Professional Documents
Culture Documents
Information Server
Gibraltar Registry Configuration
Murali R. Krishnan
John F. Ludeman
Introduction:
Microsoft Internet Information Server (Gibraltar) consists of WWW, Gopher and FTP
services. The services are configured using Internet Service Manager. The servers
store all the parameters in the registry on the server machine in human-readable
format. The servers also use several additional configuration parameters in the
registry. The configuration is stored in two parts - per service component and a global
component. In this document, we describe the configuration of both per service and
global registry entries that may be of interest.
Location
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\InetInfo\Parameters
ListenBacklog REG_DWORD
Range: 1 - 250 Default: 25
Description: ADMIN CONFIGURABLE
This specifies the winsock listen backlog for each IP address the server is listening
on. If many connections per-second are being received, the winsock listen backlog
may become depleted and client’s connections will be refused. Servers under heavy
load may want to set this value to around fifty.
BandwidthLevel REG_DWORD
Range: 0 - 0xFFFFFFFF Default: 0xFFFFFFFF
Description: ADMIN CONFIGURABLE
This specifies the amount of bandwidth on network that the Gibraltar server can use.
The server comes with an automatic bandwidth throttler which makes intelligent
decisions to meet user requirements. This helps to reduce overloading the network
too much of Gibraltar server activities. For administrators of small corporate servers,
where a single server is used for multiple sites, this will help to reduce network usage
for Gibraltar servers. It is recommended that this parameter be set from Internet
Server Admin Manager. Otherwise the server should be stopped and restarted for
this value to take effect. A special value of 0xFFFFFFFF means do not do any
throttling.
MemoryCacheSize REG_DWORD
Range: 0 - 0xFFFFFFFF Default:: 10% of Physical Memory
Description: CONFIGURABLE
Gibraltar server caches system handles, directory listings, and several blobs of
frequently used data to improve performance of the system. This parameter specifies
the amount of memory in bytes to allocate for such a cache. This cannot be
configured using admin manager. When changed, the server should be stopped and
restarted for this to take effect. A special value of 0 means do not do any caching.
The performance may be low when caching is shut out. Certain sites experiencing lot
of file traffic can increase this size if there is sufficient RAM on the system.
DisableMemoryCache REG_DWORD
Range: 0-1 Default:: 1 (PWS) 0 (IIS)
Description: CONFIGURABLE
Disables Gibraltar server caching. This cannot be configured using admin manager.
When changed, the server should be stopped and restarted for this to take effect.
ObjectCacheTTL REG_DWORD
Range: 0 - 0x7FFFFFFF, 0xFFFFFFFF Default:: 30 seconds
Description: INTERNAL ANALYSIS
2
..
..
..
Objects in.
.the Memory Cache will be phased out of the cache if there have been no
.
references to an object after this period. If the number of data files is limited or
clients only access a small portion of files, increasing this value may be of benefit
(perhaps on the order of fifteen minutes). A value of 0xFFFFFFFF disables the
object cache scavenger. Units is: Seconds.
UserTokenTTL REG_DWORD
Range: 0 - 0x7FFFFFFF Default:: 15 * 60 (10 Minutes)
Description: INTERNAL ANALYSIS
When a request is made to the server, the security credentials for the request (or the
configured anonymous user) are used to create a user token on the server which the
server impersonates when accessing files or other system resources. The token is
cached so the NT logon only takes place the first time the user accesses the system
or after the user’s token has fallen out of the cache. NTLM authentication tokens are
not cached. Units is: Seconds.
LogFileBatchSize REG_DWORD
Range: 1200 - 0xFFFFFFFF Default:: 64*1024 (64 KB)
Description: CONFIGURABLE
This specifies the batch size for writing log file. The server caches the last
LogFileBatchSize bytes of data in memory buffers before it dumps the current buffer
and move onto next buffer. Such batch processing reduces the amount of disk traffic
created by log files. However, if a site is interested in getting the current-up-to-date
log records flushed to disk the batch size can be reduced. For release 1.0 of Gibraltar
servers, set this parameter to at least 1200 bytes. For release 2.0 the minimum value
can be 0. Otherwise the services will crash.
