Contents Install Terminology

The SRE-http Web Server

version 1.3h


SRE-http is an http/1.1
compliant WWW Server for OS/2. Written in REXX, SRE-http is designed to run as filter under GOSERVE, an IBM EWS Internet Server.

SRE-http provides a number of useful features including:

  • Support for multiple hosts
  • Remotely configurable (with complete on-line documentation)
  • Common-log auditing
  • Request-selector-specific and file-specific (HTACCESS) access controls
  • Several types of document redirection are easily specified.
  • A wide variety of cachable server side includes can be dictated by including the well-known NCSA-style elements in your HTML documents
  • Easy to configure support for mappable images and searchable indices
  • Client-specific and browser-specific documents are readily specified
  • Support for server-side-processing using SRE-http addons and CGI-BIN scripts; with numerous tools to help programmers create their own web aware applications.
  • Bundled accessories include a cachable dynamic directory display facilty, a text search facility, and a simple message-box facility.
  • Available addons include a BBS sytem, a discussion-group package, and a directory-indexer/search-engine
  • This document describes how to use SRE-http. While not necessary, the reader should first examine the documentation that comes with GoServe (GOSERVE.DOC). Knowledge of the REXX programming language would also help. However, you can still do a lot of nice stuff with only a rudimentary understanding of GoServe, or of REXX. Lastly, if you don't know HTML, the "markup language" of the world-wide web (WWW), then it's going to be hard to do anything interesting!

    Before reading this manual, we strongly recommend that you peruse the SRE-http users guide -- it's a much easier read!

    Other useful documentation files include:

  • The 1 Page Introduction summarizes SRE-http.
  • The SRE-http outline describes the steps that SRE-http follows when processing a request.
  • The description of SRE-http parameters gives a detailed description of SRE-http's user configurable parameters.
  • The list of help files summarizes the various help documents supplied with SRE-http.
  • Other GoServe filters.....

    An older alternative to this filter is Don Meyer's GoHTTP HTTP filter system.
    GOHTTP offers CGI-BIN, HTACCESS compatability, common-log auditing, and rudimentary support for server side includes.

    Another alternative is the InterFilt filter of Derek Sims. It has good support for multiple realms and multiple hosts, but lacks server side includes and other features.

    Notes to upgraders

    For most sites, upgrading SRE-http from version 1.2 should present few difficulties -- most of the user-configurable options have not changed. However, there have been a few changes to minor features (and a few rarely used features have been dropped). Furthermore, SRE-http addons should be upgraded; current versions of the addons will work, but will not be http/1.1 compliant.

    Please read the HISTORY.TXT file for a complete listing of these changes.

    Table of Contents

  • 1) Installation notes
  • 1.a)Description of files
  • 1.b)A note on SRE-http program structure.
  • 1.c)Variables and Parameters
  • 1.d)Some basic terminology
  • 2)Multiple hosts, logon rights, and other access controls
  • 2.a) Support for multiple hosts
  • 2.b)Setting logon requirements
  • 2.c)Providing open access, to selected resources, using PUBLIC_URLS
  • 2.d)Assigning client privileges
  • 2.e) Restricting access to selected server resources
  • 2.f)Restricting access to directories using HTACCESS files
  • 3)Modifying the request
  • 3.a)Specifying the home page.
  • 3.b)Specifying default documents, and generating directory listings
  • 3.c) Using ~ to specify a home directory
  • 3.d)Establishing virtual directories
  • 3.e)Specifying ALIASES
  • 3.e.i)To modify simple requests (local redirection)
  • 3.e.ii)To implement searchable indices
  • 3.e.iii)To redirect requests for moved documents
  • 3.e.iv)To specify the location of a CGI-BIN script
  • 3.e.v)To indicate a negotiable resource
  • Notes about ALIASES
  • 3.f)What to do if the document is not found.
  • 4) Server Side Includes
  • 4.a)Headers and Footers
  • 4.b)SRE-http style server side includes
  • 4.b.i)Dynamic REPLACEments and string REPLACEments
  • 4.b.ii)File INCLUDES
  • 4.b.iii)Using OPTIONs (as incorporated into a request) as string replacements
  • 4.b.iv)INTERPRETing pre-defined REXX-code
  • 4.b.v) SELECTive excludes
  • CACHE control
  • 4.c) NCSA HTTPD style server-server side includes
  • 4.c.i)Details on NCSA ssi's
  • 4.d) Order of execution of keyphrases
  • 5) Image Maps, CGI-BIN and SRE-http Addons
  • 5.a) Processing image maps
  • Types of regions
  • 5.b)Creating SRE-http addons
  • 5.b.i)Calling Syntax
  • 5.b.ii)Return Values
  • 5.b.iii)Notes
  • 5.c) Support for CGI-BIN scripts.
  • 5.c.i) CGI-BIN scripts in other directories.
  • 5.c.ii) Notes on creating CGI-BIN scripts.
  • 5.c.iii) Using PERL CGI-BIN scripts.
  • 6) Miscellaneous SRE-http features
  • 6.a) Special directives and special commands
  • 6.a.i)Special directives
  • 6.a.ii)Special commands
  • 6.b)Common-log, browser, and referer audit files; and scheduled events
  • 6.c)The RECORD_ALL_FILE running-count
  • 6.c.i)Suppress recording of repetitive requests
  • 6.d) Load balancing
  • 6.e)Creating a user written pre-filter.
  • 6.e.i) Running the GoRemote package
  • 6.f)Creating a user written post-filter
  • 6.f.i)Mailing event specific alerts
  • 6.g) Uploading and deleting files
  • 6.h) Automatic creation of response headers.
  • 6.i) User defined MIME media types
  • 6.j) SRE-http's event monitor
  • 7) Some useful built-in facilities
  • 7.a)DOSEARCH : Search files for a text string
  • 7.b)SENDFILE : A file transfer facility
  • 7.c)Write to, and read from, message boxes
  • 7.c.i)The message writer
  • 7.c.i)Viewing message boxes
  • 7.c.i)MESSBOX privileges
  • 7.d)The SRE-http procedure library : A macrospace library of useful routines (for the ambitious REXX programmer).
  • 7.e) Client-specific and browser-specific customization
  • 8) Addons: A list of several useful SRE-http addons.

  • Appendix 1: Description of various SRE-http parameter/control files.
  • Appendix 2: Summary
  • A2.a)Limitations of SRE-http
  • A2.b)Summary of SRE-http Features
  • Appendix 3: Terminology

  • 1) Installation Notes

    SRE-http consists of a filter program (SREFILTR.80 or SREPROXY.80), numerous support procedures and daemons (such as SREFMON.CMD), sample pages, and various and sundry documentation files. As noted above, you'll need the latest version (2.52) of the GoServe package (note that earlier versions of GoServe lack several features that are needed to fully implement http/1.1)

    1. For convenience, let us assume that the GoServe package has been installed in the \GOSERVE directory (your GoServe working directory), and the GoServe data directory is set to \WWW.
    2. Copy SREV13F.ZIP to a temporary directory and then unzip it in the usual manner (i.e.; UNZIP SREV13F). From an OS/2 prompt, run INSTALL (a REXX program bundled with SRE-http), and follow the on-line instructions. You will be asked to provide the names of several directories.

      If you select the defaults, INSTALL will create a number of directories. You will be asked to provide names, we recommend accepting the defaults.
      You will also be given the opportunity to set several SRE-http parameters, and to setup a SUPERUSER. We strongly recommend that you take this opportunity. In particular, setting up a SUPERUSER can help avoid later configuration headaches (though if you are very security conscious, you can skip this without terrible consequence).

      After running INSTALL, you can delete the contents of this temporary directory.

    3. Set up GoServe to run SRE-http:
    4. At this point, the default version of SRE-http is running! You'll probably want to change the values of a number of SRE-http's parameters. Although you can do this by editing the various parameter files (such asINITFILT.80) with a text editor, for the new user it is probably easier to run CONFIGUR.HTM -- a HTML front-end to SRE-http's built-in configurator.

      The most straightforward way of doing this is:

    5. If you need to use a port other then 80, you should:

    Now, all you have to do is create some informative, efficiently organized, and eye-catching HTML documents, paste them together, and add links to the rest of the net. But that's the fun part.
    A note to upgraders As of ver 1.3d, SRE-http will be using configuration files located in a CFGS\ directory. For information on these new files, and on how to migrate older configuration files, please see USE_CFGS.DOC

    1.a) Description of the files that comprise SRE-http

    The SRE-http package consists of a number of files. These include the SRE-http REXX programs, the macrospace procedure library, several user-configurable parameter files, samples of "counter and control" files, and some sample HTML files. A complete description of these files is contained in the file list.

    1.a.i)On changing file and directory names

    Many of the directories, and files, mentioned above can have their names changed by modifying variables that are located in INITFILT.80 (the INITFILT_FILE); either by editing the file with a text editor, or by using the intermediate configurator. In this documentation we usually refer to files and directories by their "titles" (such as GoServe working directory), but occasionally the "default name" is used (such as \GOSERVE).

    If you change the names of your directories, keep the following in mind:

    New addition: You can now specify host & port specific configuration files in the CFGlist.CFG configuration file.

    1.b) SRE-http structure: multi-threading and macrospace

    To speed up processing, and to facilitate modularization, SRE-http makes extensive use of REXX macrospace.

    Of greater import, SRE-http uses several daemons ("helper" threads) to handle a number of tasks (such as username lookup, alias matching, and SSI-document caching). These daemons are launched upon the first request to SRE-http. In addition, SRE-http stores a number of variables in the local (GoServe) environment.

    For most users, these implementation details are unimportant. However, these threads do use system resources (queues) which remain alive even after GoServe has been turned off. To free these resources, you can use the FREEUP.CMD program that is shipped with SRE-http.
    Citation: SRE-http uses the REXXLIB library to access macrospace and to generate/communicate between threads. A distribution copy of REXXLIB is supplied with SRE-http, and may be used freely with SRE-http. If you wish to use REXXLIB in other REXX programs, contact Quercus Systems for licensing information.
    Lastly, SRE-http monitors the parameter files, including INITFILT.80. Changes to these files will be incorporated into SRE-http's parameters about every 10 seconds.

    1.c) Variables and Parameters

    Throughout this documentation reference is made to variables (aka "parameters") used to change SRE-http's options and features.
    In the interest of thoroughness, this manual discusses the multitude of SRE-http options in terms of directly modifying these parameters. However, most individuals will probably never need to actually edit a file. Instead, almost all of the parameters mentioned herein can be modified using the intermediate-mode configurator (CONFIG2.HTM). In fact, in most cases the simple-mode configurator (CONFIG0.HTM) will do the job -- where appropriate, links to the appropriate section of the simple-mode configurator will be made available for your browsing pleasure .
    If you are a hands-on kind of administrator, feel free to directly modify these parameters. If so, you might also want to read the detailed descripton of INITFILT.80.

    1.d) Some basic terminology

    The SRE-http documentation uses some not-necessarily-intuitively-obvious terms. The following lists a few of the more important ones. For a more complete list, see the terminology appendix.
    Universal Resource Locator (URL) is a scheme for specifying Internet resources using a single line of printable ASCII characters. A URL should contain a protocol, domain name, port number (optional), the location of the resource, and an (optional) option list (following a ?).
  • Request string
    When a client asks for a URL (say, by clicking on a link), a request string (along with request headers and a request body) is sent to the server (at the domain name and port listed in the URL). The request string consists of three tokens: the http method, the location of the resource on the server, and the http protocol.
    Examples (assuming the above URLs):
  • GET /dir1/sample.htm HTTP/1.0
  • GET /prices?type=mammal&class=retail HTTP/1.0
  • Selector (also referred to as the request selector )
    The selector is the location of the resource on the server. Specifically, it's the (slightly modified) second term in the request string.
    Examples (assuming the above request strings):
  • dir1/sample.htm
  • prices?type=mammal&class=retail
  • Note that the "slight modifications" consist of:
  • dropping the leading /
  • decoding URL-encoded characters (note that the above examples do not include any URL-encoded characters).
  • In many cases, the connection between the selector and server resource it refers to is simple (such as when the selector is a filename relative to the GoServe data directory). In other cases, it is completely virtual (as when the resource consists of the output of a program that's run using information provided by the client).

    Selector-specific (usually written as SEL-specific )
    SEL-specific refers to SRE-http configuration information that is specific to a selector -- such as resource privileges, or a virtual directory.
    The selector is a pointer to a web-server resource. Typically, this would be a file; but it might refer to the output of some program run just for this request. In either case, SRE-http has to match the selector to the actual resource (an activity that can become rather convoluted!).
    In much the same way that OS/2 extended attributes contain additional information about a file, SRE-http's SEL-specific information contain additional information about a selector (needless to say, this information is only used by SRE-http).

