¹è³Ê´Â ÃÖ¼ÒÈ­ ½ÃÅ°½Ã¸é µË´Ï´Ù.

 
 
 

 

 

Apache Menual 

 

 

 °ü·Ã»çÀÌÆ® 
 ±¤°í ¹× Á¦ÈÞ ¾È³» 

[ »óÀ§ ÆäÀÌÁö ]

¡¡

Server4u
DHS
HTTPD
FTPd
Maild
DBE(SQL)

±âŸ Eserv ¼Â¾÷°ú »ç¿ë¹æ¹ý
  1. FTP Server
  2. Activity monitoring(¼­¹ö»óÅÂ¿Í ·Î±×)
    1. ¼­¹öÀÇ ÇöÀç »óÅÂ
    2. Log files
  3. Server access management
    1. Restriction of access from subnets  
    2. User access management  
    3. Safety provisions  
  4. Socket parameters  
  5. Interface languages  
  6. Plugins  
  7. Several Eserv copies on one computer

¡¡

FTP Server

 In Eserv, similarly to integration of the HTTP proxy and the HTTP Server, the FTP Server is combined with FTP-gate. By default they work at Port 3121.

Setup of the FTP Server is done in the section FTPserver and is in many respects similar to that of the Web Server. The default directory is ftproot. Virtual directories can be created.   (03.08.1999) 

Activity monitoring(¼­¹ö»óÅÂ¿Í ·Î±×)

ÇöÀç ¼­¹öÀÇ È°¼º »óÅ¿¡ ´ëÇÑ Á¤º¸¸¦ Á¦°øÇÕ´Ï´Ù. Eserv´Â ÀÚ½ÅÀÇ ¾²·¹µå(³»ºÎÇÁ·Î¼¼½º)ÀÇ ´ÙÀ̳«¹ÍÇÑ ¸ñ·ÏÀ» ¸¸µé°í ÀÚ¼¼ÇÑ ·Î±×¸¦ Á¦°øÇÕ´Ï´Ù. ·Î±× ÆÄÀÏÀº text/plain Çü½ÄÀ¸·Î ÀúÀåµÇ¾î ÀÖÀ¸¸é ¸Þ¸ðÀå°ú °°Àº ÇÁ·Î±×·¥À» º¼¼ö ÀÖÀ¸¸ç, ¶ÇÇÑ ¿ø°Ý¿¡¼­ À¥-ÀÎÅÍÆäÀ̽º¸¦ ÅëÇÏ¿© /admin/log.html ÆäÀÌÁö¿¡¼­ º¼ ¼öµµ ÀÖ½À´Ï´Ù.

¼­¹öÀÇ ÇöÀç »óÅÂ

 The current state of the servers includes a list of operating servers, a list of current connections to each of the servers and a list of other threads not associated with the servers (Scheduler thread, service management threads, interface servicing thread, etc.). This list is accessible for viewing in the interface section CurrentState/Threads. Each thread in the list has a name defining its type and assignment. For thread serving client connections, information on the connected client is shown, i.e. the client’s IP address and name (if the authentication protocol and the name verification phase have been completed).   (24.11.1999) 

Log files

 Log files are Eserv’s reports on work performed. As the server’s operation is factually “invisible? logs are the best way of monitoring its actions for the Administrator. Logs can be viewed as normal files (if viewed with the help of FAR, “live?monitoring of the process of addition of records by Eserv in the log is possible), or with the help of a browser through the Web interface.

Eserv saves logs in files with names of the type LOG\MMDDPROT.LOG, where MM is the double-digit month number, DD is the date, and PROT is the name of the server protocol that makes records in this log (http, ftp, socks, pop3, smtp, nntp) or the name of the service (sch: Scheduler log, eserv: Eserv’s basic flow log).

Records in a log look like text lines of the following format: hh:mm:ss nnn info, where hh:mm:ss is the time of the event, nnn is the serial number of the flow and info is a description of the event.

Eserv can keep logs of various levels of detailing. The existing levels and their assignments are: 

0 - minimum; the most important messages are entered only; 
1 - starts and stops of services are entered; 
2 - client connections are entered (only facts of connection); 
3 - connections and character of inquiries are entered; 
4 - creation of flows for clients are entered; 
5 - protocol details of work with a client program are entered; 
6 - transmitted information (except HTTP files) is entered; 
7 - transmitted HTTP and FTP information is entered.

The resolution (level of detailing) is set up in the field CommonSettings/LogFiles/LogLevel. Level 3 means log file record of events of levels 0,1,2 and 3.