LogFileFlushInterval REG_DWORD
Range: 120-0x7FFFFFFF, (0xFFFFFFFF) Default:: 300 (seconds)
Description: CONFIGURABLE
This specifies the interval for flushing out log file. The server periodically wakes up at
the specified interval and flushes the cached log data to file system. Such periodic
flush provides a way for the log records to be available on the file in a system that is
used with low frequency. Setting this value to INFINITE (0xFFFF FFFF) disables the
periodic flushing. Units: seconds
MaxPoolThreads REG_DWORD
Range: 0 - 0xFFFFFFFF Default:: 10
Description: INTERNAL ANALYSIS
MaxPoolThreads specifies the number of pool threads to create per processor. Each
pool thread watches for the network request and processes the same. Generally it is
not good to create more than 20 threads per processor.
PoolThreadLimit REG_DWORD
Range: 0 - 0xFFFFFFFF Default:: 2 * # MB
Description: INTERNAL ANALYSIS
PoolThreadLimit specifies the maximum number of pool threads that can be created
in the system. Each pool thread watches for the network request and processes the
same.
MaxConcurrency REG_DWORD
Range: 0 - 0xFFFFFFFF Default:: 0
Description: INTERNAL ANALYSIS
This specifies the amount of concurrency that a system should provide. We use
completion ports for handling IO. In general it is not good to have more than one
ThreadTimeout REG_DWORD
Range: 0 - 0xFFFFFFFF Default:: 24*60*60 (24 hours)
Description: INTERNAL ANALYSIS
This specifies the amount of time an IO processing thread should be maintained
even if there is no IO on the system. In general when there is no IO activity and no
requests outstanding the server is idle and does not consume memory. But if that
situation prolongs and exceeds the ThreadTimeout interval, then the thread is killed.
Unit is: seconds.
UseAcceptEx REG_DWORD
Range: 0, 1 Default:: 1
Description: INTERNAL ANALYSIS
Starting with NT 3.51 SP2 we have a new facility to listen and establish connections
at the server side. AcceptEx() provides a cheap way to accept and receive initial
chunk of data on a new incoming connection. By default the server uses this method
to accept new connections. If for experimental purposes one decides to turn off using
this fast IO path, then this value can be set to 0. However, setting to 0 may cause
potential performance degradation.
AcceptExOutstanding REG_DWORD
Range: 0-1000 Default:: 40
Description: INTERNAL ANALYSIS
When using AcceptEx(), certain number of sockets should be maintained to receive
and process new connections. This parameter specifies the number of such
outstanding connections to maintain. Whenever the number of outstanding sockets
fall below this range, the server adds additional sockets to bring it back to this level.
AcceptExTimeout REG_DWORD
Range: 0-0xFFFFFFFF Default:: 120
Description: INTERNAL ANALYSIS
This specifies the time an accept ex socket is allowed to be waiting for a receive to
complete, before the server blows away the long-waiting connection. This helps to
reduce the number of outstanding sockets and hence conserve the system memory
usage. Units: seconds.
UseTransmitFile REG_DWORD
Range: 0-1 Default:: 1
Description: INTERNAL ANALYSIS
This allows the user to disable the use of transmit file by the server. This is useful
especially for the NTW version when users have more than one remote client
connected over slow link since TransmitFile can tie up resources in the system during
sends.
NonTFBufferSize REG_DWORD
Range: 512 - 64K Default:: 4096
Description: INTERNAL ANALYSIS
This is used when transmit file is disabled using the UseTransmitFile registry key.
This allows the user to control the size of I/O buffers being used in the system.
4
..
..
..
..
MimeMap
Description:
. Key
CONFIGURABLE
This is a sub key that contains all of the mime mappings for the Web and Gopher
servers. Note that each mime type is a REG_SZ with the type information as the
name of the value with an empty value. The format for each entry is:
<mime-type>,<file-extension>,<unused>,<gopher-type>
For example:
image/gif,gif,,5
In this example, when clients ask the web server for a file then ends in an extension
of “.gif”, the mime type returned to the client would be “image/gif”.
MinFileKbSec REG_DWORD
Range: 1 - 8192 Default: 1000
Description: CONFIGURABLE
When an IIS server sends a file to the client, a timeout is established for how long the
server will allow the transfer to continue before aborting it. The timeout chosen is the
maximum of : 1) The Connection Timeout specified in the admin tool and 2) The size
of the file divided by the value specified as MinFileKbSecs. For example, a file size
of 100kb would be given a timeout of 100 seconds or the Connection Timeout if it is
greater. Note the registry name is misleading, the value is in bytes, not kilobytes as
the name might imply.
