WebtoB 5
This chapter describes the changes and additions in functionality and bug patches in WebtoB 5.
1. New Functions
1.1. HTH_THREAD Section
-
HTH_THREAD Section Added
HTH_THREAD section has been added so that HTMLS is processed by HTH worker threads instead of the HTMLS process. Since HTMLS process is no longer used, the SERVER section configuration is now optional. The HTH_THREAD section must be configured and only once. For detailed configuration information, refer to WebtoB Administrator’s Guide.
HTH_THREAD Configuration*HTH_THREAD hworker WorkerThreads = 8, SendfileThreads = 4, SendfileThreshold = 32768, AccessLogThread = YSendfileThreads and AccessLogThread items are not supported in Windows.
-
HTH_THREAD.HtmlsCompression
The compression function is now handled by the worker thread instead of HTMLS.
Compression is performed when the response body size exceeds the HtmlsCompressionMinSize setting (newly added).
*HTH_THREAD.HtmlsCompression Configuration*HTH_THREAD hworker ... HtmlsCompression="text/html", HtmlsCompressionMinSize = 1, ...
1.2. SERVER Options Setting
-
This setting is used to send the original user sent request to a JSV server or another server process after being processed by the FILTERS process.
This setting can be used to consider that the request URL can be modified while the request is processed by the FILTERS process.
*SERVER.Options Configuration*SERVER MyGroup SvgName = jsvg, MinProc = 1, MAXProc = 10, Options = "PassOriginalUriAfterFilters" -
Related Issue: IMS-100812
1.3. SVRGROUP HEADERS Setting
-
The HEADERS setting was applied to the SERVER and NODE(VHOST) sections. From WebtoB 5 or later, a server can no longer be set as HTML type. Hence, the *SVRGROUP.Headers setting has been added to apply the HEADERS settings to specific HTML group.
*SVRGROUP.Headers Configuration*SVRGROUP htmlg NODENAME = "tmax", SVRTYPE = HTML, Headers = "header1", ... *HEADERS header1 ACTION="AddRequest", FieldName="ADDHEADER1", FieldValue="QMC_Test_Header1", RegExp="!html$", StatusCode=""
1.4. LOGLEVEL RotateBySeconds Setting
-
The tracelog was created per process which was difficult to manage when the file size grew. Now the *LOGLEVEL.RotateBySeconds can be used to specify the interval to create an additional log file.
*LOGLEVEL.RotateBySeconds Configuration*LOGLEVEL .hth Level = "trace", RotateBySeconds = 300 (default: 300) ...
1.5. PROXY_SSL CertificateChainFile Setting
-
The CertificateChainFile setting has been added to the PROXY_SSL section to be able to create a chain. To authenticate the internal server certificate, the CertificateChainFile can be configured in the PROXY_SSL section as follows:
PROXY_SSL.CertificateChainFile Configuration*PROXY_SSL reverseSsl Verify=2, VerifyDepth=3, CertificateChainFile="$(WEBTOBDIR)/ssl/CHAIN.crt", CACertificateFile="$(WEBTOBDIR)/ssl/CA.crt", CertificateFile="$(WEBTOBDIR)/ssl/public.crt", CertificateKeyFile="$(WEBTOBDIR)/ssl/private.key", Protocols="-SSLv2, -SSLv3", RequiredCiphers = "HIGH:MEDIUM:!SSLv2:!PSK:!SRP:!ADH:!AECDH:!EXP:!RC4:!IDEA:!3DES" -
Related Issue: IMS-107342
1.6. Thread Settings and Statistics in wsadmin
-
A command that displays HTH_Thread state and stats has been added to wsadmin (wswebadmin).
wsadmin > HTH_Thread Information Output Commandcfg -t : view HTH_THREAD properties st -t : statistics of each HTH threads st -T : statistics of HTH threads group
1.7. HTH Monitoring Function in WSM
-
Alivecheck for HTH can be set with the newly added NHthChkTime setting that is used to restart HTH when there is no reply for two consecutive attempts.
*DOMAIN.NHthChkTime Configuration*DOMAIN ... NHthChkTime = 30, (default: 30) ...
1.9. WebDAV Function
-
Added the WebDAV (Web Distributed Authoring and Versioning) function.
Documents and files on the server can be edited and managed by adding methods in the NODE(VHOST) section by using extended HTTP protocol. WebtoB supports PUT, DELETE, COPY, MOVE, MKCOL, PROPFIND methods. Excluding LOCK/UNLOCK and PROPPATCH, a method can be disabled. For more information, refer to RFC-4918.
