr class="tabr">
<tr class="tabr">
<td class="tabd">PROXY=[NO]AFFINITY
<td class="tabd">sets client to origin server affinity.
<tr class="tabr">
<td class="tabd">PROXY=BIND=<span class="high italic"><ip-address></span>
<td class="tabd">makes outgoing proxy requests appear to
originate from this IP address. Must be an address that the media can be bound
to.
<tr class="tabr">
<td class="tabd">PROXY=CHAIN=<span class="high italic"><host:port></span>
<td class="tabd">makes outgoing proxy requests chain to
this up-stream proxy server.
<tr class="tabr">
<td class="tabd">PROXY=CHAIN=CRED=<span class="high italic"><username:password></span>
<td class="tabd">provides proxy authentication
credentials to an up-stream proxy server.
<tr class="tabr">
<td class="tabd">PROXY=FORWARDED
<td class="tabd">controls generatation a proxy "Forwarded:" request
field. This optional field contains information on the proxy server and as a
further option the client name or IP address.
<p> <ul class="list simple list0">
<li class="item">"PROXY=NOFORWARDED" disables
<li class="item">"PROXY=FORWARDED[=BY]" contains the <span class="high italic">by</span> component.
<li class="item">"PROXY=FORWARDED=FOR" contains <span class="high italic">by</span> and the
<span class="high italic">for</span> components (client host name). Also used with WASD_TUNNEL (proxy
tunneling).
<li class="item">"PROXY=FORWARDED=ADDRESS" contains <span class="high italic">by</span> and the <span class="high italic">for</span> components
(client host address). Also used with WASD_TUNNEL (proxy tunneling).
</ul>
<tr class="tabr">
<td class="tabd">PROXY=HEADER=<span class="high italic"><name></span>[=<span class="high italic"><string></span>]
<td class="tabd">removes or sets the value of the specified proxied request header. Examples:
<p> <ul class="list simple list0">
<li class="item">"PROXY=HEADER=referer" would remove the
"Referer:" header field from the proxied request
<li class="item">"PROXY=HEADER=referer=http://whatever/" would set the
"Referer:" header field to the specified URL
<li class="item">"PROXY=HEADER=user-agent=Nosey 1.0" would set the
"User-Agent:" header field to the "Nosey 1.0"
</ul>
<tr class="tabr">
<td class="tabd">PROXY=REVERSE=[NO]AUTH
<td class="tabd">suppresses propogation of any "Authorize" header.
<tr class="tabr">
<td class="tabd">PROXY=REVERSE=LOCATION=<span class="high italic"><string></span>
<td class="tabd">rewrites the matching "Location:" header field URL of a 302 response from an
internal, reverse-proxied server.
<tr class="tabr">
<td class="tabd">PROXY=REVERSE=[NO]VERIFY
<td class="tabd">sets a specialized authorization capability. See
<a class="link blank" target="_blank" href="/wasd_root/src/httpd/proxyverify.c">WASD_ROOT:[SRC.HTTPD]PROXYVERIFY.C</a>
for further information.
<tr class="tabr">
<td class="tabd">PROXY=REWORK=<span class="high italic"><string></span>
<td class="tabd">rework the response (see
<a class="link blank" target="_blank" href="../features/#reworkproxyresponse">Rework Proxy Response</a> of
<a class="link blank" target="_blank" href="../features/#0.">WASD Features and Facilities</a>).
<tr class="tabr">
<td class="tabd">PROXY=TUNNEL=REQUEST=<span class="high italic"><string></span>
<td class="tabd">allows the originating end of a WASD tunnel to specify an HTTP request line or
even request header to be provided to the tunnel target end when the connection
is established.
<tr class="tabr">
<td class="tabd">PROXY=UNKNOWN
<td class="tabd">causes the server to propagate all request field provided by the client to the
proxied server (by default WASD only propagates those it recognises).
<tr class="tabr">
<td class="tabd">PROXY=XFORWARDEDFOR=<span class="high italic"><keyword></span>
<td class="tabd">controls generation of a proxy "X-Forwarded-For:" request field. This optional
field (a defacto standard originally from the <span class="high italic">Squid</span> caching package)
contains the name or IP address of the proxied client.
<p> <ul class="list simple list0">
<li class="item">"PROXY=NOXFORWARDEDFOR" disables
<li class="item">"PROXY=XFORWARDEDFOR[=ENABLED]" enables
<li class="item">"PROXY=XFORWARDEDFOR=ADDRESS" field contains client host address
<li class="item">"PROXY=XFORWARDEDFOR=UNKNOWN" field contains <span class="high italic">unknown</span> for the client
host name
</ul>
</table>
<li class="item"> <span class="high bold">PUT=<span class="high italic"><parameter></span> – </span>
Per-path control over HTTP POST or PUT request body.
<table class="tabl">
<tr class="tabr under">
<th class="tabh">Rule
<th class="tabh">Description
<tr class="tabr">
<tr class="tabr">
<td class="tabd">PUT=MAX=<span class="high italic"><integer> | *</span>
<td class="tabd">Maximum number of kilobytes allowed for a request body, if "*" then
effectively unlimited (per-path equivalent of the global directive
[PutMaxKbytes]).
<tr class="tabr">
<td class="tabd">PUT=RFM=<span class="high italic">FIX512|STM|STMCR|STMLF|UDF</span>
<td class="tabd">When a request body is uploaded into the file-system and the content-type is
not text this determines the file record format. The precedence for determining
the created file record format is [AddType] RFM:, then any per-path PUT=RFM=
mapping rule, then [PutBinaryRFM], then the default of UDF.
</table>
<li class="item"> <span class="high bold">[NO]PROFILE – </span>
When using the server /PROFILE qualifier allow or disallow the authentication
profile when assessing access for a specific path. Must be used in conjunction
with an equivalent authorisation rule (WASD_CONFIG_AUTH) flagging the profile
use against an equivalent path (see
<a class="link blank" target="_blank" href="../features/#sysuafsecurityprofile">SYSUAF Security Profile</a> of
<a class="link blank" target="_blank" href="../features/#0.">WASD Features and Facilities</a>).
<li class="item"> <span class="high bold">REGEX=<span class="high italic"><keyword></span> – </span>
The default regular expression syntax is POSIX EGREP but can be specified on a
per-path basis using one of the following keywords; AWK, ED, EGREP, GREP,
POSIX_AWK, POSIX_BASIC, POSIX_EGREP, POSIX_EXTENDED, POSIX_MINIMAL_BASIC,
POSIX_MINIMAL_EXTENDED, SED. When changed from the default <span class="high italic">enabled</span> (WASD)
case-insensitivity is lost. Reset expression syntax to global default using
<span class="high italic">regex=default</span>. <span class="high bold">Note</span> that SETing the regular expression syntax in this
way adds overhead as each expression then needs to be regex-compiled with each
match.