DebugFlags REG_DWORD
Range: 0 - 0xFFFFFFFF Default:: 0
Description: INTERNAL ANALYSIS
This value specifies bit mask for selectively enabling different checks in a debug
binary of the server common dll (infocomm.dll). This bit mask applies to the common
dll only.
where ServiceName is
AdminName REG_SZ
Range: String Default:: Administrator
Description: ADMIN CONFIGURABLE
Specifies the user friendly administrator name. Gopher service uses this name to
send back responses for Gopher+ queries. It also serves as a way of identifying who
owns a service using IIS manager.
AdminEmail REG_SZ
Range: String Default:: Admin@corp.com
Description: ADMIN CONFIGURABLE
Specifies the email address for administrator of a particular service. Gopher service
uses this name to send back responses for Gopher+ queries. It also serves as a way
of identifying who owns a service using IIS manager.
ServerComment REG_SZ
Range: String Default:: “”
Description: ADMIN CONFIGURABLE
Specifies a user-friendly comment for a service. This information is supplied to the IIS
manager and is used to add configurable comment about a server.
EnableSvcLoc REG_DWORD
Range: 0, 1 Default:: 1
Description: CONFIGURABLE
IIS Services register themselves with a service locator so that the service can be
discovered by administrative utility and clients. This parameter controls such
registration. If it is set to 0, then the service will forego registration of the service.
6
..
..
..
Otherwise.
. it registers the service for service location. Administrators planning on
.
having a private server should consider setting the value of this parameter to 0.
Authorization REG_DWORD
Range: 0-7 Default:: 0x1
Description: ADMIN CONFIGURABLE
This bit mask specifies what types of authentication a service requires. Note that the
different services have different capabilities so not all of the values are used for each
of the services.
AnonymousUserName REG_SZ
Range: String Default:: Guest
Description: ADMIN CONFIGURABLE
This specifies the name of the local user account to use for anonymous users. Server
impersonates as a particular user to access the files so that file system security
model is leveraged. This parameter should not be changed by itself. It should be
configured using the IIS Admin Manager so that the appropriate password can also
be set. The password is stored in protected area in the registry.
ConnectionTimeOut REG_DWORD
Range: 0-0xFFFFFFFF Default:: 600 seconds
Description: ADMIN CONFIGURABLE
Specifies the time the server should hold on to a connection when there is no activity
on the same. Server automatically disconnects long hanging connections. Units:
seconds.
LogFileDirectory REG_EXPAND_SZ
Range: String Default:: %systemroot
%\system32\logfiles
Description: ADMIN CONFIGURABLE
This string specifies the directory in which log files are to be stored. Each service
generates a log record for each request processed.
LogFilePeriod REG_DWORD
Range: 0,1,2,3 Default:: 1
Description: ADMIN CONFIGURABLE
This specifies an internal value for request logging module. The value specifies the
type of log files to be produced.
LogFileTruncateSize REG_DWORD
Range: 0-0xFFFFFFFF Default:: 4,000,000,000
Description: ADMIN CONFIGURABLE
LogSqlDataSources REG_SZ
Range: String Default:: “”
Description: ADMIN CONFIGURABLE
This string specifies the name of the ODBC data source to use for sending the
request logs for the service to a SQL compatible database system. This data source
should be a system DSN in the ODBC installation on server machine.
LogSqlTableName REG_SZ
Range: String Default:: “”
Description: ADMIN CONFIGURABLE
This string specifies the name of the ODBC table name use for sending the request
logs for the service to a SQL compatible database system. The table should be
created by the administrator as per the specification provided with the services. The
user should also have proper access permissions to insert into table.
LogSqlUserName REG_SZ
Range: String Default:: “”
Description: ADMIN CONFIGURABLE
This string specifies the user name to use for talking to the ODBC data source
specified for ODBC based logging. This user should be a valid user on the database
system to which the LogSqlDataSource is pointing to.
LogSqlPassword REG_SZ
Range: String Default:: “”
Description: ADMIN CONFIGURABLE
This string specifies the password to establishing an ODBC connection for a
particular user account on the ODBC data source. Currently the password is stored
as a clear text. This may change in the future.
LogType REG_DWORD
Range: 0, 1, 2 Default:: 1
Description: ADMIN CONFIGURABLE
This value specifies the type of logging desired. The type specifies the destination of
log files.