    Return to table of contents

    2) Multiple hosts, logon rights, and other access controls

    A summary of this section:

    2.a) Multiple hosts

    To use SRE-http in a multi-host environment, you must specify host-specific entries that assign a data-directory and a host-nickname to a specific IP address.
    The host-nickname is used throughout SRE-http's configuration files. It identifies parameters that apply only to requests directed to one (of possibly many) hosts being served by SRE-http.
    There are two ways of specifying host-specific entries:
    1. Creating HOSTS. "stem variables" in the INITFILT.80 file.

      The simple-mode configurator can be used create and modify these host-specific entries.

    2. Creating HOST "definitions" in the CFGLIST.CFG file. This is the recommended method (new as of March 1999) -- though at this time the on-line configurators will not modify CFGLIST.CFG.

    In either case, for each host entry you need to define an IP address (or alias), a host-nickname, and a default data directory. the hosts (either IP addresses

    For example, HOST. stem variables (in INITFILT.80) should contain the following information (in a comma delimited list):

     HOSTS.n ='ip_address, host_nickname,default_dir' 
  • ip_address is a IP address (integer or numeric)
  • host_nickname is the "nickname" you will use when referring to this host. The host_nickname must not be a number, it must contain at least one non-digit character. Thus, a host nickname of 1234 is invalid, but 1234X is okay.
  • default_dir is the default directory for this host (it is used instead of the GoServe default data directory).
  • A note on superceding hosts: As of ver 1.3g, there are three kinds of Hosts:strict-superceding, superceding and non-superceding. The basic difference is how and when non-host specific parameters are used to resolve requests to a defined host. See IN_FILES.DOC for the details.
    If your server recieves request from a host which does not have a matching HOSTS. entry, it will be treated as "generic" request; that is, the standard (single host style) default directory, etc. will be used with such requests.
    Thus, if all requests (regardless of intended host) have identical access to your server's resources (its files and programs) you can ignore this entire section!

    Given that you do want to have different resources available to different hosts, almost all of the SRE-http variables and parameters can be specified on a "host specific" basis


    2.b) Logon Controls

    The simple-mode configurator can be used to enable LOGON, to add users to the USER_FILE, to add/remove IN-HOUSE clients, and to enable the LOGON_FAIL_FILE.

    Setting LOGON requirements with the CHECKLOG variable

    CHECKLOG should have one of the following values:
    No logon required; unencumbered entry for all clients.
    YES (or ALWAYS)
    Logon required for all requests.
    Entry allowed only to clients with INHOUSE or SUPERUSER privileges.

    Allowing unencumbered access to IN-HOUSE users

    The INHOUSEIPS. stem variable can be used to specify the numeric IP addresses of clients who are to be given "IN-HOUSE" status. IN-HOUSE client do not have to enter logon information, and they are automatically granted the privileges stored in the INHOUSE_PRIVS variable.

    Owners have SUPERUSER status

    You can give SUPERUSER privileges to a set of numeric IP addresses by changing the value of the OWNERS variable.
  • Wildcards are not allowed in the OWNERS variable
  • OWNERS are given INHOUSE_PRIVS privileges, as well as SUPERUSER privileges.
  • The OWNERS variable must be host-specific (see INITFILT.DOC for details).
  • Logon for non IN-HOUSE users.

    If a logon is required, an authorization string (containing a name and password) is obtained from the client. SRE-http then examines the USER_FILE for a match. If a match is found, the request is honored (abstracting from SEL-specific or directory-specific access controls). Otherwise the client is asked to re-enter her name and password. Note that entries in the USER_FILE may be "host specific".

    Be aware that ...

    Keeping out known pests, and detecting fake IP addresses

    There may be particular clients (or sets of clients) that must be harshly denied all access to your site. This can be accomplished by recording the numeric IP addresses of these "unwanted clients" in the UNALLOWEDIPS.n stem variables (wildcards are permitted).

    Note that the OWNERS and INHOUSEIPS.n stem variables are checked first. If the client's numeric IP address appears in either of these lists, UNALLOWEDIPS.n is not checked. Thus, by setting UNALLOWEDIPS.1="*", you can deny entry to everyone except OWNERS and IN-HOUSE users.
    Also note that on multi-hosted sites, UNALLOWEDIPS. entries must be "host-specific" (see INITFILT.DOC for details).

    For additional security, you can set the DNS_CHECK variable (to YES). When set to YES, SRE-http will lookup the client's IP name; and if it does not exist (there is no DNS entry), logon will be denied. This provdes some security against "spoofers", but it also slows down response time, and may keep out legitimate users using dynamic (and possibly unnamed) numeric IP addresses.

    Caution: Use of either DNS_CHECK or UNALLOWEDIPS. will cause "cache busting" -- proxy servers out there on the web will not cache your documents. Since this can reduce throughput (both for your site's material, and for the entire web), enabling either of these options is not generally recommended.


    If the client does not have "logon rights", SRE-http will use the value of the LOGON_LIMIT and the LOGON_FAIL_FILE to determine the response.
    For further details, see the description of LOGON_LIMIT and LOGON_FAIL_FILE in INITFILT.DOC.

    Creating your own username/password databases

    In many circumstances you may wish to access some other database of usernames and passwords; say, a database maintained by a bulletin board system, or a database that is encrtyped. Although a direct means of accessing such databases is not offered, youa can instruct SRE-http to user your own custom procedure.

    To do this, set the USER_LOGON_PROC parameter (in INIT_STA.CFG) to point to a REXX program file that contains this custom procedure (or, that contains a procedure that calls a database manager or some other executable). For more details, see the discussion of USER_LOGON_PROC and USER_LOGON_ENABLE in INITFILT.DOC

    2.c) PUBLIC_URLS

    There may be cases where you generally do not want to allow public access to your site, except for a set of clearly delimited public areas. For example, you may have a private site, except for a set of "who we are" documents. Although one could use selective access controls to accomplish this, the use of PUBLIC_URLS provides a simple and direct alternative.

    These PUBLIC_URLS (which are specifined in CFGS\PUBURLS.IN) are used to identify server resources that are "open to the public" -- that can be accessed by clients who have no logon rights and no access privileges.

    Basically, SRE-http compares the request (using wildcard matching with substitution) against the entries in PUBURLS.IN.

    All requests that match an entry in PUBURLS.IN:

    PUBLIC_URLS can also specify literal public_urls. When a request selector matches one of these literal public_urls; file transfer is expedited by:


    2.d) Assigning client privileges

    In several circumstances, SRE-http will check the "client privileges" before transferring information. In particular, file transfer when SEL-specific access controls are in place (i.e.; when ALLOW_ACCESS='NO') requires that the client have appropriate privileges.
    In a sense, privileges offer a convenient shorthand for identifying sets of users.
    Privileges are set automatically for:
  • IN-HOUSE clients are granted privileges stored in their INHOUSEIPS. variable,
  • OWNERS are granted SUPERUSER privileges.
  • In addition, IN-HOUSE clients and OWNERS will be granted the privileges that are listed in the INHOUSE_PRIVS "space delimited list" variable. It is recommended that INHOUSE_PRIVS always include the INHOUSE privilege.
    For everyone else:
  • If a logon is required, the privileges are read from the USER_FILE.
  • Last of all ..
  • Privileges listed in the the PUBLIC_PRIVS "spaced delimited list" variable are given to everyone.
  • Special Feature: Dynamic privileges

    In addition to the above "static" privileges, clients can be assigned "dynamic" privileges. These dynamic privileges are typically set by prior actions (say, filling out a registration form, or requesting an introductory file), and have a short life expectancy (measured in minutes). For further discussion of these "dynamic" privileges, see ADDPRIVS.DOC, and the discussion of the CHECK_ADD_PRIVS and ADD_PRIVS_PREFIX variables in INITFILT.DOC.

    Special Feature: Secret privileges

    If you start a client privilege with a ? (say, ?PXX12), then it will be treated as a "secret privilege". Secret privileges are not used in access controls, and SRE-http utilities should NOT reveal their values. They are designed to be by used by addons, such as the DYN_PWD "dynamic password" addon.

    2.e) Accesss control on a selector-specific basis.

    The simple-mode configurator can be used to enable selector-specific access controls, and to add/remove selector-specific access control entries
    There may be cases where you want clients to have unencumbered access to some, but not to all, the resources of your server. One way to do this is to assign access privileges on a which selector specific basis. The ACCESS_FILE, and the ALLOW_ACCESS variable, are used to construct these selector-specific (SEL-specific) access controls.

    ALLOW_ACCESS can take the following values:

    No limits -- all clients (with logon rights) are automatically given access rights to the server resource.
    IN-HOUSE users (and SUPERUSERs) are given automatic access rights, all others must have appropriate privileges.
    No one (except SUPERUSERs) is given automatic access rights, all others must have appropriate privileges.
    When ALLOW_ACCESS is enabled, SRE-http will examine the ACCESS_FILE for an entry that matches the request selector .

    Additional Features of the Access Control File

    In addition to general access rights (do you have any rights to the server resource), the ACCESS_FILE contains several additional pieces of SEL-specific information:

    The permissions list includes information on:

    The Realm
    When ALLOW_ACCESS is enabled, and the client does not have appropriate privileges, SRE-http will query the client for a new username/password. When querying, the SEL-specific realm is displayed (if available). If there is no SEL-specific realm, the THE_REALM realm is displayed.

    If the client does not have access to the server resources represented by the selector, SRE-http will use the value of ACCESS_FAIL_FILE to dictate the response. If ACCESS_FAIL_FILE=0, a username/password will be re-requested. Otherwise, the ACCESS_FAIL_FILE, or a SEL-specific access failure file, will be returned. For details, see the discusion of ACCESS_FAIL_FILE in INITFILT.DOC.

    Advanced Options
    The SEL-specific advanced options file allows you to specify several SEL-specific advanced options, including:

    Notes: Two types of resource privileges

    There are two types of resource privileges :
    ONE_OF (the default type).
    The client must have "one of" the ONE_OF privileges.
    MUST_HAVE (start with the & character)
    The client "must have" all the MUST_HAVE privileges.

    ..... if only one privilege is specified, these two types are equivalent.

    Notes: Matching client privileges to resource privileges

    SRE-http's privilege matching algorithim is quite simple:
    1. If a MUST_HAVE privilege appears in the SEL-specific resource privileges list, then it must also appear in the client privileges list. If not, access is denied.
    2. After checking all of the MUST_HAVE privileges, SRE-http then compares each ONE_OF privilege to the client privilege list. If any of these ONE_OF privileges appear, then access is permitted. Otherwise, access is denied.
    3. Reiterating: access is denied if there is no overlap between the client's privileges and the ONE_OF resource privileges

    Notes: SEL-specific permissions

    SEL-specific permissions are used to provide SEL-specific control of the features of SRE-http. That is:
  • SEL-specific privileges are used to control access to a resource
  • SEL-specific permissions are used to control SRE-http features, assuming that the SEL-specific privileges have been satisfied!

  • Currently, the following permissions are available:
  • Suppressing server-side actions You can suppress server-side-includes, and server-side-processing on a "SEL-specific" basis by including NO_SSI and NO_SSP permissions (respectively). You can also suppress "in-document" server-side processing (the SELECT and INTERPRET CODE keyphrases) by including a NO_CODE permission (note that NO_SSP implies NO_CODE).

  • Permitting the PUT and DELETE methods SRE-http understands the PUT and DELETE HTTP methods. The PUT method is used to upload a file to your server, and save it using the location specified in the request. The DELETE method is used to delete a file, as specified by the location specified in the request.

    For security reasons, PUT and DELETE requests will only be honored if the appropriate permssion (PUT or DELETE respectively) appears in the permissions list .
    Furthermore, when using the PUT_FILE or GET_URL facilities to upload to a non-upload_directory subdirectory (that is, to a virtual directory), the PUT permission must apply (to the "selector" that matched the virtual directory).

  • Suppressing examination of HTACCESS files To suppress the use of HTACCESS files for selected server resources, include a NO_HTACCESS permssion. Note that this will not effect the SHOWDIR dynamic directory list processor.

  • Suppressing virtual directory, post-filter, and aliasing The NO_VIRTUAL, NO_POSTFILTER, and NO_ALIAS permissions will suppress virtual directory lookup, post-filtering and file recording, and alias lookup (respectively) on a SEL-specific basis.

  • Allowing a file to be cached Whenever there is a possiblity that access to a resource will be denied to a client, SRE-http will disable caching of the file invoked by the request selector . In particular, if CHECKLOG is not equal to "NO", or if ALLOW_ACCESS is not equal to "YES", then caching will be suppressed.
    While an important security feature, there may be cases where you are willing to sacrifice some access control in order to speed up request processing. To achieve this, you can enable caching (on a URL specific basis) by including CACHE in the permission list.
    Caching a response means: allow proxy servers (anywhere on the web) to store (and resolve) this response (and its associated selector).
    Note that CACHE does not permit the GoServe cache. If you want to allow the GoServe cache to handle this selector, then use CACHE*. Please be aware that the GoServe cache is not http/1.1 compliant. When the GoServe cache answers a request, it will claim to be an http/1.0 server, and it will not include cache-control, etag, and other such http/1.1 response headers. While not necessarily a serious problem, it is a bit strange. Therefore, you may wish to use CACHE* only for unimportant resources, and to not check the "call filter anyways" GoServe option. That is, use CACHE* when SRE-http auditing (and other post-filter actions) are not needed (for example; for icons and background images).
  • Notes: Miscellaneous

    Return to table of contents

    2.f) Directory-specific access control, using HTACCESS files.

