F2. Dr.Web Security Control Center Configuration File

The webmin.conf Dr.Web Security Control Center configuration file is presented in the XML format and located in the etc subfolder of the Dr.Web Server installation folder.

Description of Dr.Web Security Control Center configuration file parameters:

<version value="">

Current version of Dr.Web Server.

<server-name value=""/>

The name of Dr.Web Server.

Parameter is specified in the following format:

<Dr.Web Server IP address or DNS name>[:<port>]

If the Dr.Web Server address is not specified, computer name returned by the operating system or the Dr.Web Server network address: domain name, if available, otherwise—IP address are used.

If the port number is not specified, the port from a request is used (e.g., for requests to Dr.Web Server from the Control Center or via the Web API). Particularly, for the requests from the Control Center it is the port specified in the address line for connection of the Control Center to Dr.Web Server.

<document-root value=""/>

Path to web pages root folder. Default is value="webmin".

<ds-modules value=""/>

Path to modules folder. Default is value="ds-modules".

<threads value=""/>

Number of parallel requests processed by the web server. This parameter affects server performance. It is not recommended to change this parameter without need.

<io-threads value=""/>

Number of threads serving data transmitted in network. This parameter affects the Dr.Web Server performance. It is not recommended to change this parameter without need.

<compression value="" max-size="" min-size=""/>

Traffic compression settings for data transmission over a communication channel with the web server via HTTP/HTTPS.

Attributes description:

Attribute

Description

Default

value

Data compression level from 1 to 9, where the 1 is minimal level and the 9 is maximal compression level.

9

max-size

Maximal size of HTTP responses which will be compressed. Specify the 0 value to disable limitation on maximal size of HTTP responses to be compressed.

51200 KB

min-size

Minimal size of HTTP responses which will be compressed. Specify the 0 value to disable limitation on minimal size of HTTP responses to be compressed.

32 bytes

<keep-alive timeout="" send-rate="" receive-rate=""/>

Keep HTTP session active. Allows to establish permanent connection for requests via the HTTP v. 1.X.

Attributes description:

Attribute

Description

Default

timeout

HTTP session time-out. For persistent connections, Dr.Web Server releases the connection, if there are no requests received from a client during specific time slot.

15 sec.

send-rate

Minimal acceptable data send rate. If outgoing network speed is lower than this value, connection will be rejected. Specify 0 to ignore this limit.

1024 Bps

receive-rate

Minimal acceptable data receive rate. If incoming network speed is lower than this value, connection will be rejected. Specify 0 to ignore this limit.

1024 Bps

<buffers-size send="" receive=""/>

Configuration of buffers sizes for sending and receiving data.

Attributes description:

Attribute

Description

Default

send

Size of buffers used when sending data. This parameter affects server performance. It is not recommended to change this parameter without need.

8192 bytes

receive

Size of buffers used when receiving data. This parameter affects server performance. It is not recommended to change this parameter without need.

2048 bytes

<max-request-length value=""/>

Maximum allowed size of HTTP request in KB.

<xheaders>

Configuration parameter that lets you add custom HTTP headers. Three headers present by default are intended to protect from network attacks:

<xheader name="X-XSS-Protection" value="1; mode=block"/>

The header controls web browser behavior if it detects any code inlined into attacked web page (so called "XSS attack"). Allowed values:

Value

Browser behavior

0

XSS filtering is disabled.

1

XSS filtering is enabled. Web browser will delete inline code if it detects an XSS attack.

1; mode=block

XSS filtering is enabled. Web browser will not render a compromised web page if it detects an XSS attack. This value is used by default.

1; report=<network-address>

XSS filtering is enabled. Web browser will delete inline code and report to specified address if it detects an XSS attack. This value is supported in Chromium-based web browsers only.

<xheader name="X-Content-Type-Options" value="nosniff"/>

The header with the default value (nosniff) prevents web browser from executing any files implying MIME type changing.

<xheader name="X-Frame-Options" value="SAMEORIGIN"/>

The header controls web browser behavior if it detects an attempt to inline a web page into a frame (so called "clickjacking"). Allowed values:

Value

Browser behavior

DENY

Prevents web browser from rendering a web page in a frame.

SAMEORIGIN

Allows web browser to render a web page in a frame as long as the page and the frame both have the same origin (domain, port, and protocol). This value is used by default.

ALLOW-FROM <network-address>

Allows web browser to render a web page in a frame only if the web page is located at a specified address.