<li class="item"> <span class="high bold">REPORT=<span class="high italic"><parameter></span> – </span>
This setting allows error and other server-generated reports for any specified
path to changed between <span class="high italic">detailed</span> and <span class="high italic">basic</span>
(<a class="link" href="config002.html#2.10.1.basicanddetailed">2.10.1 Basic and Detailed</a>).
<table class="tabl">
<tr class="tabr under">
<th class="tabh">Rule
<th class="tabh">Description
<tr class="tabr">
<tr class="tabr">
<td class="tabd">REPORT=BASIC
<td class="tabd">include less detail in error message
<tr class="tabr">
<td class="tabd">REPORT=DETAILED
<td class="tabd">includes more detail
<tr class="tabr">
<td class="tabd">REPORT=TUNNEL
<td class="tabd">brief, non-HTML error messages suitable for proxy tunnel
<tr class="tabr">
<td class="tabd">REPORT=4<span class="high italic"><nn></span>=<span class="high italic"><nnn></span>
<td class="tabd">maps one 400 class HTTP
status to another (to conceal the true origins of some error messages)
</table>
<li class="item"> <span class="high bold">RMSCHAR=<span class="high italic"><character></span> – </span>
This setting applies to ODS-2 paths (the default) only. Paths SET as ODS-5 do
not have this applied. During rule mapping of a path to a VMS file
specification, if an RMS-invalid character (e.g. "+") or syntax (e.g. multiple
periods) is encountered a dollar symbol is substituted in an attempt to make
it acceptable. This setting provides an alternate substitution character. Any
general RMS-valid character may be specified (e.g. alpha-numeric, '$', '-' or
'_', although the latter three are probably the only REAL choices). A single
character is required as in the following example, "RMSchar=_".
<li class="item">
<span class="high bold">RESPONSE=<span class="high italic"><parameter></span> –</span> Provides control of the response header and/or content.
<table class="tabl">
<tr class="tabr under">
<th class="tabh">Rule
<th class="tabh">Description
<tr class="tabr">
<tr class="tabr">
<td class="tabd">RESPONSE=CSP=<span class="high italic"><parameter></span> <br>
RESPONSE=CSPRO=<span class="high italic"><parameter></span>
<td class="tabd">see <a class="link" href="config003.html#3.10.contentsecuritypolicycsp">3.10 Content Security Policy (CSP)</a>
<tr class="tabr">
<td class="tabd">
<tr class="tabr">
<td class="tabd">RESPONSE=GZIP=<span class="high italic"><keyword></span>
<td class="tabd">controls generation of GZIPed response bodies (<a class="link" href="config002.html#2.4.gzipencoding">2.4 GZIP Encoding</a>)
<p> <ul class="list simple list0">
<li class="item"> "ALL" suitable responses
<li class="item"> "NONE" of the responses
<li class="item"> "<span class="high italic">integer</span>" kilobytes, responses known to be this size or greater
</ul>
<tr class="tabr">
<td class="tabd"><span class="high nowrap">RESPONSE=HEADER=<span class="high italic"><parameter></span></span>
<td class="tabd">changes the way in which a response header is generated by the server.
<table class="tabl">
<tr class="tabr under">
<th class="tabh">Rule
<th class="tabh">Description
<tr class="tabr">
<tr class="tabr">
<td class="tabd">RESPONSE=HEADER=BEGIN
<td class="tabd">suppresses the response header terminating
empty line so that the file or other resource can supply additional header
fields. It, of course, must supply the header-terminating empty line before
beginning to supply the response body.
<tr class="tabr">
<td class="tabd">RESPONSE=HEADER=FULL
<td class="tabd">reverts to normal response header generation
behaviour.
<tr class="tabr">
<td class="tabd">RESPONSE=HEADER=NONE
<td class="tabd">suppresses the normal response header
generation. It is considered the file or other resource contains and will
supply the full HTTP response (in a non-parse-header script fashion).
<tr class="tabr">
<td class="tabd">RESPONSE=HEADER=ADD=<span class="high italic"><string></span>
<td class="tabd">appends the specified string to the response header. Of course the string
should be a legitimate HTTP response field and value line. This mapping can be
used to add a particular response directive to matching requests.
</table>
<tr class="tabr">
<td class="tabd">RESPONSE=VAR=<span class="high italic"><parameter></span>
<td class="tabd">where a response is being provided from a variable-length record file each
record should be terminated as follows.
<table class="tabl">
<tr class="tabr under">
<th class="tabh">Rule
<th class="tabh">Description
<tr class="tabr">
<tr class="tabr">
<td class="tabd">RESPONSE=VAR=ASIS
<td class="tabd">return records exactly as they are on-disk
<tr class="tabr">
<td class="tabd">
<td class="tabd">(i.e. prefixed by the record length word)
<tr class="tabr">
<td class="tabd">RESPONSE=VAR=CRLF
<td class="tabd">carriage-return+line-feed (0x0D then 0x0A)
<tr class="tabr">
<td class="tabd">RESPONSE=VAR=LF
<td class="tabd">line-feed (0x0A) character (default)
<tr class="tabr">
<td class="tabd">RESPONSE=VAR=NONE
<td class="tabd">nothing should be appended to the record
</table>
</table>
<li class="item"> <span class="high bold">SCRIPT=<span class="high italic"><parameter></span> – </span>
Provides controls over various aspects of the scripting environment.
<p> For scripting detail see the
<a class="link blank" target="_blank" href="../scripting/#0.">WASD Scripting Environment</a>
document.
<table class="tabl">
<tr class="tabr under">
<th class="tabh">Rule
<th class="tabh">Description
<tr class="tabr">
<tr class="tabr">
<td class="tabd">SCRIPT=AS=<span class="high italic"><parameter></span>
<td class="tabd">for non-server account scripting this rule allows the user account to be either
explicitly specified or substituted through the use of the tilde character "~"
or the dollar "$".
<tr class="tabr">
<td class="tabd">SCRIPT=BIT-BUCKET=<span class="high italic"><hh:mm:ss></span>
<td class="tabd">specifies the period for which a script continues to execute if the client
disconnects. Overrides the WASD_CONFIG_GLOBAL [DclBitBucketTimeout]
configuration directive.
<tr class="tabr">
<td class="tabd">[NO]SCRIPT=BODY=DECODE
<td class="tabd">instructs the server to decode (un-chunk and/or un-GZIP) an encoded request
body before transfering it to the script. The script must be aware of this and
change its processing accordingly. See <a class="link" href="config002.html#2.4.gzipencoding">2.4 GZIP Encoding</a>.
<tr class="tabr">
<td class="tabd">SCRIPT=CONTROL=<span class="high italic"><string></span>
<td class="tabd">Supply the specified
string to the CGI processor as if the a script had provided it using a
"Script-Control:" response header field.
