Solved

Limit HTTP Commands

Posted on 2001-09-10
3
176 Views
Last Modified: 2013-12-18
I am running Domino 5.0.7, I want to limit the commands set of HTTP to just get and post.

Is this possible and if so how?

Andy
0
Comment
Question by:a_murray
  • 2
3 Comments
 
LVL 24

Expert Comment

by:HemanthaKumar
ID: 6471450
Check your httpd.cnf

for

################################################################################
#
#        Enabling and disabling HTTP methods
#        Defaults:  GET, HEAD, and POST are enabled, the rest are disabled
#        Syntax:  Enable  <method>
#                 Disable  <method>
#
################################################################################
Enable    GET
Enable    HEAD
Enable    POST

Disable   PUT
Disable   DELETE
Disable   OPTIONS
Disable   TRACE
Disable   CONNECT




& This is how you do it

http://support.lotus.com/sims2.nsf/eb5fbc0ab175cf0885256560005206cf/ffec498db6378935852565f30066c150?OpenDocument

~Hemanth
0
 
LVL 18

Accepted Solution

by:
marilyng earned 100 total points
ID: 6473010
Sorry to disagree Hemanth, but the cnf file solution refers to the Domino 4.6 server, Notes Administration Help database for R5x has restructured the configuration and access by the configuration of a file protection document, and suggests that Get and Post be configured at the ACL level.  It also provides instructions for how to configure security on individual documents. There are also a few users who migrated from 4.6 to 5x servers and found that their cnf file was not migrating correctly.

Here is the section from the Notes Administration help:
Protecting server files from Web client access  

To protect files on a server's hard drive, you can create a File Protection document. File Protection documents control the access that Web browser clients have to the files. You can enforce file system security for files that browser users can access -- for example, HTML, JPEG, and GIF -- specify the level of access for these types of files, and the names of the users who can access them.
You can apply file system protection on CGI scripts, servlets, and agents. However, the file protection does not extend to other files accessed by the scripts, servlets, or agents. For example, you can apply file protection on a CGI script that restricts access to a group named "Web Admins." However, if the CGI script executes and opens other files (or causes other scripts to be executed), the File Protection document is not checked to determine whether "Web Admins" has access to these files.
File system protection does apply, however, to files that access other files -- for example, HTML files that open image files. If a user has access to the HTML file but does not have access to the JPEG file that the HTML file uses, Domino does not display the JPEG file when the user opens the HTML file.
You can create a File Protection document for a directory or for an individual file. The default path is the Domino data directory. You can also create File Protection documents for other directories. We recommend setting up File Protection documents for all directories accessible to Web users.
By default, the Domino Directory contains a File Protection document for the domino\adm-bin directory that is created when the server starts for the first time after installation. This File Protection document gives administrators Write/Read/Execute access to the directory and gives all other users No Access. Domino obtains the list of administrators from the Administrators field in the Server document when the server is started for the first time. The administrator list is not updated in the File Protection document if you add names to the Adminstrators field after the server is started for the first time. Users have access to all other files and directories on the server until you create a File Protection document.
You do not need to use file system protection to protect database (.NSF) files; instead, you use database ACLs to protect them.
To create a File Protection document
  1.      Do one of the following:
From the Domino Administrator, click Configuration and click Servers.
If you are creating a File Protection document for a virtual server, click Web - Web Server Configurations.
  2.      Do one of the following:
Open the Server document for the server to which the file protection will apply.
If you are creating a File Protection document for a virtual server, open the Virtual Server document.
  3.      Click Web and choose Create File Protection.
  4.      Click the Basics tab, and complete these fields:      Field      Enter
      Applies to      The name of the server (or virtual server) for which the File Protection document will be created. This field is display only, you cannot change it.
      IP Address      The IP address of the server to which the file protection applies. This field appears only if you are creating a File Protection document for a virtual server.
      Path      The drive, directory, or file that you want to restrict. The path is relative to the Domino data directory.

  5. Click the Access Control tab, complete this field, and then save the document:      Field      Enter
      Current access control list      The users and groups who can access the files or directories you specified and the type of access they are allowed. Similar to a database ACL, the access control list is always created with a - Default - entry, set to No Access. As with a database ACL, users not listed in the Access List receive the default access level.
            To add users to this list, click Set/Modify Access Control List. Select a user name or group from the Domino Directory or type a name in the Name field and select "Read/Execute access (GET method)," or "Write/Read/Execute access (POST and GET methods)," or "No Access". Then click Next to add this entry to the access list.
            GET lets the user open files and start programs in the directory. POST is typically used to send data to a CGI program; therefore, POST access should only be given to directories that contain CGI programs. No Access denies access to the specified user or group.
            To remove an entry from the list, select it and click Clear.
            If users connect to the server using Anonymous access, enter Anonymous in the Name field and assign the appropriate access.  

  6. Enter this command at the console to refresh the server settings:
tell http restart
  7. To display the File Protection document, click Web - Web Server Configurations on the Configuration tab. Domino displays the File Protection document as a response to the Server document.

To see the full document, open the Notes Administration help and search on the keyword: "Protecting"  the first two documents returned contain the full instructions on how to limit HTTP commands.

Here is the full article in case you don't have the admin help.nsf file.

http://u.dominodeveloper.net/help/help6_admin.nsf/f4b82fbb75e942a6852566ac0037f284/2dc7db4b8e7eea3f85256a55003c9cb4?OpenDocument

hope this helps,
marilyng
0
 
LVL 24

Expert Comment

by:HemanthaKumar
ID: 6474176
Yes you can disagree with me, I din't notice the version.
0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

For users on the Lotus Notes 8 Standard client, this article provides information on checking the Java Heap size and adjusting it to half of your system RAM in attempt to get the Lotus Notes 8.x Standard client to run faster.  I've had to exercise t…
IBM Notes offer Encryption feature using which the user can secure its NSF emails or entire database easily. In this section we will discuss about the process to Encrypt Incoming and Outgoing Mails in depth.
In this seventh video of the Xpdf series, we discuss and demonstrate the PDFfonts utility, which lists all the fonts used in a PDF file. It does this via a command line interface, making it suitable for use in programs, scripts, batch files — any pl…
This video shows how to remove a single email address from the Outlook 2010 Auto Suggestion memory. NOTE: For Outlook 2016 and 2013 perform the exact same steps. Open a new email: Click the New email button in Outlook. Start typing the address: …

746 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now