HPlogo Configuring and Managing MPE/iX Internet Services > Chapter 9 HP WebWise MPE/iX Secure Web Server

Product Overview and Feature Set

MPE documents

Complete PDF
Table of Contents
Glossary
Index

E0802 Edition 6 ♥
E0701 Edition 5
E0400 Edition 4

HP WebWise MPE/iX Secure Web Server offers secure encrypted communications between browser and server via the SSL and TLS protocols, as well as strong authentication of both the server and the browsers via X.509 digital certificates. HP WebWise MPE/iX Secure Web Server is A.03.00 and is composed of:

  • Apache 1.3.22

  • Mod_ssl 2.8.5 SSL security add-ons for Apache

  • MM 1.1.3 shared memory library

  • Openssl 0.9.6b crytographics/SSL library

  • RSA BSAFE Crypto-C 5.2 cryptographic library (for the RC2. RC4, RC5, and RSA algorithms)

HP WebWise MPE/iX Secure Web Server is NOT:

  • NOT a substitute for a firewall (explicitly allow acceptable connections, etc.)

  • NOT a substitute for good host security practices (change default passwords, keep the OS up-to-date, etc.)

  • NOT a substitute for good application security practices (use appropriate file and user security, carefully validate all input data, etc.)

  • NOT a substitute for good human security practices (communicate the importance of protecting sensitive or proprietary data, no password sharing, etc.)

WebWise is just one component in a secure environment and by itself does nothing to prevent the number one cause of web server break-in events — poorly written CGI applications. Well-written CGI applications must rigorously validate every byte of data sent by a browser, and must refuse to process any input data containing unexpected characters.

New Apache Functionality since 1.3.14

Most of the Apache Software Foundation development work since 1.3.14 consists of portability enhancements and bug fixes for various problems including security issues. Some minor new functionality has also been added, as partially listed below:

  • A new LogFormat directive of %c to display the connection status when each request is completed.

  • mod_auth has been enhanced to allow access to a document to be controlled, based on the owner of the file being server. Require file-owner will only allow files to be served where the authenicated username matches the use that owns the document. Require file-group works in a similar way checking that the group matches.

SSLv2.0, SSLv3.0, and TLSv1.0 Protocols

These protocols lie between the HTTP and TCP/IP protocol layers and provide secure, authenticated, encrypted communications between the HP WebWise MPE/iX Secure Web Server server and browser clients.

X.509 Digital Certificates

Signed by external trusted Certificate Authorities, X.509 certificates provide authentication for both the HP WebWise MPE/iX Secure Web Server and browser clients.

Flexible Encryption Cipher Configuration

HP WebWise MPE/iX Secure Web Server permits you to configure a wide variety of encryption ciphers, ranging from high-grade domestic-only algorithms to algorithms suitable for export.

Additional Log Files

Two new log files, ssl_engine_log and ssl_request_log, allow you to log various events associated with secure web requests.



Support

Migrating from Previous Versions of Apache