<tr class="tabr">
<td class="tabd">SCRIPT=COMMAND=<span class="high italic"><string></span>
<td class="tabd">allows additional parameters and qualifiers to be passed to the script
activation command line. First parameter must be an asterisk to use the server
resolved script command. If the first parameter is not an asterisk it
substitutes for the script activation verb. Subsequent parameters must be as
they would be used on the command line. The following setting
<div class="blockof code">set /cgi-bin/example* script=command="* /ONE /TWO=THREE FOUR"
</div>
would result in the hypothetical script being command-line activated
<div class="blockof code">$ EXAMPLE /ONE /TWO=THREE FOUR
</div>
<tr class="tabr">
<td class="tabd">SCRIPT=CPU=<span class="high italic"><hh:mm:ss></span>
<td class="tabd">specifies that the server should not allow the script to use more than the
specified quantity of CPU time. This is approximate, due to the way the server
administers scripting. It can serve to prevent scripts from consuming
indefinite quantities of system resources.
<tr class="tabr">
<td class="tabd">SCRIPT=DEFAULT=<span class="high italic"><string></span>
<td class="tabd">sets the default directory for the script environment (a SET DEFAULT
immediately prior to script activation). This can be suppressed (for backward
compatibility purposes) using a "#" as the target directory. This string is
reflected in CGI variable SCRIPT_DEFAULT so that CGIplus script and RTE engines
can be informed of this setting for a particular script's environment. Unix
syntax paths may also be specified. If the default begins with a "/" character
the SET DEFAULT is not performed but the SCRIPT_DEFAULT variable is set
appropriately allowing the equivalent of a <span class="high italic">chdir()</span> to be performed by the
scripting environment.
<tr class="tabr">
<td class="tabd">[NO]SCRIPT=FIND
<td class="tabd">by default the server always confirms the existance and accessability of a
script file by searching for it before attempting to activate it. If it does
not exist it reports an error. It may be possible a Run-Time Environment (RTE)
may require to access its own script file via a mechanism available only to
itself. The server script search may be disabled by SETing the path as
<span class="high italic">nofind</span>, for example "script=nofind". The script path and filename is
directly passed to the RTE for it to process and activate.
<tr class="tabr">
<td class="tabd">SCRIPT=LIFETIME=<span class="high italic"><hh:mm:ss></span>
<td class="tabd">provides a per-path (and hence per-script) value for a script process
<span class="high italic">zombie</span> (idle scripting process) or idle CGIplus and RTE process lifetime.
This per-path SETing overrides the respective [DclZombieLifeTime] and
[DclCGIplusLifeTime] global directives.
<tr class="tabr">
<td class="tabd">SCRIPT=PARAM=<span class="high italic"><name=value></span>
<td class="tabd">allows non-CGI environment variables to be associated with a particular script
path. The name component becomes a variable containing the specified value
passed to the script. Multiple, comma-separated <span class="high italic">name=value</span> pairs may be
specified. The value may be quoted. The following path setting
<div class="blockof code">set /cgi-bin/example*
script=params=(first=one,second="Two (and Three)")
</div>
would result in additional CGI variables available to the script
<div class="blockof code">WWW_FIRST == "one"
WWW_SECOND == "Two (and Three)"
</div>
<p> Multiple <span class="high italic">script=params</span> set against the one request override
previous settings unless the parameters are specified with a leading plus
symbol, as in
<div class="blockof code">set /cgi-bin/example* script=params=+(third=three,fourth="number 4")
</div>
<tr class="tabr">
<td class="tabd">[NO]SCRIPT=PATH=FIND
<td class="tabd">directs the server to check for and report if the file specified in the path
does not exist before activating the script process. Normally this would be
left up to the script.
<tr class="tabr">
<td class="tabd">[NO]SCRIPT=QUERY=NONE
<td class="tabd">saves a small amount of overhead by suppressing the decomposition of any query
string into key or form fields for those environments that do this for
themselves.
<tr class="tabr">
<td class="tabd">[NO]SCRIPT=QUERY=RELAXED
<td class="tabd">normally when the CGI variables are being prepared for a script and the query
string is parsed an error is reported if it uses <span class="high italic">x-www-form-urlencoded</span>
format and the encoding contains an error. However some scripts use non-strict
encodings and this rule allows those scripts to receive the query strings
without the server complaining first.
<tr class="tabr">
<td class="tabd">[NO]SCRIPT=SYNTAX=UNIX
<td class="tabd">provides the SCRIPT_FILENAME and PATH_TRANSLATED CGI variables in Unix
file-system syntax rather than VMS file-system syntax (i.e.
/DEVICE/dir1/dir2/file.type rather than DEVICE:[DIR1.DIR2]FILE.TYPE).
<tr class="tabr">
<td class="tabd">[NO]SCRIPT=SYMBOL=TRUNCATE
<td class="tabd">allows otherwise aborted script processing to continue. Script CGI variables
are provided using DCL symbols. With VMS V7.3-2 and later symbol capacity is
in excess of 8000 characters. For VMS V7.3-1 and earlier it has a limit of
around 1000 characters. If a symbol is too large the server by default aborts
the request generating a 500 HTTP status. If the above mapping is made
(against the script path) excessive symbol values are truncated and such symbol
names placed into a special CGI variable named SERVER_TRUNCATE.
</table>
<li class="item"> <span class="high bold">[NO]SEARCH=NONE – </span>
Do not activate the automatic document search script for any query strings
associated with this path.
<li class="item"> <span class="high bold">SERVICE=<span class="high italic"><string></span> </span>
When mapping is concluded move the request to this virtual service or to the
first virtual service matching a wildcarded specification.
<li class="item"> <span class="high bold">SSI=<span class="high italic"><parameter></span> </span>
Controls aspects of Server-Side Include engine behaviour.
<table class="tabl">
<tr class="tabr under">
<th class="tabh">Rule
<th class="tabh">Description
<tr class="tabr">
<tr class="tabr">
<td class="tabd">[NO]SSI=PRIV
<td class="tabd">SSI documents cannot contain privileged directives (e.g. <--#exec
... -->) unless owned by SYSTEM ([1,4]) or are in path set as allowing these
directives. Use SSI=priv to enable this, NOSSI=priv to disable.
<span class="high bold">Caution:</span> these SSI directives are quite powerful, use great
care when allowing any particular document author or authors to use them.
<tr class="tabr">
<td class="tabd">SSI=EXEC=<span class="high italic"><string></span>
<td class="tabd">where <string> is a comma-separated list of the #dcl parameters
permitted for the path allows fine-grained control of what capabilities are
enabled. The parameter "#" enables SSI on a per-path basis.
<div class="blockof code">ssi=exec=say,show
ssi=exec=#
</div>
</table>
<li class="item"> <span class="high bold">SSLCGI=<span class="high italic"><keyword></span> – </span>
Enables and sets the type of CGI variables used to represent a Secure
Sockets Layer (SSL) CGI variables.