<reverse-resolve enabled=""/>

Replace IP address with DNS names of computers in the Dr.Web Server log file. Allowed values of enabled: yes or no.

<script-errors-to-browser enabled=""/>

Show script errors in browser (error 500). This parameter is used by technical support and developers. It is not recommended to change this parameter without need.

<trace-scripts enabled=""/>

Enable scripts tracing. This parameter is used by technical support and developers. It is not recommended to change this parameter without need. Allowed values of enabled: yes or no.

<profile-scripts enabled="" stack=""/>

Profiling configuration. Performance is measuring—execution time of functions and scripts of the web server. This parameter is used by technical support and developers. It is not recommended to change this parameter without need.

Attributes description:

Attribute

Allowed values

Description

enabled

yes—enable profiling,

no—disable profiling.

Scripts profiling mode.

stack

yes—log data,

no—do not log data.

Logging mode of information on profiling (function parameters and returned values) into the Dr.Web Server log.

<abort-scripts enabled=""/>

Allow aborting of scripts execution if the connection was aborted by client. This parameter is used by technical support and developers. It is not recommended to change this parameter without need. Allowed values of enabled: yes or no.

<search-localized-index enabled=""/>

Use localized versions of pages. If the flag is set, server searches for localized version of specified page according to the language priority which is set in the Accept-Language field of client header. Allowed values of enabled: yes or no.

<default-lang value=""/>

Language of documents returned by the web server in the absence of the Accept-Language header in the HTTP request. The value attribute is the ISO language code. Default is ru.

<ssl certificate="" private-key="" keep-alive="" ciphers="" />

SSL certificate settings.

Description of attributes:

Attribute

Description

Allowed values

Default

certificate

Path to SSL certificate file.

-

certificate.pem

private-key

Path to SSL private key file.

-

private-key.pem

keep-alive

Use keep-alive SSL connection. Older browsers may not work properly with regular SSL connections. Disable this parameter, if you have problems with SSL protocol.

yes,

no.

yes

ciphers

List and settings of ciphers being used.

For details, please follow this link, section “CIPHER LIST FORMAT”.

HIGH:!aNULL:!RC4:@STRENGTH

<listen>

Configure parameters to listen for network connections.

The <listen /> element contains the following child elements:

<insecure />

The list of interfaces to listen for accepting connections via the HTTP protocol for unsecured connections. Default port is 9080.

The <insecure /> element contains one or several <endpoint address=""/> child elements to specify allowed addresses in the IPv4 or IPv6 format. In the address attribute, network addresses are specified in the following format: <Protocol>://<IP address>.

<secure />

The list of interfaces to listen for accepting connections via the HTTPS protocol for secured connections. Default port is 9081.

The <secure /> element contains one or several <endpoint address=""/> child elements to specify allowed addresses in the IPv4 or IPv6 format. In the address attribute, network addresses are specified in the following format: <Protocol>://<IP address>.

<access>

Access control lists. Allow to configure limitations on network addresses to listen for accepting incoming HTTP and HTTPS requests by the web server.

The <access> element contains the following child elements, which configuring limitations for corresponding connection types:

<secure priority="">

The list of interfaces to listen for accepting secured connections via the HTTPS protocol. Default port is 9081.

Attributes description:

Attribute

Allowed values

Description

Default

priority

allow

Allowance priority for HTTPS—addresses not included in any of the lists (or included into both), are allowed.

deny

deny

Denial priority for HTTPS—addresses not included in any of the lists (or included into both), are denied.

The <secure /> element contains one or several following child elements: <allow address=""/> and <deny address=""/>.

Elements description:

Element

Description

Default value of address attribute

allow

Addresses which are allowed to access via the HTTPS protocol for secured connections.

tcp://127.0.0.1

deny

Addresses which are denied to access via the HTTPS protocol for secured connections.

-

<insecure priority="">

The list of interfaces to listen for accepting unsecured connections via the HTTP protocol. Default port is 9080.

Attributes description:

Attribute

Allowed values

Description

Default

priority

allow

Allowance priority for HTTP—addresses not included in any of the lists (or included into both), are allowed.

deny

deny

Denial priority for HTTP—addresses not included in any of the lists (or included into both), are denied.

The <insecure /> element contains one or several following child elements: <allow address=""/> and <deny address=""/>.

Elements description:

Element

Description

Default value of address attribute

allow

Addresses which are allowed to access via the HTTP protocol for unsecured connections.

tcp://127.0.0.1

deny

Addresses which are denied to access via the HTTP protocol for unsecured connections.

-