INDEX.HTML

[0001]
[0002]
[0003]
[0004]
[0005]
[0006]
[0007]
[0008]
[0009]
[0010]
[0011]
[0012]
[0013]
[0014]
[0015]
[0016]
[0017]
[0018]
[0019]
[0020]
[0021]
[0022]
[0023]
[0024]
[0025]
[0026]
[0027]
[0028]
[0029]
[0030]
[0031]
[0032]
[0033]
[0034]
[0035]
[0036]
[0037]
[0038]
[0039]
[0040]
[0041]
[0042]
[0043]
[0044]
[0045]
[0046]
[0047]
[0048]
[0049]
[0050]
[0051]
[0052]
[0053]
[0054]
[0055]
[0056]
[0057]
[0058]
[0059]
[0060]
[0061]
[0062]
[0063]
[0064]
[0065]
[0066]
[0067]
[0068]
[0069]
[0070]
[0071]
[0072]
[0073]
[0074]
[0075]
[0076]
[0077]
[0078]
[0079]
[0080]
[0081]
[0082]
[0083]
[0084]
[0085]
[0086]
[0087]
[0088]
[0089]
[0090]
[0091]
[0092]
[0093]
[0094]
[0095]
[0096]
[0097]
[0098]
[0099]
[0100]
[0101]
[0102]
[0103]
[0104]
[0105]
[0106]
[0107]
[0108]
[0109]
[0110]
[0111]
[0112]
[0113]
[0114]
[0115]
[0116]
[0117]
[0118]
[0119]
[0120]
[0121]
[0122]
[0123]
[0124]
[0125]
[0126]
[0127]
[0128]
[0129]
[0130]
[0131]
[0132]
[0133]
[0134]
[0135]
[0136]
[0137]
[0138]
[0139]
[0140]
[0141]
[0142]
[0143]
[0144]
[0145]
[0146]
[0147]
[0148]
[0149]
[0150]
[0151]
[0152]
[0153]
[0154]
[0155]
[0156]
[0157]
[0158]
[0159]
[0160]
[0161]
[0162]
[0163]
[0164]
[0165]
[0166]
[0167]
[0168]
[0169]
[0170]
[0171]
[0172]
[0173]
[0174]
[0175]
[0176]
[0177]
[0178]
[0179]
[0180]
[0181]
[0182]
[0183]
[0184]
[0185]
[0186]
[0187]
[0188]
[0189]
[0190]
[0191]
[0192]
[0193]
[0194]
[0195]
[0196]
[0197]
[0198]
[0199]
[0200]
[0201]
[0202]
[0203]
[0204]
[0205]
[0206]
[0207]
[0208]
[0209]
[0210]
[0211]
[0212]
[0213]
[0214]
[0215]
[0216]
[0217]
[0218]
[0219]
[0220]
[0221]
[0222]
[0223]
[0224]
[0225]
[0226]
[0227]
[0228]
[0229]
[0230]
[0231]
[0232]
[0233]
[0234]
[0235]
[0236]
[0237]
[0238]
[0239]
[0240]
[0241]
[0242]
[0243]
[0244]
[0245]
[0246]
[0247]
[0248]
[0249]
[0250]
[0251]
[0252]
[0253]
[0254]
[0255]
[0256]
[0257]
[0258]
[0259]
[0260]
[0261]
[0262]
[0263]
[0264]
[0265]
[0266]
[0267]
[0268]
[0269]
[0270]
[0271]
[0272]
[0273]
[0274]
[0275]
[0276]
[0277]
[0278]
[0279]
[0280]
[0281]
[0282]
[0283]
[0284]
[0285]
[0286]
[0287]
[0288]
[0289]
[0290]
[0291]
[0292]
[0293]
[0294]
[0295]
[0296]
[0297]
[0298]
[0299]
[0300]
[0301]
[0302]
[0303]
[0304]
[0305]
[0306]
[0307]
[0308]
[0309]
[0310]
[0311]
[0312]
[0313]
[0314]
[0315]
[0316]
[0317]
[0318]
[0319]
[0320]
[0321]
[0322]
[0323]
[0324]
[0325]
[0326]
[0327]
[0328]
[0329]
[0330]
[0331]
[0332]
[0333]
[0334]
[0335]
[0336]
[0337]
[0338]
[0339]
[0340]
[0341]
[0342]
[0343]
[0344]
[0345]
[0346]
[0347]
[0348]
[0349]
[0350]
[0351]
[0352]
[0353]
[0354]
[0355]
[0356]
[0357]
[0358]
[0359]
[0360]
[0361]
[0362]
[0363]
[0364]
[0365]
[0366]
[0367]
[0368]
[0369]
[0370]
[0371]
[0372]
[0373]
[0374]
[0375]
[0376]
[0377]
[0378]
[0379]
[0380]
[0381]
[0382]
[0383]
[0384]
[0385]
[0386]
[0387]
[0388]
[0389]
[0390]
[0391]
[0392]
[0393]
[0394]
[0395]
[0396]
[0397]
[0398]
[0399]
[0400]
[0401]
[0402]
[0403]
[0404]
[0405]
[0406]
[0407]
[0408]
[0409]
[0410]
[0411]
[0412]
[0413]
[0414]
[0415]
[0416]
[0417]
[0418]
[0419]
[0420]
[0421]
[0422]
[0423]
[0424]
[0425]
[0426]
[0427]
[0428]
[0429]
[0430]
[0431]
[0432]
[0433]
[0434]
[0435]
[0436]
[0437]
[0438]
[0439]
[0440]
[0441]
[0442]
[0443]
[0444]
[0445]
[0446]
[0447]
[0448]
[0449]
[0450]
[0451]
[0452]
[0453]
[0454]
[0455]
[0456]
[0457]
[0458]
[0459]
[0460]
[0461]
[0462]
[0463]
[0464]
[0465]
[0466]
[0467]
[0468]
[0469]
[0470]
[0471]
[0472]
[0473]
[0474]
[0475]
[0476]
[0477]
[0478]
[0479]
[0480]
[0481]
[0482]
[0483]
[0484]
[0485]
[0486]
[0487]
[0488]
[0489]
[0490]
[0491]
[0492]
[0493]
[0494]
[0495]
[0496]
[0497]
[0498]
[0499]
[0500]
[0501]
[0502]
[0503]
[0504]
[0505]
[0506]
[0507]
[0508]
[0509]
[0510]
[0511]
[0512]
[0513]
[0514]
[0515]
[0516]
[0517]
[0518]
[0519]
[0520]
[0521]
[0522]
[0523]
[0524]
[0525]
[0526]
[0527]
[0528]
[0529]
[0530]
[0531]
[0532]
[0533]
[0534]
[0535]
[0536]
[0537]
[0538]
[0539]
[0540]
[0541]
[0542]
[0543]
[0544]
[0545]
[0546]
[0547]
[0548]
[0549]
[0550]
[0551]
[0552]
[0553]
[0554]
[0555]
[0556]
[0557]
[0558]
[0559]
[0560]
[0561]
[0562]
[0563]
[0564]
[0565]
[0566]
[0567]
[0568]
[0569]
[0570]
[0571]
[0572]
[0573]
[0574]
[0575]
[0576]
[0577]
[0578]
[0579]
[0580]
[0581]
[0582]
[0583]
[0584]
[0585]
[0586]
[0587]
[0588]
[0589]
[0590]
[0591]
[0592]
[0593]
[0594]
[0595]
[0596]
[0597]
[0598]
[0599]
[0600]
[0601]
[0602]
[0603]
[0604]
[0605]
[0606]
[0607]
[0608]
[0609]
[0610]
[0611]
[0612]
[0613]
[0614]
[0615]
[0616]
[0617]
[0618]
[0619]
[0620]
[0621]
[0622]
[0623]
[0624]
[0625]
[0626]
[0627]
[0628]
[0629]
[0630]
[0631]
[0632]
[0633]
[0634]
[0635]
[0636]
[0637]
[0638]
[0639]
[0640]
[0641]
[0642]
[0643]
[0644]
[0645]
[0646]
[0647]
[0648]
[0649]
[0650]
[0651]
[0652]
[0653]
[0654]
[0655]
[0656]
[0657]
[0658]
[0659]
[0660]
[0661]
[0662]
[0663]
[0664]
[0665]
[0666]
[0667]
[0668]
[0669]
[0670]
[0671]
[0672]
[0673]
[0674]
[0675]
[0676]
[0677]
[0678]
[0679]
[0680]
[0681]
[0682]
[0683]
[0684]
[0685]
[0686]
[0687]
[0688]
[0689]
[0690]
[0691]
[0692]
[0693]
[0694]
[0695]
[0696]
[0697]
[0698]
[0699]
[0700]
[0701]
[0702]
[0703]
[0704]
[0705]
[0706]
[0707]
[0708]
[0709]
[0710]
[0711]
[0712]
[0713]
[0714]
[0715]
[0716]
[0717]
[0718]
[0719]
[0720]
[0721]
[0722]
[0723]
[0724]
[0725]
[0726]
[0727]
[0728]
[0729]
[0730]
[0731]
[0732]
[0733]
[0734]
[0735]
[0736]
[0737]
[0738]
[0739]
[0740]
[0741]
[0742]
[0743]
[0744]
[0745]
[0746]
[0747]
[0748]
[0749]
[0750]
[0751]
[0752]
[0753]
[0754]
[0755]
[0756]
[0757]
[0758]
[0759]
[0760]
[0761]
[0762]
[0763]
[0764]
[0765]
[0766]
[0767]
[0768]
[0769]
[0770]
[0771]
[0772]
[0773]
[0774]
[0775]
[0776]
[0777]
[0778]
[0779]
[0780]
[0781]
[0782]
[0783]
[0784]
[0785]
[0786]
[0787]
[0788]
[0789]
[0790]
[0791]
[0792]
[0793]
[0794]
[0795]
[0796]
[0797]
[0798]
[0799]
[0800]
[0801]
[0802]
[0803]
[0804]
[0805]
[0806]
[0807]
[0808]
[0809]
[0810]
[0811]
[0812]
[0813]
[0814]
[0815]
[0816]
[0817]
[0818]
[0819]
[0820]
[0821]
[0822]
[0823]
[0824]
[0825]
[0826]
[0827]
[0828]
[0829]
[0830]
[0831]
[0832]
[0833]
[0834]
[0835]
[0836]
[0837]
[0838]
[0839]
[0840]
[0841]
[0842]
[0843]
[0844]
[0845]
[0846]
[0847]
[0848]
[0849]
[0850]
[0851]
[0852]
[0853]
[0854]
[0855]
[0856]
[0857]
[0858]
[0859]
[0860]
[0861]
[0862]
[0863]
[0864]
[0865]
[0866]
[0867]
[0868]
[0869]
[0870]
[0871]
[0872]
[0873]
[0874]
[0875]
[0876]
[0877]
[0878]
[0879]
[0880]
[0881]
[0882]
[0883]
[0884]
[0885]
[0886]
[0887]
[0888]
[0889]
[0890]
[0891]
[0892]
[0893]
[0894]
[0895]
[0896]
[0897]
[0898]
[0899]
[0900]
[0901]
[0902]
[0903]
[0904]
[0905]
[0906]
[0907]
[0908]
[0909]
[0910]
[0911]
[0912]
[0913]
[0914]
[0915]
[0916]
[0917]
[0918]
[0919]
[0920]
[0921]
[0922]
[0923]
[0924]
[0925]
[0926]
[0927]
[0928]
[0929]
[0930]
[0931]
[0932]
[0933]
[0934]
[0935]
[0936]
[0937]
[0938]
[0939]
[0940]
[0941]
[0942]
[0943]
[0944]
[0945]
[0946]
[0947]
[0948]
[0949]
[0950]
[0951]
[0952]
[0953]
[0954]
[0955]
[0956]
[0957]
[0958]
[0959]
[0960]
[0961]
[0962]
[0963]
[0964]
[0965]
[0966]
[0967]
[0968]
[0969]
[0970]
[0971]
[0972]
[0973]
[0974]
[0975]
[0976]
[0977]
[0978]
[0979]
[0980]
[0981]
[0982]
[0983]
[0984]
[0985]
[0986]
[0987]
[0988]
[0989]
[0990]
[0991]
[0992]
[0993]
[0994]
[0995]
[0996]
[0997]
[0998]
[0999]
[1000]
[1001]
[1002]
[1003]
[1004]
[1005]
[1006]
[1007]
[1008]
[1009]
[1010]
[1011]
[1012]
[1013]
[1014]
[1015]
[1016]
[1017]
[1018]
[1019]
[1020]
[1021]
[1022]
[1023]
[1024]
[1025]
[1026]
[1027]
[1028]
[1029]
[1030]
[1031]
[1032]
[1033]
[1034]
[1035]
[1036]
[1037]
[1038]
[1039]
[1040]
[1041]
[1042]
[1043]
[1044]
[1045]
[1046]
[1047]
[1048]
[1049]
[1050]
[1051]
[1052]
[1053]
[1054]
[1055]
[1056]
[1057]
[1058]
[1059]
[1060]
[1061]
[1062]
[1063]
[1064]
[1065]
[1066]
[1067]
[1068]
[1069]
[1070]
[1071]
[1072]
[1073]
[1074]
[1075]
[1076]
[1077]
[1078]
[1079]
[1080]
[1081]
[1082]
[1083]
[1084]
[1085]
[1086]
[1087]
[1088]
[1089]
[1090]
[1091]
[1092]
[1093]
[1094]
[1095]
[1096]
[1097]
[1098]
[1099]
[1100]
[1101]
[1102]
[1103]
[1104]
[1105]
[1106]
[1107]
[1108]
[1109]
[1110]
[1111]
[1112]
[1113]
[1114]
[1115]
[1116]
[1117]
[1118]
[1119]
[1120]
[1121]
[1122]
[1123]
[1124]
[1125]
[1126]
[1127]
[1128]
[1129]
[1130]
[1131]
[1132]
[1133]
[1134]
[1135]
[1136]
[1137]
[1138]
[1139]
[1140]
[1141]
[1142]
[1143]
[1144]
[1145]
[1146]
[1147]
[1148]
[1149]
[1150]
[1151]
[1152]
[1153]
[1154]
[1155]
[1156]
[1157]
[1158]
[1159]
[1160]
[1161]
[1162]
[1163]
[1164]
[1165]
[1166]
[1167]
[1168]
[1169]
[1170]
[1171]
[1172]
[1173]
[1174]
[1175]
[1176]
[1177]
[1178]
[1179]
[1180]
[1181]
[1182]
[1183]
[1184]
[1185]
[1186]
[1187]
[1188]
[1189]
[1190]
[1191]
[1192]
[1193]
[1194]
[1195]
[1196]
[1197]
[1198]
[1199]
[1200]
[1201]
[1202]
[1203]
[1204]
[1205]
[1206]
[1207]
[1208]
[1209]
[1210]
[1211]
[1212]
[1213]
[1214]
[1215]
[1216]
[1217]
[1218]
[1219]
[1220]
[1221]
[1222]
[1223]
[1224]
[1225]
[1226]
[1227]
[1228]
[1229]
[1230]
[1231]
[1232]
[1233]
[1234]
[1235]
[1236]
[1237]
[1238]
[1239]
[1240]
[1241]
[1242]
[1243]
[1244]
[1245]
[1246]
[1247]
[1248]
[1249]
[1250]
[1251]
[1252]
[1253]
[1254]
[1255]
[1256]
[1257]
[1258]
[1259]
[1260]
[1261]
[1262]
[1263]
[1264]
[1265]
[1266]
[1267]
[1268]
[1269]
[1270]
[1271]
[1272]
[1273]
[1274]
[1275]
[1276]
[1277]
[1278]
[1279]
[1280]
[1281]
[1282]
[1283]
[1284]
[1285]
[1286]
[1287]
[1288]
[1289]
[1290]
[1291]
[1292]
[1293]
[1294]
[1295]
[1296]
[1297]
[1298]
[1299]
[1300]
[1301]
[1302]
[1303]
[1304]
[1305]
[1306]
[1307]
[1308]
[1309]
[1310]
[1311]
[1312]
[1313]
[1314]
[1315]
[1316]
[1317]
[1318]
[1319]
[1320]
[1321]
[1322]
[1323]
[1324]
[1325]
[1326]
[1327]
[1328]
[1329]
[1330]
[1331]
[1332]
[1333]
[1334]
[1335]
[1336]
[1337]
[1338]
[1339]
[1340]
[1341]
[1342]
[1343]
[1344]
[1345]
[1346]
[1347]
[1348]
[1349]
[1350]
[1351]
[1352]
[1353]
[1354]
[1355]
[1356]
[1357]
[1358]
[1359]
[1360]
[1361]
[1362]
[1363]
[1364]
[1365]
[1366]
[1367]
[1368]
[1369]
[1370]
[1371]
[1372]
[1373]
[1374]
[1375]
[1376]
[1377]
[1378]
[1379]
[1380]
[1381]
[1382]
[1383]
[1384]
[1385]
[1386]
[1387]
[1388]
[1389]
[1390]
[1391]
[1392]
[1393]
[1394]
[1395]
[1396]
[1397]
[1398]
[1399]
[1400]
[1401]
[1402]
[1403]
[1404]
[1405]
[1406]
[1407]
[1408]
[1409]
[1410]
[1411]
[1412]
[1413]
[1414]
[1415]
[1416]
[1417]
[1418]
[1419]
[1420]
[1421]
[1422]
[1423]
[1424]
[1425]
[1426]
[1427]
[1428]
[1429]
[1430]
[1431]
[1432]
[1433]
[1434]
[1435]
[1436]
[1437]
[1438]
[1439]
[1440]
[1441]
[1442]
[1443]
[1444]
[1445]
[1446]
[1447]
[1448]
[1449]
[1450]
[1451]
[1452]
[1453]
[1454]
[1455]
[1456]
[1457]
[1458]
[1459]
[1460]
[1461]
[1462]
[1463]
[1464]
[1465]
[1466]
[1467]
[1468]
[1469]
[1470]
[1471]
[1472]
[1473]
[1474]
[1475]
[1476]
[1477]
[1478]
[1479]
[1480]
[1481]
[1482]
[1483]
[1484]
[1485]
[1486]
[1487]
[1488]
[1489]
[1490]
[1491]
[1492]
[1493]
[1494]
[1495]
[1496]
[1497]
[1498]
[1499]
[1500]
[1501]
[1502]
[1503]
[1504]
[1505]
[1506]
[1507]
[1508]
[1509]
[1510]
[1511]
[1512]
[1513]
[1514]
[1515]
[1516]
[1517]
[1518]
[1519]
[1520]
[1521]
[1522]
[1523]
[1524]
[1525]
[1526]
[1527]
[1528]
[1529]
[1530]
[1531]
[1532]
[1533]
[1534]
[1535]
[1536]
[1537]
[1538]
[1539]
[1540]
[1541]
[1542]
[1543]
[1544]
[1545]
[1546]
[1547]
[1548]
[1549]
[1550]
[1551]
[1552]
[1553]
[1554]
[1555]
[1556]
[1557]
[1558]
[1559]
[1560]
[1561]
[1562]
[1563]
[1564]
[1565]
[1566]
[1567]
[1568]
[1569]
[1570]
[1571]
[1572]
[1573]
[1574]
[1575]
[1576]
[1577]
[1578]
[1579]
[1580]
[1581]
[1582]
[1583]
[1584]
[1585]
[1586]
[1587]
[1588]
[1589]
[1590]
[1591]
[1592]
[1593]
[1594]
[1595]
[1596]
[1597]
[1598]
[1599]
[1600]
[1601]
[1602]
[1603]
[1604]
[1605]
[1606]
[1607]
[1608]
[1609]
[1610]
[1611]
[1612]
[1613]
[1614]
[1615]
[1616]
[1617]
[1618]
[1619]
[1620]
[1621]
[1622]
[1623]
[1624]
[1625]
[1626]
[1627]
[1628]
[1629]
[1630]
[1631]
[1632]
[1633]
[1634]
[1635]
[1636]
[1637]
[1638]
[1639]
[1640]
[1641]
[1642]
[1643]
[1644]
[1645]
[1646]
[1647]
[1648]
[1649]
[1650]
[1651]
[1652]
[1653]
[1654]
[1655]
[1656]
[1657]
[1658]
[1659]
[1660]
[1661]
[1662]
[1663]
[1664]
[1665]
[1666]
[1667]
[1668]
[1669]
[1670]
[1671]
[1672]
[1673]
[1674]
[1675]
[1676]
[1677]
[1678]
[1679]
[1680]
[1681]
[1682]
[1683]
[1684]
[1685]
[1686]
[1687]
[1688]
[1689]
[1690]
[1691]
[1692]
[1693]
[1694]
[1695]
[1696]
[1697]
[1698]
[1699]
[1700]
[1701]
[1702]
[1703]
[1704]
[1705]
[1706]
[1707]
[1708]
[1709]
[1710]
[1711]
[1712]
[1713]
[1714]
[1715]
[1716]
[1717]
[1718]
[1719]
[1720]
[1721]
[1722]
[1723]
[1724]
[1725]
[1726]
[1727]
[1728]
[1729]
[1730]
[1731]
[1732]
[1733]
[1734]
[1735]
[1736]
[1737]
[1738]
[1739]
[1740]
[1741]
[1742]
[1743]
[1744]
[1745]
[1746]
[1747]
[1748]
[1749]
[1750]
[1751]
[1752]
[1753]
[1754]
[1755]
[1756]
[1757]
[1758]
[1759]
[1760]
[1761]
[1762]
[1763]
[1764]
[1765]
[1766]
[1767]
[1768]
[1769]
[1770]
[1771]
[1772]
[1773]
[1774]
[1775]
[1776]
[1777]
[1778]
[1779]
[1780]
[1781]
[1782]
[1783]
[1784]
[1785]
[1786]
[1787]
[1788]
[1789]
[1790]
[1791]
[1792]
[1793]
[1794]
[1795]
[1796]
[1797]
[1798]
[1799]
[1800]
[1801]
[1802]
[1803]
[1804]
[1805]
[1806]
[1807]
[1808]
[1809]
[1810]
[1811]
[1812]
[1813]
[1814]
[1815]
[1816]
[1817]
[1818]
[1819]
[1820]
[1821]
[1822]
[1823]
[1824]
[1825]
[1826]
[1827]
[1828]
[1829]
[1830]
[1831]
[1832]
[1833]
[1834]
[1835]
[1836]
[1837]
[1838]
[1839]
[1840]
[1841]
[1842]
[1843]
[1844]
[1845]
[1846]
[1847]
[1848]
[1849]
[1850]
[1851]
[1852]
[1853]
[1854]
[1855]
[1856]
[1857]
[1858]
[1859]
[1860]
[1861]
[1862]
[1863]
[1864]
[1865]
[1866]
[1867]
[1868]
[1869]
[1870]
[1871]
[1872]
[1873]
[1874]
[1875]
[1876]
[1877]
[1878]
[1879]
[1880]
[1881]
[1882]
[1883]
[1884]
[1885]
[1886]
[1887]
[1888]
[1889]
[1890]
[1891]
[1892]
[1893]
[1894]
[1895]
[1896]
[1897]
[1898]
[1899]
[1900]
[1901]
[1902]
[1903]
[1904]
[1905]
[1906]
[1907]
[1908]
[1909]
[1910]
[1911]
[1912]
[1913]
[1914]
[1915]
[1916]
[1917]
[1918]
[1919]
[1920]
[1921]
[1922]
[1923]
[1924]
[1925]
[1926]
[1927]
[1928]
[1929]
[1930]
[1931]
[1932]
[1933]
[1934]
[1935]
[1936]
[1937]
[1938]
[1939]
[1940]
[1941]
[1942]
[1943]
[1944]
[1945]
[1946]
[1947]
[1948]
[1949]
[1950]
[1951]
[1952]
[1953]
[1954]
[1955]
[1956]
[1957]
[1958]
[1959]
[1960]
[1961]
[1962]
[1963]
[1964]
[1965]
[1966]
[1967]
[1968]
[1969]
[1970]
[1971]
[1972]
[1973]
[1974]
[1975]
[1976]
[1977]
[1978]
[1979]
[1980]
[1981]
[1982]
[1983]
[1984]
[1985]
[1986]
[1987]
[1988]
[1989]
[1990]
[1991]
[1992]
[1993]
[1994]
[1995]
[1996]
[1997]
[1998]
[1999]
[2000]
[2001]
[2002]
[2003]
[2004]
[2005]
[2006]
[2007]
[2008]
[2009]
[2010]
[2011]
[2012]
[2013]
[2014]
[2015]
[2016]
[2017]
[2018]
[2019]
[2020]
[2021]
[2022]
[2023]
[2024]
[2025]
[2026]
[2027]
[2028]
[2029]
[2030]
[2031]
[2032]
[2033]
[2034]
[2035]
[2036]
[2037]
[2038]
[2039]
[2040]
[2041]
[2042]
[2043]
[2044]
[2045]
[2046]
[2047]
[2048]
[2049]
[2050]
[2051]
[2052]
[2053]
[2054]
[2055]
[2056]
[2057]
[2058]
[2059]
[2060]
[2061]
[2062]
[2063]
[2064]
[2065]
[2066]
[2067]
[2068]
[2069]
[2070]
[2071]
[2072]
[2073]
[2074]
[2075]
[2076]
[2077]
[2078]
[2079]
[2080]
[2081]
[2082]
[2083]
[2084]
[2085]
[2086]
[2087]
[2088]
[2089]
[2090]
[2091]
[2092]
[2093]
[2094]
[2095]
[2096]
[2097]
[2098]
[2099]
[2100]
[2101]
[2102]
[2103]
[2104]
[2105]
[2106]
[2107]
[2108]
[2109]
[2110]
[2111]
[2112]
[2113]
[2114]
[2115]
[2116]
[2117]
[2118]
[2119]
[2120]
[2121]
[2122]
[2123]
[2124]
[2125]
[2126]
[2127]
[2128]
[2129]
[2130]
[2131]
[2132]
[2133]
[2134]
[2135]
[2136]
[2137]
[2138]
[2139]
[2140]
[2141]
[2142]
[2143]
[2144]
[2145]
[2146]
[2147]
[2148]
[2149]
[2150]
[2151]
[2152]
[2153]
[2154]
[2155]
[2156]
[2157]
[2158]
[2159]
[2160]
[2161]
[2162]
[2163]
[2164]
[2165]
[2166]
[2167]
[2168]
[2169]
[2170]
[2171]
[2172]
[2173]
[2174]
[2175]
[2176]
[2177]
[2178]
[2179]
[2180]
[2181]
[2182]
[2183]
[2184]
[2185]
[2186]
[2187]
[2188]
[2189]
[2190]
[2191]
[2192]
[2193]
[2194]
[2195]
[2196]
[2197]
[2198]
[2199]
[2200]
[2201]
[2202]
[2203]
[2204]
[2205]
[2206]
[2207]
[2208]
[2209]
[2210]
[2211]
[2212]
[2213]
[2214]
[2215]
[2216]
[2217]
[2218]
[2219]
[2220]
[2221]
[2222]
[2223]
[2224]
[2225]
[2226]
[2227]
[2228]
[2229]
[2230]
[2231]
[2232]
[2233]
[2234]
[2235]
[2236]
[2237]
[2238]
[2239]
[2240]
[2241]
[2242]
[2243]
[2244]
[2245]
[2246]
[2247]
[2248]
[2249]
[2250]
[2251]
[2252]
[2253]
[2254]
[2255]
[2256]
[2257]
[2258]
[2259]
[2260]
[2261]
[2262]
[2263]
[2264]
[2265]
[2266]
[2267]
[2268]
[2269]
[2270]
[2271]
[2272]
[2273]
[2274]
[2275]
[2276]
[2277]
[2278]
[2279]
[2280]
[2281]
[2282]
[2283]
[2284]
[2285]
[2286]
[2287]
[2288]
[2289]
[2290]
[2291]
[2292]
[2293]
[2294]
[2295]
[2296]
[2297]
[2298]
[2299]
[2300]
[2301]
[2302]
[2303]
[2304]
[2305]
[2306]
[2307]
[2308]
[2309]
[2310]
[2311]
[2312]
[2313]
[2314]
[2315]
[2316]
[2317]
[2318]
[2319]
[2320]
[2321]
[2322]
[2323]
[2324]
[2325]
[2326]
[2327]
[2328]
[2329]
[2330]
[2331]
[2332]
[2333]
[2334]
[2335]
[2336]
[2337]
[2338]
[2339]
[2340]
[2341]
[2342]
[2343]
[2344]
[2345]
[2346]
[2347]
[2348]
[2349]
[2350]
[2351]
[2352]
[2353]
[2354]
[2355]
[2356]
[2357]
[2358]
[2359]
[2360]
[2361]
[2362]
[2363]
[2364]
[2365]
[2366]
[2367]
[2368]
[2369]
[2370]
[2371]
[2372]
[2373]
[2374]
[2375]
[2376]
[2377]
[2378]
[2379]
[2380]
[2381]
[2382]
[2383]
[2384]
[2385]
[2386]
[2387]
[2388]
[2389]
[2390]
[2391]
[2392]
[2393]
[2394]
[2395]
[2396]
[2397]
[2398]
[2399]
[2400]
[2401]
[2402]
[2403]
[2404]
[2405]
[2406]
[2407]
[2408]
[2409]
[2410]
[2411]
[2412]
[2413]
[2414]
[2415]
[2416]
[2417]
[2418]
[2419]
[2420]
[2421]
[2422]
[2423]
[2424]
[2425]
[2426]
[2427]
[2428]
[2429]
[2430]
[2431]
[2432]
[2433]
[2434]
[2435]
[2436]
[2437]
[2438]
[2439]
[2440]
[2441]
[2442]
[2443]
[2444]
[2445]
[2446]
[2447]
[2448]
[2449]
[2450]
[2451]
[2452]
[2453]
[2454]
[2455]
[2456]
[2457]
[2458]
[2459]
[2460]
[2461]
[2462]
[2463]
[2464]
[2465]
[2466]
[2467]
[2468]
[2469]
[2470]
[2471]
[2472]
[2473]
[2474]
[2475]
[2476]
[2477]
[2478]
[2479]
[2480]
[2481]
[2482]
[2483]
[2484]
[2485]
[2486]
[2487]
[2488]
[2489]
[2490]
[2491]
[2492]
[2493]
[2494]
[2495]
[2496]
[2497]
[2498]
[2499]
[2500]
[2501]
[2502]
[2503]
[2504]
[2505]
[2506]
[2507]
[2508]
[2509]
[2510]
[2511]
[2512]
[2513]
[2514]
[2515]
[2516]
[2517]
[2518]
[2519]
[2520]
[2521]
[2522]
[2523]
[2524]
[2525]
[2526]
[2527]
[2528]
[2529]
[2530]
[2531]
[2532]
[2533]
[2534]
[2535]
[2536]
[2537]
[2538]
[2539]
[2540]
[2541]
[2542]
[2543]
[2544]
[2545]
[2546]
[2547]
[2548]
[2549]
[2550]
[2551]
[2552]
[2553]
[2554]
[2555]
[2556]
[2557]
[2558]
[2559]
[2560]
[2561]
[2562]
[2563]
[2564]
[2565]
[2566]
[2567]
[2568]
[2569]
[2570]
[2571]
[2572]
[2573]
[2574]
[2575]
[2576]
[2577]
[2578]
[2579]
[2580]
[2581]
[2582]
[2583]
[2584]
[2585]
[2586]
[2587]
[2588]
[2589]
[2590]
[2591]
[2592]
[2593]
[2594]
[2595]
[2596]
[2597]
[2598]
[2599]
[2600]
[2601]
[2602]
[2603]
[2604]
[2605]
[2606]
[2607]
[2608]
[2609]
[2610]
[2611]
[2612]
[2613]
[2614]
[2615]
[2616]
[2617]
[2618]
[2619]
[2620]
[2621]
[2622]
[2623]
[2624]
[2625]
[2626]
[2627]
[2628]
[2629]
[2630]
[2631]
[2632]
[2633]
[2634]
[2635]
[2636]
[2637]
[2638]
[2639]
[2640]
[2641]
[2642]
[2643]
[2644]
[2645]
[2646]
[2647]
[2648]
[2649]
[2650]
[2651]
[2652]
[2653]
[2654]
[2655]
[2656]
[2657]
[2658]
[2659]
[2660]
[2661]
[2662]
[2663]
[2664]
[2665]
[2666]
[2667]
[2668]
[2669]
[2670]
[2671]
[2672]
[2673]
[2674]
[2675]
[2676]
[2677]
[2678]
[2679]
[2680]
[2681]
[2682]
[2683]
[2684]
[2685]
[2686]
[2687]
[2688]
[2689]
[2690]
[2691]
[2692]
[2693]
[2694]
[2695]
[2696]
[2697]
[2698]
[2699]
[2700]
[2701]
[2702]
[2703]
[2704]
[2705]
[2706]
[2707]
[2708]
[2709]
[2710]
[2711]
[2712]
[2713]
[2714]
[2715]
[2716]
[2717]
[2718]
[2719]
[2720]
[2721]
[2722]
[2723]
[2724]
[2725]
[2726]
[2727]
[2728]
[2729]
[2730]
[2731]
[2732]
[2733]
[2734]
[2735]
[2736]
[2737]
[2738]
[2739]
[2740]
[2741]
[2742]
[2743]
[2744]
[2745]
[2746]
[2747]
[2748]
[2749]
[2750]
[2751]
[2752]
[2753]
[2754]
[2755]
[2756]
[2757]
[2758]
[2759]
[2760]
[2761]
[2762]
[2763]
[2764]
[2765]
[2766]
[2767]
[2768]
[2769]
[2770]
[2771]
[2772]
[2773]
[2774]
[2775]
[2776]
[2777]
[2778]
[2779]
[2780]
[2781]
[2782]
[2783]
[2784]
[2785]
[2786]
[2787]
[2788]
[2789]
[2790]
[2791]
[2792]
[2793]
[2794]
[2795]
[2796]
[2797]
[2798]
[2799]
[2800]
[2801]
[2802]
[2803]
[2804]
[2805]
[2806]
[2807]
[2808]
[2809]
[2810]
[2811]
[2812]
[2813]
[2814]
[2815]
[2816]
[2817]
[2818]
[2819]
[2820]
[2821]
[2822]
[2823]
[2824]
[2825]
[2826]
[2827]
[2828]
[2829]
[2830]
[2831]
[2832]
[2833]
[2834]
[2835]
[2836]
[2837]
[2838]
[2839]
[2840]
[2841]
[2842]
[2843]
[2844]
[2845]
[2846]
[2847]
[2848]
[2849]
[2850]
[2851]
[2852]
[2853]
[2854]
[2855]
[2856]
[2857]
[2858]
[2859]
[2860]
[2861]
[2862]
[2863]
[2864]
[2865]
[2866]
[2867]
[2868]
[2869]
[2870]
[2871]
[2872]
[2873]
[2874]
[2875]
[2876]
[2877]
[2878]
[2879]
[2880]
[2881]
[2882]
[2883]
[2884]
[2885]
[2886]
[2887]
[2888]
[2889]
[2890]
[2891]
[2892]
[2893]
[2894]
[2895]
[2896]
[2897]
[2898]
[2899]
[2900]
[2901]
[2902]
[2903]
[2904]
[2905]
[2906]
[2907]
[2908]
[2909]
[2910]
[2911]
[2912]
[2913]
[2914]
[2915]
[2916]
[2917]
[2918]
[2919]
[2920]
[2921]
[2922]
[2923]
[2924]
[2925]
[2926]
[2927]
[2928]
[2929]
[2930]
[2931]
[2932]
[2933]
[2934]
[2935]
[2936]
[2937]
[2938]
[2939]
[2940]
[2941]
[2942]
[2943]
[2944]
[2945]
[2946]
[2947]
[2948]
[2949]
[2950]
[2951]
[2952]
[2953]
[2954]
[2955]
[2956]
[2957]
[2958]
[2959]
[2960]
[2961]
[2962]
[2963]
[2964]
[2965]
[2966]
[2967]
[2968]
[2969]
[2970]
[2971]
[2972]
[2973]
[2974]
[2975]
[2976]
[2977]
[2978]
[2979]
[2980]
[2981]
[2982]
[2983]
[2984]
[2985]
[2986]
[2987]
[2988]
[2989]
[2990]
[2991]
[2992]
[2993]
[2994]
[2995]
[2996]
[2997]
[2998]
[2999]
[3000]
[3001]
[3002]
[3003]
[3004]
[3005]
[3006]
[3007]
[3008]
[3009]
[3010]
[3011]
[3012]
[3013]
[3014]
[3015]
[3016]
[3017]
[3018]
[3019]
[3020]
[3021]
[3022]
[3023]
[3024]
[3025]
[3026]
[3027]
[3028]
[3029]
[3030]
[3031]
[3032]
[3033]
[3034]
[3035]
[3036]
[3037]
[3038]
[3039]
[3040]
[3041]
[3042]
[3043]
[3044]
[3045]
[3046]
[3047]
[3048]
[3049]
[3050]
[3051]
[3052]
[3053]
[3054]
[3055]
[3056]
[3057]
[3058]
[3059]
[3060]
[3061]
[3062]
[3063]
[3064]
[3065]
[3066]
[3067]
[3068]
[3069]
[3070]
[3071]
[3072]
[3073]
[3074]
[3075]
[3076]
[3077]
[3078]
[3079]
[3080]
[3081]
[3082]
[3083]
[3084]
[3085]
[3086]
[3087]
[3088]
[3089]
[3090]
[3091]
[3092]
[3093]
[3094]
[3095]
[3096]
[3097]
[3098]
[3099]
[3100]
[3101]
[3102]
[3103]
[3104]
[3105]
[3106]
[3107]
[3108]
[3109]
[3110]
[3111]
[3112]
[3113]
[3114]
[3115]
[3116]
[3117]
[3118]
[3119]
[3120]
[3121]
[3122]
[3123]
[3124]
[3125]
[3126]
[3127]
[3128]
[3129]
[3130]
[3131]
[3132]
[3133]
[3134]
[3135]
[3136]
[3137]
[3138]
[3139]
[3140]
[3141]
[3142]
[3143]
[3144]
[3145]
[3146]
[3147]
[3148]
[3149]
[3150]
[3151]
[3152]
[3153]
[3154]
[3155]
[3156]
[3157]
[3158]
[3159]
[3160]
[3161]
[3162]
[3163]
[3164]
[3165]
[3166]
[3167]
[3168]
[3169]
[3170]
[3171]
[3172]
[3173]
[3174]
[3175]
[3176]
[3177]
[3178]
[3179]
[3180]
[3181]
[3182]
[3183]
[3184]
[3185]
[3186]
[3187]
[3188]
[3189]
[3190]
[3191]
[3192]
[3193]
[3194]
[3195]
[3196]
[3197]
[3198]
[3199]
[3200]
[3201]
[3202]
[3203]
[3204]
[3205]
[3206]
[3207]
[3208]
[3209]
[3210]
[3211]
[3212]
[3213]
[3214]
[3215]
[3216]
[3217]
[3218]
[3219]
[3220]
[3221]
[3222]
[3223]
[3224]
[3225]
[3226]
[3227]
[3228]
[3229]
[3230]
[3231]
[3232]
[3233]
[3234]
[3235]
[3236]
[3237]
[3238]
[3239]
[3240]
[3241]
[3242]
[3243]
[3244]
[3245]
[3246]
[3247]
[3248]
[3249]
[3250]
[3251]
[3252]
[3253]
[3254]
[3255]
[3256]
[3257]
[3258]
[3259]
[3260]
[3261]
[3262]
[3263]
[3264]
[3265]
[3266]
[3267]
[3268]
[3269]
[3270]
[3271]
[3272]
[3273]
[3274]
[3275]
[3276]
[3277]
[3278]
[3279]
[3280]
[3281]
[3282]
[3283]
[3284]
[3285]
[3286]
[3287]
[3288]
[3289]
[3290]
[3291]
[3292]
[3293]
[3294]
[3295]
[3296]
[3297]
[3298]
[3299]
[3300]
[3301]
[3302]
[3303]
[3304]
[3305]
[3306]
[3307]
[3308]
[3309]
[3310]
[3311]
[3312]
[3313]
[3314]
[3315]
[3316]
[3317]
[3318]
[3319]
[3320]
[3321]
[3322]
[3323]
[3324]
[3325]
[3326]
[3327]
[3328]
[3329]
[3330]
[3331]
[3332]
[3333]
[3334]
[3335]
[3336]
[3337]
[3338]
[3339]
[3340]
[3341]
[3342]
[3343]
[3344]
[3345]
[3346]
[3347]
[3348]
[3349]
[3350]
[3351]
[3352]
[3353]
[3354]
[3355]
[3356]
[3357]
[3358]
[3359]
[3360]
[3361]
[3362]
[3363]
[3364]
[3365]
[3366]
[3367]
[3368]
[3369]
[3370]
[3371]
[3372]
[3373]
[3374]
[3375]
[3376]
[3377]
[3378]
[3379]
[3380]
[3381]
[3382]
[3383]
[3384]
[3385]
[3386]
[3387]
[3388]
[3389]
[3390]
[3391]
[3392]
[3393]
[3394]
[3395]
[3396]
[3397]
[3398]
[3399]
[3400]
[3401]
[3402]
[3403]
[3404]
[3405]
[3406]
[3407]
[3408]
[3409]
[3410]
[3411]
[3412]
[3413]
[3414]
[3415]
[3416]
[3417]
[3418]
[3419]
[3420]
[3421]
[3422]
[3423]
[3424]
[3425]
[3426]
[3427]
[3428]
[3429]
[3430]
[3431]
[3432]
[3433]
[3434]
[3435]
[3436]
[3437]
[3438]
[3439]
[3440]
[3441]
[3442]
[3443]
[3444]
[3445]
[3446]
[3447]
[3448]
[3449]
[3450]
[3451]
[3452]
[3453]
[3454]
[3455]
[3456]
[3457]
[3458]
[3459]
[3460]
[3461]
[3462]
[3463]
[3464]
[3465]
[3466]
[3467]
[3468]
[3469]
[3470]
[3471]
[3472]
[3473]
[3474]
[3475]
[3476]
[3477]
[3478]
[3479]
[3480]
[3481]
[3482]
[3483]
[3484]
[3485]
[3486]
[3487]
[3488]
[3489]
[3490]
[3491]
[3492]
[3493]
[3494]
[3495]
[3496]
[3497]
[3498]
[3499]
[3500]
[3501]
[3502]
[3503]
[3504]
[3505]
[3506]
[3507]
[3508]
[3509]
[3510]
[3511]
[3512]
[3513]
[3514]
[3515]
[3516]
[3517]
[3518]
[3519]
[3520]
[3521]
[3522]
[3523]
[3524]
[3525]
[3526]
[3527]
[3528]
[3529]
[3530]
[3531]
[3532]
[3533]
[3534]
[3535]
[3536]
[3537]
[3538]
[3539]
[3540]
[3541]
[3542]
[3543]
[3544]
[3545]
[3546]
[3547]
[3548]
[3549]
[3550]
[3551]
[3552]
[3553]
[3554]
[3555]
[3556]
[3557]
[3558]
[3559]
[3560]
[3561]
[3562]
[3563]
[3564]
[3565]
[3566]
[3567]
[3568]
[3569]
[3570]
[3571]
[3572]
[3573]
[3574]
[3575]
[3576]
[3577]
[3578]
[3579]
[3580]
[3581]
[3582]
[3583]
[3584]
[3585]
[3586]
[3587]
[3588]
[3589]
[3590]
[3591]
[3592]
[3593]
[3594]
[3595]
[3596]
[3597]
[3598]
[3599]
[3600]
[3601]
[3602]
[3603]
[3604]
[3605]
[3606]
[3607]
[3608]
[3609]
[3610]
[3611]
[3612]
[3613]
[3614]
[3615]
[3616]
[3617]
[3618]
[3619]
[3620]
[3621]
[3622]
[3623]
[3624]
[3625]
[3626]
[3627]
[3628]
[3629]
[3630]
[3631]
[3632]
[3633]
[3634]
[3635]
[3636]
[3637]
[3638]
[3639]
[3640]
[3641]
[3642]
[3643]
[3644]
[3645]
[3646]
[3647]
[3648]
[3649]
[3650]
[3651]
[3652]
[3653]
[3654]
[3655]
[3656]
[3657]
[3658]
[3659]
[3660]
[3661]
[3662]
[3663]
[3664]
[3665]
[3666]
[3667]
[3668]
[3669]
[3670]
[3671]
[3672]
[3673]
[3674]
[3675]
[3676]
[3677]
[3678]
[3679]
[3680]
[3681]
[3682]
[3683]
[3684]
[3685]
[3686]
[3687]
[3688]
[3689]
[3690]
[3691]
[3692]
[3693]
[3694]
[3695]
[3696]
[3697]
[3698]
[3699]
[3700]
[3701]
[3702]
[3703]
[3704]
[3705]
[3706]
[3707]
[3708]
[3709]
[3710]
[3711]
[3712]
[3713]
[3714]
[3715]
[3716]
[3717]
[3718]
[3719]
[3720]
[3721]
[3722]
[3723]
[3724]
[3725]
[3726]
[3727]
[3728]
[3729]
[3730]
[3731]
[3732]
[3733]
[3734]
[3735]
[3736]
[3737]
[3738]
[3739]
[3740]
[3741]
[3742]
[3743]
[3744]
[3745]
[3746]
[3747]
[3748]
[3749]
[3750]
[3751]
[3752]
[3753]
[3754]
[3755]
[3756]
[3757]
[3758]
[3759]
[3760]
[3761]
[3762]
[3763]
[3764]
[3765]
[3766]
[3767]
[3768]
[3769]
[3770]
[3771]
[3772]
[3773]
[3774]
[3775]
[3776]
[3777]
[3778]
[3779]
[3780]
[3781]
[3782]
[3783]
[3784]
[3785]
[3786]
[3787]
[3788]
[3789]
[3790]
[3791]
[3792]
[3793]
[3794]
[3795]
[3796]
[3797]
[3798]
[3799]
[3800]
[3801]
[3802]
[3803]
[3804]
[3805]
[3806]
[3807]
[3808]
[3809]
[3810]
[3811]
[3812]
[3813]
[3814]
[3815]
[3816]
[3817]
[3818]
[3819]
[3820]
[3821]
[3822]
[3823]
[3824]
[3825]
[3826]
[3827]
[3828]
[3829]
[3830]
[3831]
[3832]
[3833]
[3834]
[3835]
[3836]
[3837]
[3838]
[3839]
[3840]
[3841]
[3842]
[3843]
[3844]
[3845]
[3846]
[3847]
[3848]
[3849]
[3850]
[3851]
[3852]
[3853]
[3854]
[3855]
[3856]
[3857]
[3858]
[3859]
[3860]
[3861]
[3862]
[3863]
[3864]
[3865]
[3866]
[3867]
[3868]
[3869]
[3870]
[3871]
[3872]
[3873]
[3874]
[3875]
[3876]
[3877]
[3878]
[3879]
[3880]
[3881]
[3882]
[3883]
[3884]
[3885]
[3886]
[3887]
[3888]
[3889]
[3890]
[3891]
[3892]
[3893]
[3894]
[3895]
[3896]
[3897]
[3898]
[3899]
[3900]
[3901]
[3902]
[3903]
[3904]
[3905]
[3906]
[3907]
[3908]
[3909]
[3910]
[3911]
[3912]
[3913]
[3914]
[3915]
[3916]
[3917]
[3918]
[3919]
[3920]
[3921]
[3922]
[3923]
[3924]
[3925]
[3926]
[3927]
[3928]
[3929]
[3930]
[3931]
[3932]
[3933]
[3934]
[3935]
[3936]
[3937]
[3938]
[3939]
[3940]
[3941]
[3942]
[3943]
[3944]
[3945]
[3946]
[3947]
[3948]
[3949]
[3950]
[3951]
[3952]
[3953]
[3954]
[3955]
[3956]
[3957]
[3958]
[3959]
[3960]
[3961]
[3962]
[3963]
[3964]
[3965]
[3966]
[3967]
[3968]
[3969]
[3970]
[3971]
[3972]
[3973]
[3974]
[3975]
[3976]
[3977]
[3978]
[3979]
[3980]
[3981]
[3982]
[3983]
[3984]
[3985]
[3986]
[3987]
[3988]
[3989]
[3990]
[3991]
[3992]
[3993]
[3994]
[3995]
[3996]
[3997]
[3998]
[3999]
[4000]
[4001]
[4002]
[4003]
[4004]
[4005]
[4006]
[4007]
[4008]
[4009]
[4010]
[4011]
[4012]
[4013]
[4014]
[4015]
[4016]
[4017]
[4018]
[4019]
[4020]
[4021]
[4022]
[4023]
[4024]
[4025]
[4026]
[4027]
[4028]
[4029]
[4030]
[4031]
[4032]
[4033]
[4034]
[4035]
[4036]
[4037]
[4038]
[4039]
[4040]
[4041]
[4042]
[4043]
[4044]
[4045]
[4046]
[4047]
[4048]
[4049]
[4050]
[4051]
[4052]
[4053]
[4054]
[4055]
[4056]
[4057]
[4058]
[4059]
[4060]
[4061]
[4062]
[4063]
[4064]
[4065]
[4066]
[4067]
[4068]
[4069]
[4070]
[4071]
[4072]
[4073]
[4074]
[4075]
[4076]
[4077]
[4078]
[4079]
[4080]
[4081]
[4082]
[4083]
[4084]
[4085]
[4086]
[4087]
[4088]
[4089]
[4090]
[4091]
[4092]
[4093]
[4094]
[4095]
[4096]
[4097]
[4098]
[4099]
[4100]
[4101]
[4102]
[4103]
[4104]
[4105]
[4106]
[4107]
[4108]
[4109]
[4110]
[4111]
[4112]
[4113]
[4114]
[4115]
[4116]
[4117]
[4118]
[4119]
[4120]
[4121]
[4122]
[4123]
[4124]
[4125]
[4126]
[4127]
[4128]
[4129]
[4130]
[4131]
[4132]
[4133]
[4134]
[4135]
[4136]
[4137]
[4138]
[4139]
[4140]
[4141]
[4142]
[4143]
[4144]
[4145]
[4146]
[4147]
[4148]
[4149]
[4150]
[4151]
[4152]
[4153]
[4154]
[4155]
[4156]
[4157]
[4158]
[4159]
[4160]
[4161]
[4162]
[4163]
[4164]
[4165]
[4166]
[4167]
[4168]
[4169]
[4170]
[4171]
[4172]
[4173]
[4174]
[4175]
[4176]
[4177]
[4178]
[4179]
[4180]
[4181]
[4182]
[4183]
[4184]
[4185]
[4186]
[4187]
[4188]
[4189]
[4190]
[4191]
[4192]
[4193]
[4194]
[4195]
[4196]
[4197]
[4198]
[4199]
[4200]
[4201]
[4202]
[4203]
[4204]
[4205]
[4206]
[4207]
[4208]
[4209]
[4210]
[4211]
[4212]
[4213]
[4214]
[4215]
[4216]
[4217]
[4218]
[4219]
[4220]
[4221]
[4222]
[4223]
[4224]
[4225]
[4226]
[4227]
[4228]
[4229]
[4230]
[4231]
[4232]
[4233]
[4234]
[4235]
[4236]
[4237]
[4238]
[4239]
[4240]
[4241]
[4242]
[4243]
[4244]
[4245]
[4246]
[4247]
[4248]
[4249]
[4250]
[4251]
[4252]
[4253]
[4254]
[4255]
[4256]
[4257]
[4258]
[4259]
[4260]
[4261]
[4262]
[4263]
[4264]
[4265]
[4266]
[4267]
[4268]
[4269]
[4270]
[4271]
[4272]
[4273]
[4274]
[4275]
[4276]
[4277]
[4278]
[4279]
[4280]
[4281]
[4282]
[4283]
[4284]
[4285]
[4286]
[4287]
[4288]
[4289]
[4290]
[4291]
[4292]
[4293]
[4294]
[4295]
[4296]
[4297]
[4298]
[4299]
[4300]
[4301]
[4302]
[4303]
[4304]
[4305]
[4306]
[4307]
[4308]
[4309]
[4310]
[4311]
[4312]
[4313]
[4314]
[4315]
[4316]
[4317]
[4318]
[4319]
[4320]
[4321]
[4322]
[4323]
[4324]
[4325]
[4326]
[4327]
[4328]
[4329]
[4330]
[4331]
[4332]
[4333]
[4334]
[4335]
[4336]
[4337]
[4338]
[4339]
[4340]
[4341]
[4342]
[4343]
[4344]
[4345]
[4346]
[4347]
[4348]
[4349]
[4350]
[4351]
[4352]
[4353]
[4354]
[4355]
[4356]
[4357]
[4358]
[4359]
[4360]
[4361]
[4362]
[4363]
[4364]
[4365]
[4366]
[4367]
[4368]
[4369]
[4370]
[4371]
[4372]
[4373]
[4374]
[4375]
[4376]
[4377]
[4378]
[4379]
[4380]
[4381]
[4382]
[4383]
[4384]
[4385]
[4386]
[4387]
[4388]
[4389]
[4390]
[4391]
[4392]
[4393]
[4394]
[4395]
[4396]
[4397]
[4398]
[4399]
[4400]
[4401]
[4402]
[4403]
[4404]
[4405]
[4406]
[4407]
[4408]
[4409]
[4410]
[4411]
[4412]
[4413]
[4414]
[4415]
[4416]
[4417]
[4418]
[4419]
[4420]
[4421]
[4422]
[4423]
[4424]
[4425]
[4426]
[4427]
[4428]
[4429]
[4430]
[4431]
[4432]
[4433]
[4434]
[4435]
[4436]
[4437]
[4438]
[4439]
[4440]
[4441]
[4442]
[4443]
[4444]
[4445]
[4446]
[4447]
[4448]
[4449]
[4450]
[4451]
[4452]
[4453]
[4454]
[4455]
[4456]
[4457]
[4458]
[4459]
[4460]
[4461]
[4462]
[4463]
[4464]
[4465]
[4466]
[4467]
[4468]
[4469]
[4470]
[4471]
[4472]
[4473]
[4474]
[4475]
[4476]
[4477]
[4478]
[4479]
[4480]
[4481]
[4482]
[4483]
[4484]
[4485]
[4486]
[4487]
[4488]
[4489]
[4490]
[4491]
[4492]
[4493]
[4494]
[4495]
[4496]
[4497]
[4498]
[4499]
[4500]
[4501]
[4502]
[4503]
[4504]
[4505]
[4506]
[4507]
[4508]
[4509]
[4510]
[4511]
[4512]
[4513]
[4514]
[4515]
[4516]
[4517]
[4518]
[4519]
[4520]
[4521]
[4522]
[4523]
[4524]
[4525]
[4526]
[4527]
[4528]
[4529]
[4530]
[4531]
[4532]
[4533]
[4534]
[4535]
[4536]
[4537]
[4538]
[4539]
[4540]
[4541]
[4542]
[4543]
[4544]
[4545]
[4546]
[4547]
[4548]
[4549]
[4550]
[4551]
[4552]
[4553]
[4554]
[4555]
[4556]
[4557]
[4558]
[4559]
[4560]
[4561]
[4562]
[4563]
[4564]
[4565]
[4566]
[4567]
[4568]
[4569]
[4570]
[4571]
[4572]
[4573]
[4574]
[4575]
[4576]
[4577]
[4578]
[4579]
[4580]
[4581]
[4582]
[4583]
[4584]
[4585]
[4586]
[4587]
[4588]
[4589]
[4590]
[4591]
[4592]
[4593]
[4594]
[4595]
[4596]
[4597]
[4598]
[4599]
[4600]
[4601]
[4602]
[4603]
[4604]
[4605]
[4606]
[4607]
[4608]
[4609]
[4610]
[4611]
[4612]
[4613]
[4614]
[4615]
[4616]
[4617]
[4618]
[4619]
[4620]
[4621]
[4622]
[4623]
[4624]
[4625]
[4626]
[4627]
[4628]
[4629]
[4630]
[4631]
[4632]
[4633]
[4634]
[4635]
[4636]
[4637]
[4638]
[4639]
[4640]
[4641]
[4642]
[4643]
[4644]
[4645]
[4646]
[4647]
[4648]
[4649]
[4650]
[4651]
[4652]
[4653]
[4654]
[4655]
[4656]
[4657]
[4658]
[4659]
[4660]
[4661]
[4662]
[4663]
[4664]
[4665]
[4666]
[4667]
[4668]
[4669]
[4670]
[4671]
[4672]
[4673]
[4674]
[4675]
[4676]
[4677]
[4678]
[4679]
[4680]
[4681]
[4682]
[4683]
[4684]
[4685]
[4686]
[4687]
[4688]
[4689]
[4690]
[4691]
[4692]
[4693]
[4694]
[4695]
[4696]
[4697]
[4698]
[4699]
[4700]
[4701]
[4702]
[4703]
[4704]
[4705]
[4706]
[4707]
[4708]
[4709]
[4710]
[4711]
[4712]
[4713]
[4714]
[4715]
[4716]
[4717]
[4718]
[4719]
[4720]
[4721]
[4722]
[4723]
[4724]
[4725]
[4726]
[4727]
[4728]
[4729]
[4730]
[4731]
[4732]
[4733]
[4734]
[4735]
[4736]
[4737]
[4738]
[4739]
[4740]
[4741]
[4742]
[4743]
[4744]
[4745]
[4746]
[4747]
[4748]
[4749]
[4750]
[4751]
[4752]
[4753]
[4754]
[4755]
[4756]
[4757]
[4758]
[4759]
[4760]
[4761]
[4762]
[4763]
[4764]
[4765]
[4766]
[4767]
[4768]
[4769]
[4770]
[4771]
[4772]
[4773]
[4774]
[4775]
[4776]
[4777]
[4778]
[4779]
[4780]
[4781]
[4782]
[4783]
[4784]
[4785]
[4786]
[4787]
[4788]
[4789]
[4790]
[4791]
[4792]
[4793]
[4794]
[4795]
[4796]
[4797]
[4798]
[4799]
[4800]
[4801]
[4802]
[4803]
[4804]
[4805]
[4806]
[4807]
[4808]
[4809]
[4810]
[4811]
[4812]
[4813]
[4814]
[4815]
[4816]
[4817]
[4818]
[4819]
[4820]
[4821]
[4822]
[4823]
[4824]
[4825]
[4826]
[4827]
[4828]
[4829]
[4830]
[4831]
[4832]
[4833]
[4834]
[4835]
[4836]
[4837]
[4838]
[4839]
[4840]
[4841]
[4842]
[4843]
[4844]
[4845]
[4846]
[4847]
[4848]
[4849]
[4850]
[4851]
[4852]
[4853]
[4854]
[4855]
[4856]
[4857]
[4858]
[4859]
[4860]
[4861]
[4862]
[4863]
[4864]
[4865]
[4866]
[4867]
[4868]
[4869]
[4870]
[4871]
[4872]
[4873]
[4874]
[4875]
[4876]
[4877]
[4878]
[4879]
[4880]
[4881]
[4882]
[4883]
[4884]
[4885]
[4886]
[4887]
[4888]
[4889]
[4890]
[4891]
[4892]
[4893]
[4894]
[4895]
[4896]
[4897]
[4898]
[4899]
[4900]
[4901]
[4902]
[4903]
[4904]
[4905]
[4906]
[4907]
[4908]
[4909]
[4910]
[4911]
[4912]
[4913]
[4914]
[4915]
[4916]
[4917]
[4918]
[4919]
[4920]
[4921]
[4922]
[4923]
[4924]
[4925]
[4926]
[4927]
[4928]
[4929]
[4930]
[4931]
[4932]
[4933]
[4934]
[4935]
[4936]
[4937]
[4938]
[4939]
[4940]
[4941]
[4942]
[4943]
[4944]
[4945]
[4946]
[4947]
[4948]
[4949]
[4950]
[4951]
[4952]
[4953]
[4954]
[4955]
[4956]
[4957]
[4958]
[4959]
[4960]
[4961]
[4962]
[4963]
[4964]
[4965]
[4966]
[4967]
[4968]
[4969]
[4970]
[4971]
[4972]
[4973]
[4974]
[4975]
[4976]
[4977]
[4978]
[4979]
[4980]
[4981]
[4982]
[4983]
[4984]
[4985]
[4986]
[4987]
[4988]
[4989]
[4990]
[4991]
[4992]
[4993]
[4994]
[4995]
[4996]
[4997]
[4998]
[4999]
[5000]
[5001]
[5002]
[5003]
[5004]
[5005]
[5006]
[5007]
[5008]
[5009]
[5010]
[5011]
[5012]
[5013]
[5014]
[5015]
[5016]
[5017]
[5018]
[5019]
[5020]
[5021]
[5022]
[5023]
[5024]
[5025]
[5026]
[5027]
[5028]
[5029]
[5030]
[5031]
[5032]
[5033]
[5034]
[5035]
[5036]
[5037]
[5038]
[5039]
[5040]
[5041]
[5042]
[5043]
[5044]
[5045]
[5046]
[5047]
[5048]
[5049]
[5050]
[5051]
[5052]
[5053]
[5054]
[5055]
[5056]
[5057]
[5058]
[5059]
[5060]
[5061]
[5062]
[5063]
[5064]
[5065]
[5066]
[5067]
[5068]
[5069]
[5070]
[5071]
[5072]
[5073]
[5074]
[5075]
[5076]
[5077]
[5078]
[5079]
[5080]
[5081]
[5082]
[5083]
[5084]
[5085]
[5086]
[5087]
[5088]
[5089]
[5090]
[5091]
[5092]
[5093]
[5094]
[5095]
[5096]
[5097]
[5098]
[5099]
[5100]
[5101]
[5102]
[5103]
[5104]
[5105]
[5106]
[5107]
[5108]
[5109]
[5110]
[5111]
[5112]
[5113]
[5114]
[5115]
[5116]
[5117]
[5118]
[5119]
[5120]
[5121]
[5122]
[5123]
[5124]
[5125]
[5126]
[5127]
[5128]
[5129]
[5130]
[5131]
[5132]
[5133]
[5134]
[5135]
[5136]
[5137]
[5138]
[5139]
[5140]
[5141]
[5142]
[5143]
[5144]
[5145]
[5146]
[5147]
[5148]
[5149]
[5150]
[5151]
[5152]
[5153]
[5154]
[5155]
[5156]
[5157]
[5158]
[5159]
[5160]
[5161]
[5162]
[5163]
[5164]
[5165]
[5166]
[5167]
[5168]
[5169]
[5170]
[5171]
[5172]
[5173]
[5174]
[5175]
[5176]
[5177]
[5178]
[5179]
[5180]
[5181]
[5182]
[5183]
[5184]
[5185]
[5186]
[5187]
[5188]
[5189]
[5190]
[5191]
[5192]
[5193]
[5194]
[5195]
[5196]
[5197]
[5198]
[5199]
[5200]
[5201]
[5202]
[5203]
[5204]
[5205]
[5206]
[5207]
[5208]
[5209]
[5210]
[5211]
[5212]
[5213]
[5214]
[5215]
[5216]
[5217]
[5218]
[5219]
[5220]
[5221]
[5222]
[5223]
[5224]
[5225]
[5226]
[5227]
[5228]
[5229]
[5230]
[5231]
[5232]
[5233]
[5234]
[5235]
[5236]
[5237]
[5238]
[5239]
[5240]
[5241]
[5242]
[5243]
[5244]
[5245]
[5246]
[5247]
[5248]
[5249]
[5250]
[5251]
[5252]
[5253]
[5254]
[5255]
[5256]
[5257]
[5258]
[5259]
[5260]
[5261]
[5262]
[5263]
[5264]
[5265]
[5266]
[5267]
[5268]
[5269]
[5270]
[5271]
[5272]
[5273]
[5274]
[5275]
[5276]
[5277]
[5278]
[5279]
[5280]
[5281]
[5282]
[5283]
[5284]
[5285]
[5286]
[5287]
[5288]
[5289]
[5290]
[5291]
[5292]
[5293]
[5294]
[5295]
[5296]
[5297]
[5298]
[5299]
[5300]
[5301]
[5302]
[5303]
[5304]
[5305]
[5306]
[5307]
[5308]
[5309]
[5310]
[5311]
[5312]
[5313]
[5314]
[5315]
[5316]
[5317]
[5318]
[5319]
[5320]
[5321]
[5322]
[5323]
[5324]
[5325]
[5326]
[5327]
[5328]
[5329]
[5330]
[5331]
[5332]
[5333]
[5334]
[5335]
[5336]
[5337]
[5338]
[5339]
[5340]
[5341]
[5342]
[5343]
[5344]
[5345]
[5346]
[5347]
[5348]
[5349]
[5350]
[5351]
[5352]
[5353]
[5354]
[5355]
[5356]
[5357]
[5358]
[5359]
[5360]
[5361]
[5362]
[5363]
[5364]
[5365]
[5366]
[5367]
[5368]
[5369]
[5370]
[5371]
[5372]
[5373]
[5374]
[5375]
[5376]
[5377]
[5378]
[5379]
[5380]
[5381]
[5382]
[5383]
[5384]
[5385]
[5386]
[5387]
[5388]
[5389]
[5390]
[5391]
[5392]
[5393]
[5394]
[5395]
[5396]
[5397]
[5398]
[5399]
[5400]
[5401]
[5402]
[5403]
[5404]
[5405]
[5406]
[5407]
[5408]
[5409]
[5410]
[5411]
[5412]
[5413]
[5414]
[5415]
[5416]
[5417]
[5418]
[5419]
[5420]
[5421]
[5422]
[5423]
[5424]
[5425]
[5426]
[5427]
[5428]
[5429]
[5430]
[5431]
[5432]
[5433]
[5434]
[5435]
[5436]
[5437]
[5438]
[5439]
[5440]
[5441]
[5442]
[5443]
[5444]
[5445]
[5446]
[5447]
[5448]
[5449]
[5450]
[5451]
[5452]
[5453]
[5454]
[5455]
[5456]
[5457]
[5458]
[5459]
[5460]
[5461]
[5462]
[5463]
[5464]
[5465]
[5466]
[5467]
[5468]
[5469]
[5470]
[5471]
[5472]
[5473]
[5474]
[5475]
[5476]
[5477]
[5478]
[5479]
[5480]
[5481]
[5482]
[5483]
[5484]
[5485]
[5486]
[5487]
[5488]
[5489]
[5490]
[5491]
[5492]
[5493]
[5494]
[5495]
[5496]
[5497]
[5498]
[5499]
[5500]
[5501]
[5502]
[5503]
[5504]
[5505]
[5506]
[5507]
[5508]
[5509]
[5510]
[5511]
[5512]
[5513]
[5514]
[5515]
[5516]
[5517]
[5518]
[5519]
[5520]
[5521]
[5522]
[5523]
[5524]
[5525]
[5526]
[5527]
[5528]
[5529]
[5530]
[5531]
[5532]
[5533]
[5534]
[5535]
[5536]
[5537]
[5538]
[5539]
[5540]
[5541]
[5542]
[5543]
[5544]
[5545]
[5546]
[5547]
[5548]
[5549]
[5550]
[5551]
[5552]
[5553]
[5554]
[5555]
[5556]
[5557]
[5558]
[5559]
[5560]
[5561]
[5562]
[5563]
[5564]
[5565]
[5566]
[5567]
[5568]
[5569]
[5570]
[5571]
[5572]
[5573]
[5574]
[5575]
[5576]
[5577]
[5578]
[5579]
[5580]
[5581]
[5582]
[5583]
[5584]
[5585]
[5586]
[5587]
[5588]
[5589]
[5590]
[5591]
[5592]
[5593]
[5594]
[5595]
[5596]
[5597]
[5598]
[5599]
[5600]
[5601]
[5602]
[5603]
[5604]
[5605]
[5606]
[5607]
[5608]
[5609]
[5610]
[5611]
[5612]
[5613]
[5614]
[5615]
[5616]
[5617]
[5618]
[5619]
[5620]
[5621]
[5622]
[5623]
[5624]
[5625]
[5626]
[5627]
[5628]
[5629]
[5630]
[5631]
[5632]
[5633]
[5634]
[5635]
[5636]
[5637]
[5638]
[5639]
[5640]
[5641]
[5642]
[5643]
[5644]
[5645]
[5646]
[5647]
[5648]
[5649]
[5650]
[5651]
[5652]
[5653]
[5654]
[5655]
[5656]
[5657]
[5658]
[5659]
[5660]
[5661]
[5662]
[5663]
[5664]
[5665]
[5666]
[5667]
[5668]
[5669]
[5670]
[5671]
[5672]
[5673]
[5674]
[5675]
[5676]
[5677]
[5678]
[5679]
[5680]
[5681]
[5682]
[5683]
[5684]
[5685]
[5686]
[5687]
[5688]
[5689]
[5690]
[5691]
[5692]
[5693]
[5694]
[5695]
[5696]
[5697]
[5698]
[5699]
[5700]
[5701]
[5702]
[5703]
[5704]
[5705]
[5706]
[5707]
[5708]
[5709]
[5710]
[5711]
[5712]
[5713]
[5714]
[5715]
[5716]
[5717]
[5718]
[5719]
[5720]
[5721]
[5722]
[5723]
[5724]
[5725]
[5726]
[5727]
[5728]
[5729]
[5730]
[5731]
[5732]
[5733]
[5734]
[5735]
[5736]
[5737]
[5738]
[5739]
[5740]
[5741]
[5742]
[5743]
[5744]
[5745]
[5746]
[5747]
[5748]
[5749]
[5750]
[5751]
[5752]
[5753]
[5754]
[5755]
[5756]
[5757]
[5758]
[5759]
[5760]
[5761]
[5762]
[5763]
[5764]
[5765]
[5766]
[5767]
[5768]
[5769]
[5770]
[5771]
[5772]
[5773]
[5774]
[5775]
[5776]
[5777]
[5778]
[5779]
[5780]
[5781]
[5782]
[5783]
[5784]
[5785]
[5786]
[5787]
[5788]
[5789]
[5790]
[5791]
[5792]
[5793]
[5794]
[5795]
[5796]
[5797]
[5798]
[5799]
[5800]
[5801]
[5802]
[5803]
[5804]
[5805]
[5806]
[5807]
[5808]
[5809]
[5810]
[5811]
[5812]
[5813]
[5814]
[5815]
[5816]
[5817]
[5818]
[5819]
[5820]
[5821]
[5822]
[5823]
[5824]
[5825]
[5826]
[5827]
[5828]
[5829]
[5830]
[5831]
[5832]
[5833]
[5834]
[5835]
[5836]
[5837]
[5838]
[5839]
[5840]
[5841]
[5842]
[5843]
[5844]
[5845]
[5846]
[5847]
[5848]
[5849]
[5850]
[5851]
[5852]
[5853]
[5854]
[5855]
[5856]
[5857]
[5858]
[5859]
[5860]
[5861]
[5862]
[5863]
[5864]
[5865]
[5866]
[5867]
[5868]
[5869]
[5870]
[5871]
[5872]
[5873]
[5874]
[5875]
[5876]
[5877]
[5878]
[5879]
[5880]
[5881]
[5882]
[5883]
[5884]
[5885]
[5886]
[5887]
[5888]
[5889]
[5890]
[5891]
[5892]
[5893]
[5894]
[5895]
[5896]
[5897]
[5898]
[5899]
[5900]
[5901]
[5902]
[5903]
[5904]
[5905]
[5906]
[5907]
[5908]
[5909]
[5910]
[5911]
[5912]
[5913]
[5914]
[5915]
[5916]
[5917]
[5918]
[5919]
[5920]
[5921]
[5922]
[5923]
[5924]
[5925]
[5926]
[5927]
[5928]
[5929]
[5930]
[5931]
[5932]
[5933]
[5934]
[5935]
[5936]
[5937]
[5938]
[5939]
[5940]
[5941]
[5942]
[5943]
[5944]
[5945]
[5946]
[5947]
[5948]
[5949]
[5950]
[5951]
[5952]
[5953]
[5954]
[5955]
[5956]
[5957]
[5958]
[5959]
[5960]
[5961]
[5962]
[5963]
[5964]
[5965]
[5966]
[5967]
[5968]
[5969]
[5970]
[5971]
[5972]
[5973]
[5974]
[5975]
[5976]
[5977]
[5978]
[5979]
[5980]
[5981]
[5982]
[5983]
[5984]
[5985]
[5986]
[5987]
[5988]
[5989]
[5990]
[5991]
[5992]
[5993]
[5994]
[5995]
[5996]
[5997]
[5998]
[5999]
[6000]
[6001]
[6002]
[6003]
[6004]
[6005]
[6006]
[6007]
[6008]
[6009]
[6010]
[6011]
[6012]
[6013]
[6014]
[6015]
[6016]
[6017]
[6018]
[6019]
[6020]
[6021]
[6022]
[6023]
[6024]
[6025]
[6026]
[6027]
[6028]
[6029]
[6030]
[6031]
[6032]
[6033]
[6034]
[6035]
[6036]
[6037]
[6038]
[6039]
[6040]
[6041]
[6042]
[6043]
[6044]
[6045]
[6046]
[6047]
[6048]
[6049]
[6050]
[6051]
[6052]
[6053]
[6054]
[6055]
[6056]
[6057]
[6058]
[6059]
[6060]
[6061]
[6062]
[6063]
[6064]
[6065]
[6066]
[6067]
[6068]
[6069]
[6070]
[6071]
[6072]
[6073]
[6074]
[6075]
[6076]
[6077]
[6078]
[6079]
[6080]
[6081]
[6082]
[6083]
[6084]
[6085]
[6086]
[6087]
[6088]
[6089]
[6090]
[6091]
[6092]
[6093]
[6094]
[6095]
[6096]
[6097]
[6098]
[6099]
[6100]
[6101]
[6102]
[6103]
[6104]
[6105]
[6106]
[6107]
[6108]
[6109]
[6110]
[6111]
[6112]
[6113]
[6114]
[6115]
[6116]
[6117]
[6118]
[6119]
[6120]
[6121]
[6122]
[6123]
[6124]
[6125]
[6126]
[6127]
[6128]
[6129]
[6130]
[6131]
[6132]
[6133]
[6134]
[6135]
[6136]
[6137]
[6138]
[6139]
[6140]
[6141]
[6142]
[6143]
[6144]
[6145]
[6146]
[6147]
[6148]
[6149]
[6150]
[6151]
[6152]
[6153]
[6154]
[6155]
[6156]
[6157]
[6158]
[6159]
[6160]
[6161]
[6162]
[6163]
[6164]
[6165]
[6166]
[6167]
[6168]
[6169]
[6170]
[6171]
[6172]
[6173]
[6174]
[6175]
[6176]
[6177]
[6178]
[6179]
[6180]
[6181]
[6182]
[6183]
[6184]
[6185]
[6186]
[6187]
[6188]
[6189]
[6190]
[6191]
[6192]
[6193]
[6194]
[6195]
[6196]
[6197]
[6198]
[6199]
[6200]
[6201]
[6202]
[6203]
[6204]
[6205]
[6206]
[6207]
[6208]
[6209]
[6210]
[6211]
[6212]
[6213]
[6214]
[6215]
[6216]
[6217]
[6218]
[6219]
[6220]
[6221]
[6222]
[6223]
[6224]
[6225]
[6226]
[6227]
[6228]
[6229]
[6230]
[6231]
[6232]
[6233]
[6234]
[6235]
[6236]
[6237]
[6238]
[6239]
[6240]
[6241]
[6242]
[6243]
[6244]
[6245]
[6246]
[6247]
[6248]
[6249]
[6250]
[6251]
[6252]
[6253]
[6254]
[6255]
[6256]
[6257]
[6258]
[6259]
[6260]
[6261]
[6262]
[6263]
[6264]
[6265]
[6266]
[6267]
[6268]
[6269]
[6270]
[6271]
[6272]
[6273]
[6274]
[6275]
[6276]
[6277]
[6278]
[6279]
[6280]
[6281]
[6282]
[6283]
[6284]
[6285]
[6286]
[6287]
[6288]
[6289]
[6290]
[6291]
[6292]
[6293]
[6294]
[6295]
[6296]
[6297]
[6298]
[6299]
[6300]
[6301]
[6302]
[6303]
[6304]
[6305]
[6306]
[6307]
[6308]
[6309]
[6310]
[6311]
[6312]
[6313]
[6314]
[6315]
[6316]
[6317]
[6318]
[6319]
[6320]
[6321]
[6322]
[6323]
[6324]
[6325]
[6326]
[6327]
[6328]
[6329]
[6330]
[6331]
[6332]
[6333]
[6334]
[6335]
[6336]
[6337]
[6338]
[6339]
[6340]
[6341]
[6342]
[6343]
[6344]
[6345]
[6346]
[6347]
[6348]
[6349]
[6350]
[6351]
[6352]
[6353]
[6354]
[6355]
[6356]
[6357]
[6358]
[6359]
[6360]
[6361]
[6362]
[6363]
[6364]
[6365]
[6366]
[6367]
[6368]
[6369]
[6370]
[6371]
[6372]
[6373]
[6374]
[6375]
[6376]
[6377]
[6378]
[6379]
[6380]
[6381]
[6382]
[6383]
[6384]
[6385]
[6386]
[6387]
[6388]
[6389]
[6390]
[6391]
[6392]
[6393]
[6394]
[6395]
[6396]
[6397]
[6398]
[6399]
[6400]
[6401]
[6402]
[6403]
[6404]
[6405]
[6406]
[6407]
[6408]
[6409]
[6410]
[6411]
[6412]
[6413]
[6414]
[6415]
[6416]
[6417]
[6418]
[6419]
[6420]
[6421]
[6422]
[6423]
[6424]
[6425]
[6426]
[6427]
[6428]
[6429]
[6430]
[6431]
[6432]
[6433]
[6434]
[6435]
[6436]
[6437]
[6438]
[6439]
[6440]
[6441]
[6442]
[6443]
[6444]
[6445]
[6446]
[6447]
[6448]
[6449]
[6450]
[6451]
[6452]
[6453]
[6454]
[6455]
[6456]
[6457]
[6458]
[6459]
[6460]
[6461]
[6462]
[6463]
[6464]
[6465]
[6466]
[6467]
[6468]
[6469]
[6470]
[6471]
[6472]
[6473]
[6474]
[6475]
[6476]
[6477]
[6478]
[6479]
[6480]
[6481]
[6482]
[6483]
[6484]
[6485]
[6486]
[6487]
[6488]
[6489]
[6490]
[6491]
[6492]
[6493]
[6494]
[6495]
[6496]
[6497]
[6498]
[6499]
[6500]
[6501]
[6502]
[6503]
[6504]
[6505]
[6506]
[6507]
[6508]
[6509]
[6510]
[6511]
[6512]
[6513]
[6514]
[6515]
[6516]
[6517]
[6518]
[6519]
[6520]
[6521]
[6522]
[6523]
[6524]
[6525]
[6526]
[6527]
[6528]
[6529]
[6530]
[6531]
[6532]
[6533]
[6534]
[6535]
[6536]
[6537]
[6538]
[6539]
[6540]
[6541]
[6542]
[6543]
[6544]
[6545]
[6546]
[6547]
[6548]
[6549]
[6550]
[6551]
[6552]
[6553]
[6554]
[6555]
[6556]
[6557]
[6558]
[6559]
[6560]
[6561]
[6562]
[6563]
[6564]
[6565]
[6566]
[6567]
[6568]
[6569]
[6570]
[6571]
[6572]
[6573]
[6574]
[6575]
[6576]
[6577]
[6578]
[6579]
[6580]
[6581]
[6582]
[6583]
[6584]
[6585]
[6586]
[6587]
[6588]
[6589]
[6590]
[6591]
[6592]
[6593]
[6594]
[6595]
[6596]
[6597]
[6598]
[6599]
[6600]
[6601]
[6602]
[6603]
[6604]
[6605]
[6606]
[6607]
[6608]
[6609]
[6610]
[6611]
[6612]
[6613]
[6614]
[6615]
[6616]
[6617]
[6618]
[6619]
[6620]
[6621]
[6622]
[6623]
[6624]
[6625]
[6626]
[6627]
[6628]
[6629]
[6630]
[6631]
[6632]
[6633]
[6634]
[6635]
[6636]
[6637]
[6638]
[6639]
[6640]
[6641]
[6642]
[6643]
[6644]
[6645]
[6646]
[6647]
[6648]
[6649]
[6650]
[6651]
[6652]
[6653]
[6654]
[6655]
[6656]
[6657]
[6658]
[6659]
[6660]
[6661]
[6662]
[6663]
[6664]
[6665]
[6666]
[6667]
[6668]
[6669]
[6670]
[6671]
[6672]
[6673]
[6674]
[6675]
[6676]
[6677]
[6678]
[6679]
[6680]
[6681]
[6682]
[6683]
[6684]
[6685]
[6686]
[6687]
[6688]
[6689]
[6690]
[6691]
[6692]
[6693]
[6694]
[6695]
[6696]
[6697]
[6698]
[6699]
[6700]
[6701]
[6702]
[6703]
[6704]
[6705]
[6706]
[6707]
[6708]
[6709]
[6710]
[6711]
[6712]
[6713]
[6714]
[6715]
[6716]
[6717]
[6718]
[6719]
[6720]
[6721]
[6722]
[6723]
[6724]
[6725]
[6726]
[6727]
[6728]
[6729]
[6730]
[6731]
[6732]
[6733]
[6734]
[6735]
[6736]
[6737]
[6738]
[6739]
[6740]
[6741]
[6742]
[6743]
[6744]
[6745]
[6746]
[6747]
[6748]
[6749]
[6750]
[6751]
[6752]
[6753]
[6754]
[6755]
[6756]
[6757]
[6758]
[6759]
[6760]
[6761]
[6762]
[6763]
[6764]
[6765]
[6766]
[6767]
[6768]
[6769]
[6770]
[6771]
[6772]
[6773]
[6774]
[6775]
[6776]
[6777]
[6778]
[6779]
[6780]
[6781]
[6782]
[6783]
[6784]
[6785]
[6786]
[6787]
[6788]
[6789]
[6790]
[6791]
[6792]
[6793]
[6794]
[6795]
[6796]
[6797]
[6798]
[6799]
[6800]
[6801]
[6802]
[6803]
[6804]
[6805]
[6806]
[6807]
[6808]
[6809]
[6810]
[6811]
[6812]
[6813]
[6814]
[6815]
[6816]
[6817]
[6818]
[6819]
[6820]
[6821]
[6822]
[6823]
[6824]
[6825]
[6826]
[6827]
[6828]
[6829]
[6830]
[6831]
[6832]
[6833]
[6834]
[6835]
[6836]
[6837]
[6838]
[6839]
[6840]
[6841]
[6842]
[6843]
[6844]
[6845]
[6846]
[6847]
[6848]
[6849]
[6850]
[6851]
[6852]
[6853]
[6854]
[6855]
[6856]
[6857]
[6858]
[6859]
[6860]
[6861]
[6862]
[6863]
[6864]
[6865]
[6866]
[6867]
[6868]
[6869]
[6870]
[6871]
[6872]
[6873]
[6874]
[6875]
[6876]
[6877]
[6878]
[6879]
[6880]
[6881]
[6882]
[6883]
[6884]
[6885]
[6886]
[6887]
[6888]
[6889]
[6890]
[6891]
[6892]
[6893]
[6894]
[6895]
[6896]
[6897]
[6898]
[6899]
[6900]
[6901]
[6902]
[6903]
[6904]
[6905]
[6906]
[6907]
[6908]
[6909]
[6910]
[6911]
[6912]
[6913]
[6914]
[6915]
[6916]
[6917]
[6918]
[6919]
[6920]
[6921]
[6922]
[6923]
[6924]
[6925]
[6926]
[6927]
[6928]
[6929]
[6930]
[6931]
[6932]
[6933]
[6934]
[6935]
[6936]
[6937]
[6938]
[6939]
[6940]
[6941]
[6942]
[6943]
[6944]
[6945]
[6946]
[6947]
[6948]
[6949]
[6950]
[6951]
[6952]
[6953]
[6954]
[6955]
[6956]
[6957]
[6958]
[6959]
[6960]
[6961]
[6962]
[6963]
[6964]
[6965]
[6966]
[6967]
[6968]
[6969]
[6970]
[6971]
[6972]
[6973]
[6974]
[6975]
[6976]
[6977]
[6978]
[6979]
[6980]
[6981]
[6982]
[6983]
[6984]
[6985]
[6986]
[6987]
[6988]
[6989]
[6990]
[6991]
[6992]
[6993]
[6994]
[6995]
[6996]
[6997]
[6998]
[6999]
[7000]
[7001]
[7002]
[7003]
[7004]
[7005]
[7006]
[7007]
[7008]
[7009]
[7010]
[7011]
[7012]
[7013]
[7014]
[7015]
[7016]
[7017]
[7018]
[7019]
[7020]
[7021]
[7022]
[7023]
[7024]
[7025]
[7026]
[7027]
[7028]
[7029]
[7030]
[7031]
[7032]
[7033]
[7034]
[7035]
[7036]
[7037]
[7038]
[7039]
[7040]
[7041]
[7042]
[7043]
[7044]
[7045]
[7046]
[7047]
[7048]
[7049]
[7050]
[7051]
[7052]
[7053]
[7054]
[7055]
[7056]
[7057]
[7058]
[7059]
[7060]
[7061]
[7062]
[7063]
[7064]
[7065]
[7066]
[7067]
[7068]
[7069]
[7070]
[7071]
[7072]
[7073]
[7074]
[7075]
[7076]
[7077]
[7078]
[7079]
[7080]
[7081]
[7082]
[7083]
[7084]
[7085]
[7086]
[7087]
[7088]
[7089]
[7090]
[7091]
[7092]
[7093]
[7094]
[7095]
[7096]
[7097]
[7098]
[7099]
[7100]
[7101]
[7102]
[7103]
[7104]
[7105]
[7106]
[7107]
[7108]
[7109]
[7110]
[7111]
[7112]
[7113]
[7114]
[7115]
[7116]
[7117]
[7118]
[7119]
[7120]
[7121]
[7122]
[7123]
[7124]
[7125]
[7126]
[7127]
[7128]
[7129]
[7130]
[7131]
[7132]
[7133]
[7134]
[7135]
[7136]
[7137]
[7138]
[7139]
[7140]
[7141]
[7142]
[7143]
[7144]
[7145]
[7146]
[7147]
[7148]
[7149]
[7150]
[7151]
[7152]
[7153]
[7154]
[7155]
[7156]
[7157]
[7158]
[7159]
[7160]
[7161]
[7162]
[7163]
[7164]
[7165]
[7166]
[7167]
[7168]
[7169]
[7170]
[7171]
[7172]
[7173]
[7174]
[7175]
[7176]
[7177]
[7178]
[7179]
[7180]
[7181]
[7182]
[7183]
[7184]
[7185]
[7186]
[7187]
[7188]
[7189]
[7190]
[7191]
[7192]
[7193]
[7194]
[7195]
[7196]
[7197]
[7198]
[7199]
[7200]
[7201]
[7202]
[7203]
[7204]
[7205]
[7206]
[7207]
[7208]
[7209]
[7210]
[7211]
[7212]
[7213]
[7214]
[7215]
[7216]
[7217]
[7218]
[7219]
[7220]
[7221]
[7222]
[7223]
[7224]
[7225]
[7226]
[7227]
[7228]
[7229]
[7230]
[7231]
[7232]
[7233]
[7234]
[7235]
[7236]
[7237]
[7238]
[7239]
[7240]
[7241]
[7242]
[7243]
[7244]
[7245]
[7246]
[7247]
[7248]
[7249]
[7250]
[7251]
[7252]
[7253]
[7254]
[7255]
[7256]
[7257]
[7258]
[7259]
[7260]
[7261]
[7262]
[7263]
[7264]
[7265]
[7266]
[7267]
[7268]
[7269]
[7270]
[7271]
[7272]
[7273]
[7274]
[7275]
[7276]
[7277]
[7278]
[7279]
[7280]
[7281]
[7282]
[7283]
[7284]
[7285]
[7286]
[7287]
[7288]
[7289]
[7290]
[7291]
[7292]
[7293]
[7294]
[7295]
[7296]
[7297]
[7298]
[7299]
[7300]
[7301]
[7302]
[7303]
[7304]
[7305]
[7306]
[7307]
[7308]
[7309]
[7310]
[7311]
[7312]
[7313]
[7314]
[7315]
[7316]
[7317]
[7318]
[7319]
[7320]
[7321]
[7322]
[7323]
[7324]
[7325]
[7326]
[7327]
[7328]
[7329]
[7330]
[7331]
[7332]
[7333]
[7334]
[7335]
[7336]
[7337]
[7338]
[7339]
[7340]
[7341]
[7342]
[7343]
[7344]
[7345]
[7346]
[7347]
[7348]
[7349]
[7350]
[7351]
[7352]
[7353]
[7354]
[7355]
[7356]
[7357]
[7358]
[7359]
[7360]
[7361]
[7362]
[7363]
[7364]
[7365]
[7366]
[7367]
[7368]
[7369]
[7370]
[7371]
[7372]
[7373]
[7374]
[7375]
[7376]
[7377]
[7378]
[7379]
[7380]
[7381]
[7382]
[7383]
[7384]
[7385]
[7386]
[7387]
[7388]
[7389]
[7390]
[7391]
[7392]
[7393]
[7394]
[7395]
[7396]
[7397]
[7398]
[7399]
[7400]
[7401]
[7402]
[7403]
[7404]
[7405]
[7406]
[7407]
[7408]
[7409]
[7410]
[7411]
[7412]
[7413]
[7414]
[7415]
[7416]
[7417]
[7418]
[7419]
[7420]
[7421]
[7422]
[7423]
[7424]
[7425]
[7426]
[7427]
[7428]
[7429]
[7430]
[7431]
[7432]
[7433]
[7434]
[7435]
[7436]
[7437]
[7438]
[7439]
[7440]
[7441]
[7442]
[7443]
[7444]
[7445]
[7446]
[7447]
[7448]
[7449]
[7450]
[7451]
[7452]
[7453]
[7454]
[7455]
[7456]
[7457]
[7458]
[7459]
[7460]
[7461]
[7462]
[7463]
[7464]
[7465]
[7466]
[7467]
[7468]
[7469]
[7470]
[7471]
[7472]
[7473]
[7474]
[7475]
[7476]
[7477]
[7478]
[7479]
[7480]
[7481]
[7482]
[7483]
[7484]
[7485]
[7486]
[7487]
[7488]
[7489]
[7490]
[7491]
[7492]
[7493]
[7494]
[7495]
[7496]
[7497]
[7498]
[7499]
[7500]
[7501]
[7502]
[7503]
[7504]
[7505]
[7506]
[7507]
[7508]
[7509]
[7510]
[7511]
[7512]
[7513]
[7514]
[7515]
[7516]
[7517]
[7518]
[7519]
[7520]
[7521]
[7522]
[7523]
[7524]
[7525]
[7526]
[7527]
[7528]
[7529]
[7530]
[7531]
[7532]
[7533]
[7534]
[7535]
[7536]
[7537]
[7538]
[7539]
[7540]
[7541]
[7542]
[7543]
[7544]
[7545]
[7546]
[7547]
[7548]
[7549]
[7550]
[7551]
[7552]
[7553]
[7554]
[7555]
[7556]
[7557]
[7558]
[7559]
[7560]
[7561]
[7562]
[7563]
[7564]
[7565]
[7566]
[7567]
[7568]
[7569]
[7570]
[7571]
[7572]
[7573]
[7574]
[7575]
[7576]
[7577]
[7578]
[7579]
[7580]
[7581]
[7582]
[7583]
[7584]
[7585]
[7586]
[7587]
[7588]
[7589]
[7590]
[7591]
[7592]
[7593]
[7594]
[7595]
[7596]
[7597]
[7598]
[7599]
[7600]
[7601]
[7602]
[7603]
[7604]
[7605]
[7606]
[7607]
[7608]
[7609]
[7610]
[7611]
[7612]
[7613]
[7614]
[7615]
[7616]
[7617]
[7618]
[7619]
[7620]
[7621]
[7622]
[7623]
[7624]
[7625]
[7626]
[7627]
[7628]
[7629]
[7630]
[7631]
[7632]
[7633]
[7634]
[7635]
[7636]
[7637]
[7638]
[7639]
[7640]
[7641]
[7642]
[7643]
[7644]
[7645]
[7646]
[7647]
[7648]
[7649]
[7650]
[7651]
[7652]
[7653]
[7654]
[7655]
[7656]
[7657]
[7658]
[7659]
[7660]
[7661]
[7662]
[7663]
[7664]
[7665]
[7666]
[7667]
[7668]
[7669]
[7670]
[7671]
[7672]
[7673]
[7674]
[7675]
[7676]
[7677]
[7678]
[7679]
[7680]
[7681]
[7682]
[7683]
[7684]
[7685]
[7686]
[7687]
[7688]
[7689]
[7690]
[7691]
[7692]
[7693]
[7694]
[7695]
[7696]
[7697]
[7698]
[7699]
[7700]
[7701]
[7702]
[7703]
[7704]
[7705]
[7706]
[7707]
[7708]
[7709]
[7710]
[7711]
[7712]
[7713]
[7714]
[7715]
[7716]
[7717]
[7718]
[7719]
[7720]
[7721]
[7722]
[7723]
[7724]
[7725]
[7726]
[7727]
[7728]
[7729]
[7730]
[7731]
[7732]
[7733]
[7734]
[7735]
[7736]
[7737]
[7738]
[7739]
[7740]
[7741]
[7742]
[7743]
[7744]
[7745]
[7746]
[7747]
[7748]
[7749]
[7750]
[7751]
[7752]
[7753]
[7754]
[7755]
[7756]
[7757]
[7758]
[7759]
[7760]
[7761]
[7762]
[7763]
[7764]
[7765]
[7766]
[7767]
[7768]
[7769]
[7770]
[7771]
[7772]
[7773]
[7774]
[7775]
[7776]
[7777]
[7778]
[7779]
[7780]
[7781]
[7782]
[7783]
[7784]
[7785]
[7786]
[7787]
[7788]
[7789]
[7790]
[7791]
[7792]
[7793]
[7794]
[7795]
[7796]
[7797]
[7798]
[7799]
[7800]
[7801]
[7802]
[7803]
[7804]
[7805]
[7806]
[7807]
[7808]
[7809]
[7810]
[7811]
[7812]
[7813]
[7814]
[7815]
[7816]
[7817]
[7818]
[7819]
[7820]
[7821]
[7822]
[7823]
[7824]
[7825]
[7826]
[7827]
[7828]
[7829]
[7830]
[7831]
[7832]
[7833]
[7834]
[7835]
[7836]
[7837]
[7838]
[7839]
[7840]
[7841]
[7842]
[7843]
[7844]
[7845]
[7846]
[7847]
[7848]
[7849]
[7850]
[7851]
[7852]
[7853]
[7854]
[7855]
[7856]
[7857]
[7858]
[7859]
[7860]
[7861]
[7862]
[7863]
[7864]
[7865]
[7866]
[7867]
[7868]
[7869]
[7870]
[7871]
[7872]
[7873]
[7874]
[7875]
[7876]
[7877]
[7878]
[7879]
[7880]
[7881]
[7882]
[7883]
[7884]
[7885]
[7886]
[7887]
[7888]
[7889]
[7890]
[7891]
[7892]
[7893]
[7894]
[7895]
[7896]
[7897]
[7898]
[7899]
[7900]
[7901]
[7902]
[7903]
[7904]
[7905]
[7906]
[7907]
[7908]
[7909]
[7910]
[7911]
[7912]
[7913]
[7914]
[7915]
[7916]
[7917]
[7918]
[7919]
[7920]
[7921]
[7922]
[7923]
[7924]
[7925]
[7926]
[7927]
[7928]
[7929]
[7930]
[7931]
[7932]
[7933]
[7934]
[7935]
[7936]
[7937]
[7938]
[7939]
[7940]
[7941]
[7942]
[7943]
[7944]
[7945]
[7946]
[7947]
[7948]
[7949]
[7950]
[7951]
[7952]
[7953]
[7954]
[7955]
[7956]
[7957]
[7958]
[7959]
[7960]
[7961]
[7962]
[7963]
[7964]
[7965]
[7966]
[7967]
[7968]
[7969]
[7970]
[7971]
[7972]
[7973]
[7974]
[7975]
[7976]
[7977]
[7978]
[7979]
[7980]
[7981]
[7982]
[7983]
[7984]
[7985]
[7986]
[7987]
[7988]
[7989]
[7990]
[7991]
[7992]
[7993]
[7994]
[7995]
[7996]
[7997]
[7998]
[7999]
[8000]
[8001]
[8002]
[8003]
[8004]
[8005]
[8006]
[8007]
[8008]
[8009]
[8010]
[8011]
[8012]
[8013]
[8014]
[8015]
[8016]
[8017]
[8018]
[8019]
[8020]
[8021]
[8022]
[8023]
[8024]
[8025]
[8026]
[8027]
[8028]
[8029]
[8030]
[8031]
[8032]
[8033]
[8034]
[8035]
[8036]
[8037]
[8038]
[8039]
[8040]
[8041]
[8042]
[8043]
[8044]
[8045]
[8046]
[8047]
[8048]
[8049]
[8050]
[8051]
[8052]
[8053]
[8054]
[8055]
[8056]
[8057]
[8058]
[8059]
[8060]
[8061]
[8062]
[8063]
[8064]
[8065]
[8066]
[8067]
[8068]
[8069]
[8070]
[8071]
[8072]
[8073]
[8074]
[8075]
[8076]
[8077]
[8078]
[8079]
[8080]
[8081]
[8082]
[8083]
[8084]
[8085]
[8086]
[8087]
[8088]
[8089]
[8090]
[8091]
[8092]
[8093]
[8094]
[8095]
[8096]
[8097]
[8098]
[8099]
[8100]
[8101]
[8102]
[8103]
[8104]
[8105]
[8106]
[8107]
[8108]
[8109]
[8110]
[8111]
[8112]
[8113]
[8114]
[8115]
[8116]
[8117]
[8118]
[8119]
[8120]
[8121]
[8122]
[8123]
[8124]
[8125]
[8126]
[8127]
[8128]
[8129]
[8130]
[8131]
[8132]
[8133]
[8134]
[8135]
[8136]
[8137]
[8138]
[8139]
[8140]
[8141]
[8142]
[8143]
[8144]
[8145]
[8146]
[8147]
[8148]
[8149]
[8150]
[8151]
[8152]
[8153]
[8154]
[8155]
[8156]
[8157]
[8158]
[8159]
[8160]
[8161]
[8162]
[8163]
[8164]
[8165]
[8166]
[8167]
[8168]
[8169]
[8170]
[8171]
[8172]
[8173]
[8174]
[8175]
[8176]
[8177]
[8178]
[8179]
[8180]
[8181]
[8182]
[8183]
[8184]
[8185]
[8186]
[8187]
[8188]
[8189]
[8190]
[8191]
[8192]
[8193]
[8194]
[8195]
[8196]
[8197]
[8198]
[8199]
[8200]
[8201]
[8202]
[8203]
[8204]
[8205]
[8206]
[8207]
[8208]
[8209]
[8210]
[8211]
[8212]
[8213]
[8214]
[8215]
[8216]
[8217]
[8218]
[8219]
[8220]
[8221]
[8222]
[8223]
[8224]
[8225]
[8226]
[8227]
[8228]
[8229]
[8230]
[8231]
[8232]
[8233]
[8234]
[8235]
[8236]
[8237]
[8238]
[8239]
[8240]
[8241]
[8242]
[8243]
[8244]
[8245]
[8246]
[8247]
[8248]
[8249]
[8250]
[8251]
[8252]
[8253]
[8254]
[8255]
[8256]
[8257]
[8258]
[8259]
[8260]
[8261]
[8262]
[8263]
[8264]
[8265]
[8266]
[8267]
[8268]
[8269]
[8270]
[8271]
[8272]
[8273]
[8274]
[8275]
[8276]
[8277]
[8278]
[8279]
[8280]
[8281]
[8282]
[8283]
[8284]
[8285]
[8286]
[8287]
[8288]
[8289]
[8290]
[8291]
[8292]
[8293]
[8294]
[8295]
[8296]
[8297]
[8298]
[8299]
[8300]
[8301]
[8302]
[8303]
[8304]
[8305]
[8306]
[8307]
[8308]
[8309]
[8310]
[8311]
[8312]
[8313]
[8314]
[8315]
[8316]
[8317]
[8318]
[8319]
[8320]
[8321]
[8322]
[8323]
[8324]
[8325]
[8326]
[8327]
[8328]
[8329]
[8330]
[8331]
[8332]
[8333]
[8334]
[8335]
[8336]
[8337]
[8338]
[8339]
[8340]
[8341]
[8342]
[8343]
[8344]
[8345]
[8346]
[8347]
[8348]
[8349]
[8350]
[8351]
[8352]
[8353]
[8354]
[8355]
[8356]
[8357]
[8358]
[8359]
[8360]
[8361]
[8362]
[8363]
[8364]
[8365]
[8366]
[8367]
[8368]
[8369]
[8370]
[8371]
[8372]
[8373]
[8374]
[8375]
[8376]
[8377]
[8378]
[8379]
[8380]
[8381]
[8382]
[8383]
[8384]
[8385]
[8386]
[8387]
[8388]
[8389]
[8390]
[8391]
[8392]
[8393]
[8394]
[8395]
[8396]
[8397]
[8398]
[8399]
[8400]
[8401]
[8402]
[8403]
[8404]
[8405]
[8406]
[8407]
[8408]
[8409]
[8410]
[8411]
[8412]
[8413]
[8414]
[8415]
[8416]
[8417]
[8418]
[8419]
[8420]
[8421]
[8422]
[8423]
[8424]
[8425]
[8426]
[8427]
[8428]
[8429]
[8430]
[8431]
[8432]
[8433]
[8434]
[8435]
[8436]
[8437]
[8438]
[8439]
[8440]
[8441]
[8442]
[8443]
[8444]
[8445]
[8446]
[8447]
[8448]
[8449]
[8450]
[8451]
[8452]
[8453]
[8454]
[8455]
[8456]
[8457]
[8458]
[8459]
[8460]
[8461]
[8462]
[8463]
[8464]
[8465]
[8466]
[8467]
[8468]
[8469]
[8470]
[8471]
[8472]
[8473]
[8474]
[8475]
[8476]
[8477]
[8478]
[8479]
[8480]
[8481]
[8482]
[8483]
[8484]
[8485]
[8486]
[8487]
[8488]
[8489]
[8490]
[8491]
[8492]
[8493]
[8494]
[8495]
[8496]
[8497]
[8498]
[8499]
[8500]
[8501]
[8502]
[8503]
[8504]
[8505]
[8506]
[8507]
[8508]
[8509]
[8510]
[8511]
[8512]
[8513]
[8514]
[8515]
[8516]
[8517]
[8518]
[8519]
[8520]
[8521]
[8522]
[8523]
[8524]
[8525]
[8526]
[8527]
[8528]
[8529]
[8530]
[8531]
[8532]
[8533]
[8534]
[8535]
[8536]
[8537]
[8538]
[8539]
[8540]
[8541]
[8542]
[8543]
[8544]
[8545]
[8546]
[8547]
[8548]
[8549]
[8550]
[8551]
[8552]
[8553]
[8554]
[8555]
[8556]
[8557]
[8558]
[8559]
[8560]
[8561]
[8562]
[8563]
[8564]
[8565]
[8566]
[8567]
[8568]
[8569]
[8570]
[8571]
[8572]
[8573]
[8574]
[8575]
[8576]
[8577]
[8578]
[8579]
[8580]
[8581]
[8582]
[8583]
[8584]
[8585]
[8586]
[8587]
[8588]
[8589]
[8590]
[8591]
[8592]
[8593]
[8594]
[8595]
[8596]
[8597]
[8598]
[8599]
[8600]
[8601]
[8602]
[8603]
[8604]
[8605]
[8606]
[8607]
[8608]
[8609]
[8610]
[8611]
[8612]
[8613]
[8614]
[8615]
[8616]
[8617]
[8618]
[8619]
[8620]
[8621]
[8622]
[8623]
[8624]
[8625]
[8626]
[8627]
[8628]
[8629]
[8630]
[8631]
[8632]
[8633]
[8634]
[8635]
[8636]
[8637]
[8638]
[8639]
[8640]
[8641]
[8642]
[8643]
[8644]
[8645]
[8646]
[8647]
[8648]
[8649]
[8650]
[8651]
[8652]
[8653]
[8654]
[8655]
[8656]
[8657]
[8658]
[8659]
[8660]
[8661]
[8662]
[8663]
[8664]
[8665]
[8666]
[8667]
[8668]
[8669]
[8670]
[8671]
[8672]
[8673]
[8674]
[8675]
[8676]
[8677]
[8678]
[8679]
[8680]
[8681]
[8682]
[8683]
[8684]
[8685]
[8686]
[8687]
[8688]
[8689]
[8690]
[8691]
[8692]
[8693]
[8694]
[8695]
[8696]
[8697]
[8698]
[8699]
[8700]
[8701]
[8702]
[8703]
[8704]
[8705]
[8706]
[8707]
[8708]
[8709]
[8710]
[8711]
[8712]
[8713]
[8714]
[8715]
[8716]
[8717]
[8718]
[8719]
[8720]
[8721]
[8722]
[8723]
[8724]
[8725]
[8726]
[8727]
[8728]
[8729]
[8730]
[8731]
[8732]
[8733]
[8734]
[8735]
[8736]
[8737]
[8738]
[8739]
[8740]
[8741]
[8742]
[8743]
[8744]
[8745]
[8746]
[8747]
[8748]
[8749]
[8750]
[8751]
[8752]
[8753]
[8754]
[8755]
[8756]
[8757]
[8758]
[8759]
[8760]
[8761]
[8762]
[8763]
[8764]
[8765]
[8766]
[8767]
[8768]
[8769]
[8770]
[8771]
[8772]
[8773]
[8774]
[8775]
[8776]
[8777]
[8778]
[8779]
[8780]
[8781]
[8782]
[8783]
[8784]
[8785]
[8786]
[8787]
[8788]
[8789]
[8790]
[8791]
[8792]
[8793]
[8794]
[8795]
[8796]
[8797]
[8798]
[8799]
[8800]
[8801]
[8802]
[8803]
[8804]
[8805]
[8806]
[8807]
[8808]
[8809]
[8810]
[8811]
[8812]
[8813]
[8814]
[8815]
[8816]
[8817]
[8818]
[8819]
[8820]
[8821]
[8822]
[8823]
[8824]
[8825]
[8826]
[8827]
[8828]
[8829]
[8830]
[8831]
[8832]
[8833]
[8834]
[8835]
[8836]
[8837]
[8838]
[8839]
[8840]
[8841]
[8842]
[8843]
[8844]
[8845]
[8846]
[8847]
[8848]
[8849]
[8850]
[8851]
[8852]
[8853]
[8854]
[8855]
[8856]
[8857]
[8858]
[8859]
[8860]
[8861]
[8862]
[8863]
[8864]
[8865]
[8866]
[8867]
[8868]
[8869]
[8870]
[8871]
[8872]
[8873]
[8874]
[8875]
[8876]
[8877]
[8878]
[8879]
[8880]
[8881]
[8882]
[8883]
[8884]
[8885]
[8886]
[8887]
[8888]
[8889]
[8890]
[8891]
[8892]
[8893]
[8894]
[8895]
[8896]
[8897]
[8898]
[8899]
[8900]
[8901]
[8902]
[8903]
[8904]
[8905]
[8906]
[8907]
[8908]
[8909]
[8910]
[8911]
[8912]
[8913]
[8914]
[8915]
[8916]
[8917]
[8918]
[8919]
[8920]
[8921]
[8922]
[8923]
[8924]
[8925]
[8926]
[8927]
[8928]
[8929]
[8930]
[8931]
[8932]
[8933]
[8934]
[8935]
[8936]
[8937]
[8938]
[8939]
[8940]
[8941]
[8942]
[8943]
[8944]
[8945]
[8946]
[8947]
[8948]
[8949]
[8950]
[8951]
[8952]
[8953]
[8954]
[8955]
[8956]
[8957]
[8958]
[8959]
[8960]
[8961]
[8962]
[8963]
[8964]
[8965]
[8966]
[8967]
[8968]
[8969]
[8970]
[8971]
[8972]
[8973]
[8974]
[8975]
[8976]
[8977]
[8978]
[8979]
[8980]
[8981]
[8982]
[8983]
[8984]
[8985]
[8986]
[8987]
[8988]
[8989]
[8990]
[8991]
[8992]
[8993]
[8994]
[8995]
[8996]
[8997]
[8998]
[8999]
[9000]
[9001]
[9002]
[9003]
[9004]
[9005]
[9006]
[9007]
[9008]
[9009]
[9010]
[9011]
[9012]
[9013]
[9014]
[9015]
[9016]
[9017]
[9018]
[9019]
[9020]
[9021]
[9022]
[9023]
[9024]
[9025]
[9026]
[9027]
[9028]
[9029]
[9030]
[9031]
[9032]
[9033]
[9034]
[9035]
[9036]
[9037]
[9038]
[9039]
[9040]
[9041]
[9042]
[9043]
[9044]
[9045]
[9046]
[9047]
[9048]
[9049]
[9050]
[9051]
[9052]
[9053]
[9054]
[9055]
[9056]
[9057]
[9058]
[9059]
[9060]
[9061]
[9062]
[9063]
[9064]
[9065]
[9066]
[9067]
[9068]
[9069]
[9070]
[9071]
[9072]
[9073]
[9074]
[9075]
[9076]
[9077]
[9078]
[9079]
[9080]
[9081]
[9082]
[9083]
[9084]
[9085]
[9086]
[9087]
[9088]
[9089]
[9090]
[9091]
[9092]
[9093]
[9094]
[9095]
[9096]
[9097]
[9098]
[9099]
[9100]
[9101]
[9102]
[9103]
[9104]
[9105]
[9106]
[9107]
[9108]
[9109]
[9110]
[9111]
[9112]
[9113]
[9114]
[9115]
[9116]
[9117]
[9118]
[9119]
[9120]
[9121]
[9122]
[9123]
[9124]
[9125]
[9126]
[9127]
[9128]
[9129]
[9130]
[9131]
[9132]
[9133]
[9134]
[9135]
[9136]
[9137]
[9138]
[9139]
[9140]
[9141]
[9142]
[9143]
[9144]
[9145]
[9146]
[9147]
[9148]
[9149]
[9150]
[9151]
[9152]
[9153]
[9154]
[9155]
[9156]
[9157]
[9158]
[9159]
[9160]
[9161]
[9162]
[9163]
[9164]
[9165]
[9166]
[9167]
[9168]
[9169]
[9170]
[9171]
[9172]
[9173]
[9174]
[9175]
[9176]
[9177]
[9178]
[9179]
[9180]
[9181]
[9182]
[9183]
[9184]
[9185]
[9186]
[9187]
[9188]
[9189]
[9190]
[9191]
[9192]
[9193]
[9194]
[9195]
[9196]
[9197]
[9198]
[9199]
[9200]
[9201]
[9202]
[9203]
[9204]
[9205]
[9206]
[9207]
[9208]
[9209]
[9210]
[9211]
[9212]
[9213]
[9214]
[9215]
[9216]
[9217]
[9218]
[9219]
[9220]
[9221]
[9222]
[9223]
[9224]
[9225]
[9226]
[9227]
[9228]
[9229]
[9230]
[9231]
[9232]
[9233]
[9234]
[9235]
[9236]
[9237]
[9238]
[9239]
[9240]
[9241]
[9242]
[9243]
[9244]
[9245]
[9246]
[9247]
[9248]
[9249]
[9250]
[9251]
[9252]
[9253]
[9254]
[9255]
[9256]
[9257]
[9258]
[9259]
[9260]
[9261]
[9262]
[9263]
[9264]
[9265]
[9266]
[9267]
[9268]
[9269]
[9270]
[9271]
[9272]
[9273]
[9274]
[9275]
[9276]
[9277]
[9278]
[9279]
[9280]
[9281]
[9282]
[9283]
[9284]
[9285]
[9286]
[9287]
[9288]
[9289]
[9290]
[9291]
[9292]
[9293]
[9294]
[9295]
[9296]
[9297]
[9298]
[9299]
[9300]
[9301]
[9302]
[9303]
[9304]
[9305]
[9306]
[9307]
[9308]
[9309]
[9310]
[9311]
[9312]
[9313]
[9314]
[9315]
[9316]
[9317]
[9318]
[9319]
[9320]
[9321]
[9322]
[9323]
[9324]
[9325]
[9326]
[9327]
[9328]
[9329]
[9330]
[9331]
[9332]
[9333]
[9334]
[9335]
[9336]
[9337]
[9338]
[9339]
[9340]
[9341]
[9342]
[9343]
[9344]
[9345]
[9346]
[9347]
[9348]
[9349]
[9350]
[9351]
[9352]
[9353]
[9354]
[9355]
[9356]
[9357]
[9358]
[9359]
[9360]
[9361]
[9362]
[9363]
[9364]
[9365]
[9366]
[9367]
[9368]
[9369]
[9370]
[9371]
[9372]
[9373]
[9374]
[9375]
[9376]
[9377]
[9378]
[9379]
[9380]
[9381]
[9382]
[9383]
[9384]
[9385]
[9386]
[9387]
[9388]
[9389]
[9390]
[9391]
[9392]
[9393]
[9394]
[9395]
[9396]
[9397]
[9398]
[9399]
[9400]
[9401]
[9402]
[9403]
[9404]
[9405]
[9406]
[9407]
[9408]
[9409]
[9410]
[9411]
[9412]
[9413]
[9414]
[9415]
[9416]
[9417]
[9418]
[9419]
[9420]
[9421]
[9422]
[9423]
[9424]
[9425]
[9426]
[9427]
[9428]
[9429]
[9430]
[9431]
[9432]
[9433]
[9434]
[9435]
[9436]
[9437]
[9438]
[9439]
[9440]
[9441]
[9442]
[9443]
[9444]
[9445]
[9446]
[9447]
[9448]
[9449]
[9450]
[9451]
[9452]
[9453]
[9454]
[9455]
[9456]
[9457]
[9458]
[9459]
[9460]
[9461]
[9462]
[9463]
[9464]
[9465]
[9466]
[9467]
[9468]
[9469]
[9470]
[9471]
[9472]
[9473]
[9474]
[9475]
[9476]
[9477]
[9478]
[9479]
[9480]
[9481]
[9482]
[9483]
[9484]
[9485]
[9486]
[9487]
[9488]
[9489]
[9490]
[9491]
[9492]
[9493]
[9494]
[9495]
[9496]
[9497]
[9498]
[9499]
[9500]
[9501]
[9502]
[9503]
[9504]
[9505]
[9506]
[9507]
[9508]
[9509]
[9510]
[9511]
[9512]
[9513]
[9514]
[9515]
[9516]
[9517]
[9518]
[9519]
[9520]
[9521]
[9522]
[9523]
[9524]
[9525]
[9526]
[9527]
[9528]
[9529]
[9530]
[9531]
[9532]
[9533]
[9534]
[9535]
[9536]
[9537]
[9538]
[9539]
[9540]
[9541]
[9542]
[9543]
[9544]
[9545]
[9546]
[9547]
[9548]
[9549]
[9550]
[9551]
[9552]
[9553]
[9554]
[9555]
[9556]
[9557]
[9558]
[9559]
[9560]
[9561]
[9562]
[9563]
[9564]
[9565]
[9566]
[9567]
[9568]
[9569]
[9570]
[9571]
[9572]
[9573]
[9574]
[9575]
[9576]
[9577]
[9578]
[9579]
[9580]
[9581]
[9582]
[9583]
[9584]
[9585]
[9586]
[9587]
[9588]
[9589]
[9590]
[9591]
[9592]
[9593]
[9594]
[9595]
[9596]
[9597]
[9598]
[9599]
[9600]
[9601]
[9602]
[9603]
[9604]
[9605]
[9606]
[9607]
[9608]
[9609]
[9610]
[9611]
[9612]
[9613]
[9614]
[9615]
[9616]
[9617]
[9618]
[9619]
[9620]
[9621]
[9622]
[9623]
[9624]
[9625]
[9626]
[9627]
[9628]
[9629]
[9630]
[9631]
[9632]
[9633]
[9634]
[9635]
[9636]
[9637]
[9638]
[9639]
[9640]
[9641]
[9642]
[9643]
[9644]
[9645]
[9646]
[9647]
[9648]
[9649]
[9650]
[9651]
[9652]
[9653]
[9654]
[9655]
[9656]
[9657]
[9658]
[9659]
[9660]
[9661]
[9662]
[9663]
[9664]
[9665]
[9666]
[9667]
[9668]
[9669]
[9670]
[9671]
[9672]
[9673]
[9674]
[9675]
[9676]
[9677]
[9678]
[9679]
[9680]
[9681]
[9682]
[9683]
[9684]
[9685]
[9686]
[9687]
[9688]
[9689]
[9690]
[9691]
[9692]
[9693]
[9694]
[9695]
[9696]
[9697]
[9698]
[9699]
[9700]
[9701]
[9702]
[9703]
[9704]
[9705]
[9706]
[9707]
[9708]
[9709]
[9710]
[9711]
[9712]
[9713]
[9714]
[9715]
[9716]
[9717]
[9718]
[9719]
[9720]
[9721]
[9722]
[9723]
[9724]
[9725]
[9726]
[9727]
[9728]
[9729]
[9730]
[9731]
[9732]
[9733]
[9734]
[9735]
[9736]
[9737]
[9738]
[9739]
[9740]
[9741]
[9742]
[9743]
[9744]
[9745]
[9746]
[9747]
[9748]
[9749]
[9750]
[9751]
[9752]
[9753]
[9754]
[9755]
[9756]
[9757]
[9758]
[9759]
[9760]
[9761]
[9762]
[9763]
[9764]
[9765]
[9766]
[9767]
[9768]
[9769]
[9770]
[9771]
[9772]
[9773]
[9774]
[9775]
[9776]
[9777]
[9778]
[9779]
[9780]
[9781]
[9782]
[9783]
[9784]
[9785]
[9786]
[9787]
[9788]
[9789]
[9790]
[9791]
[9792]
[9793]
[9794]
[9795]
[9796]
[9797]
[9798]
[9799]
[9800]
[9801]
[9802]
[9803]
[9804]
[9805]
[9806]
[9807]
[9808]
[9809]
[9810]
[9811]
[9812]
[9813]
[9814]
[9815]
[9816]
[9817]
[9818]
[9819]
[9820]
[9821]
[9822]
[9823]
[9824]
[9825]
[9826]
[9827]
[9828]
[9829]
[9830]
[9831]
[9832]
[9833]
[9834]
[9835]
[9836]
[9837]
[9838]
[9839]
[9840]
[9841]
[9842]
[9843]
[9844]
[9845]
[9846]
[9847]
[9848]
[9849]
[9850]
[9851]
[9852]
[9853]
[9854]
[9855]
[9856]
[9857]
[9858]
[9859]
[9860]
[9861]
[9862]
[9863]
[9864]
[9865]
[9866]
[9867]
[9868]
[9869]
[9870]
[9871]
[9872]
[9873]
[9874]
[9875]
[9876]
[9877]
[9878]
[9879]
[9880]
[9881]
[9882]
[9883]
[9884]
[9885]
[9886]
[9887]
[9888]
[9889]
[9890]
[9891]
[9892]
[9893]
[9894]
[9895]
[9896]
[9897]
[9898]
[9899]
[9900]
[9901]
[9902]
[9903]
[9904]
[9905]
[9906]
[9907]
[9908]
[9909]
[9910]
[9911]
[9912]
[9913]
[9914]
[9915]
[9916]
[9917]
[9918]
[9919]
[9920]
[9921]
[9922]
[9923]
[9924]
[9925]
[9926]
[9927]
[9928]
[9929]
[9930]
[9931]
[9932]
[9933]
[9934]
[9935]
[9936]
[9937]
[9938]
[9939]
[9940]
[9941]
[9942]
[9943]
[9944]
[9945]
[9946]
[9947]
[9948]
[9949]
[9950]
[9951]
[9952]
[9953]
[9954]
[9955]
[9956]
[9957]
[9958]
[9959]
[9960]
[9961]
[9962]
[9963]
[9964]
[9965]
[9966]
[9967]
[9968]
[9969]
[9970]
[9971]
[9972]
[9973]
[9974]
[9975]
[9976]
[9977]
[9978]
[9979]
[9980]
[9981]
[9982]
[9983]
[9984]
[9985]
[9986]
[9987]
[9988]
[9989]
[9990]
[9991]
[9992]
[9993]
[9994]
[9995]
[9996]
[9997]
[9998]
[9999]
[10000]
[10001]
[10002]
[10003]
[10004]
[10005]
[10006]
[10007]
[10008]
[10009]
[10010]
[10011]
[10012]
[10013]
[10014]
[10015]
[10016]
[10017]
[10018]
[10019]
[10020]
[10021]
[10022]
[10023]
[10024]
[10025]
[10026]
[10027]
[10028]
[10029]
[10030]
[10031]
[10032]
[10033]
[10034]
[10035]
[10036]
[10037]
[10038]
[10039]
[10040]
[10041]
[10042]
[10043]
[10044]
[10045]
[10046]
[10047]
[10048]
[10049]
[10050]
[10051]
[10052]
[10053]
[10054]
[10055]
[10056]
[10057]
[10058]
[10059]
[10060]
[10061]
[10062]
[10063]
[10064]
[10065]
[10066]
[10067]
[10068]
[10069]
[10070]
[10071]
[10072]
[10073]
[10074]
[10075]
[10076]
[10077]
[10078]
[10079]
[10080]
[10081]
[10082]
[10083]
[10084]
[10085]
[10086]
[10087]
[10088]
[10089]
[10090]
[10091]
[10092]
[10093]
[10094]
[10095]
[10096]
[10097]
[10098]
[10099]
[10100]
[10101]
[10102]
[10103]
[10104]
[10105]
[10106]
[10107]
[10108]
[10109]
[10110]
[10111]
[10112]
[10113]
[10114]
[10115]
[10116]
[10117]
[10118]
[10119]
[10120]
[10121]
[10122]
[10123]
[10124]
[10125]
[10126]
[10127]
[10128]
[10129]
[10130]
[10131]
[10132]
[10133]
[10134]
[10135]
[10136]
[10137]
[10138]
[10139]
[10140]
[10141]
[10142]
[10143]
[10144]
[10145]
[10146]
[10147]
[10148]
[10149]
[10150]
[10151]
[10152]
[10153]
[10154]
[10155]
[10156]
[10157]
[10158]
[10159]
[10160]
[10161]
[10162]
[10163]
[10164]
[10165]
[10166]
[10167]
[10168]
[10169]
[10170]
[10171]
[10172]
[10173]
[10174]
[10175]
[10176]
[10177]
[10178]
[10179]
[10180]
[10181]
[10182]
[10183]
[10184]
[10185]
[10186]
[10187]
[10188]
[10189]
[10190]
[10191]
[10192]
[10193]
[10194]
[10195]
[10196]
[10197]
[10198]
[10199]
[10200]
[10201]
[10202]
[10203]
[10204]
[10205]
[10206]
[10207]
[10208]
[10209]
[10210]
[10211]
[10212]
[10213]
[10214]
[10215]
[10216]
[10217]
[10218]
[10219]
[10220]
[10221]
[10222]
[10223]
[10224]
[10225]
[10226]
[10227]
[10228]
[10229]
[10230]
[10231]
[10232]
[10233]
[10234]
[10235]
[10236]
[10237]
[10238]
[10239]
[10240]
[10241]
[10242]
[10243]
[10244]
[10245]
[10246]
[10247]
[10248]
[10249]
[10250]
[10251]
[10252]
[10253]
[10254]
[10255]
[10256]
[10257]
[10258]
[10259]
[10260]
[10261]
[10262]
[10263]
[10264]
[10265]
[10266]
[10267]
[10268]
[10269]
[10270]
[10271]
[10272]
[10273]
[10274]
[10275]
[10276]
[10277]
[10278]
[10279]
[10280]
[10281]
[10282]
[10283]
[10284]
[10285]
[10286]
[10287]
[10288]
[10289]
[10290]
[10291]
[10292]
[10293]
[10294]
[10295]
[10296]
[10297]
[10298]
[10299]
[10300]
[10301]
[10302]
[10303]
[10304]
[10305]
[10306]
[10307]
[10308]
[10309]
[10310]
[10311]
[10312]
[10313]
[10314]
[10315]
[10316]
[10317]
[10318]
[10319]
[10320]
[10321]
[10322]
[10323]
[10324]
[10325]
[10326]
[10327]
[10328]
[10329]
[10330]
[10331]
[10332]
[10333]
[10334]
[10335]
[10336]
[10337]
[10338]
[10339]
[10340]
[10341]
[10342]
[10343]
[10344]
[10345]
[10346]
[10347]
[10348]
[10349]
[10350]
[10351]
[10352]
[10353]
[10354]
[10355]
[10356]
[10357]
[10358]
[10359]
[10360]
[10361]
[10362]
[10363]
[10364]
[10365]
[10366]
[10367]
[10368]
[10369]
[10370]
[10371]
[10372]
[10373]
[10374]
[10375]
[10376]
[10377]
[10378]
[10379]
[10380]
[10381]
[10382]
[10383]
[10384]
[10385]
[10386]
[10387]
[10388]
[10389]
[10390]
[10391]
[10392]
[10393]
[10394]
[10395]
[10396]
[10397]
[10398]
[10399]
[10400]
[10401]
[10402]
[10403]
[10404]
[10405]
[10406]
[10407]
[10408]
[10409]
[10410]
[10411]
[10412]
[10413]
[10414]
[10415]
[10416]
[10417]
[10418]
[10419]
[10420]
[10421]
[10422]
[10423]
[10424]
[10425]
[10426]
[10427]
[10428]
[10429]
[10430]
[10431]
[10432]
[10433]
[10434]
[10435]
[10436]
[10437]
[10438]
[10439]
[10440]
[10441]
[10442]
[10443]
[10444]
[10445]
[10446]
[10447]
[10448]
[10449]
[10450]
[10451]
[10452]
[10453]
[10454]
[10455]
[10456]
[10457]
[10458]
[10459]
[10460]
[10461]
[10462]
[10463]
[10464]
[10465]
[10466]
[10467]
[10468]
[10469]
[10470]
[10471]
[10472]
[10473]
[10474]
[10475]
[10476]
[10477]
[10478]
[10479]
[10480]
[10481]
[10482]
[10483]
[10484]
[10485]
[10486]
[10487]
[10488]
[10489]
[10490]
[10491]
[10492]
[10493]
[10494]
[10495]
[10496]
[10497]
[10498]
[10499]
[10500]
[10501]
[10502]
[10503]
[10504]
[10505]
[10506]
[10507]
[10508]
[10509]
[10510]
[10511]
[10512]
[10513]
[10514]
[10515]
[10516]
[10517]
[10518]
[10519]
[10520]
[10521]
[10522]
[10523]
[10524]
[10525]
[10526]
[10527]
[10528]
[10529]
[10530]
[10531]
[10532]
[10533]
[10534]
[10535]
[10536]
[10537]
[10538]
[10539]
[10540]
[10541]
[10542]
[10543]
[10544]
[10545]
[10546]
[10547]
[10548]
[10549]
[10550]
[10551]
[10552]
[10553]
[10554]
[10555]
[10556]
[10557]
[10558]
[10559]
[10560]
[10561]
[10562]
[10563]
[10564]
[10565]
[10566]
[10567]
[10568]
[10569]
[10570]
[10571]
[10572]
[10573]
[10574]
[10575]
[10576]
[10577]
[10578]
[10579]
[10580]
[10581]
[10582]
[10583]
[10584]
[10585]
[10586]
[10587]
[10588]
[10589]
[10590]
[10591]
[10592]
[10593]
[10594]
[10595]
[10596]
[10597]
[10598]
[10599]
[10600]
[10601]
[10602]
[10603]
[10604]
[10605]
[10606]
[10607]
[10608]
[10609]
[10610]
[10611]
[10612]
[10613]
[10614]
[10615]
[10616]
[10617]
[10618]
[10619]
[10620]
[10621]
[10622]
[10623]
[10624]
[10625]
[10626]
[10627]
[10628]
[10629]
[10630]
[10631]
[10632]
[10633]
[10634]
[10635]
[10636]
[10637]
[10638]
[10639]
[10640]
[10641]
[10642]
[10643]
[10644]
[10645]
[10646]
[10647]
[10648]
[10649]
[10650]
[10651]
[10652]
[10653]
[10654]
[10655]
[10656]
[10657]
[10658]
[10659]
[10660]
[10661]
[10662]
[10663]
[10664]
[10665]
[10666]
[10667]
[10668]
[10669]
[10670]
[10671]
[10672]
[10673]
[10674]
[10675]
[10676]
[10677]
[10678]
[10679]
[10680]
[10681]
[10682]
[10683]
[10684]
[10685]
[10686]
[10687]
[10688]
[10689]
[10690]
[10691]
[10692]
[10693]
[10694]
[10695]
[10696]
[10697]
[10698]
[10699]
[10700]
[10701]
[10702]
[10703]
[10704]
[10705]
[10706]
[10707]
[10708]
[10709]
[10710]
[10711]
[10712]
[10713]
[10714]
[10715]
[10716]
[10717]
[10718]
[10719]
[10720]
[10721]
[10722]
[10723]
[10724]
[10725]
[10726]
[10727]
[10728]
[10729]
[10730]
[10731]
[10732]
[10733]
[10734]
[10735]
[10736]
[10737]
[10738]
[10739]
[10740]
[10741]
[10742]
[10743]
[10744]
[10745]
[10746]
[10747]
[10748]
[10749]
[10750]
[10751]
[10752]
[10753]
[10754]
[10755]
[10756]
[10757]
[10758]
[10759]
[10760]
[10761]
[10762]
[10763]
[10764]
[10765]
[10766]
[10767]
[10768]
[10769]
[10770]
[10771]
[10772]
[10773]
[10774]
[10775]
[10776]
[10777]
[10778]
[10779]
[10780]
[10781]
[10782]
[10783]
[10784]
[10785]
[10786]
[10787]
[10788]
[10789]
[10790]
[10791]
[10792]
[10793]
[10794]
[10795]
[10796]
[10797]
[10798]
[10799]
[10800]
[10801]
[10802]
[10803]
[10804]
[10805]
[10806]
[10807]
[10808]
[10809]
[10810]
[10811]
[10812]
[10813]
[10814]
[10815]
[10816]
[10817]
[10818]
[10819]
[10820]
[10821]
[10822]
[10823]
[10824]
[10825]
[10826]
[10827]
[10828]
[10829]
[10830]
[10831]
[10832]
[10833]
[10834]
[10835]
[10836]
[10837]
[10838]
[10839]
[10840]
[10841]
[10842]
[10843]
[10844]
[10845]
[10846]
[10847]
[10848]
[10849]
[10850]
[10851]
[10852]
[10853]
[10854]
[10855]
[10856]
[10857]
[10858]
[10859]
[10860]
[10861]
[10862]
[10863]
[10864]
[10865]
[10866]
[10867]
[10868]
[10869]
[10870]
[10871]
[10872]
[10873]
[10874]
[10875]
[10876]
[10877]
[10878]
[10879]
[10880]
[10881]
[10882]
[10883]
[10884]
[10885]
[10886]
[10887]
[10888]
[10889]
[10890]
[10891]
[10892]
[10893]
[10894]
[10895]
[10896]
[10897]
[10898]
[10899]
[10900]
[10901]
[10902]
[10903]
[10904]
[10905]
[10906]
[10907]
[10908]
[10909]
[10910]
[10911]
[10912]
[10913]
[10914]
[10915]
[10916]
[10917]
[10918]
[10919]
[10920]
[10921]
[10922]
[10923]
[10924]
[10925]
[10926]
[10927]
[10928]
[10929]
[10930]
[10931]
[10932]
[10933]
[10934]
[10935]
[10936]
[10937]
[10938]
[10939]
[10940]
[10941]
[10942]
[10943]
[10944]
[10945]
[10946]
[10947]
[10948]
[10949]
[10950]
[10951]
[10952]
[10953]
[10954]
[10955]
[10956]
[10957]
[10958]
[10959]
[10960]
[10961]
[10962]
[10963]
[10964]
[10965]
[10966]
[10967]
[10968]
[10969]
[10970]
[10971]
[10972]
[10973]
[10974]
[10975]
[10976]
[10977]
[10978]
[10979]
[10980]
[10981]
[10982]
[10983]
[10984]
[10985]
[10986]
[10987]
[10988]
[10989]
[10990]
[10991]
[10992]
[10993]
[10994]
[10995]
[10996]
[10997]
[10998]
[10999]
[11000]
[11001]
[11002]
[11003]
[11004]
[11005]
[11006]
[11007]
[11008]
[11009]
[11010]
[11011]
[11012]
[11013]
[11014]
[11015]
[11016]
[11017]
[11018]
[11019]
[11020]
[11021]
[11022]
[11023]
[11024]
[11025]
[11026]
[11027]
[11028]
[11029]
[11030]
[11031]
[11032]
[11033]
[11034]
[11035]
[11036]
[11037]
[11038]
[11039]
[11040]
[11041]
[11042]
[11043]
[11044]
[11045]
[11046]
[11047]
[11048]
[11049]
[11050]
[11051]
[11052]
[11053]
[11054]
[11055]
[11056]
[11057]
[11058]
[11059]
[11060]
[11061]
[11062]
[11063]
[11064]
[11065]
[11066]
[11067]
[11068]
[11069]
[11070]
[11071]
[11072]
[11073]
[11074]
[11075]
[11076]
[11077]
[11078]
[11079]
[11080]
[11081]
[11082]
[11083]
[11084]
[11085]
[11086]
[11087]
[11088]
[11089]
[11090]
[11091]
[11092]
[11093]
[11094]
[11095]
[11096]
[11097]
[11098]
[11099]
[11100]
[11101]
[11102]
[11103]
[11104]
[11105]
[11106]
[11107]
[11108]
[11109]
[11110]
[11111]
[11112]
[11113]
[11114]
[11115]
[11116]
[11117]
[11118]
[11119]
[11120]
[11121]
[11122]
[11123]
[11124]
[11125]
[11126]
[11127]
[11128]
[11129]
[11130]
[11131]
[11132]
[11133]
[11134]
[11135]
[11136]
[11137]
[11138]
[11139]
[11140]
[11141]
[11142]
[11143]
[11144]
[11145]
[11146]
[11147]
[11148]
[11149]
[11150]
[11151]
[11152]
[11153]
[11154]
[11155]
[11156]
[11157]
[11158]
[11159]
[11160]
[11161]
[11162]
[11163]
[11164]
[11165]
[11166]
[11167]
[11168]
[11169]
[11170]
[11171]
[11172]
[11173]
[11174]
[11175]
[11176]
[11177]
[11178]
[11179]
[11180]
[11181]
[11182]
[11183]
[11184]
[11185]
[11186]
[11187]
[11188]
[11189]
[11190]
[11191]
[11192]
[11193]
[11194]
[11195]
[11196]
[11197]
[11198]
[11199]
[11200]
[11201]
[11202]
[11203]
[11204]
[11205]
[11206]
[11207]
[11208]
[11209]
[11210]
[11211]
[11212]
[11213]
[11214]
[11215]
[11216]
[11217]
[11218]
[11219]
[11220]
[11221]
[11222]
[11223]
[11224]
[11225]
[11226]
[11227]
[11228]
[11229]
[11230]
[11231]
[11232]
[11233]
[11234]
[11235]
[11236]
[11237]
[11238]
[11239]
[11240]
[11241]
[11242]
[11243]
[11244]
[11245]
[11246]
[11247]
[11248]
[11249]
[11250]
[11251]
[11252]
[11253]
[11254]
[11255]
[11256]
[11257]
[11258]
[11259]
[11260]
[11261]
[11262]
[11263]
[11264]
[11265]
[11266]
[11267]
[11268]
[11269]
[11270]
[11271]
[11272]
[11273]
[11274]
[11275]
[11276]
[11277]
[11278]
[11279]
[11280]
[11281]
[11282]
[11283]
[11284]
[11285]
[11286]
[11287]
[11288]
[11289]
[11290]
[11291]
[11292]
[11293]
[11294]
[11295]
[11296]
[11297]
[11298]
[11299]
[11300]
[11301]
[11302]
[11303]
[11304]
[11305]
[11306]
[11307]
[11308]
[11309]
[11310]
[11311]
[11312]
[11313]
[11314]
[11315]
[11316]
[11317]
[11318]
[11319]
[11320]
[11321]
[11322]
[11323]
[11324]
[11325]
[11326]
[11327]
[11328]
[11329]
[11330]
[11331]
[11332]
[11333]
[11334]
[11335]
[11336]
[11337]
[11338]
[11339]
[11340]
[11341]
[11342]
[11343]
[11344]
[11345]
[11346]
[11347]
[11348]
[11349]
[11350]
[11351]
[11352]
[11353]
[11354]
[11355]
[11356]
[11357]
[11358]
[11359]
[11360]
[11361]
[11362]
[11363]
[11364]
[11365]
[11366]
[11367]
[11368]
[11369]
[11370]
[11371]
[11372]
[11373]
[11374]
[11375]
[11376]
[11377]
[11378]
[11379]
[11380]
[11381]
[11382]
[11383]
[11384]
[11385]
[11386]
[11387]
[11388]
[11389]
[11390]
[11391]
[11392]
[11393]
[11394]
[11395]
[11396]
[11397]
[11398]
[11399]
[11400]
[11401]
[11402]
[11403]
[11404]
[11405]
[11406]
[11407]
[11408]
[11409]
[11410]
[11411]
[11412]
[11413]
[11414]
[11415]
[11416]
[11417]
[11418]
[11419]
[11420]
[11421]
[11422]
[11423]
[11424]
[11425]
[11426]
[11427]
[11428]
[11429]
[11430]
[11431]
[11432]
[11433]
[11434]
[11435]
[11436]
[11437]
[11438]
[11439]
[11440]
[11441]
[11442]
[11443]
[11444]
[11445]
[11446]
[11447]
[11448]
[11449]
[11450]
[11451]
[11452]
[11453]
[11454]
[11455]
[11456]
[11457]
[11458]
[11459]
[11460]
[11461]
[11462]
[11463]
[11464]
[11465]
[11466]
[11467]
[11468]
[11469]
[11470]
[11471]
[11472]
[11473]
[11474]
[11475]
[11476]
[11477]
[11478]
[11479]
[11480]
[11481]
[11482]
[11483]
[11484]
[11485]
[11486]
[11487]
[11488]
[11489]
[11490]
[11491]
[11492]
[11493]
[11494]
[11495]
[11496]
[11497]
[11498]
[11499]
[11500]
[11501]
[11502]
[11503]
[11504]
[11505]
[11506]
[11507]
[11508]
[11509]
[11510]
[11511]
[11512]
[11513]
[11514]
[11515]
[11516]
[11517]
[11518]
[11519]
[11520]
[11521]
[11522]
[11523]
[11524]
[11525]
[11526]
[11527]
[11528]
[11529]
[11530]
[11531]
[11532]
[11533]
[11534]
[11535]
[11536]
[11537]
[11538]
[11539]
[11540]
[11541]
[11542]
[11543]
[11544]
[11545]
[11546]
[11547]
[11548]
[11549]
[11550]
[11551]
[11552]
[11553]
[11554]
[11555]
[11556]
[11557]
[11558]
[11559]
[11560]
[11561]
[11562]
[11563]
[11564]
[11565]
[11566]
[11567]
[11568]
[11569]
[11570]
[11571]
[11572]
[11573]
[11574]
[11575]
[11576]
[11577]
[11578]
[11579]
[11580]
[11581]
[11582]
[11583]
[11584]
[11585]
[11586]
[11587]
[11588]
[11589]
[11590]
[11591]
[11592]
[11593]
[11594]
[11595]
[11596]
[11597]
[11598]
[11599]
[11600]
[11601]
[11602]
[11603]
[11604]
[11605]
[11606]
[11607]
[11608]
[11609]
[11610]
[11611]
[11612]
[11613]
[11614]
[11615]
[11616]
[11617]
[11618]
[11619]
[11620]
[11621]
[11622]
[11623]
[11624]
[11625]
[11626]
[11627]
[11628]
[11629]
[11630]
[11631]
[11632]
[11633]
[11634]
[11635]
[11636]
[11637]
[11638]
[11639]
[11640]
[11641]
[11642]
[11643]
[11644]
[11645]
[11646]
[11647]
[11648]
[11649]
[11650]
[11651]
[11652]
[11653]
[11654]
[11655]
[11656]
[11657]
[11658]
[11659]
[11660]
[11661]
[11662]
[11663]
[11664]
[11665]
[11666]
[11667]
[11668]
[11669]
[11670]
[11671]
[11672]
[11673]
[11674]
[11675]
[11676]
[11677]
[11678]
[11679]
[11680]
[11681]
[11682]
[11683]
[11684]
[11685]
[11686]
[11687]
[11688]
[11689]
[11690]
[11691]
[11692]
[11693]
[11694]
[11695]
[11696]
[11697]
[11698]
[11699]
[11700]
[11701]
[11702]
[11703]
[11704]
[11705]
[11706]
[11707]
[11708]
[11709]
[11710]
[11711]
[11712]
[11713]
[11714]
[11715]
[11716]
[11717]
[11718]
[11719]
[11720]
[11721]
[11722]
[11723]
[11724]
[11725]
[11726]
[11727]
[11728]
[11729]
[11730]
[11731]
[11732]
[11733]
[11734]
[11735]
[11736]
[11737]
[11738]
[11739]
[11740]
[11741]
[11742]
[11743]
[11744]
[11745]
[11746]
[11747]
[11748]
[11749]
[11750]
[11751]
[11752]
[11753]
[11754]
[11755]
[11756]
[11757]
[11758]
[11759]
[11760]
[11761]
[11762]
[11763]
[11764]
[11765]
[11766]
[11767]
[11768]
[11769]
[11770]
[11771]
[11772]
[11773]
[11774]
[11775]
[11776]
[11777]
[11778]
[11779]
[11780]
[11781]
[11782]
[11783]
[11784]
[11785]
[11786]
[11787]
[11788]
[11789]
[11790]
[11791]
[11792]
[11793]
[11794]
[11795]
[11796]
[11797]
[11798]
[11799]
[11800]
[11801]
[11802]
[11803]
[11804]
[11805]
[11806]
[11807]
[11808]
[11809]
[11810]
[11811]
[11812]
[11813]
[11814]
[11815]
[11816]
[11817]
[11818]
[11819]
[11820]
[11821]
[11822]
[11823]
[11824]
[11825]
[11826]
[11827]
[11828]
[11829]
[11830]
[11831]
[11832]
[11833]
[11834]
[11835]
[11836]
[11837]
[11838]
[11839]
[11840]
[11841]
[11842]
[11843]
[11844]
[11845]
[11846]
[11847]
[11848]
[11849]
[11850]
[11851]
[11852]
[11853]
[11854]
[11855]
[11856]
[11857]
[11858]
[11859]
[11860]
[11861]
[11862]
[11863]
[11864]
[11865]
[11866]
[11867]
[11868]
[11869]
[11870]
[11871]
[11872]
[11873]
[11874]
[11875]
[11876]
[11877]
[11878]
[11879]
[11880]
[11881]
[11882]
[11883]
[11884]
[11885]
[11886]
[11887]
[11888]
[11889]
[11890]
[11891]
[11892]
[11893]
[11894]
[11895]
[11896]
[11897]
[11898]
[11899]
[11900]
[11901]
[11902]
[11903]
[11904]
[11905]
[11906]
[11907]
[11908]
[11909]
[11910]
[11911]
[11912]
[11913]
[11914]
[11915]
[11916]
[11917]
[11918]
[11919]
[11920]
[11921]
[11922]
[11923]
[11924]
[11925]
[11926]
[11927]
[11928]
[11929]
[11930]
[11931]
[11932]
[11933]
[11934]
[11935]
[11936]
[11937]
[11938]
[11939]
[11940]
[11941]
[11942]
[11943]
[11944]
[11945]
[11946]
[11947]
[11948]
[11949]
[11950]
[11951]
[11952]
[11953]
[11954]
[11955]
[11956]
[11957]
[11958]
[11959]
[11960]
[11961]
[11962]
[11963]
[11964]
[11965]
[11966]
[11967]
[11968]
[11969]
[11970]
[11971]
[11972]
[11973]
[11974]
[11975]
[11976]
[11977]
[11978]
[11979]
[11980]
[11981]
[11982]
[11983]
[11984]
[11985]
[11986]
[11987]
[11988]
[11989]
[11990]
[11991]
[11992]
[11993]
[11994]
[11995]
[11996]
[11997]
[11998]
[11999]
[12000]
[12001]
[12002]
[12003]
[12004]
[12005]
[12006]
[12007]
[12008]
[12009]
[12010]
[12011]
[12012]
[12013]
[12014]
[12015]
[12016]
[12017]
[12018]
[12019]
[12020]
[12021]
[12022]
[12023]
[12024]
[12025]
[12026]
[12027]
[12028]
[12029]
[12030]
[12031]
[12032]
[12033]
[12034]
[12035]
[12036]
[12037]
[12038]
[12039]
[12040]
[12041]
[12042]
[12043]
[12044]
[12045]
[12046]
[12047]
[12048]
[12049]
[12050]
[12051]
[12052]
[12053]
[12054]
[12055]
[12056]
[12057]
[12058]
[12059]
[12060]
[12061]
[12062]
[12063]
[12064]
[12065]
[12066]
[12067]
[12068]
[12069]
[12070]
[12071]
[12072]
[12073]
[12074]
[12075]
[12076]
[12077]
[12078]
[12079]
[12080]
[12081]
[12082]
[12083]
[12084]
[12085]
[12086]
[12087]
[12088]
[12089]
[12090]
[12091]
[12092]
[12093]
[12094]
[12095]
[12096]
[12097]
[12098]
[12099]
[12100]
[12101]
[12102]
[12103]
[12104]
[12105]
[12106]
[12107]
[12108]
[12109]
[12110]
[12111]
[12112]
[12113]
[12114]
[12115]
[12116]
[12117]
[12118]
[12119]
[12120]
[12121]
[12122]
[12123]
[12124]
[12125]
[12126]
[12127]
[12128]
[12129]
[12130]
[12131]
[12132]
[12133]
[12134]
[12135]
[12136]
[12137]
[12138]
[12139]
[12140]
[12141]
[12142]
[12143]
[12144]
[12145]
[12146]
[12147]
[12148]
[12149]
[12150]
[12151]
[12152]
[12153]
[12154]
[12155]
[12156]
[12157]
[12158]
[12159]
[12160]
[12161]
[12162]
[12163]
[12164]
[12165]
[12166]
[12167]
[12168]
[12169]
[12170]
[12171]
[12172]
[12173]
[12174]
[12175]
[12176]
[12177]
[12178]
[12179]
[12180]
[12181]
[12182]
[12183]
[12184]
[12185]
[12186]
[12187]
[12188]
[12189]
[12190]
[12191]
[12192]
[12193]
[12194]
[12195]
[12196]
[12197]
[12198]
[12199]
[12200]
[12201]
[12202]
[12203]
[12204]
[12205]
[12206]
[12207]
[12208]
[12209]
[12210]
[12211]
[12212]
[12213]
[12214]
[12215]
[12216]
[12217]
[12218]
[12219]
[12220]
[12221]
[12222]
[12223]
[12224]
[12225]
[12226]
[12227]
[12228]
[12229]
[12230]
[12231]
[12232]
[12233]
[12234]
[12235]
[12236]
[12237]
[12238]
[12239]
[12240]
[12241]
[12242]
[12243]
[12244]
[12245]
[12246]
[12247]
[12248]
[12249]
[12250]
[12251]
[12252]
[12253]
[12254]
[12255]
[12256]
[12257]
[12258]
[12259]
[12260]
[12261]
[12262]
[12263]
[12264]
[12265]
[12266]
[12267]
[12268]
[12269]
[12270]
[12271]
[12272]
[12273]
[12274]
[12275]
[12276]
[12277]
[12278]
[12279]
[12280]
[12281]
[12282]
[12283]
[12284]
[12285]
[12286]
[12287]
[12288]
[12289]
[12290]
[12291]
[12292]
[12293]
[12294]
[12295]
[12296]
[12297]
[12298]
[12299]
[12300]
[12301]
[12302]
[12303]
[12304]
[12305]
[12306]
[12307]
[12308]
[12309]
[12310]
[12311]
[12312]
[12313]
[12314]
[12315]
[12316]
[12317]
[12318]
[12319]
[12320]
[12321]
[12322]
[12323]
[12324]
[12325]
[12326]
[12327]
[12328]
[12329]
[12330]
[12331]
[12332]
[12333]
[12334]
[12335]
[12336]
[12337]
[12338]
[12339]
[12340]
[12341]
[12342]
[12343]
[12344]
[12345]
[12346]
[12347]
[12348]
[12349]
[12350]
[12351]
[12352]
[12353]
[12354]
[12355]
[12356]
[12357]
[12358]
[12359]
[12360]
[12361]
[12362]
[12363]
[12364]
[12365]
[12366]
[12367]
[12368]
[12369]
[12370]
[12371]
[12372]
[12373]
[12374]
[12375]
[12376]
[12377]
[12378]
[12379]
[12380]
[12381]
[12382]
[12383]
[12384]
[12385]
[12386]
[12387]
[12388]
[12389]
[12390]
[12391]
[12392]
[12393]
[12394]
[12395]
[12396]
[12397]
[12398]
[12399]
[12400]
[12401]
[12402]
[12403]
[12404]
[12405]
[12406]
[12407]
[12408]
[12409]
[12410]
[12411]
[12412]
[12413]
[12414]
[12415]
[12416]
[12417]
[12418]
[12419]
[12420]
[12421]
[12422]
[12423]
[12424]
[12425]
[12426]
[12427]
[12428]
[12429]
[12430]
[12431]
[12432]
[12433]
[12434]
[12435]
[12436]
[12437]
[12438]
[12439]
[12440]
[12441]
[12442]
[12443]
[12444]
[12445]
[12446]
[12447]
[12448]
[12449]
[12450]
[12451]
[12452]
[12453]
[12454]
[12455]
[12456]
[12457]
[12458]
[12459]
[12460]
[12461]
[12462]
[12463]
[12464]
[12465]
[12466]
[12467]
[12468]
[12469]
[12470]
[12471]
[12472]
[12473]
[12474]
[12475]
[12476]
[12477]
[12478]
[12479]
[12480]
[12481]
[12482]
[12483]
[12484]
[12485]
[12486]
[12487]
[12488]
[12489]
[12490]
[12491]
[12492]
[12493]
[12494]
[12495]
[12496]
[12497]
[12498]
[12499]
[12500]
[12501]
[12502]
[12503]
[12504]
[12505]
[12506]
[12507]
[12508]
[12509]
[12510]
[12511]
[12512]
[12513]
[12514]
[12515]
[12516]
[12517]
[12518]
[12519]
[12520]
[12521]
[12522]
[12523]
[12524]
[12525]
[12526]
[12527]
[12528]
[12529]
[12530]
[12531]
[12532]
[12533]
[12534]
[12535]
[12536]
[12537]
[12538]
[12539]
[12540]
[12541]
[12542]
[12543]
[12544]
[12545]
[12546]
[12547]
[12548]
[12549]
[12550]
[12551]
[12552]
[12553]
[12554]
[12555]
[12556]
[12557]
[12558]
[12559]
[12560]
[12561]
[12562]
[12563]
[12564]
[12565]
[12566]
[12567]
[12568]
[12569]
[12570]
[12571]
[12572]
[12573]
[12574]
[12575]
[12576]
[12577]
[12578]
[12579]
[12580]
[12581]
[12582]
[12583]
[12584]
[12585]
[12586]
[12587]
[12588]
[12589]
[12590]
[12591]
[12592]
[12593]
[12594]
[12595]
[12596]
[12597]
[12598]
[12599]
[12600]
[12601]
[12602]
[12603]
[12604]
[12605]
[12606]
[12607]
[12608]
[12609]
[12610]
[12611]
[12612]
[12613]
[12614]
[12615]
[12616]
[12617]
[12618]
[12619]
[12620]
[12621]
[12622]
[12623]
[12624]
[12625]
[12626]
[12627]
[12628]
[12629]
[12630]
[12631]
[12632]
[12633]
[12634]
[12635]
[12636]
[12637]
[12638]
[12639]
[12640]
[12641]
[12642]
[12643]
[12644]
[12645]
[12646]
[12647]
[12648]
[12649]
[12650]
[12651]
[12652]
[12653]
[12654]
[12655]
[12656]
[12657]
[12658]
[12659]
[12660]
[12661]
[12662]
[12663]
[12664]
[12665]
[12666]
[12667]
[12668]
[12669]
[12670]
[12671]
[12672]
[12673]
[12674]
[12675]
[12676]
[12677]
[12678]
[12679]
[12680]
[12681]
[12682]
[12683]
[12684]
[12685]
[12686]
[12687]
[12688]
[12689]
[12690]
[12691]
[12692]
[12693]
[12694]
[12695]
[12696]
[12697]
[12698]
[12699]
[12700]
[12701]
[12702]
[12703]
[12704]
[12705]
[12706]
[12707]
[12708]
[12709]
[12710]
[12711]
[12712]
[12713]
[12714]
[12715]
[12716]
[12717]
[12718]
[12719]
[12720]
[12721]
[12722]
[12723]
[12724]
[12725]
[12726]
[12727]
[12728]
[12729]
[12730]
[12731]
[12732]
[12733]
[12734]
[12735]
[12736]
[12737]
[12738]
[12739]
[12740]
[12741]
[12742]
[12743]
[12744]
[12745]
[12746]
[12747]
[12748]
[12749]
[12750]
[12751]
[12752]
[12753]
[12754]
[12755]
[12756]
[12757]
[12758]
[12759]
[12760]
[12761]
[12762]
[12763]
[12764]
[12765]
[12766]
[12767]
[12768]
[12769]
[12770]
[12771]
[12772]
[12773]
[12774]

