This directory contains the source files for a DECthreads-based HTTP server.

Installation:
    First build the www_server executable, either by MMS with the descrip.mms 
    file or the build_xxxx.com command procedure.  The MMS command to do this
    build is:
		$ MMS/MACRO=TCP=xxxx

    where 'xxxx' is a code for the TCP package: UCXTCP, MULTINET, CMUTCP, TWGTCP

    Compile and link the script images using either the command 
    "MMS all" or the command procedure BUILD_SCRIPTS.COM.

    Verify that the server operates by invoking the HTTP_SERVER.COM with
    the following parameters:

	@HTTP_SERVER.COM RUN SYS$OUTPUT HTTP_SERVER.CONF 8000

    and then attempt to connect to the server (port 8000) using a WWW client.
    The demonstrations (vmshelp and nagel23a) will not work until the
    DECnet proxy access is set up properly, view the HTML file
    documents/serverinfo.html for hints on setting this up.

    It is strongly recommended that you run the server from a dedicated account
    in order to have better control over the process privileges and quotas.
    Note that running HTTP_SERVER from an account with a system UIC (group<8)
    implicitly gives the server SYSPRV privilege.

    Create a rules file for your site, using http_server.conf as a starting
    point.  The rules file format is similar to the CERN http server 
    format.  A summary of the rule file directives is included as comments 
    in the file http_server.conf.

Trouble shooting:

1.4a Releas notes:
    When using CMU TCP interface, convert ABORT status to ACP error code.

    Modified TLOGGER to include line length when reporting write errors.

    Zero-terminate error lines generated by SYS$GETMSG in DECNET_ACCESS.C.

1.4 Release notes:
    The server must now read a useable rules file when it starts or else it
    will exit.  This is to prevent the condition where the server starts
    successfully but rejects all requests due to a missing/invalid rules
    file.  For a rules file to be useable, it must contain at least 1
    catagory of 'pass' rule (pass, exec, userdir).

    Added additional logging for rule file processing at startup.  When log
    level is greater than 1, the name of the rule file and a summary line
    will be added to the log file.

    Fixed bug in the way send_response_header()  (file http_execute.c) that
    was causing invalid responses to SimpleRequests (version 0.9).  Also
    modified send_document to avoid re-directs on SimpleRequests.

    Modified Rule_file.c to make rule names case insensitive.  Made AddType a
    synonym for suffix.

    Modified cgilib.c to not decode query string, as per CGI spec.

    Added a couple of hacks for dealing with the cache.  First, a new script
    command was added so that a special script (invcache.com) will cause
    the server to flush it's cache.  Second, an additional argument was
    added to the http_server command line which will either inhibit caching
    on the http port or listen on a second port with has caching inhibited.
    (setting cache size to zero is slightly more efficient that using
    the second argument to inhibit the caching).

    Added access control to server, configured with the following new
    rule file directives:

	Authenticator image
	    Specifies the authentication support image for verifying access
	    rights for protected files.  If a requested file matches a 
	    protect rule template, the server asks the authenticator (running
	    in a sub-process) whether the access is to be permitted and
	    accesses the file only if the authenticator responds affirmatively.

	defprot template setup-file
	hostprot template [setup-file]
	protect template [setup-file]
	    These rules are used to specify access control for served files.  
	    The defprot rule defines a default setup file should a subsequent
	    matching hostprot or protect rule omit one.  The hostprot rule
	    causes level 1 access checks to be applied to the matching files
	    while the protect rule causes level 2 access checks to be performed.
	    The setup file is in the same format as the CERN servers protection
	    setup files.
	        Level 1 access checking restricts access based solely on
	    the host address of the requesting client, only maskgroup items
	    of form "@ip-address" in the setup file are recognized (address 
	    may contain wildcards).  Level 2 access checking is the full 
	    CERN-style access checks, with user-groups and ACLs being checked.
	    The advantage of level 1 is that it is processed internally by
	    the server,  level 2 requires the server to make a round trip
	    to the authenticator to perform the access check.

    Modified http_server.com to attempt to define http_default_host if
    undefined (only works for UCX, possibly for Multinet).

1.3 Release notes:
    Fixed support for *.* and * rule file suffix directives.  The
    algorithm works as follows:
	If suffix of target file has no corresponding rule, default to text/html.
	else take highest quality representation that client has sent accept
	     header for, matching if client accept */*.
	else take highest quality rep. that client accepts for any *.* suffix
            entries in rule file.

