Proxy server settings

Use this topic to perform advanced configuration on a proxy. Proxy settings enable the system administrator to fine tune the behavior of the proxy server. In particular, you can configure the connections and requests to the application server, enable caching, configure the requests that must be rejected, define how error responses are handled, and specify the location of the proxy logs.

The proxy server, upon creation, auto-senses the environment and is capable of routing requests to WebSphere Application Server. Additional configuration can be applied to the proxy server to meet the needs of a particular environment.

To view this administrative console page, click Servers > Proxy Servers > server_name > HTTP Proxy Server Settings >Proxy settings.

You can edit configurable field settings for the proxy server on the Configuration tab.

Configuration tab

Content server connection

Configure basic HTTP connection parameters between the proxy server and content servers.

Outbound SSL alias: The SSL repertoire alias, that is configured in detail under Security > SSL that is used to secure proxy content server connections. If requests can be handled over SSL connections only, it is recommended that you create a new SSL alias that contains the trusted certificate authorities and point to that alias. Create an SSL alias in the administrative console by clicking Security > SSL > New .

Outbound request timeout: The default number of seconds the proxy waits for a response before timing out a request to a content server. Consider this optoin carefully when changing the value.

Pool connections to server: The option to pool connections to the server, is an optimization feature. Pooling prevents the need to frequently create and destroy socket connections to the server, by allowing the proxy server to pool these connections and reuse them. Maximum connections per server: The maximum number of connections that will be pooled to any single content server. Proxy custom properties that tweak content server connections are as follows:

key=http.maxTargetReconnects: Maximum number of reconnects to the same target content server for each request. The default is 5.
key=http.maxTargetRetries: Maximum number of times the proxy will attempt to select a new target content server for each request. The default is 5.
key=http.routing.sendReverseProxyNameInHost: Determines whether or not the proxy server name is placed in the host header for content that is not specific to WebSphere Application Server content servers. The options are true or false and are not case sensitive. The default is false.
key=http.compliance.disable: Determines whether HTTP V1.1 compliance is enforced on proxy content server connections. The options are true or false and are not case sensitive. The default is false.
key=http.compliance.via: The value of the via header that is appended to requests and responses for HTTP compliance. If the value is null, a via header will not be appended. If the value is true, a default via value is appended. Otherwise, the specified string via value is appended. The default is null.

Caching

The proxy server can be configured to cache the content of servers. By default, caching content is enabled. The properties that follow apply only if caching is enabled:

Enable caching: Enables caching framework for the proxy server and enables static content caching, as defined by HTTP 1.1 specifications.
Cache instance name: The dynamic cache object cache instance, that is configured in detail under Resources > Cache instances > Object cache instances , used to cache all static and dynamic content responses. This object cache instance must be configured to support new I/O (NIO) application program interfaces (APIs).
Cache update URI: When caching dynamic content, this is the relative URI of an installed content server application that is used to invalidate cached entries.
Cache SSL content: Determines whether client proxy server SSL connections that are terminated by the proxy server should have their responses cached.
Cache dynamic content: Determines whether dynamic content that is generated by WebSphere Application Servers V6.02 or later is cached. Caching dynamic content generated by content servers prior to WebSphere Application Server V6.02 is not supported.
Cache aggressively: Enables caching of HTTP responses that would not normally be cached. Caching rules that are defined by HTTP 1.1 may be broken in order to gain caching optimizations.

Exclusions

The proxy server examines every incoming request. You can define certain methods for exclusion and if the requested HTTP method matches any of the configured methods for exclusion, the proxy server rejects the requests with a METHOD DISALLOWED error.

Logging

The proxy server has logs that are generated for proxied requests and stored cache requests. With this configuration, you can specify the location of the proxy access log and the cache access log.

Use the default location, or specify a directory location. There is a third log called ${SERVER_LOG_ROOT}/local.log that logs locally-served proxy content. This content does not come from the proxy cache. Proxy custom properties that can be used to tweak logging are as follows:

key=http.log.disableAll: This property disables all logging. A value of true stops proxy, cache, and local logging.
key=http.log.maxSize:The maximum log size in megabytes (MB). A value of UNLIMITED indicates unlimited. 25 MB is the default.
key=http.log.localFileName: Contains the name of the local log. A value of NULL indicates that the default ${SERVER_LOG_ROOT}/local.log is used.

