Sambar Server Configuration

Sambar Server Documentation

Server Configuration

Using the System Administration Console

1. Start the Sambar Server by double-clicking on the Sambar Server icon created during installation. By default, the HTTP server comes up on port 80. No other servers (FTP, TFTP, DNS or proxy) are started by default.

2. Open the index.htm file with your browser. This displays the front page of the Sambar Server interface.

3. Click on the System Administration link (http://localhost/sysadmin/).

4. When prompted to enter the administrator's username and password; specify admin for the username and leave the password blank. Click OK.

5. On the Administration console, you should receive a warning that your administrator password is not set with a link to click on. Clicking on this link takes you to the Users page under the Security tab.

6. The Users page on the Security tab allows you to change the System Administrator's password. The Configuration page allows you to change the System Administrator's username, and IP access constraints.

7. If you change any of the default values, click on the Update Configuration button. This not only sends the server a command to update its configuration values, but it returns you to the System Administration page. Most changes result in immediate changes to the server unless otherwise noted at the top of the configuration page.

Note: The default location for all HTML files is under the docs directory in the location where the Sambar Server was installed. The file docs/index.stm is the default home page for the server.

Additional documentation is available for configuration of MIME types.

config.ini File

The primary configuration parameters for the server can be found in the config/config.ini file. This file can be manually edited with an editor (i.e. notepad). Note: the server must be restarted for any changes to take effect. For new users, the System Administration console is a better choice for configuring the server.

[common]

Backup Log The server.log file is overwritten on each startup. To backup this log at startup, set this to true. With each startup, the existing log will be rotate as server.log.YYMMDD-HHMMSS.

CA Certificate File Optional CA certificate file to use during initialization of SSL interface.

Configuration Lockdown Disallow any configuration changes via the System Administration console. This feature is for stable, production systems that do not wish to permit runtime configuration changes.

Log Size The Log Size specifies the maximum size the server.log file is allowed to grow to. Once reached, the log file will wrap to the first line. If set to 0, the log file will grow as large as disk space will allow. Note: If the log file is rotated, the log size is reset and begins accumulating again.

Trace Level Specifies the level of trace information written to the server log: FATAL | ERROR | WARN | INFO | TRACE

Network Trace Level Specifies the level of network trace information written to the network log: NONE | OPENCLOSE | PACKETS | STREAM
This should always be set to NONE on a production server; this feature is for debugging network or application problems. Only available with Sambar Server Pro.

Trace Performance This argument is for real-time tracing of system performance; it must be true or false.

Resolve Host Names This boolean instructs the server to perform DNS name resolution on all clients accessing the server. Performing DNS lookups affects the access log, and HOST environment variable. Users are recommended to leave this variable false unless absolutely necessary due to the significant performance degredation associated with DNS.

Log Directory The directory in which to write all log and observation files.

Tmp Directory The directory in which to write all temporary files.

Root Directories Pathing is always relative to the installation directory unless the path is identified as a "root" path. On Windows, paths where the second character is a colon (i.e. c:) or the path begins with double backslash (i.e. \\foo) are automatically recognized as "root" paths. For Unix platforms this configuration parameter allows for the specification of the "root" paths (i.e. /home/* /var/*).

Cookie Tag The HTTP cookie tag to use when maintaining persistent client connections.

Persistent Cookies This boolean indicates whether HTTP user cookies should be persistent (have an expiration of 2007) or transient (expire when the browser is terminated).

Maximum Connections The maximum network connections to allow open at any given time. This number will influence the number of simultaneous HTTP, TFTP, DNS, FTP, HTTP Proxy, SMTP, POP3, IMAP4 and Bridge proxy connections supported as well as the number of threads needed by the applications. The recommended value for this is between 40 and 100 connections depending on the memory and server performance.

Idle Threads The minimum number of idle threads that should be kept available by the server for responding to requests.

Network Read Timeout The maximum time, in seconds, to wait for a read from a client connection before failing. Note: This period must be at least as large the Keep-Alive duration defined for the HTTP protocol.

Maximum Threads The maximum threads to use in processing user requests. This number should be approximately 10 higher than the number of simultaneous user connections permitted.

Throttle IPs Throttle the maximum number of connections allowed from a single IP address. This can be used to limit the effectiveness of some denial of service (DOS) attacks; a typical browser will open up 10 or more simultaneous connections to a server (depending on the number of images present) whereas a DOS attack might attempt 100 simultaneous connections. This feature results in a minimal performance impact. Set this field to zero (0) to allow unlimited connections from a given IP address.
Use of Throttle IPs has the following issues:

Because browsers regularly make multiple connections to a server to retrieve web pages, this setting should typically not be set below ten (depending on the number of images/frames on your pages) which may lessen the usefulness of this feature.

Use can adversely affect connections that come in via proxies such as AOL members as they all appear to be the same client.

A local router has a similar issue to the AOL proxy problem because all clients appear to be coming from 192.168.0.1.

IE as of 5.5 will open tens of connections to fetch all the content on a page depending on whether keep-alive is disabled, how long/short the timeout is, and whether access is across a WAN. Making matters worse is the TCP/IP stack on windows does a poor job of alerting the server as to connection close events resulting in a delay in cleaning up sockets.

Throttle IP I/O Throttle the maximum data (in MB) allowed for a single IP address for the period configured in the Throttle IP Period. IP throttling affects all server connections.

Throttle IP Requests Throttle the maximum number of connections (requests) allowed for a single IP address for the period configured in the Throttle IP Period. IP throttling affects all server connections.

Throttle IP Size The size of the IP address pool to monitor/track. This pool is treated as a LIFO queue; most recent IP address are moved to the front of the pool and if full, the least recently used IP address being tracked is recycled for a new IP connection.

Throttle IP Period Duration in which per-IP address input/output throttling is effective. For example, to reset the throttling daily, you could set the period to: 0 0 * * *

Throttle User Input Throttle the maximum incoming data (in MB) allowed for a single user for the period configured in the Throttle User Period. User throttling affects authenticated proxy server usage, WebDAV, FTP uploads.

Throttle User Output Throttle the maximum outgoing data (in MB) allowed for a single user for the period configured in the Throttle User Period. User throttling affects authenticated proxy server requests, authenticated SMTP, WebDAV, FTP, and HTTP ~username downloads.

Throttle User Period Duration in which per-user input/output throttling is effective. For example, to reset the throttling daily, you could set the period to: 0 0 * * *

Scheduler Task Timeout The maximum duration a task is permitted to run before being terminated.

Scheduler Sleep Timeout The duration between task testing/execution.

Optimize Transmit A boolean indicating whether the TransmitFile() API should be used for file operations. This is configurable because Microsoft has limited the effectiveness of this API on Windows NT Workstation. In general, it is highly recommended that this parameter be set to false.

Force IP Bind This configuration parameter allows uses to force the Sambar Server to bind to a specific IP address on the server. This feature should only be used on machines with multiple IP addresses; for all other configurations, it should be left blank.

Dynamic IP Test Test periodically (every timeout period -- approximately 2 minutes) for a change in the server's IP address. This is necessary for DHCP machines running the FTP server, if they periodically change their IP address without restarting the Sambar Server.

Read Only A boolean indicating whether the server should run in read-only mode. This feature enables the server distribution to be run directly from a CD-ROM. All log files are placed in the user's TEMP directory rather than the directory from which the server is being run. This feature is only available to users with a Commercial distribution license.

License Sambar Server license key; certain functionality is restricted by licensing constraints.

Content Cache Size The size (in bytes) alloted for content caching. If zero (0), no file caching is performed (this is the default). File caching is used to enhance the server disk I/O access performance by caching files in-memory. The in-memory file cache is for enhancing the performance of the HTTP server; there is presently no caching mechanism for HTTP proxy requests. For optimal performance, this should be set to the cumulative size of all static files in your document directories. (Note: The FTP server also uses this file cache.)

Maximum Cached File The size of the largest file (in bytes) that should be cached by the cache system.

Cache Stat Interval The period of time (in seconds) to cache the response to a stat() system call. Important! If a file is modified (i.e. during development), the server will indicate that the file has not been modified for the duration of the Stat Interval. For this reason, this feature should only be used on production systems where the underlying files change rarely. In addition, the interval should never not be set above 300 (5 minutes).

Cache DNS Interval The period of time (in seconds) to cache the response to a gethostbyname() system calls.

Cache Flush Interval The period of time (in seconds) after which unused files should be flushed if additional cache space is needed.

Certificate File SSL certificate file to use during initialization of SSL interfaces.

Private Key File SSL private key file to use during initialization of SSL interfaces.

NTP Server Optional NTP Server with which to synchronize server time.

NTP Cron Optional cron entry (i.e. 0 1 * * *, every night at 1AM) that specifies when the NTP Server should be contacted to synchronize the server time.

[server]

Server Version The server version supported by the configuration file.

Observe Log Size The observation log size specifies the maximum size the observe.log file is allowed to grow to. Once reached, the log file will wrap to the first line. If set to 0, the file can grow as large as disk space will allow.

