Configuration Parameters

The component uses configuration parameters which can be found in the [HTTPD] section of the integrated configuration file of Dr.Web for UNIX Mail Servers.

The section contains the following parameters:

Parameter

Description

LogLevel

{logging level}

Logging level of the component.

If the parameter value is not specified, the DefaultLogLevel parameter value from the [Root] section is used.

Default value: Notice

Log

{log type}

Logging method of the component.

Default value: Auto

ExePath

{path to file}

Executable path to the component.

Default value: <opt_dir>/bin/drweb-httpd.

For GNU/Linux: /opt/drweb.com/bin/drweb-httpd.

For FreeBSD: /usr/local/libexec/drweb.com/bin/drweb-httpd

Start

{Boolean}

Launch/do not launch the component by the Dr.Web ConfigD configuration daemon.

When you specify the Yes value for this parameter, it the configuration daemon will start the component immediately; and when you specify the No value, the configuration daemon will terminate the component immediately.

Default value: It depends on whether product management interface is installed.

AdminListen

{address, …}

List of network sockets (every network socket consists of <IP address>:<port>) on which Dr.Web HTTPD is listening for connections (via HTTPS) from clients that have administrative privileges. These sockets are used both for connecting to the managing web interface (if the web interface is installed) and for access to the HTTP API.

The values in the list must be separated with commas (each value in the quotation marks). The parameter can be specified more than once in the section (in this case, all its values are combined into one list).

Example: Add sockets 192.168.0.1:1234 and 10.20.30.45:5678 to the list.

1.Adding values to the configuration file.

Two values in a line:

[HTTPD]
AdminListen = "192.168.0.1:1234", "10.20.30.45:5678"

Two lines (a value per line):

[HTTPD]
AdminListen = 192.168.0.1:1234
AdminListen = 10.20.30.45:5678

2.Adding values via the drweb-ctl cfset command:

# drweb-ctl cfset HTTPD.AdminListen -a 192.168.0.1:1234
# drweb-ctl cfset HTTPD.AdminListen -a 10.20.30.45:5678

If no value is specified, it is impossible to use the HTTP API and the web interface (if it is installed).

Default value: 127.0.0.1:4443

PublicListen

{address, …}

List of network sockets (every network socket consists of <IP address>:<port>) on which Dr.Web HTTPD is listening for connections (via HTTP) from clients with limited privileges.

The values in the list must be separated with commas (each value in the quotation marks). The parameter can be specified more than once in the section (in this case, all its values are combined into one list).

Example: Add sockets 192.168.0.1:1234 and 10.20.30.45:5678 to the list.

1.Adding values to the configuration file.

Two values in a line:

[HTTPD]
PublicListen = "192.168.0.1:1234", "10.20.30.45:5678"

Two lines (one value per line):

[HTTPD]
PublicListen = 192.168.0.1:1234
PublicListen = 10.20.30.45:5678

2.Adding values via the drweb-ctl cfset command:

# drweb-ctl cfset HTTPD.PublicListen -a 192.168.0.1:1234
# drweb-ctl cfset HTTPD.PublicListen -a 10.20.30.45:5678

At these addresses (sockets) you cannot access the full scope of the HTTP API commands or access the managing web interface.

Default value: (not set)

AdminSslCertificate

{path to file}

Path to the server certificate file used by the web interface server for communication with clients that establish connections to an administrative socket via HTTPS.

This file is generated automatically during the installation of the component.

Please note that the certificate file and the private key file (which is specified by a parameter described below) must form a matching pair.

Default value: <etc_dir>/certs/serv.crt.

For GNU/Linux: /etc/opt/drweb.com/certs/serv.crt.

For FreeBSD: /usr/local/etc/drweb.com/certs/serv.crt

AdminSslKey

{path to file}

Path to private key file used by the web interface server for communication with clients that establish connections to an administrative socket via HTTPS.

This file is generated automatically during the installation of the component.

Please note that the certificate file (which is specified by the previous discussed parameter) and the private key file must form a matching pair.

Default value: <etc_dir>/certs/serv.key.

For GNU/Linux: /etc/opt/drweb.com/certs/serv.key.

For FreeBSD: /usr/local/etc/drweb.com/certs/serv.key

AdminSslCA

{path to file}

Path to a certificate file that acts as a trusted Certification Authority (CA) certificate for checking the certificates provided by the clients who are connecting to an administrative socket via HTTPS.

If the client’s certificate is signed with the certificate specified in this parameter, this client will not need to enter the login/password pair for authentication. Moreover, the login/password Authentication is prohibited for clients that use client certificates signed with the certificate set in this parameter.

The client that passed this certificate-based authentication is always treated as a superuser (root).

Default value: (not set)

WebconsoleRoot

{path to directory}

Path to the directory with the files used by the management web interface if it is installed (similar to the htdocs directory of an Apache HTTP Server).

Default value: <opt_dir>/share/drweb-httpd/webconsole.

For GNU/Linux: /opt/drweb.com/share/drweb-httpd/webconsole.

For FreeBSD: /usr/local/libexec/drweb.com/bin/drweb-httpd/webconsole

AccessLogPath

{path to file}

Path to the file where all HTTP/HTTPS requests from clients to the web interface server are registered.

If not specified, HTTP/HTTPS requests are not logged to a file.

Default value: (not set)