The SRElite2 manual

Descriptions of sreLite2 configuration parameters

Configuration parameters (in SRE2002.CFG) are read when SRE2002/sreLite2 first starts. Note that SREL_INI.RXX and SRELITE2.RXX contain several "advanced users" initialization parameters -- in most cases you should use their default values.

List of Configuration Parameters

For most sites, the most important parameters to think about changing are:
sel_requires, aliases, superusers, and default_requires.

Description of Configuration Parameters

ACCEPT_RANGE:Enable range requests.
When enabled, sreLite2 will look for range headers, and return the appropriate range of document. sreLite2 will also send Accept: range headers on most responses. 
       0=disable 
       1= Enable                              

  Example:
     accept_range=1

ADD_SLASH: Check for "subdirectory without trailing /" entries
If a selector that looks like it's a subdirectory without a trailing / is recieved, sreLite2 can add a / and redirect the client.
For example, if ADD_SLASH is enabled and if the selector is
    /myfiles/newstuff
then sreLite2 will return a 301 (redirect) response to the client with a location of
    /myfiles/newstuff/
Most clients will then reissue this (/myfiles/newstuff/), a request that the DEFAULTS parameter (below) helps resolve.

    0 = Do NOT check for this condition
    1 = Check

Setting ADD_SLASH=0 will save a teeny bit of processing, but requires that clients are careful when asking for directory specific default documents (they should always append the trailing /).

Example:
    add_slash=1

Note: ADD_SLASH is only used for GET and HEAD requests.

ALIASES : Aliasing rules.
Aliasing is used for specifying virtual directories, and for "internal" and "external" redirection.

Selectors (after all access controls have been completed) are compared to the "oldselector' field, and the "best" match is used (* can be used as a wildcard).

The syntax of each entry is:
    aliases =oldselector newselector
Both the oldselector and newselector can contain * wildcards.

Notes: 


 Examples:
   aliases/wow  /wow/index.htm
   aliases=/gone/* /dog/gone/*
   aliases=/gone* /dog/gone*
   aliases=/hersite/ *  http://www.hersite.org/*
   aliases=www3//jokes/*  e:\funnies\*
   aliases=/imgs http://danielh/imgs/
   aliases=www2//new/*  /files/current/*
   aliases=*//status   /statusl?SUMMARY

ALWAYS_GET_PRIVS Always get client specific privileges
Always check inhouseips entries and the username database

   0 = only get privileges (from inhouseips or user database) if required (if a selector requires some privilege)

   1 = always check inhouseips, and always check the user database. This means that the user will be asked for a username & password EVEN IF a resource requires NO privileges. In such cases (where the resource is available to all), the client can enter any username (it need not be a username/password defined in your SRELite/2 USERS.IN file) There is one exception to this: SUPERUSER clients (as defined by the SUPERUSERS parameter) will NOT be asked to supply a username

   2= Same as 1, but even SUPERUSERs are asked for a username

Example:

   always_get_privs=0

DEFAULTS: list of default names to use when request ends with a /
DEFAULTS list documents to return when a directory-type of entry (one that ends with a /) is requested. This includes the "home page", as would be sent on a request to http://foo.bar.net.

DEFAULTS should be spaced delimited set of filenames. The first filename in the list is tried first, and if no such file exists (in the appropriate directory), latter names are tried.

Notes:

Example:
   defaults=index.htm index.sht !DIR

DEFAULT_REQUIRES: Default required priviliges
DEFAULT_REQUIRES sets the required privilge when the does not match any of the sel_required. entries, (such as when sel_required.0=0).

Suggested values are:
   * = Any valid user (with a username/password) can obtain this selector
   0 = NO access control, anyone can obtain this selector
   SUPERUSER = superusers only.

Example:
   DEFAULT_REQUIRES=*

Notes:



DIR_EXCLUSIONS: Directory exclusion list.
DIR_EXCLUSIONS is used when a !DIR item (in the DEFAULTS) is activated.
DIR_EXCLUSIONS should be a space delimited list of file and subdirectory patterns (which may contain wildcards).
  • Filenames that match a "filename" entry in this list will not be displayed.
  • Subdirectory names that match "subdirectory" entry in this list will not be displayed.

    Notes:

    • Do NOT specify path information (these refer to files in the "requested" directory).
    • To define a subdirectory entry, start the item with a /

    Example:
       dir_exclusion=PASSW* USER*.* .HTACCESS* /PRIVATE

    DOMD5: Create and MD5 response header
    Create a Content-MD5 response header for (almost) all responses.
       0 = Do not create
       1 = Create
    Content-MD5 headers take a moment or two to create.
    They can be used by http/1.1 aware clients as a test for accurate transfer.

