IBM WebSphere XS40 Command Reference Manual
WebSphere
Version 3.7.2
®
DataPower XML Security Gateway XS40
Command Reference
WebSphere
Version 3.7.2
®
DataPower XML Security Gateway XS40
Command Reference
Note
Before using this information and the product it supports, read the information in “Notices and trademarks” on page 1011.
First Edition (December 2008)
This edition applies to version 3, release 7, modification 2, level 0 of IBM WebSphere DataPower XML Security
Gateway XS40 and to all subsequent releases and modifications until otherwise indicated in new editions.
© Copyright International Business Machines Corporation 1999, 2008.
US Government Users Restricted Rights – Use, duplication or disclosure restricted by GSA ADP Schedule Contract
with IBM Corp.
Contents
Preface ..............xix
Who should read this document .......xix
Publications ..............xix
Installation and upgrade documentation . . . xix
Administration documentation .......xx
Development documentation .......xx
Reference documentation .........xx
Integration documentation ........xxi
Problem determination documentation ....xxi
Supplemental documentations .......xxi
Reading syntax statements .........xxii
Directories on the appliance ........xxii
Object name conventions .........xxiv
Typeface conventions ..........xxiv
Chapter 1. Initial login and common
commands .............1
Initial login commands ...........1
Common commands ............2
admin-state ...............3
alias .................3
cancel.................4
clock .................5
configure terminal ............6
diagnostics ...............6
disable ................6
disconnect ...............7
echo .................7
enable ................7
exec .................8
exit .................9
help .................9
login ................10
ntp.................10
ping .................11
reset .................12
show ................12
shutdown ...............13
summary ...............13
switch domain .............14
template ...............14
test schema ..............15
test tcp-connection ............16
top.................16
traceroute ...............17
Chapter 2. Global configuration mode 19
aaapolicy ...............19
account (Common Criteria) .........19
acl.................21
action ................22
alias .................23
application-security-policy .........24
audit delete-backup (Common Criteria) .....25
audit level (Common Criteria) ........25
audit reserve (Common Criteria) .......25
cache schema ..............26
cache stylesheet .............27
cache wsdl ..............27
clear aaa cache .............28
clear arp ...............28
clear dns-cache .............29
clear pdp cache .............29
clear rbm cache .............30
clear xsl cache .............30
cli remote open .............31
cli telnet ...............31
compact-flash (Type 9235) .........33
compact-flash-initialize-filesystem (Type 9235) . . . 33
compact-flash-repair-filesystem (Type 9235)....33
compile-options .............34
conformancepolicy ............35
copy.................35
create-tam-files .............37
crypto ................39
delete ................40
deployment-policy ............40
dir.................41
disable ................42
dns.................42
document-crypto-map ...........43
documentcache .............43
domain ................44
failure-notification ............44
file-capture ..............45
flash.................46
ftp-quote-command-list ..........46
host-alias ...............46
httpserv ...............47
import-execute .............48
import-package .............48
include-config .............49
input-conversion-map ...........50
interface ...............50
ip domain ...............51
ip host ................52
ip name-server .............53
iscsi-chap (Type 9235) ...........54
iscsi-fs-init (Type 9235) ..........54
iscsi-fs-repair (Type 9235) ..........55
iscsi-hba (Type 9235) ...........56
iscsi-target (Type 9235) ..........56
iscsi-volume (Type 9235) ..........56
loadbalancer-group ............57
locate-device (Type 9235) ..........57
known-host ..............58
ldap-search-parameters ..........59
load-interval ..............59
logging category.............60
logging event..............60
logging eventcode ............61
© Copyright IBM Corp. 1999, 2008 iii
logging eventfilter ............62
logging object .............63
logging target .............64
loglevel................64
logsize ................65
matching ...............66
memoization ..............67
message-matching ............68
message-type ..............68
metadata ...............69
mkdir ................69
monitor-action .............70
monitor-count .............70
monitor-duration ............71
move ................71
mpgw ................72
mtom ................73
network ...............73
nfs-client ...............74
nfs-dynamic-mounts ...........74
nfs-static-mount .............75
ntp.................75
ntp-service ..............76
peer-group ..............76
policy-attachments ............77
policy-parameters ............77
radius ................78
raid-activate (Type 9235) ..........78
raid-delete (Type 9235) ..........79
raid-initialize (Type 9235) ..........79
raid-rebuild (Type 9235) ..........79
raid-volume (Type 9235) ..........80
raid-volume-initialize-filesystem (Type 9235) . . . 80
raid-volume-repair-filesystem (Type 9235) ....81
rbm.................81
refresh stylesheet ............82
remove chkpoint ............82
reset domain ..............83
reset username .............84
restart domain .............85
rmdir ................85
rollback chkpoint ............86
rule.................87
save chkpoint..............88
save error-report.............89
save internal-state ............89
save-config overwrite ...........90
schema-exception-map...........90
search results ..............91
send error-report ............92
send file ...............92
service battery-installed ..........93
service nagle ..............93
service-monitor .............94
set-system-var .............94
simple-rate-limiter ............95
slm-action ...............96
slm-cred ...............96
slm-policy ...............97
slm-rsrc................97
slm-sched ...............97
snmp ................98
soap-disposition .............99
source-ftp-poller .............99
source-ftp-server ............100
source-http ..............100
source-https ..............100
source-nfs-poller ............101
source-raw ..............101
source-stateful-tcp ............102
ssh.................102
sslforwarder..............103
sslproxy ...............105
ssltrace ...............107
startup ...............108
statistics ...............109
stylepolicy ..............109
no stylesheet .............110
switch domain .............111
syslog ................112
system................113
tam.................113
tcpproxy ...............114
template ...............115
test hardware .............116
test logging ..............116
test schema ..............117
test urlmap ..............118
test tcp-connection............119
test urlrefresh .............119
test urlrewrite .............120
tfim ................121
throttle ...............121
timezone ...............123
traceroute ..............123
uddi-registry .............123
uddi-subscription ............124
undo ................124
urlmap ...............125
urlrefresh...............126
urlrewrite ..............127
user ................127
user-agent ..............128
user-expire-password...........128
user-password .............129
usergroup ..............129
vlan-sub-interface ............129
watchdog...............130
web-application-firewall ..........131
web-mgmt ..............131
webapp-error-handling ..........133
webapp-gnvc .............133
webapp-request-profile ..........134
webapp-response-profile..........134
webapp-session-management ........135
write memory .............135
wsgw ................136
wsm-agent ..............136
wsm-endpointrewrite...........136
wsm-rule ...............137
wsm-stylepolicy ............137
wsrr-server ..............138
iv Command Reference
wsrr-subscription ............138
wsrr-synchronize ............139
xml parser limits ............139
xml validate ..............139
xmlfirewall ..............141
xml-manager .............141
xml-mgmt ..............142
xpath-routing .............143
xsl cache size .............143
xsl checksummed cache ..........144
xslconfig ...............145
xslcoproc ...............145
xslproxy ...............147
xslrefresh...............148
zos-nss ...............149
Chapter 3. AAA Policy configuration
mode ...............151
actor-role-id ..............151
authenticate ..............152
authorize ...............153
authorized-counter ...........154
cache-allow ..............154
cache-ttl ...............154
dos-valve...............155
extract-identity .............156
extract-resource.............156
ldap-suffix ..............157
ldap-version ..............157
log-allowed ..............158
log-allowed-level ............158
log-rejected ..............158
log-rejected-level ............159
map-credentials ............159
map-resource .............160
namespace-mapping ...........160
ping-identity-compatibility .........161
post-process ..............161
rejected-counter ............161
saml-artifact-mapping ..........162
saml-attribute .............162
saml-name-qualifier ...........163
saml-server-name ............163
saml-sign-alg .............163
saml-sign-cert .............164
saml-sign-hash .............164
saml-sign-key .............165
saml-valcred..............165
saml2-metadata.............165
ssl.................166
transaction-priority ...........166
wstrust-encrypt-key ...........166
Chapter 4. Access Control List
configuration mode.........169