FTP Log Size The FTP log size specifies the maximum size the ftp.log file is allowed to grow to. Once reached, the log file will wrap to the first line. If set to 0, the file can grow as large as disk space will allow.

Maximum FTP Users The maximum FTP users supported by the server (at any one time).

Maximum FTP Upload The maximum size of any single FTP upload. If set to 0, there is no maximum upload size. This value is overridden by any user-specific upload constraints. If a user is permitted 5MB of space, they can upload a single 5MB file regardless of the Maximum FTP Upload.

System Administrator The name of the system administrator.

System Administrator IP The host(s) where the system administrator is allowed to login from. To ensure that only hosts which you plan to use for administration have access to your system administration tools, you can provide a space separated list of IP address where an administrator may login from. If left blank, an administrator may login from any host. The wild-card star (*) character may be used for pattern matching, i.e. 140.175.165.*

User IP The host(s) where users are allowed to login from. To ensure that only hosts which you wish to provide access to your user tools, you can provide a space separated list of IP address where a user may login from. If left blank, users may login from any host. The wild-card star (*) character may be used for pattern matching, i.e. 140.175.165.*

Server Port When the Sambar Server starts, it connects to some port and address on the local machine dna waits for incoming requests. The Server Port configuration value indicates which the HTTP server will listen on.

FTP Port The port to listen on for FTP requests on. By default, the FTP port is 21.

TFTP Port The port to listen on for TFTP requests on. By default, the TFTP port is 69.

NNTP Port The port to listen on for NNTP requests (either Server or Proxy). By default, the NNTP port is 119.

SMTP Port The port to listen on for SMTP requests as well as the port to connect to the SMTP Server on. By default, the SMTP port is 25.

POP3 Port The port to listen on for POP3 requests as well as the port to connect to the POP3 Server on. By default, the POP3 port is 110.

IMAP4 Port The port to listen on for IMAP4 requests as well as the port to connect to the IMAP4 Server on. By default, the IMAP4 port is 143.

Bridge Port The port to listen on for Bridge requests as well as the port to connect to the Bridge Server on. See the Bridge Proxy documentation for details.

SOCKS Port The port to listen on for SOCKS4/SOCKS5 requests. See the SOCKS Proxy documentation for details.

Trace TFTP A boolean (true or false) indicating whether the trace TFTP requests. If true, all read/write actions are written to the GUI console.

Trace FTP A boolean (true or false) indicating whether the trace FTP requests. If true, all read/write actions are written to the logs/ftp.log file.

Act As Mail Server A boolean (true or false) indicating whether the server should act as a Mail server. If true, a thread is started at server startup to listen on the POP3 Port and process POP3 requests. Future releases will include support for IMAP4 and SMTP services. See the Mail Server documentation for more details.

Act As FTP Server A boolean (true or false) indicating whether the server should act as an FTP server. If true, a thread is started at server startup to listen on the FTP Port and process FTP requests.

Act As TFTP Server A boolean (true or false) indicating whether the server should act as a TFTP server. If true, a thread is started at server startup to listen on the TFTP Port and process TFTP requests. Only TFTP GET requests are supported, and files are restricted to those from the TFTP Directory.

Act As NNTP Proxy A boolean (true or false) indicating whether the server should act as an NNTP proxy server. If true, a thread is started at server startup to listen on the NNTP Port and form a circuit between the remote NNTP Server and the client.

Act As SMTP Proxy A boolean (true or false) indicating whether the server should act as an SMTP proxy server. If true, a thread is started at server startup to listen on the SMTP Port and form a circuit between the SMTP Server and the client.

Act As POP3 Proxy A boolean (true or false) indicating whether the server should act as an POP3 proxy server. If true, a thread is started at server startup to listen on the POP3 Port and form a circuit between the POP3 Server and the client.

Act As IMAP4 Proxy A boolean (true or false) indicating whether the server should act as an IMAP4 proxy server. If true, a thread is started at server startup to listen on the IMAP4 Port and form a circuit between the IMAP4 Server and the client.

Act As Bridge Proxy A boolean (true or false) indicating whether the server should act as an Bridge proxy server. If true, a thread is started at server startup to listen on the Bridge Port and form a circuit between the Bridge Server and the client. This feature provides a bridging capability for any TCP application that is bound to a specific port. For example, this feature could be used to bridge telnet or SQL Server. See the Bridge Proxy documentation for more details.

Act As SOCKS Proxy A boolean (true or false) indicating whether the server should act as an SOCKS4/SOCKS5 proxy server. If true, a thread is started at server startup to listen on the SOCKS Port. See the SOCKS Proxy documentation for more details.

POP3 Enhanced A boolean (true or false) indicating whether the POP3 Proxy server should operate in "enhanced mode". Presently, enhanced mode supports user over-ride of the default POP3 proxy by specifying their username as user#pop3-server. See the Proxy documentation for more details.

NNTP Server The remote NNTP server to communicate with then NNTP requests come from clients to the NNTP proxy. To act as an NNTP proxy, the client sets the NNTP server to the Sambar Server's NNTP proxy server and the proxy server then connects to the NNTP Server defined by this parameter.

SMTP Server The SMTP server to communicate with then SMTP requests come from clients to the proxy. To act as an SMTP proxy, the client sets the SMTP server to the SMTP proxy server and the proxy server then connects to the SMTP Server defined by this parameter.

POP3 Server The POP3 server to communicate with then POP3 requests come from clients to the proxy. To act as an POP3 proxy, the client sets the POP3 server to the POP3 proxy server and the proxy server then connects to the POP3 Server defined by this parameter.

IMAP4 Server The IMAP4 server to communicate with then IMAP4 requests come from clients to the proxy. To act as an IMAP4 proxy, the client sets the IMAP4 server to the IMAP4 proxy server and the proxy server then connects to the IMAP4 Server defined by this parameter.

Bridge Server The Bridge server to communicate with then Bridge requests come from clients to the proxy. To act as an Bridge proxy, the client sets the Bridge server to the Bridge proxy server and the proxy server then connects to the Bridge Server defined by this parameter. To connect to the destination server on a port other than the Bridge Port, append a new port to the Bridge Server definition using a colon (:) followed by the new port number (i.e. localhost:80). See the Bridge Proxy documentation for more details.

Trace Bridge A boolean (true or false) indicating whether the trace Bridge proxy usage. If true, all bridge proxy usage is written to the logs/bridge.log file. This log file is typically used for debugging client/server applications. Warning! This feature significantly degrades performance and writes a great deal to disk.

Enable DBMS A bookean (true or false) indicating whether the server should initialize the DBMS library and caches for use by the Sambar Server.

Run Watcher A boolean (true or false) indicating whether the server should spawn a watcher daemon to restart the server in the event of a failure. If true, a Watcher Daemon process is started at server startup to ping the Sambar Server periodically. Important: The Watcher Daemon should only be used in conjunction with the Sambar Server Windows GUI executable [server.exe]; never with the NT Service.)

Watcher Timeout The Watcher Timeout specifies how often the Watcher Daemon should ping the Sambar Server. After a failure, the server is terminated and restarted by the Watcher Daemon.

Watcher Server The path, relative to the installation directory, of the Sambar Server executable that the Watcher Daemon should restart in the event of failure.

Watcher Notify The system administrator to notify in the event of a server failure. This user is sent mail if the Watcher Daemon fails to restart the server for any reason. This feature requires that the STMP Server parameter be configured with a valid mail server. Note: This feature is only available with the Sambar Server Pro License.

Security Realm The string raised when a security popup is raised.

Proxy Read Timeout The maximum time, in seconds, to wait for a read from an proxy client (HTTP Proxy, Bridge Proxy and Read/AV Proxy) connection before failing. This parameter over-rides the Network Read Timeout.

FTP Read Timeout The maximum time, in seconds, to wait for a read from an FTP client connection before failing. This parameter over-rides the Network Read Timeout.

FTP PASV IP The IP address that should be published to the client when PASV mode is utilized. By default, the server attempts to figure this out based on the Bind IP, or IP that the client socket is connected on. However, if running behind a firewall or router, you may be required to provide the IP address of the router to connect to the serve in PASV mode. Of course, if the router is restricting access to specific ports, PASV mode will not be successful as the port used for the data connection is random.

SOCKS Read Timeout The maximum time, in seconds, to wait for a read from an SOCKS TCP client connection before failing. This parameter over-rides the Network Read Timeout.

NT Authentication A boolean (true or false) indicating whether NT Domain Authentication should be used. By default, the internal Sambar Server config/passwd file should be used. Important! If enabled, the Microsoft DLLs secur32.dll (Windows 95/98) or security.dll (Windows NT/2000) must be on the system. These DLLs are typically distributed with IE 5.x.

NT Domain If NT Authentication is enabled, this specifies the domain to authenticate users against. If left blank, all domains are attempted.

LDAP Authentication A boolean (true or false) indicating whether an LDAP Server should be used for authenitication. By default, the internal Sambar Server config/passwd file should be used.