<p> When enabling these variables it is advised to increase the WASD_CONFIG_GLOBAL
[BufferSizeDclCommand] and [BufferSizeCgiPlusIn] directives by approximately
2048.
<table class="tabl">
<tr class="tabr under">
<th class="tabh">Rule
<th class="tabh">Description
<tr class="tabr">
<tr class="tabr">
<td class="tabd">NOSSLCGI
<td class="tabd">disables the facility
<tr class="tabr">
<td class="tabd">SSLCGI=none
<td class="tabd">disables the facility
<tr class="tabr">
<td class="tabd">SSLCGI=Apache_mod_SSL
<td class="tabd">provides Apache mod_ssl style variables
<tr class="tabr">
<td class="tabd">SSLCGI=Apache_mod_SSL_extens
<td class="tabd">provides variables representing X509
V3 extensions from the server certificate
<tr class="tabr">
<td class="tabd">SSLCGI=Apache_mod_SSL_client
<td class="tabd">provides variables representing X509
V3 extensions from the client certificate
<tr class="tabr">
<td class="tabd">SSLCGI=Purveyor
<td class="tabd">provides Purveyor style variables
</table>
<li class="item"> <span class="high bold">[NO]STMLF – </span>
Specify files to be automatically converted to Stream-LF format. The default is
to ignore conversion. STMLF allows selected paths to be converted.
<li class="item"> <span class="high bold">THROTTLE=<span class="high italic"><parameter></span> – </span>
Controls the concurrent number of scripts being processed on the path.
<p> See <a class="link" href="config002.html#2.5.requestthrottling">2.5 Request Throttling</a>.
<table class="tabl">
<tr class="tabr">
<th class="tabh">Rule
<th class="tabh">
<tr class="tabr">
<tr class="tabr">
<td class="tabd">THROTTLE=<span class="high italic">n[/u][,n,n,n,hh:mm:ss,hh:mm:ss]</span>
<td class="tabd">
<tr class="tabr">
<td class="tabd">THROTTLE=FROM=<span class="high italic"><n></span>
<td class="tabd">
<tr class="tabr">
<td class="tabd">THROTTLE=USER=<span class="high italic"><u></span>
<td class="tabd">
<tr class="tabr">
<td class="tabd">THROTTLE=TO=<span class="high italic"><n></span>
<td class="tabd">
<tr class="tabr">
<td class="tabd">THROTTLE=RESUME=<span class="high italic"><n></span>
<td class="tabd">
<tr class="tabr">
<td class="tabd">THROTTLE=BUSY=<span class="high italic"><n></span>
<td class="tabd">
<tr class="tabr">
<td class="tabd">THROTTLE=TIMEOUT=QUEUE=<span class="high italic"><hh:mm:ss></span>
<td class="tabd">
<tr class="tabr">
<td class="tabd">THROTTLE=TIMEOUT=BUSY=<span class="high italic"><hh:mm:ss></span>
<td class="tabd"></table>
<li class="item"> <span class="high bold">TIMEOUT=<span class="high italic"><parameter></span> – </span>
Sets the appropriate timeout period on a per-path basis.
The string "none" can be used to specify <span class="high italic">no timeout</span>.
<p> These parallel the respective configuration timeout periods.
See <a class="link" href="config006.html#6.2.alphabeticlisting">6.2 Alphabetic Listing</a>.
<table class="tabl">
<tr class="tabr under">
<th class="tabh">Rule
<th class="tabh">Description
<tr class="tabr">
<tr class="tabr">
<td class="tabd">TIMEOUT=<span class="high italic"><hh:mm:ss>,
<hh:mm:ss>,<hh:mm:ss></span>
<td class="tabd">Keep-alive, then no-progress, then output timeouts.
<tr class="tabr">
<td class="tabd">TIMEOUT=KEEPALIVE=
<span class="high italic"><hh:mm:ss></span>
<td class="tabd">Keep idle network connections alive for this long.
<tr class="tabr">
<td class="tabd">TIMEOUT=NOPROGRESS=
<span class="high italic"><hh:mm:ss></span>
<td class="tabd">Terminate connection when no data is transferred to the client for this period.
<tr class="tabr">
<td class="tabd">TIMEOUT=OUTPUT=
<span class="high italic"><hh:mm:ss></span>
<td class="tabd">Terminate connection after this period when no response data has been sent.
<tr class="tabr">
<td class="tabd">NOTIMEOUT
<td class="tabd">No timeouts are applied to the request.
</table>
<li class="item"> <span class="high bold">WEBDAV=<span class="high italic"><parameter></span> – </span>
Controls aspects of WebDAV processing or behaviour.
<table class="tabl">
<tr class="tabr under">
<th class="tabh">Rule
<th class="tabh">Description
<tr class="tabr">
<tr class="tabr">
<td class="tabd">WEBDAV=[NO]ALL
<td class="tabd">all requests using WebDAV processing
(even if not WebDAV request)
<tr class="tabr">
<td class="tabd">WEBDAV=[NO]AUTH
<td class="tabd">authorise access using WebDAV rules
(even if not WebDAV request)
<tr class="tabr">
<td class="tabd">WEBDAV=[NO]HIDDEN
<td class="tabd">list (default) or hide U*x <span class="high italic">hidden</span>
files (i.e. those with names beginning with period)
<tr class="tabr">
<td class="tabd">WEBDAV=[NO]LOCK
<td class="tabd">allow/apply WebDAV locking to this path
<tr class="tabr">
<td class="tabd">WEBDAV=[NO]PROFILE
<td class="tabd">WebDAV access according to SYSUAF profile
<tr class="tabr">
<td class="tabd">WEBDAV=[NO]PROP
<td class="tabd">allow/apply WebDAV 'dead' property(ies) to this path
<tr class="tabr">
<td class="tabd">WEBDAV=[NO]PUT=LOCK
<td class="tabd">a resource must be locked before a PUT is allowed
<tr class="tabr">
<td class="tabd">WEBDAV=[NO]READ
<td class="tabd">WebDAV methods allowed read this tree
<tr class="tabr">
<td class="tabd">WEBDAV=[NO]SERVER
<td class="tabd">WebDAV access as server account (best effort)
<tr class="tabr">
<td class="tabd">WEBDAV=[NO]WINPROP
<td class="tabd">when NOWINPROP windows properties are ignored and emulated
<tr class="tabr">
<td class="tabd">WEBDAV=[NO]WRITE
<td class="tabd">WebDAV methods allowed write to this path (implied read)
<tr class="tabr">
<td class="tabd">WEBDAV=LOCK=TIMEOUT=DEFAULT=
<td class="tabd">hh:mm:ss
<tr class="tabr">
<td class="tabd">WEBDAV=LOCK=TIMEOUT=MAX=
<td class="tabd">hh:mm:ss
<tr class="tabr">
<td class="tabd">WEBDAV=META=DIR=
<td class="tabd">per-path equivalent of global [WebDAVmetaDir]
</table>
<li class="item"> <span class="high bold">WEBSOCKET=<span class="high italic"><parameter></span> – </span>
Controls aspects of WebSocket processing or behaviour.
