HP WebWise MPE/iX Secure Web Server offers secure encrypted
communications between browser and server via the SSL and TLS protocols,
as well as strong authentication of both the server and the browsers
via X.509 digital certificates. HP WebWise MPE/iX Secure Web Server
is:
NOT a substitute
for a firewall (explicitly allow acceptable connections, etc.)
NOT a substitute for good host
security practices (change default passwords, keep the OS up-to-date,
etc.)
NOT a substitute for good application
security practices (use appropriate file and user security, carefully
validate all input data, etc.)
NOT a substitute for good human
security practices (communicate the importance of protecting sensitive
or proprietary data, no password sharing, etc.)
WebWise is just one component in a secure environment and
by itself does nothing to prevent the number one cause of web server
break-in events — poorly written CGI applications.
Well-written CGI applications must rigorously
validate every byte of data sent by a browser, and must refuse to
process any input data containing unexpected characters.
The security features of HP WebWise MPE/iX Secure Web Server
are based on mod_ssl which is not included in Apache for
MPE/iX distributed with MPE/iX 6.0 and later. Mod_ssl provides the following features:
SSLv2.0, SSLv3.0, and TLSv1.0 Protocols |
 |
These protocols lie between the HTTP and TCP/IP protocol layers
and provide secure, authenticated, encrypted communications between
the HP WebWise MPE/iX Secure Web Server server and browser clients.
X.509 Digital Certificates |
|
Signed by external trusted Certificate Authorities, X.509
certificates provide authentication for both the HP WebWise MPE/iX
Secure Web Server and browser clients.
Flexible Encryption Cipher Configuration |
|
HP WebWise MPE/iX Secure Web Server permits you to configure
a wide variety of encryption ciphers, ranging from high-grade domestic-only
algorithms to algorithms suitable for export.
Additional Log Files |
|
Two new log files, ssl_engine_log and ssl_request_log, allow you to log various events associated with secure
web requests.
Painless Migration of Existing Apache Content |
|
Your existing non-secure Apache content
can be migrated without change to HP WebWise MPE/iX Secure Web Server
and the SSL/TLS protocols. This includes CGI applications, which
will have access to a wide variety of new security-related environment
variables under HP WebWise MPE/iX Secure Web Server that will permit
granular, custom security checking.
New Functionality |
|
HP WebWise MPE/iX Secure Web Server is based on Apache 1.3.9
and introduces the following new Apache functionality that has either
been added to Apache since 1.3.4 or ported to MPE/iX for the first
time:
- mod_digest
MD5 digest-based user authentication described in RFC2617.
- mod_proxy
Ftp and http proxies and caching. Support for forwarding to
remote proxies, cache size, and cache expiration configuration.
- mod_rewrite
Powerful regexp-based matching rules for rewriting
an incoming browser URL request to a different server URL or server
file. Useful in large, dynamic environments where content structure
changes frequently. For advanced users only.
- mod_so
Dynamic Shared Objects (DSOs). Allows add-on Apache modules
to be built in external NMXLs and loaded at HP WebWise MPE/iX Secure
Web Server startup time.
- mod_vhost_alias
Allows specification of flexible configuration directory names
that simplify hosting large numbers of virtual web servers on the
same machine.
Bundled Modules |
|
The following modules are statically linked into HP WebWise
MPE/iX Secure Web Server (this list can be viewed by running HTTPDS
with the -l option: /APACHE/SECURE/HTTPDS -l):
The following modules are supplied as external DSOs:
mod_example (see /APACHE/SECURE/libexec/README and mod_example.c
Please note that HP does not support the use of any modules
other than those previously listed.
Printable version
