WebtoB 5 Fix#2

Added function to detect and process scaling in and out of WebtoB servers in the cloud environment.

$>wsadmin
--- Welcome to WebtoB Admin (Type "quit" to leave) ---
$$1 qpsx2 (wsadm) [2017-09-11T13:27:46]: cfg -d
    DOMAIN: Name = webtob1,
         DomainId = 0,
         MaxSvc = 512,
         NHthChkTime(nct) = 30,
         CloudFriendWebServers(cfws) = 1,
         CloudFriendJsvServers(cfjs) = 1,
         CloudConnectionBalance(ccb) = 50,
         CloudDasAddress = "192.168.1.1:9736"

Added 'wsdown -G' command to wait until all client FDs of an HTH are closed before shutting down the HTH. FDs are forcibly closed when timeout (seconds) expires.

$>wsdown -G 10

WSDOWN for node(qpsx1) is starting:
        WSDOWN: HTL downed: Fri Jul 20 04:14:04 2018
        WSDOWN: HTH downed: Fri Jul 20 04:14:04 2018
        WSDOWN: WSM downed: Fri Jul 20 04:14:04 2018
        WSDOWN: Graceful Down

WebtoB maintains the session count for each connected JEUS and redistributes the sessions when JEUS scales out. It uses session ID hashing on sticky sessions and distributes them evenly across JEUS servers, and then configures them as sticky sessions again.

Added communication protocol between WSM and DAS to allow auto scale event notification between WebtoB and JEUS in the cloud.

*DOMAIN
webtob1      CloudDasAddress = "192.168.1.1:9736",    #"$DASURL", $ENV
             CloudServiceGroupId = "group1"

Related issue: IMS-149295

Added this setting to support a 2048bit Diffie-Hellman group.

$>wbssl dhparam -out dhparams.pem 2048

*SSL
ssl      ...
            DHParameter = = "$(WEBTOBDIR)/ssl/dhparams.pem"
         ...

Related issue: IMS-123759

Added this option to exclude "Allow" from the response header for 400 level error responses to avoid security vulnerabilities.

*NODE
webtob      WEBTOBDIR = "/home/webtob5",
            SHMKEY = 54800,
            Options = "ExcludeAllowHeaderOnError"

Related issue: IMS-131070

Added this setting to specify a specific IP bandwidth in the *AUTHENT section.

*AUTHENT
auth1           Type = Basic,
                UserFile = "/home/server/webtob/auth/auth1.pass",
                AccessName = access1

*ACCESS
access1         Order = "allow,deny",
                Allow = "192.168.0.0/255.255.0.0"

*SVRGROUP
htmlg           SVRTYPE = HTML, AuthentName = auth1
jsvg            SVRTYPE = JSV

Related issue: IMS-137456

Added this setting to the *SVRGROUP section to route requests of the specified user agent to the server group for processing.

*SVRGROUP
jsvg           SVRTYPE = JSV, UserAgentRegExp = "(FireFox|Opera|Chrome|Safari)"
jsvg2          SVRTYPE = JSV, UserAgentRegExp = "Whale"

*SERVER
MyGroup        SVGNAME = jsvg, MinProc = 5, MaxProc = 10
MyGroup2       SVGNAME = jsvg2, MinProc = 5, MaxProc = 10

Related issue: IMS-136851, IMS-139916

Added this option to allow DNS resolution attempts when the ServerAddress set in the Reverse_Proxy section is modified dynamically.

*REVERSE_PROXY
jsp_url
               ReverseProxyGroupName="jeus_rpg",
               ServerAddress = "192.168.1.1:5580",
               Options = "DynamicServerAddress"

Related issue: IMS-138268

Added selector support to use WebSocket between WebtoB and JEUS without using reverse proxy.

*SERVER
MyGroup        SVGNAME = jsvg, MinProc = 10, MaxProc = 20, WSProc = 1

This is similar to Apache SSLHonorCipherOrder or nginx ssl_prefer_server_ciphers. Added this setting to use the preferences defined in RequiredCipher.