    Modified send_document.c to send headers for HEAD requests even if
    client would not accept data type.

    Enhanced script support.  Added utility routines for CGI programs.
    Added <DNETID> and <DNETXLATE> tags to script protocol.

    wwwexec.com now quotes the arguments to the script programs, so URLs
    will be in uppercase (VAXC RTL was changing arguments to lower case).

    Added index_search program.  If a search directive is present in
    the rules file, general searches will cause wwwexec to run this
    program.

    Modified decnet_execute.c to support node:: prefix for exec rule file
    directive.  See comments in http_server.conf for description.

    Added support for "userdir subdir" rule file directive.  When present in 
    the rule file, URLs of form /~username/... will be passed with ~username
    replaced with "defdev/defdir/subdir" where defdev/devdir are the 
    username's login directory.  Note that the HTTP_SERVER image must
    be installed with SYSRPV privilege in order to read the system
    authorization file (the program disables the privilege except when
    call SYS$GETUAI).

1.2A Release notes:
    Made minor changes to rule_file.c and file_access.c to compile properly
    under DEC C 1.3 on AXP.

1.2 Release notes:
    Server code as been fixed to compiled cleanly on OpenVMS AXP (DEC C compiler)
    with no switches.

    The server now opens the latest version of the log file when it flushes
    rather that the same one continually.

    The example configuration file has been renamed from sample.conf to
    http_server.conf, which is the default file used by http_server.com.

    The distribution includes example html files which are pre-configured
    in http_server.conf so that server operation may be verified by 
    invoking the command procedure http_server.com.

    The server now supports the redirect rules file directive, which allows
    you to statically redirect a client request to a different URL.

    The mapimage.c script now uses direct RMS calls for DECnet communication
    rather than unixio calls.  No functionality has changed, it was just
    easier to write a new module (scriptlib.c) than to coerce both VAXC
    and DECC RTL into dealing properly with zero length records.

    The htbin direct has been superceded by the exec directive, for
    compatibility the server auotmatically maps htbin directives into the
    equivalent exec directive.  *IMPORTANT*: Since htbin is now effectivly
    a mapping rule rather than a post translation test, its placement
    in the rules file affects the results.  For example, the lines:

	    htbin some$disk:[bin_dir]
	    map /htscript/* /htbin/*

    must be reordered.

    The server now supports the CMU TCP/IP package.

1.1 Release notes:
    The server now supports the native Multinet TCP/IP interface.  Build
    the server with "MMS/MACRO=TCP=MULTINET".

    The rules file nows supports an optional result mapping on the pass
    directive.

    Script support has been extended.  If the htbin directive is in the
    server configuration file, script names (command procedures and
    images will be run from DECnet tasks).  Two example scripts are provided,
    VMSHELP.COM and MAPIMAGE.C (mms mapimage.exe).  Note that if a script
    outputs a redirection (tag DNETCGI) with a relative URL (no scheme or 
    host), it may only specify a file and cannot invoke another script
    (/htbin).  See the file WWWEXEC.COM for more details.


1.0 Release notes:
    The rules file currently supports the map, pass, fail, suffix,
    htbin, and search directives.  Wildcard support is limited to astericks
    as the last character.  See comments in sample.conf for details.

    The infrastructure to support search and htbin scripts is in place
    but actual programs to use this program are not yet implemented.
    The server executes scripts as a decnet object defined by the environment
    variable/logical WWWEXEC (default 0::"task=WWWEXEC").  See comments
    WWWEXEC.COM for a description of the interface and examples of it's use.

    For requested URLs that end in "/", the server first searches for
    an index.html file in that directory and returns it if found.  If
    no index.html is present, the server returns an HTML list of the
    directory with links to every file.

    The server supports an in-memory cache (configured with HTTP_CACHE_SIZE)
    for small documents.  Only documents less that 4096 bytes is size are
    cached.  To invalidate the cache on a running server, telnet to the
    HTTP port and enter the command "INVCACHE / HTTP/1.0" and hit return
    twice.  Disable the cache by setting HTTP_CACHE_SIZE to zero in the
    HTTP_SERVER.COM command procedure.


David L. Jones               |      Phone:    (614) 292-6929
Ohio State Unviversity       |      Internet:
1971 Neil Ave. Rm. 406       |               jonesd@kcgl1.eng.ohio-state.edu
Columbus, OH 43210           |               vman+@osu.edu