LDAP Server If LDAP Authentication is enabled, this specifies the server to authenticate users against.

LDAP Base The LDAP base query string used to bind for authentication.

Radius Authentication A boolean (true or false) indicating whether a Radius Server should be used for authenitication. By default, the internal Sambar Server config/passwd file should be used.

Radius Server If Radius Authentication is enabled, this specifies the server to authenticate users against.

TFTP Directory The directory under which all TFTP files must reside. Unless preceeded by a drive letter (i.e. c:/tftpboot) ,the directory is assumed to be relative to the installation directory of the Sambar Server.

DOT-File Security Restrict access from the FTP Server and Document Manager to files beginning with a period (.). It is recommended that this parameter be set to true to prevent unauthorized modification to security files.

Valid Characters A list of all characters that may comprise a valid FTP or TFTP file name. This list may not have any spaces (spaces are allowed in Windows file systems). Only single-byte character sets are supported. If this parameter is empty, all characters are considered valid.

[http]

Act As HTTP Proxy A boolean (true or false) indicating whether the server should act as an HTTP proxy server.

Trace Requests A boolean (true or false) indicating whether user requests should be logged to the access.log file. Note: /sysimage requests are never logged.

Trace Agents A boolean (true or false) indicating whether the user's agent (browser) should be logged to the agent.log file.

Trace Referrers A boolean (true or false) indicating whether the referer should be logged to the referer.log file.

Log Format A string (common, combined, custom or performance) indicating the log format style. common indicates to use the common log format. combined is the combined log format specified by NCSA (the referer and agent are appended to the log line). custom uses the Custom Log Format string to build a log string (using similar formatting to the Apache custom log). performance is the combined log format with the addition of the page delivery performance time.

Don't Log IPs A space separate list of IP addresses that should not be logged. The wild card character star (*) can be used to match multiple arguments.

Don't Log Requests A space separate list of request strings that should not be logged. The wild card character star (*) can be used to match multiple arguments.

Automatic Directory Lists A boolean (true or false) indicating whether to provide a directory listing if no default file is present in the directory.

Automatic Directory Readme The file, if provided, that will be returned prior to the directory contents if found in the directory being listed. It is assumed that the file returned will contain ASCII text; if the file contains HTML content, place a </PRE> tag at the beginning of the readme file.

Automatic Log Rotation A boolean (true or false) indicating whether the HTTP log files should be automatically rotated (daily) and a log report generated.

Automatic Log mailto If automatic log rotation is enabled, the report(s) generated will be mailed as attachments to the space-spearated list of users provided in this field.

Enable Keep-Alive A boolean (true or false) indicating whether HTTP Keep-Alive extension should be used. Keep-Alive is an extension to HTTP that allows persistent connections. These long-lived HTTP sessions allow multiple requests to be sent over the same TCP connection.

Enable SSL Keep-Alive A boolean (true or false) indicating whether HTTP Keep-Alive extension should be used for SSL connections. Keep-Alive is an extension to HTTP that allows persistent connections. These long-lived HTTP sessions allow multiple requests to be sent over the same TCP connection. Many older Netscape browsers do not properly support SSL Keep-Alive requests; support for these browsers may require disabling this feature.

Enable WebDAV A boolean (true or false) indicating whether the WebDAV HTTP extensions should be enabled (available only to Pro licensees). See the WebDAV documentation for details.

Enable Versioning A boolean (true or false) indicating whether the WebDAV and Document Manager Versioning extensions should be enabled (available only to Pro licensees). See the Versioning documentation for details.

Enable JavaEngine A boolean (true or false) indicating whether the Sambar Server Servlet runner should be initialzed at server startup. Important! The Java JDK must be installed and properly configured prior to enabling this feature (see the JavaEngine documentation for details).

Server Side Includes The file extension of files containing Server Side Includes. This file extension cannot be stm which is reserved for Sambar Server dynamic pages. A space separated list may be provided to configure more than one file-type (i.e. shtml shtm ssi). To prohibit Server Side Include functionality, simply remove all entries from this configuration line.

Expire Server Side Includes This boolean indicates whether to expire server side include scripts when served so the browser will not cache these dynamic pages.

Prohibit Script #exec This configuration parameter prohibits the execution of CGI/WinCGI/WinCmd scripts from within Server Side Include (shtml) or Sambar Scripted (stm) pages. If untrusted documents can be uploaded to the server, this restriction is recommended to prohibit arbitrary execution of server commands. (Note: This restriction does not apply to scripts in the /sysadmin folder.)

Server Scripts The file extension of files containing Sambar Server Scripting elements. A space separated list may be provided to configure more than one file-type (i.e. stm xtm). To prohibit Sambar Server Scripting functionality, simply remove all entries from this configuration line.

Expire Server Scripts This boolean indicates whether to expire Sambar Server scripts when served so the browser will not cache these dynamic pages.

ASP Scripts The file extension of files containing Sambar Server ASP elements. A space separated list may be provided to configure more than one file-type (i.e. asp xsp). To prohibit Sambar Server ASP functionality, simply remove all entries from this configuration line.

Expire ASP Scripts This boolean indicates whether to expire ASP scripts when served so the browser will not cache these dynamic pages.

Default Page The HTML page to use when a client references a directory without specifying a specific file. This may be a space-separated list of file names (i.e. index.html index.stm index.htm index.shtml).

Home Page The HTML page to use when a client references the server home page without specifying a specific file (i.e. http://www.sambar.com/). If left blank, the Default Page list is used to find the page to return. It is recommended that this be left blank. The only valid use for this parameter is if multiple virtual hosts are used that map to the same documents directory. Note: This must be a single file name.

Images Directory A secondary directory for serving non-HTML mime types which will not be logged. This directory must be in to the Sambar Server installation. Important: you cannot have a sub-directory in the Documents Directory that is the same as this directive. In addition, this directive must have a trailing space.

Documents Directory The document directory under which all HTML files must reside. Unless preceeded by a drive letter (i.e. d:/wwwdir) ,the directory is assumed to be relative to the installation directory of the Sambar Server. All HTTP documents must be served from within the Document Directory. This feature is intended guard other parts of a machine from unwanted access. The FTP server is not limited by this restriction, each configured user of the FTP server may have access to a different root location. Future releases of the server may extend the security associated with the Document Directory through aliasing. This directive must have a trailing space.

CGI Directory The CGI directory under which all CGI executables must reside. This directory must be in to the Sambar Server installation directory. This directive must have a trailing space. All files in this directory are assumed to be executable programs. CGI programs can exist in other directories if *.cgi is enabled as a CGI Extension.

WinCGI Directory The WinCGI directory under which all WinCGI executables must reside. This directory must be in to the Sambar Server installation directory. This directive must have a trailing space.

CGI Run As The username:password:domain (NT login) to use when executing a CGI script. If left blank (the default), CGI scripts will run with the security associated with the server.

CGI Timeout The duration, in seconds, that a CGI or WinCGI is allowed to run before termination.

CGI Exit Test The error code returned by CGI programs is tested and an error message is raised if the status is not zero (0) if this field is set to true. If false, CGI exist status codes are not tested.

CGI stderr This boolean indicates whether CGI STDERR output should be returned to the client. CGI STDOUT output is always returned to the client. This feature is useful for debugging errant CGI scripts and can be enabled/disabled without restarting the server via the administration forms.

Keep-Alive Timeout The duration, in seconds, for the HTTP Keep-Alive functionality. If this period is not at least as large as the Network Read Timeout, the connection will be prematurely terminated.

Session Indicator The argument which indicates that the request refers to an RPC method (i.e. http://www.sambar.com/session/help).

Session Domain By default, Sambar Server sessions are generated without a domain meaning the entire Host: name is used to qualify the session. If using the Automatic Relogin to enable signon across machines in a domain, you can use this to specify the domain of the session, i.e. .sambar.com.

Default MIME Type The default mime type to use when the mime type cannot be inferred from the file extension. More information on MIME types is available.

Remote Proxy When acting as an HTTP proxy, a remote caching server can also be used. If the Remote proxy field is non-blank, all HTTP proxy requests will be forwarded to the server configured (typically your ISP's caching proxy). SSL tunneling requests are also directed through the remote proxy (FTP proxy requests are not).

Remote Proxy Port The Remote Proxy server port to connect with when utilizing a remote proxy server.

Remote Proxy Authorization When acting as an HTTP proxy, a remote caching server can also be used. If the Remote Proxy is being used, and the Remote Proxy Authorization field is non-blank, a Proxy-Authorization header will be added to all proxy requests. The value should be username:password which will be encoded using Basic authentication and forwarded.

Invalid Characters This is the list of characters that are NOT allowed in URIs. Unless you are very familiar with the HTTP protocol you should not modify this setting.

ISAPI Debug This configuration parameter specifies the debug level for ISAPI Extensions. Each level corresponds with an increasing detail: None, Basic, Call, Full. See the ISAPI Extension documentation for more details.