<table class="tabl">
<tr class="tabr under">
<th class="tabh">Rule
<th class="tabh">Description
<tr class="tabr">
<tr class="tabr">
<td class="tabd">WEBSOCKET=INPUT=<span class="high italic">integer</span>
<td class="tabd">Specifies the size of the WEBSOCKET_INPUT mailbox buffer; in bytes.
<tr class="tabr">
<td class="tabd">WEBSOCKET=OUTPUT=<span class="high italic">integer</span>
<td class="tabd">Specifies the size of the WEBSOCKET_OUTPUT mailbox buffer; in bytes.
</table>
</ul>
<p> Of course, as with all mapping rules, paths containing file types
(extensions) may be specified so it is quite easy to apply settings to
particular groups of files. Multiple settings may be made against the one
path, merely separate set directives from each other with white-space. If a
setting string is required to contain white-space enclose the string with
single or double quotes, or curly brackets. The following example gives a
small selection of potential uses.
<div class="blockof code"># examples of SET rule usage
# --------------------------
# disable caching for selected paths
set /wasd_root/src/* NOcache
set /sys$common/* NOcache
# enable stream-LF conversion in selected directory trees
set /web/* stmlf
set /wasd_root/* stmlf
# respond with Cyrillic character set(s) from relevant directories
set /*/8859-5/* charset=ISO-8859-5
set /*/koi8-r/* charset=KOI8-R
# the Sun Java tutorial when UNZIPped contains underscores for invalid characters
set /vms/java/tutorial/* RMSchar=_
# if a request has "/plain-text/" in its path then ALWAYS return as plain-text!
set /*/plain-text/* content=text/plain
map /*/plain-text/* /*/*
# same for "/binary/"
set /*/binary/* content=text/plain
map /*/binary/* /*/*
# indicate extended file specifications on this path
set /Documents/* ODS=5
pass /Documents/* /ods5_device/Documents/*
# throttle this script's execution, 5 executing, unlimited waiting
set /cgi-bin/big_script* throttle=5
# disable server script search for this RTE
set /onerte/* script=nofind
exec /onerte/* (CGI-BIN:[000000]ONERTE.EXE)/wasd_root/src/one/*
</div>
<a id="10.5.5.0.1" href="#"></a>
<a id="10.5.5.postfixsetrule" href="#"></a>
<a id="postfixsetrule" href="#"></a>
<h5 class="head"><span class="text">Postfix SET Rule</span></h5>
<p> Path SETings may appended to any rule that contains both a template and
result. This makes it possible to apply path SETings using matching final
rules. For example a matching PASS rule does not require a separate, preceding
SET rule containing the same path to also apply required SETings. This is more
efficient (requiring less pattern matching) and tends to make the rule set less
cluttered.
<div class="blockof code"># examples of postfix SET rule usage
# ----------------------------------
# if a request has "/plain-text/" in its path then ALWAYS return as plain-text!
map /*/plain-text/* /*/* content=text/plain
# same for "/binary/"
map /*/binary/* /*/* content=text/plain
# indicate extended file specifications on this path
pass /Documents/* /ods5_device/Documents/* ODS=5
# throttle this script's execution, 5 executing, unlimited waiting
script /big_script* /cgi-bin/big_script* throttle=5
</div>
<a id="10.6" href="#"></a>
<a id="10.6.reversemapping" href="#"></a>
<a id="reversemapping" href="#"></a>
<h2 class="head"><span class="numb">10.6</span><span class="text">Reverse Mapping</span></h2>
<p> Path mapping is required to get from web-space into file-space, and that
mapping is not <span class="high italic">necessarily</span> one-to-one. That is, /web/doc/ may not be
WEB:[DOC] but for example, DKA0:[WEB.DOC] so that mapping would be
<div class="blockof code">pass /web/* /dka0/web/*
</div>
<p> Mapping paths in reverse is needed to get something like
DKA0:[WEB.DOC]THIS.TXT (that may come from a $SEARCH result) back into the
web-space of /web/doc/this.txt. So WASD needs paths that may be mapped using
the <span class="high italic">result</span> back to the <span class="high italic">template</span>. In simple mappings the one rule can
serve both purposes. In some situations explicit, extra rules are needed.
<p> The above example is trivial, and if WASD needs to turn something like
DKA0:[DOC]THIS.TXT into a web-space representation (URI) it makes the
file-space specification into URI syntax (i.e. /dka0/web/doc/this.txt) and then
scans the rules comparing that to <span class="high italic">result</span> strings in the MAP rules. When
one matches, the <span class="high italic">template</span> component is used to generate a web-space
representation - the reverse of what was done when the request was initially
being processed.
<p> The non-trivial example is often associated with concealed, search-list
devices. For example, the somewhat contrived
<div class="blockof code">$ DEFINE /SYSTEM /TRANSLATION=CONCEALED WEB DKA100:[WEB1.],DKA200:[WEB2.]
</div>
with which the mapping from web- to file-space can be
<div class="blockof code">pass /web/* /web/*
</div>
using the logical device, and quite naturally maps into file-space. WASD's
file-system actions are complex and low-level, often needing to access to the
underlying device (and so tend to $PARSE NOCONCEAL). Results from the above
mapping can come back DKA100:[WEB1]THIS.TXT and DKA200:[WEB2]THAT.TXT and so
the above mapping can't be used to get back into web-space because there is no
<span class="high italic">template</span> with a matchable rule.
<p> In such a case there is a need to add explicit reverse-mapping rules (often
immediately following the forward mapping rule for convenience of grouping, but
rules are also a little position sensitive so some skill is required) for the
purpose of getting the underlying file specifications into a form for web
consumption. In the above scenario an example would be
<div class="blockof code">pass /web/* /web/*
pass /web/* /dka100/web1/*
pass /web/* /dka200/web2/*
</div>
where the latter two are never hit during forward mapping (because the first
rule will always map a request URI beginning /web/...) but will be hit during
reverse-mapping. If a reverse mapping exhausts the rules before finding a
match the NO:[REVERSE.MAPPING.FOR.THIS]FILE.PATH! mapping is explicitly
generated.
<p> It is not always straight-forward and sometimes a decision is necessary
about how the web-space is to be presented to the clients. For instance, while
you easily can have multiple web-space views of the one file-space area, it is
less straight-forward to have multiple web-space reverse mappings of the one
file-space (as normally only the first matching rule will ever be
reverse-mapped).
<a id="10.7" href="#"></a>
<a id="10.7.mappingexamples" href="#"></a>
<a id="mappingexamples" href="#"></a>
<h2 class="head"><span class="numb">10.7</span><span class="text">Mapping Examples</span></h2>
<p> The example
<a class="link blank" target="_blank" href="/wasd_root/example/wasd_config_map.conf">mapping rule file</a> for the WASD
HTTP server can be viewed.