<!DOCTYPE html>
<!-- WASDOC AXP-2.0.0 (CGILIB AXP-1.9.9) -->
<!-- wasDOC Copyright (C) 2019,2020 Mark G.Daniel - Apache-2.0 licenced -->
<!--  3-NOV-2021 02:50 -->
<noscript>NOTE: SOME FUNCTIONALITY EMPLOYS JAVASCRIPT</noscript>
<div id="erreport1" style="display:none;"></div>
<script>
function errorReport(string) {
   for (var cnt = 1; cnt <= 2; cnt++) {
      var err = document.getElementById('erreport'+cnt);
      err.style.display = 'block';
      err.innerHTML += string;
   }
}
</script>
<style type="text/css">
html { font-family: arial, verdana, sans-serif; font-size:12pt; margin:1em; }
h1 { font-size:124%; font-style:bold;
     margin-top:1em; margin-bottom:0.5em; }
h2 { font-size:120%; font-style:bold;
     margin-top:1.1em; margin-bottom:0.4em; }
h3 { font-size:116%; font-style:bold;
     margin-top:1.0em; margin-bottom:0.3em; }
h4 { font-size:112%; font-style:bold;
     margin-top:1.1em; margin-bottom:0.3em; }
h5 { font-size:112%; font-style:bold; 
     margin-top:1.1em; margin-bottom:0.3em; }
h6 { font-size:112%; font-style:bold; padding:0; margin:0; }

h1 .text { text-decoration:underline; }
h1 .numb { padding-right:0.8em; }
h1 .numb:empty { display:none; padding-right:0; }
h2 .numb { padding-right:0.8em; }
h2 .numb:empty { display:none; padding-right:0; }
h3 .numb { padding-right:0.8em; }
h3 .numb:empty { display:none; padding-right:0; }
h4 .numb { padding-right:0.8em; }
h4 .numb:empty { display:none; padding-right:0; }
h5 .numb { display:none; padding-right:0; }
h6 .numb { display:none; padding-right:0; }

kbd { font-family:monospace; }

noscript { font-size:1.2em; }

p { line-height:1.1em; margin-top:1em; margin-bottom:1em; }

.chunk { font-size:130%; text-decoration:underline; }
.head {}
.high {}
.bold { font-weight:bold; }
.center { text-align:center; }
.italic { font-style:italic; }
.left { text-align:left; }
.nowrap { white-space:nowrap; }
.prewrap { white-space:pre; }
.right { text-align:right; }
.strike { text-decoration:line-through; }
.under { text-decoration:underline; }

.backlight { background-color:#f2f2f2; }
.display0 { display:none; }

img { max-width:100%; }
.imglink { }

.link { }
.blank { }

.list { margin-bottom:1em; }
.list li { margin-top:0.5em; }
.list0 li { margin-top:0; }
.item {}

.tabl { border-collapse:collapse; text-align:left; margin:0.4em 2em 0.5em 2em; }
.tabu { border-collapse:collapse; text-align:right; margin:0.4em 2em 0.5em 2em; }

.tabr { vertical-align:top; }
.tabh { padding:0.2em 0 0 2em; margin:0; }
.tabd { padding:0.1em 0 0 2em; margin:0; }
.tabh:first-of-type, td:first-of-type { padding-left:0; }

.tabu .tabh,
.tabu .tabd { border:1px solid gray; padding:0.2em 0.3em 0.2em 0.3em; }
.tab0 { border:none; visibility:hidden; max-width:1em; 
        white-space:nowrap; overflow:hidden; }

.tabauto { margin-left:auto; margin-right:auto; }

.tabr:empty { height:0.2em; }
.tabu .tabh:empty, .tabu .tabd:empty { border:none; visibility:hidden; }

.error { font-size:110%; color:black; background-color:yellow;
         font-family:sans-serif; font-weight:bold; font-style:normal;
         width:95%; border:solid 1px gray; padding:0.5em 1em 0.5em 1em; }
.error::before { content:'\026a0\00a0'; }
.image { }
.page { width:98%; border:1px dashed gray; margin:1.5em 0 1.8em 0; }
.epage { width:98%; border:1px dashed black; margin:1.5em 0 1.8em 0; }
.monosp { font-family:monospace; }
.ppage { display:none; }
.simple { list-style-type:none; }
.valtop { vertical-align:top; }
.valmid { vertical-align:middle; }
.valbot { vertical-align:bottom; }

.code { border-style:solid; border-width:0 0 0 1px; padding-left:1em;
        font-family:monospace; white-space:pre; }
.block { }
.blockof { margin:0.4em 2em 0.5em 2em; }
.example { border-style:dashed; border-width:0 0 0 1px; padding-left:1em;
           margin-top:0.5em; margin-bottom:0.5em; white-space:pre; }
.indent { margin-left:2em; margin-right:2em; }
.noindent { margin-left:0; margin-right:0; }
.inblock { display:inline-block; }
.mono { white-space:pre; font-family:monospace; }
.note { margin:0.4em 2em 0.5em 2em; page-break-inside:avoid; }
.note h5 { margin-top:0 }
.note_hr { width:80%; border:1px solid gray; }
.prop { padding-left:1em; margin-top:0.5em; margin-bottom:0.5em; }
.quote { border-style:dashed; border-width:0 0 0 1px; padding-left:1em;
         margin-top:0.5em; margin-bottom:0.5em; }
.this { display:none; }

a:link,a:visited { color:black; text-decoration:none; }
a:hover,a:active { text-decoration:underline; }
a:focus { outline:0; } 

:target:before { content:''; display:block; height:0.1em; margin:-0.1em; }
a.link:link, a.link:visited,a.link:active 
{ color:midnightBlue; text-decoration:underline; text-decoration-style:solid; }

.TOC1cols1 { width:80%; max-width:80%; }
.TOC1cols2 { column-count:2; width:80%; max-width:80%; }
.TOC1cols3 { column-count:3; max-width:90%; max-width:90%; }
.TOC1cols4 { column-count:4; max-width:100%; max-width:100%; }
.TOC1table { margin-left:2em; white-space:nowrap; break-inside:auto; }
.TOC1table tr { vertical-align:top; text-align:left; break-inside:avoid; break-after:auto; }
.TOC1table td+td { padding:0 0 0 0.5em; }
.TOC1table .numb { width:3em; max-width:3em; }
.TOC1table .sepr { width:5em; max-width:6em; overflow:hidden; }
.TOC1table .majr { font-weight:bold; }
.TOC1table .text { white-space:normal; }

/* These are due to Firefox (at least <= 76) recalcitrant multi-column handling.
   Web search "Split table into css columns, issue in Firefox" (stackoverflow).
   "Good grief, Charlie Brown!" */
 
.TOC1cols2 table,
.TOC1cols2 tbody,
.TOC1cols2 tr,
.TOC1cols3 table,
.TOC1cols3 tbody,
.TOC1cols3 tr,
.TOC1cols4 table,
.TOC1cols4 tbody,
.TOC1cols4 tr { display:block; padding:0; }

.TOC2cols1 { width:60%; max-width:60%; }
.TOC2cols2 { column-count:2; width:70%; max-width:70%; }
.TOC2cols3 { column-count:3; width:80%; max-width:80%; }
.TOC2cols4 { column-count:4; width:90%; max-width:90%; }
.TOC2table { margin-left:2em; white-space:nowrap; break-inside:auto; }
.TOC2table tr { vertical-align:top; text-align:left; break-inside:avoid; break-after:auto; }
.TOC2table .numb { font-weight:bold; padding-right:0.5em; }
.TOC2table .text { width:100%; white-space:normal; }

/* see "recalcitrant" above */
.TOC2cols2 table,
.TOC2cols2 tbody,
.TOC2cols2 tr,
.TOC2cols3 table,
.TOC2cols3 tbody,
.TOC2cols3 tr,
.TOC2cols4 table,
.TOC2cols4 tbody,
.TOC2cols4 tr { display:block; padding:0; }

.NAVtable { margin:0.1em 0 0 2em; }
.NAVtable td { font-size:110%; font-weight:bold; padding:0; margin:0; }
.NAVtable a { padding:0 0.5em 0 0.5em; text-decoration:none; }

.IDXcols1 { width:80%; max-width:80%; }
.IDXcols2 { column-count:2; width:90%; max-width:90%; }
.IDXcols3 { column-count:3; width:95%; max-width:95%;  }
.IDXcols4 { column-count:4; width:100%; max-width:100%;  }
.IDXtable { margin:1em 0 1em 2em; white-space:nowrap; break-inside:auto; }
.IDXtable tr { vertical-align:top; text-align:left; break-inside:avoid; break-after:auto; }
.IDXtable .alpha { font-weight:bold; min-width:2em; }
.IDXtable .text  { width:100%; white-space:normal; }
.IDXtable .para:before { content:'\00b6\00a0'; }

/* see "recalcitrant" above */
.IDXcols2 table,
.IDXcols2 tbody,
.IDXcols2 tr,
.IDXcols3 table,
.IDXcols3 tbody,
.IDXcols3 tr,
.IDXcols4 table,
.IDXcols4 tbody,
.IDXcols4 tr { display:block; padding:0; }

.insight { background-color:cyan; font-family:monospace;
           padding:0 0.2em 0 0.2em; margin:0 0.2em 0 0.2em;
           font-size:100%; font-style:normal; font-weight:normal;
           text-decoration:none; }

.wasdoc { font-family: "Lucida Console", Monaco, monospace; 
          letter-spacing:-0.07em; }

@media screen { .blank::after { content:"\2924"; } 
                .print { display:none; }
}

@media print {
   table { page-break-inside:avoid; }
   .noprint { display:none; }
   .page { border:none; page-break-after: always; }
   .epage { display:none; }
   .ppage { page-break-after:always; }
   .NAVtable { display:none; }
   .NAVprint { display:block!important; }
}

@page { margin:2cm 1cm 2cm 1cm;  }
</style>
<!-- source:0000_config.wasdoc -->

<style type="text/css">._smiley::after { font-size:150%; vertical-align:middle; content:'\263a' }</style>
<style type="text/css">._frowny::after { font-size:150%; vertical-align:middle; content:'\2639' }</style>

<a id="0." href="#"></a>
<a id="0.0.0.0.1" href="#"></a>
<a id="0.wasdconfiguration" href="#"></a>
<a id="wasdconfiguration" href="#"></a>
<h1 class="head" style="font-size:140%;"><span class="text">WASD Configuration</span></h1>

<p> For version 12.0 release of WASD VMS Web Services.

<p> Published November 2021

<p> Document generated using <span class="high wasdoc">wasDOC</span> version 2.0.0

<a id="0.0.0.0.2" href="#"></a>
<a id="0.abstract" href="#"></a>
<a id="abstract" href="#"></a>
<h5 class="head"><span class="text">Abstract</span></h5>

<p> This document provides detailed configuration instructions for the WASD Web
Services package.

<p> For installation and update details see
<a class="link blank" target="_blank" href="../features/">WASD Web Services - Installation</a>

<p> For the more significant WASD features and facilities see
<a class="link blank" target="_blank" href="../features/">WASD Web Services - Features</a>

<p> For information on CGI, CGIplus, ISAPI, OSU, etc., scripting, see
<a class="link blank" target="_blank" href="../scripting/">WASD Web Services - Scripting</a>

<p> And for a description of WASD document, SSI and directory listing
behaviours and options, <a class="link blank" target="_blank" href="../env/">WASD Web Services - Environment</a>

<a id="0.0.0.0.3" href="#"></a>
<a id="0.onlinesearch" href="#"></a>
<a id="onlinesearch" href="#"></a>
<h5 class="head"><span class="text">Online Search</span></h5>
<p>
<table class="tabl noindent" style="border:1px #808080 solid;background-color:#eeeeee;margin-bottom:1.5em;">
<tr class="tabr">
<td class="tabd" style="padding:0.5em;"><form action="/cgi-bin/query/wasd_root/wasdoc/config/*.html" target="_top">
<input type="submit" value="Search for:">&nbsp;
<input type="text" name="search" size="20">&nbsp;
<input type="reset" value="Reset">
</form>
</table>

<p> <span class="high bold">WASD VMS Web Services &ndash; Copyright &copy; 1996-2021 Mark G. Daniel</span>

<a id="0.0.0.0.3.1" href="#"></a>
<a id="0.apachelicenseversion20" href="#"></a>
<a id="apachelicenseversion20" href="#"></a>
<h6 class="head display0"><span class="text">Apache License, Version 2.0</span></h6>
<a id="0.0.0.0.3.2" href="#"></a>
<a id="0.license" href="#"></a>
<a id="license" href="#"></a>
<h6 class="head display0"><span class="text">License</span></h6>
<p> Licensed under the <span class="high bold">Apache License</span>, Version 2.0 (the &quot;License&quot;);
<div class="blockof quote" style="font-size:0.9em;width:49em;margin:-0.5em 0 0 1em;">you may not use this software except in compliance with the License.
You may obtain a copy of the License at
<p> <a class="link blank" target="_blank" style="margin-left:1em;" href="https://www.apache.org/licenses/LICENSE-2.0">https://www.apache.org/licenses/LICENSE-2.0</a>
<p> Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an &quot;AS IS&quot; BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
</div>

<p> <a class="link" href="mailto:Mark.Daniel@wasd.vsm.com.au">Mark.Daniel@wasd.vsm.com.au</a>
<br> <span class="high bold italic">A pox on the houses of all spamers.  Make that two poxes.</span>

<p> All copyright and trademarks within this document belong to their rightful
owners.  See <a class="link" href="#13.attributionandacknowledgement">13. Attribution and Acknowledgement</a>.


<p> This is a static (file), single document.
<br> Alternative <a class="link" href="/wasd_root/wasdoc/config/config.html">multi-part</a> static
and <a class="link" href="/cgi-bin/wasdoc/wasd_root/wasdoc/config/">dynamic</a> documents.

<br> Links followed by &#10532; open in a new page.

<a id="0.0.0.0.4.2" href="#"></a>
<a id="0.tableofcontent" href="#"></a>
<a id="tableofcontent" href="#"></a>
<h1 class="head" style="font-size:120%;"><span class="text">Table of Content</span></h1>


<div class="TOC1cols2">
<table class="TOC1table">
<tr><td class="sepr"><a href="#1.introduction">1.</a>&hellip;&hellip;&hellip;&hellip;&hellip;&hellip;&hellip;<td class="text majr"><a href="#1.introduction">Introduction</a>
<tr><td class="sepr"><a href="#1.1.troubleshooting">1.1</a>&hellip;&hellip;&hellip;&hellip;&hellip;&hellip;&hellip;<td class="text"><a href="#1.1.troubleshooting">Troubleshooting?</a>
<tr><td class="sepr"><a href="#2.configurationconsiderations">2.</a>&hellip;&hellip;&hellip;&hellip;&hellip;&hellip;&hellip;<td class="text majr"><a href="#2.configurationconsiderations">Configuration Considerations</a>
<tr><td class="sepr"><a href="#2.1.includefiledirective">2.1</a>&hellip;&hellip;&hellip;&hellip;&hellip;&hellip;&hellip;<td class="text"><a href="#2.1.includefiledirective">Include File Directive</a>
<tr><td class="sepr"><a href="#2.2.siteorganisation">2.2</a>&hellip;&hellip;&hellip;&hellip;&hellip;&hellip;&hellip;<td class="text"><a href="#2.2.siteorganisation">Site Organisation</a>
<tr><td class="sepr"><a href="#2.3.virtualservices">2.3</a>&hellip;&hellip;&hellip;&hellip;&hellip;&hellip;&hellip;<td class="text"><a href="#2.3.virtualservices">Virtual Services</a>
<tr><td class="sepr"><a href="#2.3.1.virtualserver">2.3.1</a>&hellip;&hellip;&hellip;&hellip;&hellip;&hellip;&hellip;<td class="text"><a href="#2.3.1.virtualserver">[[virtual-server]]</a>
<tr><td class="sepr"><a href="#2.3.2.unknownvirtualserver">2.3.2</a>&hellip;&hellip;&hellip;&hellip;&hellip;&hellip;&hellip;<td class="text"><a href="#2.3.2.unknownvirtualserver">Unknown Virtual Server</a>
<tr><td class="sepr"><a href="#2.4.gzipencoding">2.4</a>&hellip;&hellip;&hellip;&hellip;&hellip;&hellip;&hellip;<td class="text"><a href="#2.4.gzipencoding">GZIP Encoding</a>
<tr><td class="sepr"><a href="#2.4.1.responseencoding">2.4.1</a>&hellip;&hellip;&hellip;&hellip;&hellip;&hellip;&hellip;<td class="text"><a href="#2.4.1.responseencoding">Response Encoding</a>
<tr><td class="sepr"><a href="#2.4.2.requestencoding">2.4.2</a>&hellip;&hellip;&hellip;&hellip;&hellip;&hellip;&hellip;<td class="text"><a href="#2.4.2.requestencoding">Request Encoding</a>
<tr><td class="sepr"><a href="#2.5.requestthrottling">2.5</a>&hellip;&hellip;&hellip;&hellip;&hellip;&hellip;&hellip;<td class="text"><a href="#2.5.requestthrottling">Request Throttling</a>
<tr><td class="sepr"><a href="#2.6.clientconcurrency">2.6</a>&hellip;&hellip;&hellip;&hellip;&hellip;&hellip;&hellip;<td class="text"><a href="#2.6.clientconcurrency">Client Concurrency</a>
<tr><td class="sepr"><a href="#2.7.contenttypeconfiguration">2.7</a>&hellip;&hellip;&hellip;&hellip;&hellip;&hellip;&hellip;<td class="text"><a href="#2.7.contenttypeconfiguration">Content-Type Configuration</a>
<tr><td class="sepr"><a href="#2.7.1.addingcontenttypes">2.7.1</a>&hellip;&hellip;&hellip;&hellip;&hellip;&hellip;&hellip;<td class="text"><a href="#2.7.1.addingcontenttypes">Adding Content-Types</a>
<tr><td class="sepr"><a href="#2.7.2.mimetypes">2.7.2</a>&hellip;&hellip;&hellip;&hellip;&hellip;&hellip;&hellip;<td class="text"><a href="#2.7.2.mimetypes">MIME.TYPES</a>
<tr><td class="sepr"><a href="#2.7.3.unknowncontenttypes">2.7.3</a>&hellip;&hellip;&hellip;&hellip;&hellip;&hellip;&hellip;<td class="text"><a href="#2.7.3.unknowncontenttypes">Unknown Content-Types</a>
<tr><td class="sepr"><a href="#2.7.4.explicitlyspecifyingcontenttype">2.7.4</a>&hellip;&hellip;&hellip;&hellip;&hellip;&hellip;&hellip;<td class="text"><a href="#2.7.4.explicitlyspecifyingcontenttype">Explicitly Specifying Content-Type</a>
<tr><td class="sepr"><a href="#2.8.languagevariants">2.8</a>&hellip;&hellip;&hellip;&hellip;&hellip;&hellip;&hellip;<td class="text"><a href="#2.8.languagevariants">Language Variants</a>
<tr><td class="sepr"><a href="#2.9.charactersetconversion">2.9</a>&hellip;&hellip;&hellip;&hellip;&hellip;&hellip;&hellip;<td class="text"><a href="#2.9.charactersetconversion">Character Set Conversion</a>
<tr><td class="sepr"><a href="#2.10.errorreporting">2.10</a>&hellip;&hellip;&hellip;&hellip;&hellip;&hellip;&hellip;<td class="text"><a href="#2.10.errorreporting">Error Reporting</a>
<tr><td class="sepr"><a href="#2.10.1.basicanddetailed">2.10.1</a>&hellip;&hellip;&hellip;&hellip;&hellip;&hellip;&hellip;<td class="text"><a href="#2.10.1.basicanddetailed">Basic and Detailed</a>
<tr><td class="sepr"><a href="#2.10.2.sitespecific">2.10.2</a>&hellip;&hellip;&hellip;&hellip;&hellip;&hellip;&hellip;<td class="text"><a href="#2.10.2.sitespecific">Site Specific</a>
<tr><td class="sepr"><a href="#2.11.opcomlogging">2.11</a>&hellip;&hellip;&hellip;&hellip;&hellip;&hellip;&hellip;<td class="text"><a href="#2.11.opcomlogging">OPCOM Logging</a>
<tr><td class="sepr"><a href="#2.12.accesslogging">2.12</a>&hellip;&hellip;&hellip;&hellip;&hellip;&hellip;&hellip;<td class="text"><a href="#2.12.accesslogging">Access Logging</a>
<tr><td class="sepr"><a href="#2.12.1.logformat">2.12.1</a>&hellip;&hellip;&hellip;&hellip;&hellip;&hellip;&hellip;<td class="text"><a href="#2.12.1.logformat">Log Format</a>
<tr><td class="sepr"><a href="#2.12.2.logperperiod">2.12.2</a>&hellip;&hellip;&hellip;&hellip;&hellip;&hellip;&hellip;<td class="text"><a href="#2.12.2.logperperiod">Log Per-Period</a>
<tr><td class="sepr"><a href="#2.12.3.logperservice">2.12.3</a>&hellip;&hellip;&hellip;&hellip;&hellip;&hellip;&hellip;<td class="text"><a href="#2.12.3.logperservice">Log Per-Service</a>
<tr><td class="sepr"><a href="#2.12.4.logperinstance">2.12.4</a>&hellip;&hellip;&hellip;&hellip;&hellip;&hellip;&hellip;<td class="text"><a href="#2.12.4.logperinstance">Log Per-Instance</a>
<tr><td class="sepr"><a href="#2.12.5.lognaming">2.12.5</a>&hellip;&hellip;&hellip;&hellip;&hellip;&hellip;&hellip;<td class="text"><a href="#2.12.5.lognaming">Log Naming</a>
<tr><td class="sepr"><a href="#2.12.6.accesstracking">2.12.6</a>&hellip;&hellip;&hellip;&hellip;&hellip;&hellip;&hellip;<td class="text"><a href="#2.12.6.accesstracking">Access Tracking</a>
<tr><td class="sepr"><a href="#2.12.7.accessalert">2.12.7</a>&hellip;&hellip;&hellip;&hellip;&hellip;&hellip;&hellip;<td class="text"><a href="#2.12.7.accessalert">Access Alert</a>
<tr><td class="sepr"><a href="#3.securityconsiderations">3.</a>&hellip;&hellip;&hellip;&hellip;&hellip;&hellip;&hellip;<td class="text majr"><a href="#3.securityconsiderations">Security Considerations</a>
<tr><td class="sepr"><a href="#3.1.serverandsitetesting">3.1</a>&hellip;&hellip;&hellip;&hellip;&hellip;&hellip;&hellip;<td class="text"><a href="#3.1.serverandsitetesting">Server and Site Testing</a>
<tr><td class="sepr"><a href="#3.2.recommendedpackagesecurity">3.2</a>&hellip;&hellip;&hellip;&hellip;&hellip;&hellip;&hellip;<td class="text"><a href="#3.2.recommendedpackagesecurity">Recommended Package Security</a>
<tr><td class="sepr"><a href="#3.3.maintainingpackagesecurity">3.3</a>&hellip;&hellip;&hellip;&hellip;&hellip;&hellip;&hellip;<td class="text"><a href="#3.3.maintainingpackagesecurity">Maintaining Package Security</a>
<tr><td class="sepr"><a href="#3.4.independentpackageandlocalresources">3.4</a>&hellip;&hellip;&hellip;&hellip;&hellip;&hellip;&hellip;<td class="text"><a href="#3.4.independentpackageandlocalresources">Independent Package and Local Resources</a>
<tr><td class="sepr"><a href="#3.5.configuration">3.5</a>&hellip;&hellip;&hellip;&hellip;&hellip;&hellip;&hellip;<td class="text"><a href="#3.5.configuration">Configuration</a>
<tr><td class="sepr"><a href="#3.5.1.directorylistings">3.5.1</a>&hellip;&hellip;&hellip;&hellip;&hellip;&hellip;&hellip;<td class="text"><a href="#3.5.1.directorylistings">Directory Listings</a>
<tr><td class="sepr"><a href="#3.5.2.serverreports">3.5.2</a>&hellip;&hellip;&hellip;&hellip;&hellip;&hellip;&hellip;<td class="text"><a href="#3.5.2.serverreports">Server Reports</a>
<tr><td class="sepr"><a href="#3.5.3.scripting">3.5.3</a>&hellip;&hellip;&hellip;&hellip;&hellip;&hellip;&hellip;<td class="text"><a href="#3.5.3.scripting">Scripting</a>
<tr><td class="sepr"><a href="#3.5.4.serversideincludes">3.5.4</a>&hellip;&hellip;&hellip;&hellip;&hellip;&hellip;&hellip;<td class="text"><a href="#3.5.4.serversideincludes">Server Side Includes</a>
<tr><td class="sepr"><a href="#3.6.scripting">3.6</a>&hellip;&hellip;&hellip;&hellip;&hellip;&hellip;&hellip;<td class="text"><a href="#3.6.scripting">Scripting</a>
<tr><td class="sepr"><a href="#3.7.authorization">3.7</a>&hellip;&hellip;&hellip;&hellip;&hellip;&hellip;&hellip;<td class="text"><a href="#3.7.authorization">Authorization</a>
<tr><td class="sepr"><a href="#3.8.miscellaneousissues">3.8</a>&hellip;&hellip;&hellip;&hellip;&hellip;&hellip;&hellip;<td class="text"><a href="#3.8.miscellaneousissues">Miscellaneous Issues</a>
<tr><td class="sepr"><a href="#3.9.siteattacks">3.9</a>&hellip;&hellip;&hellip;&hellip;&hellip;&hellip;&hellip;<td class="text"><a href="#3.9.siteattacks">Site Attacks</a>
<tr><td class="sepr"><a href="#3.10.contentsecuritypolicycsp">3.10</a>&hellip;&hellip;&hellip;&hellip;&hellip;&hellip;&hellip;<td class="text"><a href="#3.10.contentsecuritypolicycsp">Content Security Policy (CSP)</a>
<tr><td class="sepr"><a href="#4.stringmatching">4.</a>&hellip;&hellip;&hellip;&hellip;&hellip;&hellip;&hellip;<td class="text majr"><a href="#4.stringmatching">String Matching</a>
<tr><td class="sepr"><a href="#4.1.wildcardpatterns">4.1</a>&hellip;&hellip;&hellip;&hellip;&hellip;&hellip;&hellip;<td class="text"><a href="#4.1.wildcardpatterns">Wildcard Patterns</a>
<tr><td class="sepr"><a href="#4.2.regularexpressions">4.2</a>&hellip;&hellip;&hellip;&hellip;&hellip;&hellip;&hellip;<td class="text"><a href="#4.2.regularexpressions">Regular Expressions</a>
<tr><td class="sepr"><a href="#4.3.examples">4.3</a>&hellip;&hellip;&hellip;&hellip;&hellip;&hellip;&hellip;<td class="text"><a href="#4.3.examples">Examples</a>
<tr><td class="sepr"><a href="#4.4.expressionsubstitution">4.4</a>&hellip;&hellip;&hellip;&hellip;&hellip;&hellip;&hellip;<td class="text"><a href="#4.4.expressionsubstitution">Expression Substitution</a>
<tr><td class="sepr"><a href="#5.conditionalconfiguration">5.</a>&hellip;&hellip;&hellip;&hellip;&hellip;&hellip;&hellip;<td class="text majr"><a href="#5.conditionalconfiguration">Conditional Configuration</a>
<tr><td class="sepr"><a href="#5.1.serviceconditionals">5.1</a>&hellip;&hellip;&hellip;&hellip;&hellip;&hellip;&hellip;<td class="text"><a href="#5.1.serviceconditionals">Service Conditionals</a>
<tr><td class="sepr"><a href="#5.2.ifendifconditionals">5.2</a>&hellip;&hellip;&hellip;&hellip;&hellip;&hellip;&hellip;<td class="text"><a href="#5.2.ifendifconditionals">If..endif Conditionals</a>
<tr><td class="sepr"><a href="#5.3.conditionalkeywords">5.3</a>&hellip;&hellip;&hellip;&hellip;&hellip;&hellip;&hellip;<td class="text"><a href="#5.3.conditionalkeywords">Conditional Keywords</a>
<tr><td class="sepr"><a href="#5.3.1.notepadkeyword">5.3.1</a>&hellip;&hellip;&hellip;&hellip;&hellip;&hellip;&hellip;<td class="text"><a href="#5.3.1.notepadkeyword">Notepad: Keyword</a>
<tr><td class="sepr"><a href="#5.3.2.randkeyword">5.3.2</a>&hellip;&hellip;&hellip;&hellip;&hellip;&hellip;&hellip;<td class="text"><a href="#5.3.2.randkeyword">Rand: Keyword</a>
<tr><td class="sepr"><a href="#5.3.3.requestkeyword">5.3.3</a>&hellip;&hellip;&hellip;&hellip;&hellip;&hellip;&hellip;<td class="text"><a href="#5.3.3.requestkeyword">Request: Keyword</a>
<tr><td class="sepr"><a href="#5.3.4.instanceandrobinkeywords">5.3.4</a>&hellip;&hellip;&hellip;&hellip;&hellip;&hellip;&hellip;<td class="text"><a href="#5.3.4.instanceandrobinkeywords">Instance: and Robin: Keywords</a>
<tr><td class="sepr"><a href="#5.3.5.timekeyword">5.3.5</a>&hellip;&hellip;&hellip;&hellip;&hellip;&hellip;&hellip;<td class="text"><a href="#5.3.5.timekeyword">Time: Keyword</a>
<tr><td class="sepr"><a href="#5.3.6.trnlnmkeyword">5.3.6</a>&hellip;&hellip;&hellip;&hellip;&hellip;&hellip;&hellip;<td class="text"><a href="#5.3.6.trnlnmkeyword">Trnlnm: Keyword</a>
<tr><td class="sepr"><a href="#5.3.7.hostaddresses">5.3.7</a>&hellip;&hellip;&hellip;&hellip;&hellip;&hellip;&hellip;<td class="text"><a href="#5.3.7.hostaddresses">Host Addresses</a>
<tr><td class="sepr"><a href="#5.4.examples">5.4</a>&hellip;&hellip;&hellip;&hellip;&hellip;&hellip;&hellip;<td class="text"><a href="#5.4.examples">Examples</a>
<tr><td class="sepr"><a href="#5.5.dictionary">5.5</a>&hellip;&hellip;&hellip;&hellip;&hellip;&hellip;&hellip;<td class="text"><a href="#5.5.dictionary">Dictionary</a>
<tr><td class="sepr"><a href="#5.5.1.configurationentries">5.5.1</a>&hellip;&hellip;&hellip;&hellip;&hellip;&hellip;&hellip;<td class="text"><a href="#5.5.1.configurationentries">Configuration Entries</a>
<tr><td class="sepr"><a href="#5.5.2.otherentries">5.5.2</a>&hellip;&hellip;&hellip;&hellip;&hellip;&hellip;&hellip;<td class="text"><a href="#5.5.2.otherentries">Other Entries</a>
<tr><td class="sepr"><a href="#5.5.3.entrysubstitution">5.5.3</a>&hellip;&hellip;&hellip;&hellip;&hellip;&hellip;&hellip;<td class="text"><a href="#5.5.3.entrysubstitution">Entry Substitution</a>
<tr><td class="sepr"><a href="#5.5.4.watchdictionary">5.5.4</a>&hellip;&hellip;&hellip;&hellip;&hellip;&hellip;&hellip;<td class="text"><a href="#5.5.4.watchdictionary">WATCH Dictionary</a>
<tr><td class="sepr"><a href="#6.globalconfiguration">6.</a>&hellip;&hellip;&hellip;&hellip;&hellip;&hellip;&hellip;<td class="text majr"><a href="#6.globalconfiguration">Global Configuration</a>
<tr><td class="sepr"><a href="#6.1.functionalgroupings">6.1</a>&hellip;&hellip;&hellip;&hellip;&hellip;&hellip;&hellip;<td class="text"><a href="#6.1.functionalgroupings">Functional Groupings</a>
<tr><td class="sepr"><a href="#6.2.alphabeticlisting">6.2</a>&hellip;&hellip;&hellip;&hellip;&hellip;&hellip;&hellip;<td class="text"><a href="#6.2.alphabeticlisting">Alphabetic Listing</a>
<tr><td class="sepr"><a href="#7.serviceconfiguration">7.</a>&hellip;&hellip;&hellip;&hellip;&hellip;&hellip;&hellip;<td class="text majr"><a href="#7.serviceconfiguration">Service Configuration</a>
<tr><td class="sepr"><a href="#7.1.specificservices">7.1</a>&hellip;&hellip;&hellip;&hellip;&hellip;&hellip;&hellip;<td class="text"><a href="#7.1.specificservices">Specific Services</a>
<tr><td class="sepr"><a href="#7.2.genericservices">7.2</a>&hellip;&hellip;&hellip;&hellip;&hellip;&hellip;&hellip;<td class="text"><a href="#7.2.genericservices">Generic Services</a>
<tr><td class="sepr"><a href="#7.3.sslservices">7.3</a>&hellip;&hellip;&hellip;&hellip;&hellip;&hellip;&hellip;<td class="text"><a href="#7.3.sslservices">SSL Services</a>
<tr><td class="sepr"><a href="#7.4.administrationservices">7.4</a>&hellip;&hellip;&hellip;&hellip;&hellip;&hellip;&hellip;<td class="text"><a href="#7.4.administrationservices">Administration Services</a>
<tr><td class="sepr"><a href="#7.5.ipv4andipv6">7.5</a>&hellip;&hellip;&hellip;&hellip;&hellip;&hellip;&hellip;<td class="text"><a href="#7.5.ipv4andipv6">IPv4 and IPv6</a>
<tr><td class="sepr"><a href="#7.6.towwwornottowww">7.6</a>&hellip;&hellip;&hellip;&hellip;&hellip;&hellip;&hellip;<td class="text"><a href="#7.6.towwwornottowww">To www. Or Not To www.</a>
<tr><td class="sepr"><a href="#7.7.servicedirectives">7.7</a>&hellip;&hellip;&hellip;&hellip;&hellip;&hellip;&hellip;<td class="text"><a href="#7.7.servicedirectives">Service Directives</a>
<tr><td class="sepr"><a href="#7.8.directivedetail">7.8</a>&hellip;&hellip;&hellip;&hellip;&hellip;&hellip;&hellip;<td class="text"><a href="#7.8.directivedetail">Directive Detail</a>
<tr><td class="sepr"><a href="#7.9.administration">7.9</a>&hellip;&hellip;&hellip;&hellip;&hellip;&hellip;&hellip;<td class="text"><a href="#7.9.administration">Administration</a>
<tr><td class="sepr"><a href="#7.10.serviceexamples">7.10</a>&hellip;&hellip;&hellip;&hellip;&hellip;&hellip;&hellip;<td class="text"><a href="#7.10.serviceexamples">Service Examples</a>
<tr><td class="sepr"><a href="#8.messageconfiguration">8.</a>&hellip;&hellip;&hellip;&hellip;&hellip;&hellip;&hellip;<td class="text majr"><a href="#8.messageconfiguration">Message Configuration</a>
<tr><td class="sepr"><a href="#8.1.behaviour">8.1</a>&hellip;&hellip;&hellip;&hellip;&hellip;&hellip;&hellip;<td class="text"><a href="#8.1.behaviour">Behaviour</a>
<tr><td class="sepr"><a href="#8.2.messagefileformat">8.2</a>&hellip;&hellip;&hellip;&hellip;&hellip;&hellip;&hellip;<td class="text"><a href="#8.2.messagefileformat">Message File Format</a>
<tr><td class="sepr"><a href="#8.3.multiplelanguagespecifications">8.3</a>&hellip;&hellip;&hellip;&hellip;&hellip;&hellip;&hellip;<td class="text"><a href="#8.3.multiplelanguagespecifications">Multiple Language Specifications</a>
<tr><td class="sepr"><a href="#8.4.suppliedmessagefiles">8.4</a>&hellip;&hellip;&hellip;&hellip;&hellip;&hellip;&hellip;<td class="text"><a href="#8.4.suppliedmessagefiles">Supplied Message Files</a>
<tr><td class="sepr"><a href="#9.cacheconfiguration">9.</a>&hellip;&hellip;&hellip;&hellip;&hellip;&hellip;&hellip;<td class="text majr"><a href="#9.cacheconfiguration">Cache Configuration</a>
<tr><td class="sepr"><a href="#9.1.nonfilecontentcaching">9.1</a>&hellip;&hellip;&hellip;&hellip;&hellip;&hellip;&hellip;<td class="text"><a href="#9.1.nonfilecontentcaching">Non-File Content Caching</a>
<tr><td class="sepr"><a href="#9.2.permanentandvolatile">9.2</a>&hellip;&hellip;&hellip;&hellip;&hellip;&hellip;&hellip;<td class="text"><a href="#9.2.permanentandvolatile">Permanent and Volatile</a>
<tr><td class="sepr"><a href="#9.3.cachesuitabilityconsiderations">9.3</a>&hellip;&hellip;&hellip;&hellip;&hellip;&hellip;&hellip;<td class="text"><a href="#9.3.cachesuitabilityconsiderations">Cache Suitability Considerations</a>
<tr><td class="sepr"><a href="#9.4.cachecontentvalidation">9.4</a>&hellip;&hellip;&hellip;&hellip;&hellip;&hellip;&hellip;<td class="text"><a href="#9.4.cachecontentvalidation">Cache Content Validation</a>
<tr><td class="sepr"><a href="#9.5.cacheconfiguration">9.5</a>&hellip;&hellip;&hellip;&hellip;&hellip;&hellip;&hellip;<td class="text"><a href="#9.5.cacheconfiguration">Cache Configuration</a>
<tr><td class="sepr"><a href="#9.6.cachecontrol">9.6</a>&hellip;&hellip;&hellip;&hellip;&hellip;&hellip;&hellip;<td class="text"><a href="#9.6.cachecontrol">Cache Control</a>
<tr><td class="sepr"><a href="#9.7.circumventingthecache">9.7</a>&hellip;&hellip;&hellip;&hellip;&hellip;&hellip;&hellip;<td class="text"><a href="#9.7.circumventingthecache">Circumventing The Cache</a>
<tr><td class="sepr"><a href="#10.requestprocessingconfiguration">10.</a>&hellip;&hellip;&hellip;&hellip;&hellip;&hellip;&hellip;<td class="text majr"><a href="#10.requestprocessingconfiguration">Request Processing Configuration</a>
<tr><td class="sepr"><a href="#10.1.ruleinterpretation">10.1</a>&hellip;&hellip;&hellip;&hellip;&hellip;&hellip;&hellip;<td class="text"><a href="#10.1.ruleinterpretation">Rule Interpretation</a>
<tr><td class="sepr"><a href="#10.2.vmsfilesystemspecifications">10.2</a>&hellip;&hellip;&hellip;&hellip;&hellip;&hellip;&hellip;<td class="text"><a href="#10.2.vmsfilesystemspecifications">VMS File System Specifications</a>
<tr><td class="sepr"><a href="#10.3.traditionalfilespecificationsods2">10.3</a>&hellip;&hellip;&hellip;&hellip;&hellip;&hellip;&hellip;<td class="text"><a href="#10.3.traditionalfilespecificationsods2">Traditional File Specifications (ODS-2)</a>
<tr><td class="sepr"><a href="#10.4.extendedfilespecificationsods5">10.4</a>&hellip;&hellip;&hellip;&hellip;&hellip;&hellip;&hellip;<td class="text"><a href="#10.4.extendedfilespecificationsods5">Extended File Specifications (ODS-5)</a>
<tr><td class="sepr"><a href="#10.4.1.charactersinrequestpaths">10.4.1</a>&hellip;&hellip;&hellip;&hellip;&hellip;&hellip;&hellip;<td class="text"><a href="#10.4.1.charactersinrequestpaths">Characters In Request Paths</a>
<tr><td class="sepr"><a href="#10.4.2.filenameambiguity">10.4.2</a>&hellip;&hellip;&hellip;&hellip;&hellip;&hellip;&hellip;<td class="text"><a href="#10.4.2.filenameambiguity">File Name Ambiguity</a>
<tr><td class="sepr"><a href="#10.4.3.charactersinservergeneratedpaths">10.4.3</a>&hellip;&hellip;&hellip;&hellip;&hellip;&hellip;&hellip;<td class="text"><a href="#10.4.3.charactersinservergeneratedpaths">Characters In Server-Generated Paths</a>
<tr><td class="sepr"><a href="#10.5.rules">10.5</a>&hellip;&hellip;&hellip;&hellip;&hellip;&hellip;&hellip;<td class="text"><a href="#10.5.rules">Rules</a>
<tr><td class="sepr"><a href="#10.5.1.mappassfailrules">10.5.1</a>&hellip;&hellip;&hellip;&hellip;&hellip;&hellip;&hellip;<td class="text"><a href="#10.5.1.mappassfailrules">MAP, PASS, FAIL Rules</a>
<tr><td class="sepr"><a href="#10.5.2.redirectrule">10.5.2</a>&hellip;&hellip;&hellip;&hellip;&hellip;&hellip;&hellip;<td class="text"><a href="#10.5.2.redirectrule">REDIRECT Rule</a>
<tr><td class="sepr"><a href="#10.5.3.userrule">10.5.3</a>&hellip;&hellip;&hellip;&hellip;&hellip;&hellip;&hellip;<td class="text"><a href="#10.5.3.userrule">USER Rule</a>
<tr><td class="sepr"><a href="#10.5.4.execuxecandscriptscriptmappingrules">10.5.4</a>&hellip;&hellip;&hellip;&hellip;&hellip;&hellip;&hellip;<td class="text"><a href="#10.5.4.execuxecandscriptscriptmappingrules">EXEC/UXEC and SCRIPT, Script Mapping Rules</a>
<tr><td class="sepr"><a href="#10.5.5.setrule">10.5.5</a>&hellip;&hellip;&hellip;&hellip;&hellip;&hellip;&hellip;<td class="text"><a href="#10.5.5.setrule">SET Rule</a>
<tr><td class="sepr"><a href="#10.6.reversemapping">10.6</a>&hellip;&hellip;&hellip;&hellip;&hellip;&hellip;&hellip;<td class="text"><a href="#10.6.reversemapping">Reverse Mapping</a>
<tr><td class="sepr"><a href="#10.7.mappingexamples">10.7</a>&hellip;&hellip;&hellip;&hellip;&hellip;&hellip;&hellip;<td class="text"><a href="#10.7.mappingexamples">Mapping Examples</a>
<tr><td class="sepr"><a href="#10.8.virtualservers">10.8</a>&hellip;&hellip;&hellip;&hellip;&hellip;&hellip;&hellip;<td class="text"><a href="#10.8.virtualservers">Virtual Servers</a>
<tr><td class="sepr"><a href="#10.9.conditionalmapping">10.9</a>&hellip;&hellip;&hellip;&hellip;&hellip;&hellip;&hellip;<td class="text"><a href="#10.9.conditionalmapping">Conditional Mapping</a>
<tr><td class="sepr"><a href="#10.10.mappinguserdirectoriestildecharacterquotquot">10.10</a>&hellip;&hellip;&hellip;&hellip;&hellip;&hellip;&hellip;<td class="text"><a href="#10.10.mappinguserdirectoriestildecharacterquotquot">Mapping User Directories (<span class="high italic">tilde</span> character (&quot;~&quot;))</a>
<tr><td class="sepr"><a href="#10.10.1.usingthesysuaf">10.10.1</a>&hellip;&hellip;&hellip;&hellip;&hellip;&hellip;&hellip;<td class="text"><a href="#10.10.1.usingthesysuaf">Using The SYSUAF</a>
<tr><td class="sepr"><a href="#10.10.2.withoutusingthesysuaf">10.10.2</a>&hellip;&hellip;&hellip;&hellip;&hellip;&hellip;&hellip;<td class="text"><a href="#10.10.2.withoutusingthesysuaf">Without Using The SYSUAF</a>
<tr><td class="sepr"><a href="#10.11.crossoriginresourcesharing">10.11</a>&hellip;&hellip;&hellip;&hellip;&hellip;&hellip;&hellip;<td class="text"><a href="#10.11.crossoriginresourcesharing">Cross Origin Resource Sharing</a>
<tr><td class="sepr"><a href="#11.authorizationconfigurationbasics">11.</a>&hellip;&hellip;&hellip;&hellip;&hellip;&hellip;&hellip;<td class="text majr"><a href="#11.authorizationconfigurationbasics">Authorization Configuration (Basics)</a>
<tr><td class="sepr"><a href="#11.1.sysuafidentifierauthentication">11.1</a>&hellip;&hellip;&hellip;&hellip;&hellip;&hellip;&hellip;<td class="text"><a href="#11.1.sysuafidentifierauthentication">SYSUAF/Identifier Authentication</a>
<tr><td class="sepr"><a href="#11.2.otherauthentication">11.2</a>&hellip;&hellip;&hellip;&hellip;&hellip;&hellip;&hellip;<td class="text"><a href="#11.2.otherauthentication">Other Authentication</a>
<tr><td class="sepr"><a href="#11.3.readandwritegroupings">11.3</a>&hellip;&hellip;&hellip;&hellip;&hellip;&hellip;&hellip;<td class="text"><a href="#11.3.readandwritegroupings">Read and Write Groupings</a>
<tr><td class="sepr"><a href="#11.4.considerations">11.4</a>&hellip;&hellip;&hellip;&hellip;&hellip;&hellip;&hellip;<td class="text"><a href="#11.4.considerations">Considerations</a>
<tr><td class="sepr"><a href="#12.index">12.</a>&hellip;&hellip;&hellip;&hellip;&hellip;&hellip;&hellip;<td class="text majr"><a href="#12.index">Index</a>
<tr><td class="sepr"><a href="#13.attributionandacknowledgement">13.</a>&hellip;&hellip;&hellip;&hellip;&hellip;&hellip;&hellip;<td class="text majr"><a href="#13.attributionandacknowledgement">Attribution and Acknowledgement</a>
</table>
</div>

<br>
<!-- source:0100_INTRO.WASDOC -->
<hr class="page">
<a id="1." href="#"></a>
<a id="1.introduction" href="#"></a>
<a id="introduction" href="#"></a>
<h1 class="head"><span class="numb">1.</span><span class="text">Introduction</span></h1>

<table class="TOC2table">
<tr><td><a href="#1.1.troubleshooting"><span class="numb">1.1</span><span class="text">Troubleshooting?</span></a>
</table>
</div>

<table class="NAVtable NAVprint"><tr>
<td><a href="javascript:window.history.back();">&#8617;&#xFE0E;</a>
<td><a href="#0.">&#8598;&#xFE0E;</a>
<td><a href="#0.">&#8593;&#xFE0E;</a>
<td><a href="#2.">&#8600;&#xFE0E;</a>
<td><a href="javascript:window.history.forward();">&#8618;&#xFE0E;</a>
</table>

<a id="1.0.0.0.1" href="#"></a>
<a id="1.welcome" href="#"></a>
<a id="welcome" href="#"></a>
<h5 class="head"><span class="text">Welcome!</span></h5>

<p> WASD is outlined in the
<a class="link blank" target="_blank" href="../features/#introduction">Introduction</a> and
<a class="link blank" target="_blank" href="../features/#packageoverview">Package Overview</a> sections of the
<a class="link blank" target="_blank" href="../features/#0.">WASD Features</a> document.