allow ................169
deny ................170
Chapter 5. Application Domain
configuration mode.........173
config-mode ..............173
deployment-policy............173
domain-user (deprecated) .........174
file-monitoring .............175
file-permissions.............175
import-format .............176
import-url ..............176
local-ip-rewrite .............177
maxchkpoints .............177
reset domain .............178
visible-domain .............179
Chapter 6. Application Security Policy
configuration mode.........181
error-match ..............181
request-match .............182
response-match.............182
Chapter 7. Compact Flash
configuration mode (Type 9235) . . . 185
directory ...............185
read-only...............185
Chapter 8. Compile Options Policy
configuration mode.........187
allow-soap-enc-array ...........187
debug ................187
minesc ...............188
profile ................188
stack-size ...............189
stream................189
strict ................190
try-stream ..............190
validate-soap-enc-array ..........191
wildcard-ignore-xsi-type..........191
wsdl-strict-soap-version ..........191
wsdl-validate-body ...........192
wsdl-validate-faults ...........192
wsdl-validate-headers ..........193
wsdl-wrapped-faults ...........194
wsi-validate ..............194
xacml-debug .............194
xslt-version ..............195
Chapter 9. Conformance Policy
configuration mode.........197
assert-bp10-conformance .........197
fixup-stylesheet.............197
ignored-requirements...........198
profiles ...............199
reject-include-summary ..........200
reject-level ..............200
report-level ..............201
report-target..............202
response-properties-enabled ........202
response-reject-include-summary .......203
response-reject-level ...........203
response-report-level ...........204
response-report-target ..........204
Contents v
result-is-conformance-report ........205
use-crl................256
Chapter 10. CRL configuration mode 207
bind-dn ...............207
bind-pass...............207
fetch-url ...............208
issuer ................208
read-dn ...............209
refresh................209
remote-address .............210
ssl-profile...............211
Chapter 11. Crypto configuration
mode ...............213
certificate...............213
cert-monitor ..............215
crl.................215
crypto-export .............216
crypto-import .............216
decrypt ...............217
encrypt ...............219
fwcred................220
hsm-clone-kwk (HSM models)........221
hsm-delete-key (HSM models)........222
hsm-reinit (HSM models) .........222
idcred ................222
kerberos-kdc .............224
kerberos-keytab ............224
key.................225
keygen ...............227
password-map .............230
profile ................231
sign ................236
sskey ................237
test password-map ...........239
valcred ...............240
validate ...............241
Chapter 15. Deployment Policy
configuration mode.........257
??? accept ..............257
??? filter ...............258
??? modify ..............259
Chapter 16. DNS Settings
configuration mode.........263
name-server ..............263
search-domain .............264
static-host ..............265
Chapter 17. Document Cache
configuration mode.........267
clear ................267
maxdocs ...............268
policy ................268
size.................270
static-document-calls ...........270
Chapter 18. Document Crypto Map
configuration mode.........273
namespace-mapping ...........273
operation ...............273
select ................274
Chapter 19. Failure Notification
configuration mode.........275
always-on-startup ............275
email-address .............275
internal-state .............275
location-id ..............276
remote-address .............276
Chapter 12. Crypto Certificate Monitor
configuration mode.........243
disable-expired-certs ...........243
log-level ...............244
poll.................244
reminder ...............245
Chapter 13. Crypto Firewall
Credentials configuration mode . . . 247
certificate...............247
key.................247
sskey ................248
Chapter 14. Crypto Validation
Credentials configuration mode . . . 251
cert-validation-mode ...........251
certificate...............252
crldp ................253
explicit-policy .............253
initial-policy-set ............254
require-crl ..............255
vi Command Reference
Chapter 20. Flash configuration mode 277
boot config ..............277
boot delete ..............277
boot image ..............278
boot switch ..............278
boot update ..............279
copy ................280
delete ................282
dir.................283
move ................284
reinitialize ..............284
shutdown ..............285
Chapter 21. FTP Poller Front Side
Handler configuration mode .....287
delay-time ..............287
error-delete ..............287
error-rename-pattern ...........287
match-pattern .............288
processing-rename-pattern .........288
processing-seize-pattern ..........289
processing-seize-timeout..........290
result ................291
result-name-pattern ...........291
success-delete .............292
success-rename-pattern ..........292
target-dir ...............292
xml-manager .............293
Chapter 22. FTP Quoted Commands
configuration mode.........295
quoted-command ............295
local-address .............321
http-client-version ............321
max-header-count ............322
max-header-name-len...........322
max-header-value-len...........323
max-querystring-len ...........323
max-total-header-len ...........323
max-url-len ..............324
persistent-connections ..........324
port ................325
Chapter 23. FTP Server Front Side
Handler mode ...........297
acl.................298
address ...............298
allow-ccc ...............299
allow-compression............299
allow-restart..............300
allow-unique-filename ..........300
certificate-aaa-policy ...........300
data-encryption.............301
default-directory ............301
filesystem ..............302
filesystem-size .............303
idle-timeout ..............303
max-filename-len ............303
passive ...............304
passive-idle-timeout ...........304
passive-port-max ............305
passive-port-min ............306
passive-port-range............306
persistent-filesystem-timeout ........307
password-aaa-policy ...........307
port ................308
require-tls ..............308
response-nfs-mount ...........309
response-storage ............309
response-suffix .............310
response-type .............311
response-url ..............311
restart-timeout .............312
ssl.................312
unique-filename-prefix ..........312
virtual-directory ............313
Chapter 27. HTTP Input Conversion
Map configuration mode ......327
default-encoding ............327
rule ................328
Chapter 28. HTTP Service
configuration mode.........329
acl.................329
identifier ...............329
ip-address ..............330
local-directory .............330
mode ................331
port ................332
priority ...............332
start-page ..............332
Chapter 29. HTTPS Front Side Handler
mode ...............335
acl.................335
allowed-features ............336
compression ..............337
local-address .............337
http-client-version ............337
max-header-count ............338
max-header-name-len...........338
max-header-value-len...........339
max-querystring-len ...........339
max-total-header-len ...........339
max-url-len ..............340
persistent-connections ..........340
port ................341
ssl.................341
Chapter 24. Hard Disk Array
configuration mode (Type 9235) . . . 315
directory ...............315
read-only...............315
Chapter 25. Host Alias configuration
mode ...............317
ip-address ..............317
Chapter 26. HTTP Front Side Handler
mode ...............319
acl.................319
allowed-features ............320
compression ..............321
Chapter 30. Import Configuration File
configuration mode.........343
auto-execute..............343
deployment-policy............344
import-format .............344
local-ip-rewrite .............345
overwrite-files .............345
overwrite-objects ............345
source-url ..............346
Chapter 31. Include Configuration File
configuration mode.........347
auto-execute..............347
config-url...............347
interface-detection ............348
Contents vii
Chapter 32. Interface configuration
mode ...............351
arp.................351
dhcp ................351
ip address ..............352
ip default-gateway ...........353
ip route ...............353
mac-address ..............354
mode ................355
mtu ................355
packet-capture .............356
standby ...............357
Chapter 33. iSCSI CHAP configuration
mode (Type 9235) .........361
password...............361
username...............361
Chapter 34. iSCSI Host Bus Adapter
configuration mode (Type 9235) . . . 363
dhcp ................363
iname ................364
ip-address ..............364
ip default-gateway ...........365
Chapter 35. iSCSI Target configuration
mode (Type 9235) .........367
chap ................367
hba.................367
hostname...............368
port ................368
target-name ..............369
Chapter 36. iSCSI Volume
configuration mode (Type 9235) . . . 371
directory ...............371
lun.................371
read-only...............372
target................372
Chapter 37. Kerberos KDC Server
configuration mode.........373
port ................373
realm ................373
server ................374
tcp.................374