ISAPI Extensions This parameter identifies the file extension(s) that should be associated with to ISAPI extensions. Any file in the Documents Directory or aliased document directory with a file extension matching the defined ISAPI Extensions are treated as ISAPI applications. The default is *.dll. See the ISAPI Extension documentation for more details.

CGI Extensions This parameter identifies the file extension(s) that should be executed as CGI applications. Any file in the Documents Directory or aliased document directory with a file extension matching the defined CGI Extensions are treated as CGI applications. The defaults are: *.pl and *.cgi.

WinCGI Extensions This parameter identifies the file extension(s) that should be executed as WinCGI applications. Any file in the Documents Directory or aliased document directory with a file extension matching the defined CGI Extensions are treated as WinCGI applications. By default, no extensions are defined.

Maximum Content-Length This parameter defines the maximum content-length that the server will allow in POST or multipart/form-data request from an unauthenticated client.

Maximum User Content-Length This parameter defines the maximum content-length that the server will allow in POST or multipart/form-data request from an authenticated user.

Enforce .htaccess This boolean indicates that the Sambar Server should enforce the HTACCESS functionality. See htaccess documentation for more details.

Use Unix crypt This boolean indicates that the Sambar Server should use the UNIX crypt() functionality for enforcing HTACCESS passwords. See htaccess documentation for more details.

Use MD5 crypt This boolean indicates that the Sambar Server should use a basic MD5 hash for enforcing HTACCESS passwords. See htaccess documentation for more details.

Log INCLUDE Scripts This boolean indicates that the Sambar Server should log scripts included within other scripts using RCinclude or the SSI include directive. If set to false, these INCLUDE scripts won't be logged.

Compress Content Compress dynamic content using GZIP compression if the browser's Accept-Encoding supports GZIP. Dynamic content is all content from stm scripts, and Java Servlets.

Proxy Word Selectivity The number of words or strings in the wordlist.ini file that must match for the proxy server to block the page.

Proxy Word Filter A boolean that indicates whether the urllist.ini, wordlist.ini and whitelist.ini files should be used by the HTTP proxy to filter web content.

Proxy Word Filter IPs If the proxy wordlist is enabled, the list of IP addresses specified by this parameter is used to exclude clients from the proxy filter.

User Directories Map requests for /~username/ to the user's FTP/Document Directory stored in the user config/passwd file. Note: If anything other than the passwd file security authentication is enabled this parameter cannot be enabled. All that really happens when this feature is enabled is that aliases are automatically loaded into the server for each user mapping: /~username/ = FTP/Document Directory. If these mappings change after startup (i.e. add/remove users), the UserDir engine must be disabled and then re-enabled to reload the new mappings. Important! Make sure to use the Exclude User Directories for any user with a document root that should not be generally accessible.

Exclude User Directories A space separated list of users who's directories should not be accessible when User Directories is enabled. This list can contain the wild-card star (*) character for matching.

Server Signature The signature provided in the HTTP header response to requests. By default this is SAMBAR, but can be changed by modifying this parameter; this feature is only available to Pro Server licensees.

Invalid Methods Invalid HTTP methods that will be denied by the server before any response is generated. This is a space-separated list of HTTP methods such as: HEAD PUT DELETE.

[events]

Server Cookie The mechanism used to generate user session cookies. In general, userip is the preferred mechanism, however, for AOL users that come through different proxies on each access, this mechanism will not work. An alternate mechanism, serverip can be used with AOL clients.

Maximum Users The maximum number of logged in users allowed on the system. There is not necessarily a correlation between logged in users and Maximum Connections, as logged in users refers to user handles maintained across HTTP requests.

Maximum State Attributes The maximum attributes a user may have. Attributes are referenced using the RCS scripting variable, and are used to maintain state about a user for the duration of the login.

Maximum Simultaneous Logins The maximum number of simultaneous logins for a single user. The default value zero (0) indicates an unlimited number of simultaneous users are permitted. If a user does not logout and attempts to reconnect with the limit set to one (1), the user will have to wait until the timeout duration is reached.

Timeout Duration The maximum idle time (in seconds) before a logged in client is automatically logged out. Setting this value to 0 indicates an unlimited duration.

Admin Timeout Duration The maximum idle time (in seconds) before a logged in administrator user is automatically logged out. The admin timeout may not be set to 0 (unlimited).

Application Directory The temporary directory for use by external applications (SA_CTXPROP_APPLICDIR).

SSL Logins Only Only permit user logins (/session/login) via an SSL connection.

Login on Authentication Perform a user login (i.e. create a server-side user object when a user authenticates via HTTP login (security.ini or .htaccess). By default, user authentication restrictions in the security.ini and .htaccess files do not result in a user login. If set to true, this flag results in the /session/login event being called for authentication events triggered by security.ini or .htaccess. Note: This only applies to .htaccess authentications performed using the Sambar Server passwd file. Use of an alternative AuthUserFile will not trigger this feature.

Startup Script Script to run on server startup. This script can be used to set environment variables etc. The location of the script is relative to documents directory (it must begin with a leading slash (/)).

Shutdown Script Script to run on server shutdown. This script can be used to disable a modem etc. The location of the script is relative to documents directory (it must begin with a leading slash (/)).

Login Script Script to run on user login. This script can be used to set state variables, profile attributes etc. The location of the script is relative to documents directory (it must begin with a leading slash (/)).

Logout Script Script to run on user logout. This script can be used to log the user's activity to the RDBMS or perform other cleanup activity. The location of the script is relative to documents directory (it must begin with a leading slash (/)).

Monitor Invalid Logins Monitor invalid logins and freeze logins from the IP addresses of hosts that exceed the Maximum Invalid Logins. Note: All tracking is performed via IP address. This can adversely affect large groups of users that come from hosts behind a proxy such as AOL. Important! This feature cannot be used if you are behind a proxy or firewall that performs address translation.

Maximum Invalid Logins The maximum number of invalid logins that are allowed from a given IP address before all logins are frozen from that host for Invalid Login Wait.

Invalid Login Wait The duration, in seconds, that an IP address is restricted from attempting another login once the Maximum Invalid Logins are reached.

Monitor Invalid Requests Monitor invalid requests and freeze all requests from the IP addresses of hosts that exceed the Maximum Invalid Requests. Enabling this feature imposes a significant performance penalty on the server and increases the memory requirements by several mega bytes; it can prevent some types of server attacks as well as some DOS attacks. Note: All tracking is performed via IP address. This can adversely affect large groups of users that come from hosts behind a proxy such as AOL.

Maximum Invalid Logins The maximum number of invalid logins that are allowed from a given IP address before all logins are frozen from that host for Invalid Login Wait.

Invalid Request Wait The duration, in seconds, that an IP address is restricted from attempting another login once the Maximum Invalid Logins are reached.

Share User Logins Some WebDAV clients are not able to reuse a user login via the HTTP cookie mechanism. If set to true, this boolean parameter indicates that any relogin for a user and IP address that is already logged in should re-use the existing login (rather than creating a new server-side user login structure).

Automatic Relogin In the event of a session expiration due to timeout, a user can come to a server with an otherwise valid user cookie for the realm, but no server-side authenticated account. If this variable is set to true, the server will attempt to automatically relogin the user.

[search]

Log Search Results A boolean indicating whether search requests should be logged to the log/search.log file.

Allow Wildcarding A boolean indicating whether search queries may contain wild-card characters for pattern-matched searches.

Index Only The file extensions to index when traversing the Documents Directory. This is a space separated list of file extensions. Note: the character ~ can be used to indicate that the server should index files without extensions (plain text).

Valid Characters A list of all characters that may comprise a valid search string. This list may not have any spaces. Only single-byte character sets are supported.

[user-events]

INIT The DLL and function to call during the INIT event.

EXIT The DLL and function to call during the EXIT event.

REQUEST The DLL and function to call during the REQUEST event.

LOGIN The DLL and function to call during the LOGIN event.

LOGOUT The DLL and function to call during the LOGOUT event. Note: Every client that logs in is guaranteed to log out (even in the event of a shutdown), however, once a single LOGIN event is called for a client (even if unsuccessful), all LOGOUT events are called. Care must be taken when cleaning up in the logout handler.

PROFILE The DLL and function to call during the PROFILE request (RCP scripting variable). The maximum length of the buffer passed in for the return data is 256 bytes.

NETCONNECT The DLL and function to call during the a server connection. The IP address and server type are passed as parameters and access is denied to the server if the function returns SA_FAIL.

FTP The DLL and function to call for username/password authentication during an FTP login. The username and password are passed as parameters and the FTP access structure is filled in on a successful login. Access is denied to the FTP server if the function returns SA_FAIL.

HTTPPROXY The DLL and function to call for each HTTP Proxy request. The hostname or IP address and URL being requested are passed as parameters and the proxy request is terminated if the function returns SA_FAIL. For connections where keep-alives are used, only the first request is processed via the HTTPPROXY event handler, subsequent proxy requests on the keep-alive connection are not filtered. If the HTTP proxy is an SSL request (SSL-tunneling), the URL will be NULL as the proxy does not interpret SSL packets.