Logs can be automatically deleted by Eserv when the age of a particular log exceeds the number of days set in the parameter KeepLogsDays. This is done by the Scheduler. If there is no such task in the Scheduler, Eserv will check the age of logs and delete old ones only at the moment of starting.   (24.11.1999) 

Server access management

 While managing servers located on PC’s connected to the Internet, it’s always worth to remember that a server connected to the Internet, regardless of the mode of connection (dialup or leased line), becomes a true part of the Internet, which, as well as giving access for this computer to external services in the Internet, also does the reverse, i.e. the server operating on this computer can be accessed by anybody from the Internet.

Eserv servers can be the objective of intruders as an intermediate vehicle for their traffic (proxy servers, SMTP Server, etc.) and as an information objects (NNTP Server, HTTP Server and FTP Server).

Access control facilities are provided for:

  • Prevention of unauthorised access to files (mailboxes, news groups, contents of the HTTP Server and the FTP Server);
  • Prevention of unauthorised access to Eserv services.
To gain access to a file or another information object on your computer (mail, news, etc.), an external user has to know the name or the IP address of this computer, the number of the port used by the service providing the means of file acquisition (FTP Server, HTTP Server, etc.) and the authentication information (normally, a name and a password) providing full access to this service.

Correspondingly, external user access can be limited in a number of ways:

  1. Making it thoroughly impossible to contact Eserv servers from any or some external networks, i.e. setting up the server for reception of connections outgoing only from the LAN (6.9.1).
  2. Granting access to a limited and known circle of users on the basis of name and password authentication (6.9.2).
  3. Making a part of the connection information unknown for external users, e.g. establishing non-standard port numbers (for more detail see 6.9.3.).
  (03.08.1999) 

Restriction of access from subnets

 Granting access to a limited circle of networks is a very simple and very steadfast method of protection against intrusion. Accepting a connection, any server from the Eserv set can find out the IP address of the connecting computer, check it with the table of permitted network connections, and if the IP does not belong in the authorised category, the TCP connection will be immediately interrupted by the server. In this case trial-and-error identification of the password, just as any other unauthorised action, is simply impossible, since the one thing needed for this is connection. These restrictions should equally apply to all servers, because if an external user has obtained full access to one of your proxy servers, he can obtain further access to any other of your servers, even if they are protected from external connections. This can take place since a proxy server makes further connections on behalf of its IP address, and in case of connection to local servers the address also looks as a LAN address, i.e. one permitted for connection.

In Eserv, subnet restrictions are applied to all servers in the set. Setup is done in the section CommonSettings/AccessRight/AllowAddressesConnection. The options include a list of network masks granted access to the services of the server.

For instance, if you wish to grant access to the services of a server only to clients from the local network, and IP addresses in your local network look like 10.1.1.*, you can add a mask

10.1.1.0 255.255.255.0

To do this, enter the string 10.1.1.0 255.255.255.0 in the editing field below and click the Add button. The default mask is 0.0.0.0 0.0.0.0 - access is granted to anybody.   (03.08.1999) 

User access management

 Eserv allows to restrict external access to any of its information objects:
  • Access to user mailboxes is granted to users (user programs) who have passed name and password authentication by the POP3 protocol;
  • Access to files on the FTP Server is granted to users who have past name and password authentication by the FTP protocol;
  • Access to news groups can be limited.
  • Access to files on the HTTP Server is granted to users who have past name and password authentication by the HTTP protocol;
After successful completion of the authentication stage, the user rights to take further actions are determined on the basis of the user rights of the groups in which this user belongs. The rights of a group are determined on the basis of a list of groups granted access to a certain information object (usually, a file).

For all Eserv servers the program keeps a general list of users and a list of groups. These lists are kept in the sections CommonSettings/Users and CommonSettings/UserGroups.

To add a new user, enter his or her name in the editing field and click the Add button or the New icon. Then go to the section of this user and enter their password and other attributes.

To add a group, enter its name in the editing field and click the Add button or the New icon. Then enter the created group and in a similar way add the names of the users included in this group.

Group access to specific objects is set in the section Access_Right/Objects. This section has the form of a list. Each element of the list describes attributes of a certain object and a list of groups granted access to it. Addition of elements in this list is done similarly to that in user and user group lists. Object - is a path to diectory. For example, wwwroot\admin\ - folder on the web-server. In the object section you can insert list of users of groups to whom access is granted or denied. If access is grantet to all server users (having own mailboxes) - you can specify AllUsers predefinded group. If for anybody (including extern users and users with wrong names:passwords) - the group 'All'.

In Eserv, some of the objects (mailboxes) have pre-set access and do not need to be set up, as the name of the object coincides with the name of the user. Access for other objects, i.e. directories and files on the HTTP and FTP servers, news groups and proxy servers, is set in the Setup Program.

