Add an HTTP server

To add aн HTTP server, go to the extended Server Control page and on the HTTP Servers pane, click Actions > Add Server.

The following table presents all parameters and expected values associated with your new HTTP server.

Field Description
General
Server Name Enter a unique name of your server.
Enable HTTP Select to enable HTTP transfers.
Enable HTTPS Select to enable HTTPS transfers.
Enable HSTS Select to enable HSTS if you want to disallow insecure HTTP transfers using this server.
Enable FIPS

Select to enable FIPS transfer mode for HTTPS connections.

By selecting this option, the Enabled FIPS Ciphers field becomes editable.

HTTP Port Enter the port number of your HTTP listener.
HTTPS Port Enter the port number of your HTTPS listener.
Login Format

Select the authentication format for end-user login:

  • HTML – for user login using the ST Web Client login form
  • BA – basic authentication
  • ERR – must use config/auth agents
  • PREAUTH – config/auth agents + HTML login page in case of failed login
Redirect hostname Enter a redirect host name or IP address. When you set this value, all requests to the ST Web Client, subsequent to the first one, will be bound to that hostname. Use this option in the case where a DNS switch occurs to avoid requests getting split across different nodes.
SSL Settings
Client Certificate

This drop-down list presents the options to define support for certificate use for HTTP authentication. Possible values are:

  • Disabled – no certificate authentication is required
  • Required – the client must authenticate using a certificate
  • Optional – the client can authenticate either using a certificate or a password
SSL Key Alias Select an SSL Key Alias from the drop-down list, for example, HTTPd.
SSL Protocol Enter the used SSL protocol group: SSL or TLS (TLS by default). Note that with SecureTransport running on AIX systems, the default value is SSL_TLS.
Enabled SSL Protocols

Enter a comma-separated list of SSL protocol versions (TLSv1, TLSv1.1, TLSv1.2 by default).

Enabled Ciphers

Enter the cipher suites to be used with your HTTPS server.

For more information on cipher suites, refer to the SecureTransport Cipher suites topic, part of the SecureTransport 5.4 Security guide.

Enabled FIPS Ciphers

Modify the cipher suite set to be used with your HTTP server in FIPS mode.

By default, this field is populated with all FIPS compliant TLS cipher suites supported by SecureTransport. For the complete list, see FIPS-compliant TLS cipher suites .

Click the "down arrow" icon on the right to access a drop-down menu with options to select and deselect all items and reset value to the previously saved selection.

For the default HTTP server, the list of allowed cipher suites in FIPS mode is determined by the Http.FIPS.Ssl.EnabledCipherSuites configuration option.

Authentication Parameters
Allowed Authentication Parameters Enter the allowed HTTP Authentication parameters, separated by a semi-colon (;).
Allowed Authentication Parameters Max Size Enter the allowed HTTP Authentication parameters maximum size in bytes.
Content Security Policy Enter the value of the Content-Security-Policy header.
XSS Protection Enter the value of the X-XSS-Protection header.
Content Type Options Enter the value of the X-Content-Type-Options header, for example: nosniff.
Referrer Policy Enter the value of the Referrer-Policy header. Accepted values are: no-referrer, no-referrer-when-downgrade, origin, origin-when-cross-origin, same-origin, strict-origin, strict-origin-when-cross-origin, unsafe-url
Expect CT Enter the value of the Expect-CT (certificate transparency) header. Accepted values are: max-age=<age>; enforce; report-uri=<uri>. The enforce and report-uri directives are optional.

Once you are finished entering the parameters of your HTTP server, click Save to create it; or Cancel to discard all changes and return to the Server Control page.

Start and stop a server

You can easily start and stop your HTTP server.

  • Start your server by clicking the "play" icon:
    A box with a success message pops up on your screen and your server status changes to Running.
  • To stop your server, click the "stop" icon.
    A box with a success message pops up on your screen and your server status changes to Stopped.

You can only start the HTTP daemon once the Http Default server is operating (enabled). Stopping the daemon will stop all underlying started servers. During daemon start, only the enabled servers will be started. In case of HTTP, an "enabled server" means that you have at least selected either option: Enable HTTP or Enable HTTPS.

Graceful shutdown logging

The server log displays information about active connections during an initiated graceful shutdown. For better visibility, a dedicated server option is introduced: GracefulShutdown.Logging.Interval. By default its value is 60s which means that active transfer information will be logged once every 60 seconds until all transfers are completed. Note that the graceful shutdown logging interval applies to all protocol servers.

Edit HTTP server settings

You can change any of the HTTP server property values. Note that you can change the server name only when the server is stopped. To update an HTTP server, click the corresponding "gear" icon:
A new modal box with the HTTP settings pops up. Add your changes and click Save to apply your changes; or Cancel to discard them.

Delete a HTTP server

Note You cannot delete or change the name of the "Http Default" server from the SecureTransport Administration Tool.

You can only delete a server once it is stopped. You cannot delete a server in Running status.

To delete a server, locate it on the Server Control page, make sure it is stopped and click the corresponding "trashcan" icon:

Related Links