*SSL
ssl        CertificateFile = "$(WEBTOBDIR)/ssl/server.crt",
           CertificateKeyFile = "$(WEBTOBDIR)/ssl/server.key",
           RequiredCiphers = "ECDHE-RSA-AES128-GCM-SHA256:AES128-SHA256",
           PassPhraseDialog="exec:$(WEBTOBDIR)/ssl/pass.sh",
           SSLServerCipherPref = Y

Related issue: IMS-143514

Added a trial license with 5 user limit for use with JEUS.

You can use the trial license with the WebtoB 5 Fix#2 Installer.

Added this setting to restrict access to the parent directory in addition to the existing method of using URL Rewrite. (Default value: N)

*NODE
webtob      WEBTOBDIR = "/home/webtob5",
            SHMKEY = 54800,
            UpperDirRestrict = Y 

Related issue: IMS-125134

Added this setting to control access to a specific IP bandwidth in the *REVERSE_PROXY section.

*REVERSE_PROXY
jsp_url
               ReverseProxyGroupName="jeus_rpg",
               ServerAddress = "192.168.1.1:5580",
               AccessName = access1

*ACCESS
access1         Order = "allow,deny",
                Allow = "192.168.0.0/255.255.0.0"

Related issue: IMS-149202

You can use the "%A" field to specify a server IP.

*LOGGING
log1        Format = "%h %A %l %u %t \"%r\" %s %b",
            FileName = "C:/TmaxSoft/WebtoB5/log/access.log",
            Option = "sync"

Related issue: IMS-121596

Added this setting to allow FILTERS process to perform filtering on HTMLS (HTML) requests whereas only JEUS (JSV) requests were processed by FILTERS before.

*FILTER
sm_filter     RealPath = "/home/webtob5/config/filter/wbSmISAPI.so"

*SVRGROUP
filterg  SVRTYPE=filter, filter="sm_filter"

*SERVER
filters SVGNAME="filterg", Minproc=1, Maxproc=40, Options="AllServers"

Related issue: IMS-121825

WebtoB uses RR method to distribute requests from JEUS. Now it first routes requests to MSs with the number of running threads below its threshold limit.

$>wsadmin
--- Welcome to WebtoB Admin (Type "quit" to leave) ---

$$13 qpsx1 (wsadm) [2017-05-25T10:50:23]: st -j
HTH 0(18696): RDY
   --------------------------------------------------------------------------------
   svr_name  jengineno  threshold   cons       reqs      count      avg   jengineid
   --------------------------------------------------------------------------------
   MyGroup         0          -        10          0          0     0.0000  amV1c19kb21haW4vc2VydmVyMQ==(jeus_domain/server1)

Related issue: IMS-129440, IMS-131069

HTH now kills an unresponsive FILTERS process that has timed out after client has been disconnected.

Related issue: IMS-136392

It *NODE.CheckUrlJsvExcept is set to Y, CheckURL setting is disabled on requests sent to JEUS.

*NODE
webtob          WEBTOBDIR = "/home/webtob5",
                SHMKEY = 54800,
                CheckURL = Y,
                CheckURLTo = "euc-kr",
                CheckURLFrom = "utf-8",
                CheckUrlJsvExcept = Y

Related issue: IMS-139327

The Content-Length limit of 2GB (INT_MAX) has been removed for PUT method requests.

WebtoB now supports dual SSL certificates (ecdhe-rsa and ecdhe-ecdsa).

*SSL
ssl1            CertificateFile = "$(WEBTOBDIR)/ssl/server.crt,$(WEBTOBDIR)/ssl/server-ecc.crt",
                CertificateKeyFile = "$(WEBTOBDIR)/ssl/server.key, $(WEBTOBDIR)/ssl/server-ecc.key"

Related issue: IMS-152131

Added settings to handle delays during DNS resolution when *REVERSE_PROXY.Options is set to "DynamicServerAddress".

*REVERSE_PROXY
jsp_url
               ReverseProxyGroupName="jeus_rpg",
               ServerAddress = "192.168.1.1:5580",
               Options = "DynamicServerAddress",
               ConnectRetryCount = 10,
               ConnectTimeout = 5,

Related issue: IMS-162352

Added this setting to override the default status code when *SERVER.RequestLevelPing fails.