HTTP requests are logged in one of three logs: proxy, cache, and local. Local log configuration is not currently available in the administrative console, but it available at ${SERVER_LOG_ROOT}local.log. Specify the location of this log by setting the http.log.localFileName custom property to the file location. The content of each log is formatted using National Center for Supercomputing Applications (NCSA) common log format.

Proxy access log: Logs responses that are received from remote servers.
Cache access log: Logs responses that are served from the local cache.
Local access log: Logs all non-cache local responses, for example, redirects and internal errors.

Security

Use this section to set up security options.

Trusted security proxies: Topologies exist where another layer of work routing is enabled on top of the proxy server. For example, Web servers read incoming requests to verify which proxy they are routed to. This configuration field enables intermediaries other than the proxy server to handle the request by explicitly telling the proxy server that is to trust them. Use an IP or fully qualified host name in this field.
Server header: Enables configuration of the HTTP server header that is returned to clients. Used to suppress server information. If the value is “�?, the content server name is forwarded to client. If the value is “TRUE�?, the default server name “WebSphere Proxy�?, is sent as the content server name. If the value is anything else, the value that is specified is sent as the content server name.

Proxy plug-in configuration policy

Use this parameter for the generation of a proxy plug-in configuration file that you can use on a Web server that is deployed in front of the proxy server. The plug-in can determine the URI that the proxy is handling on behalf of the application server. The plug-in can determine the endpoint, or boundaries of the proxy so that it can properly route requests it receives to the proxy. This feature is useful for those who prefer to deploy a proven Web server in the demilitarized zone (DMZ), which is fully capable of exploiting the ability of the proxy server.

An option is available to define a level by which to generate the plug-in. For the cell scope, the proxy server generates a plug-in configuration that includes all of the URIs handled by all the proxy servers in the cell. The node scope includes all of the URIs that are configured for the node, and at the server level the proxy server generates only a plug-in configuration file for the proxy server that is currently configured.

Custom error page policy

Use this field to support the use of customized error pages when errors occur during the processing of the request. Refer to Overview of the custom error page policy for a summary of how the custom error page policy works. The default is no customized error pages generated. The properties that follow enable customized error pages for use when errors occur during request processing:

Enable policy: Enables custom error pages if the error page URI is provided.
Error page generation application URI: If a valid URI to an installed application is not provided, the custom error page policy does not handle requests.
Handle remote errors: When not selected, only HTTP response error status codes generated by the proxy server are handled. When selected, HTTP response error status codes generated by the proxy server and HTTP response error status codes generated elsewhere after the proxy on the proxy content server connection error responses are handled. A best practice is to configure an error page application on the same physical machine as the proxy server.
Headers to forward to error page application: Specifies additional header values from the client request to forward to the error page application as query parameters. The responseCode and uri query parameters are always sent to the error page application, in addition to the ones that are configured. The responseCode parameter is the HTTP status code that generates internally or is returned by the content server. The uri parameter is the request URI for the client.Example - The error page URI is /ErrorPageApp/ErrorPage, the headers to forward contain Host, and a client sends the following request:
```
GET  /house/rooms/kitchen.jpg HTTP/1.1
Host:  homeserver.companyx.com The request results in a HTTP 404 response (local or remote), and the request URI to the error page application would be:
/ErrorPageApp/ErrorPage?responseCode=404&uri=/house/rooms/kitchen.jpg&Host= homeserver.companyx.com 
```
HTTP status codes that are to be recognized as errors: The status codes that the error page policy provide a response for. If a status code is not specified, the original content of responses with that status code are returned. If no HTTP status codes are specified, the defaults, 404 and 5XX, are used. Instead of specifying status codes individually, the following method is recommended to represent a range:
- 5XX: 500-599
- 4XX: 400-499
- 3XX: 300-399
- 2XX: 200-299

Proxy custom property to use when tweaking the custom error page: key=http.statuscode.errorPageRedirect. This custom property determines whether error page generation is done using the redirect, instead of using the proxy error page application. The values are true or false. The default is false.