0 No logging
1 Log to files
MaxConnections REG_DWORD
Range: 0 - 0xFFFFFFFF Default:: 2000000000
Description: ADMIN CONFIGURABLE
This value specifies maximum number of simultaneous connections that server
allows at any given time. When the number of current connections exceeds this
value, the service rejects the request. It sends a friendly message if possible.
VirtualRoots Key
8
..
..
..
..
Description: . ADMIN CONFIGURABLE
This is a sub key that contains all the virtual roots for a service. Each virtual root is a
REG_SZ value under the key and has the following form:
Where:
Root Name: This is the name of the virtual directory as it would appear in an URL.
For example “/scripts” or “/specs”. A root name of just “/” is considered to be the
home root that will be used if no other roots match.
Host Address: The Host address is an optional field that indicates the server IP
address this virtual root is associated with. By specifying a host IP address, multiple
logical servers can be setup on a single machine. If a host address is specified, then
only clients making requests on this IP address will see this virtual root.
Physical Path: The physical path the Root Name should point to. For example
“c:\wwwroot” or “\\server\share”. In the latter case where a UNC is specified, a valid
username and password must be specified.
User Name: Only used if Physical path is a UNC share; specifies the user context
to connect and impersonate as when accessing files over this virtual root. Note the
password is kept in a protected part of the registry and must be set using the admin
tool.
Access Mask: This item is a single hex character bitfield that specifies what
operations are allowed on this root. The mask is not used by the Gopher server since
only Read operations are ever performed. Note this mask has no influence on any
NTFS ACLs that might be on the files. File ACLs must grant the appropriate
permissions in addition to setting the appropriate value on the virtual root. The
values for the bitfield are:
The servers always match the longest virtual root first, thus “/123/567/89” will match
“/123/567” before it matches “/123”. The home root (“/”) always matches last. Virtual
roots with host IP addresses always match before roots without host addresses.
Where:
IP Network Subnet Mask: Is the subnet mask of the network IP Network Address
belongs to
For example:
255.255.255.255 101.12.15.63=
The incoming IP Address is “Anded” with the IP Network Subnet Mask, then
compared for equality with the IP Network Address. This allows for a range of IP
addresses or a specific IP address to be denied access.
DefaultLogonDomain REG_SZ
Range: String Default:: “”
Description: ADMIN CONFIGURABLE
This string specifies the default domain to be used to validate a clear text logon when
no domain is present in the user name field.
LogonMethod REG_DWORD
Range: 0, 1, 2 Default:: 0
Description: ADMIN CONFIGURABLE
Specified which logon method to use for clear text logons.
This allow a system administrator, by selecting 1, to give users access to IIS services
but deny them the right to log on locally.
Location
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\MSFTPSVC\Parame
ters
EnablePortAttack REG_DWORD
Range: 0, 1 Default:: 0
Description: CONFIGURABLE
Recently there was a security hole discovered in FTP service with passive connection
support. The hole is in the FTP protocol specification. By default the FTP service
allows passive connections to be established based on the port address given by
client. This can enable some hackers to use this facility to execute malicious
commands off the FTP service. The problem occurs when we request FTP service to
10
..
..
..
.. a port other than FTP Data port (20) and port number is less than
connect to .
IP_PORT_RESERVED (1024). This flag controls if such an attack should be allowed.
By default, the service does not make any connections to ports less than
IP_PORT_RESERVED (other than 20). If someone deliberately wants the old
behavior then this flag should be enabled.
ExitMessage REG_SZ
Range: String Default:: “”
Description: ADMIN CONFIGURABLE
Conventionally FTP Service sends back an exit message when a client sends a quit
command. This string specifies the exit message to be sent.
GreetingMessage REG_MULTI_SZ
Range: String Default:: “”
Description: ADMIN CONFIGURABLE
When a new user connects to the FTP Server, the server sends a friendly greeting
message detailing contents and administrative information. This string (multiple lines)
specifies the message to use for greeting the new client connections.
MaxClientsMessage REG_SZ
Range: String Default:: “”
Description: ADMIN CONFIGURABLE
When the current connection exceeds the MaxConnections specified for the service,
the service sends a friendly message to clients. This message is a single line
message provided in this parameter.
