IBM HTTP Server
The last days I analyzed an issue, that file uploads to HCL Connections via IBM HTTPServer stopped working on a fresh installed 6.5CR1.
Today I configured a Connections 7 and tried with it. I think that the official documentation is old in some important parts for the upload configuration.
First of all my IBM HTTPServer 8.5.5.18 is not 32-bit like the documentation tells us:
Last Update: Read in about 5 min
Today I got a call that a IBM HTTP Server stopped working after a reboot. The service starts and ends again after some seconds. In the error_log of IBM HTTP we found following messages:
Last Update: Read in about 1 min
You can log login errors within IBM Http Server.
One way would be to get use SetEnvIf, but then you can’t get the querystring of the error page. When you type a wrong password the URL changes from https://connectionshost/application/login/
to https://connectionshost/application/login/?error=true
.
SetEnvIf Request_URI "/login$" log
This set the environment variable to log, but when you read the Apache documentation you find:
The resource requested on the HTTP request line — generally the portion of the URL following the scheme and host portion without the query string. See the RewriteCond directive of mod_rewrite for extra information on how to match your query string
Last Update: Read in about 1 min
Preamble
Before i begin with my securing article, i want to say something on security on IBM Connections. Mainly i don’t like the thing, that IBM only support very special versions of software.
So we must use WebSphere 7.0.0.21, DB2 9.7.0.5, IHS 7.0.0.11 and so on. Each product had updates the last months and i think we won’t get support when we use other versions.
So i have to chances. On the first side i can update my software to limit vulnerabilities and get perhaps no support, or i will have vulerable software with support.
Just my 2 cent and i hope i will get answer, if i will get support with higher program versions.
Last Update: Read in about 2 min