udp-timeout ..............375
Chapter 38. Kerberos Keytab
configuration mode.........377
filename ...............377
use-replay-cache ............377
filter-suffix ..............380
returned-attribute ............380
scope ................381
Chapter 40. Load Balancer Group
configuration mode.........383
algorithm...............383
damp ................384
giveup-when-all-members-down .......385
health-check ..............385
masquerade ..............387
server ................387
try-every-server ............388
Chapter 41. Log Target configuration
mode ...............389
ansi-color...............389
archive-mode .............389
backup ...............390
email-address .............390
encrypt ...............390
event ................391
event-code ..............392
event-detection .............392
event-filter ..............393
facility................394
feedback-detection............394
format................394
group (deprecated) ...........395
local-address .............395
local-file ...............396
local-ident ..............396
nfs-file................396
nfs-static-mount ............397
object ................397
rate-limit ...............398
remote-address .............398
remote-directory ............399
remote-login..............400
remote-port ..............401
retry (deprecated) ............402
rotate ................402
sender-address .............403
sign ................403
size.................403
smtp-domain .............404
soap-version..............405
ssl.................405
suppression-period ...........405
timeout (deprecated) ...........406
timestamp ..............406
type ................406
upload-method .............407
url.................408
Chapter 39. LDAP Search Parameters
configuration mode.........379
base-dn ...............379
filter-prefix ..............379
viii Command Reference
Chapter 42. Matching Rule
configuration mode.........409
combine-with-or ............409
errorcode ...............409
fullurlmatch (deprecated) .........410
hostmatch (deprecated) ..........410
httpmatch ..............410
match-with-pcre ............411
no match ...............411
urlmatch ...............411
xpathmatch ..............412
Chapter 43. Message Count Monitor
configuration mode.........413
distinct-sources .............413
filter ................413
header................414
measure ...............415
message-type .............415
source ................416
Chapter 44. Message Duration Monitor
configuration mode.........417
filter ................417
measure ...............418
message-type .............419
Chapter 45. Message Filter Action
configuration mode.........421
block-interval .............421
log-priority ..............422
type ................422
Chapter 46. Message Matching
configuration mode.........425
http-header ..............425
http-header-exclude ...........426
ip.................427
ip-exclude ..............427
method ...............428
request-url ..............429
Chapter 47. Message Type
configuration mode.........431
message-matching ............431
Chapter 48. MTOM Policy
configuration mode.........433
include-content-type ...........433
mode ................433
rule ................434
Chapter 49. Multi-Protocol Gateway
configuration mode.........435
attachment-byte-count ..........435
attachment-package-byte-count .......435
attribute-count .............436
back-attachment-format ..........436
back-persistent-timeout ..........437
back-timeout .............437
backend-url ..............438
chunked-uploads ............438
compression ..............439
default-param-namespace .........440
element-depth .............440
external-references............441
follow-redirects.............441
forbid-external-references (deprecated) .....442
front-attachment-format ..........442
front-persistent-timeout ..........442
front-protocol .............443
front-timeout .............443
fwcred................444
gateway-parser-limits...........444
host-rewriting .............445
http-client-ip-label ............446
http-server-version ...........446
include-content-type-encoding........447
inject ................447
load-balancer-hash-header .........448
loop-detection .............449
max-message-size ............449
max-node-size .............450
mime-back-headers ...........450
mime-front-headers ...........451
monitor-count .............452
monitor-duration ............452
monitor-processing-policy .........453
monitor-service.............454
parameter ..............454
persistent-connections ..........455
priority ...............456
process-http-errors............456
propagate-uri .............457
query-param-namespace..........458
request-attachments ...........458
request-type ..............459
response-attachments...........460
response-type .............461
root-part-not-first-action ..........462
soap-schema-url ............462
ssl.................463
stream-output-to-back ..........464
stream-output-to-front ..........464
stylepolicy ..............465
suppress ...............465
type ................466
urlrewrite-policy ............466
wsa-back-protocol ............467
wsa-default-faultto ...........467
wsa-default-replyto ...........468
wsa-faultto-rewrite ...........469
wsa-force ...............470
wsa-genstyle .............471
wsa-http-async-response-code ........471
wsa-mode ..............472
wsa-replyto-rewrite ...........474
wsa-strip-headers ............474
wsa-timeout ..............475
wsa-to-rewrite .............476
wsrm ................476
wsrm-aaapolicy ............477
wsrm-destination-accept-create-sequence ....477
wsrm-destination-accept-offers .......478
Contents ix
wsrm-destination-inorder .........478
wsrm-destination-maximum-inorder-queue-length 479
wsrm-destination-maximum-sequences .....479
wsrm-request-force ...........480
wsrm-response-force ...........480
wsrm-sequence-expiration .........480
wsrm-source-back-acks-to .........481
wsrm-source-exponential-backoff .......482
wsrm-source-front-acks-to .........482
wsrm-source-inactivity-close-interval .....483
wsrm-source-make-offer ..........483
wsrm-source-maximum-queue-length .....484
wsrm-source-maximum-sequences ......484
wsrm-source-request-ack-count .......485
wsrm-source-request-create-sequence .....485
wsrm-source-response-create-sequence .....485
wsrm-source-retransmission-interval......486
wsrm-source-retransmit-count ........486
wsrm-source-sequence-ssl .........487
xml-manager .............487
result ................507
result-name-pattern ...........507
success-delete .............508
success-rename-pattern ..........508
target-dir ...............509
xml-manager .............509
Chapter 54. NFS Static Mounts
configuration mode .........511
authenticate ..............511
local-filesystem-access ..........511
read-only...............512
remote ...............512
retrans................513
rsize ................513
timeo ................514
transport ...............515
version ...............515
wsize ................515
Chapter 50. Network Settings
configuration mode.........489
arp-interval ..............489
arp-retries ..............489
destination-routing ...........490
disable-interface-isolation .........490
ecn-disable ..............491
icmp-disable..............491
relax-interface-isolation ..........492
tcp-retries ..............492
Chapter 51. NFS Client Settings
configuration mode.........495
kerberos-keytab ............495
mount-refresh-time ...........495
Chapter 52. NFS Dynamic Mounts
configuration mode.........497
authenticate ..............497
inactivity-timeout ............497
mount-timeout .............498
read-only...............498
retrans................499
rsize ................499
timeo ................500
transport ...............501
version ...............501
wsize ................501
Chapter 53. NFS Poller Front Side
Handler configuration mode .....503
delay-time ..............503
error-delete ..............503
error-rename-pattern ...........504
match-pattern .............504
processing-rename-pattern .........504
processing-seize-pattern ..........505
processing-seize-timeout..........506
Chapter 55. NTP Service configuration
mode ...............517
refresh-interval .............517
remote-server .............517
Chapter 56. Peer Group configuration
mode ...............519
type ................519
url.................519
Chapter 57. Policy Attachments
configuration mode.........521
enforcement-mode............521
external-policy .............521
ignore-attachment-point ..........522
policy-references ............522
Chapter 58. Policy Parameters
configuration mode.........523
parameter ..............523
Chapter 59. Processing Action
configuration mode.........525
aaa-policy ..............525
async-action ..............525
asynchronous .............526
attachment-uri .............526
condition ...............527
destination ..............528
dynamic-schema ............528
dynamic-stylesheet ...........529
error-input ..............529
error-mode ..............530
error-output ..............530
event ................531
input ................531
input-conversion ............532
iterator-count .............532
x Command Reference
iterator-expression............533
iterator-type ..............534
log-level ...............534
log-type ...............535
loop-action ..............535
multiple-outputs ............536
output................537
output-type ..............537
parameter ..............538
results ................538
retry-count ..............539
retry-interval .............540
rule ................540
schema-url ..............541
slm.................541
soap-validation .............542
sslcred................542
timeout ...............543
transform...............543
type ................544