    To provide compatability with HTTPD style servers (such as Don Meyer's GOHTTP), SRE-http supports the HTACCESS method of access control. This support uses code graciously loaned to us by Don Meyer, suitably modifed for SRE-http.

    Briefly, the HTACCESS method utilizes special HTACCESS files that are placed in your various directories (usually with the name HTACCESS., or .HTACCESS). These files (there may one in each of several directories) contain entries pointing to password files, user-group files, and other parameters that are used to ascertain who shall be given access to the files in the directory (and its child directories).

    HTACCESS control will be checked for all requests. Note that the presumed location of the HTACCESS file depends on the type of request:

    In all these cases, the "parent" directories are also checked for HTACCESS files.

    Notes on the use of the HTACCESS method

    3) Modifying the request

    URL's can get long and nasty, documents are often moved, people often mistpye URLs or don't ask for an exact filename, and sometimes it's just nice to use shorthands when specifying the location of your server resources. These actions are examples of modifications to the request.

    This section discusses ways you can conveniently modify & redirect a request (as recieved from the client).

    3.a) Specifying the home page (the default)

    When the client sends an empty request, a /, or "/?some+options", SRE-http assumes that the client desires the "home page" (the default document). By tradition (but not necessarily) the default document is a file named INDEX.HTM located in the root of the data directory.

    The default can be set using the DEFAULT or DEFAULT.HOST_NICKNAME variable (that is, DEFAULT may be host specific).

    You can use the simple-mode configurator to set the home page and the directory-specific default document(s)

    Return to table of contents

    3.b) Specifying default documents for directories

    Often, a request may arrive that specifies a directory, but does not specify a file. For example, a request for COOLJUNK/JOKES/ does not specify a particular file, but instead implies "give me the default document for the COOLJUNK/JOKES subdirectory of the data directory". In these cases, the AUTO_NAME variable is examined.

    AUTO_NAME should contain a space delimited list of filenames to use when a request for a "directory" is recieved. SRE-http will attempt to find these files in this "requested" directory -- starting with the first name in the AUTO_NAME list. To assist in this search, a special name, consisting of *.HTM (or *.HTML) means use the directory_name.htm file.

    Lastly, an entry of !CREATE instructs SRE-http to generate a directory listing of files and subdirectories in the requested directory. This listing is generated with SRE-http's !DIR special action. By default, a <PRE> formatted table is generated, containing (for each file):

    If you are interested, it is fairly easy to modify these display options -- you can even tell SRE-http to automatically generate a description for each file.


    If the request is for /INFO/MAINE/, and your data directory is D:\WWW, then ...
  • *.HTM is interpreted as: D:\WWW\INFO\MAINE\MAINE.HTM
  • INDEX.HTM is interpreted as: D:\WWW\INFO\MAINE\INDEX.HTM
  • Notes

    In contrast to explicit request to the root of a directory (that is, requests that end with a /); requests:

  • that do not end in a /,
  • than do not contain a ?, and
  • that do not have a .extension
  • can be interpreted in several manners. The NOEXT_TYPE variable is used to select how such requests are interpreted.

    NOEXT_TYPE can take any mixture of the following values (in a space delimited list):

    Note that a DIR (or a REDIR) should be the last item in the NOEXT_TYPE list.

    Return to table of contents

    3.c) Using ~ to specify the home directory

    You can use the simple-mode configurator to set the home-directory
    As a convenience, SRE-http will replace occurences of ~ characters in request selector with a string. Since the ~ is often used to point to a set of individual "home directories", this replacement string is stored in the HOME_DIR variable.

    To select the home directory , change the value of the HOME_DIR (or HOME_DIR.HOST_NICKNAME) variable.

    If ...
  • and
  • The request is ~JOES/PAGE.HTM,
  • .. then
  • SRE-http will look for: BRANCH/STAFF/PERSONAL/JOES/PAGE.HTM (under your data directory, or in a virtual directory).
  • Notes

    Advanced Option: Specifying User Subdirectories

    In many cases, you may wish clients to limit access to particular subdirectories of your HOME_DIR directory. For example, suppose all "students" have space on the HOME_DIR directory of your web server; or HOME_DIR may be on a LAN drive accessible as a virtual directory from the web server. These "student" directories may contain several subdirectories; one of which is intended for WWW use, while the others are for personal use.
    The goal is to give clients direct access to the "web" related directories but not to the "personal" directories.
    This goal can be achieved by including a $ in the HOME_DIR parameter. Specifically, the $ is replaced by the portion of the request between the ~ and the first / following this ~

    For example: If:

    Then SRE-http will use: /USERS/GERALD/WWW/RESUME.HTM

    For futher details, see the discusssion of the HOME_DIR parameter in INITFILT.DOC.

    3.d) Establishing virtual directories

    You can use the simple-mode configurator to add/remove virtual directories.
    By default, SRE-http will match the request selector to a file in the data directory; or if the request is for server side processing (such as an SRE-http addon, or a CGI-BIN script), to a file in the addon directory or CGI-BIN directory. While a good security feature (files not in these directories are inaccessible), this can be an inconvenience. To remedy this inconvenience, one can define "virtual directories" using the VIRTUAL_FILE. Basically, SRE-http will compare the starting portion of a URL to see if it matches an entry in VIRTUAL_FILE. If it does, the directory listed in the entry is used (instead of the data directory or addon directory).

    Thus, you can make available a wide, but controllable, set of "local" directories (on or LAN accessible from) your server.

    In addition, "virtual directories" can point to "remote" directories on other http servers -- SRE-http will attempt to retrieve the file from the remote server; without using a redirection.

    To clarify: to the client, remote virtual directories are indistinguishable from "local" virtual directories.

    In particular, HTML files with server side includes can be remotely located -- and if the remote server makes no attempt to process these server side includes, SRE-http will!

    For details on the use of the virtual directories, see the description of the VIRTUAL_FILE .

    Note that entries in the VIRTUAL_FILE may be "host specific"

    Return to table of contents

    3.e) Using "aliases" when responding to requests

    ALIASES are used in SRE-http to redefine and redirect requests
    Along with the ALIAS_FILE, the CHECK_ALIAS parameter controls whether and when ALIAS checking occurs.

    CHECK_ALIAS should have one of the following values:

  • NO = Suppress ALIAS checking
  • YES = Enable ALIAS checking
  • Major uses for ALIASES

    3.e.i) Local redirection

    3.e.ii) Processing searchable indices

    3.e.iii)Remote redirection

    3.e.iv) Redirecting requests for CGI-BIN scripts

    This usage of alias is somewhat obsolete, use of CGI-BIN virtual directories is now recommended).
    If you want to run a CGI-BIN script that is not in your CGI_BIN_DIR directory, you can use the ALIAS file to provide path information. In this case, the alias should consist of the CGI-BIN script name (without any slashes or other path information), followed by the drive and directory where it can be found.
    For example:
  • If ..
  • then...

  • Note that if this MAKEMAP D:\EXES\GIS entry did not exist, SRE-http would look for a MAKEMAP program (such as MAKEMAP.CMD) in your CGI_BIN_DIR directory.

    3.e.v) Content Negotiation

    SRE-http supports both server-side and client-side content negotiation. In either case, you use a special ALIAS to indicate that a given selector is "negotiable".

    The basic syntax of this alias is:
       sel !NEGOTIATE
    where sel is a selector, and !NEGOTIATE indicates that sel is a "negotiable" resource.

    Actually, sel should be a "variant list" -- SRE-http uses "variant lists" to determine which "alternate" (of several possible variants) to use.
    Alternatively,you can use:
       sel !NEGOTIATE variant_file
    where sel is a * wildcard containing selector, and variant_file is a valid selector pointing to the variant file.
    INFO/MANUALS.LST would be the "variant file" -- it would be used for all request selectors that match INFO/*. If you use this "wildcard" construct, be sure to include an appropriate PATTERN: in the variant file.
    For details on SRE-http's support for content negotiation, including support for custom "remote variant selection algorithims", see NEGOTIAT.DOC. Notes about Aliases

    Return to table of contents

    3.f) What to do if no document can be found

    Sometimes, despite the use of aliases et al., it may not be possible to map the request to a file (or other resource) on your server. In those cases, a 404 Not found response is returned to the client, along with a short description. You can put a customized message in this short description. In particular, you can put a link to your "home page".

    The NOT_FOUND_URL variable contains this customized message. By default, its value is:
    <a href="/"> Visit the HOME_NAME home page? </a>
    Note that HOME_NAME will be replaced by the current (possibly host specific) value of the HOME_NAME variable.
    Thus, the befuddled client merely needs to click on this link to get some kind of access.


    Return to table of contents

    4) Using Server Side Includes

    One of the primary advantages of SRE-http is the extensive support for a variety of
    server side includes. These server side includes (SSI's) let you easily create dynamic documents. In particular, inclusion of files, text strings, and transient variables (such as the time, date, and number of requests) are easy to accomplish, requiring modifications to your HTML documents, and not to the server software.

    SRE-http supports two sets of SSIs -- the NCSA set of SSIs, and a set of SRE-http-style SSIs. Both sets require the inclusion of special keyphrases in one's HTML documents. When an HTML document is requested, SRE-http will (optionally) detect these keyphrases, and perform some sort of textual substitusion.

    The basic structure of a keyphrase is:

  • <!-- KEYWORD argument -->
  • where: Examples:
  • <-- #FLASTMOD FILE="srehttp.htm" -->
  • Alternate keyphrases

    In the interests of brevity, and to help avoid conflicts with other html comments that aren't comments , there are several modifications you can make to these KEYWORDS.
    1. If desired, you can add a "preface" (such as the ! character) to the definitions of the first six keywords (i.e.; !REPLACE is used instead of REPLACE). For further details, see the description in INITFILT.DOC of the KEY_PREFACE variable.
    2. You can use several shorthands: For further details, see the descriptions in INITFILT.DOC of the QUICK_INTERPRET, QUICK_INTERPRET_CODE, and QUICK_REPLACE variables.

    Miscellaneous Notes

    4.a) Headers and Footers

    In addition to server side includes using keyphrases, a multi-line header and footer can be automatically added to all HTML documents. The header is added just after the (first) <BODY > tag in the document (see the notes for an exception to this rule); and the footer is added just before the (last) </BODY > tag.

    To set these, just change the values of the HEADERS. (for headers) and the FOOTERS. (for footers) stem variables located in INITFILT.80. Or, you can use the simple-mode configurator.

    Header and Footer Notes

    Return to table of contents

    4.b) SRE-http style server side includes

    4.b.i) The REPLACE keyphrase

    Syntax: <!-- REPLACE Varname --> , where Varname is the name of a static or dynamic variable. Note that you can use % instead of REPLACE.

    The REPLACE keyword is used to insert dynamically determined information and short (static) strings into a document. SRE-http recognizes the following "built-in" Varnames (the underlined variables are user-configurable, possibly host-specific, "static" variables that can be modified by editing INITFILT.80): :

    A special argument can be used to extract variables from the GoServe environment, which // contains many variables created by SRE-http.

    Last of all, if none of the above matches argument , the custom REPLACEments are searched for a match (which might be host specific). If a match is found, the information from this custom REPLACEment is used.
    You can even include argument placeholders to this custom replacement; they will be replaced by arguments included in the REPLACE keyphrase.
    To create custom REPLACEments, you should edit the REPSTRGS.IN file, or the ATTRIBS.CFG file (or you can use the simple-mode configurator).

    <!-- REPLACE TIME -->
    <!-- % URL -->
    <!-- % ODOM MYDOC1 -->

    Return to table of contents

    4.b.ii) The INCLUDE keyphrase

    Syntax: <!-- INCLUDE FileName --> , where FileName is the name of the File to be included.

    The INCLUDE keyphrase instructs SRE-http to include the contents of a file into the requested document (where argument is the file-to-be-included). For example, INCLUDE PHONE.LST would cause the contents of the file PHONE.LST (in your data directory) to be inserted into the document.

    <!-- include -->
    <!-- include newtoday.txt -->

    Special Feature: Browser and Client Specific File Includes
    You can use the ByBROWSR.RXX INTERPRETable utility to selectively include browser-specific files into your documents. These can be complete documents (with the "requested document" containing only a stub); or you can include smaller browser specfic components in an otherwise all purpose document.

    In a similar vein, the ByCLIENT.RXX INTERPRETable utility can be used to selectively include files on a "client-specific" basis, where clients can be identified with cookies, privileges, or their IP address.


