Configuration for WAF is very straightforward. There is a single configuration file, /etc/ccm-core.cfg, which handles configurations for the WAF core application. Understanding this file and how it works is the key to success. If you have used WAF in the past and are familiar with this file, please take the time to review it again for changes. Configuration variables are not necessarily consistent across versions.
The configuration file is relatively straightforward and self-explanatory. Some of the items it handles are:
Defines database connections.
Configures administrator details such as name, contact info and password.
Sets cache and log expiry values.
Specifies important values.
Details logging information
Disables/enables developer debugging
Other important configuration information.
It is very important to consider and test your configuration, both for the initial installation and subsequent changes. Because of the central role of this configuration file, it is one location where a single character out of place could disable the entire application.
Tip | |
---|---|
Once you have tested and completed your initial configuration file, you can check it into a source and revision control system (such as RCS or CVS) along with the installation file you used (RPM or ZIP). If you ever need to recreate your WAF installation from scratch, these files are most of what you need. |
Tip | |
---|---|
If your system consists of a single instance of WAF with no cache peers, leave the caching cachePeers parameter blank. For single instances of CMS you can also leave publishToFile server, thisServer, and publishSource parameters blank. Any reference to a host which cannot be resolved may cause serious memory leaks. |
Here is a list of the prompts and values in a typical configuration file (your configuration file may have different values depending on the specific RPM/ZIP that you are using):
Parameter | Description | Sample Value |
---|---|---|
servlet-container | Name of a servlet container. | tomcat4 |
servlet-webxml | Determines which web.xml file to use. | servlet23 |
app-home | Home directory of your application. | /var/www/ccm-core |
runtime-home | Home directory of the runtime. | /usr/share/ccm-core |
tomcat-home | The home of your Tomcat installation. | /usr/share/tomcat |
user | The user that the servlet process will run as. | servlet |
group | The group that the servlet process will run as. | servlet |
java-home | $JAVA_HOME for this server. | /opt/IBMJava2-131 |
jre-args | Arguments to be passed to the JRE e.g., stack size. | |
http-port | The port that Tomcat will listen on for HTTP requests. | 8000 |
shutdown-port | The port that Tomcat will listen on for shutdown requests. | 8005 |
admin-answer | The answer to the question the administrator would be asked if they forgot their password. | 6 |
admin-email | Site administrator's email address. | [email protected] |
admin-forename | Administrator's first name. | Administrator |
admin-password | Administrator password. | 123456 |
admin-question | Question administration will be asked if their password is forgotten. | 12345? |
admin-screenname | Used if screen name/username authentication is used instead of email address. | JaneDoeAdmin |
admin-surname | Administrator's last name. | Doe |
cache-expiry | How long to cache pages, in seconds. | 259200 |
caching-active | Is caching on or off. | yes |
db-pass | Password to access the database schema. | dbpassword |
db-pool | Number of connections to hold open. | 100 |
db-user | Username to access the database schema. | dbuser |
debug-mode | Enable debugging. Make sure this is false for production instances. | false |
developer-support | Enable developer support for debugging. Make sure this is false for production instances. | false |
front-page | URL for registration page. Do not change this unless you have a custom registration page. | register/ |
hostname | Hostname of the server. | ccm.example.com |
jdbc-url | The JDBC URL to access the database. You can also use a tnsnames.ora entry immediately after the @ symbol. | jdbc:oracle:oci8:@(DESCRIPTION = (ADDRESS_LIST = (ADDRESS = (PROTOCOL = TCP)(HOST = localhost )(PORT = 1521 )))(CONNECT_DATA = (SERVICE_NAME = oracle ) (SRVR = DEDICATED))) |
log-dir | Logfiles directory. This must be created during installation or the server will not start. | /var/log/projectname |
log-level | Choices are debug, info, warn, error, fatal; use fatal for production. | fatal |
log-size | Log file size before it gets rolled over, measured in bytes. | 1000000 |
permissionsDMLChecking | Automatically enforce permissions for all DML (save, delete, update) operations? | true |
sitename | Set to what you want to appear on the login page of the site. | Web Application Framework |
smtp-host | Set to this server's SMTP host. | localhost |
state-dir | This directory is used by the security initializer. It must be writable by the servlet container process, and must exist for WAF to start. | /var/www/ccm-core/lib |
xslt-engine | Which XSLT engine should we use? We recommend Saxon in production. | Saxon |
xslt-timeout | This is measured in seconds, and defines how often the file system is checked for changes in the XSL stylesheets. [a] | 60000 |
Notes: a. On a production system, this number should be higher to prevent the system from needlessly checking for new stylesheets. A development, pre-production or testing system might use a lower value, especially where new stylesheets are being tested but the WAF services are not going to be restarted. |
Table 5-1. Configuration Values