urlrewrite-policy ............546
value ................546
variable ...............547
wsdl-attachment-part ...........547
wsdl-message-direction-or-name .......548
wsdl-operation .............548
wsdl-port...............549
wsdl-url ...............549
xpath ................549
Chapter 60. Processing Metadata
configuration mode.........551
meta-item ..............551
Chapter 61. Processing Policy
configuration mode.........553
error-rule...............553
filter ................553
match ................554
request-rule ..............555
response-rule .............555
rule ................556
xsldefault...............557
Chapter 62. Processing Rule
configuration mode.........559
aaa.................559
call .................559
checkpoint ..............560
convert-http ..............560
extract................561
fetch ................562
filter ................562
input-filter ..............563
log.................564
non-xml-processing ...........564
on-error ...............565
output-filter ..............565
results ................566
results-async .............566
rewrite ...............567
route-action ..............567
route-set ...............568
setvar ................568
slm.................569
strip-attachments ............569
type ................569
unprocessed ..............570
validate ...............570
xform ................572
xformpi ...............573
Chapter 63. RADIUS configuration
mode ...............575
aaaserver ...............575
id.................576
retries ................576
server ................577
timeout ...............578
Chapter 64. RBM Settings
configuration mode.........581
apply-cli ...............581
au-cache-mode .............582
au-cache-ttl ..............583
au-custom-url .............583
au-info-url ..............584
au-kerberos-keytab ...........584
au-ldap-bind-dn ............585
au-ldap-bind-password ..........585
au-ldap-parameters ...........586
au-ldap-search .............587
au-method ..............588
au-server-host .............589
au-server-port .............589
au-zos-nss ..............590
au-valcred ..............590
cli-timeout ..............591
fallback-login .............591
fallback-user..............592
ldap-prefix ..............593
ldap-sslproxy .............593
ldap-suffix ..............594
ldap-version ..............595
loadbalancer-group ...........595
lockout-duration ............596
max-login-failure ............596
mc-custom-url .............597
mc-info-url ..............598
mc-ldap-bind-dn ............598
mc-ldap-bind-password ..........599
mc-ldap-parameters ...........600
mc-ldap-search .............601
mc-ldap-sslproxy ............602
mc-loadbalancer-group ..........603
mc-method ..............603
mc-server-host .............605
mc-server-port .............606
pwd-aging ..............606
pwd-digit ..............607
Contents xi
pwd-history ..............607
pwd-max-age .............608
pwd-max-history ............608
pwd-minimum-length ..........609
pwd-mixed-case ............609
pwd-nonalphanumeric ..........610
pwd-username .............610
restrict-admin .............611
Chapter 72. SNMP Settings
configuration mode.........637
access ................637
port ................638
trap-code ...............638
trap-priority ..............639
trap-target ..............639
version ...............640
Chapter 65. Schema Exception Map
configuration mode.........613
original-schema ............613
rule ................613
Chapter 66. Simple Rate Limiter
configuration mode.........615
action ................615
concurrent-connection-limit.........615
distinct-sources .............616
tps.................616
Chapter 67. SLM Action configuration
mode ...............617
log-priority ..............617
type ................617
Chapter 68. SLM Credential Class
configuration mode.........619
header................619
match-type ..............619
stylesheet...............620
type ................621
value ................622
Chapter 69. SLM Policy configuration
mode ...............625
eval-method ..............625
peer-group ..............626
statement...............626
Chapter 73. SOAP Header Disposition
Table configuration mode ......643
refine ................643
Chapter 74. Stateful Raw XML Handler
configuration mode.........645
acl.................645
close-on-fault .............645
local-address .............646
port ................647
remote-address .............647
remote-port ..............647
ssl.................648
Chapter 75. Stateless Raw XML
Handler configuration mode .....649
acl.................649
local-address .............649
persistent-connections ..........650
port ................651
ssl.................651
Chapter 76. System Settings
configuration mode.........653
audit-reserve .............653
contact ...............653
custom-ui-file .............654
entitlement ..............655
location ...............655
name ................655
Chapter 70. SLM Resource Class
configuration mode.........629
match-type ..............629
stylesheet...............630
subscription ..............630
type ................631
value ................632
wsrr-subscription ............633
xpath-filter ..............633
Chapter 71. SLM Schedule
configuration mode.........635
days ................635
duration ...............635
start ................636
xii Command Reference
Chapter 77. TAM configuration mode 657
file .................657
ldap-ssl-key-file ............657
ldap-ssl-key-file-dn ...........657
ldap-ssl-key-file-password .........658
ldap-ssl-port..............658
ssl-key................659
ssl-key-stash..............659
use-fips ...............659
use-ldap-ssl ..............659
Chapter 78. TFIM configuration mode 661
tfim-60-req-tokenformat ..........661
tfim-61-req-tokenformat ..........662
tfim-62-req-tokenformat ..........663
tfim-addr ...............664
tfim-compatible.............664
tfim-custom-req-url ...........665
tfim-issuer ..............666
tfim-operation .............666
tfim-pathaddr .............667
tfim-port ...............668
tfim-porttype .............668
tfim-schema-validate ...........669
tfim-sslproxy .............669
Chapter 83. UDDI Subscription
configuration mode.........693
key.................693
password...............693
registry ...............694
username...............694
Chapter 79. Telnet Service
configuration mode.........671
acl.................671
ip-address ..............671
port ................672
Chapter 80. Throttle Settings
configuration mode.........673
memory-terminate............673
memory-throttle ............673
qcode-warn ..............674
sensors-log ..............674
status-log...............674
status-loglevel .............675
temp-fs-terminate ............675
temp-fs-throttle.............676
timeout ...............676
Chapter 81. Timezone configuration
mode ...............679
custom ...............679
daylight-name .............679
daylight-offset .............679
daylight-start-day ............680
daylight-start-hours ...........680
daylight-start-minutes ..........681
daylight-start-month ...........681
daylight-start-week ...........682
daylight-stop-day ............682
daylight-stop-hours ...........683
daylight-stop-minutes ..........683
daylight-stop-month ...........684
daylight-stop-week ...........685
direction ...............685
name ................686
offset-hours ..............686
offset-minutes .............687
Chapter 82. UDDI Registry
configuration mode.........689
hostname...............689
inquiry-url ..............689
port ................690
publish-url ..............690
security-url ..............690
ssl.................691
ssl-port ...............691
subscription-url ............692
use-ssl................692
version ...............692
Chapter 84. URL Map configuration
mode ...............695
match ................695
Chapter 85. URL Refresh Policy
configuration mode.........697
disable cache .............697
disable flush..............697
interval urlmap.............698
protocol-specified ............699
Chapter 86. URL Rewrite Policy
configuration mode.........701
absolute-rewrite ............701
content-type ..............703
header-rewrite .............704
norule...............705
post-body ..............705
rewrite (deprecated) ...........707
Chapter 87. User Agent configuration
mode ...............709
add-header-policy ............709
basicauth ...............710
chunked-uploads-policy ..........711
compression-policy ...........711
ftp-policy...............712
identifier ...............714
max-redirects .............715
proxy................715
pubkeyauth ..............716
restrict-http-policy............717
soapaction ..............718
ssl.................719
timeout ...............720
Chapter 88. User configuration mode 721
access-level ..............721
domain ...............721
group................722
password...............722
snmp-cred ..............723
Chapter 89. User Group configuration
mode ...............727
access-policy .............727
add.................728
delete ................729
Chapter 90. VLAN configuration mode 731
arp.................731
Contents xiii
dhcp ................731
identifier ...............732
interface ...............732
ip address ..............733
ip default-gateway ...........734
ip route ...............734
ip secondary-address ...........735
outbound-priority ............736
packet-capture .............736
standby ...............737
Chapter 91. Web Application Error
Handling Policy configuration mode . 741
error-monitor .............741
error-rule...............741
type ................742
Chapter 92. Web Application Firewall
configuration mode.........743
back-persistent-timeout ..........743
back-timeout .............743
chunked-uploads ............744