<p> Installation and update of the package is covered by
<a class="link blank" target="_blank" href="../install/#0.">WASD Installation</a>.

<p> This document provides detailed configuration instructions of the WASD Web
Services package.

<p> Following installation the package should require only minor further
configuration for basic serving.

<p> WASD configuration is performed using the contents of five files located
using logical names

<table class="tabl">
<tr class="tabr">
<td class="tabd">WASD_CONFIG_AUTH
<td class="tabd">request authorization control
<tr class="tabr">
<td class="tabd">WASD_CONFIG_GLOBAL
<td class="tabd">global server configuration
<tr class="tabr">
<td class="tabd">WASD_CONFIG_MAP
<td class="tabd">request processing control
<tr class="tabr">
<td class="tabd">WASD_CONFIG_MSG
<td class="tabd">provides server messages
<tr class="tabr">
<td class="tabd">WASD_CONFIG_SERVICE
<td class="tabd">specifies services (virtual servers)
</table>

<p> along with server CLI parameters commonly provide by startup DCL procedures.

<p> <span class="high bold">Initially</span> two files may require alteration.

<ol class="list">

<li class="item"> The startup file, possibly to set the local WASD_CONFIG_GMT logical (for
systems not supporting DTSS (e.g. DECnet-Plus)).  Consider using the
STARTUP_LOCAL.COM file for other site-specific requirements
(<a class="link blank" target="_blank" href="../install/#accountsupportfiles">Account Support Files</a> in <a class="link blank" target="_blank" href="../install/#0.">WASD Installation</a>).

<li class="item"> The only configuration that should require immediate attention will be
the mapping rules (<a class="link" href="#10.requestprocessingconfiguration">10. Request Processing Configuration</a>).

</ol>

<p> <span class="high bold">More generally</span> server runtime configuration involves the considerations
discussed in <a class="link" href="#2.2.siteorganisation">2.2 Site Organisation</a> along with the following aspects:

<ul class="list">

<li class="item"> Configuring the HTTP server run-time characteristics
(<a class="link" href="#2.configurationconsiderations">2. Configuration Considerations</a>).

<li class="item"> Mapping request paths to the VMS file system, and to other things such as
scripts (<a class="link" href="#10.requestprocessingconfiguration">10. Request Processing Configuration</a>).

<li class="item"> Customizing some or all messages (<a class="link" href="#8.messageconfiguration">8. Message Configuration</a>).

<li class="item"> Establishing an authentication and authorization environment
(<a class="link" href="#11.authorizationconfigurationbasics">11. Authorization Configuration (Basics)</a>).

</ul>

<a id="1.0.0.0.2" href="#"></a>
<a id="1.keepsitespecificresourcesandserverinstallationseparateanddistinct" href="#"></a>
<a id="keepsitespecificresourcesandserverinstallationseparateanddistinct" href="#"></a>
<h5 class="head"><span class="text">Keep site-specific resources and server installation separate and distinct.</span></h5>

<a id="1.1" href="#"></a>
<a id="1.1.troubleshooting" href="#"></a>
<a id="troubleshooting" href="#"></a>
<h2 class="head"><span class="numb">1.1</span><span class="text">Troubleshooting?</span></h2>

<p> When initially installing or configuring WASD, and sometimes later where
something breaks spectacularly, it is most useful to be able to gain insight
into what the server is up to.

<p> The <span class="high italic">go-to</span> tool is&nbsp; <span style="font-size:110%">WATCH</span>&nbsp; 
(yes, all capitals, and for no other reason than it makes it stand out).

<p> WATCH is described in detail in
<a class="link blank" target="_blank" href="../features/#watchfacility">WATCH Facility</a> of the <a class="link blank" target="_blank" href="../features/#0.">WASD Features and Facilities</a>
document.

<p> For most circumstances WATCH can be made available for troubleshooting even
if the configuration is significantly broken.  This is done by using a
skeleton-key to authorise special access into the server.

<p> The skeleton-key is described in detail in
<a class="link blank" target="_blank" href="../features/#skeletonkeyauthentication">Skeleton-Key Authentication</a> of the <a class="link blank" target="_blank" href="../features/#0.">WASD Features and Facilities</a>
document.

<p> <span class="high bold">TL;DR</span>

<p> Enable at the command-line with the username anything beginning with an
underscore and at least 8 characters, same for the password length.

<div class="blockof code">&dollar; HTTPD /DO=AUTH=SKELKEY=_<span class="high italic">username</span>:<span class="high italic">password</span>
</div>

<p> Then using a browser access any available service, entering the above
username (including underscore) and password when prompted.

<div class="blockof block"><a class="link blank" target="_blank" href="/httpd/-/admin/report/WATCH">https://<i>the.host.name:port</i>&thinsp;/httpd/-/admin/report/WATCH</a>
</div>

<p> The service administration facilities (of which WATCH is one) are also
available and useful.

<div class="blockof block"><a class="link blank" target="_blank" href="/httpd/-/admin/">https://<i>the.host.name:port</i>&thinsp;/httpd/-/admin/</a>
</div>
<!-- source:0400_CONSIDER.WASDOC -->
<hr class="page">
<a id="2." href="#"></a>
<a id="2.configurationconsiderations" href="#"></a>
<a id="configurationconsiderations" href="#"></a>
<h1 class="head"><span class="numb">2.</span><span class="text">Configuration Considerations</span></h1>

<div class="TOC2cols2">
<table class="TOC2table">
<tr><td><a href="#2.1.includefiledirective"><span class="numb">2.1</span><span class="text">Include File Directive</span></a>
<tr><td><a href="#2.2.siteorganisation"><span class="numb">2.2</span><span class="text">Site Organisation</span></a>
<tr><td><a href="#2.3.virtualservices"><span class="numb">2.3</span><span class="text">Virtual Services</span></a>
<tr><td><a href="#2.3.1.virtualserver"><span class="numb">2.3.1</span><span class="text">[[virtual-server]]</span></a>
<tr><td><a href="#2.3.2.unknownvirtualserver"><span class="numb">2.3.2</span><span class="text">Unknown Virtual Server</span></a>
<tr><td><a href="#2.4.gzipencoding"><span class="numb">2.4</span><span class="text">GZIP Encoding</span></a>
<tr><td><a href="#2.4.1.responseencoding"><span class="numb">2.4.1</span><span class="text">Response Encoding</span></a>
<tr><td><a href="#2.4.2.requestencoding"><span class="numb">2.4.2</span><span class="text">Request Encoding</span></a>
<tr><td><a href="#2.5.requestthrottling"><span class="numb">2.5</span><span class="text">Request Throttling</span></a>
<tr><td><a href="#2.6.clientconcurrency"><span class="numb">2.6</span><span class="text">Client Concurrency</span></a>
<tr><td><a href="#2.7.contenttypeconfiguration"><span class="numb">2.7</span><span class="text">Content-Type Configuration</span></a>
<tr><td><a href="#2.7.1.addingcontenttypes"><span class="numb">2.7.1</span><span class="text">Adding Content-Types</span></a>
<tr><td><a href="#2.7.2.mimetypes"><span class="numb">2.7.2</span><span class="text">MIME.TYPES</span></a>
<tr><td><a href="#2.7.3.unknowncontenttypes"><span class="numb">2.7.3</span><span class="text">Unknown Content-Types</span></a>
<tr><td><a href="#2.7.4.explicitlyspecifyingcontenttype"><span class="numb">2.7.4</span><span class="text">Explicitly Specifying Content-Type</span></a>
<tr><td><a href="#2.8.languagevariants"><span class="numb">2.8</span><span class="text">Language Variants</span></a>
<tr><td><a href="#2.9.charactersetconversion"><span class="numb">2.9</span><span class="text">Character Set Conversion</span></a>
<tr><td><a href="#2.10.errorreporting"><span class="numb">2.10</span><span class="text">Error Reporting</span></a>
<tr><td><a href="#2.10.1.basicanddetailed"><span class="numb">2.10.1</span><span class="text">Basic and Detailed</span></a>
<tr><td><a href="#2.10.2.sitespecific"><span class="numb">2.10.2</span><span class="text">Site Specific</span></a>
<tr><td><a href="#2.11.opcomlogging"><span class="numb">2.11</span><span class="text">OPCOM Logging</span></a>
<tr><td><a href="#2.12.accesslogging"><span class="numb">2.12</span><span class="text">Access Logging</span></a>
<tr><td><a href="#2.12.1.logformat"><span class="numb">2.12.1</span><span class="text">Log Format</span></a>
<tr><td><a href="#2.12.2.logperperiod"><span class="numb">2.12.2</span><span class="text">Log Per-Period</span></a>
<tr><td><a href="#2.12.3.logperservice"><span class="numb">2.12.3</span><span class="text">Log Per-Service</span></a>
<tr><td><a href="#2.12.4.logperinstance"><span class="numb">2.12.4</span><span class="text">Log Per-Instance</span></a>
<tr><td><a href="#2.12.5.lognaming"><span class="numb">2.12.5</span><span class="text">Log Naming</span></a>
<tr><td><a href="#2.12.6.accesstracking"><span class="numb">2.12.6</span><span class="text">Access Tracking</span></a>
<tr><td><a href="#2.12.7.accessalert"><span class="numb">2.12.7</span><span class="text">Access Alert</span></a>
</table>
</div>

<table class="NAVtable NAVprint"><tr>
<td><a href="javascript:window.history.back();">&#8617;&#xFE0E;</a>
<td><a href="#1.">&#8598;&#xFE0E;</a>
<td><a href="#0.">&#8593;&#xFE0E;</a>
<td><a href="#3.">&#8600;&#xFE0E;</a>
<td><a href="javascript:window.history.forward();">&#8618;&#xFE0E;</a>
</table>

<p> WASD has a global configuration, which applies characteristics to the entire
running server, as well as per-service (virtual server) and conditional
configuration, which applies characteristics or behaviours to specific
requests.  All configuration is provided via files located by logical names.

<a id="2.0.0.0.1" href="#"></a>
<a id="2.configurationfiles" href="#"></a>
<a id="configurationfiles" href="#"></a>
<h5 class="head"><span class="text">Configuration Files</span></h5>

<table class="tabl">
<tr class="tabr under">
<th class="tabh">Name
<th class="tabh">Scope
<th class="tabh">Description
<tr class="tabr">
<tr class="tabr">
<td class="tabd">WASD_CONFIG_AUTH
<td class="tabd">loadable
<td class="tabd">request authorization control
<tr class="tabr">
<td class="tabd">WASD_CONFIG_GLOBAL
<td class="tabd">global
<td class="tabd">global server configuration
<tr class="tabr">
<td class="tabd">WASD_CONFIG_MAP
<td class="tabd">loadable
<td class="tabd">request processing control
<tr class="tabr">
<td class="tabd">WASD_CONFIG_MSG
<td class="tabd">global
<td class="tabd">provides server messages
<tr class="tabr">
<td class="tabd">WASD_CONFIG_SERVICE
<td class="tabd">global
<td class="tabd">specifies services (virtual servers)
</table>

<p> Simple editing of these files change the configuration.  Comment lines may
be included by prefixing them with the hash (&quot;#&quot;) character.  Comment lines
prefixed with a quote and then a hash (&quot;!#&quot;) are displayed in Server Admin
reports and are WATCHable during rule proceessing. Configuration file
directives are not case-sensitive.  Any changes to global configuration file
can only be enabled by restarting the HTTPd process using the following command
on the server system.

<div class="blockof code">&dollar; HTTPD /DO=RESTART
</div>

<p> Changes to request mapping or authorization configuration files also can be
dynamically reloaded into the running server using the administration
command-line interface.

<div class="blockof code">&dollar; HTTPD /DO=MAP=LOAD
&dollar; HTTPD /DO=AUTH=LOAD
</div>

<p> Changes to configuration files can be validated at the command-line before
reload or restart.  This detects and reports any syntactical and fatal
configuration errors but of course cannot check the <span class="high italic">intent</span> of the rules.

<div class="blockof code">&dollar; HTTPD /DO=AUTH=CHECK
&dollar; HTTPD /DO=CONFIG=CHECK
&dollar; HTTPD /DO=GLOBAL=CHECK
&dollar; HTTPD /DO=MAP=CHECK
&dollar; HTTPD /DO=MSG=CHECK
&dollar; HTTPD /DO=SERVICE=CHECK
</div>

<p> The <span class="high italic">config</span> check sequentially processes each of the <span class="high italic">authorization</span>,
<span class="high italic">global</span>, <span class="high italic">mapping</span>, <span class="high italic">message</span> and <span class="high italic">service</span> configuration files.

<p> If additional server startup qualifiers are required to enable specific
configuration features then these must also be provided when checking.  For
example:

<div class="blockof code">&dollar; HTTPD /DO=AUTH=CHECK /SYSUAF /PROFILE
</div>

<p> A server's currently loaded configuration can be interrogated from the
Server Administration menu (see
<a class="link blank" target="_blank" href="../features/#serveradministration">Server Administration</a> of
<a class="link blank" target="_blank" href="../features/#0.">WASD Features and Facilities</a>).

<a id="2.1" href="#"></a>
<a id="2.1.includefiledirective" href="#"></a>
<a id="includefiledirective" href="#"></a>
<h2 class="head"><span class="numb">2.1</span><span class="text">Include File Directive</span></h2>

<p> WASD uses multiple configuration files for a server and its site, each one
providing for a different functional aspect &hellip; configuration, virtual
services, path mapping, authorization, etc.  Generally these configuration
files are &quot;flat&quot;, with all required directives included in a single file.  This 
provides a simple and straight-forward approach suitable for most sites and
allows for the provision of Server Administration page online configuration of
several aspects.

<p> It is also possible to build site configurations by including the contents
of referenced files.  This may provide a structure and flexibility not possible
using the flat-file approach.  All WASD configuration files allow the use of an
[IncludeFile] directive.  This takes a VMS file specification parameter.  The
file's contents are then loaded and processed as if part of the parent
configuration file.  These included files are allowed to be nested to a depth
of two (i.e. the configuration file can include a file which may then include
another file).

<p> The following is an example used to build up the mapping rules for four
virtual services supported on the one server.

<div class="blockof code"># WASD_CONFIG_MAP

[[alpha.site.com]]
[IncludeFile]  WASD_ROOT:[LOCAL]MAP_ALPHA_80.CONF
[[alpha.site.com:443]]
[IncludeFile]  WASD_ROOT:[LOCAL]MAP_ALPHA_443.CONF

[[beta.site.com]]
[IncludeFile]  WASD_ROOT:[LOCAL]MAP_BETA_80.CONF
[[beta.site.com:443]]
[IncludeFile]  WASD_ROOT:[LOCAL]MAP_BETA_443.CONF

[[*]]
[IncludeFile]  WASD_ROOT:[LOCAL]MAP_COMMON.CONF
</div>

<div class="note"><a id="2.1.0.0.0.1" href="#"></a>
<a id="2.1.note" href="#"></a>
<a id="note" href="#"></a>
<h5 class="head center"><span class="text">Note</span></h5>
<hr class="note_hr">

Such configurations cannot be managed using Server Administration facility (see
<a class="link blank" target="_blank" href="../features/#serveradministration">Server Administration</a> of
<a class="link blank" target="_blank" href="../features/#0.">WASD Features and Facilities</a>).
Files containing [IncludeFile] directives are noted during server startup and
if an Server Administration page configuration interface is accessed where this
would be a problem an explanatory message and warning is provided.  A
configuration <span class="high italic">can still be saved</span> but the resulting configuration will be a
flat-file representation of the server configuration, not the original
hierarchical one.
<hr class="note_hr">
</div>

<a id="2.2" href="#"></a>
<a id="2.2.siteorganisation" href="#"></a>
<a id="siteorganisation" href="#"></a>
<h2 class="head"><span class="numb">2.2</span><span class="text">Site Organisation</span></h2>

<p> <span class="high bold">It is recommended that the server distribution tree and any document and
other web-specific data areas be kept separate and distinct.</span>

<p> The former in WASD_ROOT:[000000], the latter perhaps in something like
WEB:[000000]. This logical device could be provided with the following DCL
introduced into the site or server startup procedures:

<div class="blockof code">&dollar; DEFINE /SYSTEM /TRANSLATION=CONCEALED WEB DKA0:[WEB.]
</div>

<p> See <a class="link" href="#10.2.vmsfilesystemspecifications">10.2 VMS File System Specifications</a> for further information on the
use of logical  names in locating and defining the content and structure of a
site.

<p> Note that logical device names like this need not appear in in the structure
of the Web site.  The root of the Web-accessible path can be concealed using a
final mapping rule similar to the following
<div class="blockof code">pass /* /web/*
</div>
which simply defaults <span class="high italic">anything else</span> to that physical area.  Of course if
that <span class="high italic">anything else</span> needs to exist then it must be located in that physical
area.

<p> Mapping rules are the tools used to build a logical structure to a site from
the  physical area, perhaps multiple areas, used to house the associated files.
The logical organisation of served data is largely hierarchical, organised
under the Web-server path root, and is achieved via two mechanisms.

<ol class="list">
<li class="item"> The natural tree structure provided by a hierarchical file system.
<li class="item"> The logical hierarchy possible using rules within the mapping file to 
place disparate physical areas into a single logical structure.
</ol>

<p> Physically distinct areas are used for good physical reasons (e.g. the area
can best be hosted on a task-local disk), for historical reasons (e.g. the area
existed before any Web environment existed) or for reasons of convenience (e.g.
lets put this where access controls already allow the maintainers to manage
it). 

<p> <span class="high bold">There are no good reasons for having site-specific documents integrated
into the package directory structure!</span>

<p> All site-served files should be located in an autonomous, dedicated area or
areas.  The only reason  to place script files into WASD_ROOT:[CGI-BIN] or
WASD_ROOT:[<span class="high italic">architecture</span>_BIN] is that the script script is traditionally
accessible via a /cgi-bin/ path or that the site is a small and/or low usage
environment where this directory is conveniently available for the few extra
scripts being made available.

<p> For any significant site (size that as best suits your perception), or for
when a specific software system or systems is being built or exists and it is
being &quot;Web-ified&quot;, design that software system as you would be any other.  That
is place the documentation in one directory are, executables and support
procedures in their own, management files in another, data in yet another area,
etc.  Then make those portions that are required to be accessible via the Web
interface accessible via the logical associations afforded through the use of
the server's mapping rules (<a class="link" href="#10.requestprocessingconfiguration">10. Request Processing Configuration</a>).  Of
course existing areas that are to be now made available via the Web can be
mapped in the same way.  This includes the active components - executable
scripts.  There is no reason (apart from historical) why the /cgi-bin/ path
should be used to activate scripts associated with a dedicated software system. 
Use a specific and unique path for scripts associated with each such system.

<p> When making a directory structure available via the Web care must be taken
that only the portions required to be accessed can be.  Other areas should or
must not be accessible.  The server process can only access files that are
world-accessible, it is specifically granted access via VMS protection
mechanisms (e.g. ACLs), or that the individual SYSUAF-authorized accessor can
access and which have specifically  been made available via server
authorization rules.  Use the recommendations in <a class="link" href="#3.2.recommendedpackagesecurity">3.2 Recommended Package Security</a> as guidlines when designing your own site's protections and
permissions.

<a id="2.2.0.0.1" href="#"></a>
<a id="2.2.documentroot" href="#"></a>
<a id="documentroot" href="#"></a>
<h5 class="head"><span class="text">Document Root</span></h5>

<p> A particular area of the file system may be specified as the <span class="high italic">root</span> of a
particular (virtual) sites documents.  This is done using the WASD_CONFIG_MAP
SET <span class="high italic">map=root=&lt;string&gt;</span> mapping rule.  After this rule is applied all
subsequent rules have the specified string prefixed to mapped strings before
file-system resolution.

<p> For example, the following WASD_CONFIG_MAP rule set

<div class="blockof code">[[the.virtual.site:*]]

pass /*/-/* /wasd_root/runtime/*/*
/wasd_root/* /wasd_root/*

set * map=root=/dka0/the_site

exec /cgi-bin/* /cgi-bin/*
pass /* /*
fail *
</div>

<p> when applied to the following request URLs results in the described mappings
being applied.

<div class="blockof code">http://the.virtual.site/doc/example.txt
</div>

access to the document represented by file

<div class="blockof code">DKA0:[THE_SITE.DOC]EXAMPLE.TXT
</div>

<p> With the request for a directory icon using

<div class="blockof code">http://the.virtual.site/-/httpd/file.gif
</div>

access to the image represented by file

<div class="blockof code">WASD_ROOT:[RUNTIME.HTTPD]FILE.GIF
</div>

<p> And a request for a script using

<div class="blockof code">http://the.virtual.site/cgi-bin/example.php
</div>

activation of the script represented by the file

<div class="blockof code">DKA0:[THE_SITE.CGI-BIN]EXAMPLE.PHP
</div>

<p> Care must be taken in getting the sequence of mapping rules correct for
access to non-site resources before actually setting the document root which
then ties every other resource to that root.

<a id="2.3" href="#"></a>
<a id="2.3.virtualservices" href="#"></a>
<a id="virtualservices" href="#"></a>
<h2 class="head"><span class="numb">2.3</span><span class="text">Virtual Services</span></h2>

<p> A single WASD server process is capable of concurrently supporting the same
host name on different port numbers and a number of different host names (DNS
aliased or multi-homed) using the same port number. This capability is
generally known as a <span class="high italic">virtual server</span>. There is no design limitation on the
number of these services that WASD will concurrently support.  Virtual services
offer versatile and powerful multi-site capabilities using the one system and
server.  Service determination is based on the contents of the request's
&quot;Host:&quot; header field.  If none is present it defaults to base service for the
interface's IP address and port.

<a id="2.3.0.0.1" href="#"></a>
<a id="2.3.wasdconfigservice" href="#"></a>
<a id="wasdconfigservice" href="#"></a>
<h5 class="head"><span class="text">WASD_CONFIG_SERVICE</span></h5>

<p> If the logical name WASD_CONFIG_SERVICE is defined the deprecated
WASD_CONFIG_GLOBAL [Service] directive is not used (see below).  

<p> See <a class="link" href="#7.7.servicedirectives">7.7 Service Directives</a> for further detail.

<a id="2.3.0.0.2" href="#"></a>
<a id="2.3.wasdconfigglobalservicedeprecated" href="#"></a>
<a id="wasdconfigglobalservicedeprecated" href="#"></a>
<h5 class="head"><span class="text">WASD_CONFIG_GLOBAL [Service] <span class="high italic">(deprecated)</span> </span></h5>

<p> Using the [Service] WASD_CONFIG_GLOBAL configuration parameter or the
/SERVICE qualifier the server creates an HTTP service for each specified. If
the host name is omitted it defaults to the local host name. If the port is
omitted it defaults to 80. The first port specified in the service list becomes
the &quot;administration&quot; port of the server, using the local host name, appearing
in administration reports, menus, etc.  This port is also that specified when
sending control commands via the /DO= qualifier.

<p> This rather contrived example shows a server configured to provide four
services over two host names.

<div class="blockof code">[Service]
alpha.example.com
alpha.example.com:8080
beta.example.com
beta.example.com:8000
</div>

<p> Note that both the WASD_CONFIG_SERVICE configuration file (see <a class="link" href="#7.7.servicedirectives">7.7 Service Directives</a>) and the /SERVICE= command-line  qualifier override this
directive.

<a id="2.3.1" href="#"></a>
<a id="2.3.1.virtualserver" href="#"></a>
<a id="virtualserver" href="#"></a>
<h3 class="head"><span class="numb">2.3.1</span><span class="text">[[virtual-server]]</span></h3>

<p> The essential profile of a site is established by its mapped resources and
any authorization controls, the WASD_CONFIG_MAP and WASD_CONFIG_AUTH 
configuration files respectively, and these two files support directives that
allow configuration rules to be applied to all virtual services (i.e. a
default), to a host name (all ports), or to a single specified service (host
name and specific port).

<p> To restrict rules to a specified server (virtual or real) add a line
containing the server host name, and optionally a port number, between
double-square brackets. All following rules will be applied only to that
service. If a port number is not present it applies to all ports for that
service name, otherwise only to the service using that port.  To resume
applying rules to all services use a single asterisk instead of a host name. In
this way default (all service) and server-specific rules may be interleaved to
build a composite environment, server-specific yet with defaults. Note that
service-specific and service-common rules may be mixed in any order allowing
common rules to be shared. This descriptive example shows a file with one rule
per line.

<div class="blockof code"># just an example
<span class="high italic">this rule applies to all services
so does this
and this one</span>
[[alpha.example.com]]
<span class="high italic">this one however applies only to ALPHA, but to all ports
as indeed does this</span>
[[beta.example.com:8000]]
<span class="high italic">now we switch to the BETA service, but only port 8000
another one only applying to BETA
and a third</span>
[[*]]
<span class="high italic">now we have a couple default rules
that again apply to all servers</span>
</div>

<div class="note">
<a id="2.3.1.0.1" href="#"></a>
<a id="2.3.1.serviceconditionals" href="#"></a>
<a id="serviceconditionals" href="#"></a>
<h5 class="head center"><span class="text">Service Conditionals</span></h5>
<hr class="note_hr">
As a virtual service specification acts as a conditional on subsequent rule
application they must be considered a fundamental element of <a class="link" href="#5.conditionalconfiguration">5. Conditional Configuration</a>.  Service conditionals also impose a boundary on the scope of
<span class="high italic">if..endif</span> constructs.
<hr class="note_hr">
</div>

<p> Both the mapping and authorization modules report if rules are provided for
services that are not configured for the particular server process (i.e. not in
the server's [Service] or /SERVICE parameter list). This provides feedback to
the site administrator about any configuration problems that exist, but may
also appear if a set of rules are shared between multiple processes on a system
or cluster where processes deliver differing services. In this latter case the
reports can be considered informational, but should be checked initially and
then occasionally for misconfiguration.

<div class="note"><a id="2.3.1.0.1.1" href="#"></a>
<a id="2.3.1.note" href="#"></a>
<a id="note" href="#"></a>
<h5 class="head center"><span class="text">Note</span></h5>
<hr class="note_hr">

There is a difference when specifying virtual services during service creation
and when using them to apply mapping, etc.  When creating a service the scheme
(or protocol, e.g. &quot;http:&quot;, &quot;https:&quot;) needs to be
specified so the server can apply the correct protocol to connections accepted
at that service.  Once a service is created however, it becomes defined by the
host-name and port supplied when created.  Only one scheme (protocol) can be
supported on any one host-name/port instance and so it becomes unnecessary to
provide it with mapping rules, etc.  The server will complain in instances
where it is redundant.
<hr class="note_hr">
</div>

<a id="2.3.2" href="#"></a>
<a id="2.3.2.unknownvirtualserver" href="#"></a>
<a id="unknownvirtualserver" href="#"></a>
<h3 class="head"><span class="numb">2.3.2</span><span class="text">Unknown Virtual Server</span></h3>

<p> If a service is not configured for the particular host address and port of
a request one of two actions will be taken.

<ol class="list">

<li class="item"> If the configuration directive [ServiceNotFoundURL] is set the request
will be redirected to the specified URL.  This should contain a specific host
name, as well as message page.  For the default page use:

<div class="blockof code">[ServiceNotFoundURL]  //server.host.name/httpd/-/servicenotfound.html
</div>

<li class="item"> If the above directive is not set the request is mapped using the default
rules (e.g. [[*]]).  It is possible to specify a rule set containing a default
rule for each virtual server.  The unmatched request is then handled by a
fallback rule, as illustrated in the following.

<div class="blockof code">pass /*/-/admin/*
pass /*/-/* /wasd_root/runtime/*/*
exec /cgi-bin/* /cgi-bin/*
[[virtual1.host.name]]
/* /web/virtual1/*
/ /web/virtual1/
[[virtual2.host.name]]
/* /web/virtual2/*
/ /web/virtual2/
[[virtual3.host.name]]
/* /web/virtual3/*
/ /web/virtual3/
[[*]]
/* /web/servicenotfound.html
</div>

</ol>

<p> This applies to dotted-decimal addresses as well as alpha-numeric. 
Therefore if there is a requirement to connect via a numeric IP address such a
service must have been configured.

<p> Note also that the converse is possible.  That is, it's possible to
configure a service that the server cannot ever possibly respond to because it
does not have an interface using the IP address represented by the service
host.

<a id="2.4" href="#"></a>
<a id="2.4.gzipencoding" href="#"></a>
<a id="gzipencoding" href="#"></a>
<h2 class="head"><span class="numb">2.4</span><span class="text">GZIP Encoding</span></h2>

<p> WASD can apply GZIP compression (gzip, deflate) to any suitable
response body and can accept similarly compressed request bodies.  It
dynamically maps required functions from a ZLIB shareable image.  Originally
developed against the ZLIB v1.2.<span class="high italic">n</span> port by Jean-Fran�ois Pi�ronne,
the VMS-PORTS (GNV) LIBZ package is also supported. 

<p> WASD dynamically maps the associated shareable image by successively
accessing the (optionally defined) WASD_LIBZ_SHR32 logical name, then
GNV&dollar;LIBZSHR32, then LIBZ_SHR32, before reporting GZIP unavailable. 

<p> The shareable image must be INSTALLed (without any particular privileges)
before it can be activated by the privileged WASD HTTPd image (the WASD
startup will automatically do this if necessary).  The server process log and
the Server Administration page, Statistics Report panel named Environment
contains the version activated or a VMS status message if an error was
encountered.

<a id="2.4.1" href="#"></a>
<a id="2.4.1.responseencoding" href="#"></a>
<a id="responseencoding" href="#"></a>
<h3 class="head"><span class="numb">2.4.1</span><span class="text">Response Encoding</span></h3>

<p> The WASD_CONFIG_GLOBAL directive [GzipResponse] controls whether this feature is
enabled for the gzip content-encoding of suitable response bodies.  This
directive requires at least one parameter, the compression level in the range
1..9.  Smaller values provide faster but poorer compression ratios while larger
values better compression at the cost of more CPU cycles and latency.  This
corresponds to the GZIP utility's -1..-9 CLI switches.  Two optional parameters
could allow ZLIB's 'memLevel' and 'windowBits' to be adjusted by ZLIB
afficiendos (level[,memory,window]).  A small amount of experimentation by this
author indicates minor changes in memory usage and compression ratio by
fiddling with these.

<p> Be aware that GZIP encoding is <span class="high bold">memory intensive</span>.  From
132kB to 265kB has been observed per compressing request (WATCH provides this
in a summary line).  These values apply across a wide range of transfer sizes
(from kilobytes to tens of megabytes).  It also is <span class="high bold">CPU
intensive</span> and adds response latency, though that might be well be offset
by significant reductions in transfer time on the Internet or other slower,
non-intranet infrastructures.  Text content compression has been observed from
30% to 10% of the original file size (even down to 1% in the case of the
extremely redundant content of [EXAMPLE]64K.TXT).  VMS executables (for want of
another binary test case) at around 40%.  In other words, GZIP encoding may not
be suitable or efficient for every site or every request!

<p> Once enabled WASD will GZIP the responses for all suitable contents
provided the client accepts the encoding and the response is not one of the
following:

<ul class="list list0">
<li class="item"> less than 1400 bytes (no point in the overhead)
<li class="item"> already content-encoded script output
<li class="item"> a compressed image (e.g. GIF, JPEG, PNG, etc)
<li class="item"> a video stream (presumably already compressed, e.g. MPEG)
<li class="item"> a compressed audio stream
<li class="item"> a PDF file
<li class="item"> a Shockwave Flash file
<li class="item"> an obviously compressed application stream (e.g. GZIP, ZIP, JAR)
</ul>

<p> Additional control may be exercised with the following path SETings:

<ul class="list list0">
<li class="item"> &quot;response=GZIP=all&quot;, matching paths will always have GZIP encoding
performed (the above constraints still apply)
<li class="item"> &quot;response=GZIP=none&quot;, matching paths will never have GZIP encoding
<li class="item"> &quot;response=GZIP=&lt;integer&gt;&quot;, responses with
content-lengths greater than  the specified number of kilobytes will be GZIP
content-encoded (if the content-length cannot be determined it will NOT not
encoded and the above constraints still apply)
</ul>

<p> Using path settings GZIP compression may be disabled for specified file
types (apart from those already suppressed as described above).

<div class="blockof code">set **.myzip response=gzip=none
</div>

<p> A script using the <span class="high italic">Script-Control: X-content-encoding-gzip=0</span>
CGI response header can similarly suppress GZIP compression of its output if
required. See &quot;Scripting Overview&quot; for further detail.

<a id="2.4.1.0.1" href="#"></a>
<a id="2.4.1.flushperiod" href="#"></a>
<a id="flushperiod" href="#"></a>
<h5 class="head"><span class="text">Flush Period</span></h5>

<p> By default GZIP encoding flushes the internal buffer only when full. 
Most commonly this is not an issue because of high rates of output.  However
with  slow output sources, such as from some classes of script, this can result
in considerable latency before a client sees an initial response, and then
between transmission of further output.  By default output is initially flushed
after 5 seconds and thereafter at a maximum interval of 15 seconds.  The
WASD_CONFIG_GLOBAL directive [GzipFlushSeconds] allows this period to be adjusted.

<a id="2.4.2" href="#"></a>
<a id="2.4.2.requestencoding" href="#"></a>
<a id="requestencoding" href="#"></a>
<h3 class="head"><span class="numb">2.4.2</span><span class="text">Request Encoding</span></h3>

<p> Decoding of GZIP content-encoded request bodies is enabled using the
WASD_CONFIG_GLOBAL directive [GzipAccept].  Enabling this using a value 15 (or 1)
results in the server advertising its acceptance of GZIPed requests using the
&quot;Accept-Encoding: gzip, deflate&quot; response header.  Requests containing bodies
GZIP compressed will have these decoded as they are read from the client and 
before further processing, such as the upload of files into server accessible
file-system space.  This decoding is optional and not the default with DCL and
DECnet script processing.  That is, a request body will be passed to the script
still encoded unless specific mapping directs otherwise.  Decoding by the
server into the original data prior to transfering to the script can be enabled
for all or selected scripts using the following path settings:

<ul class="list">
<li class="item"> &quot;script=body=decode&quot;, script gets the decoded stream
<li class="item"> &quot;script=body=NOdecode&quot;, script gets the raw, encoded stream (default)
</ul>

<p> Note that scripts need to be specially aware of both GZIP encoded bodies and
those already decoded by the server.  In the first case the stream must be read
to the specified content-length and then decoded.  In the second case, a
content-length cannot be provided by the server (without unencoding the entire
stream ahead of time it cannot predict the final size).  Where the server is to
decode the request body before transfering it to the script it changes the CGI
variable CONTENT_LENGTH to a single question-mark (&quot;?&quot;).  Scripts may use this
to detect the server's intention and then must ignore any transfer-encoding
and/or content-encoding header information and read the request body until
end-of-file is received.

<p> GZIP decoding (decompression) is understandably much less memory and CPU
intensive.  Experimentation indicates it does not contribute significantly to
latency either.

<a id="2.5" href="#"></a>
<a id="2.5.requestthrottling" href="#"></a>
<a id="requestthrottling" href="#"></a>
<h2 class="head"><span class="numb">2.5</span><span class="text">Request Throttling</span></h2>

<p> Request &quot;throttling&quot; is a term adopted to describe controlling
the number of requests that can be processing against any specified path at any
one time.  Requests in excess of this value are First-In-First-Out (FIFO)
queued, up to an optional limit, waiting for a currently processing request to
conclude allowing the next queued request to resume processing.  This is
primarily intended to limit concurrent resource-intensive script execution but
could be applied to any resource path.  Here's one dictionary description.

<p class="indent"> <span class="high italic">
<span class="high bold">throttle n 1:</span> a valve that regulates the supply of fuel to the engine [syn:
accelerator, throttle valve] <span class="high bold">2:</span> a pedal that controls the throttle valve;
&quot;he stepped on the gas&quot; [syn: accelerator, accelerator  pedal, gas pedal, gas,
gun] <span class="high bold">v 1:</span> place limits on; &quot;restrict the use of this parking lot&quot; [syn:
restrict, restrain, trammel, limit, bound, confine] <span class="high bold">2:</span> squeeze the throat
of; &quot;he tried to strangle his opponent&quot; [syn: strangle, strangulate] <span class="high bold">3:</span>
reduce the air supply; of carburetors [syn: choke]
</span>

<p> This is applied to a path (or paths) using the WASD_CONFIG_MAP mapping SET
THROTTLE= rule (<a class="link" href="#10.5.5.setrule">10.5.5 SET Rule</a>).  The general format is

<div class="blockof code">set <span class="high italic">path</span> throttle=<span class="high italic">n1</span>[<!-- u1 -->][<span class="high italic">n2,n3,n4,t/o1,t/o2</span>]
set <span class="high italic">path</span> throttle=<span class="high italic">from</span>[<!-- per-user -->][<span class="high italic">to,resume,busy,t/o-queue,t/o-busy</span>]
</div>

where

<ul class="list">

<li class="item"> <span class="high italic">n1</span> sets the number of concurrent requests before queuing begins (the 
number of processing requests becomes static and the number of queued requests
increases)

<li class="item"> <span class="high italic">u1</span> is separated from the <span class="high italic">n1</span> value by a forward-slash and limits
the concurrent  request any one authenticated user can process. Even though the
<span class="high italic">n1</span> value may allow processing if <span class="high italic">u1</span> would be exceeded the request is
queued.

<li class="item"> <span class="high italic">n2</span> is the concurrent requests before FIFO queuing begins, meaning
each new request is put onto the queue but at the same the first-in request is
taken off the queue for processing (the number of queued requests becomes
static and the number of processing requests increases)

<li class="item"> <span class="high italic">n3</span> puts a limit on FIFO queuing (the number of queued requests again
increases and the number of processing requests becomes static)

<li class="item"> <span class="high italic">n4</span> is an absolute limit for concurrent requests against the path (a
503 &quot;server too busy&quot; status is immediately generated)

<li class="item"> <span class="high italic">t/o1</span> is the maximum period for queued requests before they are
processed (if not constrained by <span class="high italic">n3</span>)

<li class="item"> <span class="high italic">t/o2</span> is the maximum period for queued requests before a 503 &quot;server
too busy&quot; response is returned, it begins immediately or following the expiry
of any <span class="high italic">t/o1</span>

</ul>

<p> One way to read a throttle rule is &quot;begin to <span class="high italic">throttle</span>
(queue) requests <span class="high italic">from</span> the n1 value up <span class="high italic">to</span> the n2 value,
after which the queue is FIFOed up to the n3 value when it
<span class="high italic">resume</span>s queuing-only, up until the <span class="high italic">busy</span> n4 value&quot;.

<p> Each integer represents the number of concurrent requests against the
throttle rule path.  Parameters not required may be specified as zero or
omitted in a comma-separated list.  The schema of the rule requires that each
successive parameter be larger than that preceding it.  This basic  consistency
check is performed when the rule is loaded.

<p> For any rule the possible maximum number of requests that can be
processed at any one time may be simply calculated through the addition of the
<span class="high italic">n1</span> value to the difference of the <span class="high italic">n3</span> and
<span class="high italic">n2</span> values (i.e. max = n1 + (n3 - n2)).  The maximum concurrently
queued as the difference of the <span class="high italic">n4</span> and the maximum concurrently
processed.

<p> A comprehensive throttle statistics report is available from the Server
Administration facility.

<a id="2.5.0.0.1" href="#"></a>
<a id="2.5.peruserthrottle" href="#"></a>
<a id="peruserthrottle" href="#"></a>
<h5 class="head"><span class="text">Per-User Throttle</span></h5>

<p> If the concurrent processing value (<span class="high italic">n1</span>) has a second,
slash-delimited integer, this serves to limit the number of authenticated
user-associated requests that can be concurrently processing.

<p> When a request is available for processing the associated remote user name
is  checked for activity against the queue.  The <span class="high italic">u1</span> (or per-user
throttle value) is a limit on that user name's concurrent processing.  If it
would exceed the specified value the request is queued until the number of
requests processing drops below the <span class="high italic">u1</span> value.  All other values in
the throttle rule are applied as for non-per-user throttling.

<div class="note"><a id="2.5.0.0.1.1" href="#"></a>
<a id="2.5.note" href="#"></a>
<a id="note" href="#"></a>
<h5 class="head center"><span class="text">Note</span></h5>
<hr class="note_hr">

The user name used for comparison purposes is the authenticated remote
user (same as the CGI variable value REMOTE_USER).  This can be for any realm. 
Of course the same string can be used to represent different users within
different authentication realms and so care should be exercised that per-user
throttling does not span realms otherwise unexpected (and incorrect) throttling
may occur for distinct users.
<hr class="note_hr">
</div>

<p> If an unauthenticated request is matched against the throttle rule (i.e.
there is no authorization rule matching the request  path) the client has a 500
(server error) response returned.  Obviously per-user throttling must have a
remote user name to throttle against and this is a configuration issue.

<a id="2.5.0.0.2" href="#"></a>
<a id="2.5.examples" href="#"></a>
<a id="examples" href="#"></a>
<h5 class="head"><span class="text">Examples</span></h5>

<ol class="list">

<li class="item"> <span class="high bold">throttle=10</span>

<p> Requests up to 10 are concurrently processed.  When 10 is reached futher
requests are queued to server capacity.

<li class="item"> <span class="high bold">throttle=10,20</span>

<p> Concurrent requests to 10 are processed immediately.  From 11 to 20
requests  are queued.  After 20 all requests are queued but also result in a
request FIFOing off the queue to be processed (queue length is static, number
being processed increases to server capacity).

<li class="item"> <span class="high bold">throttle=15,30,40</span>

<p> Concurrent requests up to 15 are immediately processed.  Requests 16
through to  30 are queued, while 31 to 40 requests result in the new requests
being queued and waiting requests being FIFOed into processing.  Concurrent
requests from 41 onwards are again queued, in this scenario to server capacity.

<li class="item"> <span class="high bold">throttle=10,20,30,40</span>

<p> Concurrent requests up to 10 are immediately processed.  Requests 11
through  to 20 will be queued.  Concurrent requests from 21 to 30 are queued
too, but at the same time waiting requests are FIFOed from the queue (resulting
in 10 (n1) + 10 (n3-n2) = 20 being processed).  From 31 onwards requests are
just queued.  Up to 40 concurrent requests may be against the path before all
new requests are immediately returned with a 503 &quot;busy&quot; status.  With this
scenario no more than 20 can be concurrently processed with 20 concurrently
queued.

<li class="item"> <span class="high bold">throttle=10,,,30</span>

<p> Concurrent requests up to 10 are processed.  When 10 is reached requests
are  queued up to request 30.  When request 31 arrives it is immediately given
a 503 &quot;busy&quot; status.

<li class="item"> <span class="high bold">throttle=10,20,30,40,00:02:00</span>

<p> This is basically the same as scenario 4) but with a resume-on-timeout of
two  minutes.  If there are currently 15 (or 22 or 28) requests (n1 exceeded,
n3 still within limit) the queued requests will begin processing on timeout. 
Should there be 32 processing (n3 has reached limit) the request will continue
to sit in the queue.  The timeout would not be reset.

<li class="item"> <span class="high bold">throttle=15,30,40,,,00:03:00</span> 

<p> This is basically the same as scenario 3) but with a busy-on-timeout of
three  minutes.  When the timeout expires the request is immediately dequeued
with a 503 &quot;busy&quot; status.

<li class="item"> <span class="high bold">throttle=10/1</span> 

<p> Concurrent requests up to 10 are processed.  The requests must be of 
authenticated users.  Each authenticated user is allowed to execute at most one
concurrent request against this path.  When 10 is reached, or if less than 10
users are currently executing requests, then further requests are queued to
server capacity.

<li class="item"> <span class="high bold">throttle=10/1,,,,,00:03:00</span> 

<p> This is basically the same as scenario 8) but with a busy-on-timeout of
three minutes.  When the timeout expires any requests still queued against the
user name is immediately dequeued with a 503 &quot;busy&quot; status.

</ol>

<a id="2.5.0.0.3" href="#"></a>
<a id="2.5.mappingreload" href="#"></a>
<a id="mappingreload" href="#"></a>
<h5 class="head"><span class="text">Mapping Reload</span></h5> 

<p> Throttling is applied using mapping rules.  The set of these rules may be
changed within an executing server using map reload functionality.  This means
the number of, and/or  contents of, throttle rules may change during server
execution.  The throttle functionality needs to be independent of the the
mapping functionality (requests are processed independently of mapping rules
once the rules have been applied).  After a mapping reload the contents of the
throttle data structures may be at variance with the constraints currently
executing requests began processing under.

<p> This should have little deleterious effect.  The worst case is mis-applied
constraints on the execution limits of changed request paths, and slightly
confusing data in the Throttle Report.  This quickly passes as requests being
processed under the previous throttle constraints conclude and an entirely new
collection of requests created using the constraints of the currently loaded
rules are processed.

<a id="2.6" href="#"></a>
<a id="2.6.clientconcurrency" href="#"></a>
<a id="clientconcurrency" href="#"></a>
<h2 class="head"><span class="numb">2.6</span><span class="text">Client Concurrency</span></h2>

<p> The &quot;client_connect_gt:&quot; mapping conditional (<a class="link" href="#5.conditionalconfiguration">5. Conditional Configuration</a>) attempts to allow some measurement of the number of requests a
particular client currently has being processed.  Using this decision criterion
appropriate request mapping for controlling the additional requests can be
undertaken.  It is not intended to provide  fine-grained control over
activities, rather just to prevent a single client using an unreasonable
proportion of the resources.

<p> For example.  If the number of requests from one particulat client looks
like it has got out of control (at the client end) then it becomes possible to
queue (throttle) or reject further requests.  In WASD_CONFIG_MAP

<div class="blockof code">if (client_connect_gt:15) set * throttle=15

if (client_connect_gt:15) pass * &quot;503 Exceeding your concurrency limit!&quot;
</div>

<p> While not completely foolproof it does offer some measure of control over
gross client concurrency abuse or error.

<a id="2.7" href="#"></a>
<a id="2.7.contenttypeconfiguration" href="#"></a>
<a id="contenttypeconfiguration" href="#"></a>
<h2 class="head"><span class="numb">2.7</span><span class="text">Content-Type Configuration</span></h2>

<p> HTTP uses an implementation of the MIME (Multi-purpose
Internet Mail Extensions) specification for identifying the type of data
returned in a response.  A MIME content-type consists of a plain text string
describing the data as a <span class="high italic">type</span> and slash-separated
<span class="high italic">subtype</span>, as illustrated in the following examples:

<div class="blockof code">text/html
text/plain
image/gif
image/jpeg
application/octet-stream
</div>
 The content-type is returned to the client as part of the HTTP response,
the client then using this information to correctly process and present the
data contained in that response.

<a id="2.7.1" href="#"></a>
<a id="2.7.1.addingcontenttypes" href="#"></a>
<a id="addingcontenttypes" href="#"></a>
<h3 class="head"><span class="numb">2.7.1</span><span class="text">Adding Content-Types</span></h3>

<p> In common with most HTTP servers WASD uses a file's suffix (extension, type,
e.g. <span class="high monosp">.HTML</span>, <span class="high monosp">.TXT</span>, <span class="high monosp">.GIF</span>) to identify the data type within the
file. The [AddType] directive is used during configuration to bind a file type
to a MIME content-type.  To make the server recognise and return specific
content-types these directives map file types to content-types.

<p> With the VMS file system there is no effective file characteristic or
algorithm for identifying a file's content without an exhaustive examination of
the data contained there-in &hellip; a very expensive process (and probably still
inconclusive in many cases), hence the reliance on the file type.

<div class="note"><a id="2.7.1.0.0.1" href="#"></a>
<a id="2.7.1.note" href="#"></a>
<a id="note" href="#"></a>
<h5 class="head center"><span class="text">Note</span></h5>
<hr class="note_hr">

When adding a totally new content-type to the configuration be sure also to
bind an icon to that type using the [AddIcon] directive (see below).  If this
is not done the default icon specified by [AddDefaultIcon] is displayed.  If
that is not defined then a directory listing shows
&quot;<span style="font-weight:bold;color:red;">?</span>&quot; in place of an icon.
<hr class="note_hr">
</div>


<p> Mappings using [AddType] look like these.

<div class="blockof code">[AddType]
.html  text/html   Web Markup Language
.txt   text/plain  plain text
.gif   image/gif   image (GIF)
.hlb   text/x-script /Conan  VMS Help library
.decw&dollar;book   text/x-script   /HyperReader    Bookreader book
*  internal/x-unknown   application/octet-stream
</div>

<a id="2.7.2" href="#"></a>
<a id="2.7.2.mimetypes" href="#"></a>
<a id="mimetypes" href="#"></a>
<h3 class="head"><span class="numb">2.7.2</span><span class="text">MIME.TYPES</span></h3>

<p> To allow the server to share content-type definitions with other MIME-aware
applications, and for WASD scripts to be able to perform their own mapping on a
shared understanding of MIME content it is possible to move the file suffix to
content-type mapping from a collection of [AddType]s in WASD_CONFIG_GLOBAL to an
external file.  This file is usually named MIME.TYPES and is specified in
WASD_CONFIG_GLOBAL using the [AddMimeTypesFile] directive.

<p> Mappings using MIME.TYPES look like these.

<div class="blockof code"># MIME type			Extension
application/msword            doc
application/octet-stream      bin dms lha lzh exe class
application/oda               oda
application/pdf               pdf
application/postscript        ai eps ps
application/rtf               rtf
</div>

<p> A leading content-type is mapped to single or multiple file suffixes. 
A general MIME.TYPES file commonly has content-types listed with no
corresponding file suffix.  These are ignored by WASD.  Where a file suffix is
repeated during configuration the latter version completely supercedes the
former (with the Server Administration page showing an italicised and
struck-through content-type to help identify duplicates).

<p> To allow the configuration information used by the server to generate
directory listings with additional detail, WASD-specific extensions to the
standard MIME.TYPES format are provided.  These are &quot;hidden&quot; in comment
structures so as not to interfere with non-WASD application use.  All begin
with a hash then an exclamation character (&quot;#!&quot;) then another reserved
character indicating the purpose of the extension.  Existing comments are
unaffected provided the second character is anything but an exclamation mark!

<ul class="list">

<li class="item"> <span class="high bold">#! file description</span>
<br> A space reserved character indicates following free-form text, used as
the file type description displayed on the far right of directory listings.

<li class="item"> <span class="high bold">#!/cgi-bin/script</span>
<br> A forward-slash introduces an auto-script specification.  An auto-script
is automatically activated by the server to process and display a corresponding
file's contents.  These are sometimes refered to as <span class="high italic">presentation</span>
scripts.

<li class="item"> <span class="high bold">#![<span class="high italic">alt</span>] /path/to/icon.gif</span>
<br> A left-square-bracket is used for icon specifications.  These are
actually mapped against the following content-type, not file suffix, and so
only need to be specified once for each content-type in the file.  This behaves
in a similar fashion to [AddIcon], only the components are reversed.

<li class="item"> <span class="high bold">#!!</span>
<br> The two exclamation marks can be used to indicate a MIME type intended
for WASD only.  The can be ignored by non-WASD applications.

<li class="item"> <span class="high bold">#!+</span>
<br> An exclamation mark then a plus symbol indicates an FTP transfer mode
directive.  One of three characters may follow the plus.  An &quot;A&quot; indicates that
this file type should be FTP transfered in ASCII mode.  An &quot;I&quot; or a &quot;B&quot;
indicates that this file type should be FTP transfered in Image (binary) mode.

<li class="item"> <span class="high bold">#!%</span>
<br> A percentage is ignored by WASD.  This is reserved for local (non-WASD)
viewers.

</ul>

<p> These directives are placed <span class="high bold">following</span> the MIME-type entry
they apply to.  An example of the contents of a MIME.TYPES file with various
WASD extensions.

<div class="blockof code"># MIME type			Extension
application/msword            doc
#! MS Word document
#![DOC] /httpd/-/doc.gif
application/octet-stream      bin dms lha lzh exe class
#! binary content
#![BIN] /httpd/-/binary.gif
application/oda               oda
application/pdf               pdf
application/postscript        ai eps ps
#! Adobe PostScript
#![PS.] /httpd/-/postscript.gif
#!+A
application/rtf               rtf
#! Rich Text Format
#![RTF] /httpd/-/rtf.gif
application/x-script          bks decw&dollar;bookshelf
#! DEC Bookshelf
#!/cgi-bin/hypershelf
application/x-script          bkb decw&dollar;book
#![BKR] /httpd/-/script.gif
#! DEC Book
#!/cgi-bin/hyperreader
</div>

<p> Other reserved characters have been specified for development purposes but
are not (perhaps currently) employed by the HTTP server.

<ul class="list">

<li class="item"> <span class="high bold">#!&lt; html marked-up text</span>
<br> A less-than symbol indicates HTML marked-up text.

<li class="item"> <span class="high bold">#!# blah blah blah</span>
<br> <span class="high bold">##! rhubarb rhubarb</span>
<br> Two combinations of hash and exclamation characters provide for
WASD-specific comments.

</ul>

<a id="2.7.3" href="#"></a>
<a id="2.7.3.unknowncontenttypes" href="#"></a>
<a id="unknowncontenttypes" href="#"></a>
<h3 class="head"><span class="numb">2.7.3</span><span class="text">Unknown Content-Types</span></h3>

<p> If a file type is not recognised (i.e. no [AddType] or [AddMimeTypesFile]
mapping corresponding to the  file type) then by default WASD identifies its
data as <span class="high italic">application/octet-stream</span> (i.e. essentially binary data).
Most  browsers respond to this content-type with a download dialog, allowing
the data to be saved as a file. Most commonly these unknown types manifest
themselves when authors use &quot;interesting&quot; file names to indicate their
purpose. Here are some examples the author has encountered:

<div class="blockof code">README.VMS
README.1ST
READ-ME.FIRST
BUILD.INSTRUCTIONS
MANUAL.PT1 (.PT2, &hellip;)
</div>

<p> If the site administrator would prefer another default content-type,
perhaps &quot;text/plain&quot; so that any unidentified files default to plain
text, then this may be configured by specifying that content-type as the
<span class="high italic">description</span> of the catch-all file type entry. Examples (use one
of):

<div class="blockof code">[AddType]
*  internal/x-unknown
*  internal/x-unknown  application/octet-stream
*  internal/x-unknown  text/plain
*  internal/x-unknown  something/else-entirely
</div>
 It is the author's opinion that unidentified file types should remain as
binary downloads, not &quot;text&quot; documents, which they are probably more
often not, but it's there if wanted.

<a id="2.7.4" href="#"></a>
<a id="2.7.4.explicitlyspecifyingcontenttype" href="#"></a>
<a id="explicitlyspecifyingcontenttype" href="#"></a>
<h3 class="head"><span class="numb">2.7.4</span><span class="text">Explicitly Specifying Content-Type</span></h3>

<p> When accessing files it is possible to explicitly specify the identifying
content-type to be returned to the browser in the HTTP response header.  Of
course this does not change the actual content of the file, just the header
content-type!  This is primarily provided to allow access to plain-text
documents that have obscure, non-&quot;standard&quot; or non-configured file
extensions.

<p> It could also be used for other purposes, &quot;forcing&quot; the browser to
accept a particular file as a particular content-type.  This can be useful if
the extension is not configured (as mentioned above) or in the case where the
file contains data of a known content-type but with an extension conflicting
with an already configured extension specifying data of a different
content-type.

<p> Enter the file path into the browser's URL specification field (&quot;Location:&quot;,
&quot;Address:&quot;).  Then, for plain-text, append the following query string:

<div class="blockof code">?httpd=content&amp;type=text/plain
</div>

<p> For another content-type substitute it appropriately. 
For example, to retrieve a text file in binary (why I can't imagine :-) use

<div class="blockof code">?httpd=content&amp;type=application/octet-stream
</div>

<p> This is an example:
<div class="blockof mono"><a class="link blank" target="_blank" href="/wasd_root/wasdoc/config/file.unknown">file.unknown</a>
<a class="link blank" target="_blank" href="/wasd_root/wasdoc/config/file.unknown?httpd=content&amp;type=text/plain">file.unknown?httpd=content&amp;type=text/plain</a>
</div>

<p> It is posssible to &quot;force&quot; the content-type for all files in a particular
directory.  Enter the path to the directory and then add

<div class="blockof code">?httpd=index&amp;type=text/plain
</div>

<p> (or what-ever type is desired).  Links to files in the listing will contain
the appropriate &quot;?httpd=content&amp;type=...&quot; appended as a query string.

<p> This is an example:
<div class="blockof mono"><a class="link blank" target="_blank" href="/wasd_root/wasdoc/config/*.*">*.*</a>
<a class="link blank" target="_blank" href="/wasd_root/wasdoc/config/*.*?httpd=content&amp;type=text/plain">*.*?httpd=content&amp;type=text/plain</a>
</div>

<a id="2.8" href="#"></a>
<a id="2.8.languagevariants" href="#"></a>
<a id="languagevariants" href="#"></a>
<h2 class="head"><span class="numb">2.8</span><span class="text">Language Variants</span></h2>

<p> Language-specific variants of a document may be configured to be served
automatically and transparently.  This is organized as a basic file and name
with language-specific variant indicated by an additional &quot;tag&quot;, one of
ISO language abbreviations used by the &quot;Accept-Language:&quot; request
header field, e.g. <span class="high italic">en</span> for English, <span class="high italic">fr</span> for French,
<span class="high italic">de</span> for  German, <span class="high italic">ru</span> for Russian, etc.

<p> Two variants of the basic file specification are possible; file name (the
default) and file type.  Hence if the basic file name is EXAMPLE.HTML then
specifically German, English, French and Russian language versions in the
directory would be either

<div class="blockof code">EXAMPLE.HTML
EXAMPLE_DE.HTML
EXAMPLE_EN.HTML
EXAMPLE_FR.HTML
EXAMPLE_RU.HTML
</div>

or

<div class="blockof code">EXAMPLE.HTML
EXAMPLE.HTML_DE
EXAMPLE.HTML_EN
EXAMPLE.HTML_FR
EXAMPLE.HTML_RU
</div>

<p> A path must be explicitly SET using the <span class="high italic">accept=lang</span> mapping
rule as containing language variants.  As searching for variants is a
relatively expensive operation the rule(s) applying this functionality should
be carefully crafted.  The <span class="high italic">accept=lang</span> rule accepts an optional
default language representing the contents of the basic, untagged files.  This
provides an opportunity to more efficiently handle requests with a language
first preference matching that of the default.  In this case no variant search
is undertaken, the basic file is simply served.  The following example sets a
path to contain files with a default language of French and possibly containing
other language variants.

<div class="blockof code">set /web/doc/* accept=lang=(default=fr)
</div>

<p> In this case the behaviour would be as follows.  With the default language
set to &quot;fr&quot; a request's &quot;Accept-Language:&quot; field is initially
processed to check if the first preference is for &quot;fr&quot;.  If it is then
there is no need for further accept language processing and the basic file is
returned as the response.  If not then the directory is searched for other
files matching the EXAMPLE_*.HTML specification.  All files  matching this
wildcard have the &quot;*&quot; portion (e.g. &quot;EN&quot;, &quot;FR&quot;,
&quot;DE&quot;, &quot;RU&quot;) added to a list of variants.  When the search is
complete this list is compared to the request's &quot;Accept-Language:&quot;
list.  The first one to be matched has the contents of the corresponding file
returned.  If none are matched the default version would be returned.

<p> This example of the behaviour is based on the contents of the directory
described above.  A request that specifies

<div class="blockof code">Accept-Language: fr,de,en
</div>

<p> will have EXAMPLE.HTML returned (without having searched for any other
variants).  For a request specifying 

<div class="blockof code">Accept-Language: ru,en
</div>

<p> then the EXAMPLE_RU.HTML file is returned, and if no
&quot;Accept-Language:&quot; is supplied with the request EXAMPLE.HTML would be
returned.  One or other file is always returned, with the default, non-language
file  always the fallback source of data.  If it does not exist and no other
language variant is selected the request returns a 404 file-not-found error.

<a id="2.8.0.0.1" href="#"></a>
<a id="2.8.contenttype" href="#"></a>
<a id="contenttype" href="#"></a>
<h5 class="head"><span class="text">Content-Type</span></h5>

<p> When using the <span class="high italic">accept=lang=(variant=type)</span> form of the rule
(i.e. the variant is placed on the file type rather than the default file name)
each possible file extension must also must have its content-type made known
to the server.  Using the example above the variants would need to be
configured in a similar way to the following.

<div class="blockof code">[AddType]
.HTML     &quot;text/html; charset=ISO-8859-1&quot;  Web Markup Language
.HTML_DE  &quot;text/html; charset=ISO-8859-1&quot;  HTML (German)
.HTML_EN  &quot;text/html; charset=ISO-8859-1&quot;  HTML (English)
.HTML_FR  &quot;text/html; charset=ISO-8859-1&quot;  HTML (French)
.HTML_RU  &quot;text/html; charset=koi8-r&quot;      HTML (Russian)
</div>

<a id="2.8.0.0.2" href="#"></a>
<a id="2.8.nontextcontent" href="#"></a>
<a id="nontextcontent" href="#"></a>
<h5 class="head"><span class="text">Non-Text Content</span></h5>

<p> Normally only files with a content-type of &quot;text/..&quot; are subject to
variant searching.  If the rule path includes a file type then those files
matching the rule are also variant-searched.  In this way images, audio files,
etc., may also have language-specific versions supplied transparently.  The
following illustrates this usage

<div class="blockof code">set /web/doc/*.jpg accept=lang=(default=fr)
set /web/doc/*.wav accept=lang=(default=fr)
</div>

<a id="2.9" href="#"></a>
<a id="2.9.charactersetconversion" href="#"></a>
<a id="charactersetconversion" href="#"></a>
<h2 class="head"><span class="numb">2.9</span><span class="text">Character Set Conversion</span></h2>

<p> The default character set sent in the response header for text documents
(plain and HTML) is set using the [CharsetDefault] directive and/or the SET
charset mapping rule.  English language sites should specify ISO-8859-1, other 
Latin alphabet sites, ISO-8859-2, 3, etc. Cyrillic sites might wish to specify
ISO-8859-5 or KOI8-R, and so on.

<p> Document and CGI script output may be dynamically converted from one
character set to another using the standard VMS NCS conversion library.  The
[CharsetConvert] directive provides the server with character set aliases
(those that are for all requirements the same) and which NCS conversion
function may be used to convert one character set into another.

<div class="blockof code">document-charset  accept-charset[,accept-charset..] [NCS-function-name[=factor]]
</div>

<p> When this directive is configured the server compares each text response's
character set (if any) to each of the directive's <span class="high italic">document charset</span>
string.  If it matches it then compares each of the <span class="high italic">accepted
charset</span> (if multiple) to the request &quot;Accept-Charset:&quot; list of accepted
characters sets.

<p> At least one <span class="high italic">doc-charset</span> and one <span class="high italic">accept-charset</span>
must be present.  If only these two are present (i.e. no
<span class="high italic">NCS-conversion-function</span>) it indicates that the two character sets
are aliases (i.e. the same set of characters, different name) and no conversion
is necessary.

<p> If an <span class="high italic">NCS-conversion-function</span> is supplied it indicates that the
document <span class="high italic">doc-charset</span> can be converted to the request
&quot;Accept-Charset:&quot; preference of  the <span class="high italic">accept-charset</span> using
the NCS conversion function name specified.

<p> A <span class="high italic">factor</span> parameter can be appended to the conversion function. 
Some conversion functions require more than one output byte to represent one
input byte for some characters.  The 'factor' is an integer between 1 and 4
indicating how much more buffer space may be required for the converted string. 
It works by allocating that many times more output buffer space than is
occupied by the input buffer.  If not specified it defaults to 1, or an output
buffer the same size as the input buffer.

<p> Multiple comma-separated <span class="high italic">accept-charset</span>s may be included as the
second component for either of the above behaviours, with each being matched
individually. Wildcard <span class="high monosp">*</span> (asterisk) and <span class="high monosp">%</span> (percentage) may be used in
the <span class="high italic">doc-charset</span> and <span class="high italic">accept-charset</span> strings.

<div class="blockof code">[CharsetConvert]
windows-1251 windows-1251,cp-1251
windows-1251 koi8-r windows1251_to_koi8r
koi8-r koi8-r,koi8
koi8-r windows-1251,cp-1251 koi8r_to_windows1251
koi8-r utf-8 koi8r_to_utf8=2
</div>

<a id="2.10" href="#"></a>
<a id="2.10.errorreporting" href="#"></a>
<a id="errorreporting" href="#"></a>
<h2 class="head"><span class="numb">2.10</span><span class="text">Error Reporting</span></h2>

<p> By default the server provides its own internal error reporting facility.
These reports may be configured as <span class="high italic">basic</span> or <span class="high italic">detailed</span> on
a per-path basis, as well as determining the basic &quot;look-and-feel&quot;.  For
more demanding requirements the [ErrorReportPath] configuration directive
allows a redirection path to be specified for error reporting, permitting the
site administrator to tailor both the nature and format of the information
provided.  A Server Side Include document, CGI script or even standard HTML
file(s) may be specified.  Generally an SSI document would be recommended for
the simplicity yet versatility.

<a id="2.10.1" href="#"></a>
<a id="2.10.1.basicanddetailed" href="#"></a>
<a id="basicanddetailed" href="#"></a>
<h3 class="head"><span class="numb">2.10.1</span><span class="text">Basic and Detailed</span></h3>

<p> Internally generated error reports are the most efficient.  These can be
delivered with two levels of error information.  The default is more detailed.

<blockquote>
<font size="+1">
<b>ERROR 404</b> &nbsp;-&nbsp; The requested resource could not be found.
</font>
<br>Document not found &nbsp;...&nbsp; /wasd_root/index.html
<!-- sts: %x00018292 "wasd_root:[000000]index.html" -->
<br><i>(document, bookmark, or reference requires revision)</i> 
<br>Additional information:&nbsp;
<a class="link" href="/httpd/-/status1xx.html">1<i>xx</i></a>,&nbsp;
<a class="link" href="/httpd/-/status2xx.html">2<i>xx</i></a>,&nbsp;
<a class="link" href="/httpd/-/status3xx.html">3<i>xx</i></a>,&nbsp;
<a class="link" href="/httpd/-/status4xx.html">4<i>xx</i></a>,&nbsp;
<a class="link" href="/httpd/-/status5xx.html">5<i>xx</i></a>,&nbsp;
<a class="link" href="/httpd/-/statushelp.html">help</a>
<br><hr width="55%" align="left" size="2" noshade>
<address>WASD/10.0.0 server at <a class="link" href="mailto:mark.daniel@www.example.com">www.example.com</a> port 80</address>
</blockquote>
<p> There is also the more basic.

<blockquote>
<font size="+1">
<b>ERROR 404</b> &nbsp;-&nbsp; The requested resource could not be found.
</font>
<br>Additional information:&nbsp;
<a class="link" href="/httpd/-/status1xx.html">1<i>xx</i></a>,&nbsp;
<a class="link" href="/httpd/-/status2xx.html">2<i>xx</i></a>,&nbsp;
<a class="link" href="/httpd/-/status3xx.html">3<i>xx</i></a>,&nbsp;
<a class="link" href="/httpd/-/status4xx.html">4<i>xx</i></a>,&nbsp;
<a class="link" href="/httpd/-/status5xx.html">5<i>xx</i></a>,&nbsp;
<a class="link" href="/httpd/-/statushelp.html">help</a>
<br><hr width="55%" align="left" size="2" noshade>
<address>WASD/10.0.0 server at <a class="link" href="mailto:mark.daniel@www.example.com">www.example.com</a> port 80</address>
</blockquote>
<p> These can be set per-server using the [ReportBasicOnly] configuration
directive, or on a per-path basis in the WASD_CONFIG_MAP configuration file. The
basic report is intended for environments where traditionally a minimum of
information might be provided to the user community, both to reduce site
configuration information leakage but also where a general user population may
only need or want the information that a document was either found or not found.
The detailed report often provides far more specific information as to the
nature of the event and so may be more appropriate to a more technical group of
users.  Either way it is relatively simple to provide one as the default and
the other for specific audiences.  Note that the detailed report also includes
in page &lt;META&gt; information the code module and line references for
reported errors.

<p> To default to a basic report for all but selected resource paths introduce
the following to the top of the WASD_CONFIG_MAP configuration file.

<div class="blockof code"># default is basic reports
set /* report=basic
set /internal-documents/* report=detailed
set /other/path/* report=detailed
</div>

<p> To provide the converse, default to a detailed report for all but selected
paths use the following.

<div class="blockof code"># default is detailed reports
set /web/* report=basic
</div>

<a id="2.10.1.0.1" href="#"></a>
<a id="2.10.1.othercustomization" href="#"></a>
<a id="othercustomization" href="#"></a>
<h5 class="head"><span class="text">Other Customization</span></h5>

<p> The additional reference information included in the report may be disabled
using the appropriate WASD_CONFIG_MSG [status] message item.  Emptying this message
results in an error report similar to the following.

<blockquote>
<font size="+1">
<b>ERROR 404</b> &nbsp;-&nbsp; The requested resource could not be found.
</font>
<br><hr width="55%" align="left" size="2" noshade>
<address>WASD/10.0.0 server at <a class="link" href="mailto:mark.daniel@www.example.com">www.example.com</a> port 80</address>
</blockquote>
<p> The server signature may be disabled using the WASD_CONFIG_GLOBAL
[ServerSignature] configuration directive.  This results in a minimal error
report.

<blockquote>
<font size="+1">
<b>ERROR 404</b> &nbsp;-&nbsp; The requested resource could not be found.
</font>
</blockquote>
<p> A simple approach to providing a site-specific &quot;look-and-feel&quot; to
server reports is to customize the [ServerReportBodyTag] WASD_CONFIG_GLOBAL
configuration directive.  Using this directive report page background colour,
background image, text and link colours, etc., may be specified for all
reports.  It is also possible to more significantly change the report format
and contents (within some constraints), without resorting to the site-specific
mechansims refered to below, by changing the contents of the appropriate
WASD_CONFIG_MSG [status] item.  This should be undertaken with care. 

<a id="2.10.2" href="#"></a>
<a id="2.10.2.sitespecific" href="#"></a>
<a id="sitespecific" href="#"></a>
<h3 class="head"><span class="numb">2.10.2</span><span class="text">Site Specific</span></h3>

<p> Customized error reports can be generated for all or selected HTTP status
status associated with errors reported by the server using the WASD_CONFIG_GLOBAL
[ErrorReportPath] and WASD_CONFIG_SERVER [ServiceErrorReportPath] configuration
directives.  To explicitly handle all error reports specify the path to the
error reporting mechanism (see description below) as in the following example.

<div class="blockof code">[ErrorReportPath] /httpd/-/reporterror.shtml
</div>

<p> To handle only selected error reports add the HTTP status codes following
the report path.  In this example only 403 and 404 errors are explicitly
handled, the rest remain server-generated.  This is particularly useful for
static error documents.

<div class="blockof code">[ErrorReportPath] /httpd/-/reporterror.shtml 403 404
</div>

<p> To exclude selected error reports (and handle all others by default) add
the HTTP status codes preceded by a hyphen following the report path.  In this
example 401 and 500 errors are server-generated. 

<div class="blockof code">[ErrorReportPath] /httpd/-/reporterror.shtml -401 -500
</div>

<p> Site-specific error reporting works by internal redirection.  When an error
is reported the original request is concluded and the request reconstructed
using the error report path before internally being reprocessed.  For SSI and
CGI script handlers error information becomes available via a specially-built
query string, and from that as CGI variables in the error report context.  One
implication is the original request path and query string are no longer
available.  All error information must be obtained from the error information
in the new query string.

<p> It is suggested with any use of this facility the reporting
document(s) be located somewhere local, probably WASD_ROOT:[RUNTIME.HTTPD], and then
enabled by placing the appropriate path into the [ErrorReportPath]
configuration directive.

<div class="blockof code">[ErrorReportPath] /httpd/-/reporterror.shtml
</div>

<p> Note that virtual services can subsequently have this path mapped to other
documents (or even scripts) so that some or all services may have custom error
reports. For instance the following arrangement provides each host (service)
with an customized error report.

<div class="blockof code"># WASD_CONFIG_GLOBAL
[ErrorReportPath] /errorreport.shtml

# WASD_CONFIG_MAP
[[alpha.example.com]]
pass /errorreport.shtml /httpd/-/alphareport.shtml
[[beta.example.com]]
pass /errorreport.shtml /httpd/-/betareport.shtml
[[gamma.example.com]]
pass /errorreport.shtml /httpd/-/gammareport.shtml
</div>

<a id="2.10.2.0.1" href="#"></a>
<a id="2.10.2.usingstatichtmldocuments" href="#"></a>
<a id="usingstatichtmldocuments" href="#"></a>
<h5 class="head"><span class="text">Using Static HTML Documents</span></h5>

<p> Static HTML documents are a good choice for site-specific error messages. 
They are very low overhead and are easily customizable.  One per possible
response error status code is required.  When providing an error report path
including a &quot;!UL&quot; introduces the response status code into the file
path, providing a report path that includes a three digit number representing
the HTTP status code.  A file for each possible or configured code must then be
provided, in this example for 403 (authorization failure), 404 (resource not
found) and 502 (bad gateway/script).

<div class="blockof code">[ErrorReportPath] /httpd/-/reporterror!UL.html 403 404 502
</div>

<p> This mapping will generate paths such as the following, and require the
three specified to respond to those errors.

<div class="blockof code">/httpd/-/reporterror403.html
/httpd/-/reporterror404.html
/httpd/-/reporterror502.html
</div>

<a id="2.10.2.0.2" href="#"></a>
<a id="2.10.2.usinganssidocument" href="#"></a>
<a id="usinganssidocument" href="#"></a>
<h5 class="head"><span class="text">Using an SSI Document</span></h5>

<p> SSI documents provide the versatility of dynamic report generation for
but they do take  time and CPU for processing, and this may be a significant
consideration on busy sites.

<p> Three example SSI error report documents are provided.

<ol class="list">

<li class="item"> <a class="link blank" target="_blank" 
href="/wasd_root/example/reporterror1.shtml?httpd=content&type=text/plain">
WASD_ROOT:[EXAMPLE]REPORTERROR1.SHTML</a>
<br>Provides a report identical with those internally generated in versions
prior to v7.0.


<li class="item"> <a class="link blank" target="_blank" 
href="/wasd_root/example/reporterror2.shtml?httpd=content&type=text/plain">
WASD_ROOT:[EXAMPLE]REPORTERROR2.SHTML</a>
<br>This is a minor variation, showing how the format may be easily customized.


<li class="item"> <a class="link blank" target="_blank"
<a href="/wasd_root/example/reporterror3.shtml?httpd=content&type=text/plain">
WASD_ROOT:[EXAMPLE]REPORTERROR3.SHTML</a>
<br>This version has a radically different format and content, with much less
specific error information (which some administrator's may consider
advantageous). When generated these reports
<a class="link blank" target="_blank"
href="/wasd_root/example/reporterror3.html">look something like this</a>.


<li class="item"> <a class="link blank" target="_blank"
<a href="/wasd_root/example/reporterror4.shtml?httpd=content&type=text/plain">
WASD_ROOT:[EXAMPLE]REPORTERROR4.SHTML</a>
<br> This example uses the report format provided with WASD v7.0 and later,
and <a class="link blank" target="_blank"
href="/wasd_root/example/reporterror4.html">look something like this</a>.


<li class="item"> <a class="link blank" target="_blank"
<a href="/wasd_root/example/reporterror5.shtml?httpd=content&type=text/plain">
WASD_ROOT:[EXAMPLE]REPORTERROR5.SHTML</a>
<br>This is another variation, showing how the format may be easily customized.
When generated this report <a class="link blank" target="_blank"
href="/wasd_root/example/reporterror5.html">looks something like this</a>.


</ol>

<p> The following SSI variables are available specifically for generating
error reports. The &lt;!--#printenv --&gt; statement near the top of the
file may be uncommented to view all SSI and CGI variables available.

<p> 
<a id="2.10.2.0.3" href="#"></a>
<a id="2.10.2.errorvariables" href="#"></a>
<a id="errorvariables" href="#"></a>
<h5 class="head"><span class="text">Error Variables</span></h5>

<table class="tabl">
<tr class="tabr under">
<th class="tabh">Variable
<th class="tabh">Description
<tr class="tabr">
<tr class="tabr">
<td class="tabd">ERROR_LINE
<td class="tabd">The HTTPd source code line from where the error was generated.
<tr class="tabr">
<td class="tabd">ERROR_MODULE
<td class="tabd">The HTTPd source code module corresponding to the line described above.
<tr class="tabr">
<td class="tabd">ERROR_REPORT
<td class="tabd">A single HTML string providing a detailed error message.
<tr class="tabr">
<td class="tabd">ERROR_REPORT2
<td class="tabd">A single HTML comment providing more detailed VMS error information if
available
<tr class="tabr">
<td class="tabd">ERROR_REPORT3
<td class="tabd">A server-generated HTML string providing a brief explanation of the error if
available
<tr class="tabr">
<td class="tabd">ERROR_STATUS_CLASS
<td class="tabd">Essentially the single hundreds digit from the status code (e.g. 4).
<tr class="tabr">
<td class="tabd">ERROR_STATUS_CODE
<td class="tabd">The HTTP response status code representing the error (e.g. 404).
<tr class="tabr">
<td class="tabd">ERROR_STATUS_EXPLANATION
<td class="tabd">The HTTP response status code descriptive meaning (e.g. &quot;The requested
resource could not be found.&quot;)
<tr class="tabr">
<td class="tabd">ERROR_STATUS_TEXT
<td class="tabd">The HTTP response status code abbreviated meaning (e.g. &quot;Not Found&quot;).
<tr class="tabr">
<td class="tabd">ERROR_STATUS_TYPE
<td class="tabd">&quot;basic&quot; or &quot;detailed&quot;.
<tr class="tabr">
<td class="tabd">ERROR_STATUS_URI
<td class="tabd">The HTML-escaped URI of the request reporting the error.
<tr class="tabr">
<td class="tabd">FORM_ERROR_&hellip;
<td class="tabd">A series of CGI variables providing the sources for the above SSI variables, as
well as other general environment information.
</table>

<a id="2.10.2.0.4" href="#"></a>
<a id="2.10.2.usingascript" href="#"></a>
<a id="usingascript" href="#"></a>
<h5 class="head"><span class="text">Using a Script</span></h5>

<p> It is also possible to report using a script.
The same error information is available via corresponding CGI variables.
The source code
<a class="link blank" target="_blank" href="/wasd_root/src/misc/reporterror.c">WASD_ROOT:[SRC.MISC]REPORTERROR.C</a>
provides such an implementation example.

<a id="2.11" href="#"></a>
<a id="2.11.opcomlogging" href="#"></a>
<a id="opcomlogging" href="#"></a>
<h2 class="head"><span class="numb">2.11</span><span class="text">OPCOM Logging</span></h2>

<p> Significant server events may be optionally displayed via a selected
operator's console and recorded in the operator log.  Various categories of
these events may be selectively enabled via WASD_CONFIG_GLOBAL directives
(<a class="link" href="#6.globalconfiguration">6. Global Configuration</a>).

<ul class="list list0">
<li class="item"> Server Administration page directives
<li class="item"> authentication/authorization (e.g. failures)
<li class="item"> CLI HTTPd control directives
<li class="item"> HTTPd events (e.g. startup, exit, SSL private key password requests)
<li class="item"> proxy file cache maintenance
</ul>

<p> Some significant server events are always logged to OPCOM if any one of the 
above categories is enabled.

<a id="2.12" href="#"></a>
<a id="2.12.accesslogging" href="#"></a>
<a id="accesslogging" href="#"></a>
<h2 class="head"><span class="numb">2.12</span><span class="text">Access Logging</span></h2>

<p> WASD provides a versatile access log, allowing data to be collected in
Web-standard <span class="high italic">common</span> and <span class="high italic">combined</span> formats, as well as allowing
customization of the log record format.  It is also possible to specify a log
period.  If this is done log files are automatically changed according to the
period specified.

<p> Where multiple access log files are generated with per-instance, per-period
and/or per-service logging (see below) these can be merged into single files
for administrative or archival purposes using the CALOGS utility.

<p> The Quick-and-Dirty LOG STATisticS utility can be used to provide elementary
ad hoc log analysis from the command-line or CGI interface.

<p> Exclude requests from specified hosts using the [LogExcludeHosts]
configuration parameter, or using the &quot;SET NOLOG&quot; mapping directive.

<a id="2.12.1" href="#"></a>
<a id="2.12.1.logformat" href="#"></a>
<a id="logformat" href="#"></a>
<h3 class="head"><span class="numb">2.12.1</span><span class="text">Log Format</span></h3>

<p> The configuration parameter [LogFormat] and the server qualifier /FORMAT
specifies one of three pre-defined formats, or a user-definable format. Most
log analysis tools can process the three pre-defined formats.  There is a small
performance impost when using the user-defined format, as the log entry must be
specially formatted for each request.

<ul class="list">
                
<li class="item"> <span class="high bold">COMMON -</span>
This is the most common, base logging format for Web servers.  COMMON is the
default log format.

<li class="item"> <span class="high bold">COMMON_SERVER -</span>
This is an optional format used, for one, by the NCSA server.  It is basically
the common format, with the server host name appended to the line (used for
multi-homed servers, see <a class="link" href="#2.3.virtualservices">2.3 Virtual Services</a>).

<li class="item"> <span class="high bold">COMBINED -</span>
This is an optional format used, for one again, by the NCSA server.  It too is
basically the common format, with the HTTP referer and user agent appended.

</ul>

<a id="2.12.1.0.1" href="#"></a>
<a id="2.12.1.userdefined" href="#"></a>
<a id="userdefined" href="#"></a>
<h5 class="head"><span class="text">User-Defined</span></h5>

<p> The user-defined format allows customised log formats to be specified using
a selection of commonly required data. The specification must begin with a
character that is used as a substitute when a particular field is empty (use
&quot;0&quot; for no substitute, as in the &quot;windows log format&quot; example below).

<p> Two different &quot;escape&quot; characters introduce the following parameters:

<a id="2.12.1.0.2" href="#"></a>
<a id="2.12.1.aquotquotfollowedby" href="#"></a>
<a id="aquotquotfollowedby" href="#"></a>
<h5 class="head"><span class="text">A &quot;!&quot; followed by</span></h5>

<table class="tabl">
<tr class="tabr under">
<th class="tabh">Characters
<th class="tabh">Description
<tr class="tabr">
<tr class="tabr backlight">
<td class="tabd">AR
<td class="tabd">authentication realm (if any)
<tr class="tabr">
<td class="tabd">AU
<td class="tabd">authenticated user name (if any)
<tr class="tabr backlight">
<td class="tabd">BB
<td class="tabd">bytes in body (excludes response header)
<tr class="tabr">
<td class="tabd">BQ
<td class="tabd">quadword bytes in response (includes header)
<tr class="tabr backlight">
<td class="tabd">BY
<td class="tabd">bytes in response (includes header)
<tr class="tabr">
<td class="tabd">CA
<td class="tabd">client address
<tr class="tabr backlight">
<td class="tabd">CC
<td class="tabd">X509 client certificate authorization distinguishing name
<tr class="tabr">
<td class="tabd">CI
<td class="tabd">SSL session cipher (e.g. &quot;AES128-SHA&quot;,
&quot;AES256-SHA256&quot;)
<tr class="tabr backlight">
<td class="tabd">CL
<td class="tabd">value provided by &quot;Content-Length:&quot; header (cf.
&quot;PL&quot;)
<tr class="tabr">
<td class="tabd">CN
<td class="tabd">client host name (or address if DNS lookup disabled)
<tr class="tabr backlight">
<td class="tabd">CP
<td class="tabd">client port
<tr class="tabr">
<td class="tabd">DI
<td class="tabd">specified dictionary value
<tr class="tabr backlight">
<td class="tabd">ID
<td class="tabd">session track ID - obsolete
<tr class="tabr">
<td class="tabd">EM
<td class="tabd">request elapsed time in milliseconds
<tr class="tabr backlight">
<td class="tabd">ES
<td class="tabd">request elapsed time in fractional seconds
<tr class="tabr">
<td class="tabd">ME
<td class="tabd">request method
<tr class="tabr backlight">
<td class="tabd">NP
<td class="tabd">specified notepad value
<tr class="tabr">
<td class="tabd">PA
<td class="tabd">request path (not to be confused with &quot;RQ&quot;)
<tr class="tabr backlight">
<td class="tabd">PL
<td class="tabd">actual body (payload) length received with POST or PUT (cf.
&quot;CL&quot;)
<tr class="tabr">
<td class="tabd">PR
<td class="tabd">request URL (includes protocol scheme)
<tr class="tabr backlight">
<td class="tabd">QS
<td class="tabd">request query string (if any)
<tr class="tabr">
<td class="tabd">RF
<td class="tabd">referer (if any)
<tr class="tabr backlight">
<td class="tabd">RQ
<td class="tabd">complete request string (see below)
<tr class="tabr">
<td class="tabd">RP
<td class="tabd">request protocol
<tr class="tabr backlight">
<td class="tabd">RS
<td class="tabd">response status code
<tr class="tabr">
<td class="tabd">SN
<td class="tabd">server host name
<tr class="tabr backlight">
<td class="tabd">SC
<td class="tabd">script name (if any)
<tr class="tabr">
<td class="tabd">SM
<td class="tabd">request scheme (http: or https:)
<tr class="tabr backlight">
<td class="tabd">SP
<td class="tabd">server port
<tr class="tabr">
<td class="tabd">SR
<td class="tabd">SSL session reused
<tr class="tabr backlight">
<td class="tabd">SV
<td class="tabd">SSL protocol (e.g. &quot;SSLv3&quot;, &quot;TLSv1&quot;)
<tr class="tabr">
<td class="tabd">TC
<td class="tabd">request time (common log format)
<tr class="tabr backlight">
<td class="tabd">TI
<td class="tabd">request time (local in ISO 8601 extended format)
<tr class="tabr">
<td class="tabd">TS
<td class="tabd">request time (UTC in ISO 8601 basic format) sortable
<tr class="tabr backlight">
<td class="tabd">TU
<td class="tabd">request time (UTC)
<tr class="tabr">
<td class="tabd">TV
<td class="tabd">request time (VMS format)
<tr class="tabr backlight">
<td class="tabd">UA
<td class="tabd">user agent
<tr class="tabr">
<td class="tabd">VS
<td class="tabd">virtual service (service host:port)
<tr class="tabr backlight">
<td class="tabd">XX
<td class="tabd">custom, usually site/client-specific, logging item<br>
see module [SRC.HTTPD]LOGGING.C functions LoggingCustom..()
</table>

<a id="2.12.1.0.3" href="#"></a>
<a id="2.12.1.aquot94quotfollowedby" href="#"></a>
<a id="aquot94quotfollowedby" href="#"></a>
<h5 class="head"><span class="text">A &quot;&#94;&quot; followed by</span></h5>

<table class="tabl">
<tr class="tabr under">
<th class="tabh">Character
<th class="tabh">Description
<tr class="tabr">
<tr class="tabr backlight">
<td class="tabd">0
<td class="tabd">a null character (used to define the empty field character)
<tr class="tabr">
<td class="tabd">!
<td class="tabd">insert an &quot;!&quot;
<tr class="tabr backlight">
<td class="tabd">&#94;
<td class="tabd">insert a &quot;&#94;&quot;
<tr class="tabr">
<td class="tabd">n
<td class="tabd">insert a newline
<tr class="tabr backlight">
<td class="tabd">q
<td class="tabd">insert a quote (so that in DCL the quotes won't need escaping!)
<tr class="tabr">
<td class="tabd">t
<td class="tabd">insert a TAB
</table>

<p> Any other character is directly inserted into the log entry.

<div class="note">
<a id="2.12.1.0.4" href="#"></a>
<a id="2.12.1.quotpaquotandquotrqquot" href="#"></a>
<a id="quotpaquotandquotrqquot" href="#"></a>
<h5 class="head center"><span class="text">&quot;PA&quot; and &quot;RQ&quot;</span></h5>
<hr class="note_hr">
The &quot;PA&quot; and &quot;RQ&quot; have distinct roles.  In general the &quot;RQ&quot; (request) directive
will always be used as this is the full request string;  script component (if
any), path string and query string component (if any).  The &quot;PA&quot; directive is
merely the path string after any script and query string components have been
removed.
<hr class="note_hr">
</div>

<a id="2.12.1.0.5" href="#"></a>
<a id="2.12.1.predefinedplususerdefined" href="#"></a>
<a id="predefinedplususerdefined" href="#"></a>
<h5 class="head"><span class="text">Pre-defined Plus User-Defined</span></h5>

<p> It is possible to use one of the pre-defined log format keywords with
additional user-defined directive appended.  The appended directives must
include ALL additional literal characters and directives required in the log
entry.  The syntax is &lt;pre-defined keyword&gt;+&lt;appended format&gt; as in &quot;COMMON+
!EM&quot;. 

<a id="2.12.1.0.6" href="#"></a>
<a id="2.12.1.examples" href="#"></a>
<a id="examples" href="#"></a>
<h5 class="head"><span class="text">Examples</span></h5>

<ol class="list">

<li class="item"> The equivalent of the common log format is:
<div class="blockof code">-!CN - !AU [!TC] q!RQq !RS !BY
</div>

<li class="item"> The combined log format could be specified as:
<div class="blockof code">-!CN - !AU [!TC] q!RQq !RS !BY q!RFq q!UAq
</div>

<li class="item"> The <span class="high italic">O'Reilly WebSite</span> &quot;windows log format&quot; would be
created by:
<div class="blockof code">0!TCt!CAt!SNt!ARt!AUt!MEt!PAt!RQt!EMt!UAt!RSt!BBt
</div>

<li class="item"> The common log format with appended request duration in seconds could be
provided using:
<div class="blockof code">-!CN - !AU [!TC] q!RQq !RS !BY !ES
</div>

<li class="item"> Alternatively, to append the SSL protocol version and cipher with the
combined format:
<div class="blockof code">COMBINED+ !SV !CI
</div>

</ol>

<a id="2.12.2" href="#"></a>
<a id="2.12.2.logperperiod" href="#"></a>
<a id="logperperiod" href="#"></a>
<h3 class="head"><span class="numb">2.12.2</span><span class="text">Log Per-Period</span></h3>

<p> The access log file may have a period specified against it, producing an
automatic generation of log file based on that period. This allows logs to be
systematically named, ordered and kept to a managable size. This is also known
as log rotation.  The period specified can be one of

<ul class="list list0">
<li class="item"> HOURLY
<li class="item"> DAILY
<li class="item"> weekly as &hellip;
<br> MONDAY
<br> TUESDAY
<br> WEDNESDAY
<br> THURSDAY
<br> FRIDAY
<br> SATURDAY
<br> SUNDAY
<li class="item"> MONTHLY
</ul>

<p> The log file changes on the first request after the entering of the new
period.

<p> When using a periodic log file, the file name specified by WASD_CONFIG_LOG or
the configuration parameter [LogFile] is partially ignored, only partially
because the directory component of it is used to located the generated file
name. The periodic log file name generated comprises

<ul class="list list0">
<li class="item"> server host name
<li class="item"> server port
<li class="item"> year (YYYY)
<li class="item"> month (MM)
<li class="item"> day (DD)
<li class="item"> hour (HH, only present when HOURLY period is configured)
</ul>

<p> as in the following example

<div class="blockof code">WASD_LOGS:WASD_80_19971013_ACCESS.LOG
</div>

<p> For the daily period the date represents the request date. For the weekly
period it is the date of the previous (or current) day specified. That is, if
the request occurs on the Wednesday for a weekly period specified by Monday
the log date show the last Monday's. For the monthly period it uses the first.