There is no need to set access to objects not included in the terms of reference of Eserv. For instance, there is no need to define access to directories and files outside the wwwroot and ftproot directories and virtual directories, as Eserv does not grant access to files located beyond these anyway.

The name of group or user, who granted to access to this resource (object) is entered in the left side (Property field). In the right side you must enter the access code. Code is calculated by bit mask DLRWX. D- user have the rights to Delete object
L - rights to List object's content (FTP list, for example)
R - rights to Read object
W - rights to Write and create objects
X - rights to eXecute object (for script folders of the Web-server)
Examples:
All 1 - anybody can access this resource as script (run this script) - this is suitable for public cgi-bin directory.
All 12 - all users have rights to list and read folder contents. Suitable for 'pub' directory of anonymous FTP.
Administrators 30 - users from Administrators group have full access rights, including write and delete, excluding execute.

If you want to restrict users access to your Eserv HTTP-proxy, you can add the object "http://" and in the access list of this object add the list of users and groups, who granted the access. In this case browsers will popup dialog boxes for username and password to access proxy.

If you want to restrict access to newsgroups - add the newsgroups names in the objects lists and enter the access list. In this context right W means user can post messages to this group, and R - user can read the messages from newsgroup.

You can use wildcards ("*" and "?") in the object names.  (24.11.1999) 

Safety provisions

 You can limit intrusion attempts or simple curiosity of external users by increasing the number of unknown components on the way to your servers. Two of these components, the name and the access password, are used commonly. Not knowing the name and the password for access to the server, a cracker would have to apply exhaustive trial-and-error search. One more way of reducing the probability of intrusion attempt that can be recommended is to use non-standard port numbers for servers. As a rule, Internet-widespread network scanners used for search of poorly protected servers try to contact servers on the standard or commonly used Ports 21, 23, 25, 80, 110, 119, 1080, 3121, 3128 and 8080. Such automatic programs much less often scan ports. A port scanner may be launched by an abuser who does not just simply probes the network, but has become particularly interested in your PC. Having set non-standard port numbers you will introduce an additional degree of safety.   (03.08.1999) 

Socket parameters

 Socket parameters are set in the section CommonSettings/SocketParameters. Timeout is set for socket reading/recording operations in seconds. On expiration of the set time the server will automatically close inactive TCP connections. This applies to HTTP, FTP, HTTP&FTPproxy, POP3, SMTP, NNTP Servers and external connectors. This cannot be applied though to Socks and MAP servers, since it is impossible to set timeout for some of the protocols that may go through these universal proxies (e.g. telnet). The default is 600, i.e. 10 minutes. So, if the client has not given a command for over 10 minutes, or it has been impossible to send the next portion of data for 10 minutes, the connection will be closed on timeout (the log will show Error Code 10060).   (03.08.1999) 

Interface languages

¿ìÃø ÇÏ´Ü¿¡ Ç¥½ÃµÇ´Â Tip¿¡ ´ëÇÑ ¾ð¾î¸¦ CommonSettings/Interface ¼½¼Ç¿¡¼­ ÁöÁ¤ÇÒ ¼ö ÀÖ½À´Ï´Ù.

Eserv can support any number of interface languages. Translation into another language is done through translation of a simple text file containing Eserv messages. Persons and companies interested in translation of the interface and documentation into other languages are welcome to contact the developers.   (03.08.1999) 

Plugins

 Additionally to the already described Eserv facilitation by mail robots and CGI programs, Eserv allows to contact external program modules through an additional interface. As this interface is based on Eserv’s built-in programming language, it is possible to connect modules directly expanding the functional capability of Eserv servers without running EXE or DLL files. The same interface can be used for updating Eserv’s core.

To load a plugin, click the icon LoadPlugin, select the plugin file and click OK.

It is possible to use plugins, which will be autoloaded when Eserv started. These plugins must be saved to the plugin folder and have file name 'autorun*'.

So far, the Eserv plugin interface has not been described, and it is assumed that you will use the plugins offered by the Eserv developers. However, should other developers express interest, the interface can be uncovered in the future.   (24.11.1999) 

Several Eserv copies on one computer

ÇöÀç Eserv2.91¹öÀü±îÁö´Â ÇÑ´ëÀÇ ÄÄÇ»ÅÍ¿¡ ¿©·¯ Eserv ¼­¹ö ÇÁ·Î±×·¥À» ½ÇÇà ½Ãų ¼ö ¾ø½À´Ï´Ù.

CopyRight ¨Ï2000 XHutner All Rights Reserves. powered by Xhunter & designed by Twinsen