Setup EZWeb server on RedHat Linux 8.x Server

Started by nmartinez@bristolind.com, August 09, 2022, 01:04:03 PM

Previous topic - Next topic

nmartinez@bristolind.com

Hi Mike.. very quick question.. when the program with the .PXP suffix runs, are we able to have a BEGIN Directive  or are we able to CALL other programs with either RUN or CALL or another way?  Just trying to understand if we need to put all the code on the program with the .PXP suffix or we can call other programs..
Thank you!

Mike King

You should avoid a BEGIN or CLEAR as these will close the connection between the program and the web server and clear all the variables.

You can however do a CALL, PERFORM, or RUN to another program.  Generally for security we suggest you have only a handful of .pxp programs in your document root directory and those will access programs and files in other directories.  This provides additional security as it prevents hackers from trying to run programs they aren't supposed to.

For example, if you look at our web site www.pvxplus.com all the page and program requests are run thru the program pgsrvr.pxp which processes a pg= or tx= parameter on the URL to determine what to do.  The actual web pages, data and logic used by our web site is maintained on a separate directory that is not exposed to the web server. The pgsrvr program validates the request and establishes any environmental settings required.

If you look at Webster+ it too operates in much the same way.  All requests go through webster.pxp and the rest of the application is setup in directories outside the document root and are only accessible by first going through webster.pxp.
Mike King
President - BBSysco Consulting
eMail: mike.king@bbsysco.com

nmartinez@bristolind.com

Thank you very much Mike for the explanation!  It is greatly appreciated!!

nmartinez@bristolind.com

One last question.. is there a global variable that receives the FULL URL as it gets to the .pxp program.
Example:
If the user types on his browser https://www.pvxplus.com/example.pxp?id=999&wo=1234567

Is there a variable that can be accessed while example.pxp is running?
Thank you!

Mike King

There is no single variable that has the full URL but you can find the various components of the URL in order to reconstruct it.

Given an example of:   https://www.pvxplus.com/example.pxp?id=999&wo=1234567

%HTTP_HOST$ will have "www.pvxplus.com"
%Document_URI$ will have "/example.pxp"
%Query_String$ will have "id=999&wo=1234567"

You will also be able to determine if you need to prefix with http or https by checking if %server_secure = 1

BTW: A simple trick I use to find all the global variable settings is to create a small PxPlus program called 'dump.pxp' in the root of the site with one line

0010 A=1/0 ! Divide by zero to force dump


If I want to see what the global settings are I simply change the program name on the URL to dump.pxp and the system will give me a dump of all the global variables and other values that are being passed to my program.
Mike King
President - BBSysco Consulting
eMail: mike.king@bbsysco.com

nmartinez@bristolind.com


nmartinez@bristolind.com

Hi Mike,
How do we make sure our EZWeb Server is secure?  we are only allowing https, but don't know if there are ways to access the admin configuration section of it.. would like to make sure all holes (if any) are closed. In the document root (the parameter we added when starting the EZWeb Server on the RHEL Linux server) we have only the .pxp file.  My concern is that there might be some way to access the configuration of EZWeb Server by providing something else on the URL that I am not aware of.. 
Sorry for all the questions  :D
Thank you!!