Configuration Parameters

The component uses configuration parameters specified in the [HTTPD] section of the unified configuration file of Dr.Web Mail Security Suite.

The section contains the following parameters:

Parameter

Description

LogLevel

{logging level}

Logging level of the component.

If a parameter value is not specified, the DefaultLogLevel parameter value from the [Root] section is used.

Default value: Notice

Log

{log type}

Logging method of the component.

Default value: Auto

ExePath

{path to file}

Component executable path.

Default value:

for GNU/Linux: /opt/drweb.com/bin/drweb-httpd

for FreeBSD: /usr/local/libexec/drweb.com/bin/drweb-httpd

Start

{boolean}

Start or stop the component with the Dr.Web ConfigD configuration management daemon.

Setting this parameter to Yes instructs the configuration management daemon to start the component immediately, and setting this parameter to No—to shut down the component immediately.

Default value: Depends on whether the management web interface is installed

AdminListen

{address, …}

List of network sockets (every network socket is defined by the <IP address>:<port> pair) listened by Dr.Web HTTPD for HTTPS connections from clients with administrative privileges. These sockets are used both to connect to the management web interface and to access the HTTP API.

The values of the list must be comma-separated (each value put in quotation marks). The parameter can be specified more than once in the section (in this case, all parameter values are combined into one list).

Example: Add sockets 192.168.0.1:1234 and 10.20.30.45:5678 to the list.

1.Adding values to the configuration file.

Two values per line:

[HTTPD]
AdminListen = "192.168.0.1:1234", "10.20.30.45:5678"

Two lines (one value per line):

[HTTPD]
AdminListen = 192.168.0.1:1234
AdminListen = 10.20.30.45:5678

2.Adding values with the drweb-ctl cfset command:

# drweb-ctl cfset HTTPD.AdminListen -a 192.168.0.1:1234
# drweb-ctl cfset HTTPD.AdminListen -a 10.20.30.45:5678

If no value is specified, it is impossible to use HTTP API and the management web interface.

Default value: 127.0.0.1:4443

PublicListen

{address, …}

List of network sockets (every network socket is defined by the <IP address>:<port> pair) listened by Dr.Web HTTPD for HTTP connections from clients with limited privileges.

The values of the list must be comma-separated (each value put in quotation marks). The parameter can be specified more than once in the section (in this case, all parameter values are combined into one list).

Example: Add sockets 192.168.0.1:1234 and 10.20.30.45:5678 to the list.

1.Adding values to the configuration file.

Two values per line:

[HTTPD]
PublicListen = "192.168.0.1:1234", "10.20.30.45:5678"

Two lines (one value per line):

[HTTPD]
PublicListen = 192.168.0.1:1234
PublicListen = 10.20.30.45:5678

2.Adding values with the drweb-ctl cfset command:

# drweb-ctl cfset HTTPD.PublicListen -a 192.168.0.1:1234
# drweb-ctl cfset HTTPD.PublicListen -a 10.20.30.45:5678

You cannot access the full scope of the HTTP API commands or access the management web interface at these addresses.

Default value: (not specified)

AdminSslCertificate

{path to file}

Path to the server certificate file used by the management web interface server to communicate with clients that establish HTTPS connections to the administrative socket.

This file is generated automatically during the installation of the component.

The certificate file and the private key file (specified by the AdminSslKey parameter) must match each other.

Default value:

for GNU/Linux: /etc/opt/drweb.com/certs/serv.crt

for FreeBSD: /usr/local/etc/drweb.com/certs/serv.crt

AdminSslKey

{path to file}

Path to the private key file used by the management web interface server to communicate with clients that establish HTTPS connections to the administrative socket.

The private key file is generated automatically during the installation of the component.

The certificate file (specified by the AdminSslCertificate parameter) and the private key file must match each other.

Default value:

for GNU/Linux: /etc/opt/drweb.com/certs/serv.key

for FreeBSD: /usr/local/etc/drweb.com/certs/serv.key

AdminSslCA

{path to file}

Path to a Certification Authority (CA) certificate file for certificates used by clients that establish HTTPS connections to the administrative socket.

If a client certificate is signed with the certificate specified by this parameter, client authentication by providing the login/password pair is not performed. Furthermore, this authentication method is prohibited for clients that use client certificates signed with this certificate.

A client who passed the certificate-based authentication is always assumed to be a superuser (root).

Default value: (not specified)

WebconsoleRoot

{path to directory}

Path to a directory with the files used by the management web interface (similar to the htdocs directory of Apache HTTP Server).

Default value:

for GNU/Linux: /opt/drweb.com/share/drweb-httpd/webconsole

for FreeBSD: /usr/local/libexec/drweb.com/share/drweb-httpd/webconsole

AccessLogPath

{path to file}

Path to the file in which all HTTP/HTTPS requests from clients to the management web interface server are logged.

If the parameter is not specified, requests are not logged.

Default value: (not specified)