*NODE
webtob          WEBTOBDIR = "/home/webtob5",
                SHMKEY = 54800,
                CheckPingTimeoutStatus = 512

*SERVER
MyGroup         SVGNAME = jsvg, MinProc = 30, MaxProc = 30, RequestLevelPing=Y

Related issue: IMS-162786

You can use 'wsadmin > st -tcpgw' to display the current connection information in addition to 'wsadmin > ci'.

$>wsadmin
--- Welcome to WebtoB Admin (Type "quit" to leave) ---

$$10 tmaxsoft (wsadm) [2018-07-20T20:43:29]: st -tcpgw s*

-------------------------------------------------------------------------
 hth (tcpgwi)tcpgwname count avg cons remote_ipaddr:port
-------------------------------------------------------------------------
   0 ( 1/ 0) sw_jeus2 0 0.0000 0 192.168.1.14:18088
   0 ( 1/ 1) sw_jeus2 0 0.0000 0 192.168.1.14:28088
   0 ( 1/ 2) sw_jeus2 0 0.0000 0 192.168.1.14:38088
   0 ( 1/ 3) sw_jeus2 0 0.0000 0 192.168.1.14:48088
   0 ( 1/ 4) sw_jeus2 0 0.0000 0 192.168.1.14:58088

Related issue: IMS-167446

WBSSL version has been changed from WBSSL 2.3.0_B0 to WBSSL 2.3.1_B2.

$>wbssl version
WBSSL 2.3.1 B2 30 Mar 2018

Changed how WebtoB responds to a request for an unsupported method in *NODE(*VHOST).Method when using reverse proxy.

Related issue: IMS-120109

When the same method request comes in after the previous method request is redirected to 307, the second request is now processed as a GET request. If the request URL is same as the ERRORDOCUMENT URL, the ERRORDOCUMENT URL is returned instead of 405.

Related issue: IMS-120109

The length limit is increased to 128 to accommodate using a hostname on cloud VM as the node name.

Related issue: IMS-124789

When using *DOMAIN.CloudDasAddress and all connections between an MS and WebtoB are closed (cloud scaled in), its jengineid(no) is removed from the stats returned by 'wsadmin> st -j'.

Related issue: IMS-124997

The length limit is increased to 128 to accommodate encrypted server names.

Related issue: IMS-132832

The length limit is increased to 96 to prevent wscfl failure when a long ELB domain name is set to *REVERSEPROXY.ServerAddress.

Related issue: IMS-137224

Changed the default encryption method to MD5 with no character length limit when creating a password using wsmkpw. The previous default encryption method, CRYPT, was also changed to only accept up to 8 characters instead of truncating passwords that exceeds the limit.

Related issue: IMS-150340

RequestLevelPing requests are no longer counted in aq_count so that the aq_count returned by 'wsadmin > st -s' includes only requests that are actually queued.

Related issue: IMS-156689

To prevent HTH from restarting unexpectedly, WebtoB now closes the server connection when a request header from JEUS contains an invalid message length.

Related issue: IMS-153787

WebtoB now gracefully drops invalid messages before closing the connection.

Related issue: IMS-117370

The webtob.pid file created when starting WebtoB is now created with 640 instead of 666 permission when the file is set to IPCPERM 0777.

Related issue: IMS-162827

Fixed the issue of the buffer being freed after a processing a request when the next request is a pending pipelined request from an SSL client connection.

Fixed the issue of pipelined SSL bug where HTH shuts down when JSV connection is abnormally terminated during SSL processing for a JEUS request.

Fixed the issue of existing JSV connection being abnormally terminated after a WebtoB scale out in the cloud.

Related issue: IMS-124997

Fixed the issue of the reverse proxy server connection not being cleared when a request error returns a 400 error. This happens because a large message body that is sent via reverse proxy has chunked data that is not properly terminated by CRLF.

Related issue: IMS-129710

Fixed the issue of incorrect processing of *SSL setting in *TCPGW.