    Return to table of contents

    4.b.iii) The OPTION keyphrase

    Syntax: <!-- OPTION n --> , where n is an integer.

    The OPTION keyphrase instructs SRE-http to insert the contents of the n'th OPTION into the document.
    OPTIONs are contained in the portion of the request following the ? character.

    How to pass OPTIONs to a document
    To pass OPTIONs to a document, the selector portion of the request should have the form:

    OPTIONs and searchable indices.
    When a browser responds to document containing the <ISINDEX > element, the request will have the same HTMLFILE.HTM?word1+word2 format. In order to properly respond to such "searchable index generated" responses, you should set up an ALIAS
    <!-- Option 1 --> <!-- Option 3 -->

    Return to table of contents

    4.b.iv) The INTERPRET keyphrase

    Typical syntax: <!-- INTERPRET FILE xxx.RXX -->

    INTERPRET provides a means of including and executing a REXX-code-block

    There are two major variants of the INTERPRET keyphrase:

    1. INTERPRET CODE statment 1 ; statement 2 ; ... ; where each statement n is a valid REXX statements (and each statement is seperated by a semi-colon). For example:
      INTERPRET CODE tmp1=server() ; interpret.result=tmp1
      A Shorthand: You can use # instead of INTERPRET CODE
    2. INTERPRET FILE Filename arg_list , where:
    3. Filename is a file containing REXX code (filename is assumed to be relative to the SRE-http addon directory, or to a "local" virtual directory).
    4. arg_list is an optional comma delimited list of "arguments"
    5. A Shorthand: You can use $ instead of INTERPRET FILE
    If your document contains the keyphrase:
    ( or, equivalently, <!-- $ GOBED.RXX--> )
    and GOBED.RXX contains:
    tmp1=time('h') ; if tmp1<6 | tmp1>23 then interpret.results=" <em> It is late, GO TO BED! </em> " ;
    then the phrase It is late, GO TO BED! will appear in your document whenever your local time is between 11:00 P.M and 6 A.M.

    In general, the INTERPRETed REXX-code-block should include one or more of the following:

    1. A SAY or AUDIT command (for writing status messages)
    2. Assignment of a (possibly multi-line) string to the INTERPRET.RESULTS variable. The contents of INTERPRET.RESULTS is written into the document (at the location the keyphrase occupies).
    3. A QUEUE (or PUSH) command -- with each QUEUEd (or PUSHed) string automatically appended to INTERPRET.RESULTS (see the discussion of the USE_STDOUT variable in INITFILT.DOC for more details on this #EXEC-like feature)
    4. RETURN 'stuff to include'

    Return to table of contents

    4.b.v) The SELECT keyphrase

    The SELECT, and the #IF, keyphrases are qualitatively different from the other keyphrases -- they act as a "conditional server side include" of HTML code that is already in your document. The power of SELECT is the ability to check dynamic variables (such as the client's IP address, or his user agent), and retain or exclude a portion of the HTML document accordingly.

    A SELECT keyphrase expects an argument containing a block of REXX code, just like the code blocks used in the INTERPRET keyphrase. This block of code will be interpreted. The code block should "exit" with either a RETURN 1 or RETURN 0 , where:

  • RETURN 1 : the subsequent HTML text block is retained
  • RETURN 0 :the subsequent HTML text block is deleted.
  • The "subsequent HTML text block" is delimited by a SELECT END keyphrase, and can be of any length (if no SELECT END keyphrase is encountered, the remainder of the file is dropped). Lastly, if there is no RETURN, the code block is retained (i.e.; the default is RETURN 1).


          tmp.1=extract('clientaddr') ;                                
          tmp.3=wordpos(tmp.1,tmp.2); ;                                
          if tmp.3=0 then return 0                                     
             <em> Hello!  You have SuperUser Privileges !! </em>
       <!-- SELECT END -->
    Note that RETURN 1 is assumed by default, hence when the clients IP address is listed in the an OWNER variable (and the code block ends without a return) the Hello! ... message will not be deleted.


    Return to table of contents The CACHE keyphrase

    You can use the simple-mode configurator to enable caching of server side includes
    To improve performance, SRE-http will "cache" HTML documents that have server side includes (SSI). This caching is of the document after the SSIs have been performed. In simple cases SRE-http can send this cached file, without having to repeat the actual process of SSI lookups, etc. Needless to say, this can greatly improve server performance.

    Note: SSI caching is not the same as allowing proxy servers (or the GoServe cache, or SREPROXY) to cache a response

    For a complete description of SRE-http's SSI-caching algorithim, and of the various options available for the CACHE keyphrase, please read SSICACHE.HTM . What follows is a very brief description of the options available for the CACHE keyphrase.

    <!-- cache no -->
    Do not cache this document
    <!-- cache asis -->
    Use a cached version "as is"
    <!-- cache notrigger -->
    Do not check the trigger files; but do check the own file.
    <!-- cache duration nnn -->
    Set the lifespan for this file's cache entry, where nnn is the number of (possibly fractional) days.
    <!-- cache trigger file1 file2 .. -->
    Check the file-stamps of these fully qualified files.
    <!-- cache trigger_type stamp -->
    Selects which field(s) of the trigger file-stamps to check.

    Return to table of contents

    4.c) Support for NCSA HTTPD server side include

    With only minor exceptions, the server side include syntax of the NCSA HTTPD server is fully supported by SRE-http. These are invoked with a keyphrase of:
    <!-- #cmd option="value" -->

    4.c.i) Details on NCSA HTTPD server side includes

    Need more information on NCSA HTTPD server side includes (and the XSSI extensions)

    Return to table of contents

    4.d) Order of execution of SSI keyphrases

    Server-side includes are processed in the following order:
    1. The requested document is read into memory.
    2. Headers and Footers, if specified, are included.
    3. The document, (that now includes headers and footers), is scanned for keyphrases.
    4. When a keyphrase is encountered, the appropriate server side include is performed; or if a SELECT keyphrase is encountered, a server side "exclude" may be conducted.
    5. After each keyphrase is processed, step 4 is repeated (from the beginning of the file).
    6. This process continues until there are no more keyphrases.
    7. If you've specified more then one set of keyphrase delimiters, step 3 will be repeated for each set.
    Note that the keyphrases in the latter part of a document are processed after freshly included keyphrases. While not the most efficient algorithim (long documents with many server side includes will cause a lot of string comparisons), it does enable recursive processing of all keyphrases

    This recursive feature allows for some powerful document manipulation strictly through the use of keyphrases. In particular, the INTERPRET keyphrase can examine variables such as the "referer", the "client name", or the "OPTION list", and generate inclusions that incorporate other keyphrases (which will be processed on the next cycle of keyphrase interpretation).

    There are several caveats:

    Return to table of contents

    5) Imagemaps, CGI-Bin Scripts, and SRE-http addons

    The modern web site is apt to provide an array of service to its clients. These services, which imply more then just the delivery of documents and images, are based on an interaction between the client and the server; with the server using information recieved from the client, recording and otherwise manipulating this data, and returning some results.

    Delivery of this server side processing typically requires installation of some sort of program that adheres to an application programming interface (API) for communicating to web clients via a web server. SRE-http supports several such API's, including:

  • NCSA and CERN server side imagemaps
  • GoServe/SRE-http addons
  • The Common Gateway Interface (CGI-BIN)

  • 5.a) Using imagemaps

    SRE-http provides a simple means of responding to image maps, using NCSA or CERN style "MAP" descriptor files. The key is to include a map-image indicator substring in the the "resource location" of a URL that points to a .MAP file.

    More specifically, when a MAPIMAGE/ substring is encountered in the action portion of the request, SRE-http will remove MAPIMAGE/, and assume the remaining portion of the action refers to a NSCA MAP file (similarly, a MAPCERN/ substring refers to a CERN MAP file).

    For example, if the request selector is:

    then the "mappable image" handler would look for PROJECTS\BRANCH1.MAP (under the data directory, or a "local" virtual directory), and use the instructions therein (in conjunction with the pixel location 55,123) to "redirect" the client.

    5.a.i) Type of regions recognized.

    There are four types of regions recognized by SRE-http:
    1. Circles
    2. Rectangles
    3. Polygons
    4. Points
    5. and you should always specify a default URL
    The selected pixel will be assigned to the URL associated with the first Circle, Rectangle, Polygon, or 'exactly-hit' Point it matches. If there is no such match, and there are Points specified in the MAP file, then the URL associated with the closest Point is used.
    However, if the distance to this closest Point is greater then the value of the MAX_POINTDIST variable, or if there are no Points specified in the MAP file, the default URL is used.


    Please remember that the MAPIMAGE/ "indicator string" does not refer to the MAPIMAGE/ directory!

    Return to table of contents

    5.b)Creating SRE-http addons

    As an alternative to CGI-BIN scripts, SRE-http addons can provide a faster (and less convoluted) REXX based method of creating web aware applications. The basic idea is to write an "external" REXX procedure which will do the processing, or which calls some other executable program (such as a database manager) -- and then tell SRE-http to call this procedure.

    The following steps outline how to do this:

    1. Create an HTML document that returns an action that invokes a Server Side Processing request. For example, you might include a FORM element with an ACTION attribute of "/XXX".
    2. Create a file (that contains your REXX procedure), with the name xxx.CMD (or xxx.80) , where xxx is the action name. Note that the xxx file is relative to the ADDON directory (or a "local" virtual directory).
      For example, if the action name is /PROGS/FAST2, and \GOSERVE\ADDON is your addon directory, SRE-http will look for \GOSERVE\PROGS\FAST2.CMD.
    3. This REXX procedure should process the request (using information passed to it by SRE-http), and it may call other programs (not necessarily REXX programs).
    4. xxx should issue GoServe completion codes (such as VAR, FILE, and STRING).

    5.b.i) Calling Syntax

    SRE-http will call your addon with several arguments. The addon can read these arguments using:
    parse arg  ddir, tempfile, action,list,verb ,uri,user, ,
              basedir ,workdir,privset,env_id,transaction,verbose, ,
             servername,host_nickname,home_directory,param1,semqueue, ,
    The following describes these arguments (note that several of these arguments are rather arcane or are nearly obsolete):
    The data directory, may be host specific (typically, x:\WWW)
    The temporary, "transaction specific" file (i.e.; D:\GOSERVE\TEMP\$341.80) being used by this request
    The action portion of the request (the portion of a request before a ?)
    Example (assuming the GET HTTP method was used by the client)
  • If the request selector is: /sports/getscore?city=boston&date=July+5+1994
  • then the action is sports/getscore
  • list
    Either GET or POST
    The "universal resource indicator" -- the request-line portion of the original request string, as sent by the client to the server -- without cleanup or encoding (but with "special ! directives" removed). This can be useful if & (and other special characters) may be text returned by GET method client requests -- in which case the partial processing done to the list may cause trouble.
    Note: http GET requests have 3 components: a verb, a request line, and a protocol.
    The numeric IP address of the client
    The "base directory", where SRE-http (and probably GoServe) are located.
    The fully qualified name of a directory that the addon can use for "temporary" files. (set in the TEMPFILE_DIR variable).
    The list of user privileges granted to this client. This will be divided into two sections (seperated by a comma). The first section contains the regular privileges, and the second section contains the secret privileges (the privileges that start with a ?). These secret privileges are reported without the leading ?.
    A substring that can be used when directly accessing the innards of SRE-http (rarely used)
    The transaction number
    The verbose instruction (1 signifies "say intermediate results").
    The IP name of the "host" this request is addressed to. This is derived from a HOST: request header, or from the numeric ip address.
    The SRE-http nickname for the "host".
    The "home directory" (used in ~ replacment)
    A parameter used for by some older addons (rarely used)
    Semaphore/queue information -- used by the daemon manipulation procedures (as described in DAEMONS.DOC)
    Fully qualified name of the file (containing this addon). If addon was "loaded from macrospace", this will be an empty string.
    The request number. Note, that in the maintain-connection world of http/1.1, there may be multiple requests per transaction.

    5.b.ii) Return Values

    The xxx.CMD procedure should return a simple status message of the form:
    response_code bytes_returned Description Message , file_used
  • response_code : the http response code (typically, 200 for GET requests and 201 for POST requests)
  • bytes_returned : the number of bytes transfered (should not include response headers)
  • Description message (optional) : a descriptive message (it's transferred to the post-filter)
  • file_used (optional) : The program that was run (must follow a comma)
  • Examples:
  • 200 12515 Message Succesfully Recieved, D:\GOSERVE\MESSAGES
  • 401 302 Unauthorized access of PRIVATE DATABASE
  • 5.b.iii) Notes

    Return to table of contents

    5.c)Support for CGI-BIN scripts.

