× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.


  1.  Home
  2. WEB400
  3. July 2006

Re: Apache

There's an option to run the CGI jobs under the signed in user (you'll
have to look at IBM's doc on this, this was an extension to Apache) but
that introduces scalability problems. The problem is when you say "run
under the logged in user", the HTTP server starts a CGI worker job for
that user. When you hit the max number of CGI jobs, it kills the least
recently used one and starts a new one up. When you get lots of traffic,
you end up spending a lot of time starting and stopping the CGI jobs.


From a scalability standpoint, it would be better to create a user for

this that has the least amount of authority needed to access the spooled
files and then have the CGI program switch to that user internally.

Matt

-----Original Message-----
From: web400-bounces@xxxxxxxxxxxx [mailto:web400-bounces@xxxxxxxxxxxx]
On Behalf Of Don Cavaiani
Sent: Tuesday, July 18, 2006 1:00 PM
To: Web Enabling the AS400 / iSeries
Subject: Re: [WEB400] Apache

Charles - I do have AS400 authentication enabled, but no matter who I
signed in as, I was not able to access ANY spooled file (in the sample
program WRKCGISPLF), until I changed the QTMHHTP1 profile (which I don't
like either - as you say).  

When I entered  *all in the user id of the Browser prompt, all spool
files on the system show!  That would not be a problem if when the user
clicks on one which WAS NOT THEIRS, then access would be denied.
However, I was not able to access any of them - even using qsecofr
validation?? 

-----Original Message-----
From: web400-bounces@xxxxxxxxxxxx [mailto:web400-bounces@xxxxxxxxxxxx]
On Behalf Of Wilt, Charles
Sent: Tuesday, July 18, 2006 11:40 AM
To: Web Enabling the AS400 / iSeries
Subject: Re: [WEB400] Apache

Probably not the solution you want to use.

Now anybody who can get to the web server can access all your spool
files.

Instead, you can configure Apache to ask for a users iSeries user ID and
password, then the CGI job will switch over to that profile to do the
work it needs to.

The CGIDEV2 documentation shows how to do it.  If you need more help
just ask.

Charles Wilt
--
iSeries Systems Administrator / Developer Mitsubishi Electric Automotive
America
ph: 513-573-4343
fax: 513-398-1121
  


-----Original Message-----
From: web400-bounces@xxxxxxxxxxxx
[mailto:web400-bounces@xxxxxxxxxxxx] On Behalf Of Don Cavaiani
Sent: Tuesday, July 18, 2006 11:49 AM
To: Web Enabling the AS400 / iSeries
Subject: Re: [WEB400] Apache

Thanks, I gave Spool Control Special Authority access for that 
profile, and that did it!

-----Original Message-----
From: web400-bounces@xxxxxxxxxxxx [mailto:web400-bounces@xxxxxxxxxxxx]
On Behalf Of Matt.Haas@xxxxxxxxxxx
Sent: Tuesday, July 18, 2006 10:20 AM
To: web400@xxxxxxxxxxxx
Subject: Re: [WEB400] Apache

Unless you changed the defaults, it's QTMHHTP1. 

Matt

-----Original Message-----
From: web400-bounces+matt.haas=thomson.com@xxxxxxxxxxxx
[mailto:web400-bounces+matt.haas=thomson.com@xxxxxxxxxxxx] On Behalf 
Of Don Cavaiani
Sent: Tuesday, July 18, 2006 11:16 AM
To: Web Enabling the AS400 / iSeries
Subject: Re: [WEB400] Apache

The job log of QZSRCCGI shows Not authorized to spooled file.  I'm not



sure what user profile is "in effect" here?

-----Original Message-----
From: web400-bounces@xxxxxxxxxxxx [mailto:web400-bounces@xxxxxxxxxxxx]
On Behalf Of Matt.Haas@xxxxxxxxxxx
Sent: Tuesday, July 18, 2006 10:09 AM
To: web400@xxxxxxxxxxxx
Subject: Re: [WEB400] Apache

You're missing the last ")" in the command but now that the program is



getting called, you should be able to start a service job on the job 
running the CGI program and debug it like you normally would.