ENVIRONMENT The DLL and function to call for each environment request. This allows user-defined environment variables to be used withing if/then/else conditional logic or to be passed as parameters to RPC methods. System defined environment variables have precedence over user-defined arguments. The maximum length of the buffer passed in for the return data is 256 bytes.

[envt]

name value
Name/value pairs found in this section are set in the system environment prior to the start of the server (using SetEnvironmentVariable()/setenv()). These variables are also available via the RCE scripting parameter.

Backup Log	The server.log file is overwritten on each startup. To backup this log at startup, set this to true. With each startup, the existing log will be rotate as server.log.YYMMDD-HHMMSS.
CA Certificate File	Optional CA certificate file to use during initialization of SSL interface.
Configuration Lockdown	Disallow any configuration changes via the System Administration console. This feature is for stable, production systems that do not wish to permit runtime configuration changes.
Log Size	The Log Size specifies the maximum size the server.log file is allowed to grow to. Once reached, the log file will wrap to the first line. If set to 0, the log file will grow as large as disk space will allow. Note: If the log file is rotated, the log size is reset and begins accumulating again.
Trace Level	Specifies the level of trace information written to the server log: FATAL \| ERROR \| WARN \| INFO \| TRACE
Network Trace Level	Specifies the level of network trace information written to the network log: NONE \| OPENCLOSE \| PACKETS \| STREAM This should always be set to NONE on a production server; this feature is for debugging network or application problems. Only available with Sambar Server Pro.
Trace Performance	This argument is for real-time tracing of system performance; it must be true or false.
Resolve Host Names	This boolean instructs the server to perform DNS name resolution on all clients accessing the server. Performing DNS lookups affects the access log, and HOST environment variable. Users are recommended to leave this variable false unless absolutely necessary due to the significant performance degredation associated with DNS.
Log Directory	The directory in which to write all log and observation files.
Tmp Directory	The directory in which to write all temporary files.
Root Directories	Pathing is always relative to the installation directory unless the path is identified as a "root" path. On Windows, paths where the second character is a colon (i.e. c:) or the path begins with double backslash (i.e. \\foo) are automatically recognized as "root" paths. For Unix platforms this configuration parameter allows for the specification of the "root" paths (i.e. /home/* /var/*).
Cookie Tag	The HTTP cookie tag to use when maintaining persistent client connections.
Persistent Cookies	This boolean indicates whether HTTP user cookies should be persistent (have an expiration of 2007) or transient (expire when the browser is terminated).
Maximum Connections	The maximum network connections to allow open at any given time. This number will influence the number of simultaneous HTTP, TFTP, DNS, FTP, HTTP Proxy, SMTP, POP3, IMAP4 and Bridge proxy connections supported as well as the number of threads needed by the applications. The recommended value for this is between 40 and 100 connections depending on the memory and server performance.
Idle Threads	The minimum number of idle threads that should be kept available by the server for responding to requests.
Network Read Timeout	The maximum time, in seconds, to wait for a read from a client connection before failing. Note: This period must be at least as large the Keep-Alive duration defined for the HTTP protocol.
Maximum Threads	The maximum threads to use in processing user requests. This number should be approximately 10 higher than the number of simultaneous user connections permitted.
Throttle IPs	Throttle the maximum number of connections allowed from a single IP address. This can be used to limit the effectiveness of some denial of service (DOS) attacks; a typical browser will open up 10 or more simultaneous connections to a server (depending on the number of images present) whereas a DOS attack might attempt 100 simultaneous connections. This feature results in a minimal performance impact. Set this field to zero (0) to allow unlimited connections from a given IP address. Use of Throttle IPs has the following issues: Because browsers regularly make multiple connections to a server to retrieve web pages, this setting should typically not be set below ten (depending on the number of images/frames on your pages) which may lessen the usefulness of this feature. Use can adversely affect connections that come in via proxies such as AOL members as they all appear to be the same client. A local router has a similar issue to the AOL proxy problem because all clients appear to be coming from 192.168.0.1. IE as of 5.5 will open tens of connections to fetch all the content on a page depending on whether keep-alive is disabled, how long/short the timeout is, and whether access is across a WAN. Making matters worse is the TCP/IP stack on windows does a poor job of alerting the server as to connection close events resulting in a delay in cleaning up sockets.
Throttle IP I/O	Throttle the maximum data (in MB) allowed for a single IP address for the period configured in the Throttle IP Period. IP throttling affects all server connections.
Throttle IP Requests	Throttle the maximum number of connections (requests) allowed for a single IP address for the period configured in the Throttle IP Period. IP throttling affects all server connections.
Throttle IP Size	The size of the IP address pool to monitor/track. This pool is treated as a LIFO queue; most recent IP address are moved to the front of the pool and if full, the least recently used IP address being tracked is recycled for a new IP connection.
Throttle IP Period	Duration in which per-IP address input/output throttling is effective. For example, to reset the throttling daily, you could set the period to: *`0 0 * `*
Throttle User Input	Throttle the maximum incoming data (in MB) allowed for a single user for the period configured in the Throttle User Period. User throttling affects authenticated proxy server usage, WebDAV, FTP uploads.
Throttle User Output	Throttle the maximum outgoing data (in MB) allowed for a single user for the period configured in the Throttle User Period. User throttling affects authenticated proxy server requests, authenticated SMTP, WebDAV, FTP, and HTTP ~username downloads.
Throttle User Period	Duration in which per-user input/output throttling is effective. For example, to reset the throttling daily, you could set the period to: *`0 0 * `*
Scheduler Task Timeout	The maximum duration a task is permitted to run before being terminated.
Scheduler Sleep Timeout	The duration between task testing/execution.
Optimize Transmit	A boolean indicating whether the TransmitFile() API should be used for file operations. This is configurable because Microsoft has limited the effectiveness of this API on Windows NT Workstation. In general, it is highly recommended that this parameter be set to false.
Force IP Bind	This configuration parameter allows uses to force the Sambar Server to bind to a specific IP address on the server. This feature should only be used on machines with multiple IP addresses; for all other configurations, it should be left blank.
Dynamic IP Test	Test periodically (every timeout period -- approximately 2 minutes) for a change in the server's IP address. This is necessary for DHCP machines running the FTP server, if they periodically change their IP address without restarting the Sambar Server.
Read Only	A boolean indicating whether the server should run in read-only mode. This feature enables the server distribution to be run directly from a CD-ROM. All log files are placed in the user's TEMP directory rather than the directory from which the server is being run. This feature is only available to users with a Commercial distribution license.
License	Sambar Server license key; certain functionality is restricted by licensing constraints.
Content Cache Size	The size (in bytes) alloted for content caching. If zero (0), no file caching is performed (this is the default). File caching is used to enhance the server disk I/O access performance by caching files in-memory. The in-memory file cache is for enhancing the performance of the HTTP server; there is presently no caching mechanism for HTTP proxy requests. For optimal performance, this should be set to the cumulative size of all static files in your document directories. (Note: The FTP server also uses this file cache.)
Maximum Cached File	The size of the largest file (in bytes) that should be cached by the cache system.
Cache Stat Interval	The period of time (in seconds) to cache the response to a stat() system call. Important! If a file is modified (i.e. during development), the server will indicate that the file has not been modified for the duration of the Stat Interval. For this reason, this feature should only be used on production systems where the underlying files change rarely. In addition, the interval should never not be set above 300 (5 minutes).
Cache DNS Interval	The period of time (in seconds) to cache the response to a gethostbyname() system calls.
Cache Flush Interval	The period of time (in seconds) after which unused files should be flushed if additional cache space is needed.
Certificate File	SSL certificate file to use during initialization of SSL interfaces.
Private Key File	SSL private key file to use during initialization of SSL interfaces.
NTP Server	Optional NTP Server with which to synchronize server time.
NTP Cron	Optional cron entry (i.e. `0 1 * * *`, every night at 1AM) that specifies when the NTP Server should be contacted to synchronize the server time.