    SRE-http supports CGI-BIN scripts (using procedures adapted from Don Meyer's GoHTTP package). To run CGI-BIN scripts, you'll need to: SRE-http's implementation of CGI-BIN has one major improvment: the ability to send pieces of the output as they are created. That is, one can:
    1. wait for the CGI-BIN script to end, and then send all the output it generated
      ... or
    2. send output as it is generated
    The second option is especially useful when large amounts of output are being generated (it avoids some troublesome server-timeout & client-impatience problems). For details see the discussion of the CGI_BIN_PIECES variable in INITFILT.DOC

    SRE-http's implementation of CGI-BIN also includes a few minor modifications:

    Need more information on CGI-BIN ?

    5.c.i) Using CGI-BIN scripts in other subdirectories

    By default, CGI-BIN scripts are assumed to be in the CGI_BIN_DIR directory (say, \GOSERVE\CGI-BIN). Obviously, this can become inconvenient once you acquire a greater-than-small set of scripts. The obvious solution is to place the script files in subdirectories.

    Unfortunately, there does not seem to be a clearly specified method of doing this. With this in mind, SRE-http offers two means of specifying subdirectories containing your CGI-BIN scripts:

    1. Using "aliases".
      This does not require changes to the standard syntax of CGI-BIN request selectors; i.e.;
      CGI-BIN/ASCRIPT/PATHINFO/?args ). The disadvantage is that a seperate alias is need for each script -- even for scripts in the same subdirectory.
    2. Using the portion of the request selector before the CGI-BIN/
      The notion is to include subdirectory information before the CGI-BIN/ (the "this is a CGI-BIN script" indicator). SRE-http will interpret this starting portion as a subdirectory of the CGI_BIN_DIR, or as a virtual directory (in both cases,the usual HTACCESS controls may apply). This permits a powerful division of scripts into directories. The disadvantage is that it doesn't seem to be "spec" (hence may be cumbersome to port).
      Requests for CGI-BIN scripts are often followed by /PATHINFO/. This is typically used by the script (it does not point to the script).

      This invokes the TOYCT program (with an argument of toddler),
      which is located in (perhaps) \GOSERVE\CGI-BIN\KIDSTORE\INVENTORY\.

    5.c.ii) Notes on creating CGI-BIN scripts

    5.c.iii) Using PERL scripts with SRE-http

    In order to take advantage of a broad spectrum of CGI-BIN scripts, SRE-http can use "non-REXX" processors to interpert CGI-BIN scripts.

    As long as you have the appropriate interepreter installed on your server, it's quite easy to do this. All that you need to do is tell SRE-http (using the INTERPRET_TYPES parameter) which interpeter to associate with different file extensions -- see INITFILT.DOC for a details on how to change the INTERPRET_TYPES parameter.

    Of particular interest is the use of one of the OS/2 PERL interpreters; since there are a slew of PERL scripts out there. In fact, it's not that hard to obtain a PERL interpreter -- see PERL.DOC for details on one we've had some success with.

    Return to table of contents

    6)Miscellaneous SRE-http features

    SRE-http has numerous features that allow you to selectively record and audit requests, upload files, perform "pre-filter" and "post-filter" actions, and otherwise engage in sundry trickery and sleight of hand.

    6.a) Special commands, and directives, recognized by SRE-http

    SRE-http offers a set of special commands, and special directives for performing TCP/IP actions, computing statistics on the status of GoServe, and requesting special server actions. These command all start with an exclamation point (!), followed by a word or a phrase.
    The special commands are basically built-in "server side programs". In contrast, the special directives are used to modify SRE-http's logic.

    6.a.i) Currently available special directives

    The !FORCE special directive instructs SRE-http to suppress the LOGON_FAIL_FILE (and ACCESS_FAIL_FILE) feature when considering the selector. This guarantees that unauthorized clients will be presented with a username/password screen.
    !FORCE is meant to be used in the LOGON_FAIL_FILE and ACCESS_FAIL_FILE, where it provides a means by which a client can try again with a different username/password.

    It is also used to force re-compilation of an HTML document with server side includes (in other words, it suppresses use of the SSI-Cache).

    Hint: To avoid problems with NetScape, use !FORCE/xxx instead of !FORCE?xxx
  • !NOBALANCE/selector
    !NOBALANCE will suppress all attempts at load balancing -- the recieving server will process the request.
    !CGI-BIN_n (n=0,1,2, or 3)
    Overrides the CGI_BIN_PIECES and EMPTY_PATH_OK parameters on a selector specific basis. Notes:
  • EMPTY_PATH_OK controls how CGI-BIN PATH_INFO is saved to the OS/2 Environment.
  • CGI_BIN_PIECES enables the the send CGI-BIN (stdout) output as it becomes available mode
  • For further details on EMPTY_PATH_OK and CGI_BIN_PIECES, see INITFILT.DOC.
  • Examples:


  • !RANGE
    The !RANGE special directive instructs SRE-http to send a range of a resource. !RANGE can be used to send selected bytes, lines, and sections of a resource to the client. This can be a convenient way to subset a resource (say, instead of having multiple files).


    For further details on the syntax of the !RANGE directive, see RANGE.HTM

    The !RUN special directive is used to expedite processing of SRE-http addons. In particular, it is meant to be used with SRE-http addons that have been referenced in one of the KEEP_ADDON. entries.


  • <a href="/!RUN/GIF_TEXT&font=enviro&text=hello">
  • <a href="/!RUN/STATUS?">
  • When !RUN is used, SRE-http assumes the addon has been preloaded into macrospace (hence the KEEP_ADDON. requirement). With this assumption, it is possible to not bother with a fair amount of overhead -- thereby expediting loading and execution.
    For more details, see the description of KEEP_ADDONS. in INITFILT.DOC.
    Instructs SRE-http to NOT record this request. It has the same effect as a NO_POSTFILTER permission. You can disable this option by setting the NO_NO_RECORD parameter.
    The !sendas special action is used to force the server to send the requested file as mimetype/mimesubtype. This can be useful if you wish to create links to unusually named text, or html, files. For example, if you have a series of html documents named CHAP.1, CHAP.2, etc.; you could use links of the form:
    <a href="/!sendas_text_html/mybook/chap.3">Get chapter 3 </a>

    Technical note: !sendas suppresses SRE-http's extension mapping method of determining the mime type (and subtype); and uses the explicitly coded mimetype and mimesubtype instead.
    For information on customizing SRE-http's extension mapping, see the description of MEDIATYP.RXX.

    Special feature If !SENDAS_CHECK_TYPE is used, then if no explicit match can be found, the file will be checked for "all text characters", and if such is the case, will be returned as text/plain. !SENDAS_CHECK_TEXT is simliar, except it checks the file before using the explicit extension (the explicit extension is used if only the file contains non-text characters).

    !delsend is used to send a file from the SRE-http TEMPFILE_DIR "temporary file" directory. More precisely, !delsend will look for filename.ext in the TEMPFILE_DIR, send it (if it exists), and then delete it.

    !delsend is provided to facilitate writing server side programs that generate several output files -- the client would be sent back a response containing !delsend links to these several files.


    6.a.ii) Currently available special commands

    SRE-http will send back an "authorization" request. The primary users of this will be server administrators -- since a !AUTHORIZE link will repetitively ask for the client's username/password.
    'PINGS' the client.
    View current GoServe statistics.
    Get information on IP address
    Resets various GoServe statistics, and instructs SRE-http to re-read parameter files immediately (only available to OWNERS, or clients with SUPERUSER privileges).
  • If !reset?params, then statistics will not be reset.
  • !save
    Saves various GoServe statistics to the GOAUDIT.80 audit file. This is only available to SUPERUSERs, or to users with a CONTROL privilege.
    Used to access information on the SSI-cache. The following sub-options are recognized:
  • !ssi?status : writes a (fairly technical) status report to the PMPRINTF window.
  • !ssi?status=short : writes a brief status report to the PMPRINTF window
  • !ssi?status=fully_qualified_file_name : writes a report on the SSI-Cache entry (if it exists) for the fully_qualified_file_name
  • !ssi?reset = Resest (clear) the SSI-cache
  • !ssi?remove=fully_qualified_file_name : remove the SSI-Cache entry (if it exists) for the fully_qualified_file_name
  • !ssi?cleanup = Cleans up the SSI-Cache
  • Notes:
  • The client must have SUPERUSER privileges to invoke these !SSI options.
  • After completion of the !SSI request, a short status report (in plain-text format) will be returned to the client.
  • For an illustration of the use of !SSI, see SSICACHE.HTM
  • !variable?var1&var2..
    Returns the value of environment variable var1, etc. (client must have SUPERUSER privileges to use this).
    saves the record_all_file cache to the record_all_file
    Invokes SRE-http's built in directory lister; which will create a list of all files (and subdirectories) of dirname.
    To modify the various display parameters used by !dir, see the DIR.DOC file, or see the description of the DIR_EXCLUSION, DIR_ACCESS, and DIR_OPTIONS parameters in INITFILT.DOC.


  • The !CREATE option of the AUTO_NAME parameter also uses !dir to generate a directory listing.
  • For a more richly featured directory lister, try the Get-a-File SRE-http addon.
  • Return to table of contents

    6.b) Common-log, browser, and referer audit files; and scheduled events

    In keeping with http server standards, SRE-http will maintain a common-log format audit file. Entries in common-log format audit files have the following structure: - username [18/Mar/1996:16:24:08 -0500] "GET /SAMPLES/HELLO.HTM HTTP/1.0" 200 1251

    Besides offering a compact synopsis, a number of tools exist to help you analyze common-log files.

    Furthermore, as an adjunct to the common-log audit file SRE-http can also record the browser used by each request (as well as the referer) in seperate log files.


    Return to table of contents

    6.c) Recording ALL requests for files

    You can use the simple-mode configurator to enable the common-log audit file and the RECORD_ALL_FILE running count.
    As an alternative to the common-log audit file, SRE-http maintains a running count of requests in the RECORD_ALL_FILE . This file contains a count of requests, broken down by selector or by filename.
    Record refers to updating a count of the number of times a resource has been requested.
    It does not mean keeping a record of each hit! If you need such detailed accounting, you should use the common-log file (or you can use GoServe's GOAUDIT.80 file).
    For customized auditing needs, you can add your own procedure using the post-filter option (POSTRCRD.80 is an example of such a procedure).

    To enable the RECORD_ALL_FILE, you need to set the RECORD_OPTION parameter. RECORD_OPTION can take the following values:
    Do not maintain a running count
    Record requests, but remove the the argument list from the selector (for example; remove ?hi+there in ANIMALS/MONKEY.HTM?hi+there selector
    Record requests, do not remove an argument list.
    Caution: Use of YES_ALL can lead to a very large RECORD_ALL_FILE
    Record requests by fully qualified file name. In contrast, when YES or YES_ALL are specified, requests are recorded by selector
    Caution: Use of FILE can lead to a very large RECORD_ALL_FILE -- careful use of wildcard entries is recommended.

    RECORD_ALL_FILE: Implementation details

    To speed throughput, SRE-http caches the RECORD_ALL_FILE in memory, with a single thread responsible for updating it (the POSTFCHK thread). This raises several issues:
    1. The cache is written to disk on a regular basis (about once every five minutes). Thus, it is possible for the file version to be somewhat out of date; and it is possible to loose entries (say, if the server crashes).
    2. If you "hand edit" the RECORD_ALL_FILE (say, to add wildcard entries), SRE-http will read it into the cache, overwriting any changes that have been recently made. That is, any requests recieved while you were editing the file will not be recorded.
    3. If the cache grows large (over 1000 entries), SRE-http will start over -- and save the old RECORD_ALL_FILE (you won't loose information, but it will be spread over a few files). There is one exception: SRE-http will retain "wild card" entries (but will reset their count to 0).

    Given the above: the RECORD_ALL_FILE should be treated as an approximate (albeit probably very accurate) count of requests.
    To avoid loosing a few minutes of entries that will occur when you shut down GoServe, you can issue a !WRITE_CACHE request just beforehand


    Return to table of contents

    6.c.i) Suppress recording of repetitive requests

    To reduce the number of false hits from clients re-requesting a URL after a short absence (often caused by the use of a browser's "back" key), a list of current hits can be maintained. If a request selector matches a request in this list of current hits (where the request selector and the client's IP address are both used), the "count of hits" will not be augmented. Specifically, the COUNTER_FILE and the RECORD_ALL_FILE will not be augmented.

    In addition to "re-requests", you may also wish to not record requests from OWNERS (such as the webmaster) -- since these are likely to be due to site maintenance activity, and not due to interest in the content of the requested files.

    INITFILT.DOC contains details on both of these options: see the descriptions of the HIT_CACHE_LEN, HIT_CACHE_DURATION, and HIT_OWNER_SUPPRESS variables (or you can use the simple-mode configurator).


    Return to table of contents

    6.d) Load balancing requests across several servers

    SRE-http is shipped with support for a simple form of "load balancing". When load balancing is active, the server will first check the number of active clients. If this exceeds the number specified in the LOADTHRESHOLD variable, then the client is redirected to one of the servers listed in the BackupServerList variable.