<a id="10.7.0.0.1" href="#"></a>
<a id="10.7.exampleofmaprule" href="#"></a>
<a id="exampleofmaprule" href="#"></a>
<h5 class="head"><span class="text">Example of <span class="high bold">Map</span> Rule</span></h5>
<p> The <span class="high italic">result</span> string of these rules may or may not correspond to to a VMS
physical file system path. Either way the resulting rule is further processed
before passing or failing.
<ol class="list">
<li class="item"> The following example shows a path "/web/unix/shells/c" being mapped to
"/web/software/unix/scripts/c", with this being used to process further rules.
<div class="blockof code">map /web/unix/* /web/software/unix/*
</div>
</ol>
<a id="10.7.0.0.2" href="#"></a>
<a id="10.7.examplesofpassrule" href="#"></a>
<a id="examplesofpassrule" href="#"></a>
<h5 class="head"><span class="text">Examples of <span class="high bold">Pass</span> Rule</span></h5>
<ol class="list">
<li class="item"> This example shows a path "/web/rts/home.html" being mapped to
"/user$rts/web/home.html", and this returned as the mapped path.
<div class="blockof code">pass /web/rts/* /user$rts/web/*
</div>
<li class="item"> This maps a path "/icon/bhts/dir.gif" to "/web/icon/bhts/dir.gif", and
this returned as the mapped path.
<div class="blockof code">pass /icon/bhts/* /web/icon/bhts/*
</div>
<li class="item"> This example illustrates HTTP status code mapping. Each of these does
basically the same thing, just using one of the three possible delimiters
according to the characters required in the message. The server generates a 403
response with has as its text the following message. (Also see the conditional
mapping examples.)
<div class="blockof code">pass /private/* "403 Can't go in there!"
pass /private/* '403 "/private/" is off-limits!'
pass /private/* {403 Can't go into "/private/"}
</div>
</ol>
<a id="10.7.0.0.3" href="#"></a>
<a id="10.7.examplesoffailrule" href="#"></a>
<a id="examplesoffailrule" href="#"></a>
<h5 class="head"><span class="text">Examples of <span class="high bold">Fail</span> Rule</span></h5>
<ol class="list">
<li class="item"> If a URL path "/web/private/home.html" is being mapped the path
would immediately be failed.
<div class="blockof code">fail /web/private/*
</div>
<li class="item"> To ensure all access fails, other than that explicitly passed, this entry
should be included the the rules.
<div class="blockof code">fail /*
</div>
</ol>
<a id="10.7.0.0.4" href="#"></a>
<a id="10.7.examplesofexecandscriptrules" href="#"></a>
<a id="examplesofexecandscriptrules" href="#"></a>
<h5 class="head"><span class="text">Examples of <span class="high bold">Exec</span> and <span class="high bold">Script</span> Rules</span></h5>
<ol class="list">
<li class="item"> If a URL path "/htbin/ismap/web/example.conf" is being mapped the
"/wasd_root/script/" must be the URL format equivalent of the physical
VMS specification for the directory locating the script DCL procedure. The
"/web/example.conf" that followed the "/htbin/ismap" in the
original URL becomes the translated path for the script.
<div class="blockof code">exec /cgi-bin/* /cgi-bin/*
</div>
<li class="item"> If a URL path "/pl-bin/example/this/directory/and-file.txt" is being
mapped the script name and filename become "/pl-bin/example" and
"WASD_ROOT:[SRC.PERL]EXAMPLE.PL" respectively, the path information and
translated become "/this/directory/and-file.txt" and
"THIS:[DIRECTORY]AND-FILE.TXT", and the interpreter (run-time environment)
activated to interpret the script is CGI-BIN:[000000]PERLRTE.EXE.
<div class="blockof code">exec /pl-bin/* (cgi-bin:[000000]perlrte.exe)/wasd_root/src/perl/*
</div>
<li class="item"> If a URL path "/conan/web/example.hlb" is being mapped the
"/wasd_root/script/conan" must be the URL format equivalent of the physical
VMS specification for the DCL procedure. The "/web/example.hlb" that followed
the "/conan/" in the original URL becomes the translated path for the script.
<div class="blockof code">script /conan* /wasd_root/script/conan*
</div>
</ol>
<a id="10.7.0.0.5" href="#"></a>
<a id="10.7.examplesofredirectrule" href="#"></a>
<a id="examplesofredirectrule" href="#"></a>
<h5 class="head"><span class="text">Examples of <span class="high bold">Redirect</span> Rule</span></h5>
<ol class="list">
<li class="item"> If a URL path "/AnotherGroup/this/that/other.html" is being mapped the
URL would be redirected to "http://host/this/that/other.html"
<div class="blockof code">redirect /AnotherGroup/* http://host/group/*
</div>
<li class="item"> If a cleartext service (http://) is deprecated and all requests to it
should instead be redirected to a secure service (https://)
<div class="blockof code">[[the.host.name:80]]
redirect /* https:///*?
</div>
<p> And to a non-standard port number
<div class="blockof code">[[the.host.name:80]]
redirect /* https://:4443/*?
</div>
</ol>
<a id="10.8" href="#"></a>
<a id="10.8.virtualservers" href="#"></a>
<a id="virtualservers" href="#"></a>
<h2 class="head"><span class="numb">10.8</span><span class="text">Virtual Servers</span></h2>
<p> As described in <a class="link" href="config002.html#2.3.virtualservices">2.3 Virtual Services</a>, virtual service syntax may be used
with mapping rules to selectively apply rules to one specific service. This
example provides the essentials of using this syntax. Note that
service-specific and service-common rules may be mixed in any order allowing
common mappings (e.g. for scripting) to be shared.
<div class="blockof code"># a mapping rule example of virtual servers
[[alpha.domain.name:80]]
# ALPHA is the only service allowing access to VMS help directory
pass /sys$common/syshlp/*
[[beta.domain.name:80]]
# good stuff is only available from BETA
pass /good-stuff/*
# BETA has its own error report format, the others share one
pass /errorreport /httpd/-/errorreportalpha.shtml
[[gamma.domain.name:80]]
# gamma responds with documents using the Cyrillic character set
set /* charset=ISO-8859-5
[[*]]
# common file and script mappings
exec /cgi-bin/* /cgi-bin/*
exec+ /cgiplus-bin/* /cgi-bin/*
script+ /help/* /cgiplus-bin/conan/*
pass /errorreport /httpd/-/errorreport.shtml
# now the base directories for all documents
[[alpha.domain.name:80]]
/* /web/alpha/*
[[beta.domain.name:80]]
/* /web/beta/*
[[gamma.domain.name:80]]
/* /web/gamma/*
[[*]]
# catch-all rule (just in case :-)
pass /* /web/*
</div>
<p> The Server Administration page WATCH report provides the capability to view
the rule databse as well as rule mapping during actual request processing,
using the WATCH facility.