LogAnonymous REG_DWORD
Range: 0, 1 Default:: 1
Description: CONFIGURABLE
This flag controls if a log record should be written for anonymous connections. If set
to 0, no log records are written for anonymous connections. This is valid only for the
EventLog record that is written when an anonymous user logs on. The normal
request log is not affected.
LogNonAnonymous REG_DWORD
Range: 0, 1 Default:: 1
Description: CONFIGURABLE
This flag controls if a log record should be written for non-anonymous connections. If
set to 0, no log records are written for non-anonymous connections. Only FTP and
HTTP services have non-anonymous user support. This is valid only for the
EventLog record that is written when a non-anonymous user logs on. The normal
request log is not affected.
AccessCheck REG_DWORD
Range: <any> Default:: <any>
Description: CONFIGURABLE
This key is used for access check of incoming user connection. The server
impersonates as the logged on user and attempts to open the registry key for read
and write. If the key does not exist then read/write permissions are granted. If the key
exists then based on the access permission on the registry key, read and write
permissions are granted to the user. This feature is specifically useful for servers
which publish content on a FAT volume and hence do not have the rich security
features of NTFS. This is not a recommended approach to provide security owing to
poor manageability and performance.
AllowAnonymous REG_DWORD
Range: 0, 1 Default:: 1
Description: ADMIN CONFIGURABLE
This flag specifies if an anonymous user should be allowed to connect and make a
request to the server. By nature, most of internet protocols allow anonymous
connections to access limited set of files. Hence, it is essential to permit anonymous
connections.
AnonymousOnly REG_DWORD
Range: 0, 1 Default:: 0
Description: ADMIN CONFIGURABLE
Specifies if only anonymous connection should be permitted. If this flag is turned on
no non-anonymous connections are permitted (especially true of FTP server).
AnnotateDirectories REG_DWORD
Range: 0, 1 Default:: 0 (FALSE)
Description: CONFIGURABLE
FTP service supports annotating a directory with custom messages. The annotation
text should be stored in a special file named ~ftpsvc~.ckm under the directory. If
this file exists in the target directory of a Change Directory (CWD) FTP operation,
then the service responds with the contents of this file for the operation. This provides
a way for administrators to add custom messages for directories under consideration.
By default the service is configured to not send annotation text. If administrator
decides to add a custom message, the annotation file should be created as well as
this flag turned on. It is recommended to make the annotation file a hidden file so that
the file does not show up on a directory listing.
MsdosDirOutput REG_DWORD
Range: 0, 1 Default:: 1 (TRUE)
Description: CONFIGURABLE
This flag specifies the style of directory output for a LIST operation from an FTP
client. If the flag is turned on, the service generates a MS-DOS style directory listing.
If the flag is turned off, then the service generates an UNIX style listing. (Some clients
may break if they do not support MS-DOS style listing. For these and numerous
other reasons and administrator may consider turning this flag off. The downside is
that generation of UNIX style listing is costly operation and consumes more CPU.)
LowercaseFiles REG_DWORD
Range: 0, 1 Default:: 0 (FALSE)
Description: CONFIGURABLE
The service uses the native case for file names ( like what the file names are stored
in file system). However for exact comparisons with case-sensitive file systems
(NTFS provides an option, FAT is case insensitive) to work fine, it may be necessary
12
..
..
..
to ensure.
.proper file names are used. Administrators can turn on this flag to ensure
.
that the service uses lower case for such comparisons.
DebugFlags REG_DWORD
Range: 0 - 0xFFFFFFFF Default:: 0
Description: INTERNAL ANALYSIS
This value specifies bit mask for selectively enabling different checks in a debug
binary of the FTP service component (ftpsvc2.dll). The output is sent to the debug
terminal by default.
Location
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\GOPHERSVC\Para
meters
CheckForWAISDB REG_DWORD
Range: 0, 1 Default:: 0
Description: CONFIGURABLE
The Gopher Service uses WAIS tool kit to support gopher based searches. However,
Microsoft does not ship WAIS tool kit along with IIS server. This flag is used to specify
if search is supported and if the service should check for WAIS toolkit. If set to 0, the
DebugFlags REG_DWORD
Range: 0 - 0xFFFFFFFF Default:: 0
Description: INTERNAL ANALYSIS
This value specifies bit mask for selectively enabling different checks in a debug
binary of the Gopher service component (gopherd.dll). The output is sent to the
debug terminal by default.
