Web server plug-in custom properties

For a web server plug-in, we can add one or more of the following custom properties to the configuration settings for that plug-in.

Complete these steps to add a web server plug-ins custom property.

  1. In the console, select...

      Servers > Server Types > Web servers > web_server_name > Plug-in properties > Custom properties > New

  2. Under General Properties, specify the name of the custom property in the Name field and a value for this property in the Value field.

    We can also specify a description of this property in the Description field.

  3. Click Apply or OK.

  4. Click Save to save the configuration changes.

  5. Re-generate and propagate plugin-cfg.xml.

Avoid trouble: We can update the global plugin-cfg.xml file using the console or by running the GenPluginCfg command for all of the clusters in a cell. However, before you update the global plugin-cfg.xml file, delete the file...

If we do not delete the file, only the new properties and their values are added. Any updates to existing plug-in property values are not added.


CertLabel

Label of the certificate within the keyring that the plug-in is to use when the web container requests a client certificate from the plug-in. This custom property does not apply to any client certificate that is coming from the SSL connection with the browser. For an SSL co-processor, and the plug-in is not running on a z/OS or IBM i system, if specified the token label, followed by a colon, as the value for this custom property the entire CertLabel value is used as the keyring label.

Avoid trouble: We can only use this custom property if you are running on Version 7.0.0.3 or later.gotcha

Information Value
Data type Boolean
Default False


GetDWLMTable

Whether the plug-in should prefetch the partition table. When enabled, the plug-in prefetches the partition table so that affinity requests are maintained. The GetDWLMTable custom property must be enabled when memory-to-memory session management is configured for WebSphere Application Server.

Information Value
Data type String
Default False


HTTPMaxHeaders

Maximum number of headers that can be included in a request or response that passes through the web server plug-in. If a request or response contains more than the allowable number of headers, the web server plug-in drops the extra headers.

Information Value
Data type Integer
Range 1 - 4000
Default 300

If we prefer, instead of adding this custom property, we can manually add the following values to plugin-cfg.xml file inside the Config tag.

<Config ASDisableNagle="false" 
        AcceptAllContent="false"
        AppServerPortPreference="HostHeader" 
        ChunkedResponse="false"
        FIPSEnable="false" 
        HTTPMaxHeaders="2500"
        IISDisableNagle="false" 
        IISPluginPriority="High"
        IgnoreDNSFailures="false" 
        RefreshInterval="60"
        ResponseChunkSize="64" 
        VHostMatchingCompat="false">


(WAS v8.5.0.1) IISDisableFlushFlag

How Microsoft Internet Information Services (IIS) handles chunked responses. If the property's value is true, IIS holds chunked responses until it receives all responses. If the property's value is false, IIS passes chunked responses as it receives them.

Information Value
Data type Boolean
Default True


(WAS v8.5.0.1) KillWebServerStartUpOnParseErr

Avoid trouble: This property is valid only when used with IBM HTTP Server.gotcha

If the web server plug-in has a DNS failure and property ignoreDNSFailures is false, IBM HTTP server starts, but the plug-in does not load. As a result, IBM HTTP Server only serves static requests from its own location. Set KillWebServerStartUpOnParseErr totrue when ignoreDNSFailures is false to prevent IBM HTTP Server from starting.

This property affects only the initial startup of IBM HTTP Server. This property does not affect the plug-in's attempts to reload the XML.

Information Value
Data type Boolean
Default False


(WAS v8.5.0.1) MarkBusyDown

If the value is true, the plug-in will temporarily mark the server down to give it a chance to complete the restart. The duration of the markdown depends on the RetryInterval specified in the plug-in configuration.

Information Value
Data type Boolean
Default False


SSLConsolidate

Whether the web server plug-in is to compare the setup of each new SSL transport with the setup of other SSL transports that are already defined in the configuration file. When set to true, and the plug-in determines that the keyring and CertLabel values specified for the new SSL transport match the values specified for an already defined SSL transport, the plug-in uses the existing SSL environment instead of creating a new SSL environment. Creating fewer SSL environments means that the plug-in requires less memory, and the plug-in initialization time decreases, thereby optimizing the overall GSkit environment.

Information Value
Data type Boolean
Default True


SSLPKCSDriver

Fully qualified name of the loadable module that interfaces with an optional SSL co-processor. The fully qualified name must include the directory path and the module name.

Information Value
Data type String
Default None


SSLPKCSPassword

Password for the SSL co-processor with which the module, specified for the SSLPKCSDriver custom property, is interfacing.

For an IBM HTTP Server, we can use the sslstash program to create a file containing this password. In this situation, we can specify the fully-qualified name of that file, instead of the actual password, as the value for this custom property.

Information Value
Data type String
Default None


(V8502) StrictSecurity

Indicates to allow the plug-in to enable security compatible with the application server strict server setting.

Typically, the security library in the web server plug-in does not enable strict security by default. If strict security is enabled on the application server, connections will fail unless an insecure connection is also configured.

To enable this property, set the StrictSecurity property to true

Information Value
Data type String
Default False


TrustedProxyEnable

Permits the web server plug-in to interface with the proxy servers and load balancers listed for the TrustedProxyList custom property. When true, the proxy servers and load balancers in this trusted proxy list can set values for the $WSRA and $WSRH internal headers. The $WSRA internal header is the IP address of the remote host, which is typically the browser, or an internal address that is obtained by Network Address Translation (N.A.T.). The $WSRH internal header is the host name of the remote host. This header information enables the web server plug-in to interface with that specific proxy server or load balancer.

When you use this custom property you must also use the TrustedProxyList custom property to specify a list of trusted proxy servers and load balancers. Also, you must clear the Remove special headers check box on the Request Routing panel within the console. For more information, see the documentation on web server plug-in request routing properties.

Information Value
Data type Boolean
Default False


TrustedProxyList

Specifies a comma delimited list of all proxy servers or load balancers that have permission to interface with this web server plug-in. We must use this property with the TrustedProxyEnable=true custom property setting. If the TrustedProxyEnable custom property is set to false, this list is ignored.


Example:

Information Value
Data type String
Default None


UseInsecure

Specifies that to allow the plug-in to create unsecured connections when secure connections are defined, as was done in previous versions of Websphere Application Server, create the custom property UseInsecure=true.

Information Value
Data type Boolean
Default False


Related tasks

  • plugin-cfg.xml file

  • Web server plug-in request routing properties