error-policy ..............744
follow-redirects.............745
front-persistent-timeout ..........745
front-timeout .............746
host-rewriting .............746
http-back-version ............747
http-client-ip-label ............747
http-front-version ............747
listen-on ...............747
priority ...............748
remote-address .............748
remote-port ..............749
request-security ............749
response-security ............749
security-policy .............749
ssl-profile...............750
stream-output-to-back ..........750
stream-output-to-front ..........751
uri-normalization ............751
xml-manager .............752
Chapter 93. Web Application Name
Value Profile configuration mode . . . 753
max-aggregate-size ...........753
max-attributes .............753
max-name-size .............753
max-value-size .............754
unvalidated-fixup-map ..........754
unvalidated-fixup-policy .........754
unvalidated-xss-check ..........755
validation ..............755
error-policy-override ...........759
multipart-form-data ...........760
policy-type ..............760
ratelimiter-policy ............761
request-body-max ............762
request-body-min ............762
request-body-profile ...........762
request-content-type ...........763
request-header-profile ..........763
request-methods ............764
request-nonxml-policy ..........765
request-nonxml-rule ...........765
request-qs-policy ............766
request-qs-profile ............766
request-uri-filter-dotdot ..........767
request-uri-filter-exe ...........767
request-uri-filter-fragment .........767
request-uri-filter-unicode .........768
request-uri-max ............768
request-versions ............768
request-xml-policy............769
request-xml-rule ............769
session-policy .............770
Chapter 95. Web Application
Response Profile configuration mode . 771
error-policy-override ...........771
policy-type ..............772
response-body-max ...........772
response-body-min ...........773
response-codes .............773
response-content-type ..........774
response-header-profile ..........775
response-nonxml-policy ..........775
response-nonxml-rule...........776
response-versions ............776
response-xml-policy ...........777
response-xml-rule ............777
Chapter 96. Web Application Session
Management Policy configuration
mode ...............779
allow-cookie-sharing ...........779
auto-renew ..............779
lifetime ...............780
matching-policy ............780
Chapter 97. Web Management Service
configuration mode.........781
idle-timeout ..............781
local-address .............781
save-config-overwrite...........782
ssl.................782
Chapter 94. Web Application Request
Profile configuration mode .....757
aaa-policy ..............757
acl.................757
cookie-policy .............758
xiv Command Reference
Chapter 98. Web Service Proxy
configuration mode.........783
aaa-policy ..............783
attachment-byte-count ..........783
attribute-count .............784
autocreate-sources ............784
back-attachment-format ..........785
back-persistent-timeout ..........785
back-timeout .............786
backend-url ..............786
backside-port-rewrite ...........787
chunked-uploads ............787
client-principal .............788
compression ..............788
decrypt-key ..............789
default-param-namespace .........789
element-depth .............790
endpoint-rewrite-policy ..........790
external-references............790
follow-redirects.............791
forbid-external-references (deprecated) .....791
front-attachment-format ..........791
front-persistent-timeout ..........791
front-protocol .............792
front-timeout .............792
frontside-port-rewrite...........793
fwcred................793
gateway-parser-limits...........794
host-rewriting .............795
http-client-ip-label ............795
http-server-version ...........796
include-content-type-encoding........796
inject ................796
kerberos-keytab ............797
load-balancer-hash-header .........797
loop-detection .............798
max-message-size ............798
max-node-size .............799
mime-back-headers ...........799
mime-front-headers ...........800
monitor-count .............800
monitor-duration ............801
monitor-processing-policy .........802
monitor-service.............802
operation-conformance ..........803
operation-policy-opt-out ..........804
operation-priority ............806
parameter ..............807
persistent-connections ..........808
policy-parameters ............808
priority ...............810
process-http-errors............810
propagate-uri .............811
query-param-namespace..........811
reliable-messaging............812
remote-retry ..............813
request-attachments ...........814
request-type ..............815
response-attachments...........816
response-type .............817
root-part-not-first-action ..........817
server-principal.............818
soap-action-policy ............818
soap-schema-url ............819
ssl.................819
stream-output-to-back ..........820
stream-output-to-front ..........820
stylepolicy ..............821
suppress ...............821
type ................822
uddi-subscription ............822
urlrewrite-policy ............823
user-policy ..............824
wsa-back-protocol ............825
wsa-default-faultto ...........826
wsa-default-replyto ...........827
wsa-faultto-rewrite ...........827
wsa-force ...............828
wsa-genstyle .............829
wsa-http-async-response-code ........830
wsa-mode ..............830
wsa-replyto-rewrite ...........832
wsa-strip-headers ............833
wsa-timeout ..............834
wsa-to-rewrite .............834
wsdl ................835
wsdl-cache-policy ............836
wsrr-subscription ............836
wsrm ................837
wsrm-aaapolicy ............837
wsrm-destination-accept-create-sequence ....838
wsrm-destination-accept-offers .......838
wsrm-destination-inorder .........839
wsrm-destination-maximum-inorder-queue-length 839
wsrm-destination-maximum-sequences .....839
wsrm-request-force ...........840
wsrm-response-force ...........840
wsrm-sequence-expiration .........841
wsrm-source-back-acks-to .........841
wsrm-source-exponential-backoff .......842
wsrm-source-front-acks-to .........842
wsrm-source-inactivity-close-interval .....843
wsrm-source-make-offer ..........844
wsrm-source-maximum-queue-length .....844
wsrm-source-maximum-sequences ......844
wsrm-source-request-ack-count .......845
wsrm-source-request-create-sequence .....845
wsrm-source-response-create-sequence .....846
wsrm-source-retransmission-interval......846
wsrm-source-retransmit-count ........847
wsrm-source-sequence-ssl .........847
xml-manager .............848
Chapter 99. Web Services
Management Agent configuration
mode ...............849
buffer-mode ..............849
capture-mode .............849
max-memory .............850
max-records ..............850
Chapter 100. Web Services Monitor
configuration mode.........851
endpoint-name .............851
endpoint-url..............851
frontend-url ..............851
Contents xv
operation ...............852
transport ...............853
wsdl ................853
Chapter 101. WS-Proxy Endpoint
Rewrite configuration mode .....855
backend-rule .............855
listener-rule ..............856
publisher-rule .............858
subscription-backend-rule .........859
subscription-listener-rule .........860
subscription-publisher-rule .........861
Chapter 102. WS-Proxy Processing
Policy configuration mode......863
filter ................863
match ................863
xsldefault...............865
Chapter 103. WS-Proxy Processing
Rule configuration mode ......867
aaa.................867
action ................867
call .................868
checkpoint ..............868
convert-http ..............869
extract................869
fetch ................870
filter ................871
input-filter ..............872
log.................872
non-xml-processing ...........873
on-error ...............873
output-filter ..............874
results ................874
results-async .............875
rewrite ...............875
route-action ..............875
route-set ...............876
setvar ................876
slm.................877
strip-attachments ............877
type ................878
unprocessed ..............878
validate ...............879
xform ................880
xformpi ...............881
method ...............887
namespace ..............888
object-name ..............888
object-type ..............889
refresh-interval .............889
server ................890
use-version ..............890
version ...............890
Chapter 106. XML Firewall
configuration mode.........893
acl.................893
attachment-byte-count ..........893
attribute-count .............894
back-attachment-format ..........894
bytes-scanned .............895
default-param-namespace .........895
element-depth .............896
external-references............896
firewall-parser-limits ...........897
forbid-external-references (deprecated) .....897
front-attachment-format ..........897
fwcred................898
local-address .............898
max-message-size ............899
max-node-size .............899
mime-headers .............900
monitor-count .............900
monitor-duration ............901
monitor-processing-policy .........901
monitor-service.............902
parameter ..............902
priority ...............903
query-param-namespace..........903
remote-address .............904
request-attachments ...........905
request-type ..............906
response-attachments...........907
response-type .............908
root-part-not-first-action ..........909
soap-schema-url ............909