    For details on how to invoke load balancing, see the description of LOADTHRESHOLD in INITFILT.DOC

    Suggestion: If you are interested in "dynamic" load balancing (that uses real-time server-load information); you might be interested in the Balancer dynamic load-balancer.

    Return to table of contents

    6.e) Creating user written pre-filter(s)

    In certain cases, you may wish to have a set of custom written REXX routines examine the request before yielding control to SRE-http. For example, you may wish to shunt some special requests to a variety of different filters.

    To do this, set the PRE_FILTER variable:

    You can specify the name(s) of the pre-filter procedure file(s) by setting the PREFILTER_NAME variable. By default, PREFILTER_NAME="PREFILTR" (which refers to PREFILTR.80).

    When a pre-filter is called, several arguments will be passed. The first three are generated by GoServe, the second to last is generated by SRE-http and is not passed when PRE_FILTER=FIRST, and the last offers a means of transfering results from earlier to later pre-filters.

    parse arg source,request,sel,privs,servername,otherargs
  • source: myaddr port transaction who whoport
  • request: verb selector protocol
  • sel: action '?' awords
  • privset: list of privileges (including the secret privileges, which will be seperated from the regular privileges by a comma).
  • servername -- ip name of server (useful in multi-host environments).
  • Other_args -- results from prior pre-filter.
  • The pre-filter should return a comma delimited list:
    status , status message
    Where status is either 0 or 1:
  • 0= No response to client, SRE-http should continue processing.
  • 1=Response to client, SRE-http should exit (perhaps with response recording)
  • The Status message will be stored as PREFILTER_RESULT. Note that the REPLACE PREFILTER_RESULT keyphrase can be used to display this status message.


    Return to table of contents

    6.e.i) Using a pre-filter to invoke the GoRemote package

    The PREFILTR.80 file that comes with SRE-http contains a pre-filter that enables support for the GoRemote package. GoRemote (the "server remote control" package bundled with GoServe) is typically called as a special filter. By using this pre-filter, GoRemote will automatically be called (instead of SRE-http) when a GoRemote specific action is requested.

    To do this, you'll need to:

    1. Make sure you have the GOREMOTE package (GOREMOTE.ZIP), and unarchive it to either the root of your data directory, or to the GOREMOTE/ subdirectory of your data directory. You'll need GOS32.GIF, GORM*.HTM and GOREMOTE.* files. Since there are about a dozen GORM* files, placing them in a subdirectory is asthetically preferable.
    2. Copy GOREMOTE.80 to your GoServe working directory. If GOREMOTE was installed in a GOREMOTE/ directory, copy GOREMOTE.HTM, GOS32.GIF and GORMOK.HTM to the root of your data directory
    3. Make sure that PREFILTR.80 (the one that comes with SRE-http) is also in your GoServe working directory.
    4. Using CONFIG2.HTM (or by direct modification of the INITFILT.80 file), set the PRE_FILTER variable to:
      You should also set PREFILTER_NAME='PREFILTR.80'
    5. Set up a link to GOREMOTE (or GOREMOTE/GOREMOTE if you installed GOREMOTE in a GOREMOTE subdirectory).
    6. You do not need to make any other modifications, either to SRE-http, or to the GoRemote files!

    Return to table of contents

    6.f) Creating a user written Post-Filter

    In certain cases, you may wish to execute some additional actions after responding to a client's request. For example, you may wish to record client specific information in a custom designed audit file. Or, you may wish to e-mail responsible parties when certain events occur (such as a file upload). Or you may wish to do both!

    To accomodate such needs, SRE-http can be told to call a series of "post-filters". As with the "pre-filter", these post-filters are custom designed REXX procedures.

    To enable post-filter calling, set the POST_FILTER variable:

    You can specify the names of the (possibly several) post-filter procedure files by setting the POSTFILTER_NAME variable. By default, POSTFILTER_NAME="POSTFILT".
    To specify several post-filters, just enter a space delimted list. For example POSTFILTER_NAME="POSTMAIL.80 POSTRECRD.80 " -- they will be executed in the order of appearance.
    Note that if there is no extension, and no ending period, an extension of .80 is assumed (or .nnn if you are using a non-80 serverport).

    When a post-filter is called, several arguments will be passed:

    For a simple example of a post-filter, see the POSTFILT.80 file that comes with SRE-http. For more useful examples, see POSTMAIL.80 (an e-mail alert routine) and POSTRCRD.80 (a client info recorder).

    6.f.i) Using SREF_MAILIT to issue "event specific" alerts

    The POSTMAIL.80 that comes with SRE-http uses a version of the SREF_MAILIT procedure (contained in the SREFPRC macrospace procedure library) to e-mail "event specific" alerts through an SMTP Gateway. A different (set) of individuals can be notified for each of a set of events, where events are identified by the request selector (with wildcard matching supported), or by the requesting client's IP address. POSTMAIL.80 contains detailed instructions on how to generate these e-mail alerts. POSTMAIL.80 also contains a useful discussion on the use of OS/2's SENDMAIL as an SMTP gateway).


    Return to table of contents

    6.g) Uploading and deleting files

    SRE-http provides two built-in "actions" for uploading files, one HTTP method for uploading files, and one HTTP method for deleting files. Each of these has its own advantages and disadvantages:
    1. GET_URL: A built-in action for uploading files from another HTTP server
    2. PUT_FILE: A built-in action for uploading files from the client's own machine
    3. The PUT method.
    4. The DELETE method. This can be used to delete files from your server. As with the PUT method, it requires a browser that knows how to issue DELETE method HTTP requests.
    General Usage notes:
    1. GET_URL.

      Set up a URL with the GET_URL action, followed by the URL of the file you want to get, and the "local name". The request selector should look like: GET_URL?url=http://a_url&file=relative_file_name

      For example:

      will copy price.lst (on the server at ) to a file named PCPRICE.1 (in the upload directory).
    2. PUT_FILE.

      Create an HTML FORM with a type=file attribute. For example:

      <FORM enctype="multipart/form-data" ACTION="/put_file" METHOD="post">
        Send this file <INPUT TYPE="file"  name="relative_filename">
        <INPUT TYPE="submit" VALUE="send file">
    3. The PUT and DELETE HTTP methods are, by default, not permitted. To allow PUT or DELETE methods, you must include a PUT or a DELETE permission in the permission list of the appropriate entry (for the requested selector ) in the ACCESS_FILE.
    4. As with the more commonly used GET and POST methods, selectors in PUT and DELETE method requests are relative to the data directory (or to a local virtual directory).
    5. You can allow PUT to overwrite preexisting files by setting PUT_NO_OVERWRITE=0 (in INIT_STA.80). If PUT_NO_OVERWRITE=1, then if the selector maps to a pre-existing file, an error message will be sent back to the client.
    6. PUT and DELETE will not be permitted if ACCEPT_RANGES='NO' (ACCEPT_RANGES is set in INITFILT.80).

    PUT_FILE and GET_URL usage Notes

    Return to table of contents

    6.h) Automatic generation of response headers

    If desired, SRE-http will parse a requested document, extract all LINK and META HTTP-EQUIV elements found in the <HEAD>, and create the appropriate response headers. This is especially useful in response to HEAD requests.

    To do this, set the value of the AUTO_HEADER variable:


    Return to table of contents

    6.i) Defining new media types

    SRE-http recognizes a list of the most frequent MIME media types (using the extension of the requested file). If you want to add to this list, you can do so by editing the MEDIATYP.RXX file located in your GoServe directory.

    Additions to MEDIATYP.RXX may be new media types (say, an experimental MIME type), or they may be assignations of a non-standard extension to a common MIME type (say, .DOCUMENT to text/plain).


    Return to table of contents

    6.j) The SRE-http event monitor

    The SRE-http event monitor is used to track, and respond to, the status of the system. Using temporary files and event semaphores, external processes can use the event monitor to communicate and control GoServe and SRE-http.

    For example:

    For more details, see EVENTS.DOC.

    Return to table of contents

    7) Some useful facilities provided with SRE-http

    SRE-http comes packaged with several useful tools: a speciallized file-transfer utility, a message box utility, and client customization tools.

    7.a)The DOSEARCH facility

    In the interests of space, DoSEARCH is no longer packaged with SRE-http. However, DOSEARCH is available as an addon from the SRE-http home page

    Return to table of contents

    7.b)The SENDFILE facility

    SENDFILE is an SRE-http facility that transfers files to a client. It can record the number of times this file has been completely sent. In addition, it can be used to sequentially send a set of files.

    SENDFILE is invoked with a request selector of:
    (the &forcetext=1 and &COUNTER=option_list are optional)

    SENDFILE will ...

    1. Check for the existence of a file corresponding to the selector (the file that the selector maps to is assumed to be relative to the data directory or relative to a "local" virtual directory).
    2. Look in the SENDFILE_FILE for an occurence of the selector. If none exists, create an entry.
    3. If the selector exists (and the entire file was sent), the "count of requests" for this selector is augmented. That is, if the client killed the connection half way through, the count will not be augmented.
    4. If a COUNTER=... options is present, COUNTER.RXX will be used (with the option_list).
    5. The values of HEADER= options are used as additional response headers. Examples:
    6. SENDFILE?;+url=/sample/thanku.htm
      would cause a Refresh: 2 ; url=/sample/thanku.htm
      response header to be sent (2 seconds after SENDFILE transmits the file, the browser will then request /sample/thanku.htm )

    7. &HEADER=content-disposition:+attachment;+filename="spiffy.2"&
      would cause a Content-disposition: attachment; filename="spiffy.2" to be sent (the "save file as" box will offer spiffy.2 as the default filename)

    8. Note that the value of a HEADER= option must be URL encoded (i.e.; + characters used for spaces).

    9. If more then one FILE=selector option appears, then SENDFILE will attempt to send each of the files (that the selectors map to) to the client without requiring further mouse clicks. In other words, you can simulate a FTP MGET command!

      This does require a browser that can handle multipart-mixed documents -- for example, Netscape 2.0 and above.

      Example: /SENDFILE?file=/dir1/hello.htm&file=/download/

      First, /dir1/hello.htm is sent to the client; which is immediately followed by /download/ (the client will almost certainly be asked to provide a name to save as). After has been transmitted, /dir1/thanks.htm will be sent.

    10. As a shortcut, you do not need to specify the FILE= -- an option with no = is assumed to be a FILE= option. For example, SENDFILE?samples/intro.doc is equivalent to SENDFILE?file=samples/intro.doc

    Return to table of contents

    7.c) Using Message Boxes

    SRE Filter's built-in message box facility provides a mechanism for storing messages from clients. SRE-http provides a few simple built-in tools for manipulating these messages boxes. These include:
    1. A message writer. The message writer is invoked with a request selector of:
    2. Two simple facilities (VIEWMESS and ASKMESSBOX) are provided for viewing an entire message box.
    3. Message box access can be controlled through the use of message box privileges.
    Of perhaps greater interest, the FORUM, READMAIL, and MAILLIST SRE-http addons make extensive use of these SRE-http messages boxes.

    7.c.i) The Message Writer

    The message writer is usually invoked with an HTML FORM with ACTION="/MESSAGE" (see SAMPMBOX.HTM for an example). In addition to an INPUT element identifying the "message box", you can specify a number of fields (the field name, and its value, are written to the message box using an e-mail type format). Several of these fields are treated specially, as explained below:
    MESSBOX (recommended)
    The particular message-box to put the note into. If a MESSBOX field is not included, the note will be put into the ANYONE message-box. If MESSBOX names a non-existent message-box, a new message-box will be create.
    NAME and SUBJECT (recommended)
    These are expected, if not included a dummy value will be created. Note that each message is automatically given a TIME and DATE stamp.
    FAX, E-MAIL, ADDRESS, and PHONE (optional).
    The name, and value of these fields are written to the message box. Note that the E-MAIL field is explicitly used by SRE-http's FORUM addon.
    The PASSWORD and DURATION fields are used by the FORUM addon to control "delete privileges" for a given message. PASSWORD will be encrypted before being written to the message box file. Note that messages boxes are not designed for security (the encryption is weak), so don't use them when confidentiality and integrity are important.
    Including an INDEX=YES field will cause MESSAGE to update an index file (with an .IDX extension). These .IDX files are used by the FORUM addon to speed up response. Note that this .IDX file creation will occur after responding to the client (it is a post-filter type of action) -- the client will not notice any adverse impact from inclusion of an INDEX=YES field (but other clients may be impacted by the extra workload!)
    If included, SRE-http will simultaneously e-mail (through the SMTP gateway you set with the SMTP_GATEWAY variable) copies of your message to a list of e-mail addresses. This list, a file with name given by BROADCAST_LIST, must be in (or under)the MESSBOX_DIR. Furthermore, the client must have SUPERUSER or BROADCAST privileges, or a privilege equal to the value of BROADCAST_LIST. If not, SRE-http will send authorization request back to the client.
  • Example: if BROADCAST_LIST=CLASS10.LST, then the client must have a CLASS10.LST client privilege.

