F2. Dr.Web Security Control Center Configuration File |
The webmin.conf Dr.Web Security Control Center configuration file is presented in the XML format and located in the etc subfolder of the Dr.Web Server installation folder. Description of Dr.Web Security Control Center configuration file parameters: •<version value=""> Current version of Dr.Web Server. •<server-name value=""/> The name of Dr.Web Server. Parameter is specified in the following format: <Dr.Web Server IP address or DNS name>[:<port>] If the Dr.Web Server address is not specified, computer name returned by the operating system or the Dr.Web Server network address: domain name, if available, otherwise—IP address are used. If the port number is not specified, the port from a request is used (e.g., for requests to Dr.Web Server from the Control Center or via the ). Particularly, for the requests from the Control Center it is the port specified in the address line for connection of the Control Center to Dr.Web Server. •<document-root value=""/> Path to web pages root folder. Default is value="webmin". •<ds-modules value=""/> Path to modules folder. Default is value="ds-modules". •<threads value=""/> Number of parallel requests processed by the web server. This parameter affects server performance. It is not recommended to change this parameter without need. •<io-threads value=""/> Number of threads serving data transmitted in network. This parameter affects the Dr.Web Server performance. It is not recommended to change this parameter without need. •<compression value="" max-size="" min-size=""/> Traffic compression settings for data transmission over a communication channel with the web server via HTTP/HTTPS. Attributes description:
•<keep-alive timeout="" send-rate="" receive-rate=""/> Keep HTTP session active. Allows to establish permanent connection for requests via the HTTP v. 1.X. Attributes description:
•<buffers-size send="" receive=""/> Configuration of buffers sizes for sending and receiving data. Attributes description:
•<max-request-length value=""/> Maximum allowed size of HTTP request in KB. •<xheaders> Configuration parameter that lets you add custom HTTP headers. Three headers present by default are intended to protect from network attacks: ▫ <xheader name="X-XSS-Protection" value="1; mode=block"/> The header controls web browser behavior if it detects any code inlined into attacked web page (so called "XSS attack"). Allowed values:
▫ <xheader name="X-Content-Type-Options" value="nosniff"/> The header with the default value (nosniff) prevents web browser from executing any files implying MIME type changing. ▫ <xheader name="X-Frame-Options" value="SAMEORIGIN"/> The header controls web browser behavior if it detects an attempt to inline a web page into a frame (so called "clickjacking"). Allowed values:
•<reverse-resolve enabled=""/> Replace IP address with DNS names of computers in the Dr.Web Server log file. Allowed values of enabled: yes or no. •<script-errors-to-browser enabled=""/> Show script errors in browser (error 500). This parameter is used by technical support and developers. It is not recommended to change this parameter without need. •<trace-scripts enabled=""/> Enable scripts tracing. This parameter is used by technical support and developers. It is not recommended to change this parameter without need. Allowed values of enabled: yes or no. •<profile-scripts enabled="" stack=""/> Profiling configuration. Performance is measuring—execution time of functions and scripts of the web server. This parameter is used by technical support and developers. It is not recommended to change this parameter without need. Attributes description:
•<abort-scripts enabled=""/> Allow aborting of scripts execution if the connection was aborted by client. This parameter is used by technical support and developers. It is not recommended to change this parameter without need. Allowed values of enabled: yes or no. •<search-localized-index enabled=""/> Use localized versions of pages. If the flag is set, server searches for localized version of specified page according to the language priority which is set in the Accept-Language field of client header. Allowed values of enabled: yes or no. •<default-lang value=""/> Language of documents returned by the web server in the absence of the Accept-Language header in the HTTP request. The value attribute is the ISO language code. Default is ru. •<ssl certificate="" private-key="" keep-alive="" ciphers="" /> SSL certificate settings. Description of attributes:
•<listen> Configure parameters to listen for network connections. The <listen /> element contains the following child elements: ▫<insecure /> The list of interfaces to listen for accepting connections via the HTTP protocol for unsecured connections. Default port is 9080. The <insecure /> element contains one or several <endpoint address=""/> child elements to specify allowed addresses in the IPv4 or IPv6 format. In the address attribute, network addresses are specified in the following format: <Protocol>://<IP address>. ▫<secure /> The list of interfaces to listen for accepting connections via the HTTPS protocol for secured connections. Default port is 9081. The <secure /> element contains one or several <endpoint address=""/> child elements to specify allowed addresses in the IPv4 or IPv6 format. In the address attribute, network addresses are specified in the following format: <Protocol>://<IP address>. •<access> Access control lists. Allow to configure limitations on network addresses to listen for accepting incoming HTTP and HTTPS requests by the web server. The <access> element contains the following child elements, which configuring limitations for corresponding connection types: ▫<secure priority=""> The list of interfaces to listen for accepting secured connections via the HTTPS protocol. Default port is 9081. Attributes description:
The <secure /> element contains one or several following child elements: <allow address=""/> and <deny address=""/>. Elements description:
▫<insecure priority=""> The list of interfaces to listen for accepting unsecured connections via the HTTP protocol. Default port is 9080. Attributes description:
The <insecure /> element contains one or several following child elements: <allow address=""/> and <deny address=""/>. Elements description:
|