Matt

-----Original Message-----
From: web400-bounces@xxxxxxxxxxxx [mailto:web400-bounces@xxxxxxxxxxxx]
On Behalf Of Don Cavaiani
Sent: Tuesday, July 18, 2006 11:04 AM
To: Web Enabling the AS400 / iSeries
Subject: Re: [WEB400] Apache

That did it Matt, thanks.  Now the program loads up fine, but I get an



access error:  Cannot Access Spooled File Error in command: CPYSPLF
FILE(QPRINT) TOFILE(QTEMP/SPLOUTPUT)
JOB(110888/TEST/STEPBYSTEP) SPLNBR(000001) MBROPT(*REPLACE) 
CTLCHAR(*PRTCTL

-----Original Message-----
From: web400-bounces@xxxxxxxxxxxx [mailto:web400-bounces@xxxxxxxxxxxx]
On Behalf Of Matt.Haas@xxxxxxxxxxx
Sent: Tuesday, July 18, 2006 9:44 AM
To: web400@xxxxxxxxxxxx
Subject: Re: [WEB400] Apache

I think you just need to add .pgm to the end of the URL. I think you 
can also add *.PGM to the end of the ScriptAlias to achieve the same 
thing (I'm not 100% sure on that) but try adding .pgm in the URL 
first.

Matt

-----Original Message-----
From: web400-bounces@xxxxxxxxxxxx [mailto:web400-bounces@xxxxxxxxxxxx]
On Behalf Of Don Cavaiani
Sent: Tuesday, July 18, 2006 10:15 AM
To: web400@xxxxxxxxxxxx
Subject: [WEB400] Apache

Greetings,

I am trying to get my first CGI (WRKCGISPLF) to execute.

Here is my configuration below:  I have compiled the WRKCGISPLF into 
the library named DONC.  When I run 
http://amereqip.com/cgi-bin/wrkcgisplf,
I get "page cannot be found". 

Top of Form 1
Display Configuration File 
HTTP server:  APACHE3         
Selected file:        /www/apache3/conf/httpd.conf    

1     # Configuration originally created by Apache Setup Wizard Wed
Jan 19 18:49:23 GMT+00:00 2005        
2     LogFormat "%h %l %u %t \"%r\" %>s %b" common    
3     CustomLog logs/access_log common        
4     ErrorLog logs/error_log 
5     LogMaint logs/error_log 8 0     
6     LogMaint logs/access_log 8 0    
7     Listen *:80     
8     MaxKeepAliveRequests 5  
9     TimeOut 120     
10    KeepAliveTimeout 4      
11    DocumentRoot /web       
12    ServerRoot /www/apache3 
13    Options -ExecCGI -FollowSymLinks -SymLinksIfOwnerMatch -Includes
-IncludesNoExec -Indexes -MultiViews  
14    SetEnvIf "User-Agent" "Mozilla/2" nokeepalive   
15    SetEnvIf "User-Agent" "JDK/1\.0" force-response-1.0     
16    SetEnvIf "User-Agent" "Java/1\.0" force-response-1.0    
17    SetEnvIf "User-Agent" "RealPlayer 4\.0" force-response-1.0      
18    SetEnvIf "User-Agent" "MSIE 4\.0b2;" nokeepalive        
19    SetEnvIf "User-Agent" "MSIE 4\.0b2;" force-response-1.0 
20    <Location />    
21    AuthName AS400  
22    AuthType Basic  
23    PasswdFile %%SYSTEM%%   
24    UserID %%SERVER%%       
25    Require valid-user      
26    </Location>     
27    ScriptAlias /db2www/ /QSYS.LIB/DONC.LIB/DB2WWW.PGM/     
28    ScriptAlias /cgi-bin/ /QSYS.LIB/DONC.LIB/       
29    Alias /doc /web/intranet        
30    Alias /nd /web/cgibin   
31    <Directory />   
32    deny From all   
33    </Directory>    
34    <Directory /web/intranet/testjava>      
35    Allow From all  
36    </Directory>    
37    <Directory /web/intranet>       
38    Allow From all  
39    </Directory>    
40    <Directory /web/cgibin> 
41    Allow From all  
42    </Directory>    
43    <Directory /web>        
44    Allow From all  
45    </Directory>    
46    <Directory /qsys.lib/donc.lib>  
47    Allow From all  
48    </Directory>    
49    <Directory /qntc/ntserver1/groups/mis>  
50    Allow From all  
51    </Directory>    
Bottom of Form 1

