Useful Technote -

Recommended values for web server plug-in config

Technote (FAQ)

Question

In the web server plug-in, what do the LoadBalanceWeight, MaxConnections, ConnectTimeout, ServerIOTimeout, RetryInterval, IgnoreAffinityRequests, and GetDWLMTable options mean and what are the recommended settings for these options?

What affect does Session Affinity have?

How are connections handled during plug-in fail-over?

What is the effect of using more than one web server child process?
Answer
Read the following technote -
http://www-01.ibm.com/support/docview.wss?uid=swg21318463

--
Thanks and Regards
Bhaskar Ramaraju
http://www.linkedin.com/in/ramarajubhaskar

WAS Migration Step By Step

Here is the IBM WAS Tech Library Article on "A quick guide for migrating to WebSphere Application Server V6.1"

http://www.ibm.com/developerworks/websphere/library/techarticles/0608_chalmers/0608_chalmers.html

SSL Technotes

Here are some useful technotes on implementing custome SSL on WAS.
Creating Custom Secure Socket Layer (SSL) Key Files for V5.0 using a CA Certificate
Creating Custom Secure Socket Layer (SSL) Key Files for V6.0 using a CA Certificate
Manually Replacing SSL Certificates in V6.1







Note -
Please join in my WebSphere Community in Orkut, WebSphere Zone

Enable Trace in Plugin-cfg.xml

WebServer Plugin writes a log, by default its named as http-plugin.log, by default placed under PLUGIN_HOME/logs/
Plugin writes Error messages into this log. The attribute which deals with this is
< Log > in the plugin-cfg.xml
Ex.,
< Log LogLevel="Error" Name="/usr/IBM/WebSphere/Plugins/logs/http_plugin.log" / >

According to above line all Error messages will be written into http-plugin.log.

How to enable trace in the plugin-cfg.xml? if that is the question, do like this -

< Log LogLevel="Trace" Name="/usr/IBM/WebSphere/Plugins/logs/http_plugin.log" / >

From the InfoCenter -
Plug-in Problem Determination Steps
The plug-in provides very readable tracing which can be beneficial in helping to figure out the problem. By setting the LogLevel attribute in the config/plugin-cfg.xml file to Trace, you can follow the request processing to see what is going wrong.
Note: If you are using a Veritas File System with large file support enabled, file sizes up to two terabytes are allowed. In this case, if you set the LogLevel attribute in the plugin-cfg.xml file to LogLevel=Trace, then the http_plugin.log file might grow quickly and consume all available space on your file system. Therefore, you should set the value of the LogLevel attribute to ERROR or DEBUG to prevent high CPU utilization.
At a high level, complete these steps.
The plug-in gets a request.
The plug-in checks the routes defined in the plugin-cfg.xml file.
It finds the server group.
It finds the server.
It picks the transport protocol, HTTP or HTTPS.
It sends the request.
It reads the response.
It writes it back to the client.


Here is the URL for Web server plug-in troubleshooting tips

Multiple Authentication Bypass Vulnerabilities within IBM WAS

Multiple Authentication Bypass Vulnerabilities within IBM WebSphere Application Server

OVERVIEW:
Two vulnerabilities in IBM WebSphere Application Server have recently been made public. IBM WebSphere Application Server is a software application server that uses web technologies and can be implemented on many common operating systems. Both vulnerabilities may allow malicious users to bypass authentication required to access a service running on the vulnerable server. Successful exploitation may allow attackers to gain unauthorized access to the service, which may lead to other attacks.

SYSTEMS AFFECTED:
The vulnerability identified by IBM in PK72138 (Bugtraq ID 35594):
* IBM WebSphere Application Server 7.0 1
* IBM WebSphere Application Server 6.1 23
* IBM WebSphere Application Server 6.1 22
* IBM WebSphere Application Server 6.1 21
* IBM WebSphere Application Server 6.1 20
* IBM WebSphere Application Server 6.1 19
* IBM WebSphere Application Server 6.1 18
* IBM WebSphere Application Server 6.1 17
* IBM WebSphere Application Server 6.1 15
* IBM WebSphere Application Server 6.1 13
* IBM WebSphere Application Server 6.1 12
* IBM WebSphere Application Server 6.1 10
* IBM WebSphere Application Server 6.1 .9
* IBM WebSphere Application Server 6.1 .7
* IBM WebSphere Application Server 6.1 .6
* IBM WebSphere Application Server 6.1 .5
* IBM WebSphere Application Server 6.1 .3
* IBM WebSphere Application Server 6.1 .2
* IBM WebSphere Application Server 6.1 .14
* IBM WebSphere Application Server 6.1 .1
* IBM WebSphere Application Server 6.1
* IBM WebSphere Application Server 6.1
* IBM WebSphere Application Server 6.1
* IBM WebSphere Application Server 6.1
* IBM WebSphere Application Server 6.1
* IBM WebSphere Application Server 6.1
* IBM WebSphere Application Server 7.0

The vulnerability identified by IBM in PK75992 (Bugtraq ID 35610):
* IBM WebSphere Application Server 7.0 1
* IBM WebSphere Application Server 6.1 21
* IBM WebSphere Application Server 6.1 19
* IBM WebSphere Application Server 6.1 17
* IBM WebSphere Application Server 6.1 15
* IBM WebSphere Application Server 6.0.2 31
* IBM WebSphere Application Server 6.0.2 29
* IBM WebSphere Application Server 6.0.2 27
* IBM WebSphere Application Server 6.0.2 .25
* IBM WebSphere Application Server 7.0

RISK:
Government:
* Large and medium government entities: High
* Small government entities: High

Businesses:
* Large and medium business entities: High
* Small business entities: High

Home users: N/A

DESCRIPTION:
IBM has confirmed the existence of two vulnerabilities that may allow a remote attacker to bypass application server authentication. Exploiting these vulnerabilities could allow an attacker to access restricted services, which may then lead to other attacks. Both vulnerabilities are associated with WS-Security, which is the security implementation within the Java API for XML Web Services (JAX-WS).
The first vulnerability discovered within WS-Security, referenced and addressed by IBM in PK72138, can only be exploited when the security policy is implemented at the 'Operational Level'. When this policy is established, WS-Security does not properly handle inbound requests that lack a SOAPAction or WS-Addressing Action. An attacker can craft a malicious inbound request to exploit this vulnerability. Successful exploitation may allow attackers to bypass certain security restrictions, which may then lead to other attacks.
The second vulnerability, referenced and addressed by IBM in PK75992, arises in the way WS-Security validates the 'UsernameToken' object. It is possible for WS-Security to incorrectly validate these tokens, allowing a malicious user to bypass the authentication process. This may allow a malicious user to conduct further attacks.

RECOMMENDATIONS:
We recommend the following actions be taken:
* Apply appropriate patches provided by IBM to vulnerable systems immediately after appropriate testing.
* Deploy network intrusion detection systems to monitor network traffic for malicious activity.

REFERENCES:

IBM:
http://www-01.ibm.com/support/docview.wss?rs=180&context=SSEQTP&dc=D600&uid=swg21367223&loc=en_US&cs=UTF-8&lang=en&rss=ct180WebSphere

Security Focus:
http://www.securityfocus.com/bid/35594
http://www.securityfocus.com/bid/35610

CVE:
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0903