<a id="2.12.3" href="#"></a>
<a id="2.12.3.logperservice" href="#"></a>
<a id="logperservice" href="#"></a>
<h3 class="head"><span class="numb">2.12.3</span><span class="text">Log Per-Service</span></h3>

<p> By default a single access log file is created for each HTTP server process.
Using the [LogPerService] configuration directive a log file for each service
provided by the HTTPd is generated (<a class="link" href="#2.3.virtualservices">2.3 Virtual Services</a>). The [LogNaming]
format can be any of &quot;NAME&quot; (default) which names the log file using the first
period-delimited component of the IP host name, &quot;HOST&quot; (which uses as much of
the IP host name as can be accomodated within the maximum 39 character filename
limitation under ODS-2), or &quot;ADDRESS&quot; which uses the full IP host address in
the name.  Both HOST and ADDRESS have hyphens substituted for periods in the
string.  If these are specified then by default the service port follows the
host name component.  This may be suppressed using the [LogPerServiceHostOnly]
directive, allowing a minimum extra 3 characters in the name, and combining
entries for all ports associated with the host name (for example, a standard
HTTP service on port 80 and an SSL service on port 443 would have entries in
the  one file).

<a id="2.12.4" href="#"></a>
<a id="2.12.4.logperinstance" href="#"></a>
<a id="logperinstance" href="#"></a>
<h3 class="head"><span class="numb">2.12.4</span><span class="text">Log Per-Instance</span></h3>

<p> To reduce physical disk activity, and thereby significantly improve
performance, the RMS characteristics of the logging stream are set to buffer
records for as long as possible and only write to disk when buffer space is
exhausted (a periodic flush ensures records from times of low activity are
written to disk).  However when multiple server processes (either in the case
of multiple instances on a single node, single instance on each of multiple
clustered  nodes, or a combination of the two) have the same log files open for
write then this buffering and defered write-to-disk is disabled by RMS, it
insisting that all records must be flushed to disk for correct serialization
and coherency.

<p> This introduces measurable latency and a potentially significant bottleneck
to high-demand processing.  Note that it only becomes a real issue under load. 
Sites with a low load should not experience any impact.

<p> Sites that may be affected by this issue can revert to the original buffered
log stream by enabling the [LogPerInstance] configuration directive. This
ensures that each log stream has only one writer by creating a unique log file
for each instance process executing on the node and/or cluster.  It does this
by appending the node and process name to the file type.  This would change the
log name from something like

<div class="blockof code">WASD_LOGS:131-185-250-202_80_ACCESS.LOG
</div>

to, in the case of a two-instance single node,

<div class="blockof code">WASD_LOGS:131-185-250-202_80_ACCESS.LOG_KLAATU_HTTPD-80
WASD_LOGS:131-185-250-202_80_ACCESS.LOG_KLAATU_HTTPE-80
</div>

<p> <span class="high bold">Of course the number-of and naming-of log files is beginning to become a
little itimidating at this stage!</span>  To assist with managing this seeming
plethora of access log files is the calogs utility, which allows multiple log
files to be merged whilst keeping the records in timestamp order.

<a id="2.12.5" href="#"></a>
<a id="2.12.5.lognaming" href="#"></a>
<a id="lognaming" href="#"></a>
<h3 class="head"><span class="numb">2.12.5</span><span class="text">Log Naming</span></h3>

<p> When per-period or per-service logging is enabled the access log file has a
specific name generated.  Part of this name is the host's name or IP address.
By default the host name is used, however if the host IP address is specified
the literal address is used, hyphens being substituted for the periods.
Accepted values for the [LogNaming] configuration directive are:

<ul class="list list0">
<li class="item"> ADDRESS
<li class="item"> HOST
<li class="item"> NAME (default)
</ul>

<p> Examples of generated per-service (non-per-period) log names:

<div class="blockof code">WASD_LOGS:131-185-250-202_80_ACCESS.LOG
WASD_LOGS:WWW-EXAMPLE-COM_80_ACCESS.LOG
WASD_LOGS:WASD_80_ACCESS.LOG
</div>

<p> Examples of generated per-period (with/without per-service) log names:

<div class="blockof code">WASD_LOGS:131-185-250-202_80_19971013_ACCESS.LOG
WASD_LOGS:WWW-EXAMPLE-COM_80_19971013_ACCESS.LOG
WASD_LOGS:WWW_80_19971013_ACCESS.LOG
</div>

<p> Examples of generated per-instance (per-service and per-period) log names:

<div class="blockof code">WASD_LOGS:131-185-250-202_80_ACCESS.LOG_KLAATU_HTTPD-80
WASD_LOGS:WWW-EXAMPLE-COM_80_ACCESS.LOG_KLAATU_HTTPD-80
WASD_LOGS:WASD_80_ACCESS.LOG_KLAATU_HTTPD-80
WASD_LOGS:131-185-250-202_80_19971013_ACCESS.LOG_KLAATU_HTTPD-80
WASD_LOGS:WWW-EXAMPLE-COM_80_19971013_ACCESS.LOG_KLAATU_HTTPD-80
WASD_LOGS:WWW_80_19971013_ACCESS.LOG_KLAATU_HTTPD-80
</div>

<a id="2.12.6" href="#"></a>
<a id="2.12.6.accesstracking" href="#"></a>
<a id="accesstracking" href="#"></a>
<h3 class="head"><span class="numb">2.12.6</span><span class="text">Access Tracking</span></h3>

<p> Access tracking has been obsoleted with WASD v11.0.

<a id="2.12.7" href="#"></a>
<a id="2.12.7.accessalert" href="#"></a>
<a id="accessalert" href="#"></a>
<h3 class="head"><span class="numb">2.12.7</span><span class="text">Access Alert</span></h3>

<p> It is possible to mark a path as being of specific interest.  When this is
accessed by a request the server puts a message into the the server process log
and perhaps of greater immediate utility the increase in alert hits is detected
by HTTPDMON and this (optionally) provides an audible alert allowing immediate
attention.  This is enabled on a per-path basis using the SET mapping rule. 
Variations on the basic rule allow some control over when the alert is
generated.

<ul class="list simple list0">
<li class="item"> ALERT &ndash; at the conclusion of the request
<li class="item"> ALERT=MAP &ndash; immediately after mapping (early)
<li class="item"> ALERT=AUTH &ndash; when (any) authorization has been performed
<li class="item"> ALERT=END &ndash; at the conclusion of the request (default)
<li class="item"> ALERT=<span class="high italic">integer</span> &ndash; see below
<li class="item"> NOALERT &ndash; suppress alert for this path
</ul>

<p> The special case ALERT=<span class="high italic">integer</span> allows a path to be alerted if the final
response HTTP status is the same as the integer specified (e.g. 501, 404) or
within the category specified (599, 499).
<!-- source:0500_SECURITY.WASDOC -->
<hr class="page">
<a id="3." href="#"></a>
<a id="3.securityconsiderations" href="#"></a>
<a id="securityconsiderations" href="#"></a>
<h1 class="head"><span class="numb">3.</span><span class="text">Security Considerations</span></h1>

<div class="TOC2cols2">
<table class="TOC2table">
<tr><td><a href="#3.1.serverandsitetesting"><span class="numb">3.1</span><span class="text">Server and Site Testing</span></a>
<tr><td><a href="#3.2.recommendedpackagesecurity"><span class="numb">3.2</span><span class="text">Recommended Package Security</span></a>
<tr><td><a href="#3.3.maintainingpackagesecurity"><span class="numb">3.3</span><span class="text">Maintaining Package Security</span></a>
<tr><td><a href="#3.4.independentpackageandlocalresources"><span class="numb">3.4</span><span class="text">Independent Package and Local Resources</span></a>
<tr><td><a href="#3.5.configuration"><span class="numb">3.5</span><span class="text">Configuration</span></a>
<tr><td><a href="#3.5.1.directorylistings"><span class="numb">3.5.1</span><span class="text">Directory Listings</span></a>
<tr><td><a href="#3.5.2.serverreports"><span class="numb">3.5.2</span><span class="text">Server Reports</span></a>
<tr><td><a href="#3.5.3.scripting"><span class="numb">3.5.3</span><span class="text">Scripting</span></a>
<tr><td><a href="#3.5.4.serversideincludes"><span class="numb">3.5.4</span><span class="text">Server Side Includes</span></a>
<tr><td><a href="#3.6.scripting"><span class="numb">3.6</span><span class="text">Scripting</span></a>
<tr><td><a href="#3.7.authorization"><span class="numb">3.7</span><span class="text">Authorization</span></a>
<tr><td><a href="#3.8.miscellaneousissues"><span class="numb">3.8</span><span class="text">Miscellaneous Issues</span></a>
<tr><td><a href="#3.9.siteattacks"><span class="numb">3.9</span><span class="text">Site Attacks</span></a>
<tr><td><a href="#3.10.contentsecuritypolicycsp"><span class="numb">3.10</span><span class="text">Content Security Policy (CSP)</span></a>
</table>
</div>

<table class="NAVtable NAVprint"><tr>
<td><a href="javascript:window.history.back();">&#8617;&#xFE0E;</a>
<td><a href="#2.">&#8598;&#xFE0E;</a>
<td><a href="#0.">&#8593;&#xFE0E;</a>
<td><a href="#4.">&#8600;&#xFE0E;</a>
<td><a href="javascript:window.history.forward();">&#8618;&#xFE0E;</a>
</table>

<p> This section does not pretend to be a complete guide to keeping the
&quot;bad guys&quot; out.  It does provide a short guide to making a site
more-or-less liberal in the way the server supplies information about the site
and itself.  The reader is also strongly recommended to a number of hard copy
and Web based resources on this topic.

<p> The WASD package had its genesis in making the VMS operating system and
associated resources, in a development environment, available via Web
technology.  For this reason configurations can be made fairly liberal,
providing information of use in a technical environment, but that may be
superfluous or less-than-desirable in other, possibly commercial environments. 
For instance, directory listings can contain VMS file system META information,
error reports can be generated with similar references along with reporting
source code module and line information.

<p> The example configuration files contain a fairly restrictive set of
directives.  When relaxing these recommendations keep in mind that the more
information available about the underlying structure of the site the more
potential for subversion.  Do not enable functionality that contributes nothing
to the fundamental usefulness of the site, or that has the real potential to
compromise any given site.  This section refers to configuration directives
discussed in more detail in later chapters.

<p> It is established wisdom that the only secure computing system is one
with no users and no access, that system security is inversely proportional to
system usability, and that making something idiot-proof results in only idiots
using it.  So there are some trade-offs but &hellip; 

<div class="note">
<a id="3.0.0.0.1" href="#"></a>
<a id="3.dontthinkitcanthappentoyou" href="#"></a>
<a id="dontthinkitcanthappentoyou" href="#"></a>
<h5 class="head center"><span class="text">don't think it can't happen to you!</span></h5>
<hr class="note_hr">

A systematic investigation of installed WASD packages by well-known IT
professional Jean-loup Gailly during September 2002 revealed a couple of
significant implementation flaws which compounded by notable instances of
sloppy management practices on two public sites resulted in site compromise
(one was mine).

<p class="indent"> <a class="link blank" target="_blank" href="/wasd_root/doc/misc/wasd_advisory_020925.txt">WASD_ROOT:[WASDOC.MISC]WASD_ADVISORY_020925.TXT</a>
<br> <a class="link blank" target="_blank" href="https://www.cvedetails.com/cve/CVE-2002-1825">https://www.cvedetails.com/cve/CVE-2002-1825</a> 

<p> This research has resulted in these server flaws being closed and package
security considerations being extensively reviewed.  As a result WASD v8.1 was
much more resistent to such penetration than previous releases (and slightly
less easy to use, but that's one of those trade-offs).  My assessment would be
that if Gailly did not find it then it wasn't there to find!

<p> Of course any given site's security is a function of the underlying
package's security profile, with the site's implementation of that, AND other
considerations such as local authorization and script implementations.  Pay
particular and ongoing attention to site security and integrity.

<hr class="note_hr">
</div>

<a id="3.1" href="#"></a>
<a id="3.1.serverandsitetesting" href="#"></a>
<a id="serverandsitetesting" href="#"></a>
<h2 class="head"><span class="numb">3.1</span><span class="text">Server and Site Testing</span></h2>

<p> This is the merest of mentions for a topic that literally encompasses
volumes!

<p> Each site is very-much an individual combination of configurations and
applications.  Each site therefore has specific potential vulnerabilities that
should be known about and addressed where possible.  Especially if you have an
Internet-facing site then <span class="high bold">this mean you!</span>

<p> Many tools exist at the time of writing that didn't fifteen years before
when WASD was investigated as described above.  Some are on-line, &quot;free&quot; site
health checks and penetration testing.  Others are tools that can (often) be
used from your platform of choice, many of which are free and open-source
(FOSS).  We are spoiled for choice.

<p> In WASD's earlier years tools such as <span class="high italic">Apache Bench</span>,
<span class="high italic">WASD Bench</span>, along with batched <span class="high italic">cURL</span> and
<span class="high italic">wget</span> requests were used to exercise and, in some limited fashion,
<span class="high italic">fuzz</span> the server (providing invalid, unexpected, or random request
data) in an effort to discover flaws in server code and execution.

<p> Currently the WASD development bench uses the OWASP ZAP tool to provide a
much more comprehensive exercise and test environment.

<div class="note">
<a id="3.1.0.0.1" href="#"></a>
<a id="3.1.owaspzap" href="#"></a>
<a id="owaspzap" href="#"></a>
<h5 class="head center"><span class="text">OWASP ZAP</span></h5>
<hr class="note_hr">

&quot;Zed Attack Proxy (ZAP) is a free, open-source penetration
testing tool being  maintained under the umbrella of the Open Web Application
Security Project (OWASP). ZAP is designed specifically for testing web
applications and is both flexible and extensible.
<br>&hellip;<br>
ZAP provides functionality for a range of skill levels from developers, to
testers new to security testing, to security testing specialists. ZAP has
versions for each major OS and Docker, so you are not tied to a single OS.
Additional functionality is freely available from a variety of add-ons in the
ZAP Marketplace, accessible from within the ZAP client.&quot;

<p class="indent"> <a class="link blank" target="_blank" href="https://www.zaproxy.org">https://www.zaproxy.org</a>

<hr class="note_hr">
</div>

<p> ZAP is cross-platform (Linux, macOS, Windows, other), GUI-based,
Java-implemented, and may be used effectively, though certainly not to its full
capabilities, after fifteen minutes with the introductory documentation. 
<span class="high bold">ZAP is a highly recommended tool for site vulnerability
assessment.</span>

<p> ZAP is used to exercise the in-development WASD, in particular the
following aspects (not in any particular order).

<ul class="list">

<li class="item"> <span class="high bold">Traffic Loading &ndash; </span>
server behaviour under load; continuing to process correctly while not
exhibiting bottlenecks in performance, or worse, failing with soft (internal
assertion checking) or hard (e.g. ACCVIO) bugchecks.  Latency in AST-based
processing often reveals subtle dependencies, race conditions, or other
timing-related issues.  ZAP allows a configurable number of concurrent requests
when both spidering and vulnerability scanning.

<li class="item"> <span class="high bold">Graded Alerts &ndash; </span>
reports and counts of known attack vectors or general recommendations after
spidering or penetration scans.  These are flagged as high, medium or low risk,
provide descriptions with references, and a quick overview of mitigation
strategies.  Each instance encountered during the scan has the request-response  
data available for analysis allowing specific cases to be identified and
mitigated.

<li class="item"> <span class="high bold">Directory Traversal &ndash; </span>
(also known as path traversal) aims to access files and directories that are
stored outside the server root, web root or web application folders.  By
manipulating data that reference files with <span class="high italic">dot-dot-slash</span> (../)
sequences and its variations, or by using absolute file paths, it may be
possible to access arbitrary files and directories stored in the server or
general file system.

<li class="item"> <span class="high bold">Data Injection &ndash; </span>
covers a variety of attacks where request parameters are used to execute (CLI)
commands, SQL queries, interpreted script code (e.g. JavaScript, PHP), or
platform-executable binary code.  Injecting encoded or obscured data into an
HTTP request via the query-string or header field values is a common vector. 
Lack of appropriate data validation underlies injection vulnerability.

<li class="item"> <span class="high bold">Buffer Overflow &ndash; </span>
the overwriting of memory fragments of the process, which should never be
modified intentionally or unintentionally.  HTTP requests with unusually large
or otherwise unintended header field values, or web application input fields
designed for small, fixed-length, or specific type data are obvious targets. 
Fuzzing requests can often induce this.

<li class="item"> <span class="high bold">Request Fuzzing &ndash; </span>
where malformed or spurious data is automatically generated and injected
into the  processing in an effort to induce unexpected behaviour or failure. 
In web environments this can include the HTTP protocol itself, the specific
implementation of some capability of the server, and any scripting environment
or web application hosted on a server.

<li class="item"> <span class="high bold">Cross Site Scripting &ndash; </span>
where a malicious web element such as JavaScript, HTML, or other browser-side
code is injected into otherwise benign and trusted web content from a
non-same-origin, third-party source.

</ul>

<p> It should be noted that these are provided &quot;out-of-the-box&quot;, is a
subset of that <span class="high italic">out-of-the-box</span> functionality of particular interest
in WASD development, and utilise only a tiny percentage of ZAP total
capabilities.

<a id="3.1.0.0.2" href="#"></a>
<a id="3.1.zapandhttp2" href="#"></a>
<a id="zapandhttp2" href="#"></a>
<h5 class="head"><span class="text">ZAP and HTTP/2</span></h5>

<p> At the time of writing, OWASP ZAP does not support the HTTP/2 protocol.  The
solution for exercising WASD is to use the <span class="high italic">nghttpx</span> proxy utility.

<ul class="list simple list0">
<li class="item"> <a class="link blank" target="_blank" href="https://nghttp2.org/documentation/nghttpx.1.html">https://nghttp2.org/documentation/nghttpx.1.html</a>
<li class="item"> <a class="link blank" target="_blank" href="https://nghttp2.org/documentation/nghttpx-howto.html">https://nghttp2.org/documentation/nghttpx-howto.html</a>
</ul>

<p> It can be configured to accept HTTP and HTTPS connections at the front end
(ZAP) and convert HTTP/1.1 requests to HTTP/2 requests at the back end (WASD). 
This introduces a proxy like this:

<div class="drawing dfont draw indent">
<style>
.dhflip { display:inline-block;transform:rotate(180deg); }
.dvflip { display:inline-block;transform:rotate(-180deg); }
.dnoflip { display:inline-block;transform:rotate(360deg); }
.dfont { font-family:monospace;font-size:1em;line-height:0.9em;line-spacing:0em; }
</style>
&#x250c;&#x2500;&#x2500;&#x2500;&#x2500;&#x2500;&#x2500;&#x2500;&#x2500;&#x2500;&#x2500;&#x2500;&#x2510;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&#x250c;&#x2500;&#x2500;&#x2500;&#x2500;&#x2500;&#x2500;&#x2500;&#x2500;&#x2500;&#x2500;&#x2500;&#x2500;&#x2510;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&#x250c;&#x2500;&#x2500;&#x2500;&#x2500;&#x2500;&#x2500;&#x2500;&#x2500;&#x2500;&#x2500;&#x2500;&#x2500;&#x2510;<br>
&#x2502;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&#x2502;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&#x2502;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&#x2502;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&#x2502;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&#x2502;<br>
&#x2502;&nbsp;OWASP&nbsp;ZAP&nbsp;&#x2502;<span class="dnoflip">&#x25c4;</span>&#x2500;&#x2500;HTTP/1.1&#x2500;&#x2500;<span class="dhflip">&#x25c4;</span>&#x2502;&nbsp;&nbsp;nghttpx&nbsp;&nbsp;&nbsp;&#x2502;<span class="dnoflip">&#x25c4;</span>&#x2500;&#x2500;&#x2500;HTTP/2&#x2500;&#x2500;&#x2500;<span class="dhflip">&#x25c4;</span>&#x2502;&nbsp;&nbsp;&nbsp;&nbsp;WASD&nbsp;&nbsp;&nbsp;&nbsp;&#x2502;<br>
&#x2502;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&#x2502;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&#x2502;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&#x2502;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&#x2502;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&#x2502;<br>
&#x2514;&#x2500;&#x2500;&#x2500;&#x2500;&#x2500;&#x2500;&#x2500;&#x2500;&#x2500;&#x2500;&#x2500;&#x2518;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&#x2514;&#x2500;&#x2500;&#x2500;&#x2500;&#x2500;&#x2500;&#x2500;&#x2500;&#x2500;&#x2500;&#x2500;&#x2500;&#x2518;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&#x2514;&#x2500;&#x2500;&#x2500;&#x2500;&#x2500;&#x2500;&#x2500;&#x2500;&#x2500;&#x2500;&#x2500;&#x2500;&#x2518;<br>
</div>


<p> The ZAP and <span class="high italic">nghttpx</span> can be run on the same or independent systems.

<p> On a suitable platform (Linux, macOS, MS Windows &ndash; not ported to VMS) use
this at the command-line.

<div class="blockof code">nghttpx --frontend '0.0.0.0,<span class="high italic">port</span>;no-tls' \
--backend '<span class="high italic">WASD-server</span>,443;;tls;proto=h2' --insecure \
--workers=<span class="high italic">integer</span> --backend-http2-max-concurrent-streams=<span class="high italic">integer</span>
</div>

<p> Where 0.0.0.0 is any address on the <span class="high italic">nghttpx</span> platform and <span class="high italic">port</span> the IP
port on that platform ZAP will connect to.  The <span class="high italic">WASD-server</span> is the host name
or address of the WASD system with port the usual 443.  The workers integer is
the number of threads used on the platform, with the maximum number of HTTP/2
back end connections maintained to the WASD system.  The number of concurrent
requests is determined by ZAP concurrency.

<p> For example:

<div class="blockof code">nghttpx --frontend '0.0.0.0,1280;no-tls' \
--backend 'klaatu.private,443;;tls;proto=h2' --insecure \
--workers=5 --backend-http2-max-concurrent-streams=5
</div>

<a id="3.2" href="#"></a>
<a id="3.2.recommendedpackagesecurity" href="#"></a>
<a id="recommendedpackagesecurity" href="#"></a>
<h2 class="head"><span class="numb">3.2</span><span class="text">Recommended Package Security</span></h2>

<p> The following table provides recommended file protection settings for
package top-level directories.  Subdirectories share their parents' settings. 
The package tree is owned by the SYSTEM account.  Directories with world READ
access have no ACLs.  Other directories, not accessible to the world, but
sometimes having other degress of access to one or more accounts always have
rights identifiers (see below) and associated ACLs to control directory access,
and to propagate required access to files created beneath them. The server
selectively enables SYSPRV to provide access to some of these areas (e.g. for
log creation).

<p> Some pre-v8.1 directories are not included in this table.  These are
not significant in versions from 8.1 onwards and may be deleted.  They can
continue to exist however and the security procedures described below ensure
that they comply to the general post-8.1 security model.  The file access
permissions indicated below are for directory contents.  The directory files
themselves have settings appropriate for content access.

<a id="3.2.0.0.1" href="#"></a>
<a id="3.2.packageaccess" href="#"></a>
<a id="packageaccess" href="#"></a>
<h5 class="head"><span class="text">Package Access</span></h5>

<table class="tabl">
<tr class="tabr under">
<th class="tabh">Directory
<th class="tabh">Access<br>World
<th class="tabh">Access<br>Other
<th class="tabh">Description
<tr class="tabr">
<tr class="tabr backlight">
<td class="tabd"><span class="high monosp">[AXP-BIN]</span>
<td class="tabd">none
<td class="tabd">script:RE
<td class="tabd">Alpha executable script files
<tr class="tabr">
<td class="tabd"><span class="high monosp">[AXP]</span>
<td class="tabd">none
<td class="tabd">none
<td class="tabd">Alpha build and utility area
<tr class="tabr backlight">
<td class="tabd"><span class="high monosp">[CGI-BIN]</span>
<td class="tabd">none
<td class="tabd">script:RE
<td class="tabd">architecture-neutral script files
<tr class="tabr">
<td class="tabd"><span class="high monosp">[EXAMPLE]</span>
<td class="tabd">read
<td class="tabd">(world)
<td class="tabd">package examples
<tr class="tabr backlight">
<td class="tabd"><span class="high monosp">[EXERCISE]</span>
<td class="tabd">read
<td class="tabd">(world)
<td class="tabd">package test files
<tr class="tabr">
<td class="tabd"><span class="high monosp">[HTTP&dollar;NOBODY]</span>
<td class="tabd">none
<td class="tabd">script:RWED
<td class="tabd">scripting account default home area
<tr class="tabr backlight">
<td class="tabd"><span class="high monosp">[HTTP&dollar;SERVER]</span>
<td class="tabd">none
<td class="tabd">server:RWED
<td class="tabd">server account default home area
<tr class="tabr">
<td class="tabd"><span class="high monosp">[IA64-BIN]</span>
<td class="tabd">none
<td class="tabd">script:RE
<td class="tabd">Itanium executable script files
<tr class="tabr backlight">
<td class="tabd"><span class="high monosp">[IA64]</span>
<td class="tabd">none
<td class="tabd">none
<td class="tabd">Itanium build and utility area
<tr class="tabr">
<td class="tabd"><span class="high monosp">[INSTALL]</span>
<td class="tabd">read
<td class="tabd">(world)
<td class="tabd">installation, update and secuity procedures
<tr class="tabr backlight">
<td class="tabd"><span class="high monosp">[LOCAL]</span>
<td class="tabd">none
<td class="tabd">none
<td class="tabd">site configuration files
<tr class="tabr">
<td class="tabd"><span class="high monosp">[LOG]</span>
<td class="tabd">none
<td class="tabd">none
<td class="tabd">site access logs
<tr class="tabr backlight">
<td class="tabd"><span class="high monosp">[LOG_SERVER]</span>
<td class="tabd">none
<td class="tabd">server:RWED
<td class="tabd">server process (SYS&dollar;OUTPUT) logs
<tr class="tabr">
<td class="tabd"><span class="high monosp">[RUNTIME]</span>
<td class="tabd">read
<td class="tabd">(world)
<td class="tabd">graphics, help files, etc.
<tr class="tabr backlight">
<td class="tabd"><span class="high monosp">[SCRATCH]</span>
<td class="tabd">none
<td class="tabd">script:RWED
<td class="tabd">working file space for scripts
<tr class="tabr">
<td class="tabd"><span class="high monosp">[SCRIPT]</span>
<td class="tabd">none
<td class="tabd">none
<td class="tabd">example architecture-neutral scripts
<tr class="tabr backlight">
<td class="tabd"><span class="high monosp">[SRC]</span>
<td class="tabd">none
<td class="tabd">(world)
<td class="tabd">package source files
<tr class="tabr">
<td class="tabd"><span class="high monosp">[STARTUP]</span>
<td class="tabd">none
<td class="tabd">server:RE
<td class="tabd">package startup procedures
<tr class="tabr backlight">
<td class="tabd"><span class="high monosp">[X86_64-BIN]</span>
<td class="tabd">none
<td class="tabd">script:RE
<td class="tabd">x86-64 executable script files
<tr class="tabr">
<td class="tabd"><span class="high monosp">[X86_64]</span>
<td class="tabd">none
<td class="tabd">none
<td class="tabd">x86-64 build and utility area
<tr class="tabr backlight">
<td class="tabd"><span class="high monosp">[WASDOC]</span>
<td class="tabd">read
<td class="tabd">(world)
<td class="tabd">package documentation
</table>

<p> It is recommended site-specific directories have settings applied
appropriate to their function in comparison to similar package directories. 
See below for tools to assist in this.

<p> Three rights identifiers provide selective access control to
the directory tree.  Identifiers were used to allow maximum flexibility for a
site in allowing required accounts access to either execute the server or
execute scripts.  Non-default account names only need to be granted one of
these identifiers to be provided with that role's access.  Installation, update
and/or security utilities create and maintain these identifiers appropriately.

<a id="3.2.0.0.2" href="#"></a>
<a id="3.2.rightsidentifiers" href="#"></a>
<a id="rightsidentifiers" href="#"></a>
<h5 class="head"><span class="text">Rights Identifiers</span></h5>

<table class="tabl">
<tr class="tabr under">
<th class="tabh">Identifier
<th class="tabh">Description
<tr class="tabr">
<tr class="tabr">
<td class="tabd">WASD_HTTP_SERVER
<td class="tabd">Indicates the default server account.
<tr class="tabr">
<td class="tabd">WASD_HTTP_NOBODY
<td class="tabd">Indicates the default scripting account.
<tr class="tabr">
<td class="tabd">WASD_IGNORE_THIS
<td class="tabd">Looked for by the SECHAN utility to avoid it
changing security on site-specific files.
</table>

<p> These rights identifiers are applied to directories and files to provide
the required level of access.  The following example shows the security setting
of the top-level CGI-BIN.DIR and one of it content files.

<div class="blockof code">&dollar; DIRECTORY /SECURITY CGI-BIN.DIR

Directory WASD_ROOT:[000000]

CGI-BIN.DIR;1        [SYSTEM]                         (RWED,RWED,,)
          (IDENTIFIER=WASD_HTTP_SERVER,ACCESS=EXECUTE)
          (IDENTIFIER=WASD_HTTP_NOBODY,ACCESS=EXECUTE)
          (IDENTIFIER=*,ACCESS=NONE)
          (IDENTIFIER=WASD_HTTP_NOBODY,OPTIONS=DEFAULT,ACCESS=READ+EXECUTE)
          (IDENTIFIER=*,OPTIONS=DEFAULT,ACCESS=NONE)
          (DEFAULT_PROTECTION,SYSTEM:RWED,OWNER:RWED,GROUP:,WORLD:)

Total of 1 file.
&dollar; DIRECTORY /SECURITY [CGI-BIN]CGI_SYMBOLS.COM

Directory WASD_ROOT:[CGI-BIN]

CGI_SYMBOLS.COM;1    [SYSTEM]                         (RWED,RWED,,)
          (IDENTIFIER=WASD_HTTP_NOBODY,ACCESS=READ+EXECUTE)
          (IDENTIFIER=*,ACCESS=NONE)

Total of 1 file.
</div>

<a id="3.3" href="#"></a>
<a id="3.3.maintainingpackagesecurity" href="#"></a>
<a id="maintainingpackagesecurity" href="#"></a>
<h2 class="head"><span class="numb">3.3</span><span class="text">Maintaining Package Security</span></h2>

<p> As noted above, WASD version 8.1 and later is much more conservative in
what it makes generally available from the package tree, and a site
administrator now has to take extraordinary measures to open up certain
sections, making it a much more difficult and deliberate action.  The package
installation, update and security procedures and their associated utilities
should always be used to ensure that the installed package continues to conform
to the security baseline.

<p> Package security may be &quot;refreshed&quot; or reapplied at any time, and
this should be done periodically to ensure that an installed package has not
inadvertantly been opened to access where it shouldn't have.  Of course this
is not a guarantee that any given site is secure.  Site security is a function
of many factors; package vulnerabilities, site configuration, deployed scripts,
cracker determination and expertise, etc., etc.  What refreshing the security
baseline does is provide a known secure (and WASD-community scrutinized)
starting point.  It should be used as part of a well considered site security
maintenance program.

<a id="3.3.0.0.1" href="#"></a>
<a id="3.3.securecom" href="#"></a>
<a id="securecom" href="#"></a>
<h5 class="head"><span class="text">SECURE.COM</span></h5>

<p> The following DCL procedure resets the package security baseline.

<div class="blockof code">&dollar; @WASD_ROOT:[INSTALL]SECURE.COM
</div>

<p> It guides the administrator through a number of stages

<ul class="list list0">
<li class="item"> introductory notes
<li class="item"> server account
<li class="item"> scripting account
<li class="item"> package tree security settings
</ul>

<p> of which each one may be declined.  After all of these steps it searches
for and executes if found the DCL procedure WASD_ROOT:[INSTALL]SECURE.COM. 
The intent of this file is to allow a site to automatically update any
site-specific security settings (and of course modify any set by the main
procedure).

<a id="3.3.0.0.2" href="#"></a>
<a id="3.3.sechanutility" href="#"></a>
<a id="sechanutility" href="#"></a>
<h5 class="head"><span class="text">SECHAN Utility</span></h5>

<p> The SECHAN utility (pronounced &quot;session&quot;) is used by
SECURE.COM and the associated procedures to make file system security settings. 
It is also available for direct use by the site administrator.

<p> One of the more useful functions of SECHAN is applied using the /IGNORE
qualifier.

<ul class="list">

<li class="item"> <span class="high bold">IGNORE &ndash; </span>
adds an ACE containing the rights identifier WASD_IGNORE_THIS to the target
file(s) which results in security settings not being applied in the future. 
When applying settings the SECHAN utility first checks whether a file has this
ACE and if so ignores the file.  This is an effective method for isolating
site-specific settings from changes by this utility.

<div class="blockof code">&dollar; SECHAN /IGNORE WASD_ROOT:[CGI-BIN]MY_SCRIPT.COM
&dollar; SECHAN /IGNORE WASD_ROOT:[LOCAL]*.DAT
&dollar; SECHAN /IGNORE WEB:[DATA...]*.*
&dollar; SECHAN /IGNORE WEB:[000000]DATA.DIR
</div>

<p> This ACE can be removed from a file (leaving other entries of any ACL
intact) using the /NOIGNORE qualifier.  This returns the file(s) subject again
to the SECHAN utility.

<div class="blockof code">&dollar; SECHAN /NOIGNORE WASD_ROOT:[CGI-BIN]MY_SCRIPT.COM
&dollar; SECHAN /NOIGNORE WASD_ROOT:[LOCAL]*.DAT
</div>

<li class="item"> <span class="high bold">ALL &ndash; </span>
overrides the default behaviour of ignoring files that have been tagged using
the /IGNORE qualifier.  It causes the setting to be applied to ALL files.

</ul>

<p> Other functionality may prove useful when applied to local parts of the
package or web structure.

<ul class="list">

<li class="item"> <span class="high bold">PACKAGE &ndash; </span>
used alone this qualifier results in the entire WASD_ROOT:[000000...] tree
being traversed and the default package security settings applied to all
package files.  Top-level directories that the utility does not recognise as
belonging to the package are ignored.

<div class="blockof code">&dollar; SECHAN /PACKAGE
&dollar; SECHAN /PACKAGE /ALL
</div>

<li class="item"> <span class="high bold">ASIF=&lt;name&gt; &ndash; </span>
set the supplied file specification as if it was the specified, top-level WASD
directory.  This allows a site-specific directory to have the same security
settings applied as the specified WASD package directory.

<div class="blockof code">&dollar; SECHAN /ASIF=LOCAL WEB:[DATA...]*.*
&dollar; SECHAN /ASIF=LOCAL WEB:[000000]DATA.DIR
&dollar; SECHAN /ASIF=CGI-BIN WEB:[SCRIPTS]*.*
&dollar; SECHAN /ASIF=CGI-BIN WEB:[000000]SCRIPTS.DIR
&dollar; SECHAN /ASIF=DOC WEB:[HTML...]*.*
&dollar; SECHAN /ASIF=DOC WEB:[000000]HTML.DIR
</div>

<li class="item"> <span class="high bold">NOSCRIPT &ndash; </span>
modifies the default behaviour of the /PACKAGE qualifier.  This changes the
default rights identifiers applied to ACEs on files in the [CGI-BIN] and
[AXP-BIN]/[IA64-BIN]/[X86_64-BIN] directories to disallow scripting until
manually changed by site administration.

<div class="blockof code">&dollar; SECHAN /PACKAGE /NOSCRIPT
</div>

</ul>

<p> This section provides only a basic description.  More detail may be found
in the prologue to the source code.

<a id="3.4" href="#"></a>
<a id="3.4.independentpackageandlocalresources" href="#"></a>
<a id="independentpackageandlocalresources" href="#"></a>
<h2 class="head"><span class="numb">3.4</span><span class="text">Independent Package and Local Resources</span></h2>

<p> Not only does it make it easier to manage site content but is also good
security practice to keep server package and site content completely separate
(<a class="link" href="#2.2.siteorganisation">2.2 Site Organisation</a>).

<p> This can also be applied to scripts, both source and build areas.  Keep
your business logic out of the package source tree and potentially prying eyes. 
The script executables themselves <span class="high italic">can</span> be placed into the package
scripting directories but should be built independently from these and copied
using locally maintained DCL procedures from build into scripting areas (the
WASD_ROOT:[INSTALL]SECURE.COM procedures described above may be useful here).

<a id="3.5" href="#"></a>
<a id="3.5.configuration" href="#"></a>
<a id="configuration" href="#"></a>
<h2 class="head"><span class="numb">3.5</span><span class="text">Configuration</span></h2>

<p> Various configuration and mapping directives can be used to make the site
environment more or less liberal in the information it implicitly can provide.

<a id="3.5.1" href="#"></a>
<a id="3.5.1.directorylistings" href="#"></a>
<a id="directorylistings" href="#"></a>
<h3 class="head"><span class="numb">3.5.1</span><span class="text">Directory Listings</span></h3>

<p> Published guidelines for securing a Web site generally advise against
automatic directory listing generation.  Where a home page is not available
this may leak information on other directory contents, provide parent and child
directory access, etc.  Compounding this is the WASD facility to
<span class="high italic">force</span> a listing by providing a directory URL with file wildcards
(not to decry the usefulness in some environments).

<ul class="list">

<li class="item"> <span class="high bold">[DirAccess] &ndash; </span>
make &quot;disabled&quot; to completely remove the ability to generate directory
listings under any circumstances.  Setting to &quot;selective&quot; means a
directory listing is <span class="high bold">only</span> available if the directory contains
a file named .WWW_BROWSABLE.  When made &quot;enabled&quot; a directory listing
may be produced anytime it contains no home (welcome) page.

<li class="item"> <span class="high bold">[DirWildcard] &ndash; </span>
make &quot;disabled&quot; so that requests cannot <span class="high bold">force</span> a
directory listing by supplying a URL containing a wildcard file part (when
enabled this is provided regardless of whether a home page exists or not). 

<li class="item"> <span class="high bold">[DirMetaInfo] &ndash; </span>
make &quot;disabled&quot; to prevent directory listing pages contain as HTML
&lt;META&gt; tags information about the directory, most significantly the
VMS file specification for the URL path!

</ul>

<p> The mapping rule &quot;SET DIR=<span class="high italic">keyword</span>&quot; can be used to
change this on a per-path basis (<a class="link" href="#10.5.5.setrule">10.5.5 SET Rule</a>). 

<p> <span class="high bold">Conservative recommendation: </span> Set &quot;[DirAccess]
selective&quot; allowing listing for directories containing a file named
&quot;.WWW_BROWSABLE&quot;, disable [DirMetaInfo] and [DirWildcard].

<a id="3.5.2" href="#"></a>
<a id="3.5.2.serverreports" href="#"></a>
<a id="serverreports" href="#"></a>
<h3 class="head"><span class="numb">3.5.2</span><span class="text">Server Reports</span></h3>

<p> Reports are pages generated by the server, usually to indicate an error or
other non-success condition, but sometimes to indicate success (e.g. after a 
successful file upload).  Reports provide either basic or detailed information
about the situation.  Sometimes the detailed information includes VMS file
system details, system status codes etc.  To limit this information to a
minimum indication adjust the following directives.

<ul class="list">

<li class="item"> <span class="high bold">[ReportBasicOnly] &ndash; </span>
make &quot;enabled&quot; to limit the quantity of information to the minimum required to
advise of the situation.  Such reports give only the HTTP status code and brief
explanation of the code's meaning.  Note that this can also be done on a
per-path basis using mapping rules.

<li class="item"> <span class="high bold">[ReportMetaInfo] &ndash; </span>
make &quot;disabled&quot; to exclude information on the server software, source code
module and line number initiating the report.  META information may also
contain VMS file or system specific information.

<li class="item"> <span class="high bold">[ServerSignature] &ndash; </span>
make &quot;disabled&quot; to prevent the inclusion of server software, host and port
information as a footer to a report.

</ul>

<p> The mapping rule &quot;SET REPORT=<span class="high italic">keyword</span>&quot; can be used to
change some of these on a per-path basis (<a class="link" href="#10.5.5.setrule">10.5.5 SET Rule</a>). 

<p> <span class="high bold">Conservative recommendation: </span> Provide minimal error information by
enabling [ReportBasicOnly] and disabling [ReportMetaInfo].  Enable
[ServerSignature] to provide a slightly more friendly report (server software
can easily be obtained from the response header anyway).

<a id="3.5.3" href="#"></a>
<a id="3.5.3.scripting" href="#"></a>
<a id="scripting" href="#"></a>
<h3 class="head"><span class="numb">3.5.3</span><span class="text">Scripting</span></h3>

<p> If a static site is all that's required this source of compromise can simply
be avoided.

<ul class="list">

<li class="item"> <span class="high bold">[Scripting] &ndash; </span>
setting this to &quot;disabled&quot; prevents all scripting entirely.  This includes DCL
CGI and CGIplus, DECnet-based OSU and CGI, and SSI DCL (&lt;--#dcl --&gt;, &lt;--#exec
--&gt;, etc.).

</ul>

<p> <span class="high bold">Conservative recommendation: </span> Only deploy scripts your site will actually
be using.  Remove all the files associated with any other scripts.  Do not
allow obsolete script environments to remain active.  Be proactive.

<p> Also see <a class="link" href="#3.5.4.securingscripting">&lsquo;Securing Scripting&rsquo; in 3.5.4 Server Side Includes</a>.

<a id="3.5.4" href="#"></a>
<a id="3.5.4.serversideincludes" href="#"></a>
<a id="serversideincludes" href="#"></a>
<h3 class="head"><span class="numb">3.5.4</span><span class="text">Server Side Includes</span></h3>

<p> SSI documents are pages containing special markup directives interpreted by
the server and replaced with dynamic content.  This can include detail about
the server, the file or files making up the document, and can even include DCL
commands and procedure activation for supplying content into the page.  All
this by anyone who can author on the site.

<ul class="list">

<li class="item"> <span class="high bold">[SSI] &ndash; </span>
setting this to &quot;disabled&quot; prevents all Server Side Include processing
completely.

<li class="item"> <span class="high bold">[SSIexec] &ndash; </span>
setting this to &quot;disabled&quot; disallows pages from invoking DCL to supply content
for the page.  WASD provides a number of levels of this and the reader is
refered elsewhere in this and other documents for further information of what
can and cannot be done, and by whom, in these processes.

</ul>

<p> The mapping rule &quot;SET SSI=<span class="high italic">keyword</span>&quot; can be used to
change some of this on a per-path basis (<a class="link" href="#10.5.5.setrule">10.5.5 SET Rule</a>). 

<p> <span class="high bold">Conservative recommendation: </span> Disable [SsiExec].

<a id="3.5.4.0.0.1" href="#"></a>
<a id="3.5.4.securingscripting" href="#"></a>
<a id="securingscripting" href="#"></a>
<h6 class="head display0"><span class="text">Securing Scripting</span></h6>
<a id="3.6" href="#"></a>
<a id="3.6.scripting" href="#"></a>
<a id="scripting" href="#"></a>
<h2 class="head"><span class="numb">3.6</span><span class="text">Scripting</span></h2>

<p> Scripting has been a notorious source of server compromise,
particularly within Unix environments where script process shell command-line
issues require special attention.  The WASD CGI scripting interface does not
pass any arguments on the command line, and is careful not to allow
substitution when constructing the CGI environment.  Nevertheless, script
behaviours cannot be guaranteed and care should be exercised in their
deployment (ask me!)

<p> It is strongly recommended to execute scripts in an account distinct from
that executing the server. This should also mean that the accounts are not
members of the same group nor should it be a member of any other group. This
minimises the risk of both unintentional and malicious interference with server
operation through either Inter-Process Communication (IPC) or scripts
manipulating files used by the server. The PERSONA facility can be used to
further differentiate script activities.  See &quot;Scripting Overview&quot; for
further detail.                           

<p> The default WASD installation creates two such accounts, with distinct
UICs, usernames and home directory space.  Nothing should be assumed or read
into the scripting account username - it's just a username.

<a id="3.6.0.0.1" href="#"></a>
<a id="3.6.defaultaccounts" href="#"></a>
<a id="defaultaccounts" href="#"></a>
<h5 class="head"><span class="text">Default Accounts</span></h5>

<table class="tabl">
<tr class="tabr under">
<th class="tabh">Username
<th class="tabh">Description
<tr class="tabr">
<tr class="tabr">
<td class="tabd">HTTP&dollar;SERVER
<td class="tabd">Server Account
<tr class="tabr">
<td class="tabd">HTTP&dollar;NOBODY
<td class="tabd">Scripting Account
</table>

<p> During startup the server checks for the existence of the default scripting
account and automatically configures itself to use this for scripting.  If it
is not present it falls-back to using the server account.  Other account names
can be used if the startup procedures are modified accordingly.  The default
scripting username may be overridden using the /SCRIPT=AS=&lt;username&gt;
qualifier (also see the &quot;Scripting Overview&quot;).

<a id="3.6.0.0.1.1" href="#"></a>
<a id="3.6.securingauthorisation" href="#"></a>
<a id="securingauthorisation" href="#"></a>
<h6 class="head display0"><span class="text">Securing Authorisation</span></h6>
<a id="3.7" href="#"></a>
<a id="3.7.authorization" href="#"></a>
<a id="authorization" href="#"></a>
<h2 class="head"><span class="numb">3.7</span><span class="text">Authorization</span></h2>

<p> Authorization issues imply controlling access to various resources and
actions and therefore require careful planning and implementation if compromise
is to be avoided.  WASD has a quite capable and versatile authorization and
authentication environment, with a significant number of considerations.

<p> WASD authorization cannot be enabled without the administrator configuring
at least three resources, and so therefore cannot easily be
&quot;accidentally&quot; activated.  One of these is the addition of a startup
qualifier controlling where authentication information may be sourced.  Another
the server configuration file.  The third, mapping paths against authorization
configuration.

<p> For sites that may be particularly sensitive about inadvertant access to
some resources it is possible to use the authorization configuration file as a
type of <span class="high italic">cross-check</span> on the mapping configuration file.  The server
/AUTHORIZATION=ALL startup qualifier forces all access to be authorized (even
if some are marked &quot;none&quot;).  This means that if something
&quot;escapes&quot; via the mapping file it will very likely be &quot;caught&quot; by
an absence in the authorization file.

<a id="3.8" href="#"></a>
<a id="3.8.miscellaneousissues" href="#"></a>
<a id="miscellaneousissues" href="#"></a>
<h2 class="head"><span class="numb">3.8</span><span class="text">Miscellaneous Issues</span></h2>

<p> Although it is of limited usefulness because server identity may be deduced
from behaviour and other indicators the exact server and version may be
obscured by using the otherwise undocumented /SOFTWARE= qualifier to change the
server identification string to (basically) whatever the administrator desires. 
This identification is included as part of all HTTP response headers.

<p> Historically and by default server configuration and authorization sources
are contained within the server package tree.  There is no reason why they
cannot be located anywhere the site prefers.  Generally all that is required is
a change to logical name definition and server startup.

<a id="3.8.0.0.1" href="#"></a>
<a id="3.8.packagetree" href="#"></a>
<a id="packagetree" href="#"></a>
<h5 class="head"><span class="text">Package Tree</span></h5>

<p> Version 8.1 and later is much more conservative in what it makes available
of the package tree via the server.  The package installation, update and
security procedures and their associated utilities should always be used to
ensure that the installed package continues to conform to the security
baseline.  See <a class="link" href="#3.3.maintainingpackagesecurity">3.3 Maintaining Package Security</a>.

<p> Furthermore, with many sites there may be little need to access the full,
or any of the  WASD package tree.  A combination of mapping and/or
authorization rules can relatively simply block or control access to it.  These
examples can be easily tailored to suit a site's specific requirements.

<p> This example shows blocking all access to the /wasd_root/ tree, except for
documentation, source code, examples and exercise (performance results) areas.

<div class="blockof code"># WASD_CONFIG_MAP
pass /wasd_root/doc/*
pass /wasd_root/src/*
pass /wasd_root/example/*
pass /wasd_root/exercise/*
fail /wasd_root/*
</div>

<p> The next example forbids all access to the package tree unless authorized 
(the authorization detail would vary according to the site).  It also allows
modify access for the Server Administration page and to the /wasd_root/local/
area. 

<div class="blockof code"># WASD_CONFIG_MAP
pass /wasd_root/*

# WASD_CONFIG_AUTH
[WASD_WEB_ADMIN=id]
/httpd/-/admin/* r+w
/wasd_root/local/* r+w
/wasd_root/* r
</div>

<div class="note">
<a id="3.8.0.0.2" href="#"></a>
<a id="3.8.becareful" href="#"></a>
<a id="becareful" href="#"></a>
<h5 class="head center"><span class="text">Be careful!</span></h5>
<hr class="note_hr">
There are often multiple paths to a single resource.  For instance, it is of
little significance blocking access to say /wasd_root/doc/ if it's also possible
to access it via /doc/.
<hr class="note_hr">
</div>

<p> The following example shows how this might occur.

<div class="blockof code"># WASD_CONFIG_MAP
fail /wasd_root/doc/*
pass /* /wasd_root/*
</div>

<p> Authorization rules can be used to effectively block access to any VMS file
specification (it cannot be done during mapping because the translation from
path to file system is not performed until mapping is complete).

<div class="blockof code"># WASD_CONFIG_AUTH
if (path-translated:WASD_ROOT:[DOC]*) * none
</div>

<p> or to selectively allow access

<div class="blockof code"># WASD_CONFIG_AUTH
[[WASD_VMS_RW=id]]
if (path-translated:WASD_ROOT:[DOC]*) * read
</div>

<a id="3.9" href="#"></a>
<a id="3.9.siteattacks" href="#"></a>
<a id="siteattacks" href="#"></a>
<h2 class="head"><span class="numb">3.9</span><span class="text">Site Attacks</span></h2>

<p> This is not a treatise on Web security and the author is not a security
specialist.  This is some general advice based on observation.  There is little
one can do at the server itself to reduce a concerted attack against a site. 
Common objectives of such attacks include the following (not an exhaustive
list).

<a id="3.9.0.0.1" href="#"></a>
<a id="3.9.platformvulnerabilities" href="#"></a>
<a id="platformvulnerabilities" href="#"></a>
<h5 class="head"><span class="text">Platform Vulnerabilities</span></h5>

<p> Where a general attack is launched directed against a specific platform
(a combination of operating system and Web server software).  Often these can
be due to wide-spread infection of systems, meaning many attacks are being
launched from a large number of systems (often without the system owners'
knowlege or cooperation).

<p> WASD, and OpenVMS in particular, are generally immune to such attacks
because  they are not Microsoft or Unix based.  The impact of the attack
becomes one of the nuisance-value traffic as the site is probed by the
(sometimes very large number of) source systems.

<a id="3.9.0.0.2" href="#"></a>
<a id="3.9.sitevulnerabilities" href="#"></a>
<a id="sitevulnerabilities" href="#"></a>
<h5 class="head"><span class="text">Site Vulnerabilities</span></h5>

<p> Where a specific attack is made against a site in an attempt to exploit a
known vulnerability associated with that platform or environment.

<p> These are perhaps the most worrying, although the
<span class="high italic">security-by-obscurity</span> element works in favour of WASD and OpenVMS
in this case.  Neither are as common as other platforms and therefore do not
receive as much attention.

<a id="3.9.0.0.3" href="#"></a>
<a id="3.9.denialofservice" href="#"></a>
<a id="denialofservice" href="#"></a>
<h5 class="head"><span class="text">Denial of Service</span></h5>

<p> (DOS) Usually comprise flooding a site with requests in an effort to
consume all available network or server resources making it unavailable for
legitimate use.

<p> These can be insidious, flooding network equipment as well as systems. 
Attempts at control are best undertaken at the periphery of the network
(routers) although concerted attacks can succeed against the best prepared
network.

<a id="3.9.0.0.4" href="#"></a>
<a id="3.9.passwordcracking" href="#"></a>
<a id="passwordcracking" href="#"></a>
<h5 class="head"><span class="text">Password Cracking</span></h5>

<p> Where a systematic attempt to break into one or more accounts is
undertaken.  These are often repeated, dictionary-based password-guessing
attacks.

<p> WASD's authentication functionality notes successive password validation
failures and after a reasonable number disables all access via the username for
a constantly extended period.  Passwords stop being checked and so a
dictionary-based attack cannot succeed.  Password validation failures can be
recorded via OPCOM.

<a id="3.9.0.0.5" href="#"></a>
<a id="3.9.authorizationholes" href="#"></a>
<a id="authorizationholes" href="#"></a>
<h5 class="head"><span class="text">Authorization Holes</span></h5>

<p> Knowing of or searching for resources that should be controlled by
authorization but are not.

<p> WASD's /AUTHORIZATION=ALL functionality may assist here
(<a class="link" href="#3.6.securingauthorisation">&lsquo;Securing Authorisation&rsquo; in 3.6 Scripting</a>).

<a id="3.9.0.0.6" href="#"></a>
<a id="3.9.strategies" href="#"></a>
<a id="strategies" href="#"></a>
<h5 class="head"><span class="text">Strategies</span></h5>

<p> There are a few strategies for reducing the load on a server experiencing a
generalized attack or probing.  These can also be used to &quot;discourage&quot; the
source from considering the site an easy target.  Unfortunately most require
request acceptance and at least some processing before taking action.  The
general idea is to identify either the source site or some characteristic of
the request that indicates it could not possibly be legitimate.  Most
platform-specific attacks have such a signature.  For instance attacks against
Microsoft platforms often involve probes for backdoors into non-server
executables.  These can be identified by the path containing strings such as
&quot;/winnt/&quot;, &quot;/system32/&quot;, &quot;/cmd.exe&quot; or variations on them.  This style will be
used in examples below.

<ul class="list">

<li class="item"> If the source IP address is known then the [Reject] (and/or [Accept])
configuration directives can be used to reject the request connection very
early in the processing.  The source agent receives a message about access
being rejected.

<div class="blockof code">[Reject]
131.185.250.*
the.host.name
</div>

<li class="item"> Mapping rules in combination with conditionals may be used to redirect
the request.  This redirection could be to another, non-existent site, in the
hope that the source agent will use the supplied URL and thus divert some
activity away from the local site.

<div class="blockof code">if (remote-host:the.host.name)
   redirect * http://the.host.name/*
endif

redirect **/winnt/** http://does.not.exist/
</div>

<li class="item"> Mapping rule redirection can also be used to just &quot;drop&quot; the connection
without any further interaction or processing.  The source agent receives no
response, just a broken connection.

<div class="blockof code">if (remote-addr:131.185.250.*)
   pass * &quot;000 just drop it!&quot;
endif

pass **/system32/** &quot;000 just drop it!&quot;
</div>

<li class="item"> The <span class="high italic">hiss</span> facility returns a stream of random alpha-numeric
characters (a sort of <span class="high italic">white-noise</span>).  No response header is provided.  Such
a response might cause the source agent at best some distress (perhaps
disabling it) or at least disuade it from continuing with more probes (as the
target is obviously not a Web server ;-)

<div class="blockof code">if (remote-addr:131.185.250.*) map * /hiss/*
script /hiss/* /hiss/*

map **/cmd.exe** /hiss/*/cmd.exe*
script /hiss/* /hiss/*
</div>

</ul>

<a id="3.10" href="#"></a>
<a id="3.10.contentsecuritypolicycsp" href="#"></a>
<a id="contentsecuritypolicycsp" href="#"></a>
<h2 class="head"><span class="numb">3.10</span><span class="text">Content Security Policy (CSP)</span></h2>

<p> Content Security Policy (CSP) is an added layer of security that helps to
detect and mitigate certain types of attacks, including Cross Site Scripting
(XSS) and data injection attacks.

<p class="indent"> <a class="link blank" target="_blank" href="https://en.wikipedia.org/wiki/Content_Security_Policy">https://en.wikipedia.org/wiki/Content_Security_Policy</a>
<br> <a class="link blank" target="_blank" href="https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP">https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP</a>

<div class="note center">
<a id="3.10.0.0.1" href="#"></a>
<a id="3.10.thissectionisnotanexplanationofcsp" href="#"></a>
<a id="thissectionisnotanexplanationofcsp" href="#"></a>
<h5 class="head center"><span class="text">This section is not an explanation of CSP</span></h5>
<hr class="note_hr">
The content of the above links and others like them must be understood to apply
CSP to a WASD site.
<hr class="note_hr">
</div>

<p> WASD provides CSP support using mapping rules.  See <a class="link" href="#10.5.5.setrule">10.5.5 SET Rule</a>.
WASD allows configuration of policy using the <span class="high monosp">set response=csp=<span class="high italic">policy</span></span>
rule and reporting only of policy violations using
<span class="high monosp">set response=cspro=<span class="high italic">policy</span></span>.  WASD includes a (basic) violation reporting
utility.  See
<a class="link blank" target="_blank" href="../features/#cspreporter">CSPreport[er]</a> in
<a class="link blank" target="_blank" href="../features/#0.">WASD Features and Facilities</a>.


<!-- source:0600_STRINGS.WASDOC -->
<hr class="page">
<a id="4." href="#"></a>
<a id="4.stringmatching" href="#"></a>
<a id="stringmatching" href="#"></a>
<h1 class="head"><span class="numb">4.</span><span class="text">String Matching</span></h1>

<table class="TOC2table">
<tr><td><a href="#4.1.wildcardpatterns"><span class="numb">4.1</span><span class="text">Wildcard Patterns</span></a>
<tr><td><a href="#4.2.regularexpressions"><span class="numb">4.2</span><span class="text">Regular Expressions</span></a>
<tr><td><a href="#4.3.examples"><span class="numb">4.3</span><span class="text">Examples</span></a>
<tr><td><a href="#4.4.expressionsubstitution"><span class="numb">4.4</span><span class="text">Expression Substitution</span></a>
</table>
</div>

<table class="NAVtable NAVprint"><tr>
<td><a href="javascript:window.history.back();">&#8617;&#xFE0E;</a>
<td><a href="#3.">&#8598;&#xFE0E;</a>
<td><a href="#0.">&#8593;&#xFE0E;</a>
<td><a href="#5.">&#8600;&#xFE0E;</a>
<td><a href="javascript:window.history.forward();">&#8618;&#xFE0E;</a>
</table>

<p> Matching of strings is a pervasive and important function within the server. 
Two types are supported; wildcard and regular expression.  Wildcard matching is
generally much less expensive (in CPU cycles and time) than regular expression
matching and so should always be used unless the match explicitly requires
otherwise. WASD attempts to improve the efficiency of both by performing a
preliminary pass to make simple matches and eliminate obvious mismatches using
a very low-cost comparison.   This either matches or doesn't, or encounters a
pattern matching meta-character which causes it to undertake full pattern
matching.

<p> To assist with the refinement of string matching patterns the Server
Administration facility has a report item named &quot;Match&quot;.  This report allows
the input of target and match strings and allows direct access to the server's
wildcard and regular expression matching routines.  Successful matches show the
matching elements and a substitution field (<a class="link" href="#4.4.expressionsubstitution">4.4 Expression Substitution</a>)
allows resultant strings to be assessed.

<p> To determine what string match processing is occuring during request
processing in the running server use the <span class="high italic">match</span> item available from the
Server Administration WATCH Report.

<a id="4.1" href="#"></a>
<a id="4.1.wildcardpatterns" href="#"></a>
<a id="wildcardpatterns" href="#"></a>
<h2 class="head"><span class="numb">4.1</span><span class="text">Wildcard Patterns</span></h2>

<p> Wildcard patterns are simple, low-cost mechanisms for matching a string to a
template.  They are designed to be used in path and authorization mapping to
compare a request path to the root (left-hand side) or a template expression.

<a id="4.1.0.0.1" href="#"></a>
<a id="4.1.wildcardoperators" href="#"></a>
<a id="wildcardoperators" href="#"></a>
<h5 class="head"><span class="text">Wildcard Operators</span></h5>

<table class="tabl">
<tr class="tabr under">
<th class="tabh">Expression
<th class="tabh">Purpose
<tr class="tabr">
<tr class="tabr">
<td class="tabd">*
<td class="tabd">Match zero or more characters (non-greedy)
<tr class="tabr">
<td class="tabd">**
<td class="tabd">Match zero or more characters (greedy)
<tr class="tabr">
<td class="tabd">%
<td class="tabd">Match any one character
</table>

<p> Wildcard matching uses the '*' and '%' symbols to match any zero or more,
or any one character respectively.  The '*' wildcard can either be greedy or
non-greedy depending on the context (and for historical reasons).  It can also
be forced to be greedy by using two consecutive ('**').  By default it is not
greedy when matching request paths for mapping or authentication, and is greedy
at other times (matching strings within conditional testing, etc.)

<a id="4.1.0.0.2" href="#"></a>
<a id="4.1.greedyandnongreedy" href="#"></a>
<a id="greedyandnongreedy" href="#"></a>
<h5 class="head"><span class="text">Greedy and Non-Greedy</span></h5>

<p> Non-greedy matching attempts to match an asterisk wildcard up until the
first character that is not the same as the character immediately following the
wildcard.  It matches a minimum number of characters before failing.
Greedy matching attempts to match all characters up until the first string
that does not match what follows the asterisk.

<p> To illustrate; using the following string
<div class="blockof code">non-greedy character matching compared to greedy character matching
</div>

the following non-greedy pattern

<div class="blockof code">*non-greedy character*matching
</div>

does not match but the following greedy pattern

<div class="blockof code">*non-greedy character**matching
</div>

does match.  The non-greedy one failed as soon as it encountered the space
following the first &quot;matching&quot; string, while the greedy pattern continued to
match eventually encountering a string matching the string following the greedy
wildcard.

<a id="4.2" href="#"></a>
<a id="4.2.regularexpressions" href="#"></a>
<a id="regularexpressions" href="#"></a>
<h2 class="head"><span class="numb">4.2</span><span class="text">Regular Expressions</span></h2>

<p> Regular expression matching is case insensitive (in line with other WASD
behaviour) and uses the POSIX EGREP pattern syntax and capabilities.  Regular
expression matching offers significant but relatively expensive functionality. 
One of those expenses is expression compilation.  WASD attempts to eliminate
this by pre-compiling expressions during server startup whenever feasable. 
Regular expression matching must be enabled using the [RegEx]
WASD_CONFIG_GLOBAL directive and are then differentiated from wildcard patterns
by using a leading &quot;^&quot; character.

<p> A detailed tutorial on regular expression capabilities and usage is well
beyond the scope of this document.  Many such hard-copy and on-line documents
are available.

<p class="indent"> <a class="link blank" target="_blank" href="http://en.wikipedia.org/wiki/Regular_expression">http://en.wikipedia.org/wiki/Regular_expression</a>

<p> This summary is only to serve as a quick mnemonic.  WASD regular
expressions support the following set of operators.

<a id="4.2.0.0.1" href="#"></a>
<a id="4.2.operatoroverview" href="#"></a>
<a id="operatoroverview" href="#"></a>
<h5 class="head"><span class="text">Operator Overview</span></h5>

<table class="tabl nowrap">
<tr class="tabr under">
<th class="tabh">Description
<th class="tabh">Usage
<tr class="tabr">
<tr class="tabr">
<td class="tabd">Match-self Operator
<td class="tabd">Ordinary characters.
<tr class="tabr">
<td class="tabd">Match-any-character Operator
<td class="tabd">.
<tr class="tabr">
<td class="tabd">Concatenation Operator
<td class="tabd">Juxtaposition.
<tr class="tabr">
<td class="tabd">Repetition Operators
<td class="tabd">*  +  ? {}
<tr class="tabr">
<td class="tabd">Alternation Operator
<td class="tabd">&verbar;
<tr class="tabr">
<td class="tabd">List Operators
<td class="tabd">[...]  [^...]
<tr class="tabr">
<td class="tabd">Grouping Operators
<td class="tabd">(...)
<tr class="tabr">
<td class="tabd">Back-reference Operator
<td class="tabd">&#94;digit
<tr class="tabr">
<td class="tabd">Anchoring Operators
<td class="tabd">^  &dollar;
<tr class="tabr">
<td class="tabd">Backslash Operator
<td class="tabd">Escape meta-character; i.e.
&#94; ^ . &dollar; &verbar; [ (
</table>

<p> The following operators are used to match one, or in conjunction with the
repetition operators more, characters of the target string.  These single and
leading characters are reserved meta-characters and must be escaped using a
leading backslash (&quot;&#94;&quot;) if required as a literal character in
the matching pattern. <span class="high bold">Note</span> that this does not apply to the
<span class="high italic">range</span> hyphen; to include a hyphen in a range ensure the character
is the first or last in the range.

<a id="4.2.0.0.2" href="#"></a>
<a id="4.2.matchingoperators" href="#"></a>
<a id="matchingoperators" href="#"></a>
<h5 class="head"><span class="text">Matching Operators</span></h5>

<table class="tabl nowrap">
<tr class="tabr under">
<th class="tabh">Expression
<th class="tabh">Purpose
<tr class="tabr">
<tr class="tabr">
<td class="tabd">^
<td class="tabd">Match the beginning of the line
<tr class="tabr">
<td class="tabd">.
<td class="tabd">Match any character
<tr class="tabr">
<td class="tabd">&dollar;
<td class="tabd">Match the end of the line
<tr class="tabr">
<td class="tabd">&verbar;
<td class="tabd">Alternation (or)
<tr class="tabr">
<td class="tabd">[abc]
<td class="tabd">Match only a, b or c
<tr class="tabr">
<td class="tabd">[^abc]
<td class="tabd">Match anything except a, b and c
<tr class="tabr">
<td class="tabd">[a-z0-9]
<td class="tabd">Match any character in the range a to z or 0 to 9
</table>

<p> Repetition operators control the extent, or number, of whatever the
matching operators match. These are also reserved meta-characters and must be
escaped using a leading backslash if required as a literal character.

<a id="4.2.0.0.3" href="#"></a>
<a id="4.2.repetitionoperators" href="#"></a>
<a id="repetitionoperators" href="#"></a>
<h5 class="head"><span class="text">Repetition Operators</span></h5>

<table class="tabl nowrap">
<tr class="tabr under">
<th class="tabh">Expression
<th class="tabh">Function
<tr class="tabr">
<tr class="tabr">
<td class="tabd">*
<td class="tabd">Match 0 or more times
<tr class="tabr">
<td class="tabd">+
<td class="tabd">Match 1 or more times
<tr class="tabr">
<td class="tabd">?
<td class="tabd">Match 1 or zero times
<tr class="tabr">
<td class="tabd">{n}
<td class="tabd">Match exactly n times
<tr class="tabr">
<td class="tabd">{n,}
<td class="tabd">Match at least n times
<tr class="tabr">
<td class="tabd">{n,m}
<td class="tabd">Match at least n but not more than m times
</table>

<a id="4.3" href="#"></a>
<a id="4.3.examples" href="#"></a>
<a id="examples" href="#"></a>
<h2 class="head"><span class="numb">4.3</span><span class="text">Examples</span></h2>

<p> The following provides a series of examples as they might occur in use
for server configuration.

<ol class="list">

<li class="item"> Equivalent functionality using wildcard and regular expression patterns. 
Note that &quot;Mozilla&quot; must be at the start of the string, with the
regular expression using the start-of-string anchor resulting in two
consecutive &quot;^&quot;s, one indicating to WASD a regular expression, the other
being part of the expression itself.

<div class="blockof code">if (user-agent:Mozilla*Gecko*)
if (user-agent:^^Mozilla.*Gecko)
</div>

<li class="item"> This shows path matching using equivalent wildcard and regular expression
matching.  Note the requirement to use the regular expression
<span class="high italic">grouping</span> parentheses to provide the substitution elements,
something provided implicitly with wildcard matching.

<div class="blockof code">map /*/-/* /wasd_root/runtime/*/*
map ^/(.+)/-/(.+) /wasd_root/runtime/*/*
</div>

<li class="item"> This rather contrived regular expression example has no equivalent
capability available with wildcard matching.  It forbids the use of any path
that contains any character other than alpha-numerics, the hyphen, underscore,
period and forward-slash.

<div class="blockof code">pass ^[^-_./a-z0-9]+ &quot;403 Forbidden character in path!&quot;
</div>

</ol>

<a id="4.4" href="#"></a>
<a id="4.4.expressionsubstitution" href="#"></a>
<a id="expressionsubstitution" href="#"></a>
<h2 class="head"><span class="numb">4.4</span><span class="text">Expression Substitution</span></h2>

<p> Expression substitution is available during path mapping (<a class="link" href="#10.requestprocessingconfiguration">10. Request Processing Configuration</a>).  Both wildcard (implicitly) and regular
expressions (using <span class="high italic">grouping</span> operators) note the offsets of matched portions
of the strings.  These  are then used for wildcard and <span class="high italic">specified</span> wildcard
substitution where result strings provide for this (e.g. mapping 'pass' and
'redirect' rules).  A maximum of nine such wildcard substitutions are supported
(one other, the zeroeth, is the full match).

<a id="4.4.0.0.1" href="#"></a>
<a id="4.4.wildcardsubstitution" href="#"></a>
<a id="wildcardsubstitution" href="#"></a>
<h5 class="head"><span class="text">Wildcard Substitution</span></h5>

<p> With wildcard matching each asterisk wildcard contained in the pattern
(<span class="high italic">template</span> string) has matching characters in the <span class="high italic">target</span> string noted and
stored.  Note that for the percentage (single character) wildcard no such
storage is provided.  These characters are available for substitution using
corresponding wildcards present in the <span class="high italic">result</span> string.  For instance, the
target string

<div class="blockof code">this is an example target string
</div>

would be matched by the pattern string

<div class="blockof code">* is an example target *
</div>

as containing two matching wildcard strings

<div class="blockof code">this
string
</div>

which could be substituted using the result string

<div class="blockof code">* is an example result * 
</div>

producing the resultant string

<div class="blockof code">this is an example result string
</div>

<a id="4.4.0.0.2" href="#"></a>
<a id="4.4.regularexpressionsubstitution" href="#"></a>
<a id="regularexpressionsubstitution" href="#"></a>
<h5 class="head"><span class="text">Regular Expression Substitution</span></h5>

<p> With regular expression matching the groups of matching characters must be
explicitly specified using the <span class="high italic">grouping</span> parenthesis operator.  Hence with
regular expression matching it is possible to match many characters from the
target string without retaining them for later substitution.  Only if that
match is designated as a subsitution source do the matching characters become
available for substituion via any result string.  Using two possible target
strings as an example
<div class="blockof code">this is an example target string
this is a contrived target string
</div>
would both be matched by the regular expression
<div class="blockof code">^^([a-z]*) is [a-z ]* target ([a-z]*)&dollar;
</div>
which though it contains three regular expressions in the pattern, only
two have the grouping parentheses, and so make their matching string available
for substitution
<div class="blockof code">this
string
</div>
which could be substituted using the result string
<div class="blockof code">* is the final result * 
</div>
producing the resultant string
<div class="blockof code">this is the final result string
</div>

<a id="4.4.0.0.3" href="#"></a>
<a id="4.4.specifiedsubstitution" href="#"></a>
<a id="specifiedsubstitution" href="#"></a>
<h5 class="head"><span class="text">Specified Substitution</span></h5>

<p> By default the strings matched by wildcard or grouping operators are
substituted in the same order in which they are matched.  This order may be
changed by specifying which wildcard string should be substituted where.  Not
all matched (and stored) strings need to be substituted.  Some may be omitted
and the contents effectively ignored.

<p> The specified substitution syntax is a result wildcard followed by a
single-apostrophe (') and a single digit from zero to nine (0&hellip;9).  The
zeroeth element is the full matching string.  Element one is the first matching
part of the expression, on through to the last.  Specifying an element that had
no matching string substitutes an empty string (i.e. nothing is added).  Using
the same target string as in the previous previous example
<div class="blockof code">this is an example target string
</div>
and matched by the wildcard pattern string
<div class="blockof code">* is an example target *
</div>
when substituted by the result string
<div class="blockof code">*'2 is an example result
</div>
would produce the resultant string
<div class="blockof code">string is an example result
</div>
with the string represented by the first wildcard effectively being discarded.
<!-- source:0700_CONDITIONAL.WASDOC -->
<hr class="page">
<a id="5." href="#"></a>
<a id="5.conditionalconfiguration" href="#"></a>
<a id="conditionalconfiguration" href="#"></a>
<h1 class="head"><span class="numb">5.</span><span class="text">Conditional Configuration</span></h1>

<div class="TOC2cols2">
<table class="TOC2table">
<tr><td><a href="#5.1.serviceconditionals"><span class="numb">5.1</span><span class="text">Service Conditionals</span></a>
<tr><td><a href="#5.2.ifendifconditionals"><span class="numb">5.2</span><span class="text">If..endif Conditionals</span></a>
<tr><td><a href="#5.3.conditionalkeywords"><span class="numb">5.3</span><span class="text">Conditional Keywords</span></a>
<tr><td><a href="#5.3.1.notepadkeyword"><span class="numb">5.3.1</span><span class="text">Notepad: Keyword</span></a>
<tr><td><a href="#5.3.2.randkeyword"><span class="numb">5.3.2</span><span class="text">Rand: Keyword</span></a>
<tr><td><a href="#5.3.3.requestkeyword"><span class="numb">5.3.3</span><span class="text">Request: Keyword</span></a>
<tr><td><a href="#5.3.4.instanceandrobinkeywords"><span class="numb">5.3.4</span><span class="text">Instance: and Robin: Keywords</span></a>
<tr><td><a href="#5.3.5.timekeyword"><span class="numb">5.3.5</span><span class="text">Time: Keyword</span></a>
<tr><td><a href="#5.3.6.trnlnmkeyword"><span class="numb">5.3.6</span><span class="text">Trnlnm: Keyword</span></a>
<tr><td><a href="#5.3.7.hostaddresses"><span class="numb">5.3.7</span><span class="text">Host Addresses</span></a>
<tr><td><a href="#5.4.examples"><span class="numb">5.4</span><span class="text">Examples</span></a>
<tr><td><a href="#5.5.dictionary"><span class="numb">5.5</span><span class="text">Dictionary</span></a>
<tr><td><a href="#5.5.1.configurationentries"><span class="numb">5.5.1</span><span class="text">Configuration Entries</span></a>
<tr><td><a href="#5.5.2.otherentries"><span class="numb">5.5.2</span><span class="text">Other Entries</span></a>
<tr><td><a href="#5.5.3.entrysubstitution"><span class="numb">5.5.3</span><span class="text">Entry Substitution</span></a>
<tr><td><a href="#5.5.4.watchdictionary"><span class="numb">5.5.4</span><span class="text">WATCH Dictionary</span></a>
</table>
</div>

<table class="NAVtable NAVprint"><tr>
<td><a href="javascript:window.history.back();">&#8617;&#xFE0E;</a>
<td><a href="#4.">&#8598;&#xFE0E;</a>
<td><a href="#0.">&#8593;&#xFE0E;</a>
<td><a href="#6.">&#8600;&#xFE0E;</a>
<td><a href="javascript:window.history.forward();">&#8618;&#xFE0E;</a>
</table>

<p> Request processing (WASD_CONFIG_MAP) and authorization (WASD_CONFIG_AUTH)
rules may be conditionally applied depending on request, server or other
charactersistics. These include

<ul class="list simple list0">
<li class="item"> server host name, port
<li class="item"> client IP address and host name
<li class="item"> browser-accepted content-types, character sets, languages, encodings
<li class="item"> browser identification string
<li class="item"> scheme (&quot;http:&quot; or &quot;https:&quot;, i.e. is it a secure request?)
<li class="item"> HTTP method (GET, POST, etc.)
<li class="item"> request path, query string, cookie data, refering page
<li class="item"> virtual host:port specified in request header
<li class="item"> system information (hardware, Alpha/IA64/X86, node name, VMS version, etc.)
<li class="item"> local time
<li class="item"> random number generation
</ul>

<a id="5.1" href="#"></a>
<a id="5.1.serviceconditionals" href="#"></a>
<a id="serviceconditionals" href="#"></a>
<h2 class="head"><span class="numb">5.1</span><span class="text">Service Conditionals</span></h2>

<p> As described in <a class="link" href="#2.3.1.virtualserver">2.3.1 [[virtual-server]]</a> a [[<span class="high italic">host</span>:<span class="high italic">port</span>]] rule
applies subsequent configuration depending  on whether the request service
matches the specified service.  This makes it a fundamental element of
conditional configuration.

<p> Note that service conditionals impose a boundary on the scope of
<span class="high italic">if..endif</span> constructs.  That is, an <span class="high italic">if..endif</span> may not span a virtual
service conditional.  A conditional flow syntax error is reported if an
<span class="high italic">if..endif</span> construct is not properly closed before encountering a subsequent
[[<span class="high italic">host</span>:<span class="high italic">port</span>]] rule.

<a id="5.2" href="#"></a>
<a id="5.2.ifendifconditionals" href="#"></a>
<a id="ifendifconditionals" href="#"></a>
<h2 class="head"><span class="numb">5.2</span><span class="text">If..endif Conditionals</span></h2>

<p> These may be nested up to a maximum depth of eight, are not case sensitive
and generally match via string comparison, although some tests are performed as
boolean operations, by converting the conditional parameter to a number before
comparison, and IP address parameters will accept a network mask as well as a
string pattern.

<a id="5.2.0.0.1" href="#"></a>
<a id="5.2.stringmatching" href="#"></a>
<a id="stringmatching" href="#"></a>
<h5 class="head"><span class="text">String Matching</span></h5>

<p> The basis of much conditional decision making is string pattern matching. 
Both wildcard and regular expression based pattern  matching is available
(<a class="link" href="#4.stringmatching">4. String Matching</a>).  Wildcard matching in conditional tests is
<span class="high italic">greedy</span>.  Regular expression matching, in common with usage throughout WASD,
is differentiated from wildcard patterns using a leading &quot;^&quot; character.

<a id="5.2.0.0.2" href="#"></a>
<a id="5.2.conditionalsyntax" href="#"></a>
<a id="conditionalsyntax" href="#"></a>
<h5 class="head"><span class="text">Conditional Syntax</span></h5>

<p> Conditional expressions and processing flow structures may be used in the
following formats.  Conditional and rule text may be indented for clarifying
structure.

<div class="blockof code"><span class="high bold">if (<span class="high italic">condition</span>)</span> then apply rest of line

<span class="high bold">if (<span class="high italic">condition</span>)</span>
   then apply one
   or more rules
   up until the corresponding &hellip;
<span class="high bold">endif</span>

<span class="high bold">if (<span class="high italic">condition</span>)</span>
   then apply one
   or more rules
<span class="high bold">else</span>
   apply one or more other rules
   up until the corresponding &hellip;
<span class="high bold">endif</span>

<span class="high bold">if (<span class="high italic">condition</span>)</span>
   then apply one
   or more rules
<span class="high bold">elif (<span class="high italic">condition</span>)</span>
   apply one or more other rules
   in a sort or case statement
<span class="high bold">else</span>
   a possible default rule or rules
   up until the delimiting
<span class="high bold">endif</span>
</div>

<p> Logical operators are also supported, in conjunction with precedence
ordering parentheses, allowing moderately complex compound expressions to be
applied in conditionals.

<table class="tabl">
<tr class="tabr">
<th class="tabh monosp">!
<td class="tabd">logical negation
<tr class="tabr">
<th class="tabh monosp">&amp;&amp;&nbsp;&nbsp;&nbsp;
<td class="tabd">logical AND
<tr class="tabr">
<th class="tabh monosp">&verbar;&verbar;
<td class="tabd">logical OR
</table>

<p> There are two more conditional structures that allow previous decisions to
be reused.  These are <span class="high italic">unif</span> and the <span class="high italic">ifif</span>.  The first
unconditionally includes rules regardless of the current state of execution. 
The second resumes execution only if the previous <span class="high italic">if</span> or
<span class="high italic">elif</span> expression was true.  The <span class="high italic">else</span> statement may also
be used after an <span class="high italic">unif</span> to continue only if the previous expression
was false.  The purpose of these constructs are to allow a single decision
statement to include both conditional and unconditional rules.

<div class="blockof code"><span class="high bold">if (<span class="high italic">condition</span>)</span>
   then apply one
   or more rules
<span class="high bold">unif</span>
   apply this block of rules
   unconditionally
<span class="high bold">ifif</span>
   applied only if the original
   if expression was evaulated as true
<span class="high bold">unif</span>
   apply another block of rules
   unconditionally
<span class="high bold">else</span>
   and this block of rules
   only if the original was false
<span class="high bold">endif</span>
</div>

<div class="note">
<a id="5.2.0.0.3" href="#"></a>
<a id="5.2.cautions" href="#"></a>
<a id="cautions" href="#"></a>
<h5 class="head center"><span class="text">CAUTIONS</span></h5>
<hr class="note_hr">

Conditional syntax is checked at rule load time (either server startup or
reload).  Basic errors such as unknown keywords and unbalanced parentheses or
structure statements will be detected and reported to the corresponding Admin
Menu report and to the server process log.
Unless these reports are checked after modifying rule sets syntax errors may
result in unexpected mappings or access.

<p> Although the server cannot determine
the correct intent of an otherwise syntactically correct conditional, if it
encounters an unexpected but detectable condition during processing it aborts
the request, supplying an appropriate error message.

<p> Flow control errors (e.g. an <span class="high italic">if</span> not closed by a subsequent
<span class="high italic">endif</span>) abort all rule processing and provide a fatal error report
to the client.

<hr class="note_hr">
</div>

<a id="5.3" href="#"></a>
<a id="5.3.conditionalkeywords" href="#"></a>
<a id="conditionalkeywords" href="#"></a>
<h2 class="head"><span class="numb">5.3</span><span class="text">Conditional Keywords</span></h2>

<p> The following keywords provide a match between the corresponding request or
other value and a string immediately following the delimiting colon.  White
space or other reserved characters may not be included unless preceded by a
backslash.  The actual value being used in the conditional matching may be
observed using the mapping item of the WATCH facility.

<a id="5.3.0.0.1" href="#"></a>
<a id="5.3.conditionalkeywords" href="#"></a>
<a id="conditionalkeywords" href="#"></a>
<h5 class="head"><span class="text">Conditional Keywords</span></h5>

<table class="tabl">
<tr class="tabr under">
<th class="tabh">Keyword
<th class="tabh">Description
<tr class="tabr">
<tr class="tabr backlight">
<td class="tabd">accept:
<td class="tabd">Browser-accepted content types as listed in the &quot;Accept:&quot; request
header field.  Same string as provided in CGI variable HTTP_ACCEPT.
<tr class="tabr">
<td class="tabd">accept-charset:
<td class="tabd">Browser-accepted character sets as listed in the &quot;Accept-Charset:&quot;
request header field.  CGI variable HTTP_ACCEPT_CHARSET.
<tr class="tabr backlight">
<td class="tabd">accept-encoding:
<td class="tabd">Browser-accepted content encoding as listed in the
&quot;Accept-Encoding:&quot; request header field.  CGI variable
HTTP_ACCEPT_ENCODING.
<tr class="tabr">
<td class="tabd">accept-language:
<td class="tabd">Browser language preferences as listed in the
&quot;Accept-Language:&quot; request header field.  CGI variable
HTTP_ACCEPT_LANGUAGE.
<tr class="tabr backlight">
<td class="tabd">authorization:
<td class="tabd">The raw authorization string from the request header, if any supplied. 
This could be simply used to test whether it has been supplied or not.
<tr class="tabr">
<td class="tabd">callout:
<td class="tabd">Simple boolean value. If a script callout is in progress (see &quot;Scripting
Overview, CGI Callouts&quot;.) it is true, otherwise false.
<tr class="tabr backlight">
<td class="tabd">client_connect_gt:
<td class="tabd">An integer representing the current network connections (those currently being
processed plus those currently being &quot;kept alive&quot;) for the particular client
represented by the current request.  If greater than this value returns true,
otherwise false.
See <a class="link" href="#2.6.clientconcurrency">2.6 Client Concurrency</a>.
<tr class="tabr">
<td class="tabd">cluster_member:
<td class="tabd">If the supplied node name is (perhaps currently) a member of the cluster (if
any) the server may be executing on.
<tr class="tabr backlight">
<td class="tabd">command_line:
<td class="tabd">The command line qualifiers and parameters used when the server image was
activated.
<tr class="tabr">
<td class="tabd">cookie:
<td class="tabd">Raw cookie data as the text string provided in &quot;Cookie:&quot; request header field. 
CGI variable HTTP_COOKIE.
<tr class="tabr backlight">
<td class="tabd">decnet:
<td class="tabd">Whether DECnet is active on the system and which version is available.  This
value will be 0 if not active, 4 if PhaseIV or 5 is PhaseV.
<tr class="tabr">
<td class="tabd">dict:
<td class="tabd">Matches the specified dictionary entry.
See <a class="link" href="#5.5.4.watchdictionary">5.5.4 WATCH Dictionary</a>.
<tr class="tabr backlight">
<td class="tabd">directory:
<td class="tabd">Tests whether the specified directory exists or not.  Parameter can be a URI
available for mapping by the server or a VMS file-system specification.  If no
parameter is supplied the request path is mapped to a file-system
specification.  As this conditional accesses the file-system it can be
<span class="high italic">relatively expensive in terms of server latency</span>.
<tr class="tabr">
<td class="tabd">document_root:
<td class="tabd">The DOCUMENT_ROOT CGI variable SET using the
<span class="high italic">map=root=&lt;string&gt;</span> mapping rule.
<tr class="tabr backlight">
<td class="tabd">file:
<td class="tabd">Tests whether the specified file exists or not.  Parameter can be a URI
available for mapping by the server or a VMS file-system specification.  If no
parameter is supplied the request path is mapped to a file-system
specification.  The specification can be a directory.  As this conditional
accesses the file-system it can be <span class="high italic">relatively expensive in terms of
server latency</span>.
<tr class="tabr">
<td class="tabd">forwarded:
<td class="tabd">Proxy/gateway host(s) request forwarded by, as specified in request header
field &quot;Forwarded:&quot;.  CGI variable HTTP_FORWARDED.
<tr class="tabr backlight">
<td class="tabd">host:
<td class="tabd">The host (and optionally port) specified in request header &quot;Host:&quot;
field.  This is used by all modern browsers to provide virtual host information
to the server.  CGI variable HTTP_HOST.
<tr class="tabr">
<td class="tabd">http2:
<td class="tabd">Is true if the request is being transported using HTTP/2
<tr class="tabr backlight">
<td class="tabd">instance:
<td class="tabd">Used to check whether a particular, clustered instance of WASD is available. 
See <a class="link" href="#5.3.4.instanceandrobinkeywords">5.3.4 Instance: and Robin: Keywords</a>.
<tr class="tabr">
<td class="tabd">jpi_username:
<td class="tabd">The account username the server is executing as.
<tr class="tabr backlight">
<td class="tabd">mapped_path:
<td class="tabd">The path resulting from mapping (phase 2 if script path involved) from which
the path-translated is derived.
<tr class="tabr">
<td class="tabd">multihome:
<td class="tabd">Somewhat specialised conditional that becomes non-null when a client used a
different IP address to connect to the service than the is bound to.  Is set to
the IP address the client used and may be matched using wildcard matching or as
a network mask.
<tr class="tabr backlight">
<td class="tabd">note:
<td class="tabd">Ad hoc information (string) provided by the server administrator using the
/DO=NOTE= facility (and online equivalent) that can be used to quickly and
easily modify rule processing on a per-system or per-cluster basis.
<tr class="tabr">
<td class="tabd">notepad:
<td class="tabd">Information (strings) stored using the SET <span class="high italic">notepad=</span> mapping rule.
See <a class="link" href="#5.3.1.notepadkeyword">5.3.1 Notepad: Keyword</a>.
<tr class="tabr backlight">
<td class="tabd">ods:
<td class="tabd">Specified as 2 or 5 (Extended File System), or as SRI file name encoding
(MultiNet NFS and others) PWK encoding (PATHWORKS 4/5), ADS encoding
(Advanced Server / PATHWORKS 6), SMB encoding (Samba - same as ADS).
<tr class="tabr">
<td class="tabd">pass:
<td class="tabd">A numeric value, 1 or 2, representing the first or second pass (if a script
component was parsed) through the path mapping rules.  Will be zero at other
times.  When the server is <span class="high italic">reverse-mapping</span> a file specification
will be -1.
<tr class="tabr backlight">
<td class="tabd">path-info:
<td class="tabd">Path specified in the request line.  CGI variable PATH_INFO.
<tr class="tabr">
<td class="tabd">path-translated:
<td class="tabd">VMS translation of path-info.  Available after rule mapping (i.e. during
authorization rule processing).
<tr class="tabr backlight">
<td class="tabd">proctor:
<td class="tabd">Simple boolean value.  If a proctored script this is true (see
<a class="link blank" target="_blank" href="../scripting/#scriptproctor">Script Proctor</a> in <a class="link blank" target="_blank" href="../scripting/#0.">WASD Scripting</a>).
<tr class="tabr">
<td class="tabd">query-string:
<td class="tabd">Query string specified in request line.  Same information as provided in
CGI variable QUERY_STRING.
<tr class="tabr backlight">
<td class="tabd">rand:
<td class="tabd">Value from a random number generator.
See <a class="link" href="#5.3.2.randkeyword">5.3.2 Rand: Keyword</a>.
<tr class="tabr">
<td class="tabd">redirected:
<td class="tabd">If a request has been internally redirected
(<a class="link" href="#10.5.2.redirectrule">10.5.2 REDIRECT Rule</a>) this conditional will be non-zero.  Can
be used as a boolean or with a digit specified.
<tr class="tabr backlight">
<td class="tabd">referer:
<td class="tabd">URL of refering page as provided in &quot;Referer:&quot; request header field. 
CGI variable HTTP_REFERER.
<tr class="tabr">
<td class="tabd">regex:
<td class="tabd">Simple boolean value.  If configuration directive [RegEx] is enabled (and hence
regular expression string matching, <a class="link" href="#4.stringmatching">4. String Matching</a>) this
will be true.
<tr class="tabr backlight">
<td class="tabd">remote-addr:
<td class="tabd">Client IP address.  Same as provided as CGI variable REMOTE_ADDR.  As
with all IP addresses used for conditional testing this may be wildcard string
match or network mask expressed as <span class="high italic">address</span>/<span class="high italic">mask-length</span>
(see <a class="link" href="#5.3.7.hostaddresses">5.3.7 Host Addresses</a>).  A domain (host) name
preceded by a question point may be specified (e.g. &quot;?the.host.name&quot;). 
The corresponding IP address is  then looked up and compared to the client. 
This allows ad hoc host name based rules and is distinct from use of
<span class="high italic">remote-host</span>.  Note that DNS lookup can introduce some latency to
rule (and request) processing.
<tr class="tabr">
<td class="tabd">remote-host:
<td class="tabd">Client host name if name resolution enabled, otherwise the IP address (same
as <span class="high italic">remote-addr</span>).
CGI variable REMOTE_HOST.
<tr class="tabr backlight">
<td class="tabd">request:
<td class="tabd">Detect the presence of specific or unknown request fields.
See <a class="link" href="#5.3.3.requestkeyword">5.3.3 Request: Keyword</a>.
<tr class="tabr">
<td class="tabd">request-method:
<td class="tabd">HTTP method (&quot;GET&quot;, &quot;POST&quot;, etc.) specified in the request
line.  CGI variable REQUEST_METHOD.
<tr class="tabr backlight">
<td class="tabd">request-protocol:
<td class="tabd">Detect the HTTP protocol in use for the request, as &quot;2&quot;, &quot;1.1&quot;,
&quot;1.0&quot; or &quot;0.9&quot;.  Note that the <span class="high italic">server-protocol</span>
conditional will indicate 1.1 when the <span class="high italic">request-protocol</span> indicates
2.  The server and its applications (scripts) still treat it semantically
as HTTP/1.1.
<tr class="tabr">
<td class="tabd">request-scheme:
<td class="tabd">Request protocol as &quot;http:&quot; or &quot;https:&quot;.   CGI variable
REQUEST_SCHEME.
<tr class="tabr backlight">
<td class="tabd">request-uri:
<td class="tabd">The unescaped request path plus any query-string.  CGI variable REQUEST_URI.
<tr class="tabr">
<td class="tabd">restart:
<td class="tabd">A numeric value, zero to maximum, representing the number of times path mapping
has been SET <span class="high italic">map=restart</span>.   Can be used as a boolean or with a
digit specified.
<tr class="tabr backlight">
<td class="tabd">robin:
<td class="tabd">Used to check whether a particular, clustered instance of WASD is available and
distribute requests to it using a round-robin algorithm. 
See <a class="link" href="#5.3.4.instanceandrobinkeywords">5.3.4 Instance: and Robin: Keywords</a>.
<tr class="tabr">
<td class="tabd">script-name:
<td class="tabd">After the first pass of rule mapping (script component resolution), or during
authorization processing, any script component of the request URI.
<tr class="tabr backlight">
<td class="tabd">server-addr:
<td class="tabd">The service IP address.  CGI variable SERVER_ADDR.
This may be wildcard string match or network mask expressed as
<span class="high italic">address</span>/<span class="high italic">mask-length</span>.
<tr class="tabr">
<td class="tabd">server_connect_gt:
<td class="tabd">An integer representing the current server network connections (those currently
being processed plus those currently being &quot;kept alive&quot;).  If greater than this
value returns true, otherwise false.
<tr class="tabr backlight">
<td class="tabd">server_process_gt:
<td class="tabd">An integer representing the current server requests in-progress.  If greater
than this value returns true, otherwise false.
<tr class="tabr">
<td class="tabd">server-name:
<td class="tabd">The (possibly virtual) server name.  This may or may not exactly match any
string provided via the <span class="high italic">host</span> keyword.  CGI variable SERVER_NAME.
<tr class="tabr backlight">
<td class="tabd">server-port:
<td class="tabd">The (possibly virtual) server port number.  CGI variable SERVER_PORT.
<tr class="tabr">
<td class="tabd">server-protocol:
<td class="tabd">&quot;1.1&quot;, &quot;1.0&quot;, &quot;0.9&quot; representing the HTTP protocol used by
the request.
<tr class="tabr backlight">
<td class="tabd">server-software:
<td class="tabd">The server identification string, including the version.  For example
&quot;HTTPd-WASD/8.0.0 OpenVMS/AXP SSL&quot;.  CGI variable SERVER_SOFTWARE.
<tr class="tabr">
<td class="tabd">service:
<td class="tabd">This is the composite server name plus port as
<span class="high italic">server-name</span>:<span class="high italic">port</span>.  To match an unknown service use
&quot;?&quot;.
<tr class="tabr backlight">
<td class="tabd">ssl:
<td class="tabd">Simple boolean value.  If request is via Secure Sockets Layer then this
will be true.
<tr class="tabr">
<td class="tabd">syi_arch_name:
<td class="tabd">System information; CPU architecture of the server system, &quot;Alpha&quot;,
&quot;Itanium&quot; or &quot;x86-64&quot;.
<tr class="tabr backlight">
<td class="tabd">syi_hw_name:
<td class="tabd">System information; hardware identification string, for example
&quot;AlphaStation 400 4/233&quot;.
<tr class="tabr">
<td class="tabd">syi_nodename:
<td class="tabd">System information; the node name, for example &quot;KLAATU&quot;.
<tr class="tabr backlight">
<td class="tabd">syi_version:
<td class="tabd">System information; VMS version string, for example &quot;V7.3&quot;.
<tr class="tabr">
<td class="tabd">tcpip:
<td class="tabd">A string derived from the UCX&dollar;IPC_SHR shareable image. It looks something like
this &quot;Compaq TCPIP&dollar;IPC_SHR V5.1-15 (11-JAN-2001 02:28:33.95)&quot; and comprises the
agent (Compaq, MultiNet, TCPware, unknown), the name of the image, the version
and finally the link date.
<tr class="tabr backlight">
<td class="tabd">time:
<td class="tabd">Compare to current system time.  See <a class="link" href="#5.3.5.timekeyword">5.3.5 Time: Keyword</a>.
<tr class="tabr">
<td class="tabd">trnlnm:
<td class="tabd">Translate a logical name.  See <a class="link" href="#5.3.6.trnlnmkeyword">5.3.6 Trnlnm: Keyword</a>.
<tr class="tabr backlight">
<td class="tabd">upstream-addr:
<td class="tabd">Client proxy/accelerator IP address, when &quot;SET CLIENT=keyword&quot; has been applied
to enable transparent up-stream proxy.  Same as provided as CGI variable 
UPSTREAM_ADDR.  As  with all IP addresses used for conditional testing this may
be wildcard string match or network mask expressed as
<span class="high italic">address</span>/<span class="high italic">mask-length</span> (see <a class="link" href="#5.3.7.hostaddresses">5.3.7 Host Addresses</a>).
<tr class="tabr">
<td class="tabd">user-agent:
<td class="tabd">Browser identification string as provided in &quot;User-Agent:&quot; request
header field.  CGI variable HTTP_USER_AGENT.
<tr class="tabr backlight">
<td class="tabd">webdav:
<td class="tabd">Simple boolean value.  If the request has been identified as WebDAV then this
is true. Takes an optional parameter:

<table class="tabl">
<tr class="tabr">
<td class="tabd">webdav:all
<td class="tabd">True if path has been <span class="high italic">SET webdav=all</span>
<tr class="tabr">
<td class="tabd">webdav:auth
<td class="tabd">True if path has been <span class="high italic">SET webdav=auth</span>
<tr class="tabr">
<td class="tabd">webdav:MSagent
<td class="tabd">True if a Microsoft WebDAV agent has been detected.

</table>
<tr class="tabr">
<td class="tabd">websocket:
<td class="tabd">Simple boolean value.  If a WebSocket protocol upgrade request will be true.
<tr class="tabr backlight">
<td class="tabd">x-forwarded-for:
<td class="tabd">Proxied client name or address as provided in &quot;X-Forwarded-For:&quot; request
header field.  CGI variable HTTP_X_FORWARDED_FOR. 

</table>

<a id="5.3.1" href="#"></a>
<a id="5.3.1.notepadkeyword" href="#"></a>
<a id="notepadkeyword" href="#"></a>
<h3 class="head"><span class="numb">5.3.1</span><span class="text">Notepad: Keyword</span></h3>

<p> The <span class="high italic">request notepad</span> is a string storage area that can be used to store
and retrieve ad hoc information during path mapping and subsequent
authorization processing.  The notepad contents can be changed using the SET
<span class="high italic">notepad=&lt;string&gt;</span> or appended to using SET <span class="high italic">notepad=+&lt;string&gt;</span> (<a class="link" href="#10.5.5.setrule">10.5.5 SET Rule</a>).  These contents then can be  subsequently detected using the
<span class="high italic">notepad:</span> conditional keyword (or the obsolescent 'NO' mapping conditional)
and used to control subsequent mapping or authorization processing.