WebDAV Configuration*VHOST vhost1 ... Method = "GET, POST, HEAD, OPTIONS, PROPFIND, PUT, DELETE, MKCOL, COPY, MOVE" (default:"GET, POST, HEAD, OPTIONS") ...This is only supported in the Enterprise Edition License.
-
Related Issue: IMS-82239
1.10. CA SiteMinder Filter
-
Added a module (so) to the FILTER section to integrate CA SiteMinder, an SSO solution, with the Policy Server and to authenticate and authorize users to access protected Web resources.
FILTER filters Configuration*FILTER sm_filter RealPath = "$(WEBTOBDIR)/config/filter/wbSmISAPI.so" *SVRGROUP htmlg SVRTYPE = HTML jsvg SVRTYPE = JSV filterg SVRTYPE = FILTER, Filter = "sm_filter" *SERVER MyGroup SVGNAME = jsvg, MinProc = 5, MaxProc = 10 filters SVGNAME = filterg, MinProc = 1, MaxProc = 20 *URI testuri Uri= "/testuri/", SvrType = JSV *EXT fcc MimeType = "text/html", SvrType = JSV
This is only supported in the Enterprise Edition License.
-
Related Issue: IMS-92139
1.11. TLS Extension - SNI
-
In previous versions, split ports or multi-domain certificates were used to service 2 certificates through a single port. SNI function, an extended TLS function, has been added to enable servicing multiple domains through a single port.
Servicing 2 Domains via a Single Port*VHOST vhost1 DOCROOT = "C:/TmaxSoft/WebtoB5.0/vdocs1", NODENAME = "tmax", HOSTNAME = "192.168.0.0", IndexName = "index.jsp", ServiceOrder = "ext,uri", #KeepAlive = N, PORT = "7410", SSLFLAG = Y, SSLNAME = "ssl1" vhost2 DOCROOT = "C:/TmaxSoft/WebtoB5.0/vdocs1", NODENAME = "tmax", HOSTNAME = "192.168.0.0", HostAlias = "vhost2.tmax.co.kr", IndexName = "index.jsp", ServiceOrder = "ext,uri", PORT = "7410", SSLFLAG = Y, SSLNAME = "ssl2" ... *SSL ssl1 CertificateFile = "C:/TmaxSoft/WebtoB5.0/ssl/server.crt", CertificateKeyFile = "C:/TmaxSoft/WebtoB5.0/ssl/server.key", CertificateChainFile = "C:/TmaxSoft/WebtoB5.0/ssl/chain.crt", RequiredCiphers = "AES256-SHA", PassPhraseDialog="exec:C:/TmaxSoft/WebtoB5.0/ssl/pass.bat" ssl2 CertificateFile = "C:/TmaxSoft/WebtoB5.0/ssl/server2.crt", CertificateKeyFile = "C:/TmaxSoft/WebtoB5.0/ssl/server2.key", CertificateChainFile = "C:/TmaxSoft/WebtoB5.0/ssl/chan2.crt", RequiredCiphers = "RC4-MD5", PassPhraseDialog="exec:C:/TmaxSoft/WebtoB5.0/ssl/pass.bat"Testing Method>wbssl s_client -connect 192.168.0.0:7410 -servername vhost2.tmax.co.kr RESULT> CONNECTED(00000160) ... New, TLSv1/SSLv3, Cipher is RC4-MD5 Server public key is 1024 bit Secure Renegotiation IS supported Compression: NONE Expansion: NONE SSL-Session: Protocol : TLSv1.2 Cipher : RC4-MD5
1.12. Embedded Servlet Engine Version Upgrade
-
The Embedded Servlet Engine has been upgraded from JEUS 6 Fix#9 to JEUS 7 Fix#4.
1.13. Added Engine Name to the Register Message from JEUS
-
The command, "wsadmin > st -j", displays the jengineid as its base64 decoded value or the jenginename* received from JEUS.
|
This is supported in JEUS 8. |
1.14. WSM Termination Triggers Windows Service Termination
-
Windows service performs alive checks for WSM process at 30 second intervals, and executes wsdown and terminates the service when WSM is unresponsive.
-
Related Issue: IMS-107294
1.15. Response Size Based Compression
-
Compression is performed when the Content-Length (or file size) exceeds the *SERVER.CompressionMinSize setting, if specified.
*SERVER.CompressionMinSize Configuration*SERVER cgi SvgName = cgig, MinProc = 2, MaxProc = 10, CompressionMinSize = 1, Compression = "text/html"This is the same as the *HTH_THREAD.HtmlsCompressionMinSize setting.