Don F. Cavaiani
IT Manager
Amerequip Corp.
920-894-7063
 
'Treat every person with kindness and respect, even those who are rude



to you. Remember that you show compassion to others not because of who



they are but because of who you are.'--Andrew T. Somers

"When faced with the choice of being 'right' or being 'kind', choose 
the kind option every time."


--
This is the Web Enabling the AS400 / iSeries (WEB400) mailing list To 
post a message email: WEB400@xxxxxxxxxxxx To subscribe, unsubscribe, 
or change list options,
visit: http://lists.midrange.com/mailman/listinfo/web400
or email: WEB400-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives at 
http://archive.midrange.com/web400.


--
This is the Web Enabling the AS400 / iSeries (WEB400) mailing list To 
post a message email: WEB400@xxxxxxxxxxxx To subscribe, unsubscribe, 
or change list options,
visit: http://lists.midrange.com/mailman/listinfo/web400
or email: WEB400-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives at 
http://archive.midrange.com/web400.


--
This is the Web Enabling the AS400 / iSeries (WEB400) mailing list To 
post a message email: WEB400@xxxxxxxxxxxx To subscribe, unsubscribe, 
or change list options,
visit: http://lists.midrange.com/mailman/listinfo/web400
or email: WEB400-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives at 
http://archive.midrange.com/web400.


--
This is the Web Enabling the AS400 / iSeries (WEB400) mailing list To 
post a message email: WEB400@xxxxxxxxxxxx To subscribe, unsubscribe, 
or change list options,
visit: http://lists.midrange.com/mailman/listinfo/web400
or email: WEB400-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives at 
http://archive.midrange.com/web400.


--
This is the Web Enabling the AS400 / iSeries (WEB400) mailing list To 
post a message email: WEB400@xxxxxxxxxxxx To subscribe, unsubscribe, 
or change list options,
visit: http://lists.midrange.com/mailman/listinfo/web400
or email: WEB400-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives at 
http://archive.midrange.com/web400.


--
This is the Web Enabling the AS400 / iSeries (WEB400) mailing list To 
post a message email: WEB400@xxxxxxxxxxxx To subscribe, unsubscribe, 
or change list options,
visit: http://lists.midrange.com/mailman/listinfo/web400
or email: WEB400-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives at 
http://archive.midrange.com/web400.


--
This is the Web Enabling the AS400 / iSeries (WEB400) mailing list To 
post a message email: WEB400@xxxxxxxxxxxx To subscribe, unsubscribe, 
or change list options,
visit: http://lists.midrange.com/mailman/listinfo/web400
or email: WEB400-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives at 
http://archive.midrange.com/web400.




--
This is the Web Enabling the AS400 / iSeries (WEB400) mailing list To
post a message email: WEB400@xxxxxxxxxxxx To subscribe, unsubscribe, or
change list options,
visit: http://lists.midrange.com/mailman/listinfo/web400
or email: WEB400-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives at
http://archive.midrange.com/web400.

As an Amazon Associate we earn from qualifying purchases.

This thread ...
Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.