<p> Notepad information persists across internal redirection processing
(<a class="link" href="#10.5.2.redirectrule">10.5.2 REDIRECT Rule</a>) and so may be used when the regenerated request is
mapped and authorized.  To prevent such information from unexpectedly
interfering with internally redirected requests a <span class="high italic">notepad=&quot;&quot;</span> can be used to
empty the storage area.

<p> The <span class="high italic">dictionary</span> facility provides similar and arguably superior
functionailtiy.  See <a class="link" href="#5.5.4.watchdictionary">5.5.4 WATCH Dictionary</a>.  In fact <span class="high italic">notepad</span> is now
implemented as a dictionary entry.

<a id="5.3.2" href="#"></a>
<a id="5.3.2.randkeyword" href="#"></a>
<a id="randkeyword" href="#"></a>
<h3 class="head"><span class="numb">5.3.2</span><span class="text">Rand: Keyword</span></h3>

<p> At the commencement of each pass a new pseudo-random number is generated
(and therefore remains constant during that pass).  The  <span class="high italic">rand:</span>
conditional is intended to allow some sort of distribution to be built into a
set of rules, where each pass (request) generates a different one.  The random
conditional accepts two parameters, a <span class="high italic">modulas</span> number, which is used
to modulas the base number, and a <span class="high italic">comparison</span> number, which is
compared to the modulas result.

<p> Hence the following conditional rules
<div class="blockof code">if (rand:3:0)
   <span class="high italic">do this</span>
elif (rand:3:1)
   <span class="high italic">do this</span>
else
   <span class="high italic">do this</span>
endif
</div>
would pseudo-randomly generate base numbers of 0, 1, 2 and perform the
appropriate conditional block.  Over a sufficient number of usages this should
produce a relatively even distribution of numbers.  If the modulas is specified
as less than two (i.e. no distribution factor at all) it defaults to 2 (i.e. a
distribution of 50%).  Hence the following example should be the equivalent of
a coin toss.
<div class="blockof code">if (rand:)
   <span class="high italic">heads</span>
else
   <span class="high italic">tails</span>
endif
</div>

<a id="5.3.3" href="#"></a>
<a id="5.3.3.requestkeyword" href="#"></a>
<a id="requestkeyword" href="#"></a>
<h3 class="head"><span class="numb">5.3.3</span><span class="text">Request: Keyword</span></h3>

<p> Looks through each of the lines of the request header for the specified
request field and/or value.  This may be used to detect the presence of
specific or unknown (to the server) request fields.  When detecting a specified
just field the name can be provided
<div class="blockof code">if (request:&quot;Keep-Alive:*&quot;)
</div>
matching any value, or specific values can also be matched for
<div class="blockof code">if (request:&quot;User-Agent:*Opera*&quot;)
</div>

<p> Note that all request fields known to the server have a specific associated
conditional keyword (i.e. &quot;user-agent:&quot; for the above example).  To
determine whether any request fields unknown to the server have been supplied
use the <span class="high italic">request:</span> keyword as in the following example.
<div class="blockof code">if (request:?)
   map * /cgi-bin/unknown_request_notify.com*
endif
</div>

<a id="5.3.4" href="#"></a>
<a id="5.3.4.instanceandrobinkeywords" href="#"></a>
<a id="instanceandrobinkeywords" href="#"></a>
<h3 class="head"><span class="numb">5.3.4</span><span class="text">Instance: and Robin: Keywords</span></h3>

<p> Both of these conditionals are designed to allow the redistribution of
requests between clustered WASD services.  They are WASD-aware and so allow a
slightly more tailored distribution than perhaps an IP package round-robin
implementation might.  Each tests for the current operation of WASD on a
particular node (using the DLM) before allowing the selection of that node as a
target. This can allow some systems to be shutting down or starting up, or have
WASD shutdown for any reason, without requiring any extraordinary procedures
to allow for the change in processing environment.

<a id="5.3.4.0.1" href="#"></a>
<a id="5.3.4.instance" href="#"></a>
<a id="instance" href="#"></a>
<h5 class="head"><span class="text">Instance:</span></h5>

<p> The instance: directive allows testing for a particular
cluster member having a WASD instance currently running.  This can allow
requests to be redirected or reverse-proxied to a particular system with the
knowlege that it should be processed (of course there is a small window of
uncertainty as events such as system shutdown and startup occur
asynchronously).  The behaviour of the conditional block is entirely
determinate based on which node names have a WASD instance and the order of
evaluation.  Compare this to a similar construct using the robin: directive, as
described below.

<p> This conditional is deployed in two phases.  In the first, it contains a
comma-separated list of node names (that are expected to have instances of WASD
instantiated).  In the second, containing a single node name, allowing the
selected node to be tested.  For example.

<div class="blockof code">if (instance:NODE1,NODE2,NODE3)
   if (instance:NODE1) redirect /* http://node1.domain.name/*?
   if (instance:NODE2) redirect /* http://node2.domain.name/*?
   if (instance:NODE3) redirect /* http://node3.domain.name/*?
   pass * &quot;500 Some sort of logic error!!&quot;
endif
pass * &quot;503 No instance currently available!&quot;
</div>

<p> If none of the node names specified in the first phase is currently running
a  WASD instance the rule returns false, otherwise true.  If true the above
example has conditional block processed with each of the node names
successively tested.  If NODE1 has a WASD instance executing it returns true
and the associated redirect is performed.  The same for NODE2 and NODE3.  At
least one of these would be expected to test true otherwise the outer
conditional established during phase one would have been expected to return
false.

<a id="5.3.4.0.2" href="#"></a>
<a id="5.3.4.robin" href="#"></a>
<a id="robin" href="#"></a>
<h5 class="head"><span class="text">Robin:</span></h5>

<p> The robin: conditional allows rules to be applied
sequentially against specified members of a cluster that currently have
instances of WASD running. This is obviously intended to allow a form of load
sharing and/or with redundancy (not balancing, as no evaluation of the selected
target's current workload is performed, see below).  As with the instance:
directive above, there is, of course, a small window of potential uncertainty
as events such as system shutdown and startup occur asynchronously and may
impact availability between the phase one test and ultimate request
distribution.

<p> This conditional is again used in two phases.  The first, containing a
comma-separated list of node names (that are expected to have instances of WASD
instantiated).  The second, containing a single node name, allowing the
selected node (from phase one) to have a rule applied.  For example.

<div class="blockof code">if (robin:X861,ALPHA1,ALPHA2,IA64A)
   if (robin:X861) redirect /* http://x861.domain.name/*?
   if (robin:ALPHA1) redirect /* http://alpha1.domain.name/*?
   if (robin:ALPHA2) redirect /* http://alpha2.domain.name/*?
   if (robin:IA64A) redirect /* http://ia64a.domain.name/*?
   pass * &quot;500 Some sort of logic error!!&quot;
endif
pass * &quot;503 No round-robin node currently available!&quot;
</div>

<p> In this case round-robining will be made through four node names.  Of
course these do not have to represent all the systems in the cluster currently
available or having WASD instantiated.  The first time the 'robin:' rule
containing multiple names is called X861 will be selected.  The second time
ALPHA1, the third ALPHA2, and the fourth IA64A.  With the fifth call X861 is
returned to, the sixth ALPHA1, etc.  In addition, the selected nodename is
verified to have a instance of WASD currently running (using the DLM and WASD's
instance awareness).  If it does not, round-robining is applied again until one
is found (if none is available the phase one conditional returns false).  This
is most significant as it ensures that the selected node should be able to
respond to a redirected or (reverse-)proxied requested.  This is the selection
set-up phase.

<p> Then there is the selection application phase.  Inside the set-up
conditional other conditionals apply the selection made in the first phase
(through simple nodename string comparison).  The rule, in the above example a
redirect, is applied if that was the node selected.

<p> During selection set-up unequal weighting can be applied to the round-robin
algorithm by including particular node names more than once.

<div class="blockof code">if (robin:X861,ALPHA,X862,ALPHA)
</div>

<p> In the above example, the node ALPHA will be selected twice as often as
either of X861 and X862 (and because of the ordering interleaved with the X86
selections).

<a id="5.3.5" href="#"></a>
<a id="5.3.5.timekeyword" href="#"></a>
<a id="timekeyword" href="#"></a>
<h3 class="head"><span class="numb">5.3.5</span><span class="text">Time: Keyword</span></h3>

<p> The <span class="high italic">time:</span> conditional allows server behaviour to change
according to the time of day, week, or even year.  It compares the supplied
parameter to the current system time in one of three ways.

<ol class="list">

<li class="item"> The supplied parameter is in the form &quot;1200-1759&quot;, which should
be read as &quot;twelve noon to five fifty-nine PM&quot; (i.e. as a time range in
minutes, generalized as <span class="high italic">hhmm-hhmm</span>), where the first is the start
time and the second the end time.  If the current time is within that range
(inclusive) the conditional returns true, otherwise false.  If the range
doesn't look correct false is always returned.

<div class="blockof code">if (time:0000-0000)
   <span class="high italic">it's midnight</span>
elif (time:0001-1159)
   <span class="high italic">it's AM</span>
elif (time:1200-1200)
   <span class="high italic">it's noon</span>
else
   <span class="high italic">it's PM</span>
endif
</div>

<li class="item"> If the supplied parameter is a single digit it is compared to the VMS day
of the week (1-Monday, 2-Tuesday &hellip; 7-Sunday).

<div class="blockof code">if (time:6 &verbar;&verbar; time:7)
   <span class="high italic">it's the weekend</span>
else
   <span class="high italic">it's the working week</span>
endif
</div>

<li class="item"> If the supplied string is not in either of the formats described above it
is treated as a string match with a VMS comparision time (i.e.
<span class="high italic">yyyy-mm-dd hh-mm-ss.hh</span>). 

<div class="blockof code">if (time:%%%%-05-*)
   <span class="high italic">it's the month of May</span>
endif
</div>

</ol>

<a id="5.3.6" href="#"></a>
<a id="5.3.6.trnlnmkeyword" href="#"></a>
<a id="trnlnmkeyword" href="#"></a>
<h3 class="head"><span class="numb">5.3.6</span><span class="text">Trnlnm: Keyword</span></h3>

<p> The <span class="high italic">trnlnm:</span> conditional dynamically translates a logical name
and uses the value.  One mandatory and up to two optional parameters may be
supplied.

<div class="blockof code">trnlnm:logical-name[;name-table][:string-to-match]
</div>

<p> The <span class="high italic">logical-name</span> must be supplied; without it false is always
returned.  If just the <span class="high italic">logical-name</span> is supplied the conditional
returns true if the name exists or false if it does not.  The default
<span class="high italic">name-table</span> is LNM&dollar;FILE_DEV.  When the optional
<span class="high italic">name-table</span> is supplied the lookup is confined to that table.  If
the optional <span class="high italic">string-to-match</span> is supplied it is matched against the
value of the logical and the result returned.

<a id="5.3.7" href="#"></a>
<a id="5.3.7.hostaddresses" href="#"></a>
<a id="hostaddresses" href="#"></a>
<h3 class="head"><span class="numb">5.3.7</span><span class="text">Host Addresses</span></h3>

<p> Host names or addresses can be an alpha-numeric string (if DNS lookup is
enabled) or dotted-decimal network address, a slash, then a dotted-decimal
mask.  For example &quot;131.185.250.0/255.255.255.192&quot;. This has a 6 bit
subnet.  It operates by bitwise-ANDing the client host address with the mask,
bitwise-ANDing the network address supplied with the mask, then comparing the
two results for equality.  Using the above example the host 131.185.250.250
would be accepted, but 131.185.250.50 would be rejected. Equivalent notation
for this rule would be &quot;131.185.250.0/26&quot;.

<a id="5.4" href="#"></a>
<a id="5.4.examples" href="#"></a>
<a id="examples" href="#"></a>
<h2 class="head"><span class="numb">5.4</span><span class="text">Examples</span></h2>

<p> The following provides a collection of examples of conditional mapping and
authorization rules illustrating the use of wildcard matching, network mask
matching and the various formats in which the rules may be blocked.

<ol class="list">

<li class="item"> This first example shows an EXEC mapping rule being applied to a path if
the request query string contains the string &quot;example&quot;.

<div class="blockof code">if (query-string:*example*) exec /* /cgi-bin/example/* 
</div>

<li class="item"> In this example a block of mapping statements is processed if the virtual
service of the request matches that in the conditional, otherwise the block is
skipped.  Note the indentation to help clarify the structure.

<div class="blockof code">if (service:the.host.name:80)
   pass /web/* /dka0/the_host_name_web/*
   pass /graphics/* /dka100/graphics/*
   pass * &quot;404 Resource not found.&quot;
endif
</div>

<li class="item"> This example a series of tests allow a form of case processing where the
first to match will be processed and terminate the matching process.  In this
case if a match does not occur rule processing continues after the
<span class="high italic">endif</span>.

<div class="blockof code">if (service:the.host.name:80)
   pass /web/* /dka0/the_host_name_web/*
elif (service:next.host.name:80)
   pass /web/* /dka0/next_host_name_web/*
elif (service:another.host.name:80)
   pass /web/* /dka0/another_host_name_web/*
endif
pass /graphics/* /dka100/graphics/*
pass * &quot;404 Resource not found.&quot;
</div>

<li class="item"> In this (somewhat contrived) example a nested test is used to check
(virtual) server name and that the request is being handled via Secure Sockets
Layer (SSL) for security.  If it is not an informative message is supplied. 
The <span class="high italic">else</span> and the quotes are not really required but included here
for illustration.

<div class="blockof code">if (server-name:the.host.name)
   if (scheme:&quot;https&quot;)
      pass /secure/* /dka0/the_host_name_web/secure/*
   else
      pass * /dka0/the_host_name_web/secure/only-via-SSL.html
   endif
endif
</div>

<li class="item"> This would be another way to accomplish a similar objective to example 4. 
This uses a <span class="high italic">negation</span> operator to exclude access to successive
mappings if not requesting via SSL.

<div class="blockof code">if (server-name:the.host.name)
   if (!SSL:)
      pass * /web/secure/only-via-SSL.html
   endif
   pass /secure/* /web/secure/*
   pass /other/* /web/other/*
   pass /web/* /web/web/*
   pass * &quot;404 Resource not found.&quot;
endif
</div>

<li class="item"> This example shows the use of a compound conditional using the AND and OR
operators.  It also illustrates the use of a network mask.  It will exclude all
access to the specified path unless the request is originating from
within a specified network (perhaps an intranet) or via SSL.

<div class="blockof code">if (path:/sensitive/* &amp;&amp; !(remote-addr:131.185.250.0/24 &verbar;&verbar; SSL:))
   pass * 404 &quot;Access denied (SSL only).&quot;
endif
</div>

<li class="item"> This example illustrates restricting authentication to SSL.

<div class="blockof code">[[*]]
[&quot;Your VMS password&quot;=VMS]
if (!request-scheme:https)
   * r+w,#0
endif
</div>

<li class="item"> Logical name translation may be used to dynamically alter the flow of
rule interpretation.

<div class="blockof code">if (trnlnm:HTTPD_EXAMPLE)
   pass /* /example/*
else
   pass /* /*
endif
</div>

<li class="item"> Using a site administrator's /DO=NOTE= entry to modify rule processing. 
In this example the contingency of a broken back-end processor has been
prepared for and a document advising clients of the temporary problem is
redirected to once the administrator enters

<div class="blockof code">&dollar; HTTPD /DO=NOTE=PROBLEM /ALL
</div>
 at the command-line (or via the online equivalent).  Note that in this
example external clients are provided with the problem advice document while
internal clients may still access the back-end for troubleshooting purposes.

<div class="blockof code">if (note:PROBLEM &amp;&amp; !remote-addr:131.185.0.0/16)
   pass /* /problem_with_backend.html
else
   pass /* /backend/*
endif
</div>

<p> Of course there are a multitude of possibilities based on this idea!

</ol>

<div class="note center"><a id="5.4.0.0.0.1" href="#"></a>
<a id="5.4.note" href="#"></a>
<a id="note" href="#"></a>
<h5 class="head center"><span class="text">Note</span></h5>
<hr class="note_hr">

The noted data persists across server startups but does not persist across
system startups!
<hr class="note_hr">
</div>

<a id="5.5" href="#"></a>
<a id="5.5.dictionary" href="#"></a>
<a id="dictionary" href="#"></a>
<h2 class="head"><span class="numb">5.5</span><span class="text">Dictionary</span></h2>

<p> The per-request dictionary stores key-value string pairs related to request
processing.  Some entries are generated and used internally by the server and
others may be inserted, value changed, removed and tested by the server admin
for conditional processing purposes.

<p> The dictionary was initially introduced as an abstraction layer between the
significantly different HTTP/2 and HTTP/1.<span class="high italic">n</span> header semantics and
server internal processing.  Its utility was then extended into configuration. 
It is implemented as a standard hash table with collision lists.  The small
cost in terms of processing is completely offset by its effectiveness.

<a id="5.5.1" href="#"></a>
<a id="5.5.1.configurationentries" href="#"></a>
<a id="configurationentries" href="#"></a>
<h3 class="head"><span class="numb">5.5.1</span><span class="text">Configuration Entries</span></h3>

<p> Dictionary entries may be configured using the SET dict=<span class="high italic">key</span>=<span class="high italic">value</span>
mapping rule or the DICT <span class="high italic">key</span>=<span class="high italic">value</span> meta keyword.  These are known as 
<span class="high italic">configuration entries</span>.  Keys must begin with an alpha-numeric character but
otherwise keys and values may contain any printable character, with some
needing to be escaped in the text of configuration files.  These are some
examples of each.

<div class="blockof code">set /example/path* dict=example_key=example&nbsp;value
set /example/path* dict=example_key=&quot;example value&quot;
set /example/path* dict=example_key=&quot;example "value"&quot;

dict example_key=example&nbsp;value
dict example_key=&quot;example value&quot;
dict example_key=&quot;example "value"&quot;
</div>

<p> If an existing key is (re-)inserted it overwrites the old value.

<p> An entry can have an empty value.

<div class="blockof code">set /example/path* dict=example_key=
dict example_key=
</div>

<p> An entry may be removed from the dictionary by prefixing the key name with
an exclamation point.

<div class="blockof code">set /example/path* dict=!example_key
dict !example_key
</div>

<p> All configuration entries may be removed by using the exclamation point
with an empty key.

<div class="blockof code">set /example/path* dict=!
dict !
</div>

<div class="note"><a id="5.5.1.0.0.1" href="#"></a>
<a id="5.5.1.note" href="#"></a>
<a id="note" href="#"></a>
<h5 class="head center"><span class="text">Note</span></h5>
<hr class="note_hr">

Configuration entries persist across internal redirection processing
(<a class="link" href="#10.5.2.redirectrule">10.5.2 REDIRECT Rule</a>) and so may be used as flags or otherwise contain useful
information when the regenerated request is mapped and authorized.  To prevent
such information from unexpectedly interfering with internally redirected
requests selected or all entries can be removed in the redirected request using
the above values.
<hr class="note_hr">
</div>

<a id="5.5.2" href="#"></a>
<a id="5.5.2.otherentries" href="#"></a>
<a id="otherentries" href="#"></a>
<h3 class="head"><span class="numb">5.5.2</span><span class="text">Other Entries</span></h3>

<p> As mentioned, the server generates and uses dictionary entries during
request processing.  There are multiple types of entry, generally insulated
from each other for good reason.  These entries are also available for
conditional testing.

<a id="5.5.2.0.1" href="#"></a>
<a id="5.5.2.dictionaryentries" href="#"></a>
<a id="dictionaryentries" href="#"></a>
<h5 class="head"><span class="text">Dictionary Entries</span></h5>

<table class="tabl">
<tr class="tabr under">
<th class="tabh">Character
<th class="tabh">Type
<th class="tabh">Description
<tr class="tabr">
<tr class="tabr">
<td class="tabd">~
<td class="tabd">configuration
<td class="tabd">admin managed entry
<tr class="tabr">
<td class="tabd">&dollar;
<td class="tabd">internal
<td class="tabd">server processing
<tr class="tabr">
<td class="tabd">&gt;
<td class="tabd">request
<td class="tabd">request header field
<tr class="tabr">
<td class="tabd">&lt;
<td class="tabd">response
<td class="tabd">response header field
</table>

<p> The &quot;if (dict:<span class="high italic">expression</span>)&quot; contruct first checks for a configuration
entry, then for an request header field entry, then finally for an internal
entry (response entries are only available for testing after response
processing begins and so not in the search list).  It is also possible to test
for a key of a specific type by prefixing the key name with the type character. 
This example shows a request header field being conditionally processed.

<div class="blockof code">if (dict:&gt;X-example=hello)
</div>

<p> It is also possible to set an entry of a specific type by prefixing the key
with the type character.  For example the following will set a response header
field that will be included in the header when returned to the client.

<div class="blockof code">set /example/path* dict=&lt;X-example=&quot;"quoted string"&quot;
</div>

<p> Setting any non-configuration entry should only be undertaken by the
literati or the brave.

<a id="5.5.3" href="#"></a>
<a id="5.5.3.entrysubstitution" href="#"></a>
<a id="entrysubstitution" href="#"></a>
<h3 class="head"><span class="numb">5.5.3</span><span class="text">Entry Substitution</span></h3>

<p> The value of a dictionary entry can be derived in whole or part from the
value of another entry or entries.  This uses a somewhat familiar substitution
syntax.  A contrived example shows an entry being set that transfers back the
request user-agent header field as a response header field.

<div class="blockof code">set /example/path* dict=&lt;X-user-agent=''&gt;user-agent'
</div>

A similar rule can be seen applied in the WATCH report example below.

<a id="5.5.4" href="#"></a>
<a id="5.5.4.watchdictionary" href="#"></a>
<a id="watchdictionary" href="#"></a>
<h3 class="head"><span class="numb">5.5.4</span><span class="text">WATCH Dictionary</span></h3>

<p> The content of a request's dictionary at significant stages of request
processing can be viewed using the [x]Internal item of a WATCH report.  See
<a class="link blank" target="_blank" href="../features/#watchfacility">WATCH Facility</a> of
<a class="link blank" target="_blank" href="../features/#0.">WASD Features and Facilities</a>.

<p> A request dictionary WATCH point is similar to the following (end of request
processing) example.  Note that all of the entry types described above are
present in the example, including two configured entries.  Note also that two
of the internal entries contain embedded line-breaks and empty lines.  This is
an HTTP/2 request and the expanded (HTTP/1.<span class="high italic">n</span> style) <span class="high italic">request_header</span> and
<span class="high italic">response_header</span> entries are due to WATCH items Request [x]Header and
Response [x]Header also being checked. They were not required for request
processing.

<div class="blockof code">&verbar;Time_______&verbar;Module__&verbar;Line&verbar;Item&verbar;Category__&verbar;Event...&verbar;
<span class="high italic">8&lt; snip 8&lt;</span>
&verbar;21:11:00.12 DICT     0836 0001 INTERNAL   DICTIONARY size:32 count:29 bytes:4193&verbar;
ENTRY 001 [005] &dollar; {14}request_method={3}GET
ENTRY 002 [009] &dollar; {12}request_path={15}/httpd/-/admin/
ENTRY 003 [014] &gt; {6}accept={63}text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
ENTRY 004 [018] &gt; {15}accept-encoding={13}gzip, deflate
ENTRY 005 [001] &gt; {10}user-agent={116}Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_3) AppleWebKit/601.4.4 (KHTML, like Gecko) Version/9.0.3 Safari/601.4.4
ENTRY 006 [007] &gt; {15}accept-language={5}en-us
ENTRY 007 [031] &gt; {13}authorization={30}Basic *************************
ENTRY 008 [004] &gt; {3}dnt={1}1
ENTRY 009 [012] &dollar; {12}request_line={28}GET /httpd/-/admin/ HTTP/1.1
ENTRY 010 [024] &gt; {4}host={18}klaatu.private:443
ENTRY 011 [011] &dollar; {10}http2_ping={6}44.919
ENTRY 012 [013] &dollar; {14}request_header={372}GET /httpd/-/admin/ HTTP/1.1
accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
accept-encoding: gzip, deflate
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_3) AppleWebKit/601.4.4 (KHTML, like Gecko) Version/9.0.3 Safari/601.4.4
accept-language: en-us
authorization: Basic *************************
dnt: 1
host: klaatu.private:443

ENTRY 013 .012. &dollar; {9}path_info={15}/httpd/-/admin/
ENTRY 014 [000] &dollar; {12}query_string={0}
ENTRY 015 .004. &dollar; {11}request_uri={15}/httpd/-/admin/
ENTRY 016 [025] ~ {7}this_is={7}a test!
ENTRY 017 [028] &lt; {12}x-user-agent={116}Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_3) AppleWebKit/601.4.4 (KHTML, like Gecko) Version/9.0.3 Safari/601.4.4 
ENTRY 018 .018. &dollar; {15}response_status={3}200
ENTRY 019 [026] &dollar; {15}response_reason={2}OK
ENTRY 020 .011. &lt; {6}server={33}HTTPd-WASD/11.0.0 OpenVMS/AXP SSL
ENTRY 021 [002] &lt; {4}date={29}Tue, 02 Feb 2016 10:40:59 GMT
ENTRY 022 .005. &lt; {13}accept-ranges={5}bytes
ENTRY 023 [008] &lt; {15}accept-encoding={13}gzip, deflate
ENTRY 024 .004. &lt; {7}expires={29}Fri, 13 Jan 1978 14:00:00 GMT
ENTRY 025 [030] &lt; {13}cache-control={18}no-cache, no-store
ENTRY 026 .028. &lt; {6}pragma={8}no-cache
ENTRY 027 .030. &lt; {12}content-type={29}text/html; charset=ISO-8859-1
ENTRY 028 [006] &lt; {14}content-length={5}15741
ENTRY 029 [019] &dollar; {15}response_header={446}HTTP/1.1 200 OK
x-user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_3) AppleWebKit/601.4.4 (KHTML, like Gecko) Version/9.0.3 Safari/601.4.4
server: HTTPd-WASD/11.0.0 OpenVMS/AXP SSL
date: Tue, 02 Feb 2016 10:40:59 GMT
accept-ranges: bytes
accept-encoding: gzip, deflate
expires: Fri, 13 Jan 1978 14:00:00 GMT
cache-control: no-cache, no-store
pragma: no-cache
content-type: text/html; charset=ISO-8859-1
content-length: 15741

<span class="high italic">8&lt; snip 8&lt;</span>
</div>

<p> The first three digit number is simply the entry count in order of
insertion.  The second, either square bracketed or period delimited, is the
hash table entry.  The square brackets indicate the head of the hash table, the
periods down the collision list.  The single punctuation character is use to
indicate and differentiate the entry type.  Then are the key and
equate-separated value.  The brace enclosed numbers are the  length of the key
and value respectively.
<!-- source:0800_GLOBAL.WASDOC -->
<hr class="page">
<a id="6." href="#"></a>
<a id="6.globalconfiguration" href="#"></a>
<a id="globalconfiguration" href="#"></a>
<h1 class="head"><span class="numb">6.</span><span class="text">Global Configuration</span></h1>

<table class="TOC2table">
<tr><td><a href="#6.1.functionalgroupings"><span class="numb">6.1</span><span class="text">Functional Groupings</span></a>
<tr><td><a href="#6.2.alphabeticlisting"><span class="numb">6.2</span><span class="text">Alphabetic Listing</span></a>
</table>
</div>

<table class="NAVtable NAVprint"><tr>
<td><a href="javascript:window.history.back();">&#8617;&#xFE0E;</a>
<td><a href="#5.">&#8598;&#xFE0E;</a>
<td><a href="#0.">&#8593;&#xFE0E;</a>
<td><a href="#7.">&#8600;&#xFE0E;</a>
<td><a href="javascript:window.history.forward();">&#8618;&#xFE0E;</a>
</table>

<p> The example
<a class="link blank" target="_blank" href="/wasd_root/example/WASD_CONFIG_GLOBAL.conf">configuration file</a>
can be used as a template.

<p> By default, the logical name <span class="high bold">WASD_CONFIG_GLOBAL</span>
locates a global configuration file.  Simple editing of the configuration file
changes the rules.  Alternatively the Server Administration page configuration
interface may be used.  Changes to the global configuration file require a
server restart to put them into effect. 

<p> The [IncludeFile] is a directive common to all WASD configuration, allowing
a separate file to be included as a part of the current configuration.  See
<a class="link" href="#2.1.includefiledirective">2.1 Include File Directive</a>.

<p> Some directives take a single parameter, such as an integer, string or
boolean value.  Other directives can/must have multiple parameters.  The
version 4 configuration requires the directive to be placed on a line by itself
and each separate parameter on a separate line following it.  All parameter
lines apply to the most recently encountered directive.

<p> Note that all <span class="high italic">boolean</span> directives are <span class="high italic">disabled</span> (OFF) by default. 
This is done so that there can be no confusion about what is enabled and
disabled by default.  To use directive controlled facility it <span class="high bold">must</span> be
explicitly enabled.

<p> Directives requiring <span class="high italic">periods</span> (timeouts, lifetimes, etc.) can be
specified as a single integer (representing seconds, minutes, hours, etc.,
depending on the directive) or unambiguously using any one of
<span class="high italic">minutes:seconds</span>, <span class="high italic">hours:minutes:seconds</span> or
<span class="high italic">days-hours:minutes:seconds</span>.  

<p> Changes to the global configuration file can be validated at the
command-line before restart.  This detects and reports any syntactical and 
fatal configuration errors but of course cannot check the <span class="high italic">intent</span> of the
rules.

<div class="blockof code">&dollar; HTTPD /DO=GLOBAL=CHECK
</div>

<a id="6.1" href="#"></a>
<a id="6.1.functionalgroupings" href="#"></a>
<a id="functionalgroupings" href="#"></a>
<h2 class="head"><span class="numb">6.1</span><span class="text">Functional Groupings</span></h2>

<table class="tabl">
<tr class="tabr">
<td class="tabd" colspan="2"><a id="6.1.0.0.1" href="#"></a>
<a id="6.1.authenticationauthorization" href="#"></a>
<a id="authenticationauthorization" href="#"></a>
<h5 class="head under"><span class="text">Authentication/Authorization</span></h5>
<tr class="tabr">
<td class="tabd">[AuthBasic]
<td class="tabd">enable BASIC method
<tr class="tabr">
<td class="tabd">[AuthCacheEntriesMax]
<td class="tabd">maximum concurrent authentication cache entries
<tr class="tabr">
<td class="tabd">[AuthCacheEntrySize]
<td class="tabd">maximum authentication cache entry size in bytes
<tr class="tabr">
<td class="tabd">[AuthCacheMinutes]
<td class="tabd">minutes before explicitly reauthorizing user from sources
<tr class="tabr">
<td class="tabd">[AuthDigest]
<td class="tabd">enable DIGEST method
<tr class="tabr">
<td class="tabd">[AuthDigestGetLife]
<td class="tabd">DIGEST method GET lifetime
<tr class="tabr">
<td class="tabd">[AuthDigestPutLife]
<td class="tabd">DIGEST method PUT lifetime
<tr class="tabr">
<td class="tabd">[AuthFailureLimit]
<td class="tabd">retries allowed before username is marked as intruder
<tr class="tabr">
<td class="tabd">[AuthFailurePeriod]
<td class="tabd">period during which failure limit is applied
<tr class="tabr">
<td class="tabd">[AuthFailureTimeout]
<td class="tabd">period during which a recognised authentication failure is applied
<tr class="tabr">
<td class="tabd">[AuthRevalidateLoginCookie]
<td class="tabd"><span class="high italic">Obsolete for WASD v10.2.1 and following.</span>
<tr class="tabr">
<td class="tabd">[AuthRevalidateUserMinutes]
<td class="tabd">minutes before use needs to reenter password
<tr class="tabr">
<td class="tabd">[AuthSysUafAcceptExpPwd]
<td class="tabd">accept expired SYSUAF passwords
<tr class="tabr">
<td class="tabd">[AuthSysUafLogonType]
<td class="tabd">LOCAL, DIALUP, NETWORK (default), REMOTE
<tr class="tabr">
<td class="tabd">[AuthSysUafPwdExpURL]
<td class="tabd">redirection URL is SYSUAF password if expired
<tr class="tabr">
<td class="tabd">[AuthSysUafUseAcme]
<td class="tabd"><span class="high italic">Obsolete for WASD V9.3 and following.</span>
<tr class="tabr">
<td class="tabd" colspan="2"><a id="6.1.0.0.2" href="#"></a>
<a id="6.1.buffersizes" href="#"></a>
<a id="buffersizes" href="#"></a>
<h5 class="head under"><span class="text">Buffer Sizes</span></h5>
<tr class="tabr">
<td class="tabd">[BufferQuotaDclOutput]
<td class="tabd">allows sizing of script process SYS&dollar;OUTPUT mailbox quota
<tr class="tabr">
<td class="tabd">[BufferSizeDclCgiHeader]
<td class="tabd">number of bytes allocated to when processing a CGI response header
<tr class="tabr">
<td class="tabd">[BufferSizeDclCgiPlusIn]
<td class="tabd">number of bytes allocated to scripting process CGIPLUSIN mailbox
<tr class="tabr">
<td class="tabd">[BufferSizeDclCommand]
<td class="tabd">bytes allocated to scripting process SYS&dollar;COMMAND mailbox
<tr class="tabr">
<td class="tabd">[BufferSizeDclOutput]
<td class="tabd">bytes allocated to scripting process SYS&dollar;OUTPUT mailbox
<tr class="tabr">
<td class="tabd">[BufferSizeNetFile]
<td class="tabd">maximum bytes allocated to output buffer when transfering file content
<tr class="tabr">
<td class="tabd">[BufferSizeNetMTU]
<td class="tabd">adjust network buffer to this value of MTU (maximum transmission unit)
<tr class="tabr">
<td class="tabd">[BufferSizeNetRead]
<td class="tabd">bytes allocated to client request read buffer, and to the scripting process SYS&dollar;INPUT mailbox
<tr class="tabr">
<td class="tabd">[BufferSizeNetWrite]
<td class="tabd">bytes allocated to client output buffer
<tr class="tabr">
<td class="tabd">[SocketSizeRcvBuf]
<td class="tabd">bytes allocated to a network connection receive buffer
<tr class="tabr">
<td class="tabd">[SocketSizeSndBuf]
<td class="tabd">bytes allocated to network connection send buffer
<tr class="tabr">
<td class="tabd" colspan="2"><a id="6.1.0.0.3" href="#"></a>
<a id="6.1.contenttype" href="#"></a>
<a id="contenttype" href="#"></a>
<h5 class="head under"><span class="text">Content-Type</span></h5>
<tr class="tabr">
<td class="tabd">[AddType]
<td class="tabd">add a content-type
<tr class="tabr">
<td class="tabd">[AddMimeTypesFile]
<td class="tabd">add the contents of a standard MIME.TYPES file
<tr class="tabr">
<td class="tabd">[CharsetConvert]
<td class="tabd">conversion of one character set to another
<tr class="tabr">
<td class="tabd">[CharsetDefault]
<td class="tabd">default character set for text responses
<tr class="tabr">
<td class="tabd">[StreamLF]
<td class="tabd">enable and set maximum size of automatic Stream-LF conversion
<tr class="tabr">
<td class="tabd" colspan="2"><a id="6.1.0.0.4" href="#"></a>
<a id="6.1.directorylisting" href="#"></a>
<a id="directorylisting" href="#"></a>
<h5 class="head under"><span class="text">Directory Listing</span></h5>
<tr class="tabr">
<td class="tabd">[AddIcon]
<td class="tabd">path to icon for a specified content-type
<tr class="tabr">
<td class="tabd">[AddBlankIcon]
<td class="tabd">path to blank icon
<tr class="tabr">
<td class="tabd">[AddDefaultIcon]
<td class="tabd">path to default icon
<tr class="tabr">
<td class="tabd">[AddDirIcon]
<td class="tabd">path to directory icon
<tr class="tabr">
<td class="tabd">[AddParentIcon]
<td class="tabd">path to parent icon
<tr class="tabr">
<td class="tabd">[AddUnknownIcon]
<td class="tabd">path to icon for unknown content-type
<tr class="tabr">
<td class="tabd">[DirAccess]
<td class="tabd">enable and form of listing
<tr class="tabr">
<td class="tabd">[DirBodyTag]
<td class="tabd">specify HTML body tag of listing pages
<tr class="tabr">
<td class="tabd">[DirDescriptionLines]
<td class="tabd">number of HTML file lines searched for document title
<tr class="tabr">
<td class="tabd">[DirLayout]
<td class="tabd">layout of the various listing components
<tr class="tabr">
<td class="tabd">[DirMetaInfo]
<td class="tabd">add server and VMS directory information
<tr class="tabr">
<td class="tabd">[DirNoImpliedWildcard]
<td class="tabd">do not add wildcards to request if not present in path
<tr class="tabr">
<td class="tabd">[DirNoPrivIgnore]
<td class="tabd">ignore, do not report, privilege violations on files/directories
<tr class="tabr">
<td class="tabd">[DirOwner]
<td class="tabd">allow owner of file to be included in layout directive
<tr class="tabr">
<td class="tabd">[DirPreExpired]
<td class="tabd">pre-expire listing responses
<tr class="tabr">
<td class="tabd">[DirReadMeFile]
<td class="tabd">specify read-me files
<tr class="tabr">
<td class="tabd">[DirWildcard]
<td class="tabd">allow wildcards to be specified at all
<tr class="tabr">
<td class="tabd" colspan="2"><a id="6.1.0.0.5" href="#"></a>
<a id="6.1.filecache" href="#"></a>
<a id="filecache" href="#"></a>
<h5 class="head under"><span class="text">File Cache</span></h5>
<tr class="tabr">
<td class="tabd">[CacheChunkKBytes]
<td class="tabd">memory block allocation size
<tr class="tabr">
<td class="tabd">[CacheEntriesMax]
<td class="tabd">maximum number of files allowed in cache
<tr class="tabr">
<td class="tabd">[CacheFileKBytesMax]
<td class="tabd">maximum size of a file
<tr class="tabr">
<td class="tabd">[CacheFrequentHits]
<td class="tabd">identify active files
<tr class="tabr">
<td class="tabd">[CacheFrequentPeriod]
<td class="tabd">identify active file
<tr class="tabr">
<td class="tabd">[CacheGuardPeriod]
<td class="tabd">prevent early reloads
<tr class="tabr">
<td class="tabd">[CacheTotalKBytesMax]
<td class="tabd">maximum memory to be consumed by cache
<tr class="tabr">
<td class="tabd">[CacheValidatePeriod]
<td class="tabd">maximum period before the cache checks for file modification
<tr class="tabr">
<td class="tabd" colspan="2"><a id="6.1.0.0.6" href="#"></a>
<a id="6.1.http2" href="#"></a>
<a id="http2" href="#"></a>
<h5 class="head under"><span class="text">HTTP/2</span></h5>
<tr class="tabr">
<td class="tabd">[Http2Protocol]
<td class="tabd">enables/disables HTTP/2 on a global basis
<tr class="tabr">
<td class="tabd">[Http2FrameSizeMax]
<td class="tabd">maximum number of bytes in an HTTP/2 frame
<tr class="tabr">
<td class="tabd">[Http2HeaderListMax]
<td class="tabd">maximum number of bytes in a request or response header
<tr class="tabr">
<td class="tabd">[Http2HeaderTableSize]
<td class="tabd">maximum number of bytes in a request lookup table
<tr class="tabr">
<td class="tabd">[Http2PingSeconds]
<td class="tabd">period between RTT server-client pings
<tr class="tabr">
<td class="tabd">[Http2StreamMax]
<td class="tabd">number of concurrent streams (requests) permitted on a connection
<tr class="tabr">
<td class="tabd">[Http2InitWindowSize]
<td class="tabd">initial connection flow-control window size
<tr class="tabr">
<td class="tabd" colspan="2"><a id="6.1.0.0.7" href="#"></a>
<a id="6.1.logging" href="#"></a>
<a id="logging" href="#"></a>
<h5 class="head under"><span class="text">Logging</span></h5>
<tr class="tabr">
<td class="tabd">[Logging]
<td class="tabd">enable logging
<tr class="tabr">
<td class="tabd">[LogExcludeHosts]
<td class="tabd">hosts to be excluded from log
<tr class="tabr">
<td class="tabd">[LogExtend]
<td class="tabd">default allocation/extend in blocks
<tr class="tabr">
<td class="tabd">[LogFile]
<td class="tabd">provides part or all of log file name
<tr class="tabr">
<td class="tabd">[LogFormat]
<td class="tabd">nature and layout of log contents
<tr class="tabr">
<td class="tabd">[LogNaming]
<td class="tabd">how the log name is be constructed
<tr class="tabr">
<td class="tabd">[LogPeriod]
<td class="tabd">period at which new logs are created
<tr class="tabr">
<td class="tabd">[LogPerInstance]
<td class="tabd">create a separate log for each instance process
<tr class="tabr">
<td class="tabd">[LogPerService]
<td class="tabd">create a separate log for each configured service
<tr class="tabr">
<td class="tabd">[LogPerServiceHostOnly]
<td class="tabd">suppress service port number as component of log name
<tr class="tabr">
<td class="tabd">[LogWriteFail503]
<td class="tabd">generate 530 responses if the access log cannot be written
<tr class="tabr">
<td class="tabd" colspan="2"><a id="6.1.0.0.8" href="#"></a>
<a id="6.1.operatorconsoleandlog" href="#"></a>
<a id="operatorconsoleandlog" href="#"></a>
<h5 class="head under"><span class="text">Operator Console and Log</span></h5>
<tr class="tabr">
<td class="tabd">[OpcomAdmin]
<td class="tabd">Server Administration directives
<tr class="tabr">
<td class="tabd">[OpcomAuthorization]
<td class="tabd">authentication/authorization messages, e.g. failures
<tr class="tabr">
<td class="tabd">[OpcomControl]
<td class="tabd">CLI HTTPd control directives
<tr class="tabr">
<td class="tabd">[OpcomHTTPd]
<td class="tabd">HTTPd events (e.g. startup, exit, SSL private key password requests)
<tr class="tabr">
<td class="tabd">[OpcomProxyMaint]
<td class="tabd">proxy file cache maintenance
<tr class="tabr">
<td class="tabd">[OpcomTarget]
<td class="tabd">target operator for online messages
<tr class="tabr">
<td class="tabd" colspan="2"><a id="6.1.0.0.9" href="#"></a>
<a id="6.1.miscellaneous" href="#"></a>
<a id="miscellaneous" href="#"></a>
<h5 class="head under"><span class="text">Miscellaneous</span></h5>
<tr class="tabr">
<td class="tabd">[Accept]
<td class="tabd">restrictive list of host from which to accept requests
<tr class="tabr">
<td class="tabd">[ActivityDays]
<td class="tabd">activity graph duration
<tr class="tabr">
<td class="tabd">[ConnectMax]
<td class="tabd">maximum number of concurrent connections
<tr class="tabr">
<td class="tabd">[DNSLookupClient]
<td class="tabd">enable client host name lookup
<tr class="tabr">
<td class="tabd">[DNSLookupLifeTime]
<td class="tabd">host name lookup cache entry lifetime
<tr class="tabr">
<td class="tabd">[DNSLookupRetry]
<td class="tabd">number two second attempts to resolve client host name
<tr class="tabr">
<td class="tabd">[EntityTag]
<td class="tabd">provide a strong validator for file-system based resources
<tr class="tabr">
<td class="tabd">[GzipAccept]
<td class="tabd">advertise acceptance of GZIUP (deflated) request bodies
<tr class="tabr">
<td class="tabd">[GzipFlush]
<td class="tabd">period between GZIP buffer flushes
<tr class="tabr">
<td class="tabd">[GzipResponse]
<td class="tabd">enable GZIP (deflated) response bodies
<tr class="tabr">
<td class="tabd">[InstanceMax]
<td class="tabd">number of per-node server processes to maintain
<tr class="tabr">
<td class="tabd">[InstancePassive]
<td class="tabd">start multiple instances already in <span class="high italic">passive</span> mode
<tr class="tabr">
<td class="tabd">[Monitor]
<td class="tabd">enable HTTPDMON data exchange
<tr class="tabr">
<td class="tabd">[PipelineRequests]
<td class="tabd">check for and process pipelined requests
<tr class="tabr">
<td class="tabd">[Port]
<td class="tabd">default port
<tr class="tabr">
<td class="tabd">[ProcessMax]
<td class="tabd">maximum number of concurrent requests being processed
<tr class="tabr">
<td class="tabd">[PutBinaryRFM]
<td class="tabd">record format of uploaded file
<tr class="tabr">
<td class="tabd">[PutMaxKBytes]
<td class="tabd">maximum size of a POST or PUT
<tr class="tabr">
<td class="tabd">[PutVersionLimit]
<td class="tabd">maximum RMS file versions retained in a POST or PUT
<tr class="tabr">
<td class="tabd">[RegEx]
<td class="tabd">enable regular expression matching
<tr class="tabr">
<td class="tabd">[Reject]
<td class="tabd">proscriptive list of hosts from which request will be rejected
<tr class="tabr">
<td class="tabd">[RequestHistory]
<td class="tabd">number of requests kept for request report
<tr class="tabr">
<td class="tabd">[SearchScript]
<td class="tabd">path to default search script
<tr class="tabr">
<td class="tabd">[SearchScriptExclude]
<td class="tabd">list of file extensions excluded from implied keyword search
<tr class="tabr">
<td class="tabd">[Service]
<td class="tabd">list of host names and/or port to create services for <span class="high bold"><span class="high italic">(deprecated)</span></span>
<tr class="tabr">
<td class="tabd">[ServiceNotFoundURL]
<td class="tabd">redirection URL when a request service is not configured
<tr class="tabr">
<td class="tabd">[Welcome]
<td class="tabd">list of file names that are checked for as home pages
<tr class="tabr">
<td class="tabd">[WWWimplied]
<td class="tabd">virtual services <span class="high italic">host.name</span> and <span class="high italic">www.host.name</span> are treated as synonyms
<tr class="tabr">
<td class="tabd" colspan="2"><a id="6.1.0.0.10" href="#"></a>
<a id="6.1.proxyserving" href="#"></a>
<a id="proxyserving" href="#"></a>
<h5 class="head under"><span class="text">Proxy Serving</span></h5>
<tr class="tabr">
<td class="tabd">[ProxyCache]
<td class="tabd">enable proxy caching
<tr class="tabr">
<td class="tabd">[ProxyCacheFileKBytesMax]
<td class="tabd">maximum size of response for caching
<tr class="tabr">
<td class="tabd">[ProxyCacheDeviceCheckMinutes]
<td class="tabd">minutes between check of cache device usage
<tr class="tabr">
<td class="tabd">[ProxyCacheDeviceDirOrg]
<td class="tabd">flat 256 or 64x64 directory organization
<tr class="tabr">
<td class="tabd">[ProxyCacheDeviceMaxPercent]
<td class="tabd">maximum percentage of cache device used before purge
<tr class="tabr">
<td class="tabd">[ProxyCacheDevicePurgePercent]
<td class="tabd">during purge reduce by this many percent
<tr class="tabr">
<td class="tabd">[ProxyConnectPersistMax]
<td class="tabd">connection persistence for this number of connections
<tr class="tabr">
<td class="tabd">[ProxyConnectPersistSeconds]
<td class="tabd">connections persist for this number of seconds
<tr class="tabr">
<td class="tabd">[ProxyConnectTimeoutSeconds]
<td class="tabd">the proxy to origin server connect times-out after this number of seconds
<tr class="tabr">
<td class="tabd">[ProxyNegativeSeconds]
<td class="tabd">cache negative (failure) responses for this period
<tr class="tabr">
<td class="tabd">[ProxyCacheNoReloadSeconds]
<td class="tabd">prevent pragma reloads for this period
<tr class="tabr">
<td class="tabd">[ProxyCachePurgeList]
<td class="tabd">list of file ages used during purge
<tr class="tabr">
<td class="tabd">[ProxyCacheReloadList]
<td class="tabd">list of file ages before realod from source
<tr class="tabr">
<td class="tabd">[ProxyCacheRoutineHourOfDay]
<td class="tabd">hour of day routine cache purge occurs
<tr class="tabr">
<td class="tabd">[ProxyForwarded]
<td class="tabd">add &quot;Forwarded:&quot; to requests
<tr class="tabr">
<td class="tabd">[ProxyHostLookupRetryCount]
<td class="tabd">DNS resolution retry count
<tr class="tabr">
<td class="tabd">[ProxyReportLog]
<td class="tabd">report failures to process log
<tr class="tabr">
<td class="tabd">[ProxyReportCacheLog]
<td class="tabd">report cache failures to process log
<tr class="tabr">
<td class="tabd">[ProxyServing]
<td class="tabd">enable proxy server
<tr class="tabr">
<td class="tabd">[ProxyVerifyRecordMax]
<td class="tabd">enable proxy verification
<tr class="tabr">
<td class="tabd">[ProxyXForwardedFor]
<td class="tabd">add &quot;X-Forwarded-For:&quot; to requests
<tr class="tabr">
<td class="tabd" colspan="2"><a id="6.1.0.0.11" href="#"></a>
<a id="6.1.reports" href="#"></a>
<a id="reports" href="#"></a>
<h5 class="head under"><span class="text">Reports</span></h5>
<tr class="tabr">
<td class="tabd">[ErrorReportPath]
<td class="tabd">path to script, SSI or &quot;flat&quot; error document
<tr class="tabr">
<td class="tabd">[ErrorRecommend]
<td class="tabd">for server generated error include probable cause
<tr class="tabr">
<td class="tabd">[ReportBasicOnly]
<td class="tabd">only ever generate reports containing basic details
<tr class="tabr">
<td class="tabd">[ReportMetaInfo]
<td class="tabd">add server information to directory listings, etc.
<tr class="tabr">
<td class="tabd">[ServerAdmin]
<td class="tabd">email address for server-related contact
<tr class="tabr">
<td class="tabd">[ServerAdminBodyTag]
<td class="tabd">specify HTML body tag of Server Administration (menu) pages
<tr class="tabr">
<td class="tabd">[ServerReportBodyTag]
<td class="tabd">specify HTML body tag of error and other report pages
<tr class="tabr">
<td class="tabd">[ServerSignature]
<td class="tabd">add server information to the foot of error and other report pages
<tr class="tabr">
<td class="tabd" colspan="2"><a id="6.1.0.0.12" href="#"></a>
<a id="6.1.timeout" href="#"></a>
<a id="timeout" href="#"></a>
<h5 class="head under"><span class="text">Timeout</span></h5>
<tr class="tabr">
<td class="tabd">[TimeoutHttp2Idle]
<td class="tabd">period an HTTP/2 connection remains without processing a request
<tr class="tabr">
<td class="tabd">[TimeoutInput]
<td class="tabd">period a connection can wait before sending request
<tr class="tabr">
<td class="tabd">[TimeoutNoProgress]
<td class="tabd">period a response can continue without data transfer progress
<tr class="tabr">
<td class="tabd">[TimeoutOutput]
<td class="tabd">period a response can continue to output
<tr class="tabr">
<td class="tabd">[TimeoutPersistent]
<td class="tabd">period a connection is kept active after request conclusion
<tr class="tabr">
<td class="tabd" colspan="2"><a id="6.1.0.0.13" href="#"></a>
<a id="6.1.scripting" href="#"></a>
<a id="scripting" href="#"></a>
<h5 class="head under"><span class="text">Scripting</span></h5>
<tr class="tabr">
<td class="tabd">[CgiStrictOutput]
<td class="tabd">script output must be CGI compliant
<tr class="tabr">
<td class="tabd">[DclBitBucketTimeout]
<td class="tabd">period a script continues after a client prematurely disconnects
<tr class="tabr">
<td class="tabd">[DclCgiPlusLifeTime]
<td class="tabd">period of non-use before CGIplus process is deleted
<tr class="tabr">
<td class="tabd">[DclCleanupScratchMinutesMax]
<td class="tabd">maximum minutes between WASD_SCRATCH cleanups
<tr class="tabr">
<td class="tabd">[DclCleanupScratchMinutesOld]
<td class="tabd">cleanup files older than this
<tr class="tabr">
<td class="tabd">[DclDetachProcess]
<td class="tabd">use detached scripting processes rather than subprocesses
<tr class="tabr">
<td class="tabd">[DclGatewayBG]
<td class="tabd">enable raw TCP/IP socket for scripts
<tr class="tabr">
<td class="tabd">[DclHardLimit]
<td class="tabd">maximum number of concurrent processes
<tr class="tabr">
<td class="tabd">[DclScriptProctor]
<td class="tabd">proactive script and scripting environment startup
<tr class="tabr">
<td class="tabd">[DclScriptRunTime]
<td class="tabd">script execution environment
<tr class="tabr">
<td class="tabd">[DclSoftLimit]
<td class="tabd">maximum number of processes before proactive deletion begins
<tr class="tabr">
<td class="tabd">[DclSpawnAuthPriv]
<td class="tabd">spawn subprocesses with account's authorized privileges
<tr class="tabr">
<td class="tabd">[DclZombieLifeTime]
<td class="tabd">period of non-use before a CGI/CLI process is deleted
<tr class="tabr">
<td class="tabd">[DECnetReuseLifeTime]
<td class="tabd">period of non-use before a DECnet process is released
<tr class="tabr">
<td class="tabd">[DECnetConnectListMax]
<td class="tabd">maximum number of DECnet processes
<tr class="tabr">
<td class="tabd">[Scripting]
<td class="tabd">enables and disables all scripting
<tr class="tabr">
<td class="tabd" colspan="2"><a id="6.1.0.0.14" href="#"></a>
<a id="6.1.securesocket" href="#"></a>
<a id="securesocket" href="#"></a>
<h5 class="head under"><span class="text">Secure Socket</span></h5>
<tr class="tabr">
<td class="tabd">[SecureSocket]
<td class="tabd">enable Secure Socket (TLS/SSL) (if built with SSL)
<tr class="tabr">
<td class="tabd">[SSLcert]
<td class="tabd">server certificate file
<tr class="tabr">
<td class="tabd">[SSLcipherList]
<td class="tabd">list of enabled/disable ciphers
<tr class="tabr">
<td class="tabd">[SSLinstanceCacheMax]
<td class="tabd">multiple instance shared session cache maximum number of records
<tr class="tabr">
<td class="tabd">[SSLinstanceCacheSize]
<td class="tabd">multiple instance shared session cache size of record
<tr class="tabr">
<td class="tabd">[SSLkey]
<td class="tabd">server certificate private key
<tr class="tabr">
<td class="tabd">[SSLoptions]
<td class="tabd">options flags
<tr class="tabr">
<td class="tabd">[SSLsessionCacheMax]
<td class="tabd">session cache maximum records
<tr class="tabr">
<td class="tabd">[SSLsessionLifetime]
<td class="tabd">session lifetime
<tr class="tabr">
<td class="tabd">[SSLstrictTransSec]
<td class="tabd">HSTS maxiumum age in seconds
<tr class="tabr">
<td class="tabd">[SSLverifyPeer]
<td class="tabd">verify client certificate
<tr class="tabr">
<td class="tabd">[SSLverifyPeerDataMax]
<td class="tabd">maximum kBytes of request data buffered during renegotiation
<tr class="tabr">
<td class="tabd">[SSLverifyPeerCAFile]
<td class="tabd">file of accepted CAs
<tr class="tabr">
<td class="tabd">[SSLverifyPeerDepth]
<td class="tabd">depth of certificate chain
<tr class="tabr">
<td class="tabd">[SSLversion]
<td class="tabd">TLS/SSL protocol versions supported
<tr class="tabr">
<td class="tabd" colspan="2"><a id="6.1.0.0.15" href="#"></a>
<a id="6.1.serversideincludes" href="#"></a>
<a id="serversideincludes" href="#"></a>
<h5 class="head under"><span class="text">Server Side Includes</span></h5>
<tr class="tabr">
<td class="tabd">[SSI]
<td class="tabd">enable Server Side Includes (SSI)
<tr class="tabr">
<td class="tabd">[SSIaccesses]
<td class="tabd">allow access counting
<tr class="tabr">
<td class="tabd">[SSIexec]
<td class="tabd">allow DCL commands
<tr class="tabr">
<td class="tabd">[SSIsizeMax]
<td class="tabd">maximum source file size
<tr class="tabr">
<td class="tabd" colspan="2"><a id="6.1.0.0.16" href="#"></a>
<a id="6.1.webdav" href="#"></a>
<a id="webdav" href="#"></a>
<h5 class="head under"><span class="text">WebDAV</span></h5>
<tr class="tabr">
<td class="tabd">[WebDAV]
<td class="tabd">enable WebDAV support
<tr class="tabr">
<td class="tabd">[WebDAVCollectionDepth]
<td class="tabd">test locking to this depth
<tr class="tabr">
<td class="tabd">[WebDAVlocking]
<td class="tabd">enable WebDAV locking
<tr class="tabr">
<td class="tabd">[WebDAVlockingTimeoutDefault]
<td class="tabd">set default lock timeout
<tr class="tabr">
<td class="tabd">[WebDAVlockingTimeoutMax]
<td class="tabd">set maximumg lock timeout
<tr class="tabr">
<td class="tabd">[WebDAVmetaDir]
<td class="tabd">location of metadata
<tr class="tabr">
<td class="tabd">[WebDAVquota]
<td class="tabd">enable disk quota reporting

</table>

<a id="6.2" href="#"></a>
<a id="6.2.alphabeticlisting" href="#"></a>
<a id="alphabeticlisting" href="#"></a>
<h2 class="head"><span class="numb">6.2</span><span class="text">Alphabetic Listing</span></h2>

<ol class="list">

<li class="item"> <span class="high bold">[Accept] <span class="high italic">host/domain name</span></span>
<span class="high italic">(default: all)</span>

<p> One or more (comma-separated if on the same line) internet host/domain
names, with &quot;*&quot; wildcarding for host/subdomain matching, to be
explicitly allowed access. If DNS lookup is not enabled hosts must be expressed
using literal addresses (see [DNSLookup] directive). Also see the [Reject]
directive. Reject directives have precedence over Accept directives. The
Accept directive may be used multiple times. 

<div class="blockof code">[Accept]
*.www.example.com
131.185.250.*
</div>

<li class="item"> <span class="high bold">[ActivityDays] <span class="high italic">integer</span></span> 
<span class="high italic">(default: 0)</span> 

<p> Specifies the number of days to record activity statistics, available in
report form from the Server Administration facility.  Zero disables this data
collection. The  maximum is 28 days. 11520 bytes per day, and 80640 per week,
is required to store the per-minute data.

<li class="item"> <span class="high bold">[AddIcon] <span class="high italic">icon-URL</span> <span class="high italic">ALT-text</span> <span class="high italic">template</span> <span class="high italic">(no default)</span> </span> 

<p> Specifies a directory listing icon and alternative text for the mime 
content type specified in the template.

<div class="blockof code">[AddIcon]
/icon/-/doc.gif    [HTM]  text/html
/icon/-/text.gif   [TXT]  text/plain
/icon/-/image.gif  [IMG]  image/gif
</div>

<li class="item"> <span class="high bold">[AddBlankIcon] <span class="high italic">icon-URL</span></span>
<br> <span class="high bold">[AddDefaultIcon] <span class="high italic">icon-URL</span> <span class="high italic">ALT-text</span></span>
<br> <span class="high bold">[AddDirIcon] <span class="high italic">icon-URL</span> <span class="high italic">ALT-text</span></span>
<br> <span class="high bold">[AddParentIcon] <span class="high italic">icon-URL</span> <span class="high italic">ALT-text</span></span>
<br> <span class="high bold">[AddUnknownIcon] <span class="high italic">icon-URL</span> <span class="high italic">ALT-text</span></span>
<span class="high italic">(no defaults)</span> 

<p> Specifies a directory listing icon for these non-content-type parts of the 
listing.

<div class="blockof code">[AddBlankIcon]    /icon/-/blank.gif    _____
[AddDefaultIcon]  /icon/-/file.gif     [FIL]
[AddDirIcon]      /icon/-/dir.gif      [DIR]
[AddParentIcon]   /icon/-/back.gif     [&lt;--]
[AddUnknownIcon]  /icon/-/unknown.gif  [???] 
</div>

<li class="item"> <span class="high bold">[AddMimeTypesFile] <span class="high italic">file specification</span> </span> <span class="high italic">(no default)</span> 

<p> Add the content-types of a (de facto) standard MIME.TYPES file to the
already configured [AddType] content-types.  This binds a file suffix
(extension, type) to a MIME content-type.  Any specification in this file will
supercede any previously defined via [AddType].  A MIME.TYPES file looks
something like

<div class="blockof code"># MIME type			Extension
application/msword            doc
application/octet-stream      bin dms lha lzh exe class
application/oda               oda
application/pdf               pdf
application/postscript        ai eps ps
application/rtf               rtf
</div>

<p> The WASD server uses a number of extensions to provide additional
information.  See <a class="link" href="#2.7.contenttypeconfiguration">2.7 Content-Type Configuration</a>.

<li class="item"> <span class="high bold">[AddType] <span class="high italic">suffix</span> <span class="high italic">content-type</span>
[<span class="high italic">ftp:</span>] [<span class="high italic">rfm:</span>] 
[<span class="high italic">script-name</span>] [<span class="high italic">description</span>] </span>
<span class="high italic">(no default)</span> 

<p> Binds a file suffix (extension, type) to a mime content type.
The script name is used to auto-script against a specified file type.  Use a
hyphen as a place-holder and to indicate no auto-script.  The description is
used as documentation for directory listings. 

<div class="blockof code">[AddType]
.html  text/html   Web Markup Language
.txt   text/plain  plain text
.gif   image/gif   image (GIF)
.hlb   text/x-script /Conan  VMS Help library
.decw&dollar;book   text/x-script   /HyperReader    Bookreader book
*  internal/x-unknown   application/octet-stream
#*  internal/x-unknown  text/plain
</div>

<p> The content-type string may include a specific character set. In this way
non-default sets (which is usually ISO-8859-1) can be specified for any
particular site or any particular file type. Enclose the content-type string
with double-quotation marks.

<div class="blockof code">[AddType]
.html    &quot;text/html; charset=ISO-8859-1&quot;   HTML (ISO-8859-1)
.html_5  &quot;text/html; charset=ISO-8859-5&quot;   Cyrillic HTML (ISO-8859-5)
.html_r  &quot;text/html; charset=KOI8-R&quot;       Cyrillic HTML (KOI8-R)
.txt     &quot;text/plain; charset=ISO-8859-1&quot;  plain text (ISO-8859-1)
.txt_5   &quot;text/plain; charset=ISO-8859-5&quot;  Cyrillic text (ISO-8859-5)
.txt_r   &quot;text/plain; charset=KOI8-R&quot;      Cyrillic text (KOI8-R)
</div>

<p> To provide additional information for correct handling of FTP transfers the
transfer mode can be indicated after the content type using the FTP: keyword. 
One of three characters is used.   An &quot;A&quot; indicates that this file type
should be FTP transfered in ASCII mode.  An &quot;I&quot; or a &quot;B&quot;
indicates that this file type should be FTP transfered in Image (binary) mode. 

<div class="blockof code">[AddType]
.ps    application/postscript  ftp:A   Postscript document
</div>

<p> To specify a VMS record format for POST or PUT files use the RFM: keyword
following the content-type.  This record format will always be used when
creating the file.  The precedence for determining the created file record
format is [AddType] RFM:, then any per-path PUT=RFM= mapping rule, then
[PutBinaryRFM], then a default of UDF.

<div class="blockof code">[AddType]
.doc    application/msword  rfm:STMCR   MS Word document
</div>

<li class="item"> <span class="high bold">[AuthBasic] <span class="high monosp">ENABLED&verbar;DISABLED</span></span> 
<span class="high italic">(default: DISABLED)</span> 

<p> Enables or disables BASIC username authentication.

<li class="item"> <span class="high bold">[AuthCacheEntriesMax] <span class="high italic">integer</span></span> 
<span class="high italic">(default: 32)</span> 

<p> Maximum concurrent authentication cache entries.  This needs to be sized
adequately to prevent the cache from thrashing (too many attempted entries
causing each to spend very little time in the cache before being replaced, only
to need to be inserted again with the next attempted access).

<li class="item"> <span class="high bold">[AuthCacheEntrySize] <span class="high italic">integer</span></span> 
<span class="high italic">(default: 768)</span> 

<p> Maximum size of an authentication cache entry.  The only reason where this
may need to be increased is where a site is using the /PROFILE functionality
and one or more accounts have a particularly large number of rights
identifiers.

<li class="item"> <span class="high bold">[AuthCacheMinutes] <span class="high italic">integer</span></span> 
<span class="high italic">(default: 60)</span> 

<p> The number of minutes authentication information is cached before being
revalidated from the authentication source.  Zero disables caching (with a
resultant impact on performance as each request requiring authentication is
validated directly from the source).

<li class="item"> <span class="high bold">[AuthDigest] <span class="high monosp">ENABLED&verbar;DISABLED</span></span> 
<span class="high italic">(default: DISABLED)</span> 

<p> Enables or disables Digest username authentication.

<li class="item"> <span class="high bold">[AuthDigestGetLife] <span class="high italic">integer</span></span> 
<span class="high italic">(default: 0)</span> 

<p> The number of seconds a digest nonce for a GET request (read) can be used
before becoming stale.

<li class="item"> <span class="high bold">[AuthDigestPutLife] <span class="high italic">integer</span></span> 
<span class="high italic">(default: 0)</span> 

<p> The number of seconds a digest nonce for a PUT (/POST/DELETE ... write)
request can be used before becoming stale.

<li class="item"> <span class="high bold">[AuthFailureLimit] <span class="high italic">integer</span></span> 

<span class="high italic">(default: 0)</span> 

<p> The number of unsuccessful attempts at authentication before the username
is disabled.  Once disabled any subsequent attempt is automatically refused
without further reference to the authentication source.  A disabled username
can be reenabled by simply purging the cache.
Parallels the purpose of SYSGEN parameter LGI_BRK_LIM.

<li class="item"> <span class="high bold">[AuthFailurePeriod] <span class="high italic">hh:mm:ss</span></span> 

<span class="high italic">(default: 00:00:00)</span> 

<p> The period during which [AuthFailureLimit] is applied.
Parallels the purpose of SYSGEN parameter LGI_BRK_TMO.

<li class="item"> <span class="high bold">[AuthFailureTimeout] <span class="high italic">hh:mm:ss</span></span> 
<span class="high italic">(default: 00:00:00)</span> 

<p> The period during which which any intrusion aversion is applied.
Parallels the purpose of SYSGEN parameter LGI_HID_TIM.

<li class="item"> <span class="high bold">[AuthRevalidateUserMinutes] <span class="high italic">integer</span></span> 
<span class="high italic">(default: 60)</span> 

<p> The number of minutes between authenticated requests that user
authentication remains valid before the user is forced to reenter the
authentication information (via browser dialog).  Zero disables the requirement
for revalidation.

<li class="item"> <span class="high bold">[AuthSysUafAcceptExpPwd] <span class="high monosp">ENABLED&verbar;DISABLED</span></span> 
<span class="high italic">(default: DISABLED)</span> 

<p> If a SYSUAF authenticated password has expired (password lifetime has
been reached) accept it anyway (in much the same way network logins are
accepted in similar circumstances).  This is very different to
<span class="high italic">account expiry</span>, after which authentication is always rejected.

<li class="item"> <span class="high bold">[AuthSysUafLogonType]
<span class="high monosp">LOCAL&verbar;DIALUP&verbar;NETWORK&verbar;REMOTE</span></span>
<span class="high italic">(default: NETWORK)</span> 

<p> When SYSUAF authentication is performed <span class="high italic">account access
restrictions</span> are checked.  By default NETWORK restrictions are used but this
global configuration parameter allows another to be specified.

<li class="item"> <span class="high bold">[AuthSysUafPwdExpURL] <span class="high italic">string</span></span> 
<span class="high italic">(default: none)</span> 

<p> If a SYSUAF authenticated password is/has expired the request is redirected
to this URL to change the password.

<li class="item"> <span class="high bold">[AuthSysUafUseAcme]</span> 

<p> <span class="high italic">Obsolete for WASD V9.3 and following.</span>

<li class="item"> <span class="high bold">[BufferQuotaDclOutput] <span class="high italic">integer</span></span>
<span class="high italic">(default: [BufferSizeDclOutput] + 256)</span>

<p> The number of bytes allocated to script SYS&dollar;OUTPUT mailbox capacity.  The
[BufferSizeDclOutput] sets the maximum record size and [BufferQuotaDclOutput]
the total number of bytes that can be outstanding at any given time. 

<li class="item"> <span class="high bold">[BufferSizeDclCgiHeader] <span class="high italic">integer</span></span>
<span class="high italic">(default: 2048)</span>

<p> The number of bytes allocated to store and process a script CGI  response
header.

<li class="item"> <span class="high bold">[BufferSizeDclCgiPlusIn] <span class="high italic">integer</span></span>
<span class="high italic">(default: 2048)</span>

<p> The number of bytes (and hence BYTLM quota) permanently allocated to each
scripting process CGIPLUSIN mailbox.

<li class="item"> <span class="high bold">[BufferSizeDclCommand] <span class="high italic">integer</span></span>
<span class="high italic">(default: 3072)</span>

<p> The number of bytes (and hence BYTLM quota) permanently allocated to each
scripting process SYS&dollar;COMMAND mailbox.

<li class="item"> <span class="high bold">[BufferSizeDclOutput] <span class="high italic">integer</span></span>
<span class="high italic">(default: 4096)</span>

<p> The number of bytes (and hence BYTLM quota) permanently allocated to each
scripting process SYS&dollar;OUTPUT mailbox.

<li class="item"> <span class="high bold">[BufferSizeNetFile] <span class="high italic">integer</span></span>
<span class="high italic">(default: none)</span>

<p> The maximum bytes to be allocated to a buffer when transfering file
content.  For larger files this can improve both the reading of the file
content from disk and when appropriately <span class="high italic">tuned</span> to the local system
the transmission of that content to the client, significantly increasing data
rates.  Limited to the &dollar;QIO maximum I/O unit of 65,535 bytes.  Bigger is not
always necessarily better (in the sense it always improves data rates).

<li class="item"> <span class="high bold">[BufferSizeNetMTU] <span class="high italic">integer</span></span>
<span class="high italic">(default: none)</span>

<p> This more esoteric directive attempts to minimise network buffer
transmission wastage by rounding the output buffer size up to the network
interface MTU (maximum transmission unit).  This can provide small improvements
to transmission efficiency.  For example a filled buffer of 4096 with an MTU of
1500 sends two 1500 byte packets and then one of 1096 bytes, theoretically
wasting some 404 bytes.  A potentially better choice of buffer size would be
4500.  Setting this directive to 1500 would result in the server automatically
rounding a [BufferSizeNetWrite] value (for example) from 4096 up to 4500.

<li class="item"> <span class="high bold">[BufferSizeNetRead] <span class="high italic">integer</span></span>
<span class="high italic">(default: 2048)</span>

<p> The number of bytes allocated to the network read buffer (used for request
header, POST body, etc.).  Also the number of bytes (and hence BYTLM quota)
permanently allocated to each scripting process SYS&dollar;INPUT mailbox (allowing
a script to read a request body).

<li class="item"> <span class="high bold">[BufferSizeNetWrite] <span class="high italic">integer</span></span>
<span class="high italic">(default: 4096)</span>

<p> Number of bytes allocated to the network write buffer.  This buffer is used
as the basic unit when transfering file contents (from cache or the file
system), as an output buffer during SSI pocessing, directory listing, etc. 
During many activities multiple outputs are buffered into this storage before
being written to the network.

<li class="item"> <span class="high bold">[Cache] <span class="high monosp">ENABLED&verbar;DISABLED</span></span> 
<span class="high italic">(default: DISABLED)</span> 

<p> File cache control.

<li class="item"> <span class="high bold">[CacheChunkKBytes] <span class="high italic">integer</span></span>
<span class="high italic">(default: 0)</span>

<p> Granularity of memory blocks allocated to file data, in kilobytes.

<li class="item"> <span class="high bold">[CacheEntriesMax] <span class="high italic">integer</span></span>
<span class="high italic">(default: 0)</span>

<p> Maximum number of files loaded into the cache before entries are reused
removing the original contents from the cache.

<li class="item"> <span class="high bold">[CacheFileKBytesMax] <span class="high italic">integer</span></span>
<span class="high italic">(default: 0)</span>

<p> Maximum size of a file before it is not a candidate for being cached, in
kilobytes.

<li class="item"> <span class="high bold">[CacheFrequentHits] <span class="high italic">integer</span></span>
<span class="high italic">(default: 0)</span>

<p> Minimum, total number of hits an entry must sustain before being a
candidate for [CacheFrequentPeriod] assessment.

<li class="item"> <span class="high bold">[CacheFrequentPeriod] <span class="high italic">hh:mm:ss</span></span>
<span class="high italic">(default: 00:00:00)</span>

<p> If a file has been hit at least [CacheFrequentHits] times in total and the
last was within the period here specified it will not be a candidate for reuse.
See <a class="link" href="#9.cacheconfiguration">9. Cache Configuration</a>.

<li class="item"> <span class="high bold">[CacheGuardPeriod] <span class="high italic">integer</span></span>
<span class="high italic">(default: 15)</span>

<p> During this period subsequent <span class="high italic">reloads</span> (no-cache) requests will
not result in the entry being revalidated or reloaded.  This can guard period
can help prevent unnecessary file system activity.

<li class="item"> <span class="high bold">[CacheEntriesMax] <span class="high italic">integer</span></span>
<span class="high italic">(default: 0)</span>

<p> <span class="high italic">Obsolete for WASD V8.0 and following.</span>

<li class="item"> <span class="high bold">[CacheTotalKBytesMax] <span class="high italic">integer</span></span>
<span class="high italic">(default: 0)</span>

<p> Maximum memory allocated to the cache, in kilobytes.

<li class="item"> <span class="high bold">[CacheValidatePeriod] <span class="high italic">hh:mm:ss</span></span>
<span class="high italic">(default: 00:00:00)</span>

<p> The interval after which a cache entry's original, content revision time
is revalidated against the file's current revision time.  If not the same the
contents are declared invalid and reloaded.

<li class="item"> <span class="high bold">[CharsetConvert] <span class="high italic">string</span></span>
<span class="high italic">(default: none)</span> 

<p> Document and CGI script output can be dynamically converted from one
character set to another using the standard VMS NCS conversion library.  This
directive provides the server with character set aliases (those that are for
all requirements the same) and which NCS conversion function may be used to
convert one character set into another.  The general format is

<div class="blockof code">document-charset  accept-charset[,accept-charset..]  [NCS-function-name]
</div>

<p> When this directive is configured the server compares each text response's
character set (if any) to each of the directive's <span class="high italic">document charset</span>
string.  If it matches it then compares each of the <span class="high italic">accepted
charset</span> (if multiple) to the request &quot;Accept-Charset:&quot; list of accepted
characters sets.  If the same is is either accepted as-is or if a conversion
function specified converted by NCS as the document is transfered.

<div class="blockof code">windows-1251 windows-1251,cp-1251
windows-1251 koi8-r koi8r_to_windows1251_to_koi8r
koi8-r koi8-r,koi8
koi8-r windows-1251,cp-1251 koi8r_to_windows1251
</div>

<li class="item"> <span class="high bold">[CharsetDefault] <span class="high italic">string</span></span>
<span class="high italic">(default: none)</span> 

<p> The default character set sent in the response header for text documents
(plain and HTML).  English language sites should specify ISO-8859-1, other
Latin alphabet sites, ISO-8859-2, 3, etc. Cyrillic sites might wish to specify
ISO-8859-5 or KOI8-R, and so on.

<li class="item"> <span class="high bold">[CgiStrictOutput]
<span class="high monosp">ENABLED&verbar;DISABLED</span></span> 
<span class="high italic">(default: DISABLED)</span> 

<p> A script must output a full HTTP or CGI-compliant response.  If a
plain-text stream is output an error is reported (being the more common
behaviour for servers).  Errors in output can be disagnosed using the WATCH 
facility.

<li class="item"> <span class="high bold">[ConnectMax] <span class="high italic">integer</span></span>
<span class="high italic">(default: 200)</span>

<p> The maximum number of concurrent client connections before a 
&quot;<span class="high italic">server too busy right now ... try again shortly</span>&quot; error 
is returned to the client. 

<li class="item"> <span class="high bold">[DclBitBucketTimeout] <span class="high italic">hh:mm:ss</span></span>
<span class="high italic">(default: 0)</span>

<p> Period a script is allowed to continue processing before being terminated
after a client prematurely disconnects.  An approptiate setting allows most
scripts to conclude elegantly and be available for further use.  This improves
scripting efficiency significantly.  Setting this period to zero terminates
scripts (and their associated processes) immediately a client is detected as
having disconnected.

<li class="item"> <span class="high bold">[DclCleanupScratchMinutesMax] <span class="high italic">integer</span></span>
<span class="high italic">(default: 0)</span>

<p> Whenever the last scripting process is removed from the system, or this
number of minutes maximum (whichever occurs first), scan the WASD_SCRATCH
directory (if logical defined and it exists) deleting all files that are older
than [DclCleanupScratchMinutesOld] minutes.  Setting to zero disables
WASD_SCRATCH scans.

<li class="item"> <span class="high bold">[DclCleanupScratchMinutesOld] <span class="high italic">integer</span></span>
<span class="high italic">(default: 0)</span>

<p> When performing a [DclCleanupScratchMinutesMax] scan delete files that are
older than this value (or the value specified by [DclCleanupScratchMinutesMax],
whichever is the larger).

<li class="item"> <span class="high bold">[DclCgiPlusLifeTime] <span class="high italic">hh:mm:ss</span></span>
<span class="high italic">(default: 0)</span>

<p> If non-zero the CGIplus process is terminated the specified period after it
last processed a request (idle for that period).  Adjusting the period to suit
the site allows frequently used persistent scripts and scripting engines to
remain resident while more sporadically accessed ones do not remain
unecessarily. If this value is zero (or unconfigured) the idle timeout is one
hour.  

<li class="item"> <span class="high bold">[DclDetachProcess]
<span class="high monosp">ENABLED&verbar;DISABLED</span></span> 
<span class="high italic">(default: DISABLED)</span> 

<p> By default scripts are executed within server processes.  When enabled
this instructs the server to create detached processes.  This side-steps the
issues of having pooled process quotas and also allows non-server-account
scripting and in particular &quot;Scripting Overview, Introduction&quot;.

<li class="item"> <span class="high bold">[DclDetachProcessPriority] <span class="high italic">integer[,integer]</span></span>
<span class="high italic">(default: same as server)</span>

<p> When detached scripting processes are created it is possible to assign them
base priorities lower that the server itself.  This directive takes one or two
(comma-separated) integers that determine how many priorities lower than the
server scripting processes are created.  The first integer determines server
processes.  A second, if supplied, determines user scripts.  User scripts may
never be a higher priority that server scripts.

<div class="blockof code">[DclDetachProcessPriority]  1
[DclDetachProcessPriority]  0,1
[DclDetachProcessPriority]  1,2
</div>
 The first of these examples would set both server and user script
processes one below the server process.  The second, server scripts at the same
priority and user scripts one below.  The last, server scripts one below, and
user scripts two below.

<li class="item"> <span class="high bold">[DclGatewayBG]
<span class="high monosp">ENABLED&verbar;DISABLED</span></span> 
<span class="high italic">(default: DISABLED)</span> 

<p> When enabled, non-SSL, process script CGI environments have a CGI
variable WWW_GATEWAY_BG created containing the device name
(BG<span class="high italic">nnnn</span>:) of the TCP/IP socket connected to the client.  This
socket may be accessed by the script for transmission of data directly to the
script bypassing the server entirely.  This is obviously much more efficient
for certain classes of script.  For purposes of accurate logging the server
does need to be informed of the quantity of data transfered using a CGI
callout.  See &quot;Scripting Environment&quot; document.

<li class="item"> <span class="high bold">[DclHardLimit] <span class="high italic">integer</span></span>
<span class="high italic">(default: 0)</span>

<p> The maximum number of DCL/CGI script processing processes that may ever
exist concurrently (works in conjunction with [DclSoftLimit].

<li class="item"> <span class="high bold">[DclScriptProctor] <span class="high italic">string</span></span>
<span class="high italic">(default: none)</span> 

<p> Script proctoring proactively creates and maintains specific persistent
scripts and scripting environments (RTEs).  It is intended for those
environments that have some significant startup latency.

<br> See <a class="link blank" target="_blank" href="../scripting/#0.">WASD Web Services - Scripting</a>
for further information.

<li class="item"> <span class="high bold">[DclScriptRunTime] <span class="high italic">string</span></span>
<span class="high italic">(default: none)</span> 

<p> One or more file type (extension) specification and scripting verb pairs.
See &quot;Scripting Overview, Runtime&quot;.

<li class="item"> <span class="high bold">[DclSoftLimit] <span class="high italic">integer</span></span>
<span class="high italic">(default: 0)</span>

<p> The number of DCL/CGI script processing processes after which idle
processes are deleted to make room for new ones.  The [DclHardLimit] should
be approximately 25% more than the [DclSoftLimit].  The margin exists to allow
for occasional slow run-down of deleted/finishing processes.  If these
limits are not set (i.e. zero) they are calculated with [ProcessMax] using
&quot;[DclSoftLimit] = [ProcessMax]&quot; and &quot;[DclHardLimit] =
[DclSoftLimit] + [DclSoftLimit] / 4&quot;.

<li class="item"> <span class="high bold">[DclSpawnAuthPriv]
<span class="high monosp">ENABLED&verbar;DISABLED</span></span> 
<span class="high italic">(default: DISABLED)</span> 

<p> By default, when a DCL/scripting subprocess is spawned it inherits the
server's currently enabled privileges, which are <span class="high bold">none</span>, not
even TMPMBX or NETMBX. If this parameter is enabled the subprocess is created
with the server account's SYSUAF-authorized privileges (which should never be
other than NETMBX and TMPMBX). Use with caution.

<li class="item"> <span class="high bold">[DclZombieLifeTime] <span class="high italic">hh:mm:ss</span></span>
<span class="high italic">(default: 00:00:00)</span>           

<p> If this value is zero the use of persistant DCL processes is disabled. 
If non-zero the <span class="high italic">zombie</span>  process is terminated the specified
period after it last processed a request.  This helps prevent zombie processes
from clogging up a system.  See &quot;Scripting Environment&quot; document.

<li class="item"> <span class="high bold">[DECnetReuseLifeTime] <span class="high italic">hh:mm:ss</span></span>
<span class="high italic">(default: 00:00:00)</span>              

<p> Period a DECnet scripting connection is maintained with the network task. 
Zero disables connection reuse.

<li class="item"> <span class="high bold">[DECnetConnectListMax] <span class="high italic">integer</span></span>
<span class="high italic">(default: 0)</span>              

<p> The size of the list used to manage connections for DECnet scripting.  Zero
effectively allows the server to use as many DECnet scripting connections as
demanded. 

<li class="item"> <span class="high bold">[DirAccess] <span class="high monosp">ENABLED&verbar;DISABLED&verbar;SELECTIVE</span></span>
<span class="high italic">(default: DISABLED)</span> 

<p> Controls directory listings.  <span class="high monosp">SELECTIVE</span> allows access 
only to those directories containing a file 
<span class="high monosp">WWW_BROWSABLE</span>.  The WASD HTTPd directory access 
facility always ignores directories containing a file named 
<span class="high monosp">WWW_HIDDEN</span>.  Also see the [DirWildcard]
directive.

<li class="item"> <span class="high bold">[DirBodyTag]  <span class="high italic">string</span></span>
<span class="high italic">(default: &lt;BODY&gt;)</span>

<p> Specifies the HTML &lt;BODY&gt; tag for directory listing pages.  This
allows some measure of site &quot;look-and-feel&quot; in page colour, background,
etc. to be employed.

<li class="item"> <span class="high bold">[DirDescriptionLines] <span class="high italic">integer</span></span>
<span class="high italic">(default: 0)</span>              

<p> Non-Zero enables HTML file descriptions during listings.  Generating HTML
descriptions involves opening each HTML file and searching for
&lt;TITLE&gt;...&lt;/TITLE&gt; and &lt;H1&gt;...&lt;/H1&gt; text to generate the
description. This is an obviously resource-intensive activity and on busy
servers or systems may be disabled.  Any non-zero number specifies the number
of lines to be searched before quitting.  Set to a very high number to search
all of files' contents (e.g. 999999).

<li class="item"> <span class="high bold">[DirLayout] <span class="high italic">string</span></span>
<span class="high italic">(default: I__L__R__S__D)</span> 

<p> Allows specification of the directory listing layout. This is a short,
case-insensitive string that specifies the included fields, relative placement
and optionally the width of the fields in a directory listing. Each field is
controlled by a single letter and optional leading decimal number specifying
its width. If a width is not specified an appropriate default applies. An
underscore is used to indicate a single space and is used to separate the
fields (two consecutive works well). 

<ul class="list simple list0">
<li class="item"> <span class="high bold">C</span> - creation date
<li class="item"> <span class="high bold">D</span> - description (generally best specified last)

<ul class="list simple list0">
<li class="item"> <span class="high bold">D:L</span> - for files, make a link out of the description text
</ul>

<li class="item"> <span class="high bold">I</span> - icon (takes no field-width attribute)

<ul class="list simple list0">
<li class="item"> <span class="high bold">L</span> - link (highlighted anchor using the name of the file)
<li class="item"> <span class="high bold">L:F</span> - file-system name (for ODS-5 displays spaces, etc.) 
<li class="item"> <span class="high bold">L:N</span> - name-only, do not display the extension
<li class="item"> <span class="high bold">L:U</span> - force name to upper-case
</ul>

<li class="item"> <span class="high bold">N</span> - name (no link, why bother? who knows!)
<li class="item"> <span class="high bold">O</span> - owner (can be disabled)
<li class="item"> <span class="high bold">R</span> - revision date
<li class="item"> <span class="high bold">S</span> - size

<ul class="list simple list0">
<li class="item"> <span class="high bold">S:B</span> - in bytes (comma-formatted)
<li class="item"> <span class="high bold">S:D</span> - decimal kilos (see below)
<li class="item"> <span class="high bold">S:F</span> - kilo and mega are displayed to one decimal place
<li class="item"> <span class="high bold">S:K</span> - in kilo-bytes (and fractions thereof)
<li class="item"> <span class="high bold">S:M</span> - in mega-bytes (and fractions thereof)
</ul>

<li class="item"> <span class="high bold">U</span> - upper-case file and directory names (must be the
first character)

</ul>

<p> The following shows some examples:

<div class="blockof code">[DirLayout]       I__L__R__S__D
[DirLayout]       I__L__R__S:b__D
[DirLayout]       I__15L__S__D
[DirLayout]       UI__15L__S__D
[DirLayout]       15L__9R__S
[DirLayout]       15N_9C_9R_S
[DirLayout]       I__L__R__S:d__D
[DirLayout]       25D:l__S:b__C__R
</div>

<p> The size of files is displayed by default as 1024 byte kilos.  When using
the &quot;S:k&quot;, &quot;S:m&quot; and &quot;S:f&quot; size modifiers the size is
displayed as 1000 byte kilos.  If it is prefered to have the default display
in 1000 byte kilos then set the directory listing layout using:

<div class="blockof code">[DirLayout]       I__L__R__S:d__D
</div>

<p> If unsure of the kilo value being used check the
&quot;&lt;META&gt;&quot; information in the directory listing.

<li class="item"> <span class="high bold">[DirMetaInfo] <span class="high monosp">ENABLED&verbar;DISABLED</span></span> 
<span class="high italic">(default: DISABLED)</span> 

<p> Includes, as &lt;META&gt; information, the software ID of the server
and any relevant VMS file information.

<li class="item"> <span class="high bold">[DirNoImpliedWildcard] <span class="high monosp">ENABLED&verbar;DISABLED </span></span> 
<span class="high italic">(default: DISABLED)</span> 

<p> When a directory is accessed having no file or type component and there is
no welcome page available a directory listing is generated.  By default any
other directory accessed from this listing has the implied wildcards &quot;*.*&quot;
added,  consequently forcing directory listings.  If enabled, this directive
ensures no wildcards are added, so subsequent directories accessed with
welcome pages display the pages, not a forced listing. 

<li class="item"> <span class="high bold">[DirNoPrivIgnore] <span class="high monosp">ENABLED&verbar;DISABLED </span></span> 
<span class="high italic">(default: DISABLED)</span> 

<p> To prevent browsing through directories (perhaps due to inadvertant
mapping) that have file permissions allowing no WORLD access the server stops
listing and reports the error the first time a protection violation occurs. 
This behaviour may be changed to ignore the violation, listing only those files
to which it has access.

<li class="item"> <span class="high bold">[DirOwner] <span class="high monosp">ENABLED&verbar;DISABLED</span> </span>
<span class="high italic">(default: DISABLED)</span> 

<p> Allows specification and display of the RMS file owner information.

<li class="item"> <span class="high bold">[DirPreExpired] <span class="high monosp">ENABLED&verbar;DISABLED</span> <span class="high italic">(default: DISABLED)</span> </span>

<p> Directory listings and trees may be <span class="high italic">pre-expired</span>.  That is, the
listing is reloaded each time the page is referenced.  This is convenient in
some environments where directory contents change frequently, but adds
considerable over-head and so is disabled by default.  Individual directory
listings may have the default behaviour over-ridden using syntax similar to the
following examples:

<div class="blockof code">/dir1/dir2/*.*?httpd=index?expired=yes
/dir1/dir2/*.*?httpd=index?expired=no
/tree/dir2/?httpd=index?expired=yes
/tree/dir1/dir2/?httpd=index?expired=no
</div>

<li class="item"> <span class="high bold">[DirReadme] <span class="high monosp">TOP&verbar;BOTTOM &verbar;
OFF</span></span> <span class="high italic">(default: DISABLED)</span> 

<p> If any of the files provided using the [DirReadMeFile] directive are
located in the directory the contents are included at the top or bottom of the
listing (or not at all). Plain-text are included as plain-text, HTML are
included as HTML allowing markup tags to be employed. 

<li class="item"> <span class="high bold">[DirReadMeFile] <span class="high monosp">file.suffix</span></span>
<span class="high italic">(no default)</span> 

<p> Specifies the names and order in which a directory is checked for
<span class="high italic">read-me</span> files. This can be enabled or disabled using the
[DirReadme] directive. Plain-text are included as plain-text, HTML are
included as HTML allowing markup tags to be employed. 

<p> Examples: 

<div class="blockof code">[DirReadMeFile]
readme.html
readme.htm
readme.
readme.txt
readme.1st
</div>

<li class="item"> <span class="high bold">[DirWildcard] <span class="high monosp">OFF&verbar;ON</span></span>
<span class="high italic">(default: DISABLED)</span>

<p> This enables the facility to <span class="high italic">force</span> the server to provide a
directory listing by providing a wildcard file specification, even if there is
a home (welcome) document in the directory.  This should not be confused with
the [DirAccess] directive which controls directory listing itself.

<li class="item"> <span class="high bold">[DNSLookupClient] <span class="high monosp">ENABLED&verbar;DISABLED</span></span>
<span class="high italic">(default: DISABLED)</span> 

<p> Enables or disables connection request host name resolution.  This 
functionality may be expensive (in terms of processing overhead) and make 
serving granularity coarser if DNS is involved.  If not enabled and logging 
is, the entry is logged against the literal internet address.  If not enabled 
any [Accept], [Reject] or conditional directive, etc., must be expressed as a
literal address.

<li class="item"> <span class="high bold">[DNSLookupLifetime] <span class="high italic">hh:mm:ss</span></span>
<span class="high italic">default 00:10:00</span> 

<p> The period for which a host name/address is cached (applies to both client
lookup and proxy host lookup).

<li class="item"> <span class="high bold">[DNSLookupRetry] <span class="high italic">integer</span></span>
<span class="high italic">(default: 2)</span> 

<p> The number of attempts, at two second intervals, made to resolve a host
name/address (applies to both client lookup and proxy host lookup).

<li class="item"> <span class="high bold">[EntityTag]  <span class="high monosp">ENABLED&verbar;DISABLED</span></span>
<span class="high italic">(default: ENABLED)</span> 

<p> An entity tag is a client-opaque string used in strong cache validation. 
WASD generates this using the on-disk file identification (FID) and binary
last-modified date-time (RDT).  This is then used as a definitive identifier
for a specified on-disk resource fixed in file-system space-time (hmmm, sounds
like an episode of Star Trek).

<li class="item"> <span class="high bold">[ErrorReportPath] <span class="high italic">string [status...]</span></span>
<span class="high italic">(default: none)</span> 

<p> Specifies the <span class="high bold">URL-format path</span> to an optional, error reporting SSI
document or script. See <a class="link" href="#2.10.errorreporting">2.10 Error Reporting</a>. This path can subsequently be
remapped during request processing.  Optional, space-separated HTTP status
codes restrict the path to those codes, with the remainder handled by
server-internal reporting.

<li class="item"> <span class="high bold">[ErrorRecommend] <span class="high monosp">ENABLED&verbar;DISABLED</span></span>
<span class="high italic">(default: DISABLED)</span> 

<p> Provides a short message recommending action when reporting an error to a
client.  For example, if a document cannot be found it may say:

<div class="blockof code"><span class="high italic">(document, or bookmark, requires revision)</span>
</div>

<li class="item"> <span class="high bold">[GzipAccept] <span class="high italic">integer</span></span>
<span class="high italic">(default: 0)</span> 

<p> Enables GZIP encoding of request bodies.
See <a class="link" href="#2.4.gzipencoding">2.4 GZIP Encoding</a>.

<li class="item"> <span class="high bold">[GzipFlushSeconds] <span class="high italic">integer</span></span>
<span class="high italic">(default: 0)</span> 

<p> Adjusts the maxiumum period period between GZIP buffer flushes.
See <a class="link" href="#2.4.gzipencoding">2.4 GZIP Encoding</a>.

<li class="item"> <span class="high bold">[GzipResponse] <span class="high italic">integer</span>[<span class="high italic">integer,integer</span>]</span>
<span class="high italic">(default: 0)</span> 

<p> Enables GZIP encoding (deflation) for suitable requests and responses. 
Valid values are 1 for minimum compression (and minimum resource usage) through
to 9 for maxiumum compression (and maximum resource usage).  The value 9 is
recommended.  See <a class="link" href="#2.4.gzipencoding">2.4 GZIP Encoding</a>.

<li class="item"> <span class="high bold">[Http2Protocol]</span>
<span class="high bold">enable</span>&verbar;<span class="high bold">disable</span>
<span class="high italic">(default: disable)</span>) 

<p> Enable or disable (default) HTTP/2 for all services.  The default for a
service follows the global setting.  A service must explicitly disable HTTP/2
if that is required.

<li class="item"> <span class="high bold">[Http2FrameSizeMax] <span class="high italic">integer</span></span>
<span class="high italic">(default: 65535)</span> 

<p> The maximum permitted size (in octets) of an HTTP/2 frame sent from the
client.

<li class="item"> <span class="high bold">[Http2HeaderListMax] <span class="high italic">integer</span></span>
<span class="high italic">(default: 65535)</span> 

<p> The maximum permitted size (in bytes) of a request header sent from the
client.

<li class="item"> <span class="high bold">[Http2HeaderTableMax] <span class="high italic">integer</span></span>
<span class="high italic">(default: 4096)</span> 

<p> The maximum permitted size (in bytes) of a request header compression
table.

<li class="item"> <span class="high bold">[Http2PingSeconds] <span class="high italic">hh:mm:ss</span></span>
<span class="high italic">(default: 00:05:00)</span> 

<p> The period at which HTTP/2 pings are sent from the server to the client to
calculate the (then) Round Trip Time (RTT) of the connection.

<li class="item"> <span class="high bold">[Http2StreamMax] <span class="high italic">integer</span></span>
<span class="high italic">(default: 32)</span> 

<p> Maximum number of concurrent streams (requests) supported by the
connection.

<li class="item"> <span class="high bold">[Http2InitWindowSize] <span class="high italic">integer</span></span>
<span class="high italic">(default: 65535)</span> 

<p> Initial flow-control window size (in bytes).

<li class="item"> <span class="high bold">[InstanceMax]
<span class="high italic">integer</span>&verbar;<span class="high monosp">CPU</span></span>
<span class="high italic">(default: 1)</span> 

<p> Number of per-node server processes to create and maintain.
If set to &quot;CPU&quot; once instance per CPU is created.

<li class="item"> <span class="high bold">[InstancePassive] <span class="high monosp">ENABLED&verbar;DISABLED</span></span>
<span class="high italic">(default: DISABLED)</span> 

<p> Start a multiple instance server already in <span class="high italic">passive</span> mode.

<li class="item"> <span class="high bold">[Logging] <span class="high monosp">ENABLED&verbar;DISABLED</span></span>
<span class="high italic">(default: DISABLED)</span> 

<p> Enables or disables the request log.  Logging can slow down request
processing and adds overhead.  The log file name must be specified using the
/LOG qualifier or WASD_CONFIG_LOG logical name (<a class="link" href="#10.2.logicalnames">&lsquo;LOGICAL NAMES&rsquo; in 10.2 VMS File System Specifications</a>).

<li class="item"> <span class="high bold">[LogExcludeHosts] <span class="high italic">string</span></span>
<span class="high italic">(default: none)</span> 

<p> One or more (comma-separated if on the same line) internet host/domain
names, with &quot;*&quot; wildcarding for host/subdomain matching, requests from
which are not placed in any log files. If DNS lookup is not enabled hosts must
be expressed using literal addresses (see [DNSLookup] directive). Use for
excluding local or web-maintainer's host from logs.