  • Note that the BROADCAST_LIST file (i.e.; CLASS10.LST) should contain valid e-mail addresses, one per line.
    Do not write to message box, just BROADCAST
    Used in the "from" field of the e-mail message.
    If included, SRE-http will write an "E-mail" like file (containing From, To, Date, and Subject fields; followed by the Contents) to your MAILBOX_DIR directory. These files are designed to be read, and processed as an "e-mail message to a list-server", by the MAILLIST (and READMAIL) SRE-http addons.
    If you are broadcasting to many recipients, the use of WRITE_TO_FILE in conjunction with the MAILLIST addon, rather then the BROADCAST_LIST, is recommended.
    Other names (optional).
    The name, and value, of these fields will be written to the message box.
    The difference between "other names" and the PHONE, ADDRESS, and FAX "optional" fields is merely in the order of appearance.
    The RESPONSE_FILE field is used to indicate a file contaning a "response" to a posted message. If no RESPONSE_FILE is included, a very simple generic response will be returned.
    MESSAGE (recommended)..
    The (multi-line) message. It's written last of all.

    7.c.ii) Viewing Message boxes with VIEWMESS and ASKMESSBOX

    The direct means of reading a message box is to simply view it using the OS/2 TYPE command (message boxes are ASCII files, with a .LOG extension, located in the MESSBOX_DIR directory). SRE-http also provides a simple mechanism for remotely viewing these message boxes.
    A request selector of VIEWMESS?messbox=message_box will cause SRE-http to transfer the message-box-file to the client.
    SRE-http also provides a simple routine that generates an HTML document that displays a list of all available message-boxes, and let's the client choose which one to view. This routine can be invoked with a request selector of
    The "optional header" is displayed as an <H2> at the top of the document.

    7.c.iii) MESSBOX Privileges

    To access a message box with MESSAGE (or with the FORUM addon), the client must have "message box specific" privileges. These are specifed by including (in the client's privilege list), entries of the form:
    For example: MESSBOX=FORUM1 would give (read/write) access to the FORUM1 message box. Note that this is in addition to any "selector and FILE specific" access controls you may have imposed.

    The a_message_box portion of the privilege can contain the * "wildcard" character. For example, MESSBOX=FORUM* would provide access to FORUM1, FORUM2, etc.

    On installation, SRE-http includes MESSBOX=* in the PUBLIC_PRIVS parameter (the effect of which is to allow open access all message boxes). You'll need to remove this from PUBLIC_PRIVS if you want to limit access to message boxes!


    Return to table of contents

    7.d) The SRE-http procedure library

    SRE-http uses a procedure library (that is loaded into macrospace) to provide many functions. Several of these routines may be quite useful to the ambitious REXX programmer. These procedures include: See SREFPRC.DOC. for a complete description of these procedures.

    Return to table of contents

    7.e) Client-specific and browser-specific customization

    SRE-http provides two addons that facilitate the creation of customized documents. Both of them are invoked with an <!-- INTERPRET FILE --> server side include:
  • BYCLIENT.RXX: ByCLIENT.RXX is used to specify a set of files to be #INCLUDEd on a client-specific basis. Identification of clients is based on either a special cookie, the client privileges, or IP address.
  • ByBROWSR: ByBROWSR.RXX is used to specify a set of files to include on a browser-specific basis. Browsers are identified by their user-agent; which are then matched (possibly using * wildcards) to one of several file-mapping rules.
  • Suggestion:For a highly dynamic (cookie based) means of customizing documents, check out the CUSTOMIZ addon.

    Return to table of contents

    8) SRE-http addons

    In addition to all the features/options/utilities packaged with SRE-http, there are an ever-increasing number of SRE-http addons available.
    Note that the SRE-http addons use a somewhat non-standard interface. However, given the flexibility and power of the GoServe/SRE-http API , these addons are often considerably faster then equivalent CGI-BIN scripts, and can often provide services (such as server push) that would be almost impossible with standard CGI-BIN
    You can find & download the latest SRE-http addons from the SRE-http home page.

    The following (non-exhaustive) list of currently available addons is provided to tease your appetite: Did we say non-exhaustive? Some of the other addons include:
  • Customiz: a client-customization utility (using cookies)
  • GIF_TEXT: a text-to-gif converter (using numerous fancy-multi-colored fonts)
  • WWWthumb: a create & deliver grahpical thumbnails utility
  • and much more!

  • Return to table of contents

    Appendix 1) User-configurable SRE-http files.

    SRE-http is managed and customized through a set of ascii (text) configuration files. In this appendix, we list these configuration files, indicating what they do and where to find more information about them.

    But first, some preliminary notes...

    1. Unless otherwise noted, these configuration files will be located in the CFGS\ subdirectory of your GoServe working directory. Note that and "audit, count, and selector-specific files" are usually in the DATA\ subdirectory of your GoServe working directory.
    2. All of SRE-http's configuration files are text-based -- you can always edit them with your favorite text editor (such as EPM). Many of the files can also be modified using the on-line SRE-http confgiurator.
    FileNamedescriptionmore info
    Host specific parameter files Files that specify additional host and port specific parameter files.
    CFGLIST.CFG CFGLIST.CFG is used to specify host-specific information, including HOST definitions (assignations of IP addresses/aliases to SRE-http HOST_NICKNAMES), and to define host (and port) specific configuration files. USE_CFGS.DOC contains a detailed description of the CFGLIST.CFG.
    General SRE-http variables Files that specify basic SRE-http parameters, and files used for other non-request-specific purposes.
    INITFILT.80 INITFILT.80 contains a number of SRE-http parameters. These are parameters that are global to all requests. They are also parameters that are can be changed on the fly -- you do not need to restart GoServe. INITFILT.DOC contains a detailed description of the various parameters contained in INITFILT.80
    You can modify INITFILT.80 parameters using the intermediate configurator. Or, you can run EDITINIT.CMD (from an OS/2 command prompt on the server).
    INIT_STA.80 INIT_STA.80 is similar to INITFILT.80 -- it contains global parameters. However, these parameters tend to be a bit more obscure. More importantly, they only are read when GoServe/SRE-http start -- so for changes to take effect, you must restart GoServe. INITFILT.DOC contains a detailed description of the various parameters contained in INIT_STA.80
    To modify INIT_STA.80, you can run EDITINIT.CMD (from an OS/2 command prompt on the server).
    USERS.IN The SRE-http USERS.IN file is used to register users. Each entry in USERS.IN contains a username, a password, and an optional list of client privileges. USERS.DOC contains a detailed description of SRE-http's USERS.IN file. The SRE-http manual describes SRE-http's logon controls.
    REPSTRGS.IN SRE-https REPSTRGS.IN file is used to specify "replacement strings" for use with the <!-- REPLACE astring --> server side include. REPSTRGS.DOC contains a detailed description of SRE-http's REPSTRGS.IN file.
    SCHEDULE.CFG SRE-http has a simple scheduling daemon that will run programs on a hourly, daily, weekly, or monthly basis. You specify what you want to run via the SCHEDULE.CFG file, which is located in the CFGS\ subdirectory (of your GoServe working directory). SCHEDULE.DOC contains a detailed description of SRE-http's SCHEDULE.CFG file.
    Selector-specific attributes User-configurable, selector-specific attributes are attributes that you (the web site administrator) may wish to set on a request-selector basis. These include access requirements, controls on how SRE-http will process a request, URL redirections, and other remappings.
    ALIASES.IN The ALIASES.IN file is used to modify and transform the request selector. This includes local and remote redirection, specifying searchable indices, and specification of negotiable resources. IN_FILES.DOC contains a detailed description ALIASES.IN. You can modify ALIASES.IN with the intermediate configurator.
    ACCESS.IN The ACCESS.IN file is used to control access to your server's resource on a selector specific basis. This access control is based on a comparison of a client's "privileges" and the privileges assigned to a selector. IN_FILES.DOC contains a detailed description ACCESS.IN. You can modify ACCESS.IN with the intermediate configurator.
    PUBURLS.IN PUBURLS.IN is used to specify "public URLS". Public-urls are defined as resources for which access (and logon) controls are not imposed. PUBURLS.DOC contains a detailed description PUBURLS.IN.
    VIRTUAL.IN VIRTUAL.IN is used to specify virtual directories. Virtual directories are used to allow access to files not in a default directory. The typical use is to allow requests for documents to be in a subdirectory not under the "GoServe data directory". IN_FILES.DOC contains a detailed description VIRTUAL.IN. You can modify VIRTUAL.IN with the intermediate configurator.
    ATTRIBS.CFG ATTRIBS.CFG is used to set selector-specific attributes using a "realm-oriented" architecture. It supplements (or replaces) ACCESS.IN, ALIASES.IN, PUBURLS.IN, and VIRTUAL.IN.

    ATTRIBS.CFG can also be used to specify users (as a supplement to USERS.IN), and to specify replacement strings (as a supplement to REPSTRGS.IN)

    IN_FILES.DOC contains a detailed description ATTRIBS.CFG. You can modify ATTRIBS.CFG with the intermediate configurator.
    Advanced options files SRE-http's selector-specific advanced-option files provide a set of less-frequently needed, "advanced-options" to the ambitious webmaster. These advanced-options include execution of "mid-filter" procedures, customization of response headers, specifying the Content-type, and enabling of content encryption. ADV_OPTS.DOC contains a detailed description of SRE-http advanced options. You can modify ACCESS.IN or ATTRIBS.CFG (using the intermediate configurator) to specify these files (by default, they should be placed in the DATA\ subdirectory of your GoServe working directory).
    Counter and Audit Files Unless otherwise specified, the various counter and audit files are located in the DATA\ subdirectory of the GoServe working directory.
    COMMON.LOG and
    other LOG files
    SRE-http supports auditing using standard COMMON.LOG, BROWSER.LOG, REFERER.LOG and COMBINED.LOG files. SREFLOGS.DOC contains a detailed description of SRE-http's implementation of common log files.
    RECRDALL.CNT The RECORD_ALL_FILE (with default name RECRDALL.CNT) is used to record all actions, such as transfers of files and requests for server side processing. It is used when RECORD_OPTION is enabled. CNTFILES.DOC contains a detailed description of the structure of RECRDALL.CNT. Note that the RECORD_CACHE_LINES parameter is used to control "caching" of RECRDALL.CNT.
    GOAUDIT.80 GOAUDIT.80 is GoServe's audit file. It is located in the GoServe working directory. GOAUDIT.80 is described in the GoServe documentation (GOSERVE.DOC). You can use GoServe's Option-Audit tab to control what is written to GOAUDIT.80.
    SENDFILE.CNT The SENDFILE_FILE counter file (with default name SENDFILE.CNT) is u by the SENDFILE facility to record transferals. SENDFILE is especially useful when transfering large files, since SENDFILE will only record a "hit" if the entire file is successfully sent. CNTFILES.DOC contains a detailed description of the structure of SENDFILE.CNT. The SRE-http manual describes how to use the SENDFILE facility.
    COUNTER.CNT The counter file is used to record the number of requests (also known as the number of hits) for this document. It is used whenever a <!--REPLACE HITS --> or a <!-- REPLACE COUNTS --> server-side include keyphrase is processed. CNTFILES.DOC contains a detailed description of the structure of COUNTER.CNT.
    COUNTER.RXX COUNTER.RXX is a flexible "number of hits" generator and request-information recorder. It can be used in server side include to provide a textual counter (as an alternative to <!--REPLACE HITS -->). Or, it can be used in an in-line image to provide an odometer style, graphical counter. In contrast to <!--REPLACE HITS -->, COUNTER.RXX stores hit counts in seperate selector (or file) specific files. COUNTER.DOC contains a detailed description of how to use COUNTER.RXX. provides a demo of COUNTER.RXX (andof <!--REPLACE HITS -->).
    XCOUNT.CMD and JCOUNT.CMD XCOUNT.CMD and JCOUNT.CMD are two cgi-bin scripts that provide hit counter capabilities. See CNTDEMO1.SHT for a demo.

    Return to table of contents

    Appendix 2) Summary

    AP.a) Known limitations of SRE-http

    The currently known limitations of the SRE-http package include: In other words, SRE-http is designed as relatively full-featured package for non-cutting edge small-to-medium load sites being maintained by non-professionals

    A2.b) Summary of SRE-http Features

    The following summarizes most of SRE-http's features:

    Return to table of contents

    Appendix 3) Terminology

    The following terms are used in this documentation. Please forgive any non-standard uses you may encounter (better yet, let me know).

    You might also want to review the basic terminology for extended descriptions of a few key concepts.