-
Related Issue: IMS-107724
1.16. Additional AccessLog Format Settings
-
Added common and combined formats specified with aliases in addition to the default formats in the AccessLog File Format configuration. For detailed configuration information, refer to WebtoB Administrator’s Guide.
Aliases for AccessLog File Formatdefault: "%h %t \"%r\" %s %b %D" common: "%h %l %u %t \"%r\" %s %b" combined: "%h %l %u %t \"%r\" %s %b \"%{Referer}i\" \"%{User-Agent}i\"" -
Related Issue: IMS-100553
2. Changed Functions
2.1. Log Format Update
-
Unified the time log level and other items of syslog and errorlog to Tmax standard log format.
The following is an example of an error log.
Error Log[2016-03-22T13:33:25] [CLIENT(192.168.0.0)] [E] [ERR-00122] Worker error. {DELETE, err=[ERR-05065] A request URI does not exist., realpath=C:/TmaxSoft/WebtoB5.0/docs/webdav_dir/copy_method/non_test.txt}
2.2. Removal of Unnecessary Settings
-
The following unnecessary settings, including MaxPersistentServerConnections, have been removed from WebtoB 5.
Removed Settings*NODE.MaxReverseProxyKeepAliveServerConnections *NODE.ReverseProxyRequestSlackBufferSize *NODE.AccessLogThroughWSM *NODE.UseInternalHtmls *NODE.InternalHtmlsReadSize *NODE.InternalHtmlsMaxCacheSize *NODE.InternalHtmlsAsyncReadThreads *NODE.InternalHtmlsAsyncReadThreshold *NODE.InternalHtmlsSendFileThreshold
2.3. Filter Processing Update
-
Since HTMLS process is no longer used, the Filter processing performed by HTMLS before static file processing is now handled by the FILTERS process.
2.4. Changed Default RequiredCiphers Value for SSL
-
The default value for RequiredCiphers has been changed as follows:
-
Before
RequiredCiphers = "HIGH:MEDIUM:!SSLv2:!PSK:!SRP:!ADH:!AECDH:!EXP"
-
After
RequiredCiphers = "HIGH:MEDIUM:!SSLv2:!PSK:!SRP:!ADH:!AECDH:!EXP:!RC4:!IDEA:!3DES"
-
-
Related Issue: IMS-103369
2.5. Changed Max FD Value
-
The FD value has been changed to increase the maximum number of concurrent clients that can be handled by a single HTH process.
Changed FD Value* Unix 8k(8192) -> 16k(16384) * Window 2k(2048) -> 4k(4096)
2.6. WBSSL Version Upgrade
-
WBSSL has been upgraded from "WBSSL 2.2.2" to "WBSSL 2.2.4_B4".
The upgraded version includes a replacement library for OpenSSL with an enhanced SSL/TLS communication protocol to help resolve security vulnerabilities in OpenSSL.
WBSSL Version Upgrade$>wbssl version WBSSL 2.2.4 B4 29 Mar 2016
-
Related Issue: IMS-106426
2.7. Changed Content-Length Response Header Variable to 64bit for Reverse Proxy
-
When using reverse proxy, since the Content-Length Response Header is parsed and saved to 4bytes variables, an error occurs when the Content-Length exceeds 2GB which is incorrectly recognized as a negative value.
-
Related Issue: IMS-107204
3. Bug Patches
3.1. Fix for Core Dump during Pipeline Request Processing in Reverse Proxy
-
Fixed the issue so that the client remains in the RUN state while connecting to the backend server for frontend processing of a pipelined client request.
-
Related Issue: IMS-102899
3.2. Fix for Increasing CPU Usage for a Large Request with a Non-HTML IndexName
-
Fixed the issue that occurs when the *NODE(VHOST).IndexName is set to index.php and a "POST/" request with a large body is received. This causes repeated waits to occur because the redirect message cannot be saved in the buffer.
-
Related Issue: IMS-106208
3.3. libexpat.lib Update
-
Fixed the issue of wsboot failure caused by the XML Parser Library libexpat.lib(dll) that has been added below lib/(bin) for WebDAV support. Updated libexpat.lib(dll) for Windows x86 and AIX x32.
-
Related Issue: IMS-105404
3.4. Fix for PHPS/CGIS Core Dump When Adding 'Expires' to Response Header
-
Fixed the issue of a core dump that occurs while receiving the request uri to create an 'Expires' Response header.
-
Related Issue: IMS-105697