Server Version	The server version supported by the configuration file.
Observe Log Size	The observation log size specifies the maximum size the observe.log file is allowed to grow to. Once reached, the log file will wrap to the first line. If set to 0, the file can grow as large as disk space will allow.
FTP Log Size	The FTP log size specifies the maximum size the ftp.log file is allowed to grow to. Once reached, the log file will wrap to the first line. If set to 0, the file can grow as large as disk space will allow.
Maximum FTP Users	The maximum FTP users supported by the server (at any one time).
Maximum FTP Upload	The maximum size of any single FTP upload. If set to 0, there is no maximum upload size. This value is overridden by any user-specific upload constraints. If a user is permitted 5MB of space, they can upload a single 5MB file regardless of the Maximum FTP Upload.
System Administrator	The name of the system administrator.
System Administrator IP	The host(s) where the system administrator is allowed to login from. To ensure that only hosts which you plan to use for administration have access to your system administration tools, you can provide a space separated list of IP address where an administrator may login from. If left blank, an administrator may login from any host. The wild-card star () character may be used for pattern matching, i.e. 140.175.165.
User IP	The host(s) where users are allowed to login from. To ensure that only hosts which you wish to provide access to your user tools, you can provide a space separated list of IP address where a user may login from. If left blank, users may login from any host. The wild-card star () character may be used for pattern matching, i.e. 140.175.165.
Server Port	When the Sambar Server starts, it connects to some port and address on the local machine dna waits for incoming requests. The Server Port configuration value indicates which the HTTP server will listen on.
FTP Port	The port to listen on for FTP requests on. By default, the FTP port is 21.
TFTP Port	The port to listen on for TFTP requests on. By default, the TFTP port is 69.
NNTP Port	The port to listen on for NNTP requests (either Server or Proxy). By default, the NNTP port is 119.
SMTP Port	The port to listen on for SMTP requests as well as the port to connect to the SMTP Server on. By default, the SMTP port is 25.
POP3 Port	The port to listen on for POP3 requests as well as the port to connect to the POP3 Server on. By default, the POP3 port is 110.
IMAP4 Port	The port to listen on for IMAP4 requests as well as the port to connect to the IMAP4 Server on. By default, the IMAP4 port is 143.
Bridge Port	The port to listen on for Bridge requests as well as the port to connect to the Bridge Server on. See the Bridge Proxy documentation for details.
SOCKS Port	The port to listen on for SOCKS4/SOCKS5 requests. See the SOCKS Proxy documentation for details.
Trace TFTP	A boolean (true or false) indicating whether the trace TFTP requests. If true, all read/write actions are written to the GUI console.
Trace FTP	A boolean (true or false) indicating whether the trace FTP requests. If true, all read/write actions are written to the logs/ftp.log file.
Act As Mail Server	A boolean (true or false) indicating whether the server should act as a Mail server. If true, a thread is started at server startup to listen on the POP3 Port and process POP3 requests. Future releases will include support for IMAP4 and SMTP services. See the Mail Server documentation for more details.
Act As FTP Server	A boolean (true or false) indicating whether the server should act as an FTP server. If true, a thread is started at server startup to listen on the FTP Port and process FTP requests.
Act As TFTP Server	A boolean (true or false) indicating whether the server should act as a TFTP server. If true, a thread is started at server startup to listen on the TFTP Port and process TFTP requests. Only TFTP GET requests are supported, and files are restricted to those from the TFTP Directory.
Act As NNTP Proxy	A boolean (true or false) indicating whether the server should act as an NNTP proxy server. If true, a thread is started at server startup to listen on the NNTP Port and form a circuit between the remote NNTP Server and the client.
Act As SMTP Proxy	A boolean (true or false) indicating whether the server should act as an SMTP proxy server. If true, a thread is started at server startup to listen on the SMTP Port and form a circuit between the SMTP Server and the client.
Act As POP3 Proxy	A boolean (true or false) indicating whether the server should act as an POP3 proxy server. If true, a thread is started at server startup to listen on the POP3 Port and form a circuit between the POP3 Server and the client.
Act As IMAP4 Proxy	A boolean (true or false) indicating whether the server should act as an IMAP4 proxy server. If true, a thread is started at server startup to listen on the IMAP4 Port and form a circuit between the IMAP4 Server and the client.
Act As Bridge Proxy	A boolean (true or false) indicating whether the server should act as an Bridge proxy server. If true, a thread is started at server startup to listen on the Bridge Port and form a circuit between the Bridge Server and the client. This feature provides a bridging capability for any TCP application that is bound to a specific port. For example, this feature could be used to bridge telnet or SQL Server. See the Bridge Proxy documentation for more details.
Act As SOCKS Proxy	A boolean (true or false) indicating whether the server should act as an SOCKS4/SOCKS5 proxy server. If true, a thread is started at server startup to listen on the SOCKS Port. See the SOCKS Proxy documentation for more details.
POP3 Enhanced	A boolean (true or false) indicating whether the POP3 Proxy server should operate in "enhanced mode". Presently, enhanced mode supports user over-ride of the default POP3 proxy by specifying their username as `user#pop3-server`. See the Proxy documentation for more details.
NNTP Server	The remote NNTP server to communicate with then NNTP requests come from clients to the NNTP proxy. To act as an NNTP proxy, the client sets the NNTP server to the Sambar Server's NNTP proxy server and the proxy server then connects to the NNTP Server defined by this parameter.
SMTP Server	The SMTP server to communicate with then SMTP requests come from clients to the proxy. To act as an SMTP proxy, the client sets the SMTP server to the SMTP proxy server and the proxy server then connects to the SMTP Server defined by this parameter.
POP3 Server	The POP3 server to communicate with then POP3 requests come from clients to the proxy. To act as an POP3 proxy, the client sets the POP3 server to the POP3 proxy server and the proxy server then connects to the POP3 Server defined by this parameter.
IMAP4 Server	The IMAP4 server to communicate with then IMAP4 requests come from clients to the proxy. To act as an IMAP4 proxy, the client sets the IMAP4 server to the IMAP4 proxy server and the proxy server then connects to the IMAP4 Server defined by this parameter.
Bridge Server	The Bridge server to communicate with then Bridge requests come from clients to the proxy. To act as an Bridge proxy, the client sets the Bridge server to the Bridge proxy server and the proxy server then connects to the Bridge Server defined by this parameter. To connect to the destination server on a port other than the Bridge Port, append a new port to the Bridge Server definition using a colon (:) followed by the new port number (i.e. localhost:80). See the Bridge Proxy documentation for more details.
Trace Bridge	A boolean (true or false) indicating whether the trace Bridge proxy usage. If true, all bridge proxy usage is written to the logs/bridge.log file. This log file is typically used for debugging client/server applications. Warning! This feature significantly degrades performance and writes a great deal to disk.
Enable DBMS	A bookean (true or false) indicating whether the server should initialize the DBMS library and caches for use by the Sambar Server.
Run Watcher	A boolean (true or false) indicating whether the server should spawn a watcher daemon to restart the server in the event of a failure. If true, a Watcher Daemon process is started at server startup to ping the Sambar Server periodically. Important: The Watcher Daemon should only be used in conjunction with the Sambar Server Windows GUI executable [server.exe]; never with the NT Service.)
Watcher Timeout	The Watcher Timeout specifies how often the Watcher Daemon should ping the Sambar Server. After a failure, the server is terminated and restarted by the Watcher Daemon.
Watcher Server	The path, relative to the installation directory, of the Sambar Server executable that the Watcher Daemon should restart in the event of failure.
Watcher Notify	The system administrator to notify in the event of a server failure. This user is sent mail if the Watcher Daemon fails to restart the server for any reason. This feature requires that the STMP Server parameter be configured with a valid mail server. Note: This feature is only available with the Sambar Server Pro License.
Security Realm	The string raised when a security popup is raised.
Proxy Read Timeout	The maximum time, in seconds, to wait for a read from an proxy client (HTTP Proxy, Bridge Proxy and Read/AV Proxy) connection before failing. This parameter over-rides the Network Read Timeout.
FTP Read Timeout	The maximum time, in seconds, to wait for a read from an FTP client connection before failing. This parameter over-rides the Network Read Timeout.
FTP PASV IP	The IP address that should be published to the client when PASV mode is utilized. By default, the server attempts to figure this out based on the `Bind IP`, or IP that the client socket is connected on. However, if running behind a firewall or router, you may be required to provide the IP address of the router to connect to the serve in PASV mode. Of course, if the router is restricting access to specific ports, PASV mode will not be successful as the port used for the data connection is random.
SOCKS Read Timeout	The maximum time, in seconds, to wait for a read from an SOCKS TCP client connection before failing. This parameter over-rides the Network Read Timeout.
NT Authentication	A boolean (true or false) indicating whether NT Domain Authentication should be used. By default, the internal Sambar Server config/passwd file should be used. Important! If enabled, the Microsoft DLLs secur32.dll (Windows 95/98) or security.dll (Windows NT/2000) must be on the system. These DLLs are typically distributed with IE 5.x.
NT Domain	If NT Authentication is enabled, this specifies the domain to authenticate users against. If left blank, all domains are attempted.
LDAP Authentication	A boolean (true or false) indicating whether an LDAP Server should be used for authenitication. By default, the internal Sambar Server config/passwd file should be used.
LDAP Server	If LDAP Authentication is enabled, this specifies the server to authenticate users against.
LDAP Base	The LDAP base query string used to bind for authentication.
Radius Authentication	A boolean (true or false) indicating whether a Radius Server should be used for authenitication. By default, the internal Sambar Server config/passwd file should be used.
Radius Server	If Radius Authentication is enabled, this specifies the server to authenticate users against.
TFTP Directory	The directory under which all TFTP files must reside. Unless preceeded by a drive letter (i.e. c:/tftpboot) ,the directory is assumed to be relative to the installation directory of the Sambar Server.
DOT-File Security	Restrict access from the FTP Server and Document Manager to files beginning with a period (.). It is recommended that this parameter be set to true to prevent unauthorized modification to security files.
Valid Characters	A list of all characters that may comprise a valid FTP or TFTP file name. This list may not have any spaces (spaces are allowed in Windows file systems). Only single-byte character sets are supported. If this parameter is empty, all characters are considered valid.