<p> Example: 

<div class="blockof code">[LogExcludeHosts]
*.www.example.com
131.185.250.*
</div>

<li class="item"> <span class="high bold">[LogExtend] <span class="high italic">integer</span></span>
<span class="high italic">(default: 0)</span> 

<p> Number of blocks allocated when when a log file is opened or extended.  If
set to zero it uses the process default (SET RMS_DEFAULT /EXTEND_QUANTITY).

<li class="item"> <span class="high bold">[LogFile] <span class="high italic">string</span></span>
<span class="high italic">(default: none)</span> 

<p> Provides some or all of the access log file name.
See <a class="link" href="#2.12.2.logperperiod">2.12.2 Log Per-Period</a>.

<li class="item"> <span class="high bold">[LogFormat] <span class="high italic">string</span></span>
<span class="high italic">(default: COMMON)</span> 

<p> Specifies one of three pre-defined formats, or a user-definable format.
See <a class="link" href="#2.12.1.logformat">2.12.1 Log Format</a>.

<li class="item"> <span class="high bold">[LogNaming] <span class="high italic">string</span></span>
<span class="high italic">(default: none)</span> 

<p> When [LogPeriod] or [LogPerService] directives are used to generate
multiple log files this directive may be used to modify the naming of the file. 
See <a class="link" href="#2.12.5.lognaming">2.12.5 Log Naming</a>.

<li class="item"> <span class="high bold">[LogPeriod] <span class="high italic">string</span></span>
<span class="high italic">(default: none)</span> 

<p> Specifies a period at which the log file is changed.
See <a class="link" href="#2.12.2.logperperiod">2.12.2 Log Per-Period</a>.

<li class="item"> <span class="high bold">[LogPerInstance] <span class="high monosp">ENABLED&verbar;DISABLED</span></span>
<span class="high italic">(default: DISABLED)</span> 

<p> When multiple instances are configured (see
<a class="link blank" target="_blank" href="../features/#instancesandenvironments">Instances and Environments</a> of
<a class="link blank" target="_blank" href="../features/#0.">WASD Features and Facilities</a>)
create a separate log for each.  This has significant performance advantages. 
See <a class="link" href="#2.12.4.logperinstance">2.12.4 Log Per-Instance</a>.

<li class="item"> <span class="high bold">[LogPerService] <span class="high monosp">ENABLED&verbar;DISABLED</span></span>
<span class="high italic">(default: DISABLED)</span> 

<p> When multiple services are specified () 
a separate log file will be created for each if this is enabled.  See
<a class="link" href="#2.12.3.logperservice">2.12.3 Log Per-Service</a>.

<li class="item"> <span class="high bold">[LogPerServiceHostOnly] <span class="high monosp">ENABLED&verbar;DISABLED</span></span>
<span class="high italic">(default: DISABLED)</span> 

<p> When generating a log name do not make the port number part of it.  This
effectively provides a single log file for all ports provided against a host
name (e.g. a standard HTTP service on port 80 and an SSL service on port 443
would have entries in the  one file).  See <a class="link" href="#2.12.3.logperservice">2.12.3 Log Per-Service</a>.

<li class="item"> <span class="high bold">[LogWriteFail503] <span class="high monosp">ENABLED&verbar;DISABLED</span></span>
<span class="high italic">(default: DISABLED)</span> 

<p> After an access log record fails to write all subsequent requests return a
503 service unavailable response until records can be successfully written
again.  This can be used to prevent access to server resources unless an access
audit log is available.

<li class="item"> <span class="high bold">[Monitor] <span class="high monosp">ENABLED&verbar;DISABLED</span></span>
<span class="high italic">(default: DISABLED)</span> 

<p> Allows monitoring via the HTTPDMON utility.  Adds slight request processing
overhead. 

<li class="item"> <span class="high bold">[OpcomAdmin] <span class="high monosp">ENABLED&verbar;DISABLED</span></span>
<span class="high italic">(default: DISABLED)</span> 

<p> Report to operator log and any enabled operator console (see [OpcomTarget])
server administration directives originating from the Server Administration
Menu, for example path map reload, server restart, etc.

<li class="item"> <span class="high bold">[OpcomAuthorization] <span class="high monosp">ENABLED&verbar;DISABLED</span></span>
<span class="high italic">(default: DISABLED)</span> 

<p> Report events related to authentication/authorization.  For example
username-password validation failures.

<li class="item"> <span class="high bold">[OpcomControl] <span class="high monosp">ENABLED&verbar;DISABLED</span></span>
<span class="high italic">(default: DISABLED)</span> 

<p> Report HTTPD/DO=<span class="high italic">directive</span> control events, both the command-line
directive and the server's response.

<li class="item"> <span class="high bold">[OpcomHTTPd] <span class="high monosp">ENABLED&verbar;DISABLED</span></span>
<span class="high italic">(default: DISABLED)</span> 

<p> Report events concerning the server itself.  For example, server startup
and exit (either normally or with error status).

<li class="item"> <span class="high bold">[OpcomProxyMaint] <span class="high monosp">ENABLED&verbar;DISABLED</span></span>
<span class="high italic">(default: DISABLED)</span> 

<p> Report events related to proxy server cache maintenance.  For example, the
commencement of file cache reactive and proactive purging, the conclusion of
this purge, both with cache device statistics.

<li class="item"> <span class="high bold">[OpcomTarget] <span class="high italic">string</span></span>
<span class="high italic">(default: DISABLED)</span> 

<p> This enables OPCOM messaging and specifies the target for the OPCOM
reports.  This must be set to a target to enable OPCOM messages, irrespective
of the setting of any of the other [Opcom...] directives.  These messages are
added to SYS&dollar;MANAGER:OPERATOR.LOG and displayed at the specified operator's 
console if enabled (using REPLY/ENABLE=target).  The operator log provides a
&quot;permanent&quot; record of server events.  Possible settings include
CENTRAL, NETWORK, SECURITY, OPER1 &hellip; OPER12, etc.

<li class="item"> <span class="high bold">[PipelineRequests] <span class="high monosp">ENABLED&verbar;DISABLED</span></span>
<span class="high italic">(default: ENABLED)</span> 

<p> Pipelining refers to multiple requests being sent over an assumed
persistent connection without waiting for the response from previous requests. 
Such behaviour with capable clients and servers can significantly reduce
response latency.

<li class="item"> <span class="high bold">[Port] <span class="high italic">integer</span></span>
<span class="high italic">(default: 80)</span> 

<p> IP port number for server to bind to.  For anything other than a
command-line server control this parameter is overridden by anything supplied
via the [Service] <span class="high bold"><span class="high italic">(deprecated)</span></span> directive.

<li class="item"> <span class="high bold">[ProcessMax] <span class="high italic">integer</span></span>
<span class="high italic">(default: 100)</span>

<p> The maximum number of concurrent client request being processed before a 
&quot;<span class="high italic">server too busy right now ... try again shortly</span>&quot; error 
is returned to the client.  If not explicitly  set this defaults to the same
value as [ConnectMax].  This directive allows a larger number of persistent
connections to be maintained than are concurrently being processed at any given
moment.

<li class="item"> <span class="high bold">[ProxyCache] <span class="high monosp">ENABLED&verbar;DISABLED</span></span>
<span class="high italic">(default: DISABLED)</span> 

<p> Enables or disables proxy caching on a whole-of-server basis, irrespective
of any proxy services that might be configured for caching.

<li class="item"> <span class="high bold">[ProxyCacheFileKBytesMax] <span class="high italic">integer</span></span>
<span class="high italic">(default: 256)</span> 

<p> Maximum size of a cache file in kilobytes before it will not be cached.

<li class="item"> <span class="high bold">[ProxyCacheNegativeSeconds] <span class="high italic">hh:mm:ss</span></span>
<span class="high italic">(default: 00:05:00)</span> 

<p> Negative (unsuccessful) responses are cached for this period.

<li class="item"> <span class="high bold">[ProxyCacheRoutineHourOfDay] <span class="high italic">integer</span></span>
<span class="high italic">(default: 0)</span> 

<p> Hour of day for <span class="high italic">routine</span> cache purge (00-23).

<li class="item"> <span class="high bold">[ProxyCacheDeviceCheckMinutes] <span class="high italic">integer</span></span>
<span class="high italic">(default: 15)</span> 

<p> Interval in minutes between checking space availablility on cache device. 
If space is not available a <span class="high italic">reactive</span> purge is initiated.

<li class="item"> <span class="high bold">[ProxyCacheDeviceDirOrg] <span class="high monosp">FLAT256&verbar;64X64</span></span>
<span class="high italic">(default: FLAT256)</span> 

<p> Organization of directories on the proxy cache device.  The first provides
a single level structure with a possible 256 directories at the top level and
files organized immediately below these. For versions of VMS prior to V7.2
exceeding 256 files per directory, or a total of approximately 65,000 files,
incurs a significant performance penalty for some directory operations.  The
second organization involves two levels of directory, each with a maximum of
64 directories.  This allows for approximately 1,000,000 files before
encountering the 256 files per directory issue.

<li class="item"> <span class="high bold">[ProxyCacheDeviceMaxPercent] <span class="high italic">integer</span></span>
<span class="high italic">(default: 85)</span> 

<p> The maximum percentage in use on the cache device before a
<span class="high italic">reactive</span> purge is scheduled.  If device usage exceeds this limit no
more cache files are created.

<li class="item"> <span class="high bold">[ProxyCacheDevicePurgePercent] <span class="high italic">integer</span></span>
<span class="high italic">(default: 1)</span> 

<p> The percentage by which the cache device usage is attempted to be reduced
when a <span class="high italic">reactive</span> purge is initiated.

<li class="item"> <span class="high bold">[ProxyCacheNoReloadSeconds] <span class="high italic">integer</span></span>
<span class="high italic">(default: 0)</span> 

<p> Prevents pragma reloads actually retrieving the file from the source host
again  until the period expires.  This is designed to limit concurrent or
repeated reloads of files into the cache unecessarily.  Thirty seconds is
probably an adequate period balancing effect against a user legitimately
needing to recache the document.

<li class="item"> <span class="high bold">[ProxyCachePurgeList] <span class="high italic">string</span></span>
<span class="high italic">(default: 168,48,24,8,0)</span> 

<p> A list of comma-separated integers representing the sequence of last
accessed period in hours used during a progressive <span class="high italic">reactive</span> purge.

<li class="item"> <span class="high bold">[ProxyCacheReloadList] <span class="high italic">string</span></span>
<span class="high italic">(default: 1,2,4,8,12,24,48,96,168)</span> 

<p> A list of comma-separated integers representing the sequence of age in
hours used when determining whether a cache file's contents should be reloaded.

<li class="item"> <span class="high bold">[ProxyConnectPersistMax] <span class="high italic">integer</span></span>
<span class="high italic">(default: 100)</span> 

<p> The maximum number of established connections that are maintained to remote
servers.

<li class="item"> <span class="high bold">[ProxyConnectPersistSeconds] <span class="high italic">hh:mm:ss</span></span>
<span class="high italic">(default: 00:00:30)</span> 

<p> Period for which the established connections persist.  At expiry the
connection is closed.

<li class="item"> <span class="high bold">[ProxyConnectTimeoutSeconds] <span class="high italic">hh:mm:ss</span></span>
<span class="high italic">(default: 00:00:30)</span> 

<p> Period for which the proxy server will attempt to establish a network
connection to the origin (remote) server.

<li class="item"> <span class="high bold">[ProxyForwarded]
<span class="high monosp">BY&verbar;DISABLED&verbar;FOR&verbar;ADDRESS</span></span>
<span class="high italic">(default: DISABLED)</span> 

<p> BY enables the addition of a proxy request header line providing
information that the request has been forwarded by another agent.  The added
header line would look like &quot;Forwarded: by http://server.name.domain
(HTTPd-WASD/n.n.n OpenVMS/AXP Digital-TCPIP SSL)&quot;.  If the FOR variant is used
the field included the host name (or ADDRESS) the request is being forwarded on
behalf of, as in &quot;Forwarded: by http://server.name.domain
(HTTPd-WASD/n.n.n OpenVMS/AXP Digital-TCPIP SSL) for host.name.domain&quot;.

<li class="item"> <span class="high bold">[ProxyHostLookupRetryCount] <span class="high italic">integer</span></span>
<span class="high italic">(default: 0)</span> 

<p> When the server is resolving the name of a remote host the request may
timeout due to up-stream DNS server latencies.  This parameter allows a number
of retries, at five second intervals, to be enabled.

<li class="item"> <span class="high bold">[ProxyReportLog] <span class="high monosp">ENABLED&verbar;DISABLED</span></span>
<span class="high italic">(default: DISABLED)</span> 

<p> Enables or disables the server process log reporting siginificant proxy
processing events, such as cache maintenance activity.

<li class="item"> <span class="high bold">[ProxyReportCacheLog] <span class="high monosp">ENABLED&verbar;DISABLED</span></span>
<span class="high italic">(default: DISABLED)</span> 

<p> Enables or disables the server process log reporting of proxy caching
activity.

<li class="item"> <span class="high bold">[ProxyServing] <span class="high monosp">ENABLED&verbar;DISABLED</span></span>
<span class="high italic">(default: DISABLED)</span> 

<p> Enables or disables proxy serving on a whole-of-server basis, irrespective
of any proxy services that might be configured.

<li class="item"> <span class="high bold">[ProxyUnknonwRequestFields] <span class="high monosp">ENABLED&verbar;DISABLED</span></span>
<span class="high italic">(default: DISABLED)</span> 

<p> When enabled propagates all request fields provided by the client
through to the proxied server.  When disabled only propagates fileds that WASD
recognises.

<li class="item"> <span class="high bold">[ProxyVerifyRecordMax] <span class="high italic">integer</span></span>
<span class="high italic">(default: 0)</span> 

<p> Obscure functionality; see WASD Proxy Service feature.

<li class="item"> <span class="high bold">[ProxyXForwardedFor]
<span class="high monosp">ADDRESS&verbar;DISABLED&verbar;ENABLED&verbar;UNKNOWN</span></span>
<span class="high italic">(default: DISABLED)</span> 

<p> Enables the addition of a proxy request header line providing the host name
on behalf of which the request is being proxied.  The added header line would
look like &quot;X-Forwarded-For: host.name.domain&quot;.  THE ADDRESS variant
provides the IP address, and the UNKNOWN variant substitutes
&quot;unknown&quot; for the host.  This field is degined to be compatible with
the <span class="high italic">Squid</span> de facto standard field of the same name.  Any request
with an existing &quot;X-Forwarded-For:&quot; field has the local information
appended to the existing as a comm-separated list.  The first host in the field
should be the original requesting client.

<li class="item"> <span class="high bold">[PutBinaryRFM]
<span class="high italic">FIX512&verbar;STM&verbar;STMCR&verbar;STMLF&verbar;UDF</span></span>
<span class="high italic">(default: UDF)</span>

<p> Record format for a non-text HTTP POST or PUT upload into the file-system. 
Has a per-path equivalent. The precedence for determining the created file
record format is [AddType] RFM:, then any per-path PUT=RFM= mapping rule, then
[PutBinaryRFM], then the default of UDF.

<li class="item"> <span class="high bold">[PutMaxKBytes]
<span class="high italic">integer</span></span>
<span class="high italic">(default: 250)</span> 

<p> Maximum size of an HTTP POST or PUT method request in Kilobytes.  Has a
per-path equivalent.

<li class="item"> <span class="high bold">[PutVersionLimit] <span class="high italic">integer</span></span>
<span class="high italic">(default: 3)</span> 

<p> File created using the POST or PUT methods have the specified version limit
applied.

<li class="item"> <span class="high bold">[RegEx] <span class="high monosp">ENABLED&verbar;DISABLED</span></span> 
<span class="high italic">(default: DISABLED)</span> 

<p> Enable regular expression matching.  With the possibility of the reserved
character &quot;^&quot; being used in existing mapping rules regular expression string
matching (<a class="link" href="#4.stringmatching">4. String Matching</a>) is only available after enabling this
directive.

<p> The default syntax is POSIX EGREP but can be specified by substituting for
<span class="high monosp">ENABLED</span> one of the following keywords; AWK, ED, EGREP,
GREP, POSIX_AWK, POSIX_BASIC, POSIX_EGREP, POSIX_EXTENDED, POSIX_MINIMAL_BASIC,
POSIX_MINIMAL_EXTENDED, SED.  When changed from the default <span class="high italic">enabled</span>
(WASD) case-insensitivity is lost. 

<li class="item"> <span class="high bold">[Reject] <span class="high italic">host/domain name</span></span>
<span class="high italic">(default: none)</span>

<p> One or more (comma-separated if on the same line) internet host/domain
names, with &quot;*&quot; wildcarding for host/subdomain matching, to be
explicitly denied access. If DNS lookup is not enabled hosts must be expressed
using literal addresses (see [DNSLookup] directive). Also see the [Accept]
directive. Reject directives have precedence of Accept directives. The Reject
directive may be used multiple times.

<p> Example: 

<div class="blockof code">[Reject]
*.www.example.com
131.185.250.*
</div>

<li class="item"> <span class="high bold">[ReportBasicOnly] <span class="high monosp">ENABLED&verbar;DISABLED</span></span> 
<span class="high italic">(default: DISABLED)</span> 

<p> Only ever supply basic information in a report (<a class="link" href="#2.10.errorreporting">2.10 Error Reporting</a>).

<li class="item"> <span class="high bold">[ReportMetaInfo] <span class="high monosp">ENABLED&verbar;DISABLED</span></span> 
<span class="high italic">(default: DISABLED)</span> 

<p> Includes in detailed reports, as &lt;META&gt; information, the
software ID of the server and any relevant VMS file information.

<li class="item"> <span class="high bold">[RequestHistory] <span class="high italic">integer</span></span>
<span class="high italic">(default: 0)</span>

<p> The server can keep a list of the most recent requests accessible from the
Server Administration page.  This value determines the number kept.  Zero
disables the facility.  Each retained request consumes 256 bytes and adds a
small amount of extra processing overhead.

<li class="item"> <span class="high bold">[Scripting] <span class="high monosp">ENABLED&verbar;DISABLED</span></span>
<span class="high italic">(default: ENABLED)</span> 

<p> Enables and disables <span class="high bold">all</span> scripting mechanisms.  This
includes CGI and CGIplus, DECnet-based OSU and CGI, and SSI
directives that DCL processes to provide &lt;--#dcl --&gt;,
&lt;--#exec --&gt;, etc. 

<li class="item"> <span class="high bold">[SearchScript] <span class="high italic">path</span></span>
<span class="high italic">(no default)</span> 

<p> Specifies the <span class="high bold">URL-format path</span> to the default query-string 
keyword search script.  This path can subsequently be remapped during request
processing.

<p> Example: 

<div class="blockof code">[SearchScript] /wasd_root/script/query
</div>

<li class="item"> <span class="high bold">[SearchScriptExclude] <span class="high italic">list</span></span>
<span class="high italic">(no default)</span> 

<p> Provides a list of file types that are excluded from an implied keyword
search. This is useful for client-side (browser-side) active processing that
may require a query string to pass information.  This query string would
normally be detected by the server and if not in a format to be meaningful to
itself is then considered as an implied (HTML &lt;ISINDEX&gt;) keyword
search, with the approriate script being activiated.

<p> Example: 

<div class="blockof code">[SearchScriptExclude] .HTA,.HTL
</div>

<li class="item"> <span class="high bold">[SecureSocket] <span class="high monosp">ENABLED&verbar;DISABLED</span></span>
<span class="high italic">(default: DISABLED)</span> 

<p> Enable the Secure Sockets Layer (SSL) Transport Layer Security (TLS) if the
server has been built with that option.  See
<a class="link blank" target="_blank" href="../features/#transportlayersecurity">Transport Layer Security</a> of
<a class="link blank" target="_blank" href="../features/#0.">WASD Features and Facilities</a>).

<li class="item"> <span class="high bold">[ServerAdmin] <span class="high italic">string</span></span>
<span class="high italic">(no default)</span> 

<p> Specifies the contact email address for server administration issues. 
Included as a &quot;mailto:&quot; link in the server signature if
[ServerSignature] is set to <span class="high italic">email</span>.

<li class="item"> <span class="high bold">[ServerAdminBodyTag]  <span class="high italic">string</span></span>
<span class="high italic">(default: &lt;BODY&gt;)</span>

<p> Specifies the HTML &lt;BODY&gt; tag for server administration and
administration report pages.  This allows some measure of control over the
&quot;look-and-feel&quot; of page and link colour, etc.. for the administrator.

<li class="item"> <span class="high bold">[ServerReportBodyTag]  <span class="high italic">string</span></span>
<span class="high italic">(default: &lt;BODY&gt;)</span>

<p> Specifies the HTML &lt;BODY&gt; tag for server error and other report
pages.  This allows some measure of site &quot;look-and-feel&quot; in page colour,
background, etc. to be maintained.

<li class="item"> <span class="high bold">[ServerSignature]
<span class="high monosp">ENABLED&verbar;EMAIL&verbar;DISABLED</span></span>
<span class="high italic">(default: DISABLED)</span> 

<p> The server signature is a short identifying string added to server
generated error and other report pages.  It includes the server software name
and version, along with the host name and port of the service.  Setting this to
<span class="high italic">email</span> makes the host name a <span class="high italic">mailto:</span> link containing the
address specified by the [ServerAdmin] directive.

<li class="item"> <span class="high bold">[Service] <span class="high italic">string</span></span>
<span class="high italic">(no default)</span> <span class="high bold"><span class="high italic">(deprecated)</span></span> 

<p> This parameter allows SSL, multi-homed hosts and multiple port serving to
be specified.

<li class="item"> <span class="high bold">[ServiceNotFoundURL] <span class="high italic">string</span></span>
<span class="high italic">(no default)</span> 

<p> Provides a default path for reporting a virtual host does not exist, see
<a class="link" href="#2.3.2.unknownvirtualserver">2.3.2 Unknown Virtual Server</a>.

<li class="item"> <span class="high bold">[SocketSizeRcvBuf] <span class="high italic">integer</span></span>
<span class="high italic">(no default)</span> 

<p> Number of bytes allocated at the device-driver level for a network
connection receive buffer. See
<a class="link blank" target="_blank" href="../install/#vmsserveraccount">VMS Server Account</a> in <a class="link blank" target="_blank" href="../install/#0.">WASD Install</a>.

<li class="item"> <span class="high bold">[SocketSizeSendBuf] <span class="high italic">integer</span></span>
<span class="high italic">(no default)</span> 

<p> Number of bytes allocated at the device-driver level for a network
connection send buffer.  Later versions of TCP/IP Services seem to have
large default values for this.  MultiNet and TCPware are reported to improve
transfers of large responses by increasing low default values.
See <a class="link blank" target="_blank" href="../install/#vmsserveraccount">VMS Server Account</a> in <a class="link blank" target="_blank" href="../install/#0.">WASD Install</a>.

<li class="item"> <span class="high bold">[SSI] <span class="high monosp">ENABLED&verbar;DISABLED</span></span>
<span class="high italic">(default: DISABLED)</span> 

<p> Enables or disables Server Side Includes (HTML pre-processing).

<li class="item"> <span class="high bold">[SSIaccesses] <span class="high monosp">ENABLED&verbar;DISABLED</span></span>
<span class="high italic">(default: DISABLED)</span> 

<p> Enables or disables Server Side Includes (HTML pre-processing) file access
counter.

<li class="item"> <span class="high bold">[SSIexec] <span class="high monosp">ENABLED&verbar;DISABLED</span></span>
<span class="high italic">(default: DISABLED)</span> 

<p> Enables or disables Server Side Includes (HTML pre-processing) DCL
execution functionality.

<li class="item"> <span class="high bold">[SSIsizeMax] <span class="high italic">integer</span></span>
<span class="high italic">(default: 0 (128kB))</span> 

<p> SSI source files a completely read into memory before processing.  This
allows the maximum size to be expanded beyond the default.

<li class="item"> <span class="high bold">[SSLcert] <span class="high italic">string</span></span>
<span class="high italic">(no default)</span> 

<div class="note center">
<a id="6.2.0.0.1" href="#"></a>
<a id="6.2.tlssslconfiguration" href="#"></a>
<a id="tlssslconfiguration" href="#"></a>
<h5 class="head center"><span class="text">TLS/SSL Configuration</span></h5>
<hr class="note_hr">
See
<a class="link blank" target="_blank" href="../features/#transportlayersecurity">Transport Layer Security</a> of
<a class="link blank" target="_blank" href="../features/#0.">WASD Features and Facilities</a>).
<br>Server command line /SSL= parameter equivalents override the [SSL..]
directives.
<hr class="note_hr">
</div>

<p> TLS/SSL server certificate file path.

<li class="item"> <span class="high bold">[SSLcipherList] <span class="high italic">string</span></span>
<span class="high italic">(no default)</span> 

<p> A colon-separated list (OpenSSL syntax) of TLS/SSL ciphers allowed to be
used by clients to connect to SSL services. The use of this parameter might
allow the selection of stronger ciphers to be forced to be used or the
connection not allowed to procede. 

<li class="item"> <span class="high bold">[SSLinstanceCacheMax] <span class="high italic">integer</span></span>
<span class="high italic">(no default)</span> 

<p> TLS/SSL multiple WASD instance, shared session cache.  Maximum number of
shared records.

<li class="item"> <span class="high bold">[SSLinstanceCacheSize] <span class="high italic">integer</span></span>
<span class="high italic">(no default)</span> 

<p> TLS/SSL multiple WASD instance, shared session cache.  Size in bytes of each
individual record.

<li class="item"> <span class="high bold">[SSLkey] <span class="high italic">string</span></span>
<span class="high italic">(no default)</span> 

<p> TLS/SSL server certificate private key file path.  The private key is
commonly enbedded into the certificate file.

<li class="item"> <span class="high bold">[SSLoptions] <span class="high italic">string</span></span>
<span class="high italic">(no default)</span> 

<p> Alphanumeric flags supported by WASD or hexadecimal value applied to the
SSL option of OpenSSL.

<li class="item"> <span class="high bold">[SSLsessionCacheMax] <span class="high italic">integer</span></span>
<span class="high italic">(no default)</span> 

<p> Single WASD instance, shared session cache.  Maximum number of records. 
Records are dynamically sized.

<li class="item"> <span class="high bold">[SSLsessionLifetime] <span class="high italic">hh:mm:ss</span></span>
<span class="high italic">(no default)</span> 

<p> The default maximum period for session reuse is five minutes. This may be
set  globally using the this directive or on a per-service basis using the
per-service equivalent [ServiceSSLsessionLifetime].

<li class="item"> <span class="high bold">[SSLstrictTransSec] <span class="high italic">hh:mm:ss</span></span>
<span class="high italic">(no default)</span> 

<p> When non-zero represents the number of seconds, or maximum age, of a
HSTS &quot;Strict-Transport-Security:&quot; response header field.  See
<a class="link blank" target="_blank" href="../features/#transportlayersecurity">Transport Layer Security</a> of
<a class="link blank" target="_blank" href="../features/#0.">WASD Features and Facilities</a>.
There is an equivalent per-service directive.

<li class="item"> <span class="high bold">[SSLverifyPeer] <span class="high monosp">ENABLED&verbar;DISABLED</span></span>
<span class="high italic">(default: DISABLED)</span>

<p> To access this service a client must provide a verified CA client
certificate.

<li class="item"> <span class="high bold">[SSLverifyPeerCAfile] <span class="high italic">string</span></span>
<span class="high italic">(default: none)</span> 

<p> Specifies the location of the collection of Certificate Authority (CA)
certificates used to verify a peer certificate (VMS file specification).

<li class="item"> <span class="high bold">[SSLverifyPeerDataMax] <span class="high italic">integer</span></span>
<span class="high italic">(default: 1024)</span>

<p> When a client certificate is requested for authentication via TLS/SSL
renegotiation this is the maximum kilobytes POST/PROPFIND/PUT data buffered
during the renegotiation.  There is an equivalent per-service directive.

<li class="item"> <span class="high bold">[SSLverifyPeerDepth] <span class="high italic">integer</span></span>
<span class="high italic">(default: 0)</span>

<p> Level through a certificate chain a client is verified to.

<li class="item"> <span class="high bold">[SSLversion] <span class="high italic">string</span></span>
<span class="high italic">(default: TLS family of protocols)</span> 

<p> The abbreviation for the TLS/SSL protocol version allowed to be used to
connect to an SSL service.  Using the directive a service may select prefered
protocols.

<li class="item"> <span class="high bold">[StreamLF] <span class="high italic">integer</span></span>
<span class="high italic">(default: 0 (disabled))</span> 

<p> Enables or disables automatic conversion of VARIABLE record format
documents (files) to STREAM-LF, which are much more efficient with this server.
The integer is the maximum size of a file in kilobytes that the server will
attempt to convert.  Zero disables any conversions.

<li class="item"> <span class="high bold">[StreamLFpaths] <span class="high italic">string</span></span>
<span class="high italic">(no default)</span> 

<p> <span class="high italic">(Retired in v5.3, mapping SET rule provides this now, see
<a class="link" href="#10.5.5.setrule">10.5.5 SET Rule</a>)</span>.

<li class="item"> <span class="high bold">[TimeoutHttp2idle] <span class="high italic">hh:mm:ss</span></span>
<span class="high italic">(default: 01:00:00)</span> 

<p> The maximum period of time before an idle HTTP/2 connection is issued with
a GOAWAY frame.  An idle HTTP/2 connection is one where it has not processed a
request.

<li class="item"> <span class="high bold">[TimeoutInput] <span class="high italic">hh:mm:ss</span></span>
<span class="high italic">(default: 00:01:00)</span> 

<p> Period allowing a connection request to be in progress without 
submitting a complete request header before terminating it. 

<li class="item"> <span class="high bold">[TimeoutPersistent] <span class="high italic">hh:mm:ss</span></span>
<span class="high italic">(default: 0)</span> 

<p> The period a persistent connection with the client is maintained after the
conclusion of a request.  Connection persistence improves the overall 
performance of the server by reducing the number of discrete TCP/IP connections
that need to be established.

<li class="item"> <span class="high bold">[TimeoutNoProgress] <span class="high italic">hh:mm:ss</span></span>
<span class="high italic">(default: 00:02:00)</span> 

<p> Period allowing request output to continue without any increase
in the number of bytes transfered.  This directive is targeted at identifying
and eliminating requests that have stalled.

<li class="item"> <span class="high bold">[TimeoutOutput] <span class="high italic">hh:mm:ss</span></span>
<span class="high italic">(default: 00:10:00)</span> 

<p> Period allowing a request to be output before terminating it. 
This directive sets an absolute maximum time a request can continue to receive
output.

<li class="item"> <span class="high bold">[WebDAV] <span class="high monosp">ENABLED&verbar;DISABLED</span></span>
<span class="high italic">(default: DISABLED)</span> 

<p> Enable WEBdav on a server-wide basis (see
<a class="link blank" target="_blank" href="../features/#webdav">WebDAV</a> of
<a class="link blank" target="_blank" href="../features/#0.">WASD Features and Facilities</a>).

<li class="item"> <span class="high bold">[WebDAVlocking] <span class="high monosp">ENABLED&verbar;DISABLED</span></span>
<span class="high italic">(default: DISABLED)</span> 

<p> Enable WebDAV locking.

<li class="item"> <span class="high bold">[WebDAVlockCollectionDepth] <span class="high italic">integer</span></span>
<span class="high italic">(default: 0)</span> 

<p> Ancestor directory locking depth.

<li class="item"> <span class="high bold">[WebDAVlockTimeoutDefault] <span class="high italic">ddd-hh:mm:ss</span></span>
<span class="high italic">(default: 01:00:00)</span> 

<p> Set default locking period.

<li class="item"> <span class="high bold">[WebDAVlockTimeoutMax] <span class="high italic">ddd-hh:mm:ss</span></span>
<span class="high italic">(default: 7-00:00:00)</span> 

<p> Maximum locking period.

<li class="item"> <span class="high bold">[WebDAVmetaDir] <span class="high italic">string</span></span>
<span class="high italic">(default: same as data file)</span> 

<p> Location of metadata files.

<li class="item"> <span class="high bold">[WebDAVquota] <span class="high monosp">ENABLED&verbar;DISABLED</span></span>
<span class="high italic">(default: DISABLED)</span> 

<p> Enable disk quota reporting.

<li class="item"> <span class="high bold">[Welcome] <span class="high italic">file.suffix</span></span>
<span class="high italic">(no default)</span> 

<p> Specifies the names and order in which a directory is checked for home page 
files.  If no home page is found a directory listing is generated.

<div class="blockof code">[Welcome]
index.html
index.htm
home.html
home.htm
</div>

<p> Dynamic home pages (script or interpreter engine driven, e.g. Perl, PHP)
may be deployed using a combination of the [Welcome] and [DclScriptRunTime]
directives.

<div class="blockof code">[Welcome]
index.html
index.htm
index.php
index.pl

[DclScriptRunTime]
.PHP &dollar;CGI-BIN:[000000]PHPWASD.EXE
.PL &dollar;CGI-BIN:[000000]PERLRTE
</div>

<li class="item"> <span class="high bold">[WWWimplied] <span class="high monosp">ENABLED&verbar;DISABLED</span></span>
<span class="high italic">(default: DISABLED)</span> 

<p> When enabled considers <span class="high italic">www.host.name</span> and <span class="high italic">host.name</span>
to be the same virtual service.  If a request being processed has a virtual
host of <span class="high italic">www.host.name</span> and the service matching, rule matching or
authentication matching process encounters a <span class="high italic">host.name</span> virtual
service it is considered match.  A request with a virtual host of
<span class="high italic">host.name</span> does not match a service of <span class="high italic">www.host.name</span>.

</ol>

<!-- source:0900_SERVICE.WASDOC -->
<hr class="page">
<a id="7." href="#"></a>
<a id="7.serviceconfiguration" href="#"></a>
<a id="serviceconfiguration" href="#"></a>
<h1 class="head"><span class="numb">7.</span><span class="text">Service Configuration</span></h1>

<div class="TOC2cols2">
<table class="TOC2table">
<tr><td><a href="#7.1.specificservices"><span class="numb">7.1</span><span class="text">Specific Services</span></a>
<tr><td><a href="#7.2.genericservices"><span class="numb">7.2</span><span class="text">Generic Services</span></a>
<tr><td><a href="#7.3.sslservices"><span class="numb">7.3</span><span class="text">SSL Services</span></a>
<tr><td><a href="#7.4.administrationservices"><span class="numb">7.4</span><span class="text">Administration Services</span></a>
<tr><td><a href="#7.5.ipv4andipv6"><span class="numb">7.5</span><span class="text">IPv4 and IPv6</span></a>
<tr><td><a href="#7.6.towwwornottowww"><span class="numb">7.6</span><span class="text">To www. Or Not To www.</span></a>
<tr><td><a href="#7.7.servicedirectives"><span class="numb">7.7</span><span class="text">Service Directives</span></a>
<tr><td><a href="#7.8.directivedetail"><span class="numb">7.8</span><span class="text">Directive Detail</span></a>
<tr><td><a href="#7.9.administration"><span class="numb">7.9</span><span class="text">Administration</span></a>
<tr><td><a href="#7.10.serviceexamples"><span class="numb">7.10</span><span class="text">Service Examples</span></a>
</table>
</div>

<table class="NAVtable NAVprint"><tr>
<td><a href="javascript:window.history.back();">&#8617;&#xFE0E;</a>
<td><a href="#6.">&#8598;&#xFE0E;</a>
<td><a href="#0.">&#8593;&#xFE0E;</a>
<td><a href="#8.">&#8600;&#xFE0E;</a>
<td><a href="javascript:window.history.forward();">&#8618;&#xFE0E;</a>
</table>

<p> By default, the logical name <span class="high bold">WASD_CONFIG_SERVICE</span> locates a common service
configuration file.  The service configuration file is optional.  If the
WASD_CONFIG_SERVICE logical is not defined or the file does not exist service
configuration is made using the WASD_CONFIG_GLOBAL [Service]
<span class="high bold"><span class="high italic">(deprecated)</span></span> directives.  For simple sites, those containing one or two
services, the use of a separate service configuration file is probably not
warranted.  Once the number begins to grow this file offers a specific
management interface for those services.

<p> Precedence of service specifications:

<ol class="list">
<li class="item"> /SERVICE= command line qualifier
<li class="item"> WASD_CONFIG_SERVICE configuration file (if logical defined and file
exists)
<li class="item"> WASD_CONFIG_GLOBAL [Service] directive <span class="high bold"><span class="high italic">(deprecated)</span></span>
</ol>

<p> WASD <span class="high italic">services</span> are also known as <span class="high italic">virtual servers</span> or <span class="high italic">virtual hosts</span>
and can provide multiple, autonomous sites from the one HTTP server.  Services
can each have an independent IP address or multiple virtual sites share a
single or set of multiple IP addresses.  Whichever the case, the host name
entered into the browser URL must able to be resolved to the IP address of an
interface configured on the HTTP server system.  There is no design limit to
the number of services that WASD can support.   It can listen on any number of
IP ports and for any number of virtual services for any given port.

<p> The server must be able to resolve its own host name/address.  It is not
unknown for completely new systems to have TCP/IP configuration overlooked. 
The server must also be able to resolve the IP addresses of any configured
virtual services (<a class="link" href="#2.3.virtualservices">2.3 Virtual Services</a>).  Failure to do so will result in
the service not being configured.  To avoid startup issues in the absence of a
usable DNS it is suggested that for fundamental, business-critical or otherwise
important services, static entries be provided in the system TCP/IP agent's
local database.

<p> Changes to the service configuration file can be validated at the
command-line before restart.  This detects and reports any syntactical and 
fatal configuration errors but of course cannot check the <span class="high italic">intent</span> of
the rules.

<div class="blockof code">&dollar; HTTPD /DO=SERVICE=CHECK
</div>

<a id="7.1" href="#"></a>
<a id="7.1.specificservices" href="#"></a>
<a id="specificservices" href="#"></a>
<h2 class="head"><span class="numb">7.1</span><span class="text">Specific Services</span></h2>

<p> In common with other configuration files, directives associated with a
specific virtual services are introduced using a double-bracket delimited host
specification (<a class="link" href="#2.3.virtualservices">2.3 Virtual Services</a>).  When configuring a service the
following three components specify the essential characteristics.

<ul class="list">

<li class="item"> <span class="high bold">scheme &ndash; </span> HTTP scheme (sometimes refered to as <span class="high italic">protocol</span>).  If
<span class="high italic">http:</span> (or omitted) it is a standard HTTP service.  If <span class="high italic">https:</span> an SSL
service is configured.

<li class="item"> <span class="high bold">host &ndash; </span> Host name or dotted-decimal address.  If omitted, or
specified as an asterisk (&quot;*&quot;), defaults to the system's IP host name.

<li class="item"> <span class="high bold">port &ndash; </span> IP port the service is offered on.  If omitted it defaults to
80 for an <span class="high italic">http:</span> service, and to 443 for an <span class="high italic">https:</span> (SSL) service.

</ul>

<p> These WASD_CONFIG_SERVICE examples illustrate the directive.

<div class="blockof code">[[http://alpha.example.com:80]]
[[http://alpha.example.com:8080]]
</div>

<a id="7.2" href="#"></a>
<a id="7.2.genericservices" href="#"></a>
<a id="genericservices" href="#"></a>
<h2 class="head"><span class="numb">7.2</span><span class="text">Generic Services</span></h2>

<p> A <span class="high italic">generic</span> service is one that specifies a scheme and/or port but no
specific host name.  This is useful in a cluster where multiple systems all
provide a basic service (e.g. a port 80 service).  If the host name is omitted
or specified as an asterisk the service substitutes the system's IP host name.

<div class="blockof code">[[http://*:80]]
[[http://*:8080]]
</div>

<a id="7.3" href="#"></a>
<a id="7.3.sslservices" href="#"></a>
<a id="sslservices" href="#"></a>
<h2 class="head"><span class="numb">7.3</span><span class="text">SSL Services</span></h2>

<p> See
<a class="link blank" target="_blank" href="../features/#transportlayersecurity">Transport Layer Security</a> of
<a class="link blank" target="_blank" href="../features/#0.">WASD Features and Facilities</a>.

<p> Multiple virtual SSL services (https:) sharing the same certificate can
essentially be configured against any host name (unique IP address or alias)
and/or port in the same way as standard services (http:).  Services requiring
unique certificates can only be configured for the same port number against
individual and unique IP addresses (i.e. not against aliases).  This is not a
WASD restriction, it applies to all servers for significant SSL technical
reasons.

<p> For example, unique certificates for https://www.company1.com:443/ and
https://www.company2.com:443/ can be configured only if COMPANY1 and COMPANY2
have unique IP addresses.  If COMPANY2 is an alias for COMPANY1 they must share
the same certificate.  During startup service configuration the server checks
for such conditions and issues a warning about &quot;sharing&quot; the service
with the first configured.

<div class="blockof code">[[https://alpha.example.com]]
[[https://*:443]]
</div>

<a id="7.4" href="#"></a>
<a id="7.4.administrationservices" href="#"></a>
<a id="administrationservices" href="#"></a>
<h2 class="head"><span class="numb">7.4</span><span class="text">Administration Services</span></h2>

<p> When multiple instances are configured Server Administration page access, in
common with all request processing, is automatically shared between those
instances.  There are occasions when consistent access to a single instance is
desirable.  The [ServiceAdmin] directive indicates that the service port number
should be used as a <span class="high under">base</span> port and all instances create their own service
with unique port for access to that instance alone. The first instance to
create an <span class="high italic">administration service</span> uses the specified port, or the next
successive if it's already in use, the next instance will use the next
available port number, and so on.  A high port number should be specified.  The
Server Administration page lists these services for all server instances in the
cluster.  This port configuration is not intended for general  request
activity, although with appropriate mapping and other configuration there is
nothing specifically precluding the use (remembering that the actual port in
use by any particular instance may vary across restarts).  In all other
respects the services can (and should) be  mapped, authorized and otherwise
configured as any other.

<div class="blockof code">[[https://alpha.example.com]]
[ServiceAdmin]  enabled
</div>

<a id="7.5" href="#"></a>
<a id="7.5.ipv4andipv6" href="#"></a>
<a id="ipv4andipv6" href="#"></a>
<h2 class="head"><span class="numb">7.5</span><span class="text">IPv4 and IPv6</span></h2>

<p> Both IP version 4 and 6 are concurrently supported by WASD.  All networking
functionality, service creation, SSL, proxy HTTP, proxy FTP and RFC1413
authorization is IPv6 enabled.  If system TCP/IP services do not support IPv6
the expected error would be

<div class="blockof code">%SYSTEM-F-PROTOCOL, network protocol error
</div>

during any attempted IPv6 service creation.  Of course IPv4 service creation
would continue as usual.

<p> Server configuration handles the standard dotted-decimal addresses of IPv4,
as well as &quot;normal&quot; and &quot;compressed&quot; forms of standard IPv6 literal addresses,
and a (somewhat) standard variation of these that substitutes hyphens for the
colons in these addresses to allow the colon-delimited port component of a
&quot;URL&quot; to be resolved.  Alteratively,  use the de facto standard method of
enclosing the IPv6 address within square brackets, followed by any port
component.

<a id="7.5.0.0.1" href="#"></a>
<a id="7.5.ipv6literaladdresses" href="#"></a>
<a id="ipv6literaladdresses" href="#"></a>
<h5 class="head"><span class="text">IPv6 Literal Addresses</span></h5>

<table class="tabl">
<tr class="tabr under">
<th class="tabh">Normal
<th class="tabh">Compressed
<tr class="tabr">
<tr class="tabr">
<td class="tabd">1070:0:0:0:0:800:200C:417B
<td class="tabd">1070::800:200C:417B
<tr class="tabr">
<td class="tabd">0:0:0:0:0:0:13.1.68.3
<td class="tabd">::13.1.68.3
<tr class="tabr">
<td class="tabd">0:0:0:0:0:FFFF:129.144.52.38
<td class="tabd">::FFFF:129.144.52.38
<tr class="tabr under">
<th class="tabh">hyphen-variants
<th class="tabh">
<tr class="tabr">
<tr class="tabr">
<td class="tabd">1070-0-0-0-0-800-200C-417B
<td class="tabd">1070--800-200C-417B
<tr class="tabr">
<td class="tabd">0-0-0-0-0-0-13.1.68.3
<td class="tabd">--13.1.68.3
<tr class="tabr">
<td class="tabd">0-0-0-0-0-FFFF-129.144.52.38
<td class="tabd">--FFFF-129.144.52.38
</table>

<p> In common with all virtual services, if a connection can be established with
the system and service port the server can respond to that request.  The first
example binds a service to accept IPv4 connections for any address, while the
second the same for IPv6 (and for IPv4 if the interface has IPv4
configuration).

<div class="blockof code">[[https://alpha.example.com:80]]
[ServiceBind]  0.0.0.0

[[https://alpha6.example.com:80]]
[ServiceBind]  ::0
</div>

<p> If a service needs to be bound to a specific IP address then that can be
specified  using the [ServiceBind] directive using any of the literal address
formats described above.

<div class="blockof code">[[http://alpha.example.com:80]]
[ServiceBind]  168.192.0.3

[[https://alpha6.example.com:80]]
[ServiceBind]  fe80::200:f8ff:fe24:1a22

[[https://[fe80::200:f8ff:fe24:1a22]:80]]
</div>

<a id="7.5.0.0.2" href="#"></a>
<a id="7.5.ipv6nameresolution" href="#"></a>
<a id="ipv6nameresolution" href="#"></a>
<h5 class="head"><span class="text">IPv6 Name Resolution</span></h5>

<p> TCP/IP Services for OpenVMS <span class="high italic">does not</span> provide an asynchronous name
resolution ACP call for IPv6 as it does for IPv4.  This means that dynamic name
resolution in IPv6 environments is (currently) an issue.  See the server code
module [SRC.HTTPD]TCPIP6.C for further detail and workarounds.  Let's hope this
significant deficiency in VMS' IPv6 support is addressed sooner than later!

<a id="7.6" href="#"></a>
<a id="7.6.towwwornottowww" href="#"></a>
<a id="towwwornottowww" href="#"></a>
<h2 class="head"><span class="numb">7.6</span><span class="text">To www. Or Not To www.</span></h2>

<p> In the twenty-first century the <span class="high italic">www.</span> prefix to Web services is largely
redundant.  Generally <span class="high italic">www.host.name</span> and <span class="high italic">host.name</span> are treated as
synonymous.  WASD conditionals often need to distinguish precisely on the
service name and in some cases this can mean a service for the <span class="high italic">www.host.name</span>
and the <span class="high italic">host.name</span>.

<p> The WASD global configuration directive
<div class="blockof code"># WASD_CONFIG_GLOBAL
[WWWimplied]  enabled
</div>
(by default, and for backward-compatibility reasons, disabled) results in the
server matching a request specifying  a leading <span class="high italic">www.</span> matching a virtual
service identical <span class="high under">except</span> for the <span class="high italic">www.</span>.  So for the configured service.
<div class="blockof code">[[http://the.host.name]]
</div>
a request to http://the.host.name/ (request header &quot;Host: the.host.name&quot;) or to
http://www.the.host.name/ (request header &quot;Host: www.the.host.name&quot;) will be
matched to it and allow conditionals, etc., to match to the one
&quot;the.host.name&quot;.

<a id="7.7" href="#"></a>
<a id="7.7.servicedirectives" href="#"></a>
<a id="servicedirectives" href="#"></a>
<h2 class="head"><span class="numb">7.7</span><span class="text">Service Directives</span></h2>

<p> Where a service directive has an equivalent configuration directive (e.g.
error report path) the service directive takes precedence.  This allows
specific virtual services to selectively override the generic configuration.

<table class="tabl" style="margin-top:-1em;">
<tr class="tabr">
<td class="tabd"><a id="7.7.0.0.1" href="#"></a>
<a id="7.7.servicedirectives" href="#"></a>
<a id="servicedirectives" href="#"></a>
<h5 class="head under"><span class="text">Service Directives</span></h5>
<tr class="tabr backlight">
<td class="tabd">[[virtual-service]]
<td class="tabd">scheme://host:port
<tr class="tabr">
<td class="tabd">[ServiceAdmin]
<td class="tabd">an <span class="high italic">instance</span> Server Administration page service
<tr class="tabr backlight">
<td class="tabd">[ServiceBind]
<td class="tabd">if different to host's
<tr class="tabr">
<td class="tabd">[ServiceBodyTag]
<td class="tabd">&lt;BODY&gt; tag for server reports., etc
<tr class="tabr backlight">
<td class="tabd">[ServiceClientSSLcert]
<td class="tabd">proxy SSL connect client certificate file
<tr class="tabr">
<td class="tabd">[ServiceClientSSLkey]
<td class="tabd">proxy SSL connect client private key file
<tr class="tabr backlight">
<td class="tabd">[ServiceClientSSLcipherList]
<td class="tabd">proxy SSL connect ciphers
<tr class="tabr">
<td class="tabd">[ServiceClientSSLverifyCA]
<td class="tabd">verify CA of proxied requests
<tr class="tabr backlight">
<td class="tabd">[ServiceClientSSLverifyCAfile]
<td class="tabd">location of proxy CA file
<tr class="tabr">
<td class="tabd">[ServiceClientSSLversion]
<td class="tabd">proxy SSL version to use
<tr class="tabr backlight">
<td class="tabd">[ServiceConnect]
<td class="tabd">respond to a connection on a port
<tr class="tabr">
<td class="tabd">[ServiceErrorReportPath]
<td class="tabd">path to script, SSI or &quot;flat&quot; error document
<tr class="tabr backlight">
<td class="tabd">[ServiceHttp2Protocol]
<td class="tabd">per-service HTTP/2 disabled
<tr class="tabr">
<td class="tabd">[ServiceLogFormat]
<td class="tabd">per-service access log format
<tr class="tabr backlight">
<td class="tabd">[ServiceNoLog]
<td class="tabd">suppress logging
<tr class="tabr">
<td class="tabd">[ServiceNonSSLRedirect]
<td class="tabd">redirect non-SSL on SSL service
<tr class="tabr backlight">
<td class="tabd">[ServiceProxy]
<td class="tabd">proxy service
<tr class="tabr">
<td class="tabd">[ServiceProxyAffinity]
<td class="tabd">make origin server &quot;sticky&quot;
<tr class="tabr backlight">
<td class="tabd">[ServiceProxyAuth]
<td class="tabd">require proxy authorization
<tr class="tabr">
<td class="tabd">[ServiceProxyCache]
<td class="tabd">proxy caching
<tr class="tabr backlight">
<td class="tabd">[ServiceProxyChain]
<td class="tabd">chained proxy service host
<tr class="tabr">
<td class="tabd">[ServiceProxyChainCred]
<td class="tabd">up-stream proxy service access credentials
<tr class="tabr backlight">
<td class="tabd">[ServiceProxySSL]
<td class="tabd">provide proxy of SSL (connect:)
<tr class="tabr">
<td class="tabd">[ServiceProxyTunnel]
<td class="tabd">enable tunneling of octets
<tr class="tabr backlight">
<td class="tabd">[ServiceRawSocket]
<td class="tabd">enable &quot;RawSocket&quot; scripting
<tr class="tabr">
<td class="tabd">[ServiceShareSSH]
<td class="tabd">share service with SSH
<tr class="tabr backlight">
<td class="tabd">[ServiceSSLcert]
<td class="tabd">SSL service certificate
<tr class="tabr">
<td class="tabd">[ServiceSSLcipherList]
<td class="tabd">list of accepted SSL ciphers
<tr class="tabr backlight">
<td class="tabd">[ServiceSSLkey]
<td class="tabd">SSL service private key
<tr class="tabr">
<td class="tabd">[ServiceSSLoptions]
<td class="tabd">SSL options
<tr class="tabr backlight">
<td class="tabd">[ServiceSSLsessionLifetime]
<td class="tabd">SSL session lifetime
<tr class="tabr">
<td class="tabd">[ServiceSSLstrictTransSec]
<td class="tabd">HSTS maxiumum age in seconds
<tr class="tabr backlight">
<td class="tabd">[ServiceSSLverifyPeer]
<td class="tabd">access only using verified peer certificate
<tr class="tabr">
<td class="tabd">[ServiceSSLverifyPeerCAfile]
<td class="tabd">location of CA file
<tr class="tabr backlight">
<td class="tabd">[SSLverifyPeerDataMax]
<td class="tabd">maximum kBytes of request data buffered during renegotiation
<tr class="tabr">
<td class="tabd">[ServiceSSLverifyPeerDepth]
<td class="tabd">depth of certificate chain
<tr class="tabr backlight">
<td class="tabd">[ServiceSSLversion]
<td class="tabd">SSL version to use
</table>

<p> Configuration keywords equivalent to many of these WASD_CONFIG_SERVICE
directives but usable against the deprecated WASD_CONFIG_GLOBAL [Service]
directive and the /SERVICE qualifier  are available for backward compatibility. 
See section <span class="high italic">Command Line Parameters</span> in source file [SRC.HTTPD]SERVICE.C for
a list of these keywords.

<a id="7.8" href="#"></a>
<a id="7.8.directivedetail" href="#"></a>
<a id="directivedetail" href="#"></a>
<h2 class="head"><span class="numb">7.8</span><span class="text">Directive Detail</span></h2>

<p> Some of these directives control the behaviour of proxy services.  Other
directive are Secure Sockets Layer (SSL) specific.

<ol class="list">

<li class="item"> <span class="high bold">[[virtual-service]]</span>
<span class="high italic">(default: <span class="high italic">none</span>)</span>

<p> Specifies the scheme, host name (or asterisk) and port of a service.

<li class="item"> <span class="high bold">[ServiceAdmin] <span class="high monosp">ENABLED&verbar;DISABLED</span></span>
<span class="high italic">(default: DISABLED)</span> 

<p> Marks the port as <span class="high italic">administration</span> service
(<a class="link" href="#7.4.administrationservices">7.4 Administration Services</a>).

<li class="item"> <span class="high bold">[ServiceBind] <span class="high italic">literal address</span></span>
<span class="high italic">(default: <span class="high italic">none</span>)</span> 

<p> If the system has a multi-homed network interface this binds the service to
the specific IP address and not to INADDR_ANY.  Generally this will not be
necessary.  The literal address may be in IPv4 dotted-decimal or IPv6
normal or compressed hexdecimal.

<li class="item"> <span class="high bold">[ServiceBodyTag]  <span class="high italic">string</span></span>
<span class="high italic">(default: &lt;BODY&gt;)</span>

<p> Specifies the HTML &lt;BODY&gt; tag for server error and other report pages.  This
allows some measure of site &quot;look-and-feel&quot; in page colour, background, etc. to
be maintained.

<li class="item"> <span class="high bold">[ServiceClientSSL] <span class="high monosp">ENABLED&verbar;DISABLED</span></span>
<span class="high italic">(default: DISABLED)</span> 

<p> Enables a proxy service to <span class="high italic">originate</span> HTTP-over-SSL requests.  This is
different to the CONNECT service enabled using [ServiceProxySSL].  It allows
requests to be gatewayed between standard HTTP and Secure Sockets Layer.

<div class="note center">
<a id="7.8.0.0.1" href="#"></a>
<a id="7.8.tlssslconfiguration" href="#"></a>
<a id="tlssslconfiguration" href="#"></a>
<h5 class="head center"><span class="text">TLS/SSL Configuration</span></h5>
<hr class="note_hr">
See
<a class="link blank" target="_blank" href="../features/#transportlayersecurity">Transport Layer Security</a> of
<a class="link blank" target="_blank" href="../features/#0.">WASD Features and Facilities</a>.
<hr class="note_hr">
</div>

<li class="item"> <span class="high bold">[ServiceClientSSLcert] <span class="high italic">string</span></span>
<span class="high italic">(default: none)</span> 

<p> Location of client certificate file if required to authenticate client
connection.

<li class="item"> <span class="high bold">[ServiceClientSSLcipherList] <span class="high italic">string</span></span>
<span class="high italic">(default: none)</span> 

<li class="item"> <span class="high bold">[ServiceClientSSLkey] <span class="high italic">string</span></span>
<span class="high italic">(default: none)</span> 

<p> Location of client private key file if required to authenticate client
connection.

<p> A comma-separated list of SSL ciphers to be used by the gateway to connect
to SSL services.  The use of this parameter might allow the selection of
stronger ciphers to be forced to be used or the connection not allowed to
procede.

<div class="note"><a id="7.8.0.0.1.1" href="#"></a>
<a id="7.8.note" href="#"></a>
<a id="note" href="#"></a>
<h5 class="head center"><span class="text">Note</span></h5>
<hr class="note_hr">

These <span class="high italic">ServiceClientSSL..</span> directives are used to control behaviour when
outgoing SSL connections are established (as with HTTP-to-SSL gatewaying). 
This should not be confused with verification of client certificates, which is
better refered to as peer verification.  See [ServiceSSLverifyPeer] and
[ServiceSSLverifyPeerCAfile] directives.
<hr class="note_hr">
</div>

<li class="item"> <span class="high bold">[ServiceClientSSLverifyCA] <span class="high monosp">ENABLED&verbar;DISABLED</span></span>
<span class="high italic">(default: DISABLED)</span> 

<p> Unless this directive is enabled the Certificate Authority (CA) used to
issue the service's certificate is not verified.  Requires that a CA file be
provided.  See note in [ServiceClientSSLcipherList] above.

<li class="item"> <span class="high bold">[ServiceClientSSLCaFile] <span class="high italic">string</span></span>
<span class="high italic">(default: none)</span> 

<p> Specifies the location of the collection of Certificate Authority (CA)
certificates used to verify the connected-to server's certificate (VMS file
specification).  See note in [ServiceClientSSLcipherList] above.

<li class="item"> <span class="high bold">[ServiceClientSSLversion] <span class="high italic">string</span></span>
<span class="high italic">(default: SSLV2/V3)</span> 

<p> The abbreviation for the SSL protocol version to be used to connect to the
SSL service.  See note in [ServiceClientSSLcipherList] above.

<li class="item"> <span class="high bold">[ServiceConnect] <span class="high italic">string</span></span>
<span class="high italic">(default: none)</span> 

<p> Request-on-connects do not wait for client data but immediately generate a
pseudo request for that service which can be detected and mapped for processing
by the server.

<p> See <a class="link" href="#7.10.serviceexamples">7.10 Service Examples</a>.

<li class="item"> <span class="high bold">[ServiceErrorReportPath] <span class="high italic">string</span></span>
<span class="high italic">(default: none)</span> 

<p> Specifies the <span class="high bold">URL-format path</span> to an optional, error reporting SSI
document or script (<a class="link" href="#2.10.errorreporting">2.10 Error Reporting</a>). This path can subsequently be
remapped during request processing.

<li class="item"> <span class="high bold">[ServiceHttp2Protocol]
<span class="high monosp">ENABLED&verbar;DISABLED</span></span>
<span class="high italic">(default: ENABLED)</span> 

<p> When HTTP/2 is enabled globally this allows an HTTP/1.<span class="high italic">n</span>-only
service to be defined.

<p> See
<a class="link blank" target="_blank" href="../features/#http2">HTTP/2</a> of
<a class="link blank" target="_blank" href="../features/#0.">WASD Features and Facilities</a>.

<li class="item"> <span class="high bold">[ServiceLogFormat] <span class="high italic">string</span></span>
<span class="high italic">(default: none)</span> 

<p> Per-service access log format.  See .

<li class="item"> <span class="high bold">[ServiceNoLog] <span class="high monosp">ENABLED&verbar;DISABLED</span></span>
<span class="high italic">(default: DISABLED)</span> 

<p> When request logging is enabled then by default all services are logged.
This directive allows logging to be suppressed for this service. 

<li class="item"> <span class="high bold">[ServiceNonSSLRedirect] <span class="high monosp">code][host-name&verbar;IP-address][:port]</span></span>
<span class="high italic">(default: none)</span> 

<p> The default behaviour when a non-SSL HTTP request is begun on an SSL service
is to return a 400 error and short message.  This directive instead  redirects
the client to the specified non-SSL service.  The parameter can be an optional
scheme (i.e. http:// or https://), optional full host name or IP address with
optional port, or only a colon-delimited port number which will redirect using
the current service name.  A single colon is the minimum parameter and
redirects to port 80 on the current service name. The default redirect code is
307 but this can be changed by providing a leading 301 or 302.

<li class="item"> <span class="high bold">[ServiceProxy] <span class="high monosp">ENABLED&verbar;DISABLED</span></span>
<span class="high italic">(default: DISABLED)</span> 

<p> Enables and disables proxy request processing for this service.

<li class="item"> <span class="high bold">[ServiceProxyAffinity] <span class="high monosp">ENABLED&verbar;DISABLED</span></span>
<span class="high italic">(default: DISABLED)</span>

<p> Uses cookies to allow the proxy server to make every effort to relay
successive requests from a given client to the same origin host.  This is also
known as client to origin affinity or proxy affinity capability.

<li class="item"> <span class="high bold">[ServiceProxyAuth] <span class="high monosp"><span class="high italic">none</span>
CHAIN&verbar;LOCAL&verbar;NONE&verbar;PROXY</span></span>
<span class="high italic">(default: none)</span> 

<p> Makes a proxy service require authorization before a client is allowed
access via it.
<span class="high monosp">CHAIN</span> allows an up-stream proxy server to request
authorization.
<span class="high monosp">LOCAL</span> enables standard server authorization.
<span class="high monosp">NONE</span> disables authorization (default).
<span class="high monosp">PROXY</span> enables HTTP proxy authorization.
authentication.

<li class="item"> <span class="high bold">[ServiceProxyCache] <span class="high monosp">ENABLED&verbar;DISABLED</span></span>
<span class="high italic">(default: DISABLED)</span>

<p> Enables and disables proxy caching for a proxy service.

<li class="item"> <span class="high bold">[ServiceProxyChain] <span class="high italic">string</span></span>
<span class="high italic">(default: none)</span> 

<p> Specifies the next proxy host if chained.

<li class="item"> <span class="high bold">[ServiceProxyChainCred] <span class="high italic">string</span></span>
<span class="high italic">(default: none)</span> 

<p> Credentials for the up-stream proxy server (BASIC authentication only); in
the format <span class="high italic">username:password</span>.

<li class="item"> <span class="high bold">[ServiceProxyTunnel] <span class="high monosp">CONNECT&verbar;FIREWALL&verbar;RAW</span></span>
<span class="high italic">(default: none)</span> 

<p> Transfers octets through the proxy server.
<span class="high monosp">FIREWALL</span> accepts a host and port specification before connecting. 
<span class="high monosp">CONNECT</span> is the traditional CONNECT protocol.
<span class="high monosp">RAW</span> connects to a configured host an port. 

<li class="item"> <span class="high bold">[ServiceProxySSL] <span class="high monosp">ENABLED&verbar;DISABLED</span></span>
<span class="high italic">(default: DISABLED)</span> 

<p> Specifies the service as providing proxying of SSL requests.  This is
sometimes refered as a &quot;CONNECT&quot; service.  This proxies &quot;https:&quot; requests
directly and is different to the HTTP-to-SSL proxying enabled using
[ServiceProxyHttpSSL].

<li class="item"> <span class="high bold">[ServiceRawSocket] <span class="high monosp">ENABLED&verbar;DISABLED</span></span>
<span class="high italic">(default: DISABLED)</span>

<p> Enable &quot;RawSocket&quot; processing on the service.  See the chapter on
WebSocket scripting in
<a class="link blank" target="_blank" href="../scripting/#websocket">WebSocket</a> in
<a class="link blank" target="_blank" href="../scripting/#0.">WASD Web Services - Scripting</a>

<li class="item"> <span class="high bold">[ServiceShareSSH] <span class="high italic">integer</span></span>
<span class="high italic">(default: 0 (disabled))</span> 

<p> Non-zero enables service sharing with an SSH server and sets the number of
seconds for input timeout.

<p> See
<a class="link blank" target="_blank" href="../features/#sharedsshtunnel">Shared SSH Tunnel</a> of
<a class="link blank" target="_blank" href="../features/#0.">WASD Features and Facilities</a>.

<li class="item"> <span class="high bold">[ServiceSSLcert] <span class="high italic">string</span></span>
<span class="high italic">(default: none)</span> 

<p> Specifies the location of the SSL certificates (VMS file specification).

<div class="note center">
<a id="7.8.0.0.2" href="#"></a>
<a id="7.8.tlssslconfiguration" href="#"></a>
<a id="tlssslconfiguration" href="#"></a>
<h5 class="head center"><span class="text">TLS/SSL Configuration</span></h5>
<hr class="note_hr">
See
<a class="link blank" target="_blank" href="../features/#transportlayersecurity">Transport Layer Security</a> of
<a class="link blank" target="_blank" href="../features/#0.">WASD Features and Facilities</a>.
<hr class="note_hr">
</div>

<li class="item"> <span class="high bold">[ServiceSSLcipherList] <span class="high italic">string</span></span>
<span class="high italic">(default: none)</span> 

<p> A colon-separated list (OpenSSL syntax) of TLS/SSL ciphers allowed to be
used by clients to connect to SSL services. The use of this parameter might
allow the selection of stronger ciphers to be forced to be used or the
connection not allowed to procede. 

<li class="item"> <span class="high bold">[ServiceSSLkey] <span class="high italic">string</span></span>
<span class="high italic">(default: none)</span> 

<p> Specifies the location of the SSL private key (VMS file specification).

<li class="item"> <span class="high bold">[ServiceSSLsessionLifetime] <span class="high italic">hh:mm:ss</span></span>
<span class="high italic">(no default)</span> 

<p> The default maximum period for session reuse is five minutes.  This is the
per-service equivalent of the global directive [SSLsessionLifetime].

<li class="item"> <span class="high bold">[ServiceSSLstrictTransSec] <span class="high italic">hh:mm:ss</span></span>
<span class="high italic">(no default)</span> 

<p> When non-zero represents the number of seconds, or maximum age, of a HSTS
&quot;Strict-Transport-Security:&quot; response header field.
See
<a class="link blank" target="_blank" href="../features/#transportlayersecurity">Transport Layer Security</a> of
<a class="link blank" target="_blank" href="../features/#0.">WASD Features and Facilities</a>.

There is an equivalent global directive.

<li class="item"> <span class="high bold">[ServiceSSLverifyPeer] <span class="high monosp">ENABLED&verbar;DISABLED</span></span>
<span class="high italic">(default: DISABLED)</span>

<p> To access this service a client must provide a verified CA client
certificate.

<li class="item"> <span class="high bold">[ServiceSSLverifyPeerCAfile] <span class="high italic">string</span></span>
<span class="high italic">(default: none)</span> 

<p> Specifies the location of the collection of Certificate Authority (CA)
certificates used to verify a peer certificate (VMS file specification).

<li class="item"> <span class="high bold">[ServiceSSLverifyPeerDataMax] <span class="high italic">integer</span></span>
<span class="high italic">(default: 1024)</span>

<p> When a client certificate is requested for authentication via TLS/SSL
renegotiation this is the maximum kilobytes POST/PROPFIND/PUT data buffered
during the renegotiation.  There is an equivalent global directive.

<li class="item"> <span class="high bold">[SSLverifyPeerDepth] <span class="high italic">integer</span></span>
<span class="high italic">(default: 0)</span>

<p> Level through a certificate chain a client is verified to.

<li class="item"> <span class="high bold">[ServiceSSLversion] <span class="high italic">string</span></span>
<span class="high italic">(default: TLS family of protocols)</span> 

<p> The abbreviation for the TLS/SSL protocol version allowed to be used to
connect to an SSL service.  Using the directive a service may select prefered
protocols.

</ol>

<a id="7.9" href="#"></a>
<a id="7.9.administration" href="#"></a>
<a id="administration" href="#"></a>
<h2 class="head"><span class="numb">7.9</span><span class="text">Administration</span></h2>

<p> A service configuration file can be maintained using a simple text editor
and WASD_CONFIG_SERVICE.

<p> Alternatively the Server Administration facility may be used When using this
interface for the first time ensure the WASD_CONFIG_SERVICE logical is
correctly defined.  If the file did not exist at server startup any services
will have been created from the WASD_CONFIG_GLOBAL [Service] directive.  These
will be displayed as the existing services and will be saved to the
configuration file the first time it is saved.  Changes to the service
configuration file require a server restart to put them into effect. 

<p> The [IncludeFile] is a directive common to all WASD configuration, allowing
a separate file to be included as a part of the current configuration
(<a class="link" href="#2.1.includefiledirective">2.1 Include File Directive</a>).

<p> Not all configuration directives may be shown depending on the type of
service.  For instance, unless a service is configured to provide proxy, only
the [ServiceProxy] directive is displayed.  To fully configure such a service
enable it as proxy, save the file, then reload it.  The additional directives
will now be available.

<p> There is always one empty service displayed each time the configuration
menu is generated.  This information may be changed appropriately and then
saved to add new services to the configuration (of course, these will not be
available until the server is restarted).  To configure multiple new services
add one at a time, saving each and reloading the file to provide a new blank
service.

<a id="7.10" href="#"></a>
<a id="7.10.serviceexamples" href="#"></a>
<a id="serviceexamples" href="#"></a>
<h2 class="head"><span class="numb">7.10</span><span class="text">Service Examples</span></h2>

<ol class="list">

<li class="item"> The following example shows three services being configured.  The first
is  standard HTTP on the default (and well-known) port 80.  The second is a
proxy service on port 8080.  This service provides both standard HTTP (with
response caching enabled), SSL (connect:) access and proxy authorization
required.  The third service is SSL, with a host-specific certificate and key.

<div class="blockof code">[[http://alpha.example.com:80]]

[[http://alpha.example.com:8080]]
[ServiceProxy]  enabled
[ServiceProxyAuth]  PROXY
[ServiceProxyCache]  enabled
[ServiceProxySSL]  enabled

[[https://alpha.example.com:443]]
[ServiceSSLcert] WASD_ROOT:[local]alpha.pem
</div>

<li class="item"> This example shows a generic service service being configured on the
well-known port 80.

<div class="blockof code">[[http://*:80]]
</div>

If a cluster of four systems, ALPHA, BETA, GAMMA and DELTA all use this
configuration each will have a service accessible via the following four URLs.

<div class="blockof code">http://alpha.example.com/
http://beta.example.com/
http://gamma.example.com/
http://delta.example.com/
</div>

<li class="item"> The following example show two services configured against specific IP
addresses.  The first is an IPv4 and the second a compressed IPv6.

<div class="blockof code">[[http://alpha.example.com:80]]
[ServiceBind]  168.192.0.3

[[https://alpha6.example.com:80]]
[ServiceBind]  fe80::200:f8ff:fe24:1a22
</div>

<li class="item"> An <span class="high italic">administration port</span> is a special configuration used to support the
Server Administration facility when multiple per-node instances are configured
See description above.

<div class="blockof code">[[https://alpha.example.com:44443]]
[ServiceAdmin]  enabled
[ServiceSSLcert] WASD_ROOT:[local]alpha.pem
[ServiceSSLkey] WASD_ROOT:[local]alpha.pem
</div>

<li class="item">

<p> A classic [ServiceConnect] use case is to generate a response when a port is
connected to.  In this example, a disabled telnet service.

<div class="blockof code"># WASD_CONFIG_SERVICE
[[http://*:23]]
[ServiceConnect] enabled
</div>

<div class="blockof code"># WASD_CONFIG_MAP
# TELNET port advisory
[[*:23]]
pass * /web/online/port23.txt response=var=crlf
</div>

<div class="blockof code">&dollar; TYPE WEB:[ONLINE]PORT23.TXT
************************************************

TELNET terminal access to the.host.name is unavailable!

Please use the instructions available at...
https://the.host.name/online/ssh

************************************************
</div>

<p> While the above example shows a simple <span class="high italic">pass</span> to a static file, the mapping
could just as simply been mapped to a script to provide a more dynamic
response.

<div class="blockof code"># WASD_CONFIG_MAP
# TELNET port advisory
[[*:23]]
map * /cgi-bin/port23
&hellip;
exec /cgi-bin/* /cgi-bin/*
</div>

</ol>

<!-- source:1000_MESSAGE.WASDOC -->
<hr class="page">
<a id="8." href="#"></a>
<a id="8.messageconfiguration" href="#"></a>
<a id="messageconfiguration" href="#"></a>
<h1 class="head"><span class="numb">8.</span><span class="text">Message Configuration</span></h1>

<table class="TOC2table">
<tr><td><a href="#8.1.behaviour"><span class="numb">8.1</span><span class="text">Behaviour</span></a>
<tr><td><a href="#8.2.messagefileformat"><span class="numb">8.2</span><span class="text">Message File Format</span></a>
<tr><td><a href="#8.3.multiplelanguagespecifications"><span class="numb">8.3</span><span class="text">Multiple Language Specifications</span></a>
<tr><td><a href="#8.4.suppliedmessagefiles"><span class="numb">8.4</span><span class="text">Supplied Message Files</span></a>
</table>
</div>

<table class="NAVtable NAVprint"><tr>
<td><a href="javascript:window.history.back();">&#8617;&#xFE0E;</a>
<td><a href="#7.">&#8598;&#xFE0E;</a>
<td><a href="#0.">&#8593;&#xFE0E;</a>
<td><a href="#9.">&#8600;&#xFE0E;</a>
<td><a href="javascript:window.history.forward();">&#8618;&#xFE0E;</a>
</table>

<p> By default, the logical name <span class="high bold">WASD_CONFIG_MSG</span> locates the global message
configuration file.  A text editor may be used to modify this configuration
file.  Changes require a server restart to put them into effect. 

<p> Message configuration is provided for two purposes.

<ol class="list">

<li class="item"> Some sites would prefer to customize or extend the basic information
provided to clients when an error or other event occurs.

<li class="item"> Sites that do not use English as a first language may wish to provide
some or all of the defined messages using a prefered language.

</ol>

<p> Not all messages provided by the WASD server are customizable, only those
generated for non-administrative content. As the WASD server can also report
using information derived from the standard VMS message service (via
<span class="high italic">sys&dollar;getmsg()</span>) it is assumed a language-local implementation of this is in
use as well. Unfortunately for the non-first-language-English Web and system
administrators, the menus and messages used for administration purposes, etc.,
are still only in English. The intent of this facility is to provide
non-administration clients only with a more familiar language environment.

<p> Also note that the message database only applies to messages generated by
the server, not to any generated by scripts, etc.

<p> Changes to the message configuration file can be validated at the
command-line before restart.  This detects and reports any syntactical and 
fatal configuration errors but of course cannot check the <span class="high italic">intent</span> of the
rules.

<div class="blockof code">&dollar; HTTPD /DO=MSG=CHECK
</div>

<a id="8.1" href="#"></a>
<a id="8.1.behaviour" href="#"></a>
<a id="behaviour" href="#"></a>
<h2 class="head"><span class="numb">8.1</span><span class="text">Behaviour</span></h2>

<p> When an error, or other message or string, needs to be provided for the
client the message database is accesssed using the following algorithm.

<ol class="list">

<li class="item"> If the client request has specified a list of prefered languages using
the &quot;Accept-Language:&quot; HTTP header field the message database is checked for
support of that/those languages. If one is found then that language is used to
access the message.

<li class="item"> If none is found, or the client has not specified a prefered language,
the client host address is checked against any list of hosts/domains provided
against the language (see below). If a match occurs the specified language is
used.

<li class="item"> If neither of the above results in a message language the base language
is used (the highest numbered language). This <span class="high bold">must</span> have a complete set of
messages or the server will not start!

</ol>

<a id="8.2" href="#"></a>
<a id="8.2.messagefileformat" href="#"></a>
<a id="messagefileformat" href="#"></a>
<h2 class="head"><span class="numb">8.2</span><span class="text">Message File Format</span></h2>

<p> By default, the system-table logical name WASD_CONFIG_MSG locates a common
message file, unless an individual message file is specified using a job-table
logical name. Simple editing of the message file changes the messages (after a
server restart, of course). Comment lines may be included by prefixing them
with the hash character (&quot;#&quot;), and lines continued by ensuring the last
character is a backslash (&quot;&#94;&quot;). The server will concurrently support an
additional 3 languages to the base English (although this can be increased by
recompilation <span class="high _smiley">

<div class="note center"><a id="8.2.0.0.0.1" href="#"></a>
<a id="8.2.note" href="#"></a>
<a id="note" href="#"></a>
<h5 class="head center"><span class="text">Note</span></h5>
<hr class="note_hr">

<span class="high bold">Care must be taken with the message file or the server may refuse to start!</span>
<br>Worst-case; the WASD_CONFIG_MSG.CONF message file may be copied from
[EXAMPLE].
<hr class="note_hr">
</div>

<p> As illustrated below the message file comprises a series of sections.
Directives enclosed by square-brackets provide information to the message
loader.

<div class="blockof code"># this is a comment

[version]   9.0
[language]  1  en

[general]

en 01 Sanity check failure.
en 02 String overflow.
en 03 Heap allocation failed.
en 04 calloc() failed
en 05 Request calloc() failed.
en 06 Server too busy.
en 07 Server access denied.
en 08 Facility is disabled.
en 09 Wildcard not permitted.
en 10 Directory layout problem.

[next-section, etc.]
</div>

<p> The square-bracketed section headings have the following functions.

<ul class="list">

<li class="item"> <span class="high bold">[version] &ndash; </span> Ensures the correct database version is available for
the server version attempting to use it. The message file always needs checking
for this version number being changed at server updates, although the version
may remain fixed at a previous server version number if there have been no
changes to the message database during subsequent server versions. This must be
the first directive in the file.

<li class="item"> <span class="high bold">[language] &ndash; </span> Creates space for assigning the new language's
messages. The number specifies an order within the languages, each must be
different, but only the lowest and highest (prefered and base respectively)
have operational significance. The highest number should always be English to
provide a fall-back message. A short string provides an identifier for the
language. This identifier should be the same as the identifying string in the
browser request &quot;Accept-Language:&quot; header field (e.g. &quot;en&quot;, &quot;se&quot;, &quot;de&quot;, &quot;fr&quot;,
etc.)  Multiple, comma-separated languages may be specified.  The first is the
primary language of that list and messages must be specified using that.  The
subsequent languages are equivalents that might be specified by the client.  A
wildcard may be used to match all possibilities (e.g. &quot;de,de-*&quot;, &quot;es,es-*&quot;). 
Following the language identifier  is an optional host/domain list. Multiple
hosts/domains may be specified by separating each with a comma. The
specifications may contain wildcards.  All the [language] directives should be
grouped at the start of the file immediately following the [version] directive.
A character set may be associated with a particular language by specifying a
<span class="high italic">charset=</span> following the language string (e.g. &quot;ru charset=koi8-r&quot;).  Setting
the language's ordering number to zero disables the language completely.  All
messages associated with it will then be ignored.

<li class="item"> <span class="high bold">[group-name] &ndash; </span> The messages are divided into groupings to make
them easier to manage.  Each group begins with the group name directive.

<li class="item"> <span class="high bold">en 01 message &ndash; </span> Each message in a group is assigned using using
this format.  The string identifying the language, then the message number (the
leading zero just improves the format, strictly it is not required), then the
actual message itself.  The message can be of arbitrary length.  Long messages
may be continued on following lines using the &quot;&#94;&quot; continuation character.

</ul>

<p> The base language (the highest numbered, which should always be English)
must have precisely the right number of messages required by the server, too
few or too many and the server will not start! <span class="high bold">Additional languages do not
have to reassign every message!</span> The base language will supply any not
assigned. A message number of zero is disabled and completely ignored.

<p> If messages contain HTML tags that markup must not interfere with the
general HTML page it is used within.

<p> Some messages are a composite of multiple strings each of which is used on a
different part of the one page (e.g. for the [upd] edit-page).  Each of the
strings is delimited by the vertical bar &quot;&verbar;&quot;.  Care must be taken when
customizing these strings that the overall number stays the same and that the
length of each does not become excessive.  Although it will not disrupt the
server it may significantly disrupt the page layout.

<p> All message numbers must be included.  To provide an empty string for any
one message (not recommended) provide the line with nothing following the
message number.

<a id="8.3" href="#"></a>
<a id="8.3.multiplelanguagespecifications" href="#"></a>
<a id="multiplelanguagespecifications" href="#"></a>
<h2 class="head"><span class="numb">8.3</span><span class="text">Multiple Language Specifications</span></h2>

<p> Multiple language messages can be specified in two ways:

<ul class="list">
<li class="item"> within the one file
<li class="item"> in multiple files specified by a multivalued logical name
</ul>

<a id="8.3.0.0.1" href="#"></a>
<a id="8.3.withintheonefile" href="#"></a>
<a id="withintheonefile" href="#"></a>
<h5 class="head"><span class="text">Within The One File</span></h5>

<p> Language availability is specified through the use of [Language] directives. 
These must be numbered from 1 to the count of those supplied.  The highest
numbered language must have the complete set of messages for this is the
fallback when obtaining any message (this would normally be &quot;en&quot;).  The
[Language] may be specified as a comma-separated list of equivalent or similar
specifications, which during request processing will be matched against a
client specified list of accepted-languages one at a time in specified order. 
A wildcard may be specified which matches all fitting the template.  In this
manner a single language can be used also to match minor variants or language
specification synonyms.

<div class="blockof code">[Version]  9.0
[Language]  1  es,es-ES
[Language]  2  de,de-*
[Language]  3  en

[auth]
es 01  Habla Espanol
de 01  Sprechen Sie Deutsches
en 01  Do you speak English
.
.
.(full set of messages)
</div>
In the above (rather contrived) example a client request with
<div class="blockof code">Accept-Language: es-ES,de;q=0.6,en;q=0.3
</div>
would have language 1 selected, a client with
<div class="blockof code">Accept-Language: de-ch,es;q=0.6,en;q=0.3
</div>
language 2 selected, with
<div class="blockof code">Accept-Language: pt-br,de;q=0.6,en;q=0.3
</div>
also language 2 selected, with
<div class="blockof code">Accept-Language: pt
</div>
language 3 (the default) selected, etc.

<p> Note that the messages for each language must use the *first* language
specification provided in the [Language] list.  In the example above all
messages for language 1 would be introduced using 'es', for language 2 with
'de' and for language 3 with 'en'.

<a id="8.3.0.0.2" href="#"></a>
<a id="8.3.multiplefilesmultivaluedlogicalname" href="#"></a>
<a id="multiplefilesmultivaluedlogicalname" href="#"></a>
<h5 class="head"><span class="text">Multiple Files - Multivalued Logical Name</span></h5>

<p> With this approach a logical name containing multiple file names is defined
(more commonly described as a logical search list).  The final file specified
must contain the full message set.  Files specified prior to this, can contain
as many or as few of the full set as is desired.  A [Language] number does not
need to be specified as they are processed in the order the logical name
specifies them in.  Other language file directives are required.

<p> The following is an example of a logical name providing the same three
languages in the examples above.

<div class="blockof code">&dollar; DEFINE /SYSTEM WASD_CONFIG_MSG WASD_ROOT:[LOCAL]WASD_CONFIG_MSG_ES.CONF, -
                           WASD_ROOT:[LOCAL]WASD_CONFIG_MSG_DE.CONF, -
                           WASD_ROOT:[LOCAL]WASD_CONFIG_MSG.CONF
</div>

<p> The file contents would be as follows (very contrived examples :-)

<div class="blockof code"># WASD_CONFIG_MSG_ES.CONF
[Version]  9.0
[Language]  0  es,es-ES
[auth]
es 01  Habla Espanol
es 02  Habla Inglesi
[dir]
es 03  Habla Espanol
es 04  Habla Inglesi

# WASD_CONFIG_MSG_DE.CONF
[Version]  9.0
[Language]  0  de,de-*
[auth]
de 01  Sprechen Sie Deutsches
de 02  Sprechen Sie Englisch
[dir]
de 03  Sprechen Sie Deutsches
de 04  Sprechen Sie Englisch

# WASD_CONFIG_MSG.CONF
[Version]  9.0
[Language]  0  en
[auth]
.
.
.(full set of messages)
</div>

<p> The <span class="high bold">major advantage</span> of maintaining multiple files in this way is there
is <span class="high bold">no need to merge files</span> when a new revision is required.  Just update the
version number and add any new required messages to the existing secondary
file.

<a id="8.4" href="#"></a>
<a id="8.4.suppliedmessagefiles" href="#"></a>
<a id="suppliedmessagefiles" href="#"></a>
<h2 class="head"><span class="numb">8.4</span><span class="text">Supplied Message Files</span></h2>

<p> Any non-English message files that are provided to the author will be
included for general use (please take the time to support this endeavour) in
the <a class="link blank" target="_blank" href="/wasd_root/example/WASD_CONFIG_msg*.conf">WASD_ROOT:[EXAMPLE]</a>
directory.

<p> Note that message files can become out-of-date as server versions change,
requiring modifications to the message database.  Check the version information
and/or comments at the top of candidate message files, however even slightly
dated files may serve as a good starting point for a locale-specific message
base.

</span>
<!-- source:1100_CACHE.WASDOC -->
<hr class="page">
<a id="9." href="#"></a>
<a id="9.cacheconfiguration" href="#"></a>
<a id="cacheconfiguration" href="#"></a>
<h1 class="head"><span class="numb">9.</span><span class="text">Cache Configuration</span></h1>

<div class="TOC2cols2">
<table class="TOC2table">
<tr><td><a href="#9.1.nonfilecontentcaching"><span class="numb">9.1</span><span class="text">Non-File Content Caching</span></a>
<tr><td><a href="#9.2.permanentandvolatile"><span class="numb">9.2</span><span class="text">Permanent and Volatile</span></a>
<tr><td><a href="#9.3.cachesuitabilityconsiderations"><span class="numb">9.3</span><span class="text">Cache Suitability Considerations</span></a>
<tr><td><a href="#9.4.cachecontentvalidation"><span class="numb">9.4</span><span class="text">Cache Content Validation</span></a>
<tr><td><a href="#9.5.cacheconfiguration"><span class="numb">9.5</span><span class="text">Cache Configuration</span></a>
<tr><td><a href="#9.6.cachecontrol"><span class="numb">9.6</span><span class="text">Cache Control</span></a>
<tr><td><a href="#9.7.circumventingthecache"><span class="numb">9.7</span><span class="text">Circumventing The Cache</span></a>
</table>
</div>

<table class="NAVtable NAVprint"><tr>
<td><a href="javascript:window.history.back();">&#8617;&#xFE0E;</a>
<td><a href="#8.">&#8598;&#xFE0E;</a>
<td><a href="#0.">&#8593;&#xFE0E;</a>
<td><a href="#10.">&#8600;&#xFE0E;</a>
<td><a href="javascript:window.history.forward();">&#8618;&#xFE0E;</a>
</table>

<p> WASD HTTPd provides an optional, configurable, monitorable file data and
revision time cache. File data, so that requests for documents can be fulfilled
without reference to the underlying file system, potentially reducing request
latency and more importantly improving overall server performance and system
impact, and file revision time, so that requests specifying an
&quot;If-Modified-Since:&quot; header can also benefit from the above.  Files are cached
using a hash derived from the VMS file-system path equivalent generated during
the mapping process (i.e. represents the file name) but before any actual RMS
activity.  WASD can also cache the content of responses from non-file sources. 
This can be useful for reducing the system impact of frequently accessed,
dynamically generated, but otherwise relatively static pages.  These sources
are cached using a hash derived from virtual service connected to and the
request URI.

<a id="9.0.0.0.1" href="#"></a>
<a id="9.whyimplementcaching" href="#"></a>
<a id="whyimplementcaching" href="#"></a>
<h5 class="head"><span class="text">Why Implement Caching?</span></h5>

<p> Caching, in concept, attempts to improve performance by keeping data in
storage that is faster to access than the usual location. The performance
improvement can be assessed in three basic ways; reduction of

<ul class="list list0">
<li class="item"> response when accessing the data (latency and transfer time)
<li class="item"> processing involved (CPU cycles)
<li class="item"> impact on the usual storage location (file system I/O)
</ul>

<p> This cache is provided to address all three. Where networks are
particularly responsive a reduction in request latency can often be noticeable.
It is also suggested a cache &quot;hit&quot; may consume less CPU cycles than the
equivalent access to the (notoriously expensive) VMS file system. Where
servers are particularly busy or where disk subsystems particularly loaded a
reduction in the need to access the file system can significantly improve
performance while simultaneously reducing the impact of the server on other
system activities.

<p> A comparison between cached and non-cached performance is provided in
in the &quot;Server Performance&quot; section.

<a id="9.0.0.0.2" href="#"></a>
<a id="9.terminology" href="#"></a>
<a id="terminology" href="#"></a>
<h5 class="head"><span class="text">Terminology</span></h5>

<table class="tabl">
<tr class="tabr under">
<th class="tabh">Term
<th class="tabh">Description
<tr class="tabr">
<tr class="tabr backlight">
<td class="tabd">hit
<td class="tabd">Refers to a request path being found in cache. If the data
is still valid the request can be supplied from cache.
<tr class="tabr">
<td class="tabd">flushing
<td class="tabd">Occurs when the cache becomes full, with older, less
frequently used cache entries being removed from the cache and replaced by
other files.
<tr class="tabr backlight">
<td class="tabd">loading
<td class="tabd">Refers to reading the contents of a file into cache memory.
<tr class="tabr">
<td class="tabd">permanent
<td class="tabd">These entries are loaded once and remain in the cache
until it is explicitly purged by the administrator or the the server is
restarted. They are not flushed or revalidated.
<tr class="tabr backlight">
<td class="tabd">revalidate
<td class="tabd">Compare the cache entrys size and modification
date-time to the file it represents in the file-system.  Obviously a difference
indicates the content has changed.
<tr class="tabr">
<td class="tabd">valid
<td class="tabd">The file from which the cached data was
originally read has not had its revision date changed (the implication being
the file contents have not changed).
<tr class="tabr backlight">
<td class="tabd">volatile
<td class="tabd">Entries have the original file periodically checked for
modification  and are reloaded if necessary.  They can also be flushed if
demand for space requires it.
</table>

<a id="9.1" href="#"></a>
<a id="9.1.nonfilecontentcaching" href="#"></a>
<a id="nonfilecontentcaching" href="#"></a>
<h2 class="head"><span class="numb">9.1</span><span class="text">Non-File Content Caching</span></h2>

<p> The WASD cache was originally provided to reduce file-system access (a
somewhat expensive activity under VMS).  With the expansion in the use of
dynamically generated page content (e.g. PHP, Perl, Python) there is an obvious
need to reduce the  system impact of some of these activities.  While many such
responses have content specific to the individual request a large number are
also generated as general site pages, perhaps with simple time or date
components, or other periodic information.  Non-file caching is intended for
this type of dynamic content.

<p> Revalidation of non-file content is fraught with a number of issues and so
is not provided.  Instead the cache entry is flushed on expiry of the
[CacheValidateSeconds], or as otherwise specified by path mapping, and the
request is serviced by the content source (script, PHP, Perl, etc.) with the
generated response being freshly cached. All of the considerations described in
<a class="link" href="#9.4.cachecontentvalidation">9.4 Cache Content Validation</a> apply equally to file and non-file content.

<a id="9.1.0.0.1" href="#"></a>
<a id="9.1.controllingnonfilecontentcaching" href="#"></a>
<a id="controllingnonfilecontentcaching" href="#"></a>
<h5 class="head"><span class="text">Controlling Non-File Content Caching</span></h5>
<p> Determining which non-file content is cached and which not, and how long
before flushing, is done using mapping rules (<a class="link" href="#10.5.5.setrule">10.5.5 SET Rule</a>).  The source of
non-file cache content is specified using one or a combination of the following
SET rules against general or specific paths.

<ul class="list simple list0">

<li class="item"> <span class="high bold">cache=[no]cgi </span> from Common Gateway Interface (CGI) script response
<li class="item"> <span class="high bold">cache=[no]file </span> from the file system (default and pre-8.4 cache behaviour)
<li class="item"> <span class="high bold">cache=[no]net </span> caches the full data stream irrespective of the source
<li class="item"> <span class="high bold">cache=[no]nph </span> full stream from Non-Parse Header (NPH) script response
<li class="item"> <span class="high bold">cache=[no]query </span> cache requests with query strings (<span class="high bold">use with care</span>)
<li class="item"> <span class="high bold">cache=[no]script </span> both CGI and NPH script responses
<li class="item"> <span class="high bold">cache=[no]ssi </span> from Server-Side Includes (SSI) documents
</ul>

<p> A good understanding of site requirements and dynamic content sources, 
along with considerable care in specifying cache path SETings, is required to
cache dynamic content effectively.  It is especially important to get the
content revalidation period appropriate to the content of the pages.  This is
specified using the following path SETings.

<ul class="list simple list0">
<li class="item"> <span class="high bold">cache=expires=0 </span> cancels any expiry
<li class="item"> <span class="high bold">cache=expires=DAY </span> expires when the day changes
<li class="item"> <span class="high bold">cache=expires=HOUR </span> when the clock hour changes
<li class="item"> <span class="high bold">cache=expires=MINUTE </span> when the clock minute changes
<li class="item"> <span class="high bold">cache=expires=&lt;hh:mm:ss&gt; </span> expires after the specified period in the cache
</ul>

<p> For example.  To cache the content of PHP-generated home pages that
contain a  time-of-day clock, resolving down to the minute, would require a
mapping rule similar to the following.

<div class="blockof code">set /**/index.php cache=cgi cache=expires=minute
</div>

<a id="9.2" href="#"></a>
<a id="9.2.permanentandvolatile" href="#"></a>
<a id="permanentandvolatile" href="#"></a>
<h2 class="head"><span class="numb">9.2</span><span class="text">Permanent and Volatile</span></h2>

<p> The WASD file cache provides for some resources to be permanently cached
while others are allowed to be moved into and out of the cache according to
demand.  Most sites have at least some files that are fundamental components of
the site's pages, are rarely modified, commonly accessed, and therefore should
be permanently available from cache.  Other files are modified on a regular or
ad hoc basis and may experience fluctuations in demand.  These more volatile
resources should be cached based on current demand.

<p> Volatile caching is the default with the site administrator using mapping
rules to indicate to the server which resources on which paths should be
permanently cached (<a class="link" href="#9.cacheconfiguration">9. Cache Configuration</a>).

<p> Although permanent and volatile entries share the same cache structure and
are therefore subject to the configuration's maximum number of cache entries,
the memory used store the cached file data is derived from separate pools.  The
total size of all volatile entries data is constrained by configuration.  In
contrast there is no configuration limit placed on the quantity of data that
can be cached by permanent entries.  One of the purposes of the permanent
aspect of the cache is to allow the site administrator considerable discretion
in the configuration of the site's low-latency resources, no matter how large
or small that might be.  Of course there is the ultimate constraint of server
process and system virtual memory limits on this activity.  It should also be
kept in mind that unless sufficient physical memory is available to keep such
cached content in-memory the site may only end up trading file-system I/O for
page file I/O.

<a id="9.3" href="#"></a>
<a id="9.3.cachesuitabilityconsiderations" href="#"></a>
<a id="cachesuitabilityconsiderations" href="#"></a>
<h2 class="head"><span class="numb">9.3</span><span class="text">Cache Suitability Considerations</span></h2>

<p> A cache is not always of benefit!  the cost may outweigh the return.

<p> Any cache's efficiencies can only occur where subsets of data are
consistently being demanded. Although these subsets may change slowly over time
a consistent and rapidly changing aggregate of requests lose the benefit of
more readily accessible data to the overhead of cache management, due to the
constant and continuous flushing and reloading of cache data. This server's
cache is no different, it will only improve performance if the site experiences
some consistency in the files requested. For sites that have only a small
percentage of files being repeatedly requested it is probably better that the
cache be disabled.  The other major consideration is available system memory.
On a system where memory demand is high there is little value in having cache
memory sitting in page space, trading disk I/O and latency for paging I/O and
latency.  On memory-challenged systems cache is probably best disabled.

<p> To help assessment of the cache's efficiency for any given site monitor the
Server Administration facility's cache report.

<p> Two sets of data provide complementary information, cache activity and
file request profile.

<ul class="list">

<li class="item"> <span class="high bold">Activity Data</span>

<p> This summarizes the cache search behaviour, in particular that of the hash
table.

<p> The &quot;searched&quot; item, indicates the number of times the cache has
been searched. Most importantly, this may include paths that can never be
cached because they represent non-file requests (e.g. directory listings).
Requests involving scripts, and some others, never attempt a cache search.

<p> The &quot;hit&quot; item, indicates the number of times the hash table
directly provided a cached path.  This is very efficient.

<p> The &quot;miss&quot; item, indicates the number of times the hash table
directly indicated a path was not cached.  This is decisive and is also very
efficient.

<p> The &quot;collision&quot; item, indicates the number of times multiple paths
resolved to the same hash table entry. Collisions require further processing
and are far less efficient. The sub-items, &quot;collision hits&quot; and
&quot;collision misses&quot; indicate the number of times that further processing
resulted in a found or not-found cache item.

<p> A large number of cache misses compared to searches may only indicate a
large number of non-cacheable requests and so depending on that further datum
is not of great concern. A large proportion of collisions (say greater than
12.5%) is however, indicating either the hash table size needs increasing
(1024 should be considered a minimum) or the hashing algorithm in the software
need reviewing :-)

<li class="item"> <span class="high bold">Files Data</span>

<p> This summarizes the site's file request profile.

<p> With the &quot;loads not hit&quot; item, the count represents the cumulative
number of files loaded but never subsequently hit. If this percentage is high
it means most files loaded are never hit, indicating the site's request
profile is possibly unsuitable for caching.

<p> The item &quot;hits&quot; respresents the cumulative, total number of hits
against the cumulative, total number of loads. The percentage here can range
from zero to many thousands of percent :-) with less than 100% indicating poor
cache performance and from 200% upwards better and good performance. The items
&quot;1-9&quot;, &quot;10-99&quot; and &quot;100+&quot; show the count and percentage
of total hits that occured when a given entry had experienced hits within that
range (e.g. if an entry has had 8 previous hits, the ninth increments the
&quot;1-9&quot; item whereas the tenth and eleventh increments the &quot;10-99&quot;
item, etc.)

