|
Overview of P3P |
How to implement P3P HTTP headers |
Additional Information
As there are two ways to set custom HTTP header, there are two ways to set P3P HTTP header. The first is to set the HTTP header via the web server. Usually this will result in all outgoing objects sharing the same set of default HTTP headers. A site that uses this approach will have to create a global P3P Compact Policy that covers all of the cookies set across the site. The second method is to set an HTTP header for each specific object. With this method, a site will usually be created using a web language such as JSP or ASP, where HTTP headers can be written at the same time as the HTML. In this scenario, a site can create a P3P Compact Policy for each cookie it sets because it has the capability to serve different HTTP headers depending on the object.
For more generalized information, read our articles on custom HTTP headers.
Beginning with iPlanet Web Server 6.0 SP2, webmasters have the ability to easily add custom headers to the default set of HTTP headers. This can be accomplished by editing the obj.conf file within the site’s configuration directory. The following line must be added to obj.conf:
AuthTrans fn="set-variable"
insert-srvhdrs="P3P=policyref=\’http://www.mydomain.com/path/to/p3p.xml\’\,CP=\'NON DSP COR CURa TIA\'"
For older versions of the iPlanet Web Server, it becomes necessary to create a dll and to edit the obj.conf to access that dll via a function. The following dll, p3pheader.dll, provides example of how to add a custom HTTP header:
#ifdef XP_WIN32
#define NSAPI_PUBLIC __declspec(dllexport)
#else /* !XP_WIN32 */
#define NSAPI_PUBLIC
#endif /* !XP_WIN32 */
#include "nsapi.h"
#include "base/pblock.h"
#include "base/session.h"
#include "frame/req.h"
#include "base/util.h"
#include "frame/protocol.h"
#include
#include "frame/log.h"
#ifdef __cplusplus
extern "C"
#endif
NSAPI_PUBLIC int p3pheader(pblock *param, Session *sn, Request *rq) {
char *name = pblock_findval("name", param);
char *value = pblock_findval("value", param);
pblock_nvinsert(name, value, rq->srvhdrs);
return REQ_PROCEED;
}
Once the dll file has been created, edit the obj.conf file. First, the dll must be loaded, so the obj.conf file needs to know where the p3pheader.dll file is located and the appropriate function it should call. At the beginning of the file, add the following line:
Init fn="load-modules" shlib="/path/to/p3pheader.dll" funcs="p3pheader"
Next, add an entry within the default Object that calls the p3pheader function.
ObjectType fn="p3pheader" name="P3P" value="policyref=http://www.mydomain.com/path/to/p3p.xml"
The web server should be restarted, and the configuration file should be loaded via the iPlanet Administrator. Since the information has been placed within the default Object definition, the P3P header will be sent with every web page within that web site.
The Microsoft Internet Information Server (IIS) provides a simple way to add a custom header. The Microsoft Management Console (MMC) can be used to specify a P3P HTTP header. Within MMC, expand the Internet Information Server line, and then expand the ServerName line. At Default Web Site, right click and then choose Properties. Select the HTTP Headers tab. In Custom HTTP Headers, click Add. Under Custom Header Name, type in the following:
P3P
Next, in Custom Header Value, type in
policyref="http://www.mydomain.com/path/to/p3p.xml", CP="NON DSP COR CURa TIA"
Click OK twice. IIS should now be ready to serve the P3P header within the default set of HTTP headers.
The Apache web server provides webmasters with the ability to add and customize HTTP headers via the inclusion of the mod_headers module. This module is an extension module and is therefore not available with a default installation and configuration of Apache. Webmasters who are interested in using this method must recompile Apache to include mod_headers. The following instructions address the addition of the P3P header to Apache version 1.3.x.
Once Apache has been compiled with mod_headers, directives can be added to the server configuration file httpd.conf. Within this file, webmasters should first ensure that the mod_headers module has been successfully loaded. Under the Dynamic Shared Object (DSO) Support section of the file, the following line must be evident:
LoadModule headers_module path/to/mod_headers.so
Next, an AddModule directive must be added, as in the following:
AddModule mod_headers.c
Generically, to create a P3P header, add the following line within the appropriate section.
Header append P3P "policyref=\"\http://www.mydomain.com/P3P/p3p.xml\"\, CP= "NON DSP COR CURa TIA"
Directory, Location, and Files are sectional directives used within the configuration file to allow webmasters to determine whether directives apply to the site in general or to specific files or directories. This allows webmasters to create several P3P Compact Policies. For example, the Location directive applies to specified URLs. The Location directive will be used in two different examples. The first example demonstrates how to indicate a single policy reference file for the entire web site.
Header append P3P "policyref=\http://www.mydomain.com/path/to/p3p.xml\", CP=" NON CURa TIA"
The second example demonstrates two P3P HTTP Headers for two sub-sites within the domain.
Header append P3P "policyref=\http://www.mydomain.com/mysite/path/to/p3p.xml\", CP= "DSP COR CURa TIA"
AOLServer becomes customizable through the use of Tcl modules. A Tcl module is used to create custom HTTP headers for a particular web site. The webmaster specifies a directory in which the Tcl module resides, and upon start up of the web server, the modules within that directory are initialized as well. The following directory is commonly used for user-created Tcl modules:
/servers/servername/modules/tcl
To create a custom P3P HTTP header, create a file within the Tcl module directory. The file extension should be .tcl. Within this file, include the following line:
ns_set put [ns_conn outputheaders] "P3P" "policyref="http://www.mydomain.com/path/to/p3p.xml", CP="NON CURa TIA"
| 