Act As HTTP Proxy	A boolean (true or false) indicating whether the server should act as an HTTP proxy server.
Trace Requests	A boolean (true or false) indicating whether user requests should be logged to the access.log file. Note: /sysimage requests are never logged.
Trace Agents	A boolean (true or false) indicating whether the user's agent (browser) should be logged to the agent.log file.
Trace Referrers	A boolean (true or false) indicating whether the referer should be logged to the referer.log file.
Log Format	A string (common, combined, custom or performance) indicating the log format style. common indicates to use the common log format. combined is the combined log format specified by NCSA (the referer and agent are appended to the log line). custom uses the Custom Log Format string to build a log string (using similar formatting to the Apache custom log). performance is the combined log format with the addition of the page delivery performance time.
Don't Log IPs	A space separate list of IP addresses that should not be logged. The wild card character star (*) can be used to match multiple arguments.
Don't Log Requests	A space separate list of request strings that should not be logged. The wild card character star (*) can be used to match multiple arguments.
Automatic Directory Lists	A boolean (true or false) indicating whether to provide a directory listing if no default file is present in the directory.
Automatic Directory Readme	The file, if provided, that will be returned prior to the directory contents if found in the directory being listed. It is assumed that the file returned will contain ASCII text; if the file contains HTML content, place a </PRE> tag at the beginning of the readme file.
Automatic Log Rotation	A boolean (true or false) indicating whether the HTTP log files should be automatically rotated (daily) and a log report generated.
Automatic Log mailto	If automatic log rotation is enabled, the report(s) generated will be mailed as attachments to the space-spearated list of users provided in this field.
Enable Keep-Alive	A boolean (true or false) indicating whether HTTP Keep-Alive extension should be used. Keep-Alive is an extension to HTTP that allows persistent connections. These long-lived HTTP sessions allow multiple requests to be sent over the same TCP connection.
Enable SSL Keep-Alive	A boolean (true or false) indicating whether HTTP Keep-Alive extension should be used for SSL connections. Keep-Alive is an extension to HTTP that allows persistent connections. These long-lived HTTP sessions allow multiple requests to be sent over the same TCP connection. Many older Netscape browsers do not properly support SSL Keep-Alive requests; support for these browsers may require disabling this feature.
Enable WebDAV	A boolean (true or false) indicating whether the WebDAV HTTP extensions should be enabled (available only to Pro licensees). See the WebDAV documentation for details.
Enable Versioning	A boolean (true or false) indicating whether the WebDAV and Document Manager Versioning extensions should be enabled (available only to Pro licensees). See the Versioning documentation for details.
Enable JavaEngine	A boolean (true or false) indicating whether the Sambar Server Servlet runner should be initialzed at server startup. Important! The Java JDK must be installed and properly configured prior to enabling this feature (see the JavaEngine documentation for details).
Server Side Includes	The file extension of files containing Server Side Includes. This file extension cannot be stm which is reserved for Sambar Server dynamic pages. A space separated list may be provided to configure more than one file-type (i.e. shtml shtm ssi). To prohibit Server Side Include functionality, simply remove all entries from this configuration line.
Expire Server Side Includes	This boolean indicates whether to expire server side include scripts when served so the browser will not cache these dynamic pages.
Prohibit Script #exec	This configuration parameter prohibits the execution of CGI/WinCGI/WinCmd scripts from within Server Side Include (shtml) or Sambar Scripted (stm) pages. If untrusted documents can be uploaded to the server, this restriction is recommended to prohibit arbitrary execution of server commands. (Note: This restriction does not apply to scripts in the /sysadmin folder.)
Server Scripts	The file extension of files containing Sambar Server Scripting elements. A space separated list may be provided to configure more than one file-type (i.e. stm xtm). To prohibit Sambar Server Scripting functionality, simply remove all entries from this configuration line.
Expire Server Scripts	This boolean indicates whether to expire Sambar Server scripts when served so the browser will not cache these dynamic pages.
ASP Scripts	The file extension of files containing Sambar Server ASP elements. A space separated list may be provided to configure more than one file-type (i.e. asp xsp). To prohibit Sambar Server ASP functionality, simply remove all entries from this configuration line.
Expire ASP Scripts	This boolean indicates whether to expire ASP scripts when served so the browser will not cache these dynamic pages.
Default Page	The HTML page to use when a client references a directory without specifying a specific file. This may be a space-separated list of file names (i.e. index.html index.stm index.htm index.shtml).
Home Page	The HTML page to use when a client references the server home page without specifying a specific file (i.e. http://www.sambar.com/). If left blank, the Default Page list is used to find the page to return. It is recommended that this be left blank. The only valid use for this parameter is if multiple virtual hosts are used that map to the same documents directory. Note: This must be a single file name.
Images Directory	A secondary directory for serving non-HTML mime types which will not be logged. This directory must be in to the Sambar Server installation. Important: you cannot have a sub-directory in the Documents Directory that is the same as this directive. In addition, this directive must have a trailing space.
Documents Directory	The document directory under which all HTML files must reside. Unless preceeded by a drive letter (i.e. d:/wwwdir) ,the directory is assumed to be relative to the installation directory of the Sambar Server. All HTTP documents must be served from within the Document Directory. This feature is intended guard other parts of a machine from unwanted access. The FTP server is not limited by this restriction, each configured user of the FTP server may have access to a different root location. Future releases of the server may extend the security associated with the Document Directory through aliasing. This directive must have a trailing space.
CGI Directory	The CGI directory under which all CGI executables must reside. This directory must be in to the Sambar Server installation directory. This directive must have a trailing space. All files in this directory are assumed to be executable programs. CGI programs can exist in other directories if .cgi is enabled as a CGI Extension*.
WinCGI Directory	The WinCGI directory under which all WinCGI executables must reside. This directory must be in to the Sambar Server installation directory. This directive must have a trailing space.
CGI Run As	The username:password:domain (NT login) to use when executing a CGI script. If left blank (the default), CGI scripts will run with the security associated with the server.
CGI Timeout	The duration, in seconds, that a CGI or WinCGI is allowed to run before termination.
CGI Exit Test	The error code returned by CGI programs is tested and an error message is raised if the status is not zero (0) if this field is set to true. If false, CGI exist status codes are not tested.
CGI stderr	This boolean indicates whether CGI STDERR output should be returned to the client. CGI STDOUT output is always returned to the client. This feature is useful for debugging errant CGI scripts and can be enabled/disabled without restarting the server via the administration forms.
Keep-Alive Timeout	The duration, in seconds, for the HTTP Keep-Alive functionality. If this period is not at least as large as the Network Read Timeout, the connection will be prematurely terminated.
Session Indicator	The argument which indicates that the request refers to an RPC method (i.e. http://www.sambar.com/session/help).
Session Domain	By default, Sambar Server sessions are generated without a domain meaning the entire Host: name is used to qualify the session. If using the `Automatic Relogin` to enable signon across machines in a domain, you can use this to specify the domain of the session, i.e. `.sambar.com`.
Default MIME Type	The default mime type to use when the mime type cannot be inferred from the file extension. More information on MIME types is available.
Remote Proxy	When acting as an HTTP proxy, a remote caching server can also be used. If the Remote proxy field is non-blank, all HTTP proxy requests will be forwarded to the server configured (typically your ISP's caching proxy). SSL tunneling requests are also directed through the remote proxy (FTP proxy requests are not).
Remote Proxy Port	The Remote Proxy server port to connect with when utilizing a remote proxy server.
Remote Proxy Authorization	When acting as an HTTP proxy, a remote caching server can also be used. If the Remote Proxy is being used, and the Remote Proxy Authorization field is non-blank, a Proxy-Authorization header will be added to all proxy requests. The value should be username:password which will be encoded using Basic authentication and forwarded.
Invalid Characters	This is the list of characters that are NOT allowed in URIs. Unless you are very familiar with the HTTP protocol you should not modify this setting.
ISAPI Debug	This configuration parameter specifies the debug level for ISAPI Extensions. Each level corresponds with an increasing detail: None, Basic, Call, Full. See the ISAPI Extension documentation for more details.
ISAPI Extensions	This parameter identifies the file extension(s) that should be associated with to ISAPI extensions. Any file in the Documents Directory or aliased document directory with a file extension matching the defined ISAPI Extensions are treated as ISAPI applications. The default is *.dll. See the ISAPI Extension documentation for more details.
CGI Extensions	This parameter identifies the file extension(s) that should be executed as CGI applications. Any file in the Documents Directory or aliased document directory with a file extension matching the defined CGI Extensions are treated as CGI applications. The defaults are: .pl and .cgi.
WinCGI Extensions	This parameter identifies the file extension(s) that should be executed as WinCGI applications. Any file in the Documents Directory or aliased document directory with a file extension matching the defined CGI Extensions are treated as WinCGI applications. By default, no extensions are defined.
Maximum Content-Length	This parameter defines the maximum content-length that the server will allow in POST or multipart/form-data request from an unauthenticated client.
Maximum User Content-Length	This parameter defines the maximum content-length that the server will allow in POST or multipart/form-data request from an authenticated user.
Enforce .htaccess	This boolean indicates that the Sambar Server should enforce the HTACCESS functionality. See htaccess documentation for more details.
Use Unix crypt	This boolean indicates that the Sambar Server should use the UNIX crypt() functionality for enforcing HTACCESS passwords. See htaccess documentation for more details.
Use MD5 crypt	This boolean indicates that the Sambar Server should use a basic MD5 hash for enforcing HTACCESS passwords. See htaccess documentation for more details.
Log INCLUDE Scripts	This boolean indicates that the Sambar Server should log scripts included within other scripts using RCinclude or the SSI include directive. If set to false, these INCLUDE scripts won't be logged.
Compress Content	Compress dynamic content using GZIP compression if the browser's Accept-Encoding supports GZIP. Dynamic content is all content from stm scripts, and Java Servlets.
Proxy Word Selectivity	The number of words or strings in the wordlist.ini file that must match for the proxy server to block the page.
Proxy Word Filter	A boolean that indicates whether the urllist.ini, wordlist.ini and whitelist.ini files should be used by the HTTP proxy to filter web content.
Proxy Word Filter IPs	If the proxy wordlist is enabled, the list of IP addresses specified by this parameter is used to exclude clients from the proxy filter.
User Directories	Map requests for */~username/* to the user's FTP/Document Directory stored in the user config/passwd file. Note: If anything other than the passwd file security authentication is enabled this parameter cannot be enabled. All that really happens when this feature is enabled is that aliases are automatically loaded into the server for each user mapping: /~username/ = FTP/Document Directory. If these mappings change after startup (i.e. add/remove users), the UserDir engine must be disabled and then re-enabled to reload the new mappings. Important! Make sure to use the Exclude User Directories for any user with a document root that should not be generally accessible.
Exclude User Directories	A space separated list of users who's directories should not be accessible when User Directories is enabled. This list can contain the wild-card star (*) character for matching.
Server Signature	The signature provided in the HTTP header response to requests. By default this is SAMBAR, but can be changed by modifying this parameter; this feature is only available to Pro Server licensees.
Invalid Methods	Invalid HTTP methods that will be denied by the server before any response is generated. This is a space-separated list of HTTP methods such as: `HEAD PUT DELETE`.