ssl.................910
stylesheet-policy ............910
type ................911
urlrewrite-policy ............912
wsdl-file-location ............912
wsdl-response-policy ...........913
xml-manager .............913
Chapter 104. WSRR Server
configuration mode.........883
password...............883
server-version .............883
soap-url ...............884
ssl.................884
username...............885
Chapter 105. WSRR Subscription
configuration mode.........887
fetch-policy-attachments ..........887
Command Reference
xvi
Chapter 107. XML Management
Interface configuration mode ....915
local-address .............915
mode ................915
port ................917
slm-peering ..............917
ssl.................918
user-agent ..............918
Chapter 108. XML Manager
configuration mode.........921
loadbalancer-group ...........921
schedule-rule .............921
user-agent ..............922
Chapter 109. XML Parser Limits
configuration mode.........923
attribute-count .............923
bytes-scanned .............923
element-depth .............923
external-references............924
forbid-external-references (deprecated) .....924
max-node-size .............924
Chapter 110. XPath Routing Map
configuration mode.........925
namespace-mapping ...........925
rule ................925
Chapter 111. XSL Coprocessor
Service configuration mode .....927
cache-relative-url ............927
connection-timeout ...........927
crypto-extensions ............927
default-param-namespace .........928
intermediate-result-timeout .........928
ip-address ..............928
port ................929
priority ...............929
ssl.................929
stylesheet-policy ............930
stylesheet-rule .............930
urlrewrite-policy ............932
use-client-resolver ............932
xml-manager .............932
Chapter 112. XSL Proxy Service
configuration mode.........933
acl.................933
default-param-namespace .........933
ip-address ..............934
monitor-count .............934
monitor-duration ............935
monitor-processing-policy .........936
parameter ..............936
priority ...............937
port ................937
query-param-namespace..........938
remote-address .............938
ssl.................939
stylesheet-policy ............940
type ................941
urlrewrite-policy ............942
xml-manager .............942
Chapter 113. z/OS NSS Client
configuration mode.........943
client-id ...............943
host ................943
password...............944
port ................945
ssl.................945
system-name .............945
user-name ..............946
Chapter 114. Monitoring commands 949
show aliases ..............949
show application-security-policy .......949
show audit-log .............949
show audit-search ............950
show chkpoints.............951
show clock ..............951
show compact-flash (Type 9235) .......952
show conformancepolicy .........952
show cpu...............952
show crypto ..............952
show default-gateway ..........952
show deployment-policy .........953
show documentcache...........953
show domain .............953
show domains .............953
show file ...............954
show firmware .............954
show firmware-version ..........955
show http ..............955
show interface .............955
show interface mode ...........956
show ip ...............956
show library-version ...........957
show license..............958
show loadbalancer-group .........958
show loadbalancer-status .........958
show log ...............958
show logging .............959
show loglevel .............960
show matching .............960
show memory .............961
show netarp ..............961
show ntp-refresh ............961
show ntp-service ............962
show password-map ...........962
show radius ..............962
show raid-phys-disks (Type 9235) ......962
show raid-volume (Type 9235)........962
show raid-volumes (Type 9235) .......963
show route ..............963
show rule ..............963
show running-config ...........963
show sensors (deprecated) .........963
show sensors-fans ............964
show sensors-other ...........964
show sensors-temperature .........964
show sensors-voltage ...........965
show services .............965
show simple-rate-limiter..........965
show snmp ..............966
show standby .............966
show startup-config ...........966
show startup-errors ...........966
show statistics .............967
show stylepolicy ............967
Contents xvii
show stylesheet.............968
show stylesheets ............968
show system .............969
show tcp ...............969
show throttle .............969
show throughput ............970
show time ..............970
show urlmap .............970
show urlrefresh.............970
show useragent.............970
show usergroups ............971
show usernames ............971
show users ..............971
show version .............971
show web-application-firewall ........971
show webapp-error-handling ........972
show webapp-gnvc ...........972
show webapp-request-profile ........973
show webapp-response-profile .......973
show webapp-session-management ......973
show wsrr-server ............974
show wsrr-subscription ..........974
show wsrr-subscription-status ........975
show wsrr-subscription-service-status .....975
show xmlfirewall ............976
show xmlmgr .............976
show xslcoproc .............977
show xslproxy .............977
show xslrefresh.............977
Appendix A. Working with variables 979
Service variables ............980
General service variables ........980
Multi-Protocol Gateway and Web Service Proxy
service variables ...........981
Configuration services service variables . . . 982
Load balancer service variables ......983
Multistep variables ..........983
Transaction variables ...........984
Asynchronous transaction variables .....984
Error handling transaction variables .....985
Headers transaction variables .......986
Information transaction variables ......987
Persistent connection transaction variables. . . 988
Routing transaction variables .......988
Statistics variables ...........989
URL-based transaction variables ......989
Web Services Management transaction variables 990
Extension variables ...........992
System variables ............994
List of available variables .........995
Appendix B. Processing Policy
procedures ............999
Stylesheet policies using inline rules ......999
Configuring a Matching Rule.......1000
Configuring a Processing Policy ......1000
Assigning a Processing Policy to a DataPower
service ..............1000
Stylesheet policies using global rules .....1001
Configuring a Matching Rule.......1002
Configuring a Global Rule .......1002
Configuring a Processing Policy ......1002
Assigning a Processing Policy to a DataPower
service ..............1003
Appendix C. Stylesheet Refresh
Policy configuration ........1005
High-level procedure ..........1005
Example...............1005
Appendix D. Compile Options Policy
configuration ...........1007
Profiling overview ...........1007
Configuration overview .........1008
Appendix E. Getting help and
technical assistance ........1009
Searching knowledge bases ........1009
Getting a fix .............1009
Contacting IBM Support .........1010
Notices and trademarks ......1011
Trademarks..............1011
Index ..............1013
xviii
Command Reference
Preface
IBM®WebSphere®DataPower®SOA Appliances are purpose-built, easy-to-deploy
network appliances that simplify, help secure, and accelerate your XML and Web
services deployments while extending your SOA infrastructure. These appliances
offer an innovative, pragmatic approach to harness the power of SOA while
simultaneously enabling you to leverage the value of your existing application,
security, and networking infrastructure investments.
Who should read this document
This document is intended for administrators of IBM WebSphere DataPower who
are responsible for the configuration and maintenance of web services, security,
and data communications equipment. These administrators are expected to have
familiarity with XML and XSLT.
This document assumes that you have installed and initially configured the
appliance as described in the IBM WebSphere DataPower SOA Appliances: 9003:
Installation Guide or in the IBM WebSphere DataPower SOA Appliances: Type 9235:
Installation Guide, depending on the model type.
Publications
The IBM WebSphere DataPower library is organized into the following categories:
v “Installation and upgrade documentation”
v “Administration documentation” on page xx
v “Development documentation” on page xx
v “Reference documentation” on page xx
v “Integration documentation” on page xxi
v “Problem determination documentation” on page xxi
v “Supplemental documentations” on page xxi
Installation and upgrade documentation
v IBM WebSphere DataPower SOA Appliances: 9003: Installation Guide
Provides instructions for installing and powering up the Type 7993 (9003)
appliance, creating a startup configuration script, and placing the appliance in
operation.
v IBM WebSphere DataPower SOA Appliances: Type 9235: Installation Guide
Provides instructions for installing and powering up the Type 9235 appliance,
creating a startup configuration script, and placing the appliance in operation.
v IBM WebSphere DataPower SOA Appliances: Type 9235: Hardware Problem
Determination and Service Guide
Provides information about diagnosing and troubleshooting hardware problems,
ordering consumable replacement parts, and replacing parts.
v IBM WebSphere DataPower SOA Appliances: Upgrade and Rollback Guide: Generation
2 Firmware
Provides instructions for upgrading Generation 2 firmware and for rolling back
firmware upgrades.