<p> Other considerations also apply when assessing the benefit of having a
cache. For example, a high number and percentage of hits can be generated
while the percentage of &quot;loads not hit&quot; could be in the also be very
high. The explanation for this would be one or two frequently requested files
being hit while most others are loaded, never hit, and flushed as other files
request cache space. In situations such as this it is difficult to judge
whether cache processing is improving performance or just adding overhead.

</ul>

<a id="9.4" href="#"></a>
<a id="9.4.cachecontentvalidation" href="#"></a>
<a id="cachecontentvalidation" href="#"></a>
<h2 class="head"><span class="numb">9.4</span><span class="text">Cache Content Validation</span></h2>

<p> The cache will automatically revalidate the volatile entry file data after a
specified  number of seconds ([CacheValidateSeconds] configuration parameter),
by comparing the original file revision time to the current revision time.  If
different the file contents have changed and the cache contents declared
invalid.  If found invalid the file transfer then continues outside of the
cache with the new contents being concurrently reloaded into the cache. 
Permanent entries are not subject to revalidation and the associated reloading.

<p> Cache validation is also always performed if the request uses
&quot;Cache-Control:&quot; with <span class="high italic">no-cache</span>, <span class="high italic">no-store</span> or <span class="high italic">max-age=0</span> attributes
(HTTP/1.1 directive), or if a &quot;Pragma: no-cache&quot; field (HTTP/1.0 directive). 
These request directives are often associated with a browser agent <span class="high italic">reload
page</span> function. Hence there is no need for any explicit flushing of the cache
under normal operation. If a document does not immediately reflect any changes
made to it (i.e. validation time has not been reached) validation (and
consequent reload) can be &quot;forced&quot; with a browser reload.  Permanent entries
are also not subject to this source of revalidation.  The configuration
directive [CacheGuardPeriod] limits this form of revalidation when used within
the specified period since last revalidated.  It has a default value of fifteen
seconds.

<p> If a site's contents are relatively static the validation seconds could be
set to an extended period (say 3600 seconds, one hour) and then rely on an
explicit &quot;reload&quot; to force validation of a changed file.

<p> The entire cache may be purged of cached data, both volatile and permanent
entries, either from the Server Administration facility or using command line
server control.

<div class="blockof code">&dollar; HTTPD /DO=CACHE=PURGE
</div>

<a id="9.5" href="#"></a>
<a id="9.5.cacheconfiguration" href="#"></a>
<a id="cacheconfiguration" href="#"></a>
<h2 class="head"><span class="numb">9.5</span><span class="text">Cache Configuration</span></h2>

<p> The cache is controlled using WASD_CONFIG_GLOBAL configuration file and WASD_CONFIG_MAP
mapping file directives.  A number of parameters control the basics of cache
behaviour.

<ul class="list">

<li class="item"> <span class="high bold">[Cache] &ndash; </span>
Enables and disables caching.

<li class="item"> <span class="high bold">[CacheEntriesMax]</span>
and <span class="high bold">[CacheTotalKBytesMax] &ndash; </span>
Provide growth limits to cache expansion.  Maximum entries limits the number of
files loaded into the cache before entries begin to be reused (flushing the
original contents).  Maximum total kilobytes allocated to the cache provides a
ceiling on the memory consumed. These parameters operate to limit each other
(i.e. if one reaches its limit before the other, the other will not grow
further either).

<li class="item"> <span class="high bold">[CacheFileKBytesMax] &ndash; </span>
Provides a limit on file size (in kilobytes).  Files larger than the specified
limit will not be cached.  This may be overridden on a per-path basis using the
<span class="high italic">set cache=max=&lt;integer&gt;</span> mapping rule (see below).

<li class="item"> <span class="high bold">[CacheFrequentHits]</span> and
<span class="high bold">[CacheFrequentSeconds] &ndash; </span>
Attempt to reduce unproductive reuse of cache entries by providing the cache
with some indication of what constitutes a frequently hit entry. If it is
frequently hit then it should not be immediately reused when there is a demand
for cache space. The first parameter sets the number of hits an entry must
sustain before being a candidate for <span class="high italic">CacheFrequentSeconds</span> assessment. If a
file has been hit at least <span class="high italic">CacheFrequentHits</span> times in total and the last hit
was within the number of seconds set by <span class="high italic">CacheFrequentSeconds</span> it will not be
flushed and reused. If it has not been hit within the specified period it will
be reused.

<li class="item"> <span class="high bold">[CacheGuardPeriod] &ndash; </span>
Prevents browser initiated content revalidation described above
(<a class="link" href="#9.4.cachecontentvalidation">9.4 Cache Content Validation</a>).  It is provided to help limit unnecessary
file-system activity.  The default is fifteen seconds.

<li class="item"> <span class="high bold">[CacheEntriesMax] &ndash; </span> <span class="high italic">(obsolete)</span>

<li class="item"> <span class="high bold">[CacheValidateSeconds] &ndash; </span>
The interval after which a cache entry's original, content revision time is
revalidated against the file's current revision time.  If not the same the
contents are declared invalid and reloaded.  Setting this to a greater period
reduces disk I/O but revised files may not be obvious within an acceptable
timer unless a revalidation is forced with a <span class="high italic">reload</span>.  Permanent entries are
not subject to validation.

</ul>

<a id="9.5.0.0.1" href="#"></a>
<a id="9.5.mappingrules" href="#"></a>
<a id="mappingrules" href="#"></a>
<h5 class="head"><span class="text">Mapping Rules</span></h5>

<p> Mapping rules (<a class="link" href="#10.5.5.setrule">10.5.5 SET Rule</a>) allow further tailoring of cache behaviour
based on request (file) path.  Those files that should be made permanent
entries are indicated using the <span class="high italic">cache=perm</span> directive.  In the following
example all files in the WASD runtime directories (directory icons, help files,
etc.) are made permanent cache entries at the same time the path is mapped.

<div class="blockof code">pass /*/-/* /wasd_root/runtime/*/* cache=perm
</div>

<p> Of course, specified file types as well as specific paths can be mapped in
this way.  Here all files in the site's /help/ path are made permanent
entries except those having a .PS type (PostScript documents).

<div class="blockof code">set /help/* cache=perm
set /help/*.ps cache=noperm
</div>

<p> The configuration directive [CacheFileKBytesMax] puts a limit on individual
file size.  Those exceeding that limit are considered too large and not cached. 
It is possible to override this general constraint by specifying a maximum size
(in kilobytes) on a per-path basis.

<div class="blockof code">set /help/examples*.jpg cache=max=128
set /cai/*.mpg cache=max=2048 cache=perm
</div>

<p> Caching may be disabled and/or enabled for specified paths and subpaths.

<div class="blockof code">set /web/* cache=none
set /web/icons/* cache
</div>

<a id="9.6" href="#"></a>
<a id="9.6.cachecontrol" href="#"></a>
<a id="cachecontrol" href="#"></a>
<h2 class="head"><span class="numb">9.6</span><span class="text">Cache Control</span></h2>

<p> The cache may be enabled, disabled and purged from the Server
Administration facility. In addition the same control may be exercised from the
command-line using 

<div class="blockof code">&dollar; HTTPD /DO=CACHE=ON
&dollar; HTTPD /DO=CACHE=OFF
&dollar; HTTPD /DO=CACHE=PURGE
</div>

<p> If cache parameters are altered in the configuration file the server must
be restarted to put these into effect.  Disabling the cache on an ad hoc basis
(from menu or command line) does not alter the contents in any way so it can
merely be reenabled with use of the cache's previous contents resuming.  In
this way comparisions between the two environments may more easily be made.

<a id="9.7" href="#"></a>
<a id="9.7.circumventingthecache" href="#"></a>
<a id="circumventingthecache" href="#"></a>
<h2 class="head"><span class="numb">9.7</span><span class="text">Circumventing The Cache</span></h2>

<p> There are often good reasons for bypassing or avoiding the cache.  For
instance, where a document is being refreshed within the cache revalidation
period specified by [CacheValidateSeconds] (<a class="link" href="#9.4.cachecontentvalidation">9.4 Cache Content Validation</a>). 
There are two mechanisms available for  bypassing or invalidating the file
cache.

<ol class="list">

<li class="item"> This directs the server to always get the file from the file-system.
<div class="blockof code">SET /path/not/to/cache/* cache=none
</div>

<li class="item"> Specify a version component when requesting the file.  WASD never caches a
file if the request contains a version component.  It does not need to be a
full version number, a semi-colon is sufficient.  For example:
<div class="blockof code">/wasd_root/robots.txt;
</div>

</ol>

<!-- source:1200_PROCESSING.WASDOC -->
<hr class="page">
<a id="10." href="#"></a>
<a id="10.requestprocessingconfiguration" href="#"></a>
<a id="requestprocessingconfiguration" href="#"></a>
<h1 class="head"><span class="numb">10.</span><span class="text">Request Processing Configuration</span></h1>

<div class="TOC2cols2">
<table class="TOC2table">
<tr><td><a href="#10.1.ruleinterpretation"><span class="numb">10.1</span><span class="text">Rule Interpretation</span></a>
<tr><td><a href="#10.2.vmsfilesystemspecifications"><span class="numb">10.2</span><span class="text">VMS File System Specifications</span></a>
<tr><td><a href="#10.3.traditionalfilespecificationsods2"><span class="numb">10.3</span><span class="text">Traditional File Specifications (ODS-2)</span></a>
<tr><td><a href="#10.4.extendedfilespecificationsods5"><span class="numb">10.4</span><span class="text">Extended File Specifications (ODS-5)</span></a>
<tr><td><a href="#10.4.1.charactersinrequestpaths"><span class="numb">10.4.1</span><span class="text">Characters In Request Paths</span></a>
<tr><td><a href="#10.4.2.filenameambiguity"><span class="numb">10.4.2</span><span class="text">File Name Ambiguity</span></a>
<tr><td><a href="#10.4.3.charactersinservergeneratedpaths"><span class="numb">10.4.3</span><span class="text">Characters In Server-Generated Paths</span></a>
<tr><td><a href="#10.5.rules"><span class="numb">10.5</span><span class="text">Rules</span></a>
<tr><td><a href="#10.5.1.mappassfailrules"><span class="numb">10.5.1</span><span class="text">MAP, PASS, FAIL Rules</span></a>
<tr><td><a href="#10.5.2.redirectrule"><span class="numb">10.5.2</span><span class="text">REDIRECT Rule</span></a>
<tr><td><a href="#10.5.3.userrule"><span class="numb">10.5.3</span><span class="text">USER Rule</span></a>
<tr><td><a href="#10.5.4.execuxecandscriptscriptmappingrules"><span class="numb">10.5.4</span><span class="text">EXEC/UXEC and SCRIPT, Script Mapping Rules</span></a>
<tr><td><a href="#10.5.5.setrule"><span class="numb">10.5.5</span><span class="text">SET Rule</span></a>
<tr><td><a href="#10.6.reversemapping"><span class="numb">10.6</span><span class="text">Reverse Mapping</span></a>
<tr><td><a href="#10.7.mappingexamples"><span class="numb">10.7</span><span class="text">Mapping Examples</span></a>
<tr><td><a href="#10.8.virtualservers"><span class="numb">10.8</span><span class="text">Virtual Servers</span></a>
<tr><td><a href="#10.9.conditionalmapping"><span class="numb">10.9</span><span class="text">Conditional Mapping</span></a>
<tr><td><a href="#10.10.mappinguserdirectoriestildecharacterquotquot"><span class="numb">10.10</span><span class="text">Mapping User Directories (tilde character (&quot;~&quot;))</span></a>
<tr><td><a href="#10.10.1.usingthesysuaf"><span class="numb">10.10.1</span><span class="text">Using The SYSUAF</span></a>
<tr><td><a href="#10.10.2.withoutusingthesysuaf"><span class="numb">10.10.2</span><span class="text">Without Using The SYSUAF</span></a>
<tr><td><a href="#10.11.crossoriginresourcesharing"><span class="numb">10.11</span><span class="text">Cross Origin Resource Sharing</span></a>
</table>
</div>

<table class="NAVtable NAVprint"><tr>
<td><a href="javascript:window.history.back();">&#8617;&#xFE0E;</a>
<td><a href="#9.">&#8598;&#xFE0E;</a>
<td><a href="#0.">&#8593;&#xFE0E;</a>
<td><a href="#11.">&#8600;&#xFE0E;</a>
<td><a href="javascript:window.history.forward();">&#8618;&#xFE0E;</a>
</table>

<p> By default, the logical name <span class="high bold">WASD_CONFIG_MAP</span> locates a common mapping
rule file.  Simple editing of the mapping file and reloading into the running
server changes the processing rules.  The [IncludeFile] is a directive common
to all WASD configuration, allowing a separate file to be included as a part of
the current configuration (<a class="link" href="#2.1.includefiledirective">2.1 Include File Directive</a>).

<p> Mapping rules are used for a number of different request processing
purposes.

<ol class="list">

<li class="item"> To map a request <span class="high italic">path</span> onto the VMS file system.  That is, to
map from web-space into file-space.

<li class="item"> To map from file-space back into web-space.  There is often not a
one-to-one correspondance between file specifcations and web paths.

<li class="item"> To process a request path according to specified criteria resulting in an
effective path that is different to that supplied with the request.

<li class="item"> To identify requests requiring script activation and to parse the script
from the path portion of that request.  The path portion is then independently
re-mapped.

<li class="item"> To conditionally map to different end-results based on one or more
criteria of the request or environment.

<li class="item"> To provide differing virtual sites depending on the actual service
accessed by the client.

</ol>

<p> Mapping is basically for server-internal purposes only. The only time the
path information of the request itself is modified is when a script component
is removed. At all other times the path information remains unchanged.  Path
authorization is always applied to the path supplied with the request.

<p> Rules are given a basic consistency check when loaded (i.e. server
startup, map reload, etc.) If there is an obvious problem (unknown rule,
missing component, etc., path not absolute) a warning message is generated and
the rule is not loaded into the database. This will not cause the server
startup to fail. These warning messages may be found in the server process
log. 

<p> Changes to the mapping configuration file can be validated at the
command-line before reload or restart.  This detects and reports any
syntactical and fatal configuration errors but of course cannot check the
<span class="high italic">intent</span> of the rules.

<div class="blockof code">&dollar; HTTPD /DO=MAP=CHECK
</div>

<p> A server's currently loaded mapping rules may also be interrogated from the
Server Administration menu (see
<a class="link blank" target="_blank" href="../features/#serveradministration">Server Administration</a> of
<a class="link blank" target="_blank" href="../features/#0.">WASD Features and Facilities</a>).

<a id="10.1" href="#"></a>
<a id="10.1.ruleinterpretation" href="#"></a>
<a id="ruleinterpretation" href="#"></a>
<h2 class="head"><span class="numb">10.1</span><span class="text">Rule Interpretation</span></h2>

<p> The rules are scanned from first towards last, until a matching final rule 
is encountered (PASS, EXEC, SCRIPT, FAIL, REDIRECT, UXEC and USER) when the
mapping pass concludes.  Non-final rules (MAP and SET) perform the appropriate
action and continue to the next rule.  One, two or more passes through the
rules may occur due to implicit processing (if the path contains a script
component) or by explicit restart (SET <span class="high italic">map=restart</span>).

<a id="10.1.0.0.1" href="#"></a>
<a id="10.1.stringmatching" href="#"></a>
<a id="stringmatching" href="#"></a>
<h5 class="head"><span class="text">String Matching</span></h5>

<p> The basis of path mapping is string pattern matching, comparing the request
specified path, and optionally other components of the request when using
configuration conditionals (<a class="link" href="#5.conditionalconfiguration">5. Conditional Configuration</a>), to a series of
patterns, usually until one of the patterns matches, at which stage some
processing is performed.  Both wildcard and regular expression based pattern
matching is available. All rules have a <span class="high italic">template</span> (string pattern to match
against the path).  Some rules have a <span class="high italic">result</span> (how to restructure the
components matching from the template).

<ul class="list">

<li class="item"> The <span class="high bold">template</span> may contain one or more asterisk (&quot;*&quot;) wildcard symbols,
or a regular expression with optional grouping operators.  This is pattern
matched against the request path (<a class="link" href="#4.stringmatching">4. String Matching</a>).  If neither is
present then the path must match the <span class="high italic">template</span> exactly. 

<li class="item"> The <span class="high bold">result</span> may contain one or more asterisk (&quot;*&quot;) substitution
symbols. The <span class="high italic">result</span> wildcards are expanded to replace the matching strings
of the respective <span class="high italic">template</span> wildcards or pattern groups.  Specified wildcard
substitution is available (<a class="link" href="#4.4.expressionsubstitution">4.4 Expression Substitution</a>).  Characters
represented by wildcards in the <span class="high italic">template</span> not represented by a corresponding
wildcard in the <span class="high italic">result</span> are ignored.  Non-wildcard <span class="high italic">result</span> characters are
directly inserted in reconstructed path.  Non-wildcard characters in the
<span class="high italic">template</span> are ignored. If the <span class="high italic">result</span> contains no wildcards it completely
replaces the URL path. 

</ul>

<a id="10.1.0.0.2" href="#"></a>
<a id="10.1.virtualservers" href="#"></a>
<a id="virtualservers" href="#"></a>
<h5 class="head"><span class="text">Virtual Servers</span></h5>

<p> As described in <a class="link" href="#2.3.virtualservices">2.3 Virtual Services</a> virtual service syntax may be used
with mapping rules to selectively apply rules to one specific service. If
virtual services are configured rule interpretation sees only rules common to
all services and those specific to its own service (host address and port). In
all other aspects rule interpretation applies as described above.

<a id="10.1.0.0.3" href="#"></a>
<a id="10.1.processingoverhead" href="#"></a>
<a id="processingoverhead" href="#"></a>
<h5 class="head"><span class="text">Processing Overhead</span></h5>

<p> Naturally, each rule that needs to be processed adds a little to consumed
CPU, introduces some latency, and ultimately reduces throughput.  The
test-bench has shown this to be acceptably small compared to the overall costs
of responding to a request.  Using the ApacheBench tool on a COMPAQ
Professional Workstation XP1000 with 2048MB, VMS V8.3, TCP/IP Service 5.7 and
WASD v10.1, with a simple  access to <span class="high monosp">/wasd_root/exercise/0k.txt</span> showed
approximately 744 requests/second throughput using the following mapping file.

<div class="blockof code">pass /wasd_root/exercise/* 
</div>

<p> After adding various quantities of the same intervening rule

<div class="blockof code">pass /wasd_root/example/* 
pass /wasd_root/example/* 
  .
  .
  .
pass /wasd_root/example/* 
pass /wasd_root/exercise/* 
</div>

the following results were derived.

<div class="blockof block center"><a id="10.1.0.0.4" href="#"></a>
<a id="10.1.mappingoverhead" href="#"></a>
<a id="mappingoverhead" href="#"></a>
<h5 class="head"><span class="text">Mapping Overhead</span></h5>
<p> <table class="tabu tabauto">
<tr class="tabr">
<th class="tabh">Rule Count
<th class="tabh">Requests/S
<th class="tabh">Throughput
<tr class="tabr">
<td class="tabd">0
<td class="tabd">744
<td class="tabd">baseline
<tr class="tabr">
<td class="tabd">100
<td class="tabd">701
<td class="tabd">-5.8%
<tr class="tabr">
<td class="tabd">200
<td class="tabd">665
<td class="tabd">-10.6%
<tr class="tabr">
<td class="tabd">500
<td class="tabd">571
<td class="tabd">-23.3%
<tr class="tabr">
<td class="tabd">1000
<td class="tabd">461
<td class="tabd">-38.4%
</table>
</div>

<p> Although this is a fairly contrived set-up and actual real-world rule-sets
are more complex than this, even one hundred rules is a <span class="high under">very</span> large
set, and it does indicate that for all intents and purposes mapping rules may
be used to achieve desired objectives without undue concern about impact on
server throughput.

<a id="10.2" href="#"></a>
<a id="10.2.vmsfilesystemspecifications" href="#"></a>
<a id="vmsfilesystemspecifications" href="#"></a>
<h2 class="head"><span class="numb">10.2</span><span class="text">VMS File System Specifications</span></h2>

<p> The VMS file system in mapping rules is always assumed to begin with a
device or concealed device logical. Specifying a Master File Directory (MFD)
component, the [000000] is completely optional, although always implied. The
mapping functions will always insert one if required for correct file system
syntax. That is, if the VMS file system mapping of a path results in a file in
a top-level directory an MFD is inserted if not explicitly present in the
mapping.  For example, both of the following paths

<div class="blockof code">/dka100/example.txt
/dka100/000000/example.txt
</div>

would result in a mapping to

<div class="blockof code">DKA100:[000000]EXAMPLE.TXT
</div>

The MFD is completely optional when both specifying paths in mapping
rules and when supplying paths in a request.  Similarly, when supplying a path
that includes directory components, as in

<div class="blockof code">/dka100/dir1/dir2/example.txt
/dka100/000000/dir1/dir2/example.txt
</div>

both mapping to

<div class="blockof code">DKA100:[DIR1.DIR2]EXAMPLE.TXT
</div>

<div class="note">
<a id="10.2.0.0.1" href="#"></a>
<a id="10.2.logicalnames" href="#"></a>
<a id="logicalnames" href="#"></a>
<h5 class="head center"><span class="text">LOGICAL NAMES</span></h5>
<hr class="note_hr">
When using logical names in file system mappings they must be able to be used
as concealed devices and cannot be logical equivalents of directory
specifications.  You must be able to perform a
<div class="blockof code">&dollar; DIRECTORY logical-name:[000000]
</div>
to be able to use the specification as a WASD mapping rule.
<hr class="note_hr">
</div>

<p> Concealed device logicals are created using the following syntax:

<div class="blockof code">&dollar; DEFINE LOGICAL_NAME device:[dir1.dir2.]
&dollar; DEFINE LOGICAL_NAME /TRANSLATION=CONCEALED physical_device:[dir1.dir2.]
&dollar; DEFINE LOGICAL_NAME /TRANSLATION=CONCEALED -
physical_device1:,physical_device2:
&dollar; DEFINE LOGICAL_NAME /TRANSLATION=CONCEALED -
physical_device3:[dir1.dir2.],physical_device4:[dir1.dir3.]
</div>

<p> The logical name may be multi-valued and provided the DIRECTORY command can
be used successfully with them (as described above) should be amenable to WASD
directory listing producing equivalent results.

<a id="10.3" href="#"></a>
<a id="10.3.traditionalfilespecificationsods2" href="#"></a>
<a id="traditionalfilespecificationsods2" href="#"></a>
<h2 class="head"><span class="numb">10.3</span><span class="text">Traditional File Specifications (ODS-2)</span></h2>

<p> For ODS-2 volumes, when during rule mapping of a path to a VMS file
specification an RMS-invalid character (e.g. &quot;+&quot;) or syntax (e.g.
multiple periods) is encountered a dollar symbol is substituted in an attempt
to make it acceptable.  This functionality is often useful for document
collections imported to the local web originating from, for instance, a Unix
site that utilizes non-VMS file system syntax.  The default substitution
character may be changed on a per-path basis using the SET rule (<a class="link" href="#10.5.5.setrule">10.5.5 SET Rule</a>).

<a id="10.4" href="#"></a>
<a id="10.4.extendedfilespecificationsods5" href="#"></a>
<a id="extendedfilespecificationsods5" href="#"></a>
<h2 class="head"><span class="numb">10.4</span><span class="text">Extended File Specifications (ODS-5)</span></h2>

<p> OpenVMS Alpha V7.2 introduced a new on-disk file system structure, ODS-5. 
This brings to VMS in general, and WASD and other Web servers in particular, a
number of issues regarding the handling of characters previously not
encountered during (ODS-2) file system activities.  ODS-2 and ODS-5 volumes
should be automatically distinguished by the server however it is possible to
<span class="high italic">force</span> interpretation using a path mapping rule (<a class="link" href="#10.5.5.setrule">10.5.5 SET Rule</a>).

<a id="10.4.1" href="#"></a>
<a id="10.4.1.charactersinrequestpaths" href="#"></a>
<a id="charactersinrequestpaths" href="#"></a>
<h3 class="head"><span class="numb">10.4.1</span><span class="text">Characters In Request Paths</span></h3>

<p> There is a standard for characters used in HTTP requests paths and query
strings (URLs).  This includes conventions for the handling of reserved
characters, for example &quot;?&quot;, &quot;+&quot;, &quot;&amp;&quot;, &quot;=&quot; that have specific meanings in a
request,  characters that are completely forbidden, for example white-space,
control characters (0x00 to 0x1f), and others that have usages by convention,
for example the &quot;~&quot;, commonly used to indicate a username mapping.  The request
can otherwise contain these characters provided they are URL-encoded (i.e. a
percentage symbol followed by two hexadecimal digits representing the
hexadecimal-encoded character value).

<p> There is also an RMS standard for handling characters in extended file
specifications, some of which are forbidden in the ODS-2 file naming
conventions, and others which have a reserved meaning to either the
command-line interpreter (e.g. the space) or the file system structure (e.g.
the &quot;:&quot;, &quot;[&quot;, &quot;]&quot; and &quot;.&quot;).  Generally the allowed but reserved characters can
be used in ODS-5 file names if escaped using the &quot;^&quot; character.  For example,
the ODS-2 file name &quot;THIS_AND_THAT.TXT&quot; could be named &quot;This^_^&amp;^_That.txt&quot; on
an ODS-5 volume.  More complex rules control the use of character combinations
with significance to RMS, for instance multiple periods.  The following file
name is allowed on an ODS-5 volume, &quot;A-GNU-zipped-TAR-archive^.tar.gz&quot;, where
the non-significant period has been escaped making it acceptable to RMS.

<p> Of course characters absolutely forbidden in request paths must still be
URL-encoded, the most obvious example is the space.  RMS will accept the file
name &quot;This^ and^ that.txt&quot; (i.e. containing escaped spaces) but the request
path would need to be specified as &quot;This%20and%20that.txt&quot;.

<p> Unlike for ODS-2 volumes, ODS-5 volumes do not have &quot;invalid&quot; characters, so
no processing is performed to ensure RMS compliance.

<a id="10.4.2" href="#"></a>
<a id="10.4.2.filenameambiguity" href="#"></a>
<a id="filenameambiguity" href="#"></a>
<h3 class="head"><span class="numb">10.4.2</span><span class="text">File Name Ambiguity</span></h3>

<p> ODS-5 allows for some file name ambiguity in web-space.

<p> For example the file name
<div class="blockof code">This^_is^_an^_EXAMPLE^.txt.;1
</div>
would be presented to the client as
<div class="blockof code">This is an EXAMPLE.txt
</div>
which when provided in a URL as
<div class="blockof code">This%20is%20an%20EXAMPLE.txt
</div>
and translated from that URL into the file specification
<div class="blockof code">This^_is^_an^_EXAMPLE.txt;1
</div>
of course will not be able to be accessed.

<p> In addition, the two files
<div class="blockof code">This^_is^_an^_EXAMPLE.txt;1
This^_is^_an^_EXAMPLE^.txt.;1
</div>
are distinct in the file-system, independently parsed from the
directory structure, presented by a web directory listing (and WebDAV resource
property list) as consecutive entries having the same name, with only the
accessible file name actually available.
<div class="blockof code">This is an EXAMPLE.txt
This is an EXAMPLE.txt
</div>

<p> To avoid this situation a potentially ambiguous file name containing an
escaped period and no type (extension) is ignored by directory listings and
WebDAV property lists.  When an ambiguous file name is detected it is reported
in WATCH reports.

<p> While these sorts of situations are corner-cases it is best to try and avoid
<span class="high italic">interesting</span> file names that can challenge the rather convoluted VMS
file-system environment.

<a id="10.4.3" href="#"></a>
<a id="10.4.3.charactersinservergeneratedpaths" href="#"></a>
<a id="charactersinservergeneratedpaths" href="#"></a>
<h3 class="head"><span class="numb">10.4.3</span><span class="text">Characters In Server-Generated Paths</span></h3>

<p> When the server generates a path to be returned to the browser, either in a
viewable page such as a directory listing or error message, or as a part of the 
HTTP transaction such as a redirection, the path will contain the URL-encoded
equivalent of the <span class="high italic">canonical form</span> of an extended file specification
escaped character.  For example, the file name &quot;This^_and^_that.txt&quot;
will be represented by &quot;This%20and%20that.txt&quot;.

<p> When presenting a file name in a viewable page the general rule is to also
provide this URL-equivalent of the unescaped file name, with a small number of
exceptions.  The first is a directory listing where VMS format has been
requested by including a version component in the request file specification. 
The second is in similar fashion, but with the <span class="high italic">tree</span> facility,
displaying a directory tree.  The third is in the navigation page of the
<span class="high italic">UPDate</span> menu.  In all of the instances the canonical form of the
extended file specification is presented (although any actual reference to the
file is URL-encoded as described above). 

<a id="10.5" href="#"></a>
<a id="10.5.rules" href="#"></a>
<a id="rules" href="#"></a>
<h2 class="head"><span class="numb">10.5</span><span class="text">Rules</span></h2>

<p> These are the categories of mapping rules.

<ul class="list">

<li class="item"> Map paths to the file system, and to other paths:

<ul class="list simple list0">
<li class="item"> MAP
<li class="item"> PASS
<li class="item"> FAIL
<li class="item"> REDIRECT
<li class="item"> USER
</ul>

<li class="item"> Provide access to scripting:

<ul class="list simple list0">
<li class="item"> EXEC
<li class="item"> SCRIPT
<li class="item"> UXEC
</ul>

<li class="item"> Sets characteristics against particular paths:

<ul class="list simple list0">
<li class="item"> SET
</ul>

</ul>

<a id="10.5.1" href="#"></a>
<a id="10.5.1.mappassfailrules" href="#"></a>
<a id="mappassfailrules" href="#"></a>
<h3 class="head"><span class="numb">10.5.1</span><span class="text">MAP, PASS, FAIL Rules</span></h3>

<ol class="list">

<li class="item"> <span class="high bold">map <span class="high italic">template result</span></span>

<p> If the URL path matches the template, substitute the <span class="high italic">result</span> 
string for the path and use that for further rule processing.  Both template
and result paths must be absolute (i.e. begin with &quot;/&quot;).

<li class="item"> <span class="high bold">pass <span class="high italic">template</span> </span> 
<br> <span class="high bold">pass <span class="high italic">template result</span> </span>
<br> <span class="high bold">pass <span class="high italic">template &quot;999 message text&quot;</span> </span>
<br> <span class="high bold">pass <span class="high italic">template &quot;200 &dollar;command&quot;</span> </span>

<p> If the URL path matches the template, substitute the result if present (if 
not just use the original URL path), processing no further rules. 

<p> The <span class="high italic">result</span> should be a either a physical VMS file system
specification in URL format or an <span class="high italic">HTTP status-code message</span> (see
below). If there is a direct correspondance between the <span class="high italic">template</span>
and <span class="high italic">result</span> the result may be omitted.

<div class="note"><a id="10.5.1.0.0.1" href="#"></a>
<a id="10.5.1.note" href="#"></a>
<a id="note" href="#"></a>
<h5 class="head center"><span class="text">Note</span></h5>
<hr class="note_hr">

The PASS directive is also used to <span class="high italic">reverse-map</span> VMS file
specifications to the URL path format equivalent.
See <a class="link" href="#10.6.reversemapping">10.6 Reverse Mapping</a>.
<hr class="note_hr">
</div>

<p> <span class="high bold">An HTTP status-code message</span> can be provided as a result.
The server then generates a response corresponding to that status code
containing the supplied message.  Status-code results should be enclosed in
one of single or double quotes, or curly braces.  See examples.  A
3<span class="high italic">nn</span> status results in a redirection response with the message text
comprising the location. Codes 4<span class="high italic">nn</span> and 5<span class="high italic">nn</span> result in
an error message.  Other code ranges (e.g. 0, 1<span class="high italic">nn</span>, 2<span class="high italic">nn</span>,
etc.) simply cause the connection to be immediately dropped, and can be used
for that purpose (i.e. no indication of why!)

<p> <span class="high bold">A 200 with following &dollar;</span> will cause the DCL script processor to
execute the command.  The output will be returned to the client.

<li class="item"> <span class="high bold">fail <span class="high italic">template</span> 

<p> If the URL path matches the template, prohibit access, processing no 
further rules.  The template path must be absolute (i.e. begin with
&quot;/&quot;).

</span>

</ol>

<a id="10.5.2" href="#"></a>
<a id="10.5.2.redirectrule" href="#"></a>
<a id="redirectrule" href="#"></a>
<h3 class="head"><span class="numb">10.5.2</span><span class="text">REDIRECT Rule</span></h3>

<ol class="list">

<li class="item"> <span class="high bold">redirect <span class="high italic">template</span> <span class="high italic">result</span></span>

<p> If the URL path matches the template, substitute the <span class="high italic">result</span> 
string for the path.  Process no further rules.  Redirection rules can provide
result URLs in one of a number of formats, each with a slightly different
behaviour.

<ol class="list">

<li class="item"> The <span class="high italic">result</span> can be a full URL
(&quot;http://host.domain/path/to/whatever&quot;).  This is used to redirect
requests to a specific service, usually on a another host.  A
<span class="high italic">result</span> may or may not contain a fixed query string
(&quot;/path/to/whatever?one=two&quot;).

<li class="item"> If the scheme (e.g. &quot;http:&quot;) is omitted the scheme of the current
request is substituted.  This allows HTTP requests to be transparently
redirected via HTTP and HTTPS (SSL) requests via HTTPS (e.g.
&quot;//host.domain/path/to/whatever&quot;, note the leading double-slash).

<li class="item"> In a similar fashion both the scheme and the host name may be omitted
(e.g. &quot;///path/to/whatever&quot;, note the leading triple-slash).  The server then
substitutes the appropriate request scheme and host name before returning the
redirection to the client.

<li class="item"> If the scheme is provided but no host component the current request's
host information is substituted and the redirection made using that (e.g.
&quot;https:///secure/path/to/whatever&quot;.  This effectively allows a request to be
redirected from standard to SSL, or from SSL to standard HTTP on the same
server.

<li class="item"> As a variation on this, if no host but a port number is present, the
redirection is to the (presumably) non-standard port on that same host.

<p> See <a class="link" href="#10.7.mappingexamples">10.7 Mapping Examples</a> for examples of each of these.

<li class="item"> Alternatively, it may be just a path (&quot;/path/to/whatever&quot;, a single
leading slash), which will cause the server to <span class="high under">internally</span> generate an
entire new request structure to process the new path (i.e. request redirection
is not returned to the client).

<div class="note"><a id="10.5.2.0.0.1" href="#"></a>
<a id="10.5.2.note" href="#"></a>
<a id="note" href="#"></a>
<h5 class="head center"><span class="text">Note</span></h5>
<hr class="note_hr">

Internal redirection (as this is termed) is a fundamental mechanism available
with WASD to completely change the request path and/or query string components
for the request - transparently to the client.  It is essentially a complete
rewrite of the request.
<hr class="note_hr">
</div>

<li class="item"> Full request URI rewriting (path and any query string) is available using
the <span class="high italic">map=uri</span> path SETing (<a class="link" href="#10.5.5.setrule">10.5.5 SET Rule</a>).

<li class="item"> Only if the <span class="high under">last</span> character in the <span class="high italic">result</span> is a question mark (&quot;?&quot;)
will any query string in the original be propagated into the redirection URL
(that is the original request &quot;/original/test.txt?plus=query&quot; is mapped using
&quot;redirect /original/* /path/to/*?&quot; does the resulting URL become
&quot;/path/to/test.txt?plus=query&quot;).

</ol>

</ol>

<a id="10.5.3" href="#"></a>
<a id="10.5.3.userrule" href="#"></a>
<a id="userrule" href="#"></a>
<h3 class="head"><span class="numb">10.5.3</span><span class="text">USER Rule</span></h3>

<p> The USER rule maps a VMS user account default device and directory (i.e.
<span class="high italic">home</span> directory) into a request path.  That is, the  base location for the
request is obtained from the VMS systems SYSUAF file.  This is usually invoked
by a request path in the form &quot;/~username/&quot;, see
<a class="link" href="#10.9.mappinguserdirectories">&lsquo;Mapping User Directories&rsquo; in 10.9 Conditional Mapping</a> for more detailed information.

<ol class="list">

<li class="item"> <span class="high bold">user <span class="high italic">template</span> <span class="high italic">result</span></span>

<p> If the path matches the template then the result is substituted, with the
following conditions.  At least one wildcard must be present.  The first
wildcard in the result substitutes the username's home directory into the path
(in place of the &quot;~username&quot;).  Any subsequent wildcard(s) substitute
corresponding part(s) of the original path.

<p> If the user DANIEL's default device and directory were

<div class="blockof code">USER&dollar;DISK:[DANIEL]
</div>

the following rule

<div class="blockof code">user /~*/* /*/www/*
</div>

would result in the following path being mapped and used

<div class="blockof code">/user&dollar;disk/daniel/www/
</div>

</ol>

<div class="note"><a id="10.5.3.0.0.1" href="#"></a>
<a id="10.5.3.note" href="#"></a>
<a id="note" href="#"></a>
<h5 class="head center"><span class="text">Note</span></h5>
<hr class="note_hr">

Accounts that possess SYSPRV, are CAPTIVE, have been DISUSERED or that have
expired passwords will not be mapped.  A &quot;directory not found&quot; error
report is returned.
<hr class="note_hr">
</div>

<a id="10.5.4" href="#"></a>
<a id="10.5.4.execuxecandscriptscriptmappingrules" href="#"></a>
<a id="execuxecandscriptscriptmappingrules" href="#"></a>
<h3 class="head"><span class="numb">10.5.4</span><span class="text">EXEC/UXEC and SCRIPT, Script Mapping Rules</span></h3>

<p> Also see <a class="link blank" target="_blank" href="../scripting/#0.">WASD Scripting Environment</a> for further
information.

<p> The EXEC/UXEC and SCRIPT directives have the <span class="high bold">variants
EXEC+/UXEC+ and SCRIPT+</span>. These  behave in exactly the same fashion and
simply mark the rule as representing a CGIplus script environment.

<p> The EXEC/UXEC rules maps script <span class="high bold">directories</span>.

<p> The SCRIPT rules maps script <span class="high bold">file names</span>. It behaves a
little differently to the EXEC rule, essentially supplying in a single rule the
effect of a MAP then an EXEC rule. 

<p> Both rules must have a <span class="high italic">template</span> and <span class="high italic">result</span>, and 
both must end in a wildcard asterisk.  The placement of the wildcards and the 
subsequent functionality is slightly different however.   Both template
and result paths must be absolute (i.e. begin with &quot;/&quot;).

<ol class="list">

<li class="item"> <span class="high bold">exec <span class="high italic">template result</span> </span>

<p> The EXEC rule requires the <span class="high italic">template</span>'s asterisk to immediately
follow the slash terminating the directory specification containing the
scripts. The script name follows immediately as part of the wildcard-matched
string. For example:

<div class="blockof code">exec /htbin/* /wasd_root/script/*
</div>

<p> If the URL path matches the template, the result, including the first
slash-terminated part of the wildcard-matched section, becomes the URL format
physical VMS file specification the script to be executed. What remains of the
original URL path is used to create the path information. Process no further
rules. 

<p> Hence, the EXEC rule will match multiple script specifications without
further rules, the script name being supplied with the URL path. Hence any
script (i.e. procedure, executable) in the specified directory is accessible,
a possible security concern if script management is distributed.

<li class="item"> <span class="high bold">exec <span class="high italic">template (run-time-environment)result</span> </span>

<p> A variation on the &quot;exec&quot; rules allows a Run-Time Environment (RTE)
to be mapped.  An RTE is a persistant scripting environment not unlike CGIplus. 
The essential difference is an RTE provides an environment in which a variety
of scripts can be run.  It is often an interpreter, such as Perl, where the
advantages of persistance (reduced response latency and system impact) are
available.  For more information on RTEs and how they operate see the
<a class="link blank" target="_blank" href="../scripting/#0.">WASD Scripting Environment</a> document.

<p> The RTE executable is specified in parentheses prefixed to the mapping
result, as show in this example:

<div class="blockof code">exec /pl-bin/* (cgi-bin:[0000000]perlrte.exe)/wasd_root/src/perl/*
</div>

<li class="item"> <span class="high bold">script <span class="high italic">template result</span> </span>

<p> The SCRIPT rule requires the <span class="high italic">template</span>'s asterisk to
immediately follow the <span class="high italic">unique string</span> identifying the script in the
URL path. The wildcard-matched string is the following path, and supplied to
the script. For example: 

<div class="blockof code">script /conan* /wasd_root/script/conan*
</div>

<p> If the URL path matches the template, the result becomes the URL format
physical VMS file specification for the DCL procedure of the script to be
executed (the default file extension of &quot;.COM&quot; is not required). What
remains of the original URL path is used to create the path information.
Process no further rules. 

<div class="note"><a id="10.5.4.0.0.1" href="#"></a>
<a id="10.5.4.note" href="#"></a>
<a id="note" href="#"></a>
<h5 class="head center"><span class="text">Note</span></h5>
<hr class="note_hr">

The wildcard asterisk is best located immediately after the unique script 
identifier. In this way there does not need to be any path supplied with the 
script.  If even a slash follows the script identifier it may be mapped into a 
file specification that may or may not be meaningful to the script.
<hr class="note_hr">
</div>
 
<p> Hence, the SCRIPT rule will match only the script specified in the
<span class="high italic">result</span>, making for finely-granular scripting at the expense of a
rule for each script thus specified. It also implies that only the script name
need precede any other path information.

<p> It may be thought of as a more efficient implementation of the equivalent 
functionlity using two CERN rules, as illustrated in the following example:

<div class="blockof code">map /conan* /script/conan*
exec /cgi-bin/* /cgi-bin/*
</div>

<li class="item"> <span class="high bold">uxec <span class="high italic">template result</span> </span>

<p> The UXEC rule is an analog to the EXEC rule, except it is used to map user
scripts.  It requires two mapping asterisks, the first for the username, the
second for the script name. It must be used in conjunction with a SET
<span class="high italic">script=as=~</span> rule. For example:

<div class="blockof code">SET   /~*/cgi-bin/*  script=as=~
UXEC  /~*/cgi-bin/*  /*/www/cgi-bin/*
</div>

<p> For further information see <a class="link" href="#10.10.1.useraccountscripting">&lsquo;User Account Scripting&rsquo; in 10.10.1 Using The SYSUAF</a> and the
<a class="link blank" target="_blank" href="../scripting/#introduction">Introduction</a> of
<a class="link blank" target="_blank" href="../scripting/#0.">WASD Scripting Environment</a>.

</ol>

<a id="10.5.4.0.1" href="#"></a>
<a id="10.5.4.scriptlocation" href="#"></a>
<a id="scriptlocation" href="#"></a>
<h5 class="head"><span class="text">Script Location</span></h5>

<p> It is conventional to locate script images in WASD_ROOT:[AXP-BIN] or
WASD_ROOT:[X86_64-BIN] (depending on the platform), and procedures, etc. in
WASD_ROOT:[CGI-BIN].  These multiple directories are accessible via the single
search list logical CGI-BIN.

<p> Script files can be located in area completely outside of the WASD_ROOT tree. 
Two approaches are available.

<ol class="list">

<li class="item"> Modify the search list CGI-BIN to include the additional directories. 
Only should be done with extreme care.

<li class="item"> Use mapping rules to make the script accessible.  This can be done by
using the EXEC or SCRIPT rule to specify the directory directly as in these
examples

<div class="blockof code">exec /mycgi-bin/* /site_local_scripts/bin/*
script /myscript* /web/myscripts/bin/myscript.exe*
</div>
 or by using the MAP rules to make a hierarchy of script locations obvious
and accessible, as in this example

<div class="blockof code">map /cgi-bin/myscripts/* /cgi-bin_myscripts/* 
exec /cgi-bin_myscripts/* /web/myscripts/bin/*
</div>

</ol>

<a id="10.5.4.0.2" href="#"></a>
<a id="10.5.4.execdirectoriesandexecfiles" href="#"></a>
<a id="execdirectoriesandexecfiles" href="#"></a>
<h5 class="head"><span class="text">EXEC Directories and EXEC Files</span></h5>

<p> Generally directories are specified as locations for script files.  This is
the more common application, with the EXEC rules used as in this example

<div class="blockof code">exec /cgi-bin/* /cgi-bin/*
</div>

<p> Mapping a file type into an EXEC behaviour is also supported.  This allows
all files within the specified path and with the matching file suffix
(extension) to be activated as scripts.  Of course a script runtime must be
available for the server to be able activate it.  The following example
demonstrates mapping all files ending in .CGI in the /web/ tree as executable
scripts.

<div class="blockof code">exec /web/*.cgi* /web/*.cgi*
</div>

<div class="note">
<a id="10.5.4.0.3" href="#"></a>
<a id="10.5.4.warning" href="#"></a>
<a id="warning" href="#"></a>
<h5 class="head center"><span class="text">WARNING</span></h5>
<hr class="note_hr">
Remember scripts are <span class="high bold">executables</span>.  Enabling scripting in a
general user area allows <span class="high bold">any</span> user to write and execute any
script, by default under the scripting account.  Deploy with discretion.
<hr class="note_hr">
</div>

<a id="10.5.5" href="#"></a>
<a id="10.5.5.setrule" href="#"></a>
<a id="setrule" href="#"></a>
<h3 class="head"><span class="numb">10.5.5</span><span class="text">SET Rule</span></h3>

<p> The SET rule does not change the mapping of a path, it just sets one or
more characteristics against that path that affect the subsequent processing
in some way. It is a general purpose rule that conveniently allows the
administrator to tell the server to process requests with particular paths in
some ad hoc and generally useful fashion. Most SET parameters are single
keywords that act as boolean switches on the request, some require parameter
strings. Multiple space-separated parameters may be set against against the one
path in a single SET statement.

<ul class="list">

<li class="item"> <span class="high bold">ACCEPT=LANG=<span class="high italic">&lt;parameter&gt;</span> &ndash; </span>
Allows a path to be marked for language-variant document processing.

<table class="tabl">
<tr class="tabr under">
<th class="tabh">Rule
<th class="tabh">Description
<tr class="tabr">
<tr class="tabr">
<td class="tabd">ACCEPT=LANG= DEFAULT=<span class="high italic">&lt;language&gt;</span>
<td class="tabd">sets the default language
<tr class="tabr">
<td class="tabd">ACCEPT=LANG= CHAR=<span class="high italic">&lt;character&gt;</span>
<td class="tabd">sets the delimiting character
<tr class="tabr">
<td class="tabd">ACCEPT=LANG= VARIANT=<span class="high italic">&lt;name&gt;&verbar;&lt;type&gt;</span>
<td class="tabd">allows the alternate file-type variant to be specified
<tr class="tabr">
<td class="tabd">ACCEPT=LANG= (DEFAULT=<span class="high italic">&lt;language&gt;</span>, <br>
CHAR=<span class="high italic">&lt;character&gt;</span>)
<td class="tabd">sets both (etc.)
<tr class="tabr">
<td class="tabd">NOACCEPT=LANG
<td class="tabd">disables language variant processing (on a subtree for example)
</table>

<p> For detailed configuration information see <a class="link" href="#2.8.languagevariants">2.8 Language Variants</a>.

<li class="item"> <span class="high bold">ALERT[=<span class="high italic">&lt;keyword&gt;</span>] &ndash; </span>
Marks a path as being of specific interest.  When a request containing this
path is detected by the server it puts a message into the the server process
log and perhaps of greater immediate usefulness the increase in alert hits is
detected by HTTPDMON and this (optionally) provides an audible alert.  The
following is ordered according to how early in processing the alert is
signalled.

<table class="tabl">
<tr class="tabr under">
<th class="tabh">Rule
<th class="tabh">Description
<tr class="tabr">
<tr class="tabr">
<td class="tabd">ALERT=MAP
<td class="tabd">generates this alert immediately after path mapping (i.e.
before the request actually begins being processed)
<tr class="tabr">
<td class="tabd">ALERT=AUTH
<td class="tabd">after authorization (i.e. when any remote username has
been resolved)
<tr class="tabr">
<td class="tabd">ALERT=<span class="high italic">&lt;integer&gt;</span>
<td class="tabd">if the response HTTP status
matches the specific integer
<tr class="tabr">
<td class="tabd">ALERT=END
<td class="tabd">at the conclusion of process (the default)
<tr class="tabr">
<td class="tabd">NOALERT
<td class="tabd">cancels alerts on this path (perhaps subpath)
</table>

<li class="item"> <span class="high bold">AUTH=<span class="high italic">&lt;keyword&gt;</span> &ndash; </span>
Changes the specified characteristic during subsequent authorization
processing.

<table class="tabl">
<tr class="tabr under">
<th class="tabh">Rule
<th class="tabh">Description
<tr class="tabr">
<tr class="tabr">
<td class="tabd">[NO]AUTH=ALL
<td class="tabd">All requests matching this path must have been subject
to authorization or fail with a forbidden status.  This is a per-path
requivalent of implementing the per-server /AUTHORIZE=ALL policy, and is a
little &quot;belt and braces&quot; in a certain sense, but does permit a site to
further avoid unintended information leakage (in this case through the failure
ensure a given path has authorization).
<tr class="tabr">
<td class="tabd">[NO]AUTH=ONCE
<td class="tabd">If a request path contains both a script component
and a resource component by default the WASD server makes sure both parts are
authorized before allowing access.  This can be disabled using this path
setting.  When this is done only the original request path undergoes
authorization.
<tr class="tabr">
<td class="tabd">AUTH=REVALIDATE=<span class="high italic">&lt;hh:mm:ss&gt;</span>
<td class="tabd">Authorization is
cancelled and the client requested to reenter the username and  password if
this period expires between authorized requests.  Overrides configuration
directive [AuthRevalidateUserMinutes].
<tr class="tabr">
<td class="tabd">AUTH=SYSUAF= PWDEXPURL=<span class="high italic">&lt;string&gt;</span>
<td class="tabd">Parallels the
[AuthSysUafPwdExpURL] configuration directive, allowing it to be set on a
per-path or virtual service basis.
</table>

<li class="item"> <span class="high bold">CACHE=<span class="high italic">&lt;keyword&gt;</span> &ndash; </span>
The default is to cache files (when caching is enabled,
<a class="link" href="#9.cacheconfiguration">9. Cache Configuration</a>).

<table class="tabl">
<tr class="tabr under">
<th class="tabh">Rule
<th class="tabh">Description
<tr class="tabr">
<tr class="tabr">
<td class="tabd">CACHE=NONE
<td class="tabd">disables caching of files matching this rule
<tr class="tabr">
<td class="tabd">CACHE=EXPIRES=0
<td class="tabd">cancels previous mapped expiry
<tr class="tabr">
<td class="tabd">CACHE=EXPIRES=DAY
<td class="tabd">expires on change of day
<tr class="tabr">
<td class="tabd">CACHE=EXPIRES=HOUR
<td class="tabd">expires on change of hour
<tr class="tabr">
<td class="tabd">CACHE=EXPIRES=MINUTE
<td class="tabd">expires on change of minute
<tr class="tabr">
<td class="tabd">CACHE=EXPIRES=<span class="high italic">&lt;period&gt;</span>
<td class="tabd">sets the expiry period for the entry
<tr class="tabr">
<td class="tabd">CACHE=GUARD=<span class="high italic">&lt;period&gt;</span>
<td class="tabd">sets the guard period (no reload) for the cache entry
<tr class="tabr">
<td class="tabd">CACHE=MAX=<span class="high italic">&lt;integer&gt;</span>
<td class="tabd">cache files up to this many kilobytes (overrides [CacheFileKBytesMax])
<tr class="tabr">
<td class="tabd">CACHE=[NO]CGI
<td class="tabd">cache CGI-compliant (script) responses
<tr class="tabr">
<td class="tabd">CACHE=[NO]FILE
<td class="tabd">cache files matching this rule (the default)
<tr class="tabr">
<td class="tabd">CACHE=[NO]NET
<td class="tabd">cache any network output
<tr class="tabr">
<td class="tabd">CACHE=[NO]NPH
<td class="tabd">cache NPH (non-parse-header script) responses
<tr class="tabr">
<td class="tabd">CACHE=[NO]SCRIPT
<td class="tabd">cache both CGI and NPH responses
<tr class="tabr">
<td class="tabd">CACHE=[NO]SSI
<td class="tabd">cache SSI document responses
<tr class="tabr">
<td class="tabd">CACHE=[NO]QUERY
<td class="tabd">cache (script) regardless of containing a query string
<tr class="tabr">
<td class="tabd">CACHE=[NO]PERM
<td class="tabd">permanently cache these files
</table>

<li class="item"> <span class="high bold">CGIPLUSIN=<span class="high italic">&lt;keyword&gt;</span> &ndash; </span>
Provides control over how CGIplus records on the CGIPLUSIN stream are carriage
controlled and how the stream is terminated.  A little esoteric certainly; ask
Alex Ivanov ;-)

<table class="tabl">
<tr class="tabr under">
<th class="tabh">Rule
<th class="tabh">Description
<tr class="tabr">
<tr class="tabr">
<td class="tabd">CGIPLUSIN=CC=NONE
<td class="tabd">no carriage control
<tr class="tabr">
<td class="tabd">CGIPLUSIN=CC=LF
<td class="tabd">each record has a trailing line feed (0x0a)
<tr class="tabr">
<td class="tabd">CGIPLUSIN=CC=CR
<td class="tabd">a trailing carriage return (0x0d)
<tr class="tabr">
<td class="tabd">CGIPLUSIN=CC=CRLF
<td class="tabd">a trailing line feed then carriage return (0x0d0a)
<tr class="tabr">
<td class="tabd">CGIPLUSIN=[NO]EOF
<td class="tabd">the end of the record stream is indicated using an end-of-file
</table>

<li class="item"> <span class="high bold">CGIPREFIX=<span class="high italic">&lt;string&gt;</span> &ndash; </span>
CGI environment variable names are by default prefixed with &quot;WWW_&quot;. 
This may be changed on a per-path basis  using this SET rule.  To remove the
prefix altogether for selected scripts use &quot;CGIprefix=&quot;.

<li class="item"> <span class="high bold">CHARSET=<span class="high italic">&lt;string&gt;</span> &ndash; </span>
This setting allows overriding of the server default ([CharsetDefault]
configuration parameter) content-type character set (in the response header)
for text files (plain and HTML).  A string is required as in the following
example, &quot;charset=ISO-8859-5&quot;.

<li class="item"> <span class="high bold">CLIENT=<span class="high italic">&lt;keyword&gt;</span> &ndash; </span>
Client IP address data is often used during conditional mapping and as
represented by CGI variable data in scripts and interpreter environments.  This
setting allows an up-stream proxy/accelerator to provide the actual client IP
address via request header and have that data substitute for the instrinsic IP
address of the up-stream proxy.  This provides a level of transparency to
server processing via such a proxy.

<table class="tabl">
<tr class="tabr under">
<th class="tabh">Rule
<th class="tabh">Description
<tr class="tabr">
<tr class="tabr">
<td class="tabd">CLIENT=FORWARDED
<td class="tabd">Substitute the (first) address from the
&quot;Forwarded&quot;: request header.  Return a 403 status if no
&quot;Forwarded:&quot; header present.
<tr class="tabr">
<td class="tabd">CLIENT=IF=FORWARDED
<td class="tabd">As above but the absence of a
&quot;Forwarded:&quot; request header is not fatal.
<tr class="tabr">
<td class="tabd">CLIENT=LITERAL=<span class="high italic">&lt;string&gt;</span>
<td class="tabd">Substitue the
following string.  Intended for testing purposes.
<tr class="tabr">
<td class="tabd">CLIENT=RESET
<td class="tabd">Reset the substituted client data to the original
(up-stream proxy).
<tr class="tabr">
<td class="tabd">CLIENT=XFORWARDEDFOR
<td class="tabd">Substitute the (first) address from the
&quot;X-Forwarded-For&quot;: request header.  Return a 403 status if no
&quot;X-Forwarded-For:&quot; header present.
<tr class="tabr">
<td class="tabd">CLIENT=IF=XFORWARDEDFOR
<td class="tabd">As above but the absence of a
&quot;X-Forwarded-For:&quot; request header is not fatal.
</table>

<li class="item"> <span class="high bold">CONTENT=<span class="high italic">&lt;string&gt;</span> &ndash; </span>
The content-type of a file is normally determined by the file's type
(extension). This setting allows files matching the template to be returned
with the specified content-type.  The content-type must be specified as a
parameter, e.g. &quot;content=application/binary&quot;.

<li class="item"> <span class="high bold">CSS=<span class="high italic">&lt;URI&gt;&verbar;&lt;URL&gt;</span> &ndash; </span>
Provides a path (URI) or full URL to a stylesheet for a WASD-generated page
(e.g. a directory listing).  Adds a 

<div class="blockof code">&lt;LINK REL=&quot;stylesheet&quot; TYPE=&quot;text/css&quot; HREF=&quot;<span class="high italic">uri</span>&quot;&gt;
</div>

to the page HTML header.

<li class="item"> <span class="high bold">DICT=<span class="high italic">&lt;key&gt;=&lt;value&gt;</span> &ndash; </span>
Set a dictionary entry. See <a class="link" href="#5.5.dictionary">5.5 Dictionary</a>.

<li class="item"> <span class="high bold">DIR=<span class="high italic">&lt;keyword&gt;</span> &ndash; </span>
Allows directory listing to be controlled on a per path basis.  These
parallel the coresponding configuration [Dir..] directives.

<table class="tabl">
<tr class="tabr under">
<th class="tabh">Rule
<th class="tabh">Description
<tr class="tabr">
<tr class="tabr">
<td class="tabd">DIR=[NO]ACCESS
<td class="tabd">allows directory listing
<tr class="tabr">
<td class="tabd">DIR=ACCESS=SELECTIVE
<td class="tabd">allows directory listing if the directory contain
the file .WWW_BROWSABLE
<tr class="tabr">
<td class="tabd">DIR=DELIMIT=<span class="high italic">&lt;keyword&gt;</span>
<td class="tabd">header, footer, both, none
<tr class="tabr">
<td class="tabd">DIR=[NO]ILINK
<td class="tabd">icon plain-text link can be disabled
<tr class="tabr">
<td class="tabd">DIR=[NO]IMPLIEDWILDCARD
<td class="tabd">add wildcards if not in path
<tr class="tabr">
<td class="tabd">DIR=SORT=<span class="high italic">&lt;column&gt;</span>
<td class="tabd">pre-sort a listing
<tr class="tabr">
<td class="tabd">DIR=STYLE=<span class="high italic">&lt;keyword&gt;</span>
<td class="tabd">set the style of a directory listing 

<p> <ul class="list simple list0">
<li class="item"> &quot;ANCHOR&quot; the v8.2 thru v10.3 WASD style
<li class="item"> &quot;DEFAULT&quot; the current WASD style (v10.4 and later)
<li class="item"> &quot;HTDIR&quot; Alex Ivanov's HTdir style
<li class="item"> &quot;ORIGINAL&quot; WASD traditional style (before v8.2)
<li class="item"> &quot;SORT&quot; listing sortable on column
<li class="item"> &quot;TABLE&quot; using HTML table layout (v10.4 and later)
<li class="item"> &quot;<span class="high italic">above</span>2&quot; any of the above without horizontal rules
</ul>
<tr class="tabr">
<td class="tabd">DIR=TARGET=<span class="high italic">&lt;string&gt;</span>
<td class="tabd">open the file in another window 

<p> <ul class="list simple list0">
<li class="item"> &quot;_blank&quot; opens the file in a new window or tab
<li class="item"> &quot;_self&quot; in the same frame
<li class="item"> &quot;_parent&quot; in the parent frame
<li class="item"> &quot;_top&quot; in the full body of the window
<li class="item"> &quot;<span class="high italic">framename</span>&quot; in the named frame
</ul>
<tr class="tabr">
<td class="tabd">DIR=THESE=<span class="high italic">&lt;filespec&gt;</span>
<td class="tabd">restrict listing to
specified filename(s)
<tr class="tabr">
<td class="tabd">DIR=TITLE=<span class="high italic">&lt;keyword&gt;</span>
<td class="tabd">format the title
of the window (tab) 

<p> <ul class="list simple list0">
<li class="item"> &quot;0&quot; (digit zero) suppress any title
<li class="item"> &quot;1..99&quot; where 1 is the top-level directory (device), 2 is the
second-level directory, 3 &hellip; 99 the current directory
<li class="item"> &quot;DEFAULT&quot; the default for the directory <span class="high italic">style</span>
<li class="item"> &quot;OWNER&quot; the VMS account owning the directory
<li class="item"> &quot;REMOTE&quot; the remote user name (for X509 authentication the
certificate common-name)
<li class="item"> &quot;THIS=&lt;string&gt;&quot; a literal string
</ul>
<tr class="tabr">
<td class="tabd">DIR=VERSIONS=<span class="high italic">&lt;integer&gt;</span>
<td class="tabd">list the specified 
maximum number of file versions, or if an asterisk all versions
<tr class="tabr">
<td class="tabd">DIR=[NO]WILDCARD
<td class="tabd">allow a directory listing to be &quot;forced&quot;
by including wildcards in the path
</table>

<li class="item"> <span class="high bold">[NO]EXPIRED &ndash; </span>
This setting allows files in the specified paths to be sent pre-expired. The
browser should always then reload them whenever accessed.

<li class="item"> <span class="high bold">HTML=<span class="high italic">&lt;keyword&gt;=&lt;string&gt;</span> &ndash; </span>
Allows the &lt;BODY&gt; tag, and header and/or footer characteristics and text to be
added to selected server generated pages such as directory listings and error
messages.

<table class="tabl">
<tr class="tabr under">
<th class="tabh">Rule
<th class="tabh">Description
<tr class="tabr">
<tr class="tabr">
<td class="tabd">HTML=BODYTAG=
<td class="tabd">specifies the page &lt;BODY&gt; tag
characteristics (e.g. html=bodytag=&quot;BGCOLOR=#ffffff&quot;)
<tr class="tabr">
<td class="tabd">HTML=HEADER=
<td class="tabd">the page header text
<tr class="tabr">
<td class="tabd">HTML=HEADERTAG=
<td class="tabd">the &lt;TD&gt; tag characteristics of the
header table (e.g. html=headertag=&quot;BGCOLOR=#cccccc&quot;)
<tr class="tabr">
<td class="tabd">HTML=FOOTER=
<td class="tabd">the page footer text
<tr class="tabr">
<td class="tabd">HTML=FOOTERTAG=
<td class="tabd">the &lt;TD&gt; tag characteristics of the
footer table
</table>

<p> The <span class="high italic">headertag</span> and <span class="high italic">footertag</span> directives also allow
the full table tag to be specified, allowing greater flexibility with these
parts of the page (e.g. html=footertag=&quot;&lt;TABLE BORDER=1
CELLPADDING=10 CELLSPACING=0&gt;&lt;TR&gt;&lt;TD BGCOLOR=#cccccc&gt;&quot;.

<li class="item"> <span class="high bold">HTTP=<span class="high italic">&lt;parameter&gt;</span> &ndash; </span>
Explicitly sets an aspect of the HTTP request header.

<table class="tabl">
<tr class="tabr under">
<th class="tabh">Rule
<th class="tabh">Description
<tr class="tabr">
<tr class="tabr">
<td class="tabd">HTTP=ACCEPT-CHARSET=<span class="high italic">&lt;string&gt;</span>
<td class="tabd">the &quot;Accept-Charset:&quot; field
<tr class="tabr">
<td class="tabd">HTTP=ACCEPT-LANGUAGE=<span class="high italic">&lt;string&gt;</span>
<td class="tabd">the &quot;Accept-Language:&quot; field
</table>

<li class="item"> <span class="high bold">HTTP2=<span class="high italic">&lt;parameter&gt;</span> &ndash; </span>
Controls an aspect of an HTTP/2 connection, or initiates an action on that
connection.

<table class="tabl">
<tr class="tabr under">
<th class="tabh">Rule
<th class="tabh">Description
<tr class="tabr">
<tr class="tabr">
<td class="tabd">HTTP2=PROTOCOL=1.1
<td class="tabd">send the client an HTTP_1_1_REQUIRED error whcich should cause it to re-request
as HTTP/1.1
<tr class="tabr">
<td class="tabd">HTTP2=SEND=GOAWAY[=<span class="high italic">&lt;integer&gt;</span>]
<td class="tabd">send the client a connection GOAWAY frame with optional error number
<tr class="tabr">
<td class="tabd">HTTP2=SEND=PING
<td class="tabd">send the client an HTTP/2 ping
<tr class="tabr">
<td class="tabd">HTTP2=SEND=RESET[=<span class="high italic">&lt;integer&gt;</span>]
<td class="tabd">send the client a stream (request) reset (close) with optional error number
<tr class="tabr">
<td class="tabd">HTTP2=WRITE=<span class="high italic">LOW&verbar;NORMAL&verbar;HIGH</span>
<td class="tabd">this stream (request) will write to the network at the specified priority
relative to other data on the connection
</table>

<li class="item"> <span class="high bold">INDEX=<span class="high italic">&lt;string&gt;</span> &ndash; </span>
This setting provides the &quot;Index of&quot; (directory listing) format string
for directory paths matching the template.  It uses the same formatting as can
be supplied with a URL and overrides any query string passed via any URL.

<li class="item"> <span class="high bold">[NO]LOG &ndash; </span>
When server access logging is enabled the default is to log all requests. The
NOLOG setting suppresses logging for requests involving the specified path
template.

<li class="item"> <span class="high bold">MAP=<span class="high italic">&lt;parameter&gt;</span> &ndash; </span>
Controls aspects of the mapping processing itself (from that point in the rules
onwards of course).

<table class="tabl">
<tr class="tabr under">
<th class="tabh">Rule
<th class="tabh">Description
<tr class="tabr">
<tr class="tabr">
<td class="tabd">[NO]MAP=ELLIPSIS
<td class="tabd">By default the use of the VMS file specification
ellipsis wilcard  (&quot;...&quot;) is not allowed.  This enables this for the
path specified.  Use with caution.
<tr class="tabr">
<td class="tabd">[NO]MAP=ONCE
<td class="tabd">Normally, when a script has been identified during
mapping, the resultant path  information is also mapped in a second pass. This
can be suppressed by SETing the path as MAP=ONCE.  The resultant path is then
given to the script without further processing.
<tr class="tabr">
<td class="tabd">MAP=RESTART
<td class="tabd">Causes an immediate change to the order of rule
processing.  Instead of the  next rule, the first rule in the configuration is
processed.  This is intended to remove the need for copious repetition in the
rule set.  A common or set of common processing blocks can be established near
the start of the rule set and be given requests from processing points further
down in the rules.  It is intended to be used only once or perhaps twice and
will abort the request if it occurs too often.  Can be detected using the
<span class="high italic">restart:</span> conditional (<a class="link" href="#5.3.conditionalkeywords">5.3 Conditional Keywords</a>).  Use with caution! 
Injudicious use would make unexpected mappings expected!
<tr class="tabr">
<td class="tabd">[NO]MAP=ROOT=<span class="high italic">&lt;string&gt;</span>
<td class="tabd">Prefixes the results
of following rules with the specified path so that they  are all subordinate to
it.  This also populates the DOCUMENT_ROOT CGI variable. See
<a class="link" href="#2.2.documentroot">&lsquo;Document Root&rsquo; in 2.2 Site Organisation</a>.
<tr class="tabr">
<td class="tabd">[NO]MAP=SET=IGNORE
<td class="tabd">All path SETings following an IGNORE are
completely ignored (not applied to the mapping or request characteristics)
until a subsequent NOINGORE is encountered.
<tr class="tabr">
<td class="tabd">[NO]MAP=SET=REQUEST
<td class="tabd">All path SETings following a NOMAP=SET=REQUEST
are only applied to the mapping  and not to the request's characteristics until
a subsequent MAP=SET=REQUEST is encountered.  Intended for use during callouts. 
These can be detected using the <span class="high italic">callout:</span> conditional
(<a class="link" href="#5.3.conditionalkeywords">5.3 Conditional Keywords</a>).
<tr class="tabr">
<td class="tabd">[NO]MAP=URI
<td class="tabd">Normally mapping is performed on the request path. 
This SETing replaces the path with the full, raw, request URI (undecoded path
plus any query string).  This allows subsequent mapping rules to be applied to
the full URI and therefore path components to be remapped into query components,
and query components into path components (using specified substitution, see
<a class="link" href="#4.4.expressionsubstitution">4.4 Expression Substitution</a>).

</table>

<li class="item"> <span class="high bold">NOTEPAD=[+]<span class="high italic">&lt;string&gt;</span> &ndash; </span>
The <span class="high italic">request notepad</span> is a string storage area that can be used to  store and
retrieve ad hoc information during path mapping and subsequent authorization
processing.  Multiple <span class="high italic">notepad=string</span> set against the one request override
previous settings unless preceded by a leading plus symbol, when it appends. 
These contents then can be subsequently detected using the <span class="high italic">notepad:</span>
conditional keyword (<a class="link" href="#5.3.1.notepadkeyword">5.3.1 Notepad: Keyword</a>) or the obsolescent 'NO' mapping
conditional.

<li class="item"> <span class="high bold">ODS=<span class="high italic">&lt;keyword&gt;</span> &ndash; </span> Directs the server on how to process file names
for naming conventions other than ODS-2 (the default).  Be sure to add an
asterisk at the end of the specific ODS path otherwise only the top-level will
set!

<table class="tabl">
<tr class="tabr under">
<th class="tabh">Rule
<th class="tabh">Description
<tr class="tabr">
<tr class="tabr">
<td class="tabd">ODS=2
<td class="tabd">is basically redundant, because if a path is not indicated as
anything else it  is assumed to be ODS-2.  This can be used for clarity in the
mapping rules if required.
<tr class="tabr">
<td class="tabd">ODS=5
<td class="tabd">is used to indicate that a particular path maps to files on
an ODS-5 (EFS)  volume and so the names may comply to extended specifications. 
This changes the way file names are processed, including for example the
replacement of invalid RMS characters (see below).
<tr class="tabr">
<td class="tabd">ODS=ADS
<td class="tabd">is used to process file names that are encoded using the
Advanced Server (PATHWORKS 6) schema.
<tr class="tabr">
<td class="tabd">ODS=NAME=<span class="high italic">8BIT&verbar;UTF8&verbar;DEFAULT</span>
<td class="tabd">When a file is PUT (created) using WebDAV or upload, for non-7bit ASCII
file names use native ODS-5 8bit syntax (default) or UTF-8 encoded character
sequences.
<tr class="tabr">
<td class="tabd">ODS=PWK
<td class="tabd">is used for processing file names encoded using the
PATHWORKS 4/5 schema.
<tr class="tabr">
<td class="tabd">ODS=SMB
<td class="tabd">is a synonym for ODS=ADS and makes clear the path is also
being served by Samba.
<tr class="tabr">
<td class="tabd">ODS=SRI
<td class="tabd">for file names encoded using the SRI schema (used by
MultiNet and TCPware NFS, FTP and other utilities).
</table>

<li class="item"> <span class="high bold">QUERY-STRING=<span class="high italic">&lt;string&gt;</span> &ndash; </span>
Set the request's query string to that specified in the directive.  Overloads
any current query string.  Specify URL-encoded if the characters require it.

<li class="item"> <span class="high bold">PROXY=<span class="high italic">&lt;parameter&gt;</span> &ndash; </span>
Sets an aspect of proxy request processing.

<table class="tabl">
<tr class="tabr under">
<th class="tabh">Rule
<th class="tabh">Description
<tr class="tabr">
<tr class="tabr">
<td class="tabd">PROXY=[NO]AFFINITY
<td class="tabd">sets client to origin server affinity.
<tr class="tabr">
<td class="tabd">PROXY=BIND=<span class="high italic">&lt;ip-address&gt;</span>
<td class="tabd">makes outgoing proxy requests appear to
originate from this IP address.  Must be an address that the media can be bound
to.
<tr class="tabr">
<td class="tabd">PROXY=CHAIN=<span class="high italic">&lt;host:port&gt;</span>
<td class="tabd">makes outgoing proxy requests chain to
this up-stream proxy server.
<tr class="tabr">
<td class="tabd">PROXY=CHAIN=CRED=<span class="high italic">&lt;username:password&gt;</span>
<td class="tabd">provides proxy authentication
credentials to an up-stream proxy server.
<tr class="tabr">
<td class="tabd">PROXY=FORWARDED
<td class="tabd">controls generatation a proxy &quot;Forwarded:&quot; request
field.  This optional field contains information on the proxy server and as a
further option the client name or IP address.

<p> <ul class="list simple list0">
<li class="item">&quot;PROXY=NOFORWARDED&quot; disables
<li class="item">&quot;PROXY=FORWARDED[=BY]&quot; contains the <span class="high italic">by</span> component.
<li class="item">&quot;PROXY=FORWARDED=FOR&quot; contains <span class="high italic">by</span> and the
<span class="high italic">for</span> components (client host name).  Also used with WASD_TUNNEL (proxy
tunneling).
<li class="item">&quot;PROXY=FORWARDED=ADDRESS&quot; contains <span class="high italic">by</span> and the <span class="high italic">for</span> components
(client host address).  Also used with WASD_TUNNEL (proxy tunneling).
</ul>
<tr class="tabr">
<td class="tabd">PROXY=HEADER=<span class="high italic">&lt;name&gt;</span>[=<span class="high italic">&lt;string&gt;</span>]
<td class="tabd">removes or sets the value of the specified proxied request header.  Examples:

<p> <ul class="list simple list0">
<li class="item">&quot;PROXY=HEADER=referer&quot; would remove the
&quot;Referer:&quot; header field from the proxied request
<li class="item">&quot;PROXY=HEADER=referer=http://whatever/&quot; would set the
&quot;Referer:&quot; header field to the specified URL
<li class="item">&quot;PROXY=HEADER=user-agent=Nosey 1.0&quot; would set the
&quot;User-Agent:&quot; header field to the &quot;Nosey 1.0&quot;
</ul>
<tr class="tabr">
<td class="tabd">PROXY=REVERSE=[NO]AUTH
<td class="tabd">suppresses propogation of any &quot;Authorize&quot; header.
<tr class="tabr">
<td class="tabd">PROXY=REVERSE=LOCATION=<span class="high italic">&lt;string&gt;</span>
<td class="tabd">rewrites the matching &quot;Location:&quot; header field URL of a 302 response from an
internal, reverse-proxied server.
<tr class="tabr">
<td class="tabd">PROXY=REVERSE=[NO]VERIFY
<td class="tabd">sets a specialized authorization capability.  See
<a class="link blank" target="_blank" href="/wasd_root/src/httpd/proxyverify.c">WASD_ROOT:[SRC.HTTPD]PROXYVERIFY.C</a>
for further information.
<tr class="tabr">
<td class="tabd">PROXY=REWORK=<span class="high italic">&lt;string&gt;</span>
<td class="tabd">rework the response (see
<a class="link blank" target="_blank" href="../features/#reworkproxyresponse">Rework Proxy Response</a> of
<a class="link blank" target="_blank" href="../features/#0.">WASD Features and Facilities</a>).
<tr class="tabr">
<td class="tabd">PROXY=TUNNEL=REQUEST=<span class="high italic">&lt;string&gt;</span>
<td class="tabd">allows the originating end of a WASD tunnel to specify an HTTP request line or
even request header to be provided to the tunnel target end when the connection
is established.
<tr class="tabr">
<td class="tabd">PROXY=UNKNOWN
<td class="tabd">causes the server to propagate all request field provided by the client to the
proxied server (by default WASD only propagates those it recognises).
<tr class="tabr">
<td class="tabd">PROXY=XFORWARDEDFOR=<span class="high italic">&lt;keyword&gt;</span>
<td class="tabd">controls generation of a proxy &quot;X-Forwarded-For:&quot; request field.  This optional
field (a defacto standard originally from the <span class="high italic">Squid</span> caching package)
contains the name or IP address of the proxied client.

<p> <ul class="list simple list0">
<li class="item">&quot;PROXY=NOXFORWARDEDFOR&quot; disables
<li class="item">&quot;PROXY=XFORWARDEDFOR[=ENABLED]&quot; enables
<li class="item">&quot;PROXY=XFORWARDEDFOR=ADDRESS&quot; field contains client host address
<li class="item">&quot;PROXY=XFORWARDEDFOR=UNKNOWN&quot; field contains <span class="high italic">unknown</span> for the client
host name
</ul>

</table>

<li class="item"> <span class="high bold">PUT=<span class="high italic">&lt;parameter&gt;</span> &ndash; </span>
Per-path control over HTTP POST or PUT request body.

<table class="tabl">
<tr class="tabr under">
<th class="tabh">Rule
<th class="tabh">Description
<tr class="tabr">
<tr class="tabr">
<td class="tabd">PUT=MAX=<span class="high italic">&lt;integer&gt; &verbar; *</span>
<td class="tabd">Maximum number of kilobytes allowed for a request body, if &quot;*&quot; then
effectively unlimited (per-path equivalent of the global directive
[PutMaxKbytes]).
<tr class="tabr">
<td class="tabd">PUT=RFM=<span class="high italic">FIX512&verbar;STM&verbar;STMCR&verbar;STMLF&verbar;UDF</span>
<td class="tabd">When a request body is uploaded into the file-system and the content-type is
not text this determines the file record format. The precedence for determining
the created file record format is [AddType] RFM:, then any per-path PUT=RFM=
mapping rule, then [PutBinaryRFM], then the default of UDF.
</table>

<li class="item"> <span class="high bold">[NO]PROFILE &ndash; </span>
When using the server /PROFILE qualifier allow or disallow the authentication
profile when assessing access for a specific path.  Must be used in conjunction
with an equivalent authorisation rule (WASD_CONFIG_AUTH) flagging the profile
use against an equivalent path (see
<a class="link blank" target="_blank" href="../features/#sysuafsecurityprofile">SYSUAF Security Profile</a> of
<a class="link blank" target="_blank" href="../features/#0.">WASD Features and Facilities</a>).

<li class="item"> <span class="high bold">REGEX=<span class="high italic">&lt;keyword&gt;</span> &ndash; </span>
The default regular expression syntax is POSIX EGREP but can be specified on a
per-path basis  using one of the following keywords; AWK, ED, EGREP, GREP,
POSIX_AWK, POSIX_BASIC, POSIX_EGREP, POSIX_EXTENDED, POSIX_MINIMAL_BASIC,
POSIX_MINIMAL_EXTENDED, SED.  When changed from the default <span class="high italic">enabled</span> (WASD)
case-insensitivity is lost.  Reset expression syntax to global default using
<span class="high italic">regex=default</span>.  <span class="high bold">Note</span> that SETing the regular expression syntax in this
way adds overhead as each expression then needs to be regex-compiled with each
match.

<li class="item"> <span class="high bold">REPORT=<span class="high italic">&lt;parameter&gt;</span> &ndash; </span>
This setting allows error and other server-generated reports for any specified
path to changed between <span class="high italic">detailed</span> and <span class="high italic">basic</span>
(<a class="link" href="#2.10.1.basicanddetailed">2.10.1 Basic and Detailed</a>).

<table class="tabl">
<tr class="tabr under">
<th class="tabh">Rule
<th class="tabh">Description
<tr class="tabr">
<tr class="tabr">
<td class="tabd">REPORT=BASIC
<td class="tabd">include less detail in error message
<tr class="tabr">
<td class="tabd">REPORT=DETAILED
<td class="tabd">includes more detail
<tr class="tabr">
<td class="tabd">REPORT=TUNNEL
<td class="tabd">brief, non-HTML error messages suitable for proxy tunnel
<tr class="tabr">
<td class="tabd">REPORT=4<span class="high italic">&lt;nn&gt;</span>=<span class="high italic">&lt;nnn&gt;</span>
<td class="tabd">maps one 400 class HTTP
status to another (to conceal the true origins of some error messages)
</table>

<li class="item"> <span class="high bold">RMSCHAR=<span class="high italic">&lt;character&gt;</span> &ndash; </span> 
This setting applies to ODS-2 paths (the default) only.  Paths SET as ODS-5 do
not have this applied. During rule mapping of a path to a VMS file
specification, if an RMS-invalid character (e.g. &quot;+&quot;) or syntax (e.g. multiple
periods) is encountered  a dollar symbol is substituted in an attempt to make
it acceptable. This setting provides an alternate substitution character.  Any
general RMS-valid character may be specified (e.g. alpha-numeric, '&dollar;', '-' or
'_', although the latter three are probably the only REAL choices).  A single
character is required as in the following example, &quot;RMSchar=_&quot;.

<li class="item">
<span class="high bold">RESPONSE=<span class="high italic">&lt;parameter&gt;</span> &ndash;</span> Provides control of the response header and/or content.

<table class="tabl">
<tr class="tabr under">
<th class="tabh">Rule
<th class="tabh">Description
<tr class="tabr">
<tr class="tabr">
<td class="tabd">RESPONSE=CSP=<span class="high italic">&lt;parameter&gt;</span> <br>
RESPONSE=CSPRO=<span class="high italic">&lt;parameter&gt;</span>
<td class="tabd">see <a class="link" href="#3.10.contentsecuritypolicycsp">3.10 Content Security Policy (CSP)</a>
<tr class="tabr">
<td class="tabd">&nbsp;
<tr class="tabr">
<td class="tabd">RESPONSE=GZIP=<span class="high italic">&lt;keyword&gt;</span>
<td class="tabd">controls generation of GZIPed response bodies (<a class="link" href="#2.4.gzipencoding">2.4 GZIP Encoding</a>)

<p> <ul class="list simple list0">
<li class="item"> &quot;ALL&quot; suitable responses
<li class="item"> &quot;NONE&quot; of the responses
<li class="item"> &quot;<span class="high italic">integer</span>&quot; kilobytes, responses known to be this size or greater
</ul>
<tr class="tabr">
<td class="tabd"><span class="high nowrap">RESPONSE=HEADER=<span class="high italic">&lt;parameter&gt;</span></span>
<td class="tabd">changes the way in which a response header is generated by the server.

<table class="tabl">
<tr class="tabr under">
<th class="tabh">Rule
<th class="tabh">Description
<tr class="tabr">
<tr class="tabr">
<td class="tabd">RESPONSE=HEADER=BEGIN
<td class="tabd">suppresses the response header terminating
empty line so that the file or other resource can supply additional header
fields.  It, of course, must supply the header-terminating empty line before
beginning to supply the response body.
<tr class="tabr">
<td class="tabd">RESPONSE=HEADER=FULL
<td class="tabd">reverts to normal response header generation
behaviour.
<tr class="tabr">
<td class="tabd">RESPONSE=HEADER=NONE
<td class="tabd">suppresses the normal response header
generation.  It is considered the file or other resource contains and will
supply the full HTTP response (in a non-parse-header script fashion).
<tr class="tabr">
<td class="tabd">RESPONSE=HEADER=ADD=<span class="high italic">&lt;string&gt;</span>
<td class="tabd">appends the specified string to the response header.  Of course the string
should be a legitimate HTTP response field and value line.  This mapping can be
used to add a particular response directive to matching requests.

</table>
<tr class="tabr">
<td class="tabd">RESPONSE=VAR=<span class="high italic">&lt;parameter&gt;</span>
<td class="tabd">where a response is being provided from a variable-length record file each
record should be terminated as follows.

<table class="tabl">
<tr class="tabr under">
<th class="tabh">Rule
<th class="tabh">Description
<tr class="tabr">
<tr class="tabr">
<td class="tabd">RESPONSE=VAR=ASIS
<td class="tabd">return records exactly as they are on-disk
<tr class="tabr">
<td class="tabd">
<td class="tabd">(i.e. prefixed by the record length word)
<tr class="tabr">
<td class="tabd">RESPONSE=VAR=CRLF
<td class="tabd">carriage-return+line-feed (0x0D then 0x0A)
<tr class="tabr">
<td class="tabd">RESPONSE=VAR=LF
<td class="tabd">line-feed (0x0A) character (default)
<tr class="tabr">
<td class="tabd">RESPONSE=VAR=NONE
<td class="tabd">nothing should be appended to the record
</table>

</table>

<li class="item"> <span class="high bold">SCRIPT=<span class="high italic">&lt;parameter&gt;</span> &ndash; </span>
Provides controls over various aspects of the scripting environment.

<p> For scripting detail see the 
<a class="link blank" target="_blank" href="../scripting/#0.">WASD Scripting Environment</a>
document.

<table class="tabl">
<tr class="tabr under">
<th class="tabh">Rule
<th class="tabh">Description
<tr class="tabr">
<tr class="tabr">
<td class="tabd">SCRIPT=AS=<span class="high italic">&lt;parameter&gt;</span>
<td class="tabd">for non-server account scripting this rule allows the user account to be either 
explicitly specified or substituted through the use of the tilde character &quot;~&quot;
or the dollar &quot;&dollar;&quot;.
<tr class="tabr">
<td class="tabd">SCRIPT=BIT-BUCKET=<span class="high italic">&lt;hh:mm:ss&gt;</span>
<td class="tabd">specifies the period for which a script continues to execute if the client 
disconnects.  Overrides the WASD_CONFIG_GLOBAL [DclBitBucketTimeout]
configuration directive.
<tr class="tabr">
<td class="tabd">[NO]SCRIPT=BODY=DECODE
<td class="tabd">instructs the server to decode (un-chunk and/or un-GZIP) an encoded request
body before transfering it to the script.  The script must be aware of this and
change its processing accordingly. See <a class="link" href="#2.4.gzipencoding">2.4 GZIP Encoding</a>.
<tr class="tabr">
<td class="tabd">SCRIPT=CONTROL=<span class="high italic">&lt;string&gt;</span>
<td class="tabd">Supply the specified
string to the CGI processor as if the a script had  provided it using a
&quot;Script-Control:&quot; response header field.
<tr class="tabr">
<td class="tabd">SCRIPT=COMMAND=<span class="high italic">&lt;string&gt;</span>
<td class="tabd">allows additional parameters and qualifiers to be passed to the script 
activation command line.  First parameter must be an asterisk to use the server
resolved script command.  If the first parameter is not an asterisk it
substitutes for the script activation verb.  Subsequent parameters must be as
they would be used on the command line.  The following setting

<div class="blockof code">set /cgi-bin/example* script=command=&quot;*     /ONE /TWO=THREE FOUR&quot;
</div>

would result in the hypothetical script being command-line activated

<div class="blockof code">&dollar; EXAMPLE /ONE /TWO=THREE FOUR
</div>
<tr class="tabr">
<td class="tabd">SCRIPT=CPU=<span class="high italic">&lt;hh:mm:ss&gt;</span>
<td class="tabd">specifies that the server should not allow the script to use more than the
specified quantity of CPU time.  This is approximate, due to the way the server
administers scripting.  It can serve to prevent scripts from consuming
indefinite quantities of system resources.
<tr class="tabr">
<td class="tabd">SCRIPT=DEFAULT=<span class="high italic">&lt;string&gt;</span>
<td class="tabd">sets the default directory for the script environment (a SET DEFAULT
immediately prior to script activation).  This can be suppressed (for backward
compatibility purposes) using a &quot;#&quot; as the target directory. This string is
reflected in CGI variable SCRIPT_DEFAULT so that CGIplus script and RTE engines
can be informed of this setting for a particular script's environment. Unix
syntax paths may also be specified.  If the default begins with a &quot;/&quot; character
the SET DEFAULT is not performed but the SCRIPT_DEFAULT variable is set
appropriately allowing the equivalent of a <span class="high italic">chdir()</span> to be performed by the
scripting environment.
<tr class="tabr">
<td class="tabd">[NO]SCRIPT=FIND
<td class="tabd">by default the server always confirms the existance and accessability of a
script file by searching for it before attempting to activate it.  If it does
not exist it reports an error.  It may be possible a Run-Time Environment (RTE)
may require to access its own script file via a mechanism available only to
itself.  The server script search may be disabled by SETing the path as
<span class="high italic">nofind</span>, for example &quot;script=nofind&quot;.  The script path and filename is
directly passed to the RTE for it to process and activate.
<tr class="tabr">
<td class="tabd">SCRIPT=LIFETIME=<span class="high italic">&lt;hh:mm:ss&gt;</span>
<td class="tabd">provides a per-path (and hence per-script) value for a script process
<span class="high italic">zombie</span> (idle scripting process) or idle CGIplus and RTE process lifetime. 
This per-path SETing overrides the respective [DclZombieLifeTime] and
[DclCGIplusLifeTime] global directives.
<tr class="tabr">
<td class="tabd">SCRIPT=PARAM=<span class="high italic">&lt;name=value&gt;</span>
<td class="tabd">allows non-CGI environment variables to be associated with a particular script
path.  The name component becomes a variable containing the specified value
passed to the script.  Multiple, comma-separated <span class="high italic">name=value</span>  pairs may be
specified.  The value may be quoted.  The following path setting

<div class="blockof code">set /cgi-bin/example* &nbsp;
    script=params=(first=one,second=&quot;Two (and Three)&quot;)
</div>

would result in additional CGI variables available to the script

<div class="blockof code">WWW_FIRST == &quot;one&quot;
WWW_SECOND == &quot;Two (and Three)&quot;
</div>

<p> Multiple <span class="high italic">script=params</span> set against the one request override
previous settings unless the parameters are specified with a leading plus
symbol, as in


<div class="blockof code">set /cgi-bin/example*     script=params=+(third=three,fourth=&quot;number 4&quot;)
</div>
<tr class="tabr">
<td class="tabd">[NO]SCRIPT=PATH=FIND
<td class="tabd">directs the server to check for and report if the file specified in the path
does not exist before activating the script process.  Normally this would be
left up to the script.
<tr class="tabr">
<td class="tabd">[NO]SCRIPT=QUERY=NONE
<td class="tabd">saves a small amount of overhead by suppressing the decomposition of any query
string into key or form fields for those environments that do this for
themselves.
<tr class="tabr">
<td class="tabd">[NO]SCRIPT=QUERY=RELAXED
<td class="tabd">normally when the CGI variables are being prepared for a script and the query
string is parsed an error is reported if it uses <span class="high italic">x-www-form-urlencoded</span>
format and the encoding contains an error.  However some scripts use non-strict
encodings and this rule allows those scripts to receive the query strings
without the server complaining first.
<tr class="tabr">
<td class="tabd">[NO]SCRIPT=SYNTAX=UNIX
<td class="tabd">provides the SCRIPT_FILENAME and PATH_TRANSLATED CGI variables in Unix
file-system syntax rather than VMS file-system syntax (i.e.
/DEVICE/dir1/dir2/file.type rather than DEVICE:[DIR1.DIR2]FILE.TYPE).
<tr class="tabr">
<td class="tabd">[NO]SCRIPT=SYMBOL=TRUNCATE
<td class="tabd">allows otherwise aborted script processing to continue. Script CGI variables
are provided using DCL symbols.  With VMS V7.3-2 and later symbol capacity is
in excess of 8000 characters.  For VMS V7.3-1 and earlier it has a limit of
around 1000 characters.  If a symbol is too large the server by default aborts
the request generating a 500 HTTP status.  If the above mapping is made
(against the script path) excessive symbol values are truncated and such symbol
names placed into a special CGI variable named SERVER_TRUNCATE.
</table>

<li class="item"> <span class="high bold">[NO]SEARCH=NONE &ndash; </span>
Do not activate the automatic document search script for any query strings
associated with this path.

<li class="item"> <span class="high bold">SERVICE=<span class="high italic">&lt;string&gt;</span> </span>
When mapping is concluded move the request to this virtual service or to the
first virtual service matching a wildcarded specification.

<li class="item"> <span class="high bold">SSI=<span class="high italic">&lt;parameter&gt;</span> </span>
Controls aspects of Server-Side Include engine behaviour.

<table class="tabl">
<tr class="tabr under">
<th class="tabh">Rule
<th class="tabh">Description
<tr class="tabr">
<tr class="tabr">
<td class="tabd">[NO]SSI=PRIV
<td class="tabd">SSI documents cannot contain privileged directives (e.g. &lt;--#exec
... --&gt;) unless owned by SYSTEM ([1,4]) or are in path set as allowing these
directives.  Use SSI=priv to enable this, NOSSI=priv to disable. 
<span class="high bold">Caution:</span> these SSI directives are quite powerful, use great
care when allowing any particular document author or authors to use them.
<tr class="tabr">
<td class="tabd">SSI=EXEC=<span class="high italic">&lt;string&gt;</span>
<td class="tabd">where &lt;string&gt; is a comma-separated list of the #dcl parameters
permitted for the path allows fine-grained control of what capabilities are
enabled.  The parameter &quot;#&quot; enables SSI on a per-path basis.

<div class="blockof code">ssi=exec=say,show
ssi=exec=#
</div>

</table>

<li class="item"> <span class="high bold">SSLCGI=<span class="high italic">&lt;keyword&gt;</span> &ndash; </span>
Enables and sets the type of CGI variables used to represent a Secure
Sockets Layer (SSL) CGI variables.

<p> When enabling these variables it is advised to increase the WASD_CONFIG_GLOBAL
[BufferSizeDclCommand] and [BufferSizeCgiPlusIn] directives by approximately
2048.

<table class="tabl">
<tr class="tabr under">
<th class="tabh">Rule
<th class="tabh">Description
<tr class="tabr">
<tr class="tabr">
<td class="tabd">NOSSLCGI
<td class="tabd">disables the facility
<tr class="tabr">
<td class="tabd">SSLCGI=none
<td class="tabd">disables the facility
<tr class="tabr">
<td class="tabd">SSLCGI=Apache_mod_SSL
<td class="tabd">provides Apache mod_ssl style variables
<tr class="tabr">
<td class="tabd">SSLCGI=Apache_mod_SSL_extens
<td class="tabd">provides variables representing X509
V3 extensions from the server certificate
<tr class="tabr">
<td class="tabd">SSLCGI=Apache_mod_SSL_client
<td class="tabd">provides variables representing X509
V3 extensions from the client certificate
<tr class="tabr">
<td class="tabd">SSLCGI=Purveyor
<td class="tabd">provides Purveyor style variables
</table>

<li class="item"> <span class="high bold">[NO]STMLF &ndash; </span>
Specify files to be automatically converted to Stream-LF format. The default is
to ignore conversion. STMLF allows selected paths to be converted.

<li class="item"> <span class="high bold">THROTTLE=<span class="high italic">&lt;parameter&gt;</span> &ndash; </span>
Controls the concurrent number of scripts being processed on the path.

<p> See <a class="link" href="#2.5.requestthrottling">2.5 Request Throttling</a>.

<table class="tabl">
<tr class="tabr">
<th class="tabh">Rule
<th class="tabh">
<tr class="tabr">
<tr class="tabr">
<td class="tabd">THROTTLE=<span class="high italic">n[/u][,n,n,n,hh:mm:ss,hh:mm:ss]</span>
<td class="tabd">
<tr class="tabr">
<td class="tabd">THROTTLE=FROM=<span class="high italic">&lt;n&gt;</span>
<td class="tabd">
<tr class="tabr">
<td class="tabd">THROTTLE=USER=<span class="high italic">&lt;u&gt;</span>
<td class="tabd">
<tr class="tabr">
<td class="tabd">THROTTLE=TO=<span class="high italic">&lt;n&gt;</span>
<td class="tabd">
<tr class="tabr">
<td class="tabd">THROTTLE=RESUME=<span class="high italic">&lt;n&gt;</span>
<td class="tabd">
<tr class="tabr">
<td class="tabd">THROTTLE=BUSY=<span class="high italic">&lt;n&gt;</span>
<td class="tabd">
<tr class="tabr">
<td class="tabd">THROTTLE=TIMEOUT=QUEUE=<span class="high italic">&lt;hh:mm:ss&gt;</span>
<td class="tabd">
<tr class="tabr">
<td class="tabd">THROTTLE=TIMEOUT=BUSY=<span class="high italic">&lt;hh:mm:ss&gt;</span>
<td class="tabd"></table>

<li class="item"> <span class="high bold">TIMEOUT=<span class="high italic">&lt;parameter&gt;</span> &ndash; </span>
Sets the appropriate timeout period on a per-path basis.
The string &quot;none&quot; can be used to specify <span class="high italic">no timeout</span>.

<p> These parallel the respective configuration timeout periods.
See <a class="link" href="#6.2.alphabeticlisting">6.2 Alphabetic Listing</a>.

<table class="tabl">
<tr class="tabr under">
<th class="tabh">Rule
<th class="tabh">Description
<tr class="tabr">
<tr class="tabr">
<td class="tabd">TIMEOUT=<span class="high italic">&lt;hh:mm:ss&gt;,
&lt;hh:mm:ss&gt;,&lt;hh:mm:ss&gt;</span>
<td class="tabd">Keep-alive, then no-progress, then output timeouts.
<tr class="tabr">
<td class="tabd">TIMEOUT=KEEPALIVE=
<span class="high italic">&lt;hh:mm:ss&gt;</span>
<td class="tabd">Keep idle network connections alive for this long.
<tr class="tabr">
<td class="tabd">TIMEOUT=NOPROGRESS=
<span class="high italic">&lt;hh:mm:ss&gt;</span>
<td class="tabd">Terminate connection when no data is transferred to the client for this period.
<tr class="tabr">
<td class="tabd">TIMEOUT=OUTPUT=
<span class="high italic">&lt;hh:mm:ss&gt;</span>
<td class="tabd">Terminate connection after this period when no response data has been sent.
<tr class="tabr">
<td class="tabd">NOTIMEOUT
<td class="tabd">No timeouts are applied to the request.
</table>

<li class="item"> <span class="high bold">WEBDAV=<span class="high italic">&lt;parameter&gt;</span> &ndash; </span>
Controls aspects of WebDAV processing or behaviour.