    The \ and / characters
    The / character is used in URLs to "indicate hierarchical structures, such as directories". It is equivalent to the \ OS/2 (and DOS) character. Thus, / that appear in a request selector are converted into \ when SRE-http needs to find a file.
    The action is the "location" portion of a request selector.
    Addon directory
    The addon directory (with a value given by the ADDON_DIR parameter) is where SRE-http's external procedures should be stored. For example, several external procedues shipped with SRE-http (i.e; the simple and intermediate configurator) should be located in this directory.
    Alias -- converting selectors
    SRE-http uses "aliases" to perform textual substitution. Typically, an alias is used to replace a simple request selector with a more complicated one. In addition, aliases are used for several special purposes: implementing "searchable indices", document redirections, and specification of the location of CGI-BIN scripts.
    Alias -- virtual hosts
    A given IP address can be used by several hosts: including the host associated with the "canonical" name, and hosts associated with one of several aliases. Unfortunately, TCP/IP requests arrive with only the numeric IP address, making it difficult for the server to determine to which host the request is directed to. However, HTTP 1.1 compliant browsers (such as NetScape 2.01) will include a HOST: request header containing the host to whom this request is directed; and SRE-http can use this request header (if present) to determine the proper host.
    The Client (sometimes referred to as the requester) is the individual requesting a URL -- where the URL may point to a file, or may invoke Server Side Processing. Typically, the request was generated by someone running a Web Browser, and clicking on a link or submitting a FORM.
    CGI (Common Gateway Interfact) - BIN is a standard by which server side ("gateway") programs can be invoked. It uses environment variables to pass data, as well as standard input and output. SRE-http supports CGI-BIN, using procedures adapted from the GoHTTP package. One nice feature of SRE-http is an ability to call alternate (non-REXX) interpreters for specific scripts (such as PERL when a script has a .PL extension).
    Although this support should permit use of many CGI-BIN scripts, the use of the "native" SRE-http interface (using REXX procesures that are passed information in the argument list) offers advantages to ambitous programmers
    The Default Data Directory
    The Default Data Directory is the root directory of your web site -- it (and its subdirectories) are the usual locations for the HTML documents, images. In simple cases, the GoServe data directory is used as the the Default Data Directory. On multiple-hosts server, each host can be granted its own Default Data Directory.

    A simple example might help:

    then, SRE-http will look in E:\WWW\MYFILES\PROJECT1 for the BIGTASK.HTM file.

    A Note On Data Security in SRE-http

    In general, the only files available for clients are those in (or under) the Data Directory. Exceptions to this rule include:
  • Files explicitly transferred by user-supplied executable code (i.e; REXX procedures). Note that user-written Rexx code may be invoked by a CGI-BIN script or a SRE-http addon, or by INTERPRET, #EXEC and SELECT keyphrases.
  • A !TRANSFER "alias" can be used to access files from anywhere on the server.
  • Files specified by literal PUBLIC_URLS.
  • Virtual directories can point to anywhere.
    ELEMENT's are the constituent parts of an HTML document. They dictate the structure, layout, and display characteristics of an HTML document. ELEMENTS are identified using HTML tags, where an HTML tag consists of text within < and > characters. Often, a start and stop tag are used.

    For example:

    File Names: Fully qualified and Relatve
    SRE-http can treat File Names as "fully qualified" names or as "relative" names. Fully qualified names should be fully pathed -- containing the complete path to the file (sometimes the drive letter will be missing, in which case the GoServe drive is usually assumed). Relative names are assumed to be in subdirectories of some assumed default. For example, when a client asks for a file name, it is assumed to be relative to the data directory (or to a matching virtual directory).
    The HTML FORM element is used to create a fill-in form. A FORM element typically contains an ACTION attribute, as well as a number of elements that provide editable fields (for the client to fill in or to otherwise select). Typically a form is designed in tandem with a server-side program.
    Although not the only way to generate a Server Side Processing Request (one can use sets of detailed URLS), FORMS are probably the easiest for the average client to deal with.
    It is possible for one server machine to handle requests to multiple IP addresses. This "multiple hosting" (also refered to as multi-homing) can occur either by having the server handle several numeric IP addresses, or by the existence of multiple aliases for a single numeric IP address.
    Host nickname
    SRE-http uses host nicknames when identifying which host a parameter applies to. Besides being a convenience, it allows several hosts to point to identical resources (given that each host has the same host nickname).
    HTTP : Hyper Text Transfer Protocol
    The rules by which web-aware clients and servers communicate.
    HTTP method (also known as the VERB)
    SRE-http recognizes five HTTP methods: GET, POST, HEAD, DELETE, and PUT.
  • GET requests contain all information (action name and optional parameter list) in the request string (with the parameter list placed after a ? character)
  • POST requests contain only the action name in the request string (the "body" of the request contains the parameter list). Currently, SRE-http assumes that all POST requests are requests for Server Side Processing.
  • HEAD method requests are sent "meta information" on the requested file, the file itself is not sent.
  • PUT method requests are used to upload information to the file pointed to by a request selector . SRE-http will only honor PUT method requests if specific permissions are granted for that selector (as set in the ACCESS_FILE).
  • DELETE method requests are used to delete (the file pointed) a requested selector . SRE-http will only honor DELETE method requests if specific permissions are granted for that selector (as set in the ACCESS_FILE).
  • HTML
    Hyper Text Markup Language (HTML) is the protocol used to create documents designed for display by WWW browsers (such as Netscape, Mosaic, MS Internet Explorer,and IBM Web Explorer). Basically, HTML consists of a set of formatting commands, which are included in a file containing the text to be displayed.

    SRE-http uses file extensions to identify HTML documents. By default, the following extensions are used: .HTML, .HTM, .SHT, and .SHTML. You can add to this list by modifying MEDIATYP.RXX.

    Although there is a formal HTML standard (currently 3.2, with 4.0 under discussion), it is not rigidly adhered to. In particular, NetScape and Microsoft have their own extensions.
    An image map (sometimes called a mappable image) is an inline image which, when clicked with the mouse, returns a pixel location to the server. Typically, the server then translates the pixel location into a URL, and redirects the client to that URL (which might be on an all together different server). SRE-http supports image maps using the MAPIMAGE/ "indicator string", along with NCSA and CERN style "MAP" files to use in translating pixel locations to URL's.
    Note that some browsers (such as NETSCAPE 2.0) support "client side mappable images", which require no action by the server (but which require an HTML element not understood by many other browsers).
    IN-HOUSE refers to clients that are "in-house"; specifically, they have had INHOUSE privileges assigned to them. The idea is that one often wants to differentiate members of your "organization" from the rest of the world, and place fewer limits on what they can obtain from the server.
    Marospace is best thought of as a global procedure cache used by OS/2. When REXX programs are asked to load external procedures, they first look in macrospace. For efficiency reasons, SRE-http makes extensive use of macrospace.
    SRE-http uses "privileges" to control access to selected resources. There are two classes of privileges:
    1. "resource" privileges which are assigned to server resources (such as files, or directories), using entries in the ACCESS_FILE.
    2. client privileges which are granted to clients (based on their IP address, or their explicit username/password).
    Resource privileges can be ONE_OF privileges ("or" privileges") or MUST_HAVE privileges ("and" privileges). Client privileges may be static (assigned using INITFILT.80 or the USER_FILE), or may be dynamic (set on the fly as a function of the client's earlier requests).
    Request selector
    When a client sends a request to a server, it contains three components: the http method, the selector, and the http protocol.
    For example: GET /FOO1/BAR.HTM HTTP/1.0
    In this documentation, the term request selector refers to this middle component, with leading / stripped, and character decoding performed.
    In the above example, the request selector would be FOO1/BAR.HTM.
    Note that if a GET HTTP method was used, the request selector may contain information following a ? (for example, SHOWINFO?database=Prices&item=apples).
    Response Header
    The response header contains "meta-information" about the requested document. GoServe automatically sends a few response headers (such as content length and file creation date). In addition, using the LINK and HTTP-EQUIV tags in the <HEAD> portion of your document, you can instruct SRE-http to automatically add other response headers.
    Searchable Index
    A searchable index is a document that points to a file that is to be searched. One can think of a searchable index as:
    .. the front end to a gateway program, and the file you search as the database represented by the document.
    Typically, a searchable index contains the <ISINDEX> element.
    SEL-specific means "a piece of information specific to a request selector . Clarifying, this means that SRE-http will use the value of the request selector to find information (such as resource privilege information). Thus, SEL-specific resource privileges really means "privileges associated with a particular request selector (coming up with terminology isn't easy ....)

    Note: the SRE-http documentation sometimes uses the term URL-specific to mean SEL-specific (its a holdover from an earlier revision of the documentation).

    Server Side Includes
    Server side includes refer to on-the-fly modifications of requested HTML documents. Inclusions can be static, in which case the use of server side includes is mostly to benefit the creation and maintenance of these documents. Dynamic includes refer to information that changes, such as the current time and date -- obviously, these can not be specified in the document a priori, but must be determined at the time of request.
    Server Side Processing
    Often, the server provides computational services to clients. An example of this is a client specified search of a database, with the results displayed using an 'attractive" HTML document (generated just for this search). Or, the client might request a map of some portion of the U.S, displaying a choice of geographic features. Such actions require the server to execute some kind of program (perhaps a REXX program, or perhaps some other executable).
    SRE-http addons, and CGI-BIN scripts, are typical means by which Server Side Processing is provided to clients.
    Server Side Processing Request
    A Server Side Processing request is, generically speaking, "a set of parameters, sent by a client, and an action name, that dictate Server Side Processing". Often these are generated by a client responding to a FORM element in an HTML document (alternatively, they may be "hand coded" into a URL included in a HTML document). Server Side Processing requests are recognized by:
  • If the GET method was used: the presence of a ?options string after a "non-HTML" action name; where options contains the "set of parameters".
    • SRE-http assumes that, regardless of the presence of a ? in the request selector , all action names that end with a .HTM, .HTML, .SHT, or .SHTML are requests for HTML documents (that is, are not requests for server side processing),
    • Actions which require no parameters must have a ? trailing the action name.
    • Server side programs are sometimes referred to as gateway programs.
  • If the request selector starts with CGI-BIN/ , then it's assumed to be a request for a CGI-BIN script.
  • If the POST method was used, SRE-http assumes a Server Side Processing Request, with the request selector treated as the action (which identifies the program to run), and the "set of parameters" contained in the "body" of the request.
  • STEM. variables
    STEM variables are REXX's way of implementing arrays. A STEM variable consists of a NAME.INDEX1.INDEX2 syntax (that is, with a . used to indicate "array indices"). SRE-http uses STEM variables for several of its configuration parameters.
    SUPERUSER status
    Clients with SUPERUSER status are granted full privileges. Currently, this includes:
  • Never having to logon (SUPERUSERs are INHOUSE users)
  • Automatically granted CONTROL privileges (can perform remote server resets)
  • File uploads are never blocked.
  • URL: Uniform Resource Locator.
    URL's are a scheme for specifying Internet resources using a single line of printable ASCII characters. A URL should contain a protocol, domain name, port number (optional), the location of the resource, and an (optional) option list (following a ?).
    In this documentation, the URL term connotes "a link coded into an HTML document".
    Upon selecting such a link, the client sends back a request string that contains the verb (the HTTP method), the request selector , and the http protocol (typically, HTTP/1.0)
    Example:given a URL of
    the resulting request selector would be calc/calc.htm
    URL character encoding
    Since several characters have very specific meanings in the HTTP protocol (such as the & and the > characters), and since spaces are not allowed in request strings, a set of character encoding rules are needed to transmit such characters.
    Caution: When handcoding URL's with an option list following a ? and seperated by & characters, you must encode the & character.
    For example:
    Web Browser
    A Web Browser is a program that can communicate over the Internet, and that is capable of displaying HTML documents. NetScape, Mosaic. and IBM Web Explorer are examples of Web Browsers.
    Wildcard matching
    Wildcard matching use the * as a wildcard character in a natural fashion.
      /JOE/*  will match /JOE/FOO.HTM
      /JOAN/SRCH.HTM?*  will match /JOAN/SRCH.HTM?search+me
      /JOAN/SRCH.HTM?*  will NOT match /JOAN/SRCH.HTM
             (/JOAN/SRCH.HTM* will match BOTH these examples)
      /PETS/*INDEX.HTM will match
                 but will NOT match

    SRE-http files that support wildcard matching are: ALIAS_FILE, RECORD_ALL_FILE, SENDFILE_FILE, ACCESS_FILE, and the PUBLIC_URL stem variables.
    The COUNTER_FILE does not support wildcard matching.

    Wildcard matching with substitution
    Wildcard matching with substitution is similar to wildcard matching. However, rather then being a "many to one" match, it is a "many to many" match.
    The basic rule is that both a "target" and a "replacement" should contain * characters. When a wildcard match between the target and a candidate occurs, the "covered portion of the candidate" is inserted into the "replacement". In other words, the * character in the replacement is deleted, and the "covered portion" is inserted.


    GoServe Working Directory
    The GoServe Working Directory in the directory containing GOSERVE.EXE (typically, \GOSERV). You should copy the various SRE-http files to it (see the installation section for details).

    Return to table of contents

    For questions, contact Daniel Hellerstein.