    Example:
       domd5=1

    GZIP_THESE: On the fly GZIP encoding

    sreLite2 can instruct SRE2002 to attempt on-the-fly GZIP encoding.
       0 = No
       1 = Yes (except files with .arc, .gzip, .gz, .lzh, .tar, or .zip extensions)

    Notes:

    • You can change the "do not gzip these" extensions by including a space delimited list of extensions after the 1.
    • SRE2002 does on-the-fly GZIP as a transfer-encoding. Older (http/1.0 compliant) browsers are usually unable to handle this form GZIP encoding. Thus, SRE2002 checks for client compatability before performing on-the-fly-GZIP.
    • On-the-fly GZIP is not attempted for the output of addons and cgi-bin scripts. Authors of addons (and cgi-bin scripts) should see the SRE2002 TE_GZIP option (of SRE_COMMAND) for further details.

    Examples:
       gzip_these=0
       gzip_these=1 ARJ COMPRESS GZ GZIP

    HOME_DIR: The users-home directory replacement for ~
    The value of HOME_DIR is used whenever a ~ is seen in a request.

    Example: HOME_DIR=USERS/

    ADVANCED OPTION: Specifying User Subdirectories

    In many cases, you may wish clients to have access to particular subdirectories of your "Users" directories. For example, all "students" may have space on the server machine, some of which is used for web, and some for "personal" purposes. The goal is to give clients direct access to the "web" related directories but not to the "personal" directories.

    This can be achieved by including a /$/ in the HOME_DIR parameter.
    Specifically, the $ is replaced by the substring between the ~ and the first / following the ~.

    For example:
       If HOME_DIR=USERS/$/WWW
       and the selector is /~GERALD/RESUME.HTM
       Then sreLite2 will use:
         /USERS/GERALD/WWW/RESUME.HTM

    Summarizing, given a $ in the HOME_DIR:
    SreLite2 reads the substring (of the request selector) between ~ and the first / following the ~ GERALD
    The substring is deleted from the request selector /~/RESUME.HTM
    The $ in HOME_DIR is replaced with this substring (from step 1) USERS/GERALD/WWW
  • The ~ in the modified request selector(from step 2) is replaced with the modified HOME_DIR (from step 3)
    		• /USERS/GERALD/WWW/RESUME.HTM

    Notes:

  • This ~ replacement occurs AFTER checking SEL_REQUIRES, but before alias checking. Thus, it is possible to map a subset of the "home" directories (under the HOME_DIR) to virtual directories.
  • The ~ replacement is assumed to stand in for a directory, and not for a substring of a directory.
    In practice, this means that:
       http://foo.bar.net/~/hello.txt
    and
       http://foo.bar.net/~hello.txt
    mean the same thing (the hello.txt file in the "home directory"


    • INHOUSEIPS: Automatically grant client priviliges by IP address.
    You can automatically grant client privileges to a sets of IP addresses.

    The syntax of each entry is:
       numeric_ip priv_list

    where:
    numeric_ip a dotted numeric IP address. Not a domain name!
    The numeric_ip may contain * wildcards for one or more octets.
    Thus, the following is okay:
       195.21.5.*
    But the following is not okay:
       195.21.5.8*
    priv_list optional. A set of privileges to grant clients from this IP_ADDRESS

    Notes:

    • The IP address MUST be numeric, and can contain * wildcards
      If you are using the on-line configurator, you can enter domain names -- the configurator will automatically convert them to IP addresses
    • On multi-host systems...
    • numeric_ip should be prefaced with a host_Nickname, followed by a //.
    • If you don't, the INHOUSEIPS entry is assumed to apply to the "generic" host".
    • If you use *//ipaddress .., then the entry applies to all hosts.
    • The order of match comparisons is as follows, with later steps taken only if earlier steps fail.
      1. Exact comparison to host-specific entries
      2. Wildcard comparison to host-specific entries
      3. Exact comparison to all-host entries
      4. Wildcard comparison to all-host entries
    • You can append a list of additional client privileges after the ip address. Note that matches always get an INHOUSE privilege.
    • On a multi-host sytem, you should preface the "a_sel" with the host_Nickname, followed by a //. If you don't, the INHOUSEIPS entry is assumed to apply to the "generic" host".
    • If you use *//IP_ADDRESS .., then the entry applies to all hosts.
    • The order of match comparisons is as follows, with later steps taken only if earlier steps fail.
      1. Exact comparison to host-specific entries
      2. Wildcard comparison to host-specific entries
      3. Exact comparison to all-host entries
      4. Wildcard comparison to all-host entries
      5. If all of the above fail to yield a match, the client is not an inhouse IP.
    • Appendix IV of the sreLite2 manual has more details on how sreLite2 uses INHOUSEIPS to control access.