Location
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\W3SVC\Parameters
AccessDeniedMessage REG_SZ
Range: String
Description: CONFIGURABLE
This is the message to send back to clients when they’ve been denied access to the
server. Often times this will be a short html document explaining how to gain access.
CheckForWAISDB REG_DWORD
Range: 0, 1 Default:: 0
Description: CONFIGURABLE
The HTTP Service can use the WAIS tool kit to support content based searches.
However, Microsoft does not ship WAIS tool kit along with IIS server. This flag is used
to specify if search is supported and if the service should check for WAIS toolkit. If
set to 0, the service does not support searches and does not look for wais tool kit. If
set to 1, then the service supports searches if waislook.exe is installed in the system.
NTAuthenticationProviders REG_SZ
Range: String Default:: NTLM
14
..
..
..
..
Description: . CONFIGURABLE
This value is a comma separated list of Windows NT Authentication providers the
server should advertise when a client has been denied access to a resource. Each
item in the list appears with the appropriate authentication header in the reply to the
client when access has been denied on a resource. The client is then responsible for
choosing the appropriate authentication scheme. This value is only used when the
“Windows NT Challenge/Response” authorization method is enabled.
Where:
Full Path to Script: This is the fully qualified path to the executable or ISAPI
Extension dll. If it’s a CGI application, two “%s” items may follow the binary. The first
%s will receive the PATH_INFO variable (text after the script but before the ‘?’ in the
URL), the second “%s” will receive the QUERY_STRING variable (text following the
‘?’ in the URL). This functionality has no meaning for ISAPI Extensions.
Note that if the PATH_INFO is blank in the URL, the server will supply the script path
as the PATH_INFO. That is, if a client asks for “/scripts/foo.pl?abc=xyz”, the server
will set the PATH_INFO to “/scripts/foo.pl” since the PATH_INFO was blank in the
original URL.
ScriptTimeout REG_DWORD
Range: 10 - 0x80000000 Default:: 900 (5 minutes)
Description: CONFIGURABLE
This value is the length of time the server will allow a CGI script to run without any
responses to the client. If the script fails to respond within this time period, the server
terminates the script and logs an event to the event log. This value only applies to
CGI scripts.
CacheExtensions REG_DWORD
Range: 0, 1 Default:: 1
Description: CONFIGURABLE
The default behavior of the web server is to load an ISAPI Extension when it is first
used and leave it loaded. For debugging purposes however, it is desirable to have
the ISAPI Extension unloaded after it is used so the server doesn’t need to be
stopped. Setting this value to zero will force the server to unload the extension after
it is run. This should only be used as a debugging aid.
ServerSideIncludesEnabled REG_DWORD
Range: 0, 1 Default:: 1
Description: CONFIGURABLE
The Server Side Include (SSI) functionality of the web server can be disabled to
optimize performance. Setting this value to zero will prevent the server from looking
for files that may be server side includes (that is, have the extension .stm). This may
be a desirable thing to do from a security perspective also.
ServerSideIncludesExtension REG_SZ
Range: String Default:: .stm
Description: CONFIGURABLE
This is the extension the server should do server side include processing on.
GlobalExpire REG_DWORD
Range: 0-0x80000000, 0xfffffff Default:: 0xffffffff
Description: CONFIGURABLE
The web server can send an “Expires” header for every static document requested by
clients. This can be used to invalidate intervening caches if the data on the server is
very time sensitive or to enhance caching if the data is very time insensitive. The
value for this registry is added to the current time and sent in an Expires header
along with the rest of the response headers to the client or intervening proxies.
Clients and proxies will be forced to check the validity of any cached items when the
are accessed beyond the expiration time.
CreateProcessAsUser REG_DWORD
Range: 0, 1 Default:: 1
Description: CONFIGURABLE
By default, CGI scripts are run in the context of the user making the request by
creating the process with the Win32 API CreateProcessAsUser. There may be some
16
..
..
..
instances.
.where it may be desirable to run the CGI script in the System context by
.
creating the CGI process with CreateProcess.
Note: This has serious security implications and should not be changed without
understanding the potential risk involved.
CreateProcessWithNewConsole REG_DWORD
Range: 0, 1 Default:: 0
Description: CONFIGURABLE
By default, CGI scripts are run in a detached process. There may be some instances
where it may be desirable to run the CGI script in a process with a new console, such
as when I/O redirection is used in the script. The process will then be created using
the CREATE_NEW_CONSOLE flag..