© Copyright IBM Corp. 1999, 2008 xix
Administration documentation
v IBM WebSphere DataPower SOA Appliances: Appliance Overview
Provides an introduction and understanding of the IBM Websphere DataPower
SOA appliances.
v IBM WebSphere DataPower SOA Appliances: Administrators Guide
Provides instructions for using the DataPower GUI for managing user access,
network access, appliance configuration and system configuration of the
appliance.
v IBM WebSphere DataPower SOA Appliances: Hardware Security Module Guide
A user guide for using a Hardware Security Module (HSM) installed in the
appliance.
Development documentation
v IBM WebSphere DataPower SOA Appliances: XSL Accelerator Developers Guide
Provides instructions for using the WebGUI to configure XSL Proxy and XSL
Co-Processor services.
v IBM WebSphere DataPower SOA Appliances: XML Firewall Developers Guide
Provides instructions for using the WebGUI to configure XML Firewall services.
v IBM WebSphere DataPower SOA Appliances: Web Application Firewall Developers
Guide
Provides instructions for using the WebGUI to configure Web Application
Firewall services.
v IBM WebSphere DataPower SOA Appliances: Multi-Protocol Gateway Developers
Guide
Provides instructions for using the WebGUI to configure Multiple-Protocol
Gateway services.
v IBM WebSphere DataPower SOA Appliances: Web Service Proxy Developers Guide
Provides instructions for using the WebGUI to configure Web Service Proxy
services.
v IBM WebSphere DataPower SOA Appliances: B2B Gateway Developers Guide
Provides instructions for using the WebGUI to configure B2B Gateway services.
v IBM WebSphere DataPower SOA Appliances: Low Latency Messaging Developers
Guide
Provides instructions for using the WebGUI to configure a DataPower appliance
for low latency messaging.
Reference documentation
v Product-specific documentation for using commands from the command line.
The documentation is specific to each of the following products. Each document
provides an alphabetical listing of all commands with syntactical and functional
descriptions.
– IBM WebSphere DataPower XML Accelerator XA35: Command Reference
– IBM WebSphere DataPower XML Security Gateway XS40: Command Reference
– IBM WebSphere DataPower XML Integration Appliance XI50: Command Reference
– IBM WebSphere DataPower B2B Appliance XB60: Command Reference
– IBM WebSphere DataPower Low Latency Messaging Appliance XM70: Command
Reference
xx Command Reference
v IBM WebSphere DataPower SOA Appliances: Extension Elements and Functions
Catalog
Provides programming information about the usage of DataPower XSLT
extension elements and extension functions.
Integration documentation
The following documents are available for managing the integration of related
products that can be associated with the DataPower appliance:
v IBM WebSphere DataPower SOA Appliances: Integrating with ITCAM
Provides concepts for integrating the DataPower appliance with IBM Tivoli
Composite Application Management for SOA.
v IBM WebSphere DataPower SOA Appliances: Integrating with WebSphere
Transformation Extender
Provides concepts for integrating the DataPower appliance with WebSphere
Transformer Extender.
v IBM WebSphere DataPower XML Integration Appliance XI50: WebSphere MQ
Interoperability
Explains the concepts and common use patterns for connecting DataPower
services to WebSphere MQ systems.
Problem determination documentation
v IBM WebSphere DataPower SOA Appliances: Problem Determination Guide
Provides troubleshooting and debugging tools.
Supplemental documentations
v IBM WebSphere DataPower SOA Appliances: Understanding Web Services Policy
Provides conceptual information about how the DataPower appliance can use
Web Services Policy (WS-Policy).
v IBM WebSphere DataPower SOA Appliances: Understanding WS-Addressing
Provides conceptual information about how the DataPower appliance can use
WS-Addressing.
v IBM WebSphere DataPower SOA Appliances: Understanding LTPA
Provides conceptual information about how the DataPower appliance can use
Lightweight Third Party Authentication.
v IBM WebSphere DataPower SOA Appliances: Understanding SPNEGO
Provides conceptual information about how the DataPower appliance can use
SPNEGO.
v IBM WebSphere DataPower SOA Appliances: Optimizing through Streaming
Provides conceptual information about and procedures for optimizing the
DataPower appliance through streaming.
v IBM WebSphere DataPower SOA Appliances: Securing the Last Mile
Provides conceptual information about and procedures for understanding the
DataPower appliance while securing the last mile.
v IBM WebSphere DataPower SOA Appliances: Configuring the DoD PKI
Provides conceptual information about and procedures for configuring the
DataPower appliance with Department of Defense Public Key Infrastructure.
Preface xxi
Reading syntax statements
The reference documentation uses the following special characters to define syntax:
[] Identifies optional options. Options not enclosed in brackets are required.
... Indicates that you can specify multiple values for the previous option.
| Indicates mutually exclusive information. You can use the option to the left
of the separator or the option to the right of the separator. You cannot use
both options in a single use of the command.
{} Delimits a set of mutually exclusive options when one of the options is
required. If the options are optional, they are enclosed in brackets ([ ]).
When the order of the options or parameters must be used in a specific order, the
syntax statement shows this order.
Directories on the appliance
The file system contains many examples and critical configuration files. These
directories and their contents are as follows:
audit: This directory contains the audit logs. Each appliance contains only one
audit: directory. This directory cannot be the destination of a copy. This
directory is available from the command line in the default domain only.
To view the audit log from the WebGUI, select Status → View Logs → Audit
Log.
cert: This encrypted directory contains private key and certificate files that
services use in the domain. You can add, delete, and view files, but you
cannot modify these files while in the domain. Each application domain
contains one cert: directory. This directory is not shared across domains.
chkpoints:
This directory contains the configuration checkpoint files for the appliance.
Each application domain contains one chkpoints: directory. This directory
is not shared across domains.
config:
This directory contains the configuration files for the appliance. Each
application domain contains one config: directory. This directory is not
shared across domains.
dpcert:
This encrypted directory contains files that the appliance itself uses. This
directory is available from the command line in the default domain only.
export:
This directory contains the exported configurations that are created with
the Export Configuration utility. Each application domain contains one
export: directory. This directory is not shared across domains.
image: This directory contains the firmware images (primary and secondary) for
the appliance. This directory is where firmware images are stored typically
during an upload or fetch operation. Each appliance contains only one
image: directory. This directory is available in the default domain only.
local: This directory contains miscellaneous files that are used by the services
within the domain, such as XSL, XSD, and WSDL files. Each application
domain contains one local: directory. This directory can be made visible to
xxii Command Reference
other domains. When viewed from other domains, the directory name
changes from local: to the name of the application domain.
logstore:
This directory contains log files that are stored for future reference.
Typically, the logging targets use the logtemp: directory for active logs. You
can move log files to the logstore: directory. Each application domain
contains one logstore: directory. This directory is not shared across
domains.
logtemp:
This directory is the default location of log files, such as the
appliance-wide default log. This directory can hold only 13 MB. This
directory cannot be the destination of a copy. Each application domain
contains one logtemp: directory. This directory is not shared across
domains.
pubcert:
This encrypted directory contains the security certificates that are used
commonly by Web browsers. These certificates are used to establish
security credentials. Each appliance contains only one pubcert: directory.
