Manage the HTTP server

Add an HTTP server

To add an HTTP server, go to the Server Control page and on the HTTP Servers pane, click Actions > Add Server.

The following table presents all parameters and expected values associated with your new HTTP server.

Field Description
General
Server Name Enter a unique name of your server.
Enable HTTP Select to enable HTTP transfers.
Enable HTTPS Select to enable HTTPS transfers.
Enable HSTS

Select to enable HSTS to always send the "Strict-Transport-Security" HTTPS response header to redirect plain HTTP connections to HTTPS.

With this functionality, two dedicated Server Configuration options for HSTS are added:

  • Http.Security.Hsts.enabled - Enable or disable HSTS for the HTTP server. Serves the same purpose as the check-box. Possible values are: true or false. It is only editable from the Server Configuration page. The default value is true.
  • Http.Security.Hsts.max-age - HSTS header maximum age attribute value for the HTTP server measured in seconds. The default value is 6-months which is equivalent to 15768000 seconds.

Enable FIPS Select to enable FIPS transfer mode for HTTPS connections.

By selecting this option, the Enabled FIPS Ciphers field becomes editable.

HTTP Port Enter the port number of your HTTP listener.
HTTPS Port Enter the port number of your HTTPS listener.
Login Format

Select the authentication format for end-user login:

  • HTML – for user login using the ST Web Client login form
  • BA – basic authentication
  • ERR – must use config/auth agents
  • PREAUTH – config/auth agents + HTML login page in case of failed login
Redirect hostname Enter a redirect host name or IP address. When you set this value, all requests to the ST Web Client, subsequent to the first one, will be bound to that hostname. Use this option in the case where a DNS switch occurs to avoid requests getting split across different nodes.
SSL Settings
Client Certificate

This drop-down list presents the options to define support for certificate use for HTTP authentication. Possible values are:

  • Disabled – no certificate authentication is required
  • Required – the client must authenticate using a certificate
  • Optional – the client can authenticate either using a certificate or a password
SSL Key Alias Select an SSL Key Alias from the drop-down list, for example, HTTPd.
SSL Protocol Enter the used SSL protocol group: SSL or TLS (TLS by default). Note that with SecureTransport running on AIX systems, the default value is SSL_TLS.
Enabled SSL Protocols

Enter a comma-separated list of SSL protocol versions to be enabled.

Default value for newly created HTTPS servers after updating to SecureTransport 5.5-20210930: TLSv1.2, TLSv1.3.

Default value for existing HTTPS servers: TLSv1, TLSv1.1, TLSv1.2.
For instructions on how to enable TLSv1.3 protocol support, refer to the SecureTransport 5.5 Security guide.

Enabled Ciphers

Enter the cipher suites to be used with your HTTPS server.

For more information on Cipher suites, refer to SecureTransport cipher suites in the SecureTransport Security Guide.

Enabled FIPS Ciphers

Modify the cipher suite set to be used with your HTTP server in FIPS mode.

By default, this field is populated with all FIPS compliant TLS cipher suites supported by SecureTransport. For the complete list, see Advertised ciphers and cipher suites.

Click the "down arrow" icon on the right to access a drop-down menu with options to select and deselect all items, reset to defaults, and reload the previously saved selection.

For the default HTTP server, the list of allowed cipher suites in FIPS mode is determined by the Http.FIPS.Ssl.EnabledCipherSuites configuration option.

Authentication Parameters
Allowed Authentication Parameters Enter the allowed HTTP Authentication parameters, separated by a semi-colon (;).
Allowed Authentication Parameters Max Size Enter the allowed HTTP Authentication parameters maximum size in bytes.
Content Security Policy Enter the value of the Content-Security-Policy header.
XSS Protection Enter the value of the X-XSS-Protection header.
Content Type Options Enter the value of the X-Content-Type-Options header, for example: nosniff.
Referrer Policy Enter the value of the Referrer-Policy header. Accepted values are: no-referrer, no-referrer-when-downgrade, origin, origin-when-cross-origin, same-origin, strict-origin, strict-origin-when-cross-origin, unsafe-url
Expect CT Enter the value of the Expect-CT (certificate transparency) header. Accepted values are: max-age=<age>; enforce; report-uri=<uri>. The enforce and report-uri directives are optional.

Once you are finished entering the parameters of your HTTP server, click Save to create it; or Cancel to discard all changes and return to the Server Control page.

Start and stop an HTTP server

You can easily start and stop your HTTP server.

  • Start your server by clicking the "play" icon:
    A box with a success message pops up on your screen and your server status changes to Running.
  • To stop your server, click the "stop" icon.
    A box with a success message pops up on your screen and your server status changes to Stopped.

You can only start the HTTP daemon once the Http Default server is operating (enabled). Stopping the daemon will stop all underlying started servers. During daemon start, only the enabled servers will be started. In case of HTTP, an "enabled server" means that you have at least selected either option: Enable HTTP or Enable HTTPS.

Edit HTTP server settings

You can change any of the HTTP server property values. Note that you can change the server name only when the server is stopped. To update an HTTP server, click the corresponding "gear" icon:
A new modal box with the HTTP settings pops up. Add your changes and click Save to apply your changes; or Cancel to discard them.

Delete an HTTP server

Note You cannot delete or change the name of the "Http Default" server from the SecureTransport Administration Tool.

You can only delete a server once it is stopped. You cannot delete a server in Running status.

To delete a server, locate it on the Server Control page, make sure it is stopped and click the corresponding "trashcan" icon:

Back to Top

Related Links