Note: This has serious performance implications and should not be changed without
understanding the slowdown involved.
SecurePort REG_DWORD
Range: 0 - 65535 Default:: 443
Description: CONFIGURABLE
This is the TCP port to use for SSL/PCT encrypted requests.
EncryptionFlags REG_DWORD
Range: 1-3 Default:: 3
Description: CONFIGURABLE
This bitfield specifies which encryption providers to enable. The value allows a
particular encryption protocol to be used. Currently, the only two valid values are:
By default, both are enabled. Note that PCT is not distributed in version 1.0 of the
Internet Information Servers.
ReturnUrlUsingHostName REG_DWORD
Range: 0, 1 Default:: 0
Description: CONFIGURABLE
Controls if the local computer domain name will be used in building an URL to be
returned to the HTTP client ( e.g. when a redirection indication is returned). By
default, the system will use the “Host:” header field if present else a string
representation of the addres of the local network interface on which the request was
received. If enabled and the server is not multi-homed, the local domain name will be
used if the “Host:” header field is not present.
AcceptByteRanges REG_DWORD
Range: 0, 1 Default:: 1
Description: CONFIGURABLE
Controls if the HTTP server will process the “Range” header for type “bytes:”. If
enabled, the server will signal that it is accepting range requests by sending the
“Accept-Range: bytes” header field, and will process incoming request specifying a
“Range: bytes=” header field according to the internet draft “Byte range extension to
HTTP”, dated 15-dec-95.
AllowGuestAccess REG_DWORD
PoolIDCConnections REG_DWORD
Range: 0, 1 Default:: 0
Description: CONFIGURABLE
This flag controls whether the Internet Database Connector pools ODBC connections
by default. This value can be overridden in the .idc file by using the
“ODBCConnection: Pool” or “ODBCConnection: NoPool” depending on whether the
default is don’t pool or pool, respectively. It is recommended pooling is controlled in
the .idc file.
PoolIDCConnectionsTimeout REG_DWORD
Range: 2 - 0x80000000 Default:: 30
Description: CONFIGURABLE
For ODBC connections that are being pooled, this is the time in seconds the
connection will be left open when not being used. After the timeout has been
reached, IDC will close the ODBC connection.
UploadReadAhead REG_DWORD
Range: 0 - 0x80000000 Default:: 48k
Description: CONFIGURABLE
When the client POSTs data to the server, this is the default amount the server will
read before passing control to the application. The application is then responsible for
reading the rest of the data. Increasing this size increases the amount of memory
required on the server.
Realm REG_SZ
Range: String Default:: Host Header or IP addr.
Description: CONFIGURABLE
This value supplies the realm value when the server requests a client to authenticate
because they were denied access to a resource when using Basic (Clear Text)
authentication. It appears in the browser’s username/password prompt.
LogSuccessfulRequests REG_DWORD
Range: 0, 1 Default:: 1
Description: CONFIGURABLE
This flag controls whether the web server writes successful client requests (i.e., HTTP
status code 200, 301 etc) to the log file.
LogErrorRequests REG_DWORD
Range: 0, 1 Default:: 1
Description: CONFIGURABLE
This flag controls whether the web server writes unsuccessful client requests (i.e.,
HTTP status code 401, 500 etc) to the log file.
AllowKeepAlives REG_DWORD
Range: 0, 1 Default:: 1
18
..
..
..
..
Description: . CONFIGURABLE
In some rare instances, it may be desirable to turn off “Connection: keep-alive”
negotiation with clients. Most clients support making multiple requests to the server
on a TCP session, this significantly decreases the workload on the server. Turning off
keep-alive negotiation will have serious performance implications and should only be
used in specific circumstances.
UsePoolThreadForCGI REG_DWORD
Range: 0, 1 Default:: 1
Description: CONFIGURABLE
Version 1.0 of the server started a thread to handle communication to and from CGI
process requests. In some CGI intense sites, this can cause an overload of threads
and bog down the system. 2.0 has changed this behavior and by default uses a
server pool thread to do CGI processing. This does mean CGI requests that take an
extended period of time can consume a server pool thread. Adjusting
MaxPoolThreads under ..\services\infocomm\parameters can be used to make
more pool threads available.