Server Cookie	The mechanism used to generate user session cookies. In general, userip is the preferred mechanism, however, for AOL users that come through different proxies on each access, this mechanism will not work. An alternate mechanism, serverip can be used with AOL clients.
Maximum Users	The maximum number of logged in users allowed on the system. There is not necessarily a correlation between logged in users and Maximum Connections, as logged in users refers to user handles maintained across HTTP requests.
Maximum State Attributes	The maximum attributes a user may have. Attributes are referenced using the RCS scripting variable, and are used to maintain state about a user for the duration of the login.
Maximum Simultaneous Logins	The maximum number of simultaneous logins for a single user. The default value zero (0) indicates an unlimited number of simultaneous users are permitted. If a user does not logout and attempts to reconnect with the limit set to one (1), the user will have to wait until the timeout duration is reached.
Timeout Duration	The maximum idle time (in seconds) before a logged in client is automatically logged out. Setting this value to 0 indicates an unlimited duration.
Admin Timeout Duration	The maximum idle time (in seconds) before a logged in administrator user is automatically logged out. The admin timeout may not be set to 0 (unlimited).
Application Directory	The temporary directory for use by external applications (SA_CTXPROP_APPLICDIR).
SSL Logins Only	Only permit user logins (/session/login) via an SSL connection.
Login on Authentication	Perform a user login (i.e. create a server-side user object when a user authenticates via HTTP login (security.ini or .htaccess). By default, user authentication restrictions in the security.ini and .htaccess files do not result in a user login. If set to true, this flag results in the /session/login event being called for authentication events triggered by security.ini or .htaccess. Note: This only applies to .htaccess authentications performed using the Sambar Server passwd* file. Use of an alternative AuthUserFile will not trigger this feature.*
Startup Script	Script to run on server startup. This script can be used to set environment variables etc. The location of the script is relative to documents directory (it must begin with a leading slash (/)).
Shutdown Script	Script to run on server shutdown. This script can be used to disable a modem etc. The location of the script is relative to documents directory (it must begin with a leading slash (/)).
Login Script	Script to run on user login. This script can be used to set state variables, profile attributes etc. The location of the script is relative to documents directory (it must begin with a leading slash (/)).
Logout Script	Script to run on user logout. This script can be used to log the user's activity to the RDBMS or perform other cleanup activity. The location of the script is relative to documents directory (it must begin with a leading slash (/)).
Monitor Invalid Logins	Monitor invalid logins and freeze logins from the IP addresses of hosts that exceed the Maximum Invalid Logins. Note: All tracking is performed via IP address. This can adversely affect large groups of users that come from hosts behind a proxy such as AOL. Important! This feature cannot be used if you are behind a proxy or firewall that performs address translation.
Maximum Invalid Logins	The maximum number of invalid logins that are allowed from a given IP address before all logins are frozen from that host for Invalid Login Wait.
Invalid Login Wait	The duration, in seconds, that an IP address is restricted from attempting another login once the Maximum Invalid Logins are reached.
Monitor Invalid Requests	Monitor invalid requests and freeze all requests from the IP addresses of hosts that exceed the Maximum Invalid Requests. Enabling this feature imposes a significant performance penalty on the server and increases the memory requirements by several mega bytes; it can prevent some types of server attacks as well as some DOS attacks. Note: All tracking is performed via IP address. This can adversely affect large groups of users that come from hosts behind a proxy such as AOL.
Maximum Invalid Logins	The maximum number of invalid logins that are allowed from a given IP address before all logins are frozen from that host for Invalid Login Wait.
Invalid Request Wait	The duration, in seconds, that an IP address is restricted from attempting another login once the Maximum Invalid Logins are reached.
Share User Logins	Some WebDAV clients are not able to reuse a user login via the HTTP cookie mechanism. If set to true, this boolean parameter indicates that any relogin for a user and IP address that is already logged in should re-use the existing login (rather than creating a new server-side user login structure).
Automatic Relogin	In the event of a session expiration due to timeout, a user can come to a server with an otherwise valid user cookie for the realm, but no server-side authenticated account. If this variable is set to true, the server will attempt to automatically relogin the user.

Log Search Results	A boolean indicating whether search requests should be logged to the log/search.log file.
Allow Wildcarding	A boolean indicating whether search queries may contain wild-card characters for pattern-matched searches.
Index Only	The file extensions to index when traversing the Documents Directory. This is a space separated list of file extensions. Note: the character ~ can be used to indicate that the server should index files without extensions (plain text).
Valid Characters	A list of all characters that may comprise a valid search string. This list may not have any spaces. Only single-byte character sets are supported.

INIT	The DLL and function to call during the INIT event.
EXIT	The DLL and function to call during the EXIT event.
REQUEST	The DLL and function to call during the REQUEST event.
LOGIN	The DLL and function to call during the LOGIN event.
LOGOUT	The DLL and function to call during the LOGOUT event. Note: Every client that logs in is guaranteed to log out (even in the event of a shutdown), however, once a single LOGIN event is called for a client (even if unsuccessful), all LOGOUT events are called. Care must be taken when cleaning up in the logout handler.
PROFILE	The DLL and function to call during the PROFILE request (RCP scripting variable). The maximum length of the buffer passed in for the return data is 256 bytes.
NETCONNECT	The DLL and function to call during the a server connection. The IP address and server type are passed as parameters and access is denied to the server if the function returns SA_FAIL.
FTP	The DLL and function to call for username/password authentication during an FTP login. The username and password are passed as parameters and the FTP access structure is filled in on a successful login. Access is denied to the FTP server if the function returns SA_FAIL.
HTTPPROXY	The DLL and function to call for each HTTP Proxy request. The hostname or IP address and URL being requested are passed as parameters and the proxy request is terminated if the function returns SA_FAIL. For connections where keep-alives are used, only the first request is processed via the HTTPPROXY event handler, subsequent proxy requests on the keep-alive connection are not filtered. If the HTTP proxy is an SSL request (SSL-tunneling), the URL will be NULL as the proxy does not interpret SSL packets.
ENVIRONMENT	The DLL and function to call for each environment request. This allows user-defined environment variables to be used withing if/then/else conditional logic or to be passed as parameters to RPC methods. System defined environment variables have precedence over user-defined arguments. The maximum length of the buffer passed in for the return data is 256 bytes.