G2. Dr.Web Control Center Configuration File

Top  Previous  Next

The Dr.Web Control Center configuration file (webmin.conf) is located in the etc subdirectory of the Server root directory.

Formal grammar based on the Extended Backus-Naur Form (EBNF) notation is used for description of the Server configuration file. It uses the following symbols:

(...) — group of symbols (fragment of the configuration file);

'...' — terminal symbol;

<...> — nonterminal symbol;

| - symbol for selecting one of the given elements;

(...)? - symbol (or group of symbols) to the left of the operator is not obligatory (may occur 0 or 1 time);

(...)* - symbol (or group of symbols) to the left of the operator may be repeated any number of times (or may be omitted);

(...)+ - symbol (or group of symbols) to the left of the operator may occur 1 or more times;

[...] - any symbol from the specified range;

period at the end — a reserved character which indicates completion of a rule.

The format of the Dr.Web Control Center configuration file:

<instruction> := <parameter>* (';'<comment>)?.

 

<parameter> := <single> | <block>.

<single> := <name> <value>.

<group> := <name> '{' (<value>' ')+ '}'.

<block> := <prefix>? <name> '{' <single>* | <group>* | <access>? | <auth>? '}'.

 

<prefix> := 'Static' | 'Handler' | 'Scripts' | 'Mixed'.

<access> := 'Access {'

           'Secure {'

              'Priority ' <priority>?

              ('Allow {' <value>* '}')?

              ('Deny {' <value>* '}')?

           '}'

           'InSecure {'

              'Priority ' <priority>?

              ('Allow {' <value>* '}')?

              ('Deny {' <value>* '}')?

           '}'

         '}'.

<priority> := 'deny' | 'allow'.

 

<auth>:= 'Authorization {' <single>+ | <group>+ '}'.

 

<name> := <word>.

<value> := <word> <separator>*.

<word> := ( [a-zA-Z] | [0-9] | <sign> )+.

<separator> := \s | \t | \r | \n | \f.

<sign> := '/' | '*' | ':' | '.' | '-' | '?' | '^'| '[' | ']'.

The configuration file has a text format. The main units in the file are words with separators: spaces (\s), tabs (\t), carriage shunting (\r), line end (\n), format change (\f).

Comments begin with a semicolon and continue to the end of the line.

Settings of the Server are specified in the configuration file via instructions each consisting of:

a parameter which includes the parameter name (one word) and its value(s) (one or several words),

a block of parameters which includes the block name (one word) followed by values in braces ("{...}"):

simple parameters consisting of the parameter name (one word) and its value(s) (one or several words),

groups of parameters consisting of the parameter name (one word) followed by a set of values in braces (one or several words for each value),

the Access group of parameters which defines the rules for access to specified resources of the Server (see below),

the Authorization group of parameters which defines authorization parameters for access to specified resources (see below).

Before the name of a block you can specify a prefix (one word) which defines how this block should be processed.

Some of the possible instructions are described below. The order of instructions is irrelevant.

Most simple (single) parameters are specified with default values and do not require any changes. However, it may be necessary to set the values for some of them:

ServerName <DNS_name>:<port_number> – defines name and port number of the Server. It is used for connection requests to the Server. It is necessary to specify the correct values after installing the Server (see Installing the Dr.Web Enterprise Server).

Listen <protocol> <interface>:<port_number> – defines the parameters of interfaces which are being listened to. It is used to set up access to the Dr.Web Control Center.

Blocks of parameters consist of the the following groups and parameters:

The prefix (Static, Script, Handler or Mixed) is specified before the name of the parameter block and defines how corresponding user requests are processed.

The Static prefix defines a static processing method which implies that a user is given the final value - the requested file without changes (e.g. an image which is stored on the Server).

The Handler prefix defines a processing method which implies execution of a script specified in the parameters of the block upon receiving the user request (paths specified in the request do not have to be correct). It is necessary to have the Script <script_name> instruction in the body of the instruction block.

The Scripts prefix defines a processing method which implies execution of all files from the user request as scripts.

The Mixed prefix defines a mix of Static and Scripts processing methods. It is necessary to have the Scripts { <script_extension> } instruction in the body of the instruction block which defines executable scripts (according to extension). Other files, which do not comply with the values of the given group of parameters, will be passed on statically (without any processing).

The Access group of parameters contains access rights for the resources of the Server when processing the received user requests.

The Secure group defines access rights for protected connections via HTTPS.

The InSecure group defines access rights for unprotected connections via HTTP.

oThe Priority <priority> parameter defines the priority for processing lists of allowed and forbidden connections. If you specify the deny value, all addresses which are not included into both groups (Allow and Deny) will be forbidden. If you specify allow - they will be allowed.

oThe Allow group list of parameters defines addresses, access to which is allowed from the Server.

oThe Deny group list of parameters defines addresses, access to which is forbidden from the Server.

Addresses are added to the allowed/forbidden lists in the following format:

for TCP/IP: tcp/<IP-address>[/<prefix>];

for SPX: spx/<network_number>[.<station_address>].

The Authorization group of parameters defines the necessary parameters for user authorization when the Server is accessed to process a corresponding request.