This directory is shared across domains.
sharedcert:
This encrypted directory contains security certificates that are shared with
partners. Each appliance contains only one sharedcert: directory. This
directory is shared across domains. However, you must be in default
domain to create or upload keys and certificates.
store: This directory contains example style sheets, default style sheets, and
schemas that are used by the local appliance. Do not modify the files in
this directory.
Each appliance contains only one store: directory. By default, this directory
is visible to all domains. You can make changes to the contents of this
directory from the default domain only.
The store: directory has the following subdirectories:
meta This encrypted subdirectory contains files that are used by the
appliance itself.
msgcat
This subdirectory contains the message catalogs.
policies
This subdirectory contains the following subdirectories. The
contents of these subdirectories affect Web services policy.
custom
This subdirectory contains custom style sheets.
mappings
This subdirectory contains mapping style sheets.
templates
This subdirectory contains XML files.
profiles
This subdirectory contains style sheets that are used by DataPower
services.
Preface xxiii
schemas
dp This encrypted subdirectory contains files that are used by the
pubcerts
tasktemplates:
This directory contains the XSL files that define the display of specialized
WebGUI screens. Each appliance contains only one tasktemplates: directory.
This directory is visible to the default domain only.
temporary:
This directory is used as temporary disk space by processing rules. Each
application domain contains one temporary: directory. This directory is not
shared across domains.
Object name conventions
The name must be unique in this object namespace. The following characters in an
object name are valid:
v a through z
v A through Z
v 0 through 9
v _ (underscore)
v - (dash)
v . (period)
This subdirectory contains schemas that are used by DataPower
services.
appliance itself. This subdirectory is available from the command
line only.
This encrypted subdirectory contains files that are used by the
appliance itself. This subdirectory is available from the command
line only.
Typeface conventions
The following typeface conventions are used in the documentation:
bold Identifies commands, programming keywords, and GUI controls.
italics Identifies words and phrases used for emphasis and user-supplied
variables.
monospaced
Identifies user-supplied input or computer output.
xxiv Command Reference
Chapter 1. Initial login and common commands
This chapter provides an alphabetic listing of the commands that are available
before entering a specific configuration mode (available at initial login) and
commands that are available in most, if not all, configuration modes.
Initial login commands
For a list of the commands that are available after an initial login, refer to Table 1.
This table provides a listing of the available commands and their purpose. To
determine whether these commands are available to a specific user-type class after
an initial login, refer to Table 2.
Table 1. Initial login commands and their general purpose
Command Purpose
1
alias
1
clock
configure terminal Enters Global configuration mode.
1
disable
disconnect Closes a user session.
echo Echoes text to the console.
enable Enters Privileged mode.
exec Calls and runs a target configuration script from another
exit Closes the CLI connection.
help Displays online help.
login Logs in to the appliance as a specific user.
1
ntp
ping Determines if a target host is reachable on the network.
show Displays configuration or status information
shutdown
2
switch domain Moves to a specified domain.
template
test schema
1
1
test tcp-connection
top Returns users to their initial log in mode.
traceroute
1
Creates a command macro.
Sets the date or time.
Enters User Mode.
configuration script.
Identifies an NTP server.
Restarts or shuts down the appliance.
Runs an interactive command line script.
Tests conformity of an XML file against a schema.
1
Tests the TCP connection to a remote host.
Traces the network path to a target host.
1
Also available in Global mode.
2
Also available in Flash configuration mode.
Table 2. Commands by type of user that are available after initial login
Command admin user Privileged-type user User-type user
alias Yes Yes No
© Copyright IBM Corp. 1999, 2008 1
Table 2. Commands by type of user that are available after initial login (continued)
Command admin user Privileged-type user User-type user
clock Yes Yes No
configure terminal Yes Yes No
disable Yes Yes No
disconnect Yes Yes No
echo Yes Ye s Yes
enable No No Yes
exec Yes Yes No
exit Yes Ye s Yes
help Ye s Yes Yes
login Yes Yes No
ntp Yes Yes No
ping Yes Ye s Yes
show Yes Yes Yes
shutdown Yes Yes No
switch Yes Ye s Yes
template Yes Ye s Yes
test schema Ye s Yes Yes
test tcp-connection Yes Yes Ye s
top Ye s Yes Yes
traceroute Ye s Yes Yes
Common commands
For a list of the commands that are available in most configuration modes, refer to
Table 3. This table provides a listing of the available commands and their purpose.
Table 3. Common configuration commands and their general purpose
Command Purpose
admin-state Sets the administrative state of an object.
cancel Cancels changes to the current object and returns to the parent
disconnect
1
echo
1
exit
1
help
1
ping
reset Restores default values.
1,2
show
summary Specifies a brief object-specific comment.
test tcp-connection
traceroute
configuration mode.
1
Closes a user session.
Echoes text to the console.
Applies changes to the current object and returns to the parent
configuration mode.
Displays online help.
Determines if a target host is reachable on the network.
Displays configuration information
1
Tests the TCP connection to a remote host.
1
Traces the network path to a target host.
2 Command Reference
admin-state
Syntax
Parameters
Table 3. Common configuration commands and their general purpose (continued)
Command Purpose
1
The command is also available after initial log in, which is before you explicitly enter
a configuration mode. To determine whether these commands are available to a
specific user-type class after an initial login, refer to Table 2 on page 1.
2
The output from the command differs when invoked after initial log in and when
invoked while in a configuration mode.
Sets the administrative state of an object.
admin-state {enabled | disabled}
enabled
(Default) Places an object in the enabled (active) state
disabled
Places an object in the disabled (inactive) state
alias
Guidelines
The admin-state command sets the administrative state of an object.
Administrative states are not equivalent to operational states. When an object has
an administrative state of enabled, its operational state might be up, down,or
pending. However, when an object has an administrative state of disabled, its
operational state is always down.
Examples
v Disables the object.
# admin-state disable
#
Creates a command macro.
Syntax
alias alias command
no alias alias
Parameters
alias Specifies the name of the object.
command
The name can contain a maximum of 32 characters. For restrictions, refer to
“Object name conventions” on page xxiv.
Specifies a sequence of commands and arguments.
Chapter 1. Initial login and common commands 3
Guidelines
Also available in Global configuration mode.
If creating a macro that uses multiple commands, you can either
v Surround the string in quotes and separate commands with a semicolon. For
example:
alias eth0 "configure terminal; interface ethernet 0"
v Separate commands with an escaped semicolon. For example:
alias eth0 configure terminal\;interface ethernet0
Use the no alias command to delete a command macro.
Related Commands
show alias
Examples
v Creates an alias eth0. When invoked, moves to Interface configuration mode
(with the configure terminal and interface commands) for Ethernet Port 0.
# alias eth0 configure terminal\;interface eth0
Alias update successful
#
v Creates an alias mgmport. When invoked, moves to Interface configuration mode
with the configure terminal and interface commands) for Management Port 0.
# alias "mgtport configure terminal; interface management 0"
Alias update successful
#
v Creates an alias back2. When invoked, moves back two configuration modes. If
invoked from Validation Credentials configuration mode, moves to Global
configuration mode.
# alias back2 "exit; exit"
Alias update successful
#
v Creates an alias proxies. When invoked, displays information about XSL Proxy
objects.
# alias proxies show xslproxy
Alias update successful
#
v Creates an alias update-cfg. When invoked, restarts the appliance with an
updated configuration script.
# alias update-cfg configure terminal\;flash\;del config:runningconfig.cfg\;
copy http://10.10.1.1/configs/39.3.cfg config:///runningconfig.cfg\;
boot config runningconfig.cfg\;shutdown
Alias update successful
#
v Deletes the eth0 alias.
# no alias eth0
Alias 'eth0' deleted
#
cancel
Cancels changes to the current object and returns to the parent configuration mode.
4 Command Reference
Loading...