HP brings new secure Web features to the 3000

HP is ready to ship WebWise MPE/iX Secure Web Server version 4.0, software that offers 3000 sites the following new functionality based on the latest version of Apache 1.3.x:

• FileETag directive for controlling the HTTP ETag response header field used in cache management.
• IgnoreCase keyword added to the IndexOptions directive to provide case-insensitive directory sorting.
• Hostnames in log files captured with improved reliability.
• ProtocolReqCheck directive to enable stricter parsing of HTTP requests.
• Enhanced Include directive to support wildcard matching.
• SERVER_ADDR environment variable set to the server IP address that received the current request.
• CookieFormat and CookiePrefix directives for improved cookie handling.

WebWise has been included at no extra charge with the HP 3000’s operating system tapes, but the newest version will only be available using standard patch processes for now. It’s the kind of enhancement that may appear in an HP PowerPatch release in the months to come. Only HP support customers qualify for the PowerPatches. But standard patches are available to everyone at the HP IT Response Center.

The new WebWise version will be delivered for MPE/iX 6.5, 7.0, and 7.5.

WebWise consists of the 1.3 release of Apache, along with SSL security add-ons for Apache, an MM shared memory library, the OpenSSL cryptographic/SSL library, and the RSA BSAFE Crypto-C cryptographic library for the RC2, RC4, RC5, and RSA algorithms. HP warns that the software, which it tried to sell at $1,900 a copy and has now bundled into MPE/iX, is only one component in a secure environment. “By itself it does nothing to prevent the number one cause of Web server break-in events — poorly written CGI applications. Well-written CGI applications must rigorously validate every byte of data sent by a browser, and must refuse to process any input data containing unexpected characters.”

Copyright The 3000 NewsWire. All rights reserved