Related issue: IMS-132851

Fixed the issue of a memory leak caused by using the response header filter for a POST request with ISAPI.

Related issue: IMS-133609

Fixed the issue of broken chunk offset when flow control is needed. This happens when processing a large sized chunked message via reverse proxy and the chunks are coming in faster than being sent to the backend server.

Related issue: IMS-136341

Fixed the issue of *HEADERS setting being ignored when redirecting via URLRewrite.

Related issue: IMS-138490

Fixed the issue of wsdown being terminated without an error message when an invalid input, such as Y or N, is entered.

Fixed the issue so that response header can be processed using CRLF(\r\n) or LF(\n) as a newline character.

Related issue: IMS-139916

Fixed the validity checking logic in socket (fd) when connection to *TCPGW.ServerAddress fails or times out.

Related issue: IMS-138818

Fixed the issue of wscfl normally compiling an environment file with an invalid input, such as *NODE.Port = 0.

Related issue: IMS-140277

Fixed the issue of reverse proxy failing and responding with 503 error when a request is sent to a vhost with no default JSV server set.

Related issue: IMS-140087

Fixed the issue of hth -v and wsboot -v displaying the FD size as 8192.

Related issue: IMS-153001

Fixed the issue of access log FD not closing when there are no requests for an HTH and *HTH_THREAD.AccessLogThread is set to Y.

Related issue: IMS-143449

Fixed the issue of an error that occurs when parsing the newline character, LF(\n), from the response header. This causes the server to fail to parse the response code from the response status line and to record a 0 in the access log.

Related issue: IMS-143445

Fixed the issue so that the filter connection is maintained after a 302 redirect to process a POST request body. WebtoB now receives and dumps the request body, and closes only the client connection while maintaining the filter connection.

Related issue: IMS-143843

Fixed the issue of websocket flag being reset after WebSocket upgrade via reverse proxy in WebtoB 5.

Related issue: IMS-148638

Fixed the issue of HTH shutting down unexpectedly after reconnecting to JEUS to process the previous request when using RequestLevelPing. This happens when WebtoB closes the client and JSV connections because no pong is received for a ping request.

Related issue: IMS-148767

Fixed the issue of failing to initialize SSL when it is only set in *TCPGW. After client completes SSL handshake, it now connects to the backend server.

Fixed the issue of 504 response code that occurs when using URLRewrite and ReverseProxy together due to a buffer management bug in rewriting the HTTP header.

Related issue: IMS-150379

Fixed the issue of stdEnvVars setting not working when using ReverseProxyGroup. This is a side effect from the fix for reverse proxy failure when no default JSV server is set (4.13).

Related issue: IMS-150532

Fixed the issue of parsing '$' only as the start of an environment variable so that '$' can be parsed correctly when it is used within RegExp or SetHostHeader value.

Related issue: IMS-152421

Fixed the issue of HTH shutting down unexpectedly while executing JSV compression.

Related issue: IMS-153164

Fixed the issue of FILTERS process shutting down unexpectedly during WebtoB startup. This only happens in WebtoB 5.

Related issue: IMS-153986

Fixed the issue of core dump caused by an undeleted buffer pointer from the previous request remaining. This happens when an SSL request is processed by appending a slash (/) after setting Indexname="index.php", and then sending the same request via NonSSL.

Related issue: IMS-152091

Fixed the issue of 'wsadmin > restat -a' not resetting the htmls count, which is displayed via 'wsadmin > st -s', and the thread information.

Related issue: IMS-156670

Fixed the issue of a bug caused by creating too many connection objects than allocated in shared memory leading to an index overflow.

Related issue: IMS-155395

Added fixes from WebtoB 4.1.9.1 that are missing in WebtoB 5, and corrected spelling errors in patchinfo.

Related issue: IMS-160414

Fixed the issue so that the reverse proxy setting is used instead of URI matching when URLRewirte enabled vhost is set in *ReverseProxy. This is a side effect from the fix for IMS-140087.

Related issue: IMS-147271

Fixed the issue so that no HTML server group needs to be set in *SVRGROUP to use the *EXPIRES setting.

Related issue: IMS-164680