    Examples:
       inhouseips=191.22.31.* US
       inhouseips=www2//191.22.31.41 ME US
       inhouseips=*//192.168.0.* INTERNAL1

    ; ; LOAD_ADDON:
    LOAD_ADDON: Load addon into macrospace for quicker execution
    A list of sreLite2 addons to load into macrospace. This saves execution time, and helps speed up throughput.

    Syntax: load_addon= addon_name addon_file
    where:
    addon_name The selector that invokes the addon. Do NOT include a ? and what may follow a ?
    addon_file File containing the addon (fully qualified, or relative to the ADDON directory)

    Examples: 

           addon_name= statusl addon/statusl.cmd
       addon_name= system/optscfg addon/system/optscfg.cmd
       addon_name= the_score  f:\games\state2.cmd

    Note:

    • Addons, once loaded to macrospace, are not automatically updated when the underlying file changes. They will be updated on a reset.


    LOGIT: Record entries in a common log file.
    LOGIT controls how much information to write to the common log file
  • 0 = do NOT record requess
  • 1 = record using a short format (no ?string, no http/1.x)
  • 2 = record using a long format (the entire request string)
  • 3 = same as 2, and also record User-Agent and Refer: information.

    • Notes:

    • LOGIT can be overridden by a "do_log" item in SEL_REQUIRES entry.
    • The add_hostnickname parameter, in SREL_INI.RXX, also effects the format of the commonlog file

    Example:
       logit=1


    NOT_FOUND_FILE: A 404 response file
    NOT_FOUND_FILE, if not equal to 0 or '', is the name of a file.
    This file will be used instead of the generic 404 "not found" response.

    Do not include a path--sreLite2 will use a file of this name in the requested-files "own directory", or in the SRELITE2 working directory (i.e.; in x:\SRE2002\SRELITE2).

    If this file ends with one of the ssi_extensions, server side includes will be attempted.

    To suppress this (and use a generic message), set NOT_FOUND_FILE=0

    Example:
       not_found_file=notfound.sht

    Note:

  • notfound.sht, that is shipped with sreLite, is an example of a simple "not found" response file.

    • SPECIAL FEATURE:

    If you specify not_found_file=!procname, then sreLite2 will call procname as an external procedure. This procedure should construct a properly specified html document, and return it (as a string variable) -- sreLite2 will then transfer this response to the client (as a text/html mime type).

    An example of this is MTCHFILE.CMD -- MTCHFILE.CMD will look for "similar" file names in the requested directory, and return a linked list to the best matches.

    For details on what arguments are passed, please see MTCHFILE.CMD.

    Examples:
       not_found_file=0
       not_found_file=notfound.sht
       not_found_file=!mtchfile.cmd

    POST_FILTER: A procedure to call after responding to a request
    After the request has been responded to, you can call a special "post-filter" procedure. This post-filter procedure can be used for logging (say, as a substitute for the commmon log file), or for other purposes.

    0 no post filter
    procname name of an external procedure that sreLite2 will call -- this should be the name of a .CMD file located in the SRELITE2 working directory (i.e.; x;\SRE2002\SRELITE2).

    The post-filter procedure will be called with the following variables:

  • request,source,sel,reqnum,clientname, user,afile,rcode,HostNick,id_info

    • Where:
    request the SRE2002 "request" variable
    source the SRE2002 "source" variable
    sel the SRE2002 "selector" variable
    reqnum the transaction/request number
    clientName client's name
    user client's sreLite2 username
    aFile File returned to the client. This may be missing (as when a CGI-BIN script is requested)
    rCode result code; the http response code followed by the # of bytes sent (i.e; "200 15125")
    hostNick "host nickname" of the host-server recieving this request
    id_Info a parameter that can be used in some sre2002 function calls.

    Examples:
       post_filter=0
       post_filter=POSTMAIL.CMD

    Notes:

    • See POSTFILT.CMD for an example of a post-filter procedure.
    • sreLite2 ignores whatever the post-filter procedure returns.



    RECORD_ALL: Records number of request, by URI
    RECORD_ALL is used to a running count for all requested selectors.

    These counts will be kept in the srelite2\data\requests.cnt file.
    Each record in this sre2002 data series will contain a uri (domain name and selector), the number of times this has been requested, and the time and date of the most recent request.