<table class="tabl">
<tr class="tabr under">
<th class="tabh">Rule
<th class="tabh">Description
<tr class="tabr">
<tr class="tabr">
<td class="tabd">WEBDAV=[NO]ALL
<td class="tabd">all requests using WebDAV processing
(even if not WebDAV request)
<tr class="tabr">
<td class="tabd">WEBDAV=[NO]AUTH
<td class="tabd">authorise access using WebDAV rules
(even if not WebDAV request)
<tr class="tabr">
<td class="tabd">WEBDAV=[NO]HIDDEN
<td class="tabd">list (default) or hide U*x <span class="high italic">hidden</span>
files (i.e. those with names beginning with period)
<tr class="tabr">
<td class="tabd">WEBDAV=[NO]LOCK
<td class="tabd">allow/apply WebDAV locking to this path
<tr class="tabr">
<td class="tabd">WEBDAV=[NO]PROFILE
<td class="tabd">WebDAV access according to SYSUAF profile
<tr class="tabr">
<td class="tabd">WEBDAV=[NO]PROP
<td class="tabd">allow/apply WebDAV 'dead' property(ies) to this path
<tr class="tabr">
<td class="tabd">WEBDAV=[NO]PUT=LOCK
<td class="tabd">a resource must be locked before a PUT is allowed
<tr class="tabr">
<td class="tabd">WEBDAV=[NO]READ
<td class="tabd">WebDAV methods allowed read this tree
<tr class="tabr">
<td class="tabd">WEBDAV=[NO]SERVER
<td class="tabd">WebDAV access as server account (best effort)
<tr class="tabr">
<td class="tabd">WEBDAV=[NO]WINPROP
<td class="tabd">when NOWINPROP windows properties are ignored and emulated
<tr class="tabr">
<td class="tabd">WEBDAV=[NO]WRITE
<td class="tabd">WebDAV methods allowed write to this path (implied read)
<tr class="tabr">
<td class="tabd">WEBDAV=LOCK=TIMEOUT=DEFAULT=
<td class="tabd">hh:mm:ss
<tr class="tabr">
<td class="tabd">WEBDAV=LOCK=TIMEOUT=MAX=
<td class="tabd">hh:mm:ss
<tr class="tabr">
<td class="tabd">WEBDAV=META=DIR=
<td class="tabd">per-path equivalent of global [WebDAVmetaDir]
</table>

<li class="item"> <span class="high bold">WEBSOCKET=<span class="high italic">&lt;parameter&gt;</span> &ndash; </span>
Controls aspects of WebSocket processing or behaviour.

<table class="tabl">
<tr class="tabr under">
<th class="tabh">Rule
<th class="tabh">Description
<tr class="tabr">
<tr class="tabr">
<td class="tabd">WEBSOCKET=INPUT=<span class="high italic">integer</span>
<td class="tabd">Specifies the size of the WEBSOCKET_INPUT mailbox buffer; in bytes.
<tr class="tabr">
<td class="tabd">WEBSOCKET=OUTPUT=<span class="high italic">integer</span>
<td class="tabd">Specifies the size of the WEBSOCKET_OUTPUT mailbox buffer; in bytes.
</table>

</ul>

<p> Of course, as with all mapping rules, paths containing file types
(extensions) may be specified so it is quite easy to apply settings to
particular groups of files.  Multiple settings may be made against the one
path, merely separate set directives from each other with white-space. If a
setting string is required to contain white-space enclose the string with
single or double quotes, or curly brackets.  The following example gives a
small selection of potential uses.

<div class="blockof code"># examples of SET rule usage
# --------------------------
# disable caching for selected paths
set /wasd_root/src/* NOcache
set /sys&dollar;common/* NOcache
# enable stream-LF conversion in selected directory trees
set /web/* stmlf
set /wasd_root/* stmlf
# respond with Cyrillic character set(s) from relevant directories
set /*/8859-5/* charset=ISO-8859-5
set /*/koi8-r/* charset=KOI8-R
# the Sun Java tutorial when UNZIPped contains underscores for invalid characters
set /vms/java/tutorial/* RMSchar=_
# if a request has &quot;/plain-text/&quot; in its path then ALWAYS return as plain-text!
set /*/plain-text/* content=text/plain
map /*/plain-text/* /*/*
# same for &quot;/binary/&quot;
set /*/binary/* content=text/plain
map /*/binary/* /*/*
# indicate extended file specifications on this path
set /Documents/* ODS=5
pass /Documents/* /ods5_device/Documents/*
# throttle this script's execution, 5 executing, unlimited waiting
set /cgi-bin/big_script* throttle=5
# disable server script search for this RTE
set /onerte/*  script=nofind
exec /onerte/* (CGI-BIN:[000000]ONERTE.EXE)/wasd_root/src/one/*
</div>

<a id="10.5.5.0.1" href="#"></a>
<a id="10.5.5.postfixsetrule" href="#"></a>
<a id="postfixsetrule" href="#"></a>
<h5 class="head"><span class="text">Postfix SET Rule</span></h5>

<p> Path SETings may appended to any rule that contains both a template and
result.  This makes it possible to apply path SETings using matching final
rules.  For example a matching PASS rule does not require a separate, preceding
SET rule containing the same path to also apply required SETings.  This is more
efficient (requiring less pattern matching) and tends to make the rule set less
cluttered.

<div class="blockof code"># examples of postfix SET rule usage
# ----------------------------------
# if a request has &quot;/plain-text/&quot; in its path then ALWAYS return as plain-text!
map /*/plain-text/* /*/* content=text/plain
# same for &quot;/binary/&quot;
map /*/binary/* /*/* content=text/plain
# indicate extended file specifications on this path
pass /Documents/* /ods5_device/Documents/* ODS=5
# throttle this script's execution, 5 executing, unlimited waiting
script /big_script* /cgi-bin/big_script* throttle=5
</div>

<a id="10.6" href="#"></a>
<a id="10.6.reversemapping" href="#"></a>
<a id="reversemapping" href="#"></a>
<h2 class="head"><span class="numb">10.6</span><span class="text">Reverse Mapping</span></h2>

<p> Path mapping is required to get from web-space into file-space, and that
mapping is not <span class="high italic">necessarily</span> one-to-one.  That is, /web/doc/ may not be
WEB:[DOC] but for example, DKA0:[WEB.DOC] so that mapping would be

<div class="blockof code">pass /web/* /dka0/web/*
</div>

<p> Mapping paths in reverse is needed to get something like
DKA0:[WEB.DOC]THIS.TXT (that may come from a &dollar;SEARCH result) back into the
web-space of /web/doc/this.txt.  So WASD needs paths that may be mapped using
the <span class="high italic">result</span> back to the <span class="high italic">template</span>.  In simple mappings the one rule can
serve both purposes.  In some situations explicit, extra rules are needed.

<p> The above example is trivial, and if WASD needs to turn something like
DKA0:[DOC]THIS.TXT into a web-space representation (URI) it makes the
file-space specification into URI syntax (i.e. /dka0/web/doc/this.txt) and then
scans the rules comparing that to <span class="high italic">result</span> strings in the MAP rules.   When
one matches, the <span class="high italic">template</span> component is used to generate a web-space
representation - the reverse of what was done when the request was initially
being processed.

<p> The non-trivial example is often associated with concealed, search-list
devices.  For example, the somewhat contrived

<div class="blockof code">&dollar; DEFINE /SYSTEM /TRANSLATION=CONCEALED WEB DKA100:[WEB1.],DKA200:[WEB2.]
</div>

with which the mapping from web- to file-space can be

<div class="blockof code">pass /web/* /web/*
</div>

using the logical device, and quite naturally maps into file-space.  WASD's
file-system actions are complex and low-level, often needing to access to the
underlying device (and so tend to &dollar;PARSE NOCONCEAL).  Results from the above
mapping can come back DKA100:[WEB1]THIS.TXT and DKA200:[WEB2]THAT.TXT and so
the above mapping can't be used to get back into web-space because there is no
<span class="high italic">template</span> with a matchable rule.

<p> In such a case there is a need to add explicit reverse-mapping rules (often
immediately following the forward mapping rule for convenience of grouping, but
rules are also a little position sensitive so some skill is required) for the
purpose of getting the underlying file specifications into a form for web
consumption.  In the above scenario an example would be

<div class="blockof code">pass /web/* /web/*
pass /web/* /dka100/web1/*
pass /web/* /dka200/web2/*
</div>

where the latter two are never hit during forward mapping (because the first
rule will always map a request URI beginning /web/...) but will be hit during
reverse-mapping.  If a reverse mapping exhausts the rules before finding a
match the NO:[REVERSE.MAPPING.FOR.THIS]FILE.PATH! mapping is explicitly
generated.

<p> It is not always straight-forward and sometimes a decision is necessary
about how the web-space is to be presented to the clients.  For instance, while
you easily can have multiple web-space views of the one file-space area, it is
less straight-forward to have multiple web-space reverse mappings of the one
file-space (as normally only the first matching rule will ever be
reverse-mapped).

<a id="10.7" href="#"></a>
<a id="10.7.mappingexamples" href="#"></a>
<a id="mappingexamples" href="#"></a>
<h2 class="head"><span class="numb">10.7</span><span class="text">Mapping Examples</span></h2>

<p> The example
<a class="link blank" target="_blank" href="/wasd_root/example/wasd_config_map.conf">mapping rule file</a> for the WASD
HTTP server can be viewed.

<a id="10.7.0.0.1" href="#"></a>
<a id="10.7.exampleofmaprule" href="#"></a>
<a id="exampleofmaprule" href="#"></a>
<h5 class="head"><span class="text">Example of <span class="high bold">Map</span> Rule</span></h5>

<p> The <span class="high italic">result</span> string of these rules may or may not correspond to  to a VMS
physical file system path.  Either way the resulting rule is further  processed
before passing or failing. 

<ol class="list">

<li class="item"> The following example shows a path &quot;/web/unix/shells/c&quot; being mapped to
&quot;/web/software/unix/scripts/c&quot;, with this being used to process further rules. 

<div class="blockof code">map /web/unix/* /web/software/unix/*
</div>

</ol>

<a id="10.7.0.0.2" href="#"></a>
<a id="10.7.examplesofpassrule" href="#"></a>
<a id="examplesofpassrule" href="#"></a>
<h5 class="head"><span class="text">Examples of <span class="high bold">Pass</span> Rule</span></h5>

<ol class="list">

<li class="item"> This example shows a path &quot;/web/rts/home.html&quot; being mapped to
&quot;/user&dollar;rts/web/home.html&quot;, and this returned as the mapped path.

<div class="blockof code">pass /web/rts/* /user&dollar;rts/web/*
</div>

<li class="item"> This maps a path &quot;/icon/bhts/dir.gif&quot; to &quot;/web/icon/bhts/dir.gif&quot;, and
this returned as the mapped path.

<div class="blockof code">pass /icon/bhts/* /web/icon/bhts/*
</div>

<li class="item"> This example illustrates HTTP status code mapping. Each of these does
basically the same thing, just using one of the three possible delimiters
according to the characters required in the message. The server generates a 403
response with has as its text the following message. (Also see the conditional
mapping examples.)

<div class="blockof code">pass /private/* &quot;403 Can't go in there!&quot;
pass /private/* '403 &quot;/private/&quot; is off-limits!'
pass /private/* {403 Can't go into &quot;/private/&quot;}
</div>

</ol>

<a id="10.7.0.0.3" href="#"></a>
<a id="10.7.examplesoffailrule" href="#"></a>
<a id="examplesoffailrule" href="#"></a>
<h5 class="head"><span class="text">Examples of <span class="high bold">Fail</span> Rule</span></h5>

<ol class="list">

<li class="item"> If a URL path &quot;/web/private/home.html&quot; is being mapped the path
would immediately be failed.

<div class="blockof code">fail /web/private/*
</div>

<li class="item"> To ensure all access fails, other than that explicitly passed, this entry 
should be included the the rules. 

<div class="blockof code">fail /*
</div>

</ol>

<a id="10.7.0.0.4" href="#"></a>
<a id="10.7.examplesofexecandscriptrules" href="#"></a>
<a id="examplesofexecandscriptrules" href="#"></a>
<h5 class="head"><span class="text">Examples of <span class="high bold">Exec</span> and <span class="high bold">Script</span> Rules</span></h5>

<ol class="list">

<li class="item"> If a URL path &quot;/htbin/ismap/web/example.conf&quot; is being mapped the
&quot;/wasd_root/script/&quot; must be the URL format equivalent of the physical
VMS specification for the directory locating the script DCL procedure. The
&quot;/web/example.conf&quot; that followed the &quot;/htbin/ismap&quot; in the
original URL becomes the translated path for the script.

<div class="blockof code">exec /cgi-bin/* /cgi-bin/*
</div>

<li class="item"> If a URL path &quot;/pl-bin/example/this/directory/and-file.txt&quot; is being
mapped the script name and filename become &quot;/pl-bin/example&quot; and
&quot;WASD_ROOT:[SRC.PERL]EXAMPLE.PL&quot; respectively, the path information and
translated become &quot;/this/directory/and-file.txt&quot; and
&quot;THIS:[DIRECTORY]AND-FILE.TXT&quot;, and the interpreter (run-time environment)
activated to interpret the script is CGI-BIN:[000000]PERLRTE.EXE.

<div class="blockof code">exec /pl-bin/* (cgi-bin:[000000]perlrte.exe)/wasd_root/src/perl/*
</div>

<li class="item"> If a URL path &quot;/conan/web/example.hlb&quot; is being  mapped the
&quot;/wasd_root/script/conan&quot; must be the URL format equivalent of  the physical
VMS specification for the DCL procedure.  The  &quot;/web/example.hlb&quot; that followed
the  &quot;/conan/&quot; in the original URL becomes the translated path  for the script.

<div class="blockof code">script /conan* /wasd_root/script/conan*
</div>

</ol>

<a id="10.7.0.0.5" href="#"></a>
<a id="10.7.examplesofredirectrule" href="#"></a>
<a id="examplesofredirectrule" href="#"></a>
<h5 class="head"><span class="text">Examples of <span class="high bold">Redirect</span> Rule</span></h5>

<ol class="list">

<li class="item"> If a URL path &quot;/AnotherGroup/this/that/other.html&quot; is  being mapped the
URL would be redirected to &quot;http://host/this/that/other.html&quot;

<div class="blockof code">redirect /AnotherGroup/* http://host/group/*
</div>

<li class="item"> If a cleartext service (http://) is deprecated and all requests to it
should instead be redirected to a secure service (https://)

<div class="blockof code">[[the.host.name:80]]
redirect /* https:///*?
</div>

<p> And to a non-standard port number

<div class="blockof code">[[the.host.name:80]]
redirect /* https://:4443/*?
</div>

</ol>

<a id="10.8" href="#"></a>
<a id="10.8.virtualservers" href="#"></a>
<a id="virtualservers" href="#"></a>
<h2 class="head"><span class="numb">10.8</span><span class="text">Virtual Servers</span></h2>

<p> As described in <a class="link" href="#2.3.virtualservices">2.3 Virtual Services</a>, virtual service syntax may be used
with mapping rules to selectively apply rules to one specific service.  This
example provides the essentials of using this syntax.  Note that
service-specific and service-common rules may be mixed in any order allowing
common mappings (e.g. for scripting) to be shared.

<div class="blockof code"># a mapping rule example of virtual servers
[[alpha.domain.name:80]]
# ALPHA is the only service allowing access to VMS help directory
pass /sys&dollar;common/syshlp/*
[[beta.domain.name:80]]
# good stuff is only available from BETA
pass /good-stuff/*
# BETA has its own error report format, the others share one
pass /errorreport /httpd/-/errorreportalpha.shtml  
[[gamma.domain.name:80]]
# gamma responds with documents using the Cyrillic character set
set /* charset=ISO-8859-5
[[*]]
# common file and script mappings
exec /cgi-bin/* /cgi-bin/*
exec+ /cgiplus-bin/* /cgi-bin/*
script+ /help/* /cgiplus-bin/conan/*
pass /errorreport /httpd/-/errorreport.shtml  
# now the base directories for all documents
[[alpha.domain.name:80]]
/* /web/alpha/*
[[beta.domain.name:80]]
/* /web/beta/*
[[gamma.domain.name:80]]
/* /web/gamma/*
[[*]]
# catch-all rule (just in case :-)
pass /* /web/*
</div>

<p> The Server Administration page WATCH report provides the capability to view
the rule  databse as well as rule mapping during actual request processing,
using the WATCH facility.

<a id="10.9" href="#"></a>
<a id="10.9.conditionalmapping" href="#"></a>
<a id="conditionalmapping" href="#"></a>
<h2 class="head"><span class="numb">10.9</span><span class="text">Conditional Mapping</span></h2>

<div class="note">
<a id="10.9.0.0.1" href="#"></a>
<a id="10.9.deprecatedanddiscouraged" href="#"></a>
<a id="deprecatedanddiscouraged" href="#"></a>
<h5 class="head center"><span class="text">Deprecated and Discouraged</span></h5>
<hr class="note_hr">
See <a class="link" href="#5.conditionalconfiguration">5. Conditional Configuration</a> for current funtionality.

<p> As this has been deprecated for some years now the documentation for this
functionality has been removed.

<p> For backward-reference see the &quot;WASD Hypertext Services - Technical
Overview&quot; document for release v9.3 or earlier.

<hr class="note_hr">
</div>

<a id="10.9.0.0.1.1" href="#"></a>
<a id="10.9.mappinguserdirectories" href="#"></a>
<a id="mappinguserdirectories" href="#"></a>
<h6 class="head display0"><span class="text">Mapping User Directories</span></h6>
<a id="10.10" href="#"></a>
<a id="10.10.mappinguserdirectoriestildecharacterquotquot" href="#"></a>
<a id="mappinguserdirectoriestildecharacterquotquot" href="#"></a>
<h2 class="head"><span class="numb">10.10</span><span class="text">Mapping User Directories (<span class="high italic">tilde</span> character (&quot;~&quot;))</span></h2>
 
<p> The convention for specifying user web areas is &quot;/~username/&quot;.  The basic
idea is that the user's web-available file-space is mapped into the request in
place of the tilde and username.

<a id="10.10.1" href="#"></a>
<a id="10.10.1.usingthesysuaf" href="#"></a>
<a id="usingthesysuaf" href="#"></a>
<h3 class="head"><span class="numb">10.10.1</span><span class="text">Using The SYSUAF</span></h3>

<p> The USER rule maps a VMS user account default device and directory (i.e.
<span class="high italic">home</span> directory) into a request path (<a class="link" href="#10.5.3.userrule">10.5.3 USER Rule</a>).  That is, the base
location for the request  is obtained from the VMS systems SYSUAF file.  A
user's home directory information is cached, to reduce load on the
authorization databases.  As this information is usually quite static there is
no timeout period on such information (although it may be flushed to make room
for other user's).  Cache contents is include in the Mapping Rules Report and
is implicitly flushed when the server's rules are reloaded.

<p> The following is a typical usage of the rule.

<div class="blockof code">USER  /~*/*  /*/www/*
</div>

<p> Note the &quot;/www&quot; subdirectory component.  It is <span class="high bold">stongly recommended</span> that
users never be mapped into their top-level, but into a web-specific
subdirectory.  This effectively &quot;sandboxes&quot; Web access to that subdirectory
hierarchy, allowing the user privacy elsewhere in the home area.

<p> To accomodate request user paths that do not incorporate a trailing
delimiter after the username the following redirect may be used to cause the
browser to re-request with a more appropriate path (make sure it follows the
USER rule).

<div class="blockof code">REDIRECT  /~*  ///~*/
</div>

<p> WASD also &quot;reverse maps&quot; VMS specifications into paths and so requires
additional rules to provide these mappings.  (Reverse mapping is required
during directory listings and error reporting.)  For the continuing example the
following rules would be required (and in the stated order).

<div class="blockof code">USER  /~*/*  /*/www/*
REDIRECT  /~*  ///~*/
PASS  /~*/*  /user&dollar;disk/*/www/*
</div>

<p> Where user home directories are spread over multiple devices (physical or
concealed logical) a reverse-mapping rule would be required for each. Consider
the following situation, where user directories are distributed across these
devices (concealed logicals)

<div class="blockof code">USER&dollar;GROUP1:
USER&dollar;GROUP2:
USER&dollar;GROUP2:
USER&dollar;OTHER:
</div>

<p> This would require the following mapping rules (in the stated order).

<div class="blockof code">USER  /~*/*  /*/www/
PASS  /~*/*  /user&dollar;group1/*/www/*
PASS  /~*/*  /user&dollar;group2/*/www/*
PASS  /~*/*  /user&dollar;group3/*/www/*
PASS  /~*/*  /user&dollar;other/*/www/*
</div>

<p> Accounts with a search list as a default device (e.g. SYS&dollar;SYSROOT) present
particular complications in this schema and should be avoided.

<div class="note"><a id="10.10.1.0.0.1" href="#"></a>
<a id="10.10.1.note" href="#"></a>
<a id="note" href="#"></a>
<h5 class="head center"><span class="text">Note</span></h5>
<hr class="note_hr">

Accounts that possess SYSPRV, are CAPTIVE, have been DISUSERED or that have
expired passwords will not be mapped.  A &quot;directory not found&quot; error report is
returned.  This error was chosen to make it to make more difficult  to <span class="high italic">probe</span>
the authorization environment, determining whether accounts exist or not.
<hr class="note_hr">
</div>

<p> Of course vanilla mapping rules may be used to provide for special cases. 
For instance, if there is requirement for a particular, privileged account to
have a user mapping that could be provided as in the following (rather
exagerated) example.

<div class="blockof code">PASS  /~system/*  /sys&dollar;common/sysmgr/www/*
USER  /~*/*  /*/www/
PASS  /~*/*  /user&dollar;disk/*/www/*
</div>

<a id="10.10.1.0.1" href="#"></a>
<a id="10.10.1.useraccountscripting" href="#"></a>
<a id="useraccountscripting" href="#"></a>
<h5 class="head"><span class="text">User Account Scripting</span></h5>

<p> In some situations it may be desirable to allow the average Web user to
experiment with or implement scripts.  With WASD 7.1 and later, and VMS V6.2
and later, this is possible.  Detached scripting must be enabled, the /PERSONA
startup qualifier used, and appropriate mapping rules in place.  If the SET
&quot;script=as=&quot; mapping rule specifies a tilde character then for a user request
the mapped SYSUAF username is substituted.

<p> The following example shows the essentials of setting up a user environment
where access to a subdirectory in the user's home directory, [.WWW] with
script's located in a subdirectory of that, [.WWW.CGI-BIN].

<div class="blockof code">UXEC  /~*/cgi-bin/*  /*/www/cgi-bin/*  script=as=~ 
USER  /~*/*  /*/www/*
REDIRECT  /~*  /~*/
PASS  /~*/*  /dka0/users/*/*
</div> 

<p> For more detailed information see the &quot;Scripting Overview, Introduction&quot;.

<a id="10.10.2" href="#"></a>
<a id="10.10.2.withoutusingthesysuaf" href="#"></a>
<a id="withoutusingthesysuaf" href="#"></a>
<h3 class="head"><span class="numb">10.10.2</span><span class="text">Without Using The SYSUAF</span></h3>

<div class="note"><a id="10.10.2.0.0.1" href="#"></a>
<a id="10.10.2.note" href="#"></a>
<a id="note" href="#"></a>
<h5 class="head center"><span class="text">Note</span></h5>
<hr class="note_hr">


See <a class="link" href="#10.9.mappinguserdirectories">&lsquo;Mapping User Directories&rsquo; in 10.9 Conditional Mapping</a> for current funtionality.

<p> As this has been deprecated for some years now the documentation for this
functionality has been removed.

<p> For backward-reference see the &quot;WASD Hypertext Services - Technical
Overview&quot; document for release v9.3 or earlier.

<hr class="note_hr">
</div>

<a id="10.11" href="#"></a>
<a id="10.11.crossoriginresourcesharing" href="#"></a>
<a id="crossoriginresourcesharing" href="#"></a>
<h2 class="head"><span class="numb">10.11</span><span class="text">Cross Origin Resource Sharing</span></h2>

<p> Cross-site HTTP requests are HTTP requests for resources from a domain
different to the domain of the resource making the request.  For instance, a
resource loaded from domain one (http://domain.example) such as an HTML web
page, makes a request for a resource on domain two (http://domain.foo), such as
an image, using the img element (http://domain.foo/image.jpg).  This occurs
very commonly on the web today.  Pages load a number of resources in a
cross-site manner, including CSS stylesheets, images and scripts, and other
resources.

<p> Cross-site HTTP requests initiated from within browser-based applications
have been subject to well-known restrictions, for well-understood security
reasons.  In particular, this meant that an actively processing web application
could only make HTTP requests to the domain it was loaded from, and not to
other domains.  Developers expressed the desire to safely evolve capabilities
to make cross-site requests, for better, safer web applications.  The Web
Applications Working Group within the W3C has recommended the new Cross-Origin
Resource Sharing (CORS) mechanism, which provides a way for web servers to
support cross-site access controls, which enable secure cross-site data
transfers.

<a id="10.11.0.0.1" href="#"></a>
<a id="10.11.basicreferences" href="#"></a>
<a id="basicreferences" href="#"></a>
<h5 class="head"><span class="text">Basic References</span></h5>

<p> This section is not a CORS reference, just the WASD implementation. 
Readers are referred to more authoritative CORS resources.

<ul class="list simple list0">
<li class="item"> <a class="link blank" target="_blank" href="http://www.w3.org/TR/cors/">http://www.w3.org/TR/cors/</a>
<li class="item"> <a class="link blank" target="_blank" href="http://www.html5rocks.com/en/tutorials/cors/">http://www.html5rocks.com/en/tutorials/cors/</a>
<li class="item"> <a class="link blank" target="_blank" href="http://en.wikipedia.org/wiki/Cross-origin_resource_sharing">http://en.wikipedia.org/wiki/Cross-origin_resource_sharing</a>
<li class="item"> <a class="link blank" target="_blank" href="http://developer.mozilla.org/en-US/docs/HTTP/Access_control_CORS">http://developer.mozilla.org/en-US/docs/HTTP/Access_control_CORS</a>
</ul>

<a id="10.11.0.0.2" href="#"></a>
<a id="10.11.wasdcors" href="#"></a>
<a id="wasdcors" href="#"></a>
<h5 class="head"><span class="text">WASD CORS</span></h5>

<p> WASD supports CORS using mapping rules.  This means cross-origin requests
are evaluated prior to accessing any resources or activating any scripts, etc.
If the request has an &quot;Origin: ..&quot; header and the path has been <span class="high italic">set
cors=origin=..</span> the server performs preflighted and request checks.  If CORS
authorised adds CORS response headers.  If not CORS authorised adds nothing. 
Some significant understanding of the purpose and operation of CORS is required
to tailor the provision of the required response headers.

<table class="tabl">
<tr class="tabr under">
<th class="tabh">Rule
<th class="tabh">Description
<tr class="tabr">
<tr class="tabr">
<td class="tabd">CORS=AGE=<span class="high italic">integer seconds</span>
<td class="tabd">Access-Control-Max-Age: response header
<tr class="tabr">
<td class="tabd">CORS=CRED=<span class="high italic">true&verbar;false</span>
<td class="tabd">Access-Control-Allow-Credentials: response header
<tr class="tabr">
<td class="tabd">CORS=EXPOSE=<span class="high italic">header[,header2,header3]</span>
<td class="tabd">Access-Control-Expose-Headers: response header
<tr class="tabr">
<td class="tabd">CORS=HEADERS=<span class="high italic"></span>
<td class="tabd">Access-Control-Allow-Headers: response header
<tr class="tabr">
<td class="tabd">CORS=METHODS=<span class="high italic">method[,method2,method3]</span>
<td class="tabd">Access-Control-Allow-Methods: response header
<tr class="tabr">
<td class="tabd">CORS=ORIGIN=<span class="high italic">URL</span>
<td class="tabd">Access-Control-Allow-Origin: response header
</table>

<a id="10.11.0.0.3" href="#"></a>
<a id="10.11.wasdcorsexamples" href="#"></a>
<a id="wasdcorsexamples" href="#"></a>
<h5 class="head"><span class="text">WASD CORS Examples</span></h5>

<ol class="list">

<li class="item">
<p> For a request containing

<div class="blockof code">OPTIONS /resources/post-here/ HTTP/1.1
Host: bar.other
&hellip;
Origin: http://foo.example
Access-Control-Request-Method: POST
Access-Control-Request-Headers: X-PINGOTHER
</div> 

with the mapping rules

<div class="blockof code">SET /resources/post-here/*     CORS=origin=* CORS=methods=POST,GET,OPTIONS     CORS=headers=X-PINGOTHER CORS=age=3600
</div> 

would produce a response

<div class="blockof code">HTTP/1.1 200 OK
&hellip;
Content-Length: 0
Connection: Keep-Alive
Content-Type: text/plain
Access-Control-Allow-Origin: http://foo.example
Access-Control-Allow-Methods: POST, GET, OPTIONS
Access-Control-Allow-Headers: X-PINGOTHER
Access-Control-Max-Age: 3600
</div> 

<li class="item">
<p> For a request containing

<div class="blockof code">GET /resources/credentials/ HTTP/1.1
Host: bar.other
&hellip;
Connection: keep-alive
Referer: http://foo.example/examples/credential.html
Origin: http://foo.example
</div> 
 with the mapping rules

<div class="blockof code">SET /resources/credentials/*     CORS=origin=http://foo.example CORS=credEntials=true
</div> 
 would produce a response

<div class="blockof code">HTTP/1.1 200 OK
&hellip;
Content-Length: 106
Connection: Keep-Alive
Content-Type: text/plain
Access-Control-Allow-Origin: http://foo.example
Access-Control-Allow-Credentials: true

&hellip;
</div> 

</ol>

<!-- source:1300_AUTHORIZATION.WASDOC -->
<hr class="page">
<a id="11." href="#"></a>
<a id="11.authorizationconfigurationbasics" href="#"></a>
<a id="authorizationconfigurationbasics" href="#"></a>
<h1 class="head"><span class="numb">11.</span><span class="text">Authorization Configuration (Basics)</span></h1>

<table class="TOC2table">
<tr><td><a href="#11.1.sysuafidentifierauthentication"><span class="numb">11.1</span><span class="text">SYSUAF/Identifier Authentication</span></a>
<tr><td><a href="#11.2.otherauthentication"><span class="numb">11.2</span><span class="text">Other Authentication</span></a>
<tr><td><a href="#11.3.readandwritegroupings"><span class="numb">11.3</span><span class="text">Read and Write Groupings</span></a>
<tr><td><a href="#11.4.considerations"><span class="numb">11.4</span><span class="text">Considerations</span></a>
</table>
</div>

<table class="NAVtable NAVprint"><tr>
<td><a href="javascript:window.history.back();">&#8617;&#xFE0E;</a>
<td><a href="#10.">&#8598;&#xFE0E;</a>
<td><a href="#0.">&#8593;&#xFE0E;</a>
<td><a href="#12.">&#8600;&#xFE0E;</a>
<td><a href="javascript:window.history.forward();">&#8618;&#xFE0E;</a>
</table>

<p> WASD offers a comprehensive and versatile authentication and authorization
environment.  A little too comprehensive, often leaving the new administrator
wondering where to begin.  The role of this chapter is to provide a starting
place, especially for sources of authentication, along with some basic
configurations.
<a class="link blank" target="_blank" href="../features/#authenticationandauthorization">Authentication and Authorization</a> of
<a class="link blank" target="_blank" href="../features/#0.">WASD Features and Facilities</a>
contains a detailed explanation of all
aspects.  All examples here assume a standard installation and environment.

<p> Just to clarify. <span class="high bold">Authentication</span> is the verification of a user's identity,
usually through username/password credentials. <span class="high bold">Authorization</span> is allowing a
certain action to be applied to a particular path based on that identity.

<p> Changes to the authorization configuration file can be validated at the
command-line before reload or restart.  This detects and reports any
syntactical and configuration errors but of course cannot check the
<span class="high italic">intent</span> of the rules.

<div class="blockof code">&dollar; HTTPD /DO=AUTH=CHECK
</div>

<p> If additional server startup qualifiers are required to enable specific
authorization features then these must also be provided when checking.  For
example:

<div class="blockof code">&dollar; HTTPD /DO=AUTH=CHECK /SYSUAF /PROFILE
</div>

<p> A server's currently loaded authorization rules may also be interrogated
from the Server Administration menu (see
<a class="link blank" target="_blank" href="../features/#serveradministration">Server Administration</a> of
<a class="link blank" target="_blank" href="../features/#0.">WASD Features and Facilities</a>).

<a id="11.1" href="#"></a>
<a id="11.1.sysuafidentifierauthentication" href="#"></a>
<a id="sysuafidentifierauthentication" href="#"></a>
<h2 class="head"><span class="numb">11.1</span><span class="text">SYSUAF/Identifier Authentication</span></h2>

<p> This setup allows any active account to authenticate using the local VMS
username and password.  By default not every account may authenticate this way,
only those holding specified VMS rights identifiers.  The examples provided in
this section allows access to the WASD online Server Administration facility,
and so may be followed specifically for that purpose, as well as serve as a
general guide.

<ul class="list">

<li class="item"> Define the following logical before calling the server startup
procedure.  To make such a definition permanent add it to the system or Web
environment startup procedures.  This logical contains a startup qualifier that
configures the server to allow authentication from the SYSUAF, using VMS rights
identifiers
(<a class="link blank" target="_blank" href="../features/#authenticationpolicy">Authentication Policy</a> of
<a class="link blank" target="_blank" href="../features/#0.">WASD Features and Facilities</a>).

<div class="blockof code">&dollar; DEFINE /SYSTEM WASD_STARTUP_SERVER &quot;/SYSUAF=ID&quot;
&dollar; @<span class="high italic">device</span>:[WASD_ROOT.LOCAL]STARTUP.COM
</div>

After a change to a command-line qualifier of the server such as the above
it needs to be restarted using the following directive.

<div class="blockof code">&dollar; HTTPD/DO=RESTART
</div>

<li class="item"> Decide on an identifier name.  This can be an existing identifier, or
one created for the purpose.  For this example the identifier will be
&quot;WASD_WEBADMIN&quot;.  Any identifier can be created using actions similar to the
following example.

<div class="blockof code">&dollar; SET DEFAULT SYS&dollar;SYSTEM
&dollar; MCR AUTHORIZE
UAF&gt; ADD /IDENTIFIER WASD_WEBADMIN
</div>

<li class="item"> Modify the authorization configuration file, accessed by the server
using the system logical WASD_CONFIG_AUTH, to contain the following.  This
allows full access to the online Server Administration facility and [.LOCAL]
directory (and no world access).  Additional paths may be added as required,
and of course multiple identifiers may be created and used for multiple realms
and paths.

<div class="blockof code">[&quot;Web Admin&quot;=WASD_WEBADMIN=id]
/httpd/-/admin/* r+w
/wasd_root/local/* r+w
</div>

<li class="item"> The identifier must then be granted to those accounts allowed to
authenticate in this way.

<div class="blockof code">&dollar; SET DEFAULT SYS&dollar;SYSTEM
&dollar; MCR AUTHORIZE
UAF&gt; GRANT /IDENTIFIER WASD_WEBADMIN SYSTEM
</div>

<li class="item"> Using this approach useful discrimination may be exercised.  For
instance, one identifier for Web administrators, another (or others) for
different authentication requirements.

<div class="blockof code">[&quot;Web Admin&quot;=WASD_WEBADMIN=id]
/wasd_root/local/* r+w
/httpd/-/admin/* r+w
[&quot;Area Access&quot;=<span class="high italic">area-identifier-name</span>=id]
/web/area/* r+w ; r
</div>

<p> Of course the one account may hold multiple identifiers and so may have
access to various areas.

<div class="blockof code">UAF&gt; GRANT /IDENTIFIER WASD_WEBADMIN SYSTEM
UAF&gt; GRANT /IDENTIFIER <span class="high italic">area-identifier-name</span> SYSTEM
</div>

<p> Using VMS rights identifiers allows significant granularity in providing
access.

</ul>

<a id="11.1.0.0.1" href="#"></a>
<a id="11.1.afterchanges" href="#"></a>
<a id="afterchanges" href="#"></a>
<h5 class="head"><span class="text">After Changes</span></h5>

<p> If the WASD_CONFIG_AUTH configuration file is changed, or rights identifiers are
granted or revoked from accounts, the server should be directed to reload the
file and purge any cached authorization information.

<div class="blockof code">&dollar; HTTPD/DO=AUTH=LOAD
&dollar; HTTPD/DO=AUTH=PURGE
</div>

<a id="11.2" href="#"></a>
<a id="11.2.otherauthentication" href="#"></a>
<a id="otherauthentication" href="#"></a>
<h2 class="head"><span class="numb">11.2</span><span class="text">Other Authentication</span></h2>

<p> Other sources of authentication are available, either by themselves or used
in the same configuration file (different realms and paths) as those already
discussed
(<a class="link blank" target="_blank" href="../features/#authenticationsources">Authentication Sources</a> of
<a class="link blank" target="_blank" href="../features/#0.">WASD Features and Facilities</a>).
Non-SYSUAF sources do not require any startup qualifier to be enabled.

<ul class="list">

<li class="item"> <span class="high bold">ACME</span> DOIs (Authentication and Credential Management Extension,
Domains of Interpretation) may be used to authenticate requests.

<div class="blockof code">[&quot;Whatever you want to call it!&quot;=<span class="high italic">doi</span>=ACME]
/web/area/* r+w
</div>

<li class="item"> <span class="high bold">Simple lists</span> contain usernames and unencrypted passwords.  These are
plain-text files, created and modified using any desired editor.

<div class="blockof code">[&quot;Whatever you want to call it!&quot;=<span class="high italic">list-name</span>=list]
/web/area/* r+w
</div>

<p> This is a <span class="high under">very</span> simple arrangement, with little inherent security.  Lists
are more useful when grouping names together for specifying which group may do
what to where.

<li class="item"> <span class="high bold">HTA databases</span> are WASD-specific, binary repositories of usernames,
encrypted passwords, capabilities, user and other detail.

<div class="blockof code">[&quot;Whatever you want to call it!&quot;=<span class="high italic">HTA-database-name</span>=HTA]
/web/area/* r+w
</div>

<p> These databases may be administered using the online Server Administration
facility
(<a class="link blank" target="_blank" href="../features/#httpdserverrevise">HTTPd Server Revise</a> of
<a class="link blank" target="_blank" href="../features/#0.">WASD Features and Facilities</a>).
 
or the HTAdmin command-line utility
(<a class="link blank" target="_blank" href="../features/#htadmin">HTAdmin</a> of
<a class="link blank" target="_blank" href="../features/#0.">WASD Features and Facilities</a>).

are quite secure and versatile.

<li class="item"> <span class="high bold">External agents</span> are authentication and authorization scripts executed
on demand, under the control-of but external to the server.  It is possible for
a site to write its own, custom authorization agent.

<div class="blockof code">[&quot;Whatever you want to call it!&quot;=<span class="high italic">agent-name</span>=agent]
/web/area/* r+w
</div>

Two variations on a versatile LDAP authenticator and a CEL-compatible
authenticator, along with example code is available in the
<a class="link blank" target="_blank" href="/wasd_root/src/agent/&quot;">WASD_ROOT:[SRC.AGENT]</a> directory.

<li class="item"> <span class="high bold">X.509</span> establishes identity based on Public Key
Infrastructure (PKI) authentication certificates.  This is only available for
SSL transactions.

<div class="blockof code">[X509]
/web/area/* r+w
</div>

<li class="item"> <span class="high bold">RFC1413</span> IETF document describes an identification protocol that can
be used as a form of <span class="high italic">authentication</span> within this realm.

<div class="blockof code">[&quot;Whatever you want to call it!&quot;=RFC1413;A_PROJECT=list]
/web/area/* r+w ; r
</div>

</ul>

<a id="11.3" href="#"></a>
<a id="11.3.readandwritegroupings" href="#"></a>
<a id="readandwritegroupings" href="#"></a>
<h2 class="head"><span class="numb">11.3</span><span class="text">Read and Write Groupings</span></h2>

<p> WASD allows separate sources for groups of usernames to control read and
write access in a particular realm
(<a class="link blank" target="_blank" href="../features/#realmfullaccessreadonly">Realm, Full-Access, Read-Only</a> of
<a class="link blank" target="_blank" href="../features/#0.">WASD Features and Facilities</a>).

<p> These groups may be provided via simple lists, VMS identifiers, HTA
databases and authorization agents.  The following example shows an identifier
authenticated realm with full and read-only access controlled by two simple
lists.  For the first path the world has no access, for the second read-only
access (with the read-only grouping becoming basically redundant information).

<div class="blockof code">[&quot;Realm Name&quot;=<span class="high italic">identifier_name</span>=id;<span class="high italic">full_access_name</span>=list;<span class="high italic">read-only_name</span>=list]
/web/area/* r+w ; 
/web/another-area/* r+w ; r
</div>

<a id="11.4" href="#"></a>
<a id="11.4.considerations" href="#"></a>
<a id="considerations" href="#"></a>
<h2 class="head"><span class="numb">11.4</span><span class="text">Considerations</span></h2>

<p> Multiple authentication sources (realms) may be configured in the one
WASD_CONFIG_AUTH file.

<p> Multiple paths may be mapped against a single authentication source.

<p> Any path may be mapped only once (for any single virtual service).

<p> Paths may have additional access restrictions placed on them, including
client host name, username, etc.
(<a class="link blank" target="_blank" href="../features/#accessrestrictionkeywords">Access Restriction Keywords</a> of
<a class="link blank" target="_blank" href="../features/#0.">WASD Features and Facilities</a>).

<p> The configuration file is loaded and stored by the server at startup.  If
changed it must be reloaded to take effect.  This can be done manually using

<div class="blockof code">&dollar; HTTPD/DO=AUTH=LOAD
</div>

<p> Authentication information is cached.  Access subsequently removed or
modified will not take effect until the entry expires, or is manually purged
using

<div class="blockof code">&dollar; HTTPD/DO=AUTH=PURGE
</div>

<p> Failed attempts to authenticate against a particular source are limited. 
When this is exceeded access is always denied.  If this has happened the cache
must be manually purged before a user can successfully authenticate

<div class="blockof code">&dollar; HTTPD/DO=AUTH=PURGE
</div>
<!-- source:1400_INDEX.WASDOC -->
<hr class="page">
<a id="12." href="#"></a>
<a id="12.index" href="#"></a>
<a id="index" href="#"></a>
<h1 class="head"><span class="numb">12.</span><span class="text">Index</span></h1>

<table class="NAVtable NAVprint"><tr>
<td><a href="javascript:window.history.back();">&#8617;&#xFE0E;</a>
<td><a href="#11.">&#8598;&#xFE0E;</a>
<td><a href="#0.">&#8593;&#xFE0E;</a>
<td><a href="#13.">&#8600;&#xFE0E;</a>
<td><a href="javascript:window.history.forward();">&#8618;&#xFE0E;</a>
</table>
<div class="IDXcols2">
<table class="IDXtable">
<tr><td class="alpha">A</td><td class="text"><a href="#2.12.1.aquotquotfollowedby">&lsquo;A &quot;!&quot; followed by&rsquo; in 2.12.1 Log Format</a>
<tr><td class="alpha">&nbsp;</td><td class="text"><a href="#2.12.1.aquot94quotfollowedby">&lsquo;A &quot;&#94;&quot; followed by&rsquo; in 2.12.1 Log Format</a>
<tr><td class="alpha">&nbsp;</td><td class="text"><a href="#0.abstract">&lsquo;Abstract&rsquo; in  WASD Configuration</a>
<tr><td class="alpha">&nbsp;</td><td class="text"><a href="#2.12.7.accessalert">2.12.7&nbsp;Access Alert</a>
<tr><td class="alpha">&nbsp;</td><td class="text"><a href="#2.12.accesslogging">2.12&nbsp;Access Logging</a>
<tr><td class="alpha">&nbsp;</td><td class="text"><a href="#2.12.6.accesstracking">2.12.6&nbsp;Access Tracking</a>
<tr><td class="alpha">&nbsp;</td><td class="text"><a href="#2.7.1.addingcontenttypes">2.7.1&nbsp;Adding Content-Types</a>
<tr><td class="alpha">&nbsp;</td><td class="text"><a href="#7.9.administration">7.9&nbsp;Administration</a>
<tr><td class="alpha">&nbsp;</td><td class="text"><a href="#7.4.administrationservices">7.4&nbsp;Administration Services</a>
<tr><td class="alpha">&nbsp;</td><td class="text"><a href="#11.1.afterchanges">&lsquo;After Changes&rsquo; in 11.1 SYSUAF/Identifier Authentication</a>
<tr><td class="alpha">&nbsp;</td><td class="text"><a href="#6.2.alphabeticlisting">6.2&nbsp;Alphabetic Listing</a>
<tr><td class="alpha">&nbsp;</td><td class="text"><a href="#0.apachelicenseversion20">&lsquo;Apache License, Version 2.0&rsquo; in  WASD Configuration</a>
<tr><td class="alpha">&nbsp;</td><td class="text"><a href="#13.attributionandacknowledgement">13.&nbsp;Attribution and Acknowledgement</a>
<tr><td class="alpha">&nbsp;</td><td class="text"><a href="#6.1.authenticationauthorization">&lsquo;Authentication/Authorization&rsquo; in 6.1 Functional Groupings</a>
<tr><td class="alpha">&nbsp;</td><td class="text"><a href="#3.7.authorization">3.7&nbsp;Authorization</a>
<tr><td class="alpha">&nbsp;</td><td class="text"><a href="#11.authorizationconfigurationbasics">11.&nbsp;Authorization Configuration (Basics)</a>
<tr><td class="alpha">&nbsp;</td><td class="text"><a href="#3.9.authorizationholes">&lsquo;Authorization Holes&rsquo; in 3.9 Site Attacks</a>
<tr><td class="alpha">B</td><td class="text"><a href="#2.10.1.basicanddetailed">2.10.1&nbsp;Basic and Detailed</a>
<tr><td class="alpha">&nbsp;</td><td class="text"><a href="#10.11.basicreferences">&lsquo;Basic References&rsquo; in 10.11 Cross Origin Resource Sharing</a>
<tr><td class="alpha">&nbsp;</td><td class="text"><a href="#3.8.becareful">&lsquo;Be careful!&rsquo; in 3.8 Miscellaneous Issues</a>
<tr><td class="alpha">&nbsp;</td><td class="text"><a href="#8.1.behaviour">8.1&nbsp;Behaviour</a>
<tr><td class="alpha">&nbsp;</td><td class="text"><a href="#13.bjoumlernhoumlehrmann">&lsquo;Bj&ouml;ern H&ouml;ehrmann&rsquo; in 13. Attribution and Acknowledgement</a>
<tr><td class="alpha">&nbsp;</td><td class="text"><a href="#6.1.buffersizes">&lsquo;Buffer Sizes&rsquo; in 6.1 Functional Groupings</a>
<tr><td class="alpha">C</td><td class="text"><a href="#9.cacheconfiguration">9.&nbsp;Cache Configuration</a>
<tr><td class="alpha">&nbsp;</td><td class="text"><a href="#9.5.cacheconfiguration">9.5&nbsp;Cache Configuration</a>
<tr><td class="alpha">&nbsp;</td><td class="text"><a href="#9.4.cachecontentvalidation">9.4&nbsp;Cache Content Validation</a>
<tr><td class="alpha">&nbsp;</td><td class="text"><a href="#9.6.cachecontrol">9.6&nbsp;Cache Control</a>
<tr><td class="alpha">&nbsp;</td><td class="text"><a href="#9.3.cachesuitabilityconsiderations">9.3&nbsp;Cache Suitability Considerations</a>
<tr><td class="alpha">&nbsp;</td><td class="text"><a href="#5.2.cautions">&lsquo;CAUTIONS&rsquo; in 5.2 If..endif Conditionals</a>
<tr><td class="alpha">&nbsp;</td><td class="text"><a href="#2.9.charactersetconversion">2.9&nbsp;Character Set Conversion</a>
<tr><td class="alpha">&nbsp;</td><td class="text"><a href="#10.4.1.charactersinrequestpaths">10.4.1&nbsp;Characters In Request Paths</a>
<tr><td class="alpha">&nbsp;</td><td class="text"><a href="#10.4.3.charactersinservergeneratedpaths">10.4.3&nbsp;Characters In Server-Generated Paths</a>
<tr><td class="alpha">&nbsp;</td><td class="text"><a href="#9.7.circumventingthecache">9.7&nbsp;Circumventing The Cache</a>
<tr><td class="alpha">&nbsp;</td><td class="text"><a href="#13.clarkcooperetal">&lsquo;Clark Cooper, et.al.&rsquo; in 13. Attribution and Acknowledgement</a>
<tr><td class="alpha">&nbsp;</td><td class="text"><a href="#2.6.clientconcurrency">2.6&nbsp;Client Concurrency</a>
<tr><td class="alpha">&nbsp;</td><td class="text"><a href="#5.conditionalconfiguration">5.&nbsp;Conditional Configuration</a>
<tr><td class="alpha">&nbsp;</td><td class="text"><a href="#5.3.conditionalkeywords">5.3&nbsp;Conditional Keywords</a>
<tr><td class="alpha">&nbsp;</td><td class="text"><a href="#5.3.conditionalkeywords">&lsquo;Conditional Keywords&rsquo; in 5.3 Conditional Keywords</a>
<tr><td class="alpha">&nbsp;</td><td class="text"><a href="#10.9.conditionalmapping">10.9&nbsp;Conditional Mapping</a>
<tr><td class="alpha">&nbsp;</td><td class="text"><a href="#5.2.conditionalsyntax">&lsquo;Conditional Syntax&rsquo; in 5.2 If..endif Conditionals</a>
<tr><td class="alpha">&nbsp;</td><td class="text"><a href="#3.5.configuration">3.5&nbsp;Configuration</a>
<tr><td class="alpha">&nbsp;</td><td class="text"><a href="#2.configurationconsiderations">2.&nbsp;Configuration Considerations</a>
<tr><td class="alpha">&nbsp;</td><td class="text"><a href="#5.5.1.configurationentries">5.5.1&nbsp;Configuration Entries</a>
<tr><td class="alpha">&nbsp;</td><td class="text"><a href="#2.configurationfiles">&lsquo;Configuration Files&rsquo; in 2. Configuration Considerations</a>
<tr><td class="alpha">&nbsp;</td><td class="text"><a href="#11.4.considerations">11.4&nbsp;Considerations</a>
<tr><td class="alpha">&nbsp;</td><td class="text"><a href="#3.10.contentsecuritypolicycsp">3.10&nbsp;Content Security Policy (CSP)</a>
<tr><td class="alpha">&nbsp;</td><td class="text"><a href="#6.1.contenttype">&lsquo;Content-Type&rsquo; in 6.1 Functional Groupings</a>
<tr><td class="alpha">&nbsp;</td><td class="text"><a href="#2.8.contenttype">&lsquo;Content-Type&rsquo; in 2.8 Language Variants</a>
<tr><td class="alpha">&nbsp;</td><td class="text"><a href="#2.7.contenttypeconfiguration">2.7&nbsp;Content-Type Configuration</a>
<tr><td class="alpha">&nbsp;</td><td class="text"><a href="#9.1.controllingnonfilecontentcaching">&lsquo;Controlling Non-File Content Caching&rsquo; in 9.1 Non-File Content Caching</a>
<tr><td class="alpha">&nbsp;</td><td class="text"><a href="#10.11.crossoriginresourcesharing">10.11&nbsp;Cross Origin Resource Sharing</a>
<tr><td class="alpha">D</td><td class="text"><a href="#3.6.defaultaccounts">&lsquo;Default Accounts&rsquo; in 3.6 Scripting</a>
<tr><td class="alpha">&nbsp;</td><td class="text"><a href="#3.9.denialofservice">&lsquo;Denial of Service&rsquo; in 3.9 Site Attacks</a>
<tr><td class="alpha">&nbsp;</td><td class="text"><a href="#10.9.deprecatedanddiscouraged">&lsquo;Deprecated and Discouraged&rsquo; in 10.9 Conditional Mapping</a>
<tr><td class="alpha">&nbsp;</td><td class="text"><a href="#5.5.dictionary">5.5&nbsp;Dictionary</a>
<tr><td class="alpha">&nbsp;</td><td class="text"><a href="#5.5.2.dictionaryentries">&lsquo;Dictionary Entries&rsquo; in 5.5.2 Other Entries</a>
<tr><td class="alpha">&nbsp;</td><td class="text"><a href="#7.8.directivedetail">7.8&nbsp;Directive Detail</a>
<tr><td class="alpha">&nbsp;</td><td class="text"><a href="#6.1.directorylisting">&lsquo;Directory Listing&rsquo; in 6.1 Functional Groupings</a>
<tr><td class="alpha">&nbsp;</td><td class="text"><a href="#3.5.1.directorylistings">3.5.1&nbsp;Directory Listings</a>
<tr><td class="alpha">&nbsp;</td><td class="text"><a href="#2.2.documentroot">&lsquo;Document Root&rsquo; in 2.2 Site Organisation</a>
<tr><td class="alpha">&nbsp;</td><td class="text"><a href="#3.dontthinkitcanthappentoyou">&lsquo;don't think it can't happen to you!&rsquo; in 3. Security Considerations</a>
<tr><td class="alpha">E</td><td class="text"><a href="#5.5.3.entrysubstitution">5.5.3&nbsp;Entry Substitution</a>
<tr><td class="alpha">&nbsp;</td><td class="text"><a href="#2.10.errorreporting">2.10&nbsp;Error Reporting</a>
<tr><td class="alpha">&nbsp;</td><td class="text"><a href="#2.10.2.errorvariables">&lsquo;Error Variables&rsquo; in 2.10.2 Site Specific</a>
<tr><td class="alpha">&nbsp;</td><td class="text"><a href="#10.7.exampleofmaprule">&lsquo;Example of Map Rule&rsquo; in 10.7 Mapping Examples</a>
<tr><td class="alpha">&nbsp;</td><td class="text"><a href="#2.12.1.examples">&lsquo;Examples&rsquo; in 2.12.1 Log Format</a>
<tr><td class="alpha">&nbsp;</td><td class="text"><a href="#4.3.examples">4.3&nbsp;Examples</a>
<tr><td class="alpha">&nbsp;</td><td class="text"><a href="#5.4.examples">5.4&nbsp;Examples</a>
<tr><td class="alpha">&nbsp;</td><td class="text"><a href="#2.5.examples">&lsquo;Examples&rsquo; in 2.5 Request Throttling</a>
<tr><td class="alpha">&nbsp;</td><td class="text"><a href="#10.7.examplesofexecandscriptrules">&lsquo;Examples of Exec and Script Rules&rsquo; in 10.7 Mapping Examples</a>
<tr><td class="alpha">&nbsp;</td><td class="text"><a href="#10.7.examplesoffailrule">&lsquo;Examples of Fail Rule&rsquo; in 10.7 Mapping Examples</a>
<tr><td class="alpha">&nbsp;</td><td class="text"><a href="#10.7.examplesofpassrule">&lsquo;Examples of Pass Rule&rsquo; in 10.7 Mapping Examples</a>
<tr><td class="alpha">&nbsp;</td><td class="text"><a href="#10.7.examplesofredirectrule">&lsquo;Examples of Redirect Rule&rsquo; in 10.7 Mapping Examples</a>
<tr><td class="alpha">&nbsp;</td><td class="text"><a href="#10.5.4.execdirectoriesandexecfiles">&lsquo;EXEC Directories and EXEC Files&rsquo; in 10.5.4 EXEC/UXEC and SCRIPT, Script Mapping Rules</a>
<tr><td class="alpha">&nbsp;</td><td class="text"><a href="#10.5.4.execuxecandscriptscriptmappingrules">10.5.4&nbsp;EXEC/UXEC and SCRIPT, Script Mapping Rules</a>
<tr><td class="alpha">&nbsp;</td><td class="text"><a href="#2.7.4.explicitlyspecifyingcontenttype">2.7.4&nbsp;Explicitly Specifying Content-Type</a>
<tr><td class="alpha">&nbsp;</td><td class="text"><a href="#4.4.expressionsubstitution">4.4&nbsp;Expression Substitution</a>
<tr><td class="alpha">&nbsp;</td><td class="text"><a href="#10.4.extendedfilespecificationsods5">10.4&nbsp;Extended File Specifications (ODS-5)</a>
<tr><td class="alpha">F</td><td class="text"><a href="#6.1.filecache">&lsquo;File Cache&rsquo; in 6.1 Functional Groupings</a>
<tr><td class="alpha">&nbsp;</td><td class="text"><a href="#10.4.2.filenameambiguity">10.4.2&nbsp;File Name Ambiguity</a>
<tr><td class="alpha">&nbsp;</td><td class="text"><a href="#2.4.1.flushperiod">&lsquo;Flush Period&rsquo; in 2.4.1 Response Encoding</a>
<tr><td class="alpha">&nbsp;</td><td class="text"><a href="#13.freesoftwarefoundation">&lsquo;Free Software Foundation&rsquo; in 13. Attribution and Acknowledgement</a>
<tr><td class="alpha">&nbsp;</td><td class="text"><a href="#6.1.functionalgroupings">6.1&nbsp;Functional Groupings</a>
<tr><td class="alpha">G</td><td class="text"><a href="#7.2.genericservices">7.2&nbsp;Generic Services</a>
<tr><td class="alpha">&nbsp;</td><td class="text"><a href="#6.globalconfiguration">6.&nbsp;Global Configuration</a>
<tr><td class="alpha">&nbsp;</td><td class="text"><a href="#4.1.greedyandnongreedy">&lsquo;Greedy and Non-Greedy&rsquo; in 4.1 Wildcard Patterns</a>
<tr><td class="alpha">&nbsp;</td><td class="text"><a href="#2.4.gzipencoding">2.4&nbsp;GZIP Encoding</a>
<tr><td class="alpha">H</td><td class="text"><a href="#5.3.7.hostaddresses">5.3.7&nbsp;Host Addresses</a>
<tr><td class="alpha">&nbsp;</td><td class="text"><a href="#6.1.http2">&lsquo;HTTP/2&rsquo; in 6.1 Functional Groupings</a>
<tr><td class="alpha">I</td><td class="text"><a href="#5.2.ifendifconditionals">5.2&nbsp;If..endif Conditionals</a>
<tr><td class="alpha">&nbsp;</td><td class="text"><a href="#2.1.includefiledirective">2.1&nbsp;Include File Directive</a>
<tr><td class="alpha">&nbsp;</td><td class="text"><a href="#3.4.independentpackageandlocalresources">3.4&nbsp;Independent Package and Local Resources</a>
<tr><td class="alpha">&nbsp;</td><td class="text"><a href="#12.index">12.&nbsp;Index</a>
<tr><td class="alpha">&nbsp;</td><td class="text"><a href="#5.3.4.instance">&lsquo;Instance:&rsquo; in 5.3.4 Instance: and Robin: Keywords</a>
<tr><td class="alpha">&nbsp;</td><td class="text"><a href="#5.3.4.instanceandrobinkeywords">5.3.4&nbsp;Instance: and Robin: Keywords</a>
<tr><td class="alpha">&nbsp;</td><td class="text"><a href="#1.introduction">1.&nbsp;Introduction</a>
<tr><td class="alpha">&nbsp;</td><td class="text"><a href="#7.5.ipv4andipv6">7.5&nbsp;IPv4 and IPv6</a>
<tr><td class="alpha">&nbsp;</td><td class="text"><a href="#7.5.ipv6literaladdresses">&lsquo;IPv6 Literal Addresses&rsquo; in 7.5 IPv4 and IPv6</a>
<tr><td class="alpha">&nbsp;</td><td class="text"><a href="#7.5.ipv6nameresolution">&lsquo;IPv6 Name Resolution&rsquo; in 7.5 IPv4 and IPv6</a>
<tr><td class="alpha">K</td><td class="text"><a href="#1.keepsitespecificresourcesandserverinstallationseparateanddistinct">&lsquo;Keep site-specific resources and server installation separate and distinct.&rsquo; in 1. Introduction</a>
<tr><td class="alpha">L</td><td class="text"><a href="#2.8.languagevariants">2.8&nbsp;Language Variants</a>
<tr><td class="alpha">&nbsp;</td><td class="text"><a href="#0.license">&lsquo;License&rsquo; in  WASD Configuration</a>
<tr><td class="alpha">&nbsp;</td><td class="text"><a href="#13.licensedundertheapachelicenseversion20">&lsquo;Licensed under the Apache License, Version 2.0&rsquo; in 13. Attribution and Acknowledgement</a>
<tr><td class="alpha">&nbsp;</td><td class="text"><a href="#2.12.1.logformat">2.12.1&nbsp;Log Format</a>
<tr><td class="alpha">&nbsp;</td><td class="text"><a href="#2.12.5.lognaming">2.12.5&nbsp;Log Naming</a>
<tr><td class="alpha">&nbsp;</td><td class="text"><a href="#2.12.4.logperinstance">2.12.4&nbsp;Log Per-Instance</a>
<tr><td class="alpha">&nbsp;</td><td class="text"><a href="#2.12.2.logperperiod">2.12.2&nbsp;Log Per-Period</a>
<tr><td class="alpha">&nbsp;</td><td class="text"><a href="#2.12.3.logperservice">2.12.3&nbsp;Log Per-Service</a>
<tr><td class="alpha">&nbsp;</td><td class="text"><a href="#6.1.logging">&lsquo;Logging&rsquo; in 6.1 Functional Groupings</a>
<tr><td class="alpha">&nbsp;</td><td class="text"><a href="#10.2.logicalnames">&lsquo;LOGICAL NAMES&rsquo; in 10.2 VMS File System Specifications</a>
<tr><td class="alpha">M</td><td class="text"><a href="#3.3.maintainingpackagesecurity">3.3&nbsp;Maintaining Package Security</a>
<tr><td class="alpha">&nbsp;</td><td class="text"><a href="#10.5.1.mappassfailrules">10.5.1&nbsp;MAP, PASS, FAIL Rules</a>
<tr><td class="alpha">&nbsp;</td><td class="text"><a href="#10.7.mappingexamples">10.7&nbsp;Mapping Examples</a>
<tr><td class="alpha">&nbsp;</td><td class="text"><a href="#10.1.mappingoverhead">&lsquo;Mapping Overhead&rsquo; in 10.1 Rule Interpretation</a>
<tr><td class="alpha">&nbsp;</td><td class="text"><a href="#2.5.mappingreload">&lsquo;Mapping Reload&rsquo; in 2.5 Request Throttling</a>
<tr><td class="alpha">&nbsp;</td><td class="text"><a href="#9.5.mappingrules">&lsquo;Mapping Rules&rsquo; in 9.5 Cache Configuration</a>
<tr><td class="alpha">&nbsp;</td><td class="text"><a href="#10.9.mappinguserdirectories">&lsquo;Mapping User Directories&rsquo; in 10.9 Conditional Mapping</a>
<tr><td class="alpha">&nbsp;</td><td class="text"><a href="#10.10.mappinguserdirectoriestildecharacterquotquot">10.10&nbsp;Mapping User Directories (tilde character (&quot;~&quot;))</a>
<tr><td class="alpha">&nbsp;</td><td class="text"><a href="#4.2.matchingoperators">&lsquo;Matching Operators&rsquo; in 4.2 Regular Expressions</a>
<tr><td class="alpha">&nbsp;</td><td class="text"><a href="#8.messageconfiguration">8.&nbsp;Message Configuration</a>
<tr><td class="alpha">&nbsp;</td><td class="text"><a href="#8.2.messagefileformat">8.2&nbsp;Message File Format</a>
<tr><td class="alpha">&nbsp;</td><td class="text"><a href="#2.7.2.mimetypes">2.7.2&nbsp;MIME.TYPES</a>
<tr><td class="alpha">&nbsp;</td><td class="text"><a href="#6.1.miscellaneous">&lsquo;Miscellaneous&rsquo; in 6.1 Functional Groupings</a>
<tr><td class="alpha">&nbsp;</td><td class="text"><a href="#3.8.miscellaneousissues">3.8&nbsp;Miscellaneous Issues</a>
<tr><td class="alpha">&nbsp;</td><td class="text"><a href="#8.3.multiplefilesmultivaluedlogicalname">&lsquo;Multiple Files - Multivalued Logical Name&rsquo; in 8.3 Multiple Language Specifications</a>
<tr><td class="alpha">&nbsp;</td><td class="text"><a href="#8.3.multiplelanguagespecifications">8.3&nbsp;Multiple Language Specifications</a>
<tr><td class="alpha">N</td><td class="text"><a href="#9.1.nonfilecontentcaching">9.1&nbsp;Non-File Content Caching</a>
<tr><td class="alpha">&nbsp;</td><td class="text"><a href="#2.8.nontextcontent">&lsquo;Non-Text Content&rsquo; in 2.8 Language Variants</a>
<tr><td class="alpha">&nbsp;</td><td class="text"><a href="#13.noneofthefollowinglicensingappearsincompatiblewiththeapachelicense">&lsquo;None of the following licensing appears incompatible with the Apache License&rsquo; in 13. Attribution and Acknowledgement</a>
<tr><td class="alpha">&nbsp;</td><td class="text"><a href="#10.10.2.note">&lsquo;Note&rsquo; in 10.10.2 Without Using The SYSUAF</a>
<tr><td class="alpha">&nbsp;</td><td class="text"><a href="#10.10.1.note">&lsquo;Note&rsquo; in 10.10.1 Using The SYSUAF</a>
<tr><td class="alpha">&nbsp;</td><td class="text"><a href="#10.5.4.note">&lsquo;Note&rsquo; in 10.5.4 EXEC/UXEC and SCRIPT, Script Mapping Rules</a>
<tr><td class="alpha">&nbsp;</td><td class="text"><a href="#10.5.3.note">&lsquo;Note&rsquo; in 10.5.3 USER Rule</a>
<tr><td class="alpha">&nbsp;</td><td class="text"><a href="#10.5.2.note">&lsquo;Note&rsquo; in 10.5.2 REDIRECT Rule</a>
<tr><td class="alpha">&nbsp;</td><td class="text"><a href="#10.5.1.note">&lsquo;Note&rsquo; in 10.5.1 MAP, PASS, FAIL Rules</a>
<tr><td class="alpha">&nbsp;</td><td class="text"><a href="#7.8.note">&lsquo;Note&rsquo; in 7.8 Directive Detail</a>
<tr><td class="alpha">&nbsp;</td><td class="text"><a href="#8.2.note">&lsquo;Note&rsquo; in 8.2 Message File Format</a>
<tr><td class="alpha">&nbsp;</td><td class="text"><a href="#2.1.note">&lsquo;Note&rsquo; in 2.1 Include File Directive</a>
<tr><td class="alpha">&nbsp;</td><td class="text"><a href="#5.5.1.note">&lsquo;Note&rsquo; in 5.5.1 Configuration Entries</a>
<tr><td class="alpha">&nbsp;</td><td class="text"><a href="#5.4.note">&lsquo;Note&rsquo; in 5.4 Examples</a>
<tr><td class="alpha">&nbsp;</td><td class="text"><a href="#2.7.1.note">&lsquo;Note&rsquo; in 2.7.1 Adding Content-Types</a>
<tr><td class="alpha">&nbsp;</td><td class="text"><a href="#2.5.note">&lsquo;Note&rsquo; in 2.5 Request Throttling</a>
<tr><td class="alpha">&nbsp;</td><td class="text"><a href="#2.3.1.note">&lsquo;Note&rsquo; in 2.3.1 [[virtual-server]]</a>
<tr><td class="alpha">&nbsp;</td><td class="text"><a href="#5.3.1.notepadkeyword">5.3.1&nbsp;Notepad: Keyword</a>
<tr><td class="alpha">O</td><td class="text"><a href="#13.ohiostateuniversity">&lsquo;Ohio State University&rsquo; in 13. Attribution and Acknowledgement</a>
<tr><td class="alpha">&nbsp;</td><td class="text"><a href="#0.onlinesearch">&lsquo;Online Search&rsquo; in  WASD Configuration</a>
<tr><td class="alpha">&nbsp;</td><td class="text"><a href="#2.11.opcomlogging">2.11&nbsp;OPCOM Logging</a>
<tr><td class="alpha">&nbsp;</td><td class="text"><a href="#13.opensslproject">&lsquo;OpenSSL Project&rsquo; in 13. Attribution and Acknowledgement</a>
<tr><td class="alpha">&nbsp;</td><td class="text"><a href="#6.1.operatorconsoleandlog">&lsquo;Operator Console and Log&rsquo; in 6.1 Functional Groupings</a>
<tr><td class="alpha">&nbsp;</td><td class="text"><a href="#4.2.operatoroverview">&lsquo;Operator Overview&rsquo; in 4.2 Regular Expressions</a>
<tr><td class="alpha">&nbsp;</td><td class="text"><a href="#11.2.otherauthentication">11.2&nbsp;Other Authentication</a>
<tr><td class="alpha">&nbsp;</td><td class="text"><a href="#2.10.1.othercustomization">&lsquo;Other Customization&rsquo; in 2.10.1 Basic and Detailed</a>
<tr><td class="alpha">&nbsp;</td><td class="text"><a href="#5.5.2.otherentries">5.5.2&nbsp;Other Entries</a>
<tr><td class="alpha">&nbsp;</td><td class="text"><a href="#3.1.owaspzap">&lsquo;OWASP ZAP&rsquo; in 3.1 Server and Site Testing</a>
<tr><td class="alpha">P</td><td class="text"><a href="#2.12.1.quotpaquotandquotrqquot">&lsquo;&quot;PA&quot; and &quot;RQ&quot;&rsquo; in 2.12.1 Log Format</a>
<tr><td class="alpha">&nbsp;</td><td class="text"><a href="#3.2.packageaccess">&lsquo;Package Access&rsquo; in 3.2 Recommended Package Security</a>
<tr><td class="alpha">&nbsp;</td><td class="text"><a href="#3.8.packagetree">&lsquo;Package Tree&rsquo; in 3.8 Miscellaneous Issues</a>
<tr><td class="alpha">&nbsp;</td><td class="text"><a href="#3.9.passwordcracking">&lsquo;Password Cracking&rsquo; in 3.9 Site Attacks</a>
<tr><td class="alpha">&nbsp;</td><td class="text"><a href="#13.paulejones">&lsquo;Paul E. Jones&rsquo; in 13. Attribution and Acknowledgement</a>
<tr><td class="alpha">&nbsp;</td><td class="text"><a href="#2.5.peruserthrottle">&lsquo;Per-User Throttle&rsquo; in 2.5 Request Throttling</a>
<tr><td class="alpha">&nbsp;</td><td class="text"><a href="#9.2.permanentandvolatile">9.2&nbsp;Permanent and Volatile</a>
<tr><td class="alpha">&nbsp;</td><td class="text"><a href="#3.9.platformvulnerabilities">&lsquo;Platform Vulnerabilities&rsquo; in 3.9 Site Attacks</a>
<tr><td class="alpha">&nbsp;</td><td class="text"><a href="#10.5.5.postfixsetrule">&lsquo;Postfix SET Rule&rsquo; in 10.5.5 SET Rule</a>
<tr><td class="alpha">&nbsp;</td><td class="text"><a href="#2.12.1.predefinedplususerdefined">&lsquo;Pre-defined Plus User-Defined&rsquo; in 2.12.1 Log Format</a>
<tr><td class="alpha">&nbsp;</td><td class="text"><a href="#10.1.processingoverhead">&lsquo;Processing Overhead&rsquo; in 10.1 Rule Interpretation</a>
<tr><td class="alpha">&nbsp;</td><td class="text"><a href="#6.1.proxyserving">&lsquo;Proxy Serving&rsquo; in 6.1 Functional Groupings</a>
<tr><td class="alpha">R</td><td class="text"><a href="#5.3.2.randkeyword">5.3.2&nbsp;Rand: Keyword</a>
<tr><td class="alpha">&nbsp;</td><td class="text"><a href="#11.3.readandwritegroupings">11.3&nbsp;Read and Write Groupings</a>
<tr><td class="alpha">&nbsp;</td><td class="text"><a href="#3.2.recommendedpackagesecurity">3.2&nbsp;Recommended Package Security</a>
<tr><td class="alpha">&nbsp;</td><td class="text"><a href="#10.5.2.redirectrule">10.5.2&nbsp;REDIRECT Rule</a>
<tr><td class="alpha">&nbsp;</td><td class="text"><a href="#4.4.regularexpressionsubstitution">&lsquo;Regular Expression Substitution&rsquo; in 4.4 Expression Substitution</a>
<tr><td class="alpha">&nbsp;</td><td class="text"><a href="#4.2.regularexpressions">4.2&nbsp;Regular Expressions</a>
<tr><td class="alpha">&nbsp;</td><td class="text"><a href="#4.2.repetitionoperators">&lsquo;Repetition Operators&rsquo; in 4.2 Regular Expressions</a>
<tr><td class="alpha">&nbsp;</td><td class="text"><a href="#6.1.reports">&lsquo;Reports&rsquo; in 6.1 Functional Groupings</a>
<tr><td class="alpha">&nbsp;</td><td class="text"><a href="#2.4.2.requestencoding">2.4.2&nbsp;Request Encoding</a>
<tr><td class="alpha">&nbsp;</td><td class="text"><a href="#10.requestprocessingconfiguration">10.&nbsp;Request Processing Configuration</a>
<tr><td class="alpha">&nbsp;</td><td class="text"><a href="#2.5.requestthrottling">2.5&nbsp;Request Throttling</a>
<tr><td class="alpha">&nbsp;</td><td class="text"><a href="#5.3.3.requestkeyword">5.3.3&nbsp;Request: Keyword</a>
<tr><td class="alpha">&nbsp;</td><td class="text"><a href="#2.4.1.responseencoding">2.4.1&nbsp;Response Encoding</a>
<tr><td class="alpha">&nbsp;</td><td class="text"><a href="#10.6.reversemapping">10.6&nbsp;Reverse Mapping</a>
<tr><td class="alpha">&nbsp;</td><td class="text"><a href="#3.2.rightsidentifiers">&lsquo;Rights Identifiers&rsquo; in 3.2 Recommended Package Security</a>
<tr><td class="alpha">&nbsp;</td><td class="text"><a href="#5.3.4.robin">&lsquo;Robin:&rsquo; in 5.3.4 Instance: and Robin: Keywords</a>
<tr><td class="alpha">&nbsp;</td><td class="text"><a href="#13.rsadatasecurity">&lsquo;RSA Data Security&rsquo; in 13. Attribution and Acknowledgement</a>
<tr><td class="alpha">&nbsp;</td><td class="text"><a href="#10.1.ruleinterpretation">10.1&nbsp;Rule Interpretation</a>
<tr><td class="alpha">&nbsp;</td><td class="text"><a href="#10.5.rules">10.5&nbsp;Rules</a>
<tr><td class="alpha">S</td><td class="text"><a href="#10.5.4.scriptlocation">&lsquo;Script Location&rsquo; in 10.5.4 EXEC/UXEC and SCRIPT, Script Mapping Rules</a>
<tr><td class="alpha">&nbsp;</td><td class="text"><a href="#3.6.scripting">3.6&nbsp;Scripting</a>
<tr><td class="alpha">&nbsp;</td><td class="text"><a href="#6.1.scripting">&lsquo;Scripting&rsquo; in 6.1 Functional Groupings</a>
<tr><td class="alpha">&nbsp;</td><td class="text"><a href="#3.5.3.scripting">3.5.3&nbsp;Scripting</a>
<tr><td class="alpha">&nbsp;</td><td class="text"><a href="#3.3.sechanutility">&lsquo;SECHAN Utility&rsquo; in 3.3 Maintaining Package Security</a>
<tr><td class="alpha">&nbsp;</td><td class="text"><a href="#6.1.securesocket">&lsquo;Secure Socket&rsquo; in 6.1 Functional Groupings</a>
<tr><td class="alpha">&nbsp;</td><td class="text"><a href="#3.3.securecom">&lsquo;SECURE.COM&rsquo; in 3.3 Maintaining Package Security</a>
<tr><td class="alpha">&nbsp;</td><td class="text"><a href="#3.6.securingauthorisation">&lsquo;Securing Authorisation&rsquo; in 3.6 Scripting</a>
<tr><td class="alpha">&nbsp;</td><td class="text"><a href="#3.5.4.securingscripting">&lsquo;Securing Scripting&rsquo; in 3.5.4 Server Side Includes</a>
<tr><td class="alpha">&nbsp;</td><td class="text"><a href="#3.securityconsiderations">3.&nbsp;Security Considerations</a>
<tr><td class="alpha">&nbsp;</td><td class="text"><a href="#3.1.serverandsitetesting">3.1&nbsp;Server and Site Testing</a>
<tr><td class="alpha">&nbsp;</td><td class="text"><a href="#3.5.2.serverreports">3.5.2&nbsp;Server Reports</a>
<tr><td class="alpha">&nbsp;</td><td class="text"><a href="#3.5.4.serversideincludes">3.5.4&nbsp;Server Side Includes</a>
<tr><td class="alpha">&nbsp;</td><td class="text"><a href="#6.1.serversideincludes">&lsquo;Server Side Includes&rsquo; in 6.1 Functional Groupings</a>
<tr><td class="alpha">&nbsp;</td><td class="text"><a href="#5.1.serviceconditionals">5.1&nbsp;Service Conditionals</a>
<tr><td class="alpha">&nbsp;</td><td class="text"><a href="#2.3.1.serviceconditionals">&lsquo;Service Conditionals&rsquo; in 2.3.1 [[virtual-server]]</a>
<tr><td class="alpha">&nbsp;</td><td class="text"><a href="#7.serviceconfiguration">7.&nbsp;Service Configuration</a>
<tr><td class="alpha">&nbsp;</td><td class="text"><a href="#7.7.servicedirectives">7.7&nbsp;Service Directives</a>
<tr><td class="alpha">&nbsp;</td><td class="text"><a href="#7.7.servicedirectives">&lsquo;Service Directives&rsquo; in 7.7 Service Directives</a>
<tr><td class="alpha">&nbsp;</td><td class="text"><a href="#7.10.serviceexamples">7.10&nbsp;Service Examples</a>
<tr><td class="alpha">&nbsp;</td><td class="text"><a href="#10.5.5.setrule">10.5.5&nbsp;SET Rule</a>
<tr><td class="alpha">&nbsp;</td><td class="text"><a href="#3.9.siteattacks">3.9&nbsp;Site Attacks</a>
<tr><td class="alpha">&nbsp;</td><td class="text"><a href="#2.2.siteorganisation">2.2&nbsp;Site Organisation</a>
<tr><td class="alpha">&nbsp;</td><td class="text"><a href="#2.10.2.sitespecific">2.10.2&nbsp;Site Specific</a>
<tr><td class="alpha">&nbsp;</td><td class="text"><a href="#3.9.sitevulnerabilities">&lsquo;Site Vulnerabilities&rsquo; in 3.9 Site Attacks</a>
<tr><td class="alpha">&nbsp;</td><td class="text"><a href="#7.1.specificservices">7.1&nbsp;Specific Services</a>
<tr><td class="alpha">&nbsp;</td><td class="text"><a href="#4.4.specifiedsubstitution">&lsquo;Specified Substitution&rsquo; in 4.4 Expression Substitution</a>
<tr><td class="alpha">&nbsp;</td><td class="text"><a href="#7.3.sslservices">7.3&nbsp;SSL Services</a>
<tr><td class="alpha">&nbsp;</td><td class="text"><a href="#3.9.strategies">&lsquo;Strategies&rsquo; in 3.9 Site Attacks</a>
<tr><td class="alpha">&nbsp;</td><td class="text"><a href="#5.2.stringmatching">&lsquo;String Matching&rsquo; in 5.2 If..endif Conditionals</a>
<tr><td class="alpha">&nbsp;</td><td class="text"><a href="#10.1.stringmatching">&lsquo;String Matching&rsquo; in 10.1 Rule Interpretation</a>
<tr><td class="alpha">&nbsp;</td><td class="text"><a href="#4.stringmatching">4.&nbsp;String Matching</a>
<tr><td class="alpha">&nbsp;</td><td class="text"><a href="#13.stuartlangridge">&lsquo;Stuart Langridge&rsquo; in 13. Attribution and Acknowledgement</a>
<tr><td class="alpha">&nbsp;</td><td class="text"><a href="#8.4.suppliedmessagefiles">8.4&nbsp;Supplied Message Files</a>
<tr><td class="alpha">&nbsp;</td><td class="text"><a href="#11.1.sysuafidentifierauthentication">11.1&nbsp;SYSUAF/Identifier Authentication</a>
<tr><td class="alpha">T</td><td class="text"><a href="#0.tableofcontent">&lsquo;Table of Content&rsquo; in  WASD Configuration</a>
<tr><td class="alpha">&nbsp;</td><td class="text"><a href="#13.tatsuhirotsujikawa">&lsquo;Tatsuhiro Tsujikawa&rsquo; in 13. Attribution and Acknowledgement</a>
<tr><td class="alpha">&nbsp;</td><td class="text"><a href="#9.terminology">&lsquo;Terminology&rsquo; in 9. Cache Configuration</a>
<tr><td class="alpha">&nbsp;</td><td class="text"><a href="#3.10.thissectionisnotanexplanationofcsp">&lsquo;This section is not an explanation of CSP&rsquo; in 3.10 Content Security Policy (CSP)</a>
<tr><td class="alpha">&nbsp;</td><td class="text"><a href="#5.3.5.timekeyword">5.3.5&nbsp;Time: Keyword</a>
<tr><td class="alpha">&nbsp;</td><td class="text"><a href="#6.1.timeout">&lsquo;Timeout&rsquo; in 6.1 Functional Groupings</a>
<tr><td class="alpha">&nbsp;</td><td class="text"><a href="#6.2.tlssslconfiguration">&lsquo;TLS/SSL Configuration&rsquo; in 6.2 Alphabetic Listing</a>
<tr><td class="alpha">&nbsp;</td><td class="text"><a href="#7.8.tlssslconfiguration">&lsquo;TLS/SSL Configuration&rsquo; in 7.8 Directive Detail</a>
<tr><td class="alpha">&nbsp;</td><td class="text"><a href="#7.8.tlssslconfiguration">&lsquo;TLS/SSL Configuration&rsquo; in 7.8 Directive Detail</a>
<tr><td class="alpha">&nbsp;</td><td class="text"><a href="#7.6.towwwornottowww">7.6&nbsp;To www. Or Not To www.</a>
<tr><td class="alpha">&nbsp;</td><td class="text"><a href="#10.3.traditionalfilespecificationsods2">10.3&nbsp;Traditional File Specifications (ODS-2)</a>
<tr><td class="alpha">&nbsp;</td><td class="text"><a href="#5.3.6.trnlnmkeyword">5.3.6&nbsp;Trnlnm: Keyword</a>
<tr><td class="alpha">&nbsp;</td><td class="text"><a href="#1.1.troubleshooting">1.1&nbsp;Troubleshooting?</a>
<tr><td class="alpha">U</td><td class="text"><a href="#2.7.3.unknowncontenttypes">2.7.3&nbsp;Unknown Content-Types</a>
<tr><td class="alpha">&nbsp;</td><td class="text"><a href="#2.3.2.unknownvirtualserver">2.3.2&nbsp;Unknown Virtual Server</a>
<tr><td class="alpha">&nbsp;</td><td class="text"><a href="#10.10.1.useraccountscripting">&lsquo;User Account Scripting&rsquo; in 10.10.1 Using The SYSUAF</a>
<tr><td class="alpha">&nbsp;</td><td class="text"><a href="#10.5.3.userrule">10.5.3&nbsp;USER Rule</a>
<tr><td class="alpha">&nbsp;</td><td class="text"><a href="#2.12.1.userdefined">&lsquo;User-Defined&rsquo; in 2.12.1 Log Format</a>
<tr><td class="alpha">&nbsp;</td><td class="text"><a href="#2.10.2.usingascript">&lsquo;Using a Script&rsquo; in 2.10.2 Site Specific</a>
<tr><td class="alpha">&nbsp;</td><td class="text"><a href="#2.10.2.usinganssidocument">&lsquo;Using an SSI Document&rsquo; in 2.10.2 Site Specific</a>
<tr><td class="alpha">&nbsp;</td><td class="text"><a href="#2.10.2.usingstatichtmldocuments">&lsquo;Using Static HTML Documents&rsquo; in 2.10.2 Site Specific</a>
<tr><td class="alpha">&nbsp;</td><td class="text"><a href="#10.10.1.usingthesysuaf">10.10.1&nbsp;Using The SYSUAF</a>
<tr><td class="alpha">V</td><td class="text"><a href="#10.1.virtualservers">&lsquo;Virtual Servers&rsquo; in 10.1 Rule Interpretation</a>
<tr><td class="alpha">&nbsp;</td><td class="text"><a href="#10.8.virtualservers">10.8&nbsp;Virtual Servers</a>
<tr><td class="alpha">&nbsp;</td><td class="text"><a href="#2.3.virtualservices">2.3&nbsp;Virtual Services</a>
<tr><td class="alpha">&nbsp;</td><td class="text"><a href="#10.2.vmsfilesystemspecifications">10.2&nbsp;VMS File System Specifications</a>
<tr><td class="alpha">W</td><td class="text"><a href="#10.5.4.warning">&lsquo;WARNING&rsquo; in 10.5.4 EXEC/UXEC and SCRIPT, Script Mapping Rules</a>
<tr><td class="alpha">&nbsp;</td><td class="text"><a href="#0.wasdconfiguration">&lsquo;WASD Configuration&rsquo; in  WASD Configuration</a>
<tr><td class="alpha">&nbsp;</td><td class="text"><a href="#10.11.wasdcors">&lsquo;WASD CORS&rsquo; in 10.11 Cross Origin Resource Sharing</a>
<tr><td class="alpha">&nbsp;</td><td class="text"><a href="#10.11.wasdcorsexamples">&lsquo;WASD CORS Examples&rsquo; in 10.11 Cross Origin Resource Sharing</a>
<tr><td class="alpha">&nbsp;</td><td class="text"><a href="#13.wasdvmswebservicesndashcopyrightcopy19962021markgdaniel">&lsquo;WASD VMS Web Services &ndash; Copyright &copy; 1996-2021 Mark G. Daniel&rsquo; in 13. Attribution and Acknowledgement</a>
<tr><td class="alpha">&nbsp;</td><td class="text"><a href="#2.3.wasdconfigglobalservicedeprecated">&lsquo;WASD_CONFIG_GLOBAL [Service] (deprecated) &rsquo; in 2.3 Virtual Services</a>
<tr><td class="alpha">&nbsp;</td><td class="text"><a href="#2.3.wasdconfigservice">&lsquo;WASD_CONFIG_SERVICE&rsquo; in 2.3 Virtual Services</a>
<tr><td class="alpha">&nbsp;</td><td class="text"><a href="#5.5.4.watchdictionary">5.5.4&nbsp;WATCH Dictionary</a>
<tr><td class="alpha">&nbsp;</td><td class="text"><a href="#6.1.webdav">&lsquo;WebDAV&rsquo; in 6.1 Functional Groupings</a>
<tr><td class="alpha">&nbsp;</td><td class="text"><a href="#1.welcome">&lsquo;Welcome!&rsquo; in 1. Introduction</a>
<tr><td class="alpha">&nbsp;</td><td class="text"><a href="#9.whyimplementcaching">&lsquo;Why Implement Caching?&rsquo; in 9. Cache Configuration</a>
<tr><td class="alpha">&nbsp;</td><td class="text"><a href="#4.1.wildcardoperators">&lsquo;Wildcard Operators&rsquo; in 4.1 Wildcard Patterns</a>
<tr><td class="alpha">&nbsp;</td><td class="text"><a href="#4.1.wildcardpatterns">4.1&nbsp;Wildcard Patterns</a>
<tr><td class="alpha">&nbsp;</td><td class="text"><a href="#4.4.wildcardsubstitution">&lsquo;Wildcard Substitution&rsquo; in 4.4 Expression Substitution</a>
<tr><td class="alpha">&nbsp;</td><td class="text"><a href="#8.3.withintheonefile">&lsquo;Within The One File&rsquo; in 8.3 Multiple Language Specifications</a>
<tr><td class="alpha">&nbsp;</td><td class="text"><a href="#10.10.2.withoutusingthesysuaf">10.10.2&nbsp;Without Using The SYSUAF</a>
<tr><td class="alpha">Z</td><td class="text"><a href="#3.1.zapandhttp2">&lsquo;ZAP and HTTP/2&rsquo; in 3.1 Server and Site Testing</a>
</table>
</div>

<hr class="page">
<a id="13." href="#"></a>
<a id="13.attributionandacknowledgement" href="#"></a>
<a id="attributionandacknowledgement" href="#"></a>
<h1 class="head"><span class="numb">13.</span><span class="text">Attribution and Acknowledgement</span></h1>

<table class="NAVtable NAVprint"><tr>
<td><a href="javascript:window.history.back();">&#8617;&#xFE0E;</a>
<td><a href="#12.">&#8598;&#xFE0E;</a>
<td><a href="#0.">&#8593;&#xFE0E;</a>
<td><a>&#8600;&#xFE0E;</a>
<td><a href="javascript:window.history.forward();">&#8618;&#xFE0E;</a>
</table>

<a id="13.0.0.0.1" href="#"></a>
<a id="13.wasdvmswebservicesndashcopyrightcopy19962021markgdaniel" href="#"></a>
<a id="wasdvmswebservicesndashcopyrightcopy19962021markgdaniel" href="#"></a>
<h5 class="head"><span class="text">WASD VMS Web Services &ndash; Copyright &copy; 1996-2021 Mark G. Daniel</span></h5>

<a id="13.0.0.0.2" href="#"></a>
<a id="13.licensedundertheapachelicenseversion20" href="#"></a>
<a id="licensedundertheapachelicenseversion20" href="#"></a>
<h5 class="head"><span class="text">Licensed under the <span class="high bold">Apache License</span>, Version 2.0</span></h5>

<p>
<div class="blockof code">You may not use this software except in compliance with the License.
You may obtain a copy of the License at

<a class="link blank" target="_blank" style="margin-left:1em;" href="https://www.apache.org/licenses/LICENSE-2.0">https://www.apache.org/licenses/LICENSE-2.0</a>

Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an &quot;AS IS&quot; BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
</div>

<a id="13.0.0.0.3" href="#"></a>
<a id="13.noneofthefollowinglicensingappearsincompatiblewiththeapachelicense" href="#"></a>
<a id="noneofthefollowinglicensingappearsincompatiblewiththeapachelicense" href="#"></a>
<h5 class="head"><span class="text">None of the following licensing appears incompatible with the Apache License</span></h5>

<a id="13.0.0.0.4" href="#"></a>
<a id="13.clarkcooperetal" href="#"></a>
<a id="clarkcooperetal" href="#"></a>
<h5 class="head"><span class="text">Clark Cooper, et.al.</span></h5>

<p> This package uses the Expat XML parsing toolkit.

<div class="blockof code">Copyright (c) 1998, 1999, 2000
Thai Open Source Software Center Ltd and Clark Cooper
Copyright (c) 2001, 2002, 2003, 2004, 2005, 2006 Expat maintainers.

Permission is hereby granted, free of charge, to any person obtaining
a copy of this software and associated documentation files (the
&quot;Software&quot;), to deal in the Software without restriction, including
without limitation the rights to use, copy, modify, merge, publish,
distribute, sublicense, and/or sell copies of the Software, and to
permit persons to whom the Software is furnished to do so, subject to
the following conditions:

The above copyright notice and this permission notice shall be included
in all copies or substantial portions of the Software.
</div>

<a id="13.0.0.0.5" href="#"></a>
<a id="13.bjoumlernhoumlehrmann" href="#"></a>
<a id="bjoumlernhoumlehrmann" href="#"></a>
<h5 class="head"><span class="text">Bj&ouml;ern H&ouml;ehrmann</span></h5>

<p> This package uses essential algorithm and code from Flexible and Economical
UTF-8 Decoder.

<div class="blockof code">Copyright (c) 2008-2009 Bj&ouml;ern H&ouml;ehrmann (&lt;bjoern@hoehrmann.de&gt;)

Permission is hereby granted, free of charge, to any person obtaining
a copy of this software and associated documentation files (the
&quot;Software&quot;), to deal in the Software without restriction, including
without limitation the rights to use, copy, modify, merge, publish,
distribute, sublicense, and/or sell copies of the Software, and to
permit persons to whom the Software is furnished to do so, subject to
the following conditions:

The above copyright notice and this permission notice shall be included
in all copies or substantial portions of the Software.
</div>

<a id="13.0.0.0.6" href="#"></a>
<a id="13.freesoftwarefoundation" href="#"></a>
<a id="freesoftwarefoundation" href="#"></a>
<h5 class="head"><span class="text">Free Software Foundation</span></h5>

<p> This package contains software made available by the Free Software
Foundation under the GNU General Public License.

<div class="blockof code">This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2, or (at your option)
any later version.
</div>

<a id="13.0.0.0.7" href="#"></a>
<a id="13.ohiostateuniversity" href="#"></a>
<a id="ohiostateuniversity" href="#"></a>
<h5 class="head"><span class="text">Ohio State University</span></h5>

<p> This package contains software provided with the OSU (DECthreads) HTTP
server package, authored by David Jones:

<div class="blockof code">Copyright 1994,1997 The Ohio State University.  
The Ohio State University will not assert copyright with respect
to reproduction, distribution, performance and/or modification 
of this program by any person or entity that ensures that all 
copies made, controlled or distributed by or for him or it bear 
appropriate acknowlegement of the developers of this program.
</div>

<a id="13.0.0.0.8" href="#"></a>
<a id="13.opensslproject" href="#"></a>
<a id="opensslproject" href="#"></a>
<h5 class="head"><span class="text">OpenSSL Project</span></h5>
                                                                           
<p> This product <span class="high italic">can</span> include software developed by the OpenSSL Project for
use in the OpenSSL Toolkit (<a class="link blank" target="_blank" href="https://www.openssl.org/">https://www.openssl.org/</a>).

<div class="blockof code">Redistribution and use in source and binary forms, with or without
modification, are permitted ...
</div>

<a id="13.0.0.0.9" href="#"></a>
<a id="13.paulejones" href="#"></a>
<a id="paulejones" href="#"></a>
<h5 class="head"><span class="text">Paul E. Jones</span></h5>

<p> This package uses SHA-1 hash code.

<div class="blockof code">Copyright (C) 1998, 2009
Paul E. Jones &lt;paulej@packetizer.com&gt;

Freeware Public License (FPL)

This software is licensed as &quot;freeware.&quot;  Permission to distribute this
software in source and binary forms, including incorporation  into other
products, is hereby granted without a fee.
</div>

<a id="13.0.0.0.10" href="#"></a>
<a id="13.rsadatasecurity" href="#"></a>
<a id="rsadatasecurity" href="#"></a>
<h5 class="head"><span class="text">RSA Data Security</span></h5>

<p> This software contains code derived in part from RSA Data Security, Inc:

<div class="blockof code">permission granted to make and use derivative works provided that such works
are identified as &quot;derived from the RSA Data Security, Inc. MD5 Message-Digest
Algorithm&quot; in all material mentioning or referencing the derived work.
</div>

<a id="13.0.0.0.11" href="#"></a>
<a id="13.stuartlangridge" href="#"></a>
<a id="stuartlangridge" href="#"></a>
<h5 class="head"><span class="text">Stuart Langridge</span></h5>

<p> SortTable version 2
<br> Stuart Langridge, http://www.kryogenix.org/code/browser/sorttable/

<div class="blockof code">Thanks to many, many people for contributions and suggestions.
Licenced as X11: <a class="link blank" target="_blank" href="http://www.kryogenix.org/code/browser/licence.html">http://www.kryogenix.org/code/browser/licence.html</a>
This basically means: do what you want with it.
</div>

<a id="13.0.0.0.12" href="#"></a>
<a id="13.tatsuhirotsujikawa" href="#"></a>
<a id="tatsuhirotsujikawa" href="#"></a>
<h5 class="head"><span class="text">Tatsuhiro Tsujikawa</span></h5>

<p> nghttp2 - HTTP/2 C Library
<br> Tatsuhiro Tsujikawa, <a class="link blank" target="_blank" href="https://github.com/tatsuhiro-t">https://github.com/tatsuhiro-t</a>

<div class="blockof code">Permission is hereby granted, free of charge, to any person obtaining a copy of
this software and associated documentation files (the &quot;Software&quot;), to deal in
the Software without restriction, including without limitation the rights to
use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies
of the Software, and to permit persons to whom the Software is furnished to do
so, subject to the following conditions:

The above copyright notice and this permission notice shall be included in all
copies or substantial portions of the Software.
</div>

<p> <span class="high bold">VSI OpenVMS</span>,
<span class="high bold">VSI TCP/IP Services for OpenVMS</span>,
<span class="high bold">VSI C</span>

<br> are registered trademarks of VMS Software Inc. 

<p> <span class="high bold">OpenVMS</span>,
<span class="high bold">HP TCP/IP Services for OpenVMS</span>,
<span class="high bold">HP C</span>,
<span class="high bold">Alpha</span>,
<span class="high bold">Itanium</span> and
<span class="high bold">VAX</span>

<br> are registered trademarks of Hewlett Packard Enterprise 

<p> <span class="high bold">MultiNet</span> and <span class="high bold">TCPware</span> are registered trademarks of Process Software
Corporation

<table class="NAVtable NAVprint"><tr>
<td><a href="javascript:window.history.back();">&#8617;&#xFE0E;</a>
<td><a href="#12.">&#8598;&#xFE0E;</a>
<td><a href="#0.">&#8593;&#xFE0E;</a>
<td><a>&#8600;&#xFE0E;</a>
<td><a href="javascript:window.history.forward();">&#8618;&#xFE0E;</a>
</table>
<title>WASD Configuration</title>