<a id="10.9" href="#"></a>
<a id="10.9.conditionalmapping" href="#"></a>
<a id="conditionalmapping" href="#"></a>
<h2 class="head"><span class="numb">10.9</span><span class="text">Conditional Mapping</span></h2>
<div class="note">
<a id="10.9.0.0.1" href="#"></a>
<a id="10.9.deprecatedanddiscouraged" href="#"></a>
<a id="deprecatedanddiscouraged" href="#"></a>
<h5 class="head center"><span class="text">Deprecated and Discouraged</span></h5>
<hr class="note_hr">
See <a class="link" href="config005.html#5.conditionalconfiguration">5. Conditional Configuration</a> for current funtionality.
<p> As this has been deprecated for some years now the documentation for this
functionality has been removed.
<p> For backward-reference see the "WASD Hypertext Services - Technical
Overview" document for release v9.3 or earlier.
<hr class="note_hr">
</div>
<a id="10.9.0.0.1.1" href="#"></a>
<a id="10.9.mappinguserdirectories" href="#"></a>
<a id="mappinguserdirectories" href="#"></a>
<h6 class="head display0"><span class="text">Mapping User Directories</span></h6>
<a id="10.10" href="#"></a>
<a id="10.10.mappinguserdirectoriestildecharacterquotquot" href="#"></a>
<a id="mappinguserdirectoriestildecharacterquotquot" href="#"></a>
<h2 class="head"><span class="numb">10.10</span><span class="text">Mapping User Directories (<span class="high italic">tilde</span> character ("~"))</span></h2>
<p> The convention for specifying user web areas is "/~username/". The basic
idea is that the user's web-available file-space is mapped into the request in
place of the tilde and username.
<a id="10.10.1" href="#"></a>
<a id="10.10.1.usingthesysuaf" href="#"></a>
<a id="usingthesysuaf" href="#"></a>
<h3 class="head"><span class="numb">10.10.1</span><span class="text">Using The SYSUAF</span></h3>
<p> The USER rule maps a VMS user account default device and directory (i.e.
<span class="high italic">home</span> directory) into a request path (<a class="link" href="config010.html#10.5.3.userrule">10.5.3 USER Rule</a>). That is, the base
location for the request is obtained from the VMS systems SYSUAF file. A
user's home directory information is cached, to reduce load on the
authorization databases. As this information is usually quite static there is
no timeout period on such information (although it may be flushed to make room
for other user's). Cache contents is include in the Mapping Rules Report and
is implicitly flushed when the server's rules are reloaded.
<p> The following is a typical usage of the rule.
<div class="blockof code">USER /~*/* /*/www/*
</div>
<p> Note the "/www" subdirectory component. It is <span class="high bold">stongly recommended</span> that
users never be mapped into their top-level, but into a web-specific
subdirectory. This effectively "sandboxes" Web access to that subdirectory
hierarchy, allowing the user privacy elsewhere in the home area.
<p> To accomodate request user paths that do not incorporate a trailing
delimiter after the username the following redirect may be used to cause the
browser to re-request with a more appropriate path (make sure it follows the
USER rule).
<div class="blockof code">REDIRECT /~* ///~*/
</div>
<p> WASD also "reverse maps" VMS specifications into paths and so requires
additional rules to provide these mappings. (Reverse mapping is required
during directory listings and error reporting.) For the continuing example the
following rules would be required (and in the stated order).
<div class="blockof code">USER /~*/* /*/www/*
REDIRECT /~* ///~*/
PASS /~*/* /user$disk/*/www/*
</div>
<p> Where user home directories are spread over multiple devices (physical or
concealed logical) a reverse-mapping rule would be required for each. Consider
the following situation, where user directories are distributed across these
devices (concealed logicals)
<div class="blockof code">USER$GROUP1:
USER$GROUP2:
USER$GROUP2:
USER$OTHER:
</div>
<p> This would require the following mapping rules (in the stated order).
<div class="blockof code">USER /~*/* /*/www/
PASS /~*/* /user$group1/*/www/*
PASS /~*/* /user$group2/*/www/*
PASS /~*/* /user$group3/*/www/*
PASS /~*/* /user$other/*/www/*
</div>
<p> Accounts with a search list as a default device (e.g. SYS$SYSROOT) present
particular complications in this schema and should be avoided.
<div class="note"><a id="10.10.1.0.0.1" href="#"></a>
<a id="10.10.1.note" href="#"></a>
<a id="note" href="#"></a>
<h5 class="head center"><span class="text">Note</span></h5>
<hr class="note_hr">
Accounts that possess SYSPRV, are CAPTIVE, have been DISUSERED or that have
expired passwords will not be mapped. A "directory not found" error report is
returned. This error was chosen to make it to make more difficult to <span class="high italic">probe</span>
the authorization environment, determining whether accounts exist or not.
<hr class="note_hr">
</div>
<p> Of course vanilla mapping rules may be used to provide for special cases.
For instance, if there is requirement for a particular, privileged account to
have a user mapping that could be provided as in the following (rather
exagerated) example.
<div class="blockof code">PASS /~system/* /sys$common/sysmgr/www/*
USER /~*/* /*/www/
PASS /~*/* /user$disk/*/www/*
</div>
<a id="10.10.1.0.1" href="#"></a>
<a id="10.10.1.useraccountscripting" href="#"></a>
<a id="useraccountscripting" href="#"></a>
<h5 class="head"><span class="text">User Account Scripting</span></h5>
<p> In some situations it may be desirable to allow the average Web user to
experiment with or implement scripts. With WASD 7.1 and later, and VMS V6.2
and later, this is possible. Detached scripting must be enabled, the /PERSONA
startup qualifier used, and appropriate mapping rules in place. If the SET
"script=as=" mapping rule specifies a tilde character then for a user request
the mapped SYSUAF username is substituted.
<p> The following example shows the essentials of setting up a user environment
where access to a subdirectory in the user's home directory, [.WWW] with
script's located in a subdirectory of that, [.WWW.CGI-BIN].
<div class="blockof code">UXEC /~*/cgi-bin/* /*/www/cgi-bin/* script=as=~
USER /~*/* /*/www/*
REDIRECT /~* /~*/
PASS /~*/* /dka0/users/*/*
</div>
<p> For more detailed information see the "Scripting Overview, Introduction".
<a id="10.10.2" href="#"></a>
<a id="10.10.2.withoutusingthesysuaf" href="#"></a>
<a id="withoutusingthesysuaf" href="#"></a>
<h3 class="head"><span class="numb">10.10.2</span><span class="text">Without Using The SYSUAF</span></h3>
<div class="note"><a id="10.10.2.0.0.1" href="#"></a>
<a id="10.10.2.note" href="#"></a>
<a id="note" href="#"></a>
<h5 class="head center"><span class="text">Note</span></h5>
<hr class="note_hr">
See <a class="link" href="config010.html#10.9.mappinguserdirectories">‘Mapping User Directories’ in 10.9 Conditional Mapping</a> for current funtionality.