    • RECORD_ALL=0 Do NOT keep this running count
    • RECORD_ALL=1 Keep a running count of all requests, but strip off anything after a ?.
    • RECORD_ALL=2 Same as 1, but do NOT strip stuff following a ?. This can lead a lot of trivial (1 hit) entries, so it should be used with care.

    Notes:

  • Contrasting the HITS.CNT REQUESTS.CNT files:
    • REQUESTS.CNT tracks all URIs
    • HITS.CNT only tracks html documents that contain a <!-- REPLACE HITS --> element.
  • Requests that SRE2002 satisfies from its request cache are not recorded in REQUESTS.CNT (you can use the CACHEHIT.LOG facility of SRE2002 to record these "proxy-like" response by SRE2002).

    • REALM: Define a realm name
    Realm name, displayed on client's authorization screen

    Note: REALM can be overridden by a "arealm" item in SEL_REQUIRES entry.

    Example:
       realm=Our site

    SSI_EXTENSIONS: List of server side include extensions.
    SSI_EXTENSIONS is a space delimted list of extensions (without the leading period). When a request selector ends with any of these extensions, the underlying resource (the file assoicated with this selector) will be processed for server side includes (SSIs).

    Example:
       ssi_extensions=SHTML SHT

    SUPERUSERS: Define a list of superusers.
    Space delimited list of "superuser" ip addresses.
    • If you enter these directly into SRELITE2.CFG, then you must use dottted numerical addresses
    • If you are using the sreLite2 on-line configurator, you can enter domain names -- the configurator will automatically convert them to IP addresses
    • Wildcards (*) can not be used.

    Examples:
       superusers=
       superusers=191.121.55.2

    SEL_REQUIRES : Selector specific access requirements
    Selectors are compared to a set of SEL_REQUIRES entries.
    The best match is used, where * can be used as a wildcard.

    Each entry should have the following syntax: 

              

sel_requires=a_sel priv_list,quickfile,no_log,realm
    where:
    a_sel a candidate selector, which may contain * wildcards. The selector (requested by the client) is compared against each of these candidate selectors
    priv_list a space delimited list of privileges. The client must have at least one of these privileges. There are two special privileges, that should always be used by themselves (with no other privileges)
    * any privilege will do -- all client needs is a valid username and password)
    0 : no privileges required -- access to this is NOT controlled.
    quickfile Optional (it MUST follow a comma). A fully qualified filename (that contain * wildcards). If specified, this file is immediately returned to the client (with possible wildcard substitutions).
    no_log Optional (it must follow a comma).
    If 1, then do NOT log this request.
    realm Optional realm name (it must follow a comma). This will be displayed on the client's authorization screen.

    Notes:

    • You CAN include (multiple) * wildcards in a_sel
    • On multi-host systems...
    • a_sel should be prefaced with a host_Nickname, followed by a //.
    • If you don't, the SEL_REQUIRES entry is assumed to apply to the "generic" host".
    • If you use *//asel .., then the entry applies to all hosts.
    • The order of match comparisons is as follows, with later steps taken only if earlier steps fail.
      1. Exact comparison to host-specific entries
      2. Wildcard comparison to host-specific entries
      3. Exact comparison to all-host entries
      4. Wildcard comparison to all-host entries
    • Use of a quick_file implies a priv_list of 0. In fact, it's even stronger -- NO further checks are done.
      Note that quick_file is ONLY used for simple file transfer -- in particular, ssi is NOT attempted, and scripts are NOT processed.
    • sel_requires are compared against original request string (before aliasing)
    • an empty priv_list implies a priv_list of 0.
    • If no match occurs, then the value of default_requires is used.
    • Appendix IV of the sreLite2 manual has more details on how sreLite2 uses SEL_REQUIRES to control access.

    Examples: 

       sel_requires= /* 0  
   sel_requires= /samples*  * , , ,Sample Realm 
   sel_requires= /status.txt priv1  
   sel_requires= /imgs/* 0 , G:\www\imgs\* , 1  
   sel_requires= /imgs/ 0  
   sel_requires= /imgs 0  

   sel_requires=host2//samples*  * 
   sel_requires=host2//private  INHOUSE                                        
 
   sel_requires=*//SYSTEM/*?* SUPERUSER

    VERBOSE: Status message.
    Status message verbosity.
    • 0 = few messages
    • 1 = some messages
    • 2 = more messages

    HINT: to view these status messages, you should get PMPRINTF.EXE from: http://www2.hursely.ibm.com/goserve/pmprtf.exe

    Example:
       VERBOSE=1