<p> As this has been deprecated for some years now the documentation for this
functionality has been removed.
<p> For backward-reference see the "WASD Hypertext Services - Technical
Overview" document for release v9.3 or earlier.
<hr class="note_hr">
</div>
<a id="10.11" href="#"></a>
<a id="10.11.crossoriginresourcesharing" href="#"></a>
<a id="crossoriginresourcesharing" href="#"></a>
<h2 class="head"><span class="numb">10.11</span><span class="text">Cross Origin Resource Sharing</span></h2>
<p> Cross-site HTTP requests are HTTP requests for resources from a domain
different to the domain of the resource making the request. For instance, a
resource loaded from domain one (http://domain.example) such as an HTML web
page, makes a request for a resource on domain two (http://domain.foo), such as
an image, using the img element (http://domain.foo/image.jpg). This occurs
very commonly on the web today. Pages load a number of resources in a
cross-site manner, including CSS stylesheets, images and scripts, and other
resources.
<p> Cross-site HTTP requests initiated from within browser-based applications
have been subject to well-known restrictions, for well-understood security
reasons. In particular, this meant that an actively processing web application
could only make HTTP requests to the domain it was loaded from, and not to
other domains. Developers expressed the desire to safely evolve capabilities
to make cross-site requests, for better, safer web applications. The Web
Applications Working Group within the W3C has recommended the new Cross-Origin
Resource Sharing (CORS) mechanism, which provides a way for web servers to
support cross-site access controls, which enable secure cross-site data
transfers.
<a id="10.11.0.0.1" href="#"></a>
<a id="10.11.basicreferences" href="#"></a>
<a id="basicreferences" href="#"></a>
<h5 class="head"><span class="text">Basic References</span></h5>
<p> This section is not a CORS reference, just the WASD implementation.
Readers are referred to more authoritative CORS resources.
<ul class="list simple list0">
<li class="item"> <a class="link blank" target="_blank" href="http://www.w3.org/TR/cors/">http://www.w3.org/TR/cors/</a>
<li class="item"> <a class="link blank" target="_blank" href="http://www.html5rocks.com/en/tutorials/cors/">http://www.html5rocks.com/en/tutorials/cors/</a>
<li class="item"> <a class="link blank" target="_blank" href="http://en.wikipedia.org/wiki/Cross-origin_resource_sharing">http://en.wikipedia.org/wiki/Cross-origin_resource_sharing</a>
<li class="item"> <a class="link blank" target="_blank" href="http://developer.mozilla.org/en-US/docs/HTTP/Access_control_CORS">http://developer.mozilla.org/en-US/docs/HTTP/Access_control_CORS</a>
</ul>
<a id="10.11.0.0.2" href="#"></a>
<a id="10.11.wasdcors" href="#"></a>
<a id="wasdcors" href="#"></a>
<h5 class="head"><span class="text">WASD CORS</span></h5>
<p> WASD supports CORS using mapping rules. This means cross-origin requests
are evaluated prior to accessing any resources or activating any scripts, etc.
If the request has an "Origin: .." header and the path has been <span class="high italic">set
cors=origin=..</span> the server performs preflighted and request checks. If CORS
authorised adds CORS response headers. If not CORS authorised adds nothing.
Some significant understanding of the purpose and operation of CORS is required
to tailor the provision of the required response headers.
<table class="tabl">
<tr class="tabr under">
<th class="tabh">Rule
<th class="tabh">Description
<tr class="tabr">
<tr class="tabr">
<td class="tabd">CORS=AGE=<span class="high italic">integer seconds</span>
<td class="tabd">Access-Control-Max-Age: response header
<tr class="tabr">
<td class="tabd">CORS=CRED=<span class="high italic">true|false</span>
<td class="tabd">Access-Control-Allow-Credentials: response header
<tr class="tabr">
<td class="tabd">CORS=EXPOSE=<span class="high italic">header[,header2,header3]</span>
<td class="tabd">Access-Control-Expose-Headers: response header
<tr class="tabr">
<td class="tabd">CORS=HEADERS=<span class="high italic"></span>
<td class="tabd">Access-Control-Allow-Headers: response header
<tr class="tabr">
<td class="tabd">CORS=METHODS=<span class="high italic">method[,method2,method3]</span>
<td class="tabd">Access-Control-Allow-Methods: response header
<tr class="tabr">
<td class="tabd">CORS=ORIGIN=<span class="high italic">URL</span>
<td class="tabd">Access-Control-Allow-Origin: response header
</table>
<a id="10.11.0.0.3" href="#"></a>
<a id="10.11.wasdcorsexamples" href="#"></a>
<a id="wasdcorsexamples" href="#"></a>
<h5 class="head"><span class="text">WASD CORS Examples</span></h5>
<ol class="list">
<li class="item">
<p> For a request containing
<div class="blockof code">OPTIONS /resources/post-here/ HTTP/1.1
Host: bar.other
…
Origin: http://foo.example
Access-Control-Request-Method: POST
Access-Control-Request-Headers: X-PINGOTHER
</div>
with the mapping rules
<div class="blockof code">SET /resources/post-here/* CORS=origin=* CORS=methods=POST,GET,OPTIONS CORS=headers=X-PINGOTHER CORS=age=3600
</div>
would produce a response
<div class="blockof code">HTTP/1.1 200 OK
…
Content-Length: 0
Connection: Keep-Alive
Content-Type: text/plain
Access-Control-Allow-Origin: http://foo.example
Access-Control-Allow-Methods: POST, GET, OPTIONS
Access-Control-Allow-Headers: X-PINGOTHER
Access-Control-Max-Age: 3600
</div>
<li class="item">
<p> For a request containing
<div class="blockof code">GET /resources/credentials/ HTTP/1.1
Host: bar.other
…
Connection: keep-alive
Referer: http://foo.example/examples/credential.html
Origin: http://foo.example
</div>
with the mapping rules
<div class="blockof code">SET /resources/credentials/* CORS=origin=http://foo.example CORS=credEntials=true
</div>
would produce a response
<div class="blockof code">HTTP/1.1 200 OK
…
Content-Length: 106
Connection: Keep-Alive
Content-Type: text/plain
Access-Control-Allow-Origin: http://foo.example
Access-Control-Allow-Credentials: true
…
</div>
</ol>
<!-- source:1300_AUTHORIZATION.WASDOC -->
<table class="NAVtable NAVprint"><tr>
<td><a href="javascript:window.history.back();">↩︎</a>
<td><a href="config009.html#9.">↖︎</a>
<td><a href="config000.html#0.">↑︎</a>
<td><a href="config011.html#11.">↘︎</a>
<td><a href="javascript:window.history.forward();">↪︎</a>
</table>