Bypassing buffering on a per-resource basis

WebSEAL uses an internal buffer when processing data sent in requests to WebSEAL and responses from junction applications.

This buffering typically provides performance improvement. For certain applications that send or return small amounts of data, the buffering can cause the data to be held temporarily at WebSEAL while the buffer is being filled. For some applications, it might be preferable to bypass the buffering and stream the data directly to the junctioned server or to the clients. This scheme is not efficient for general web traffic; apply it only to particular resources that require streamed data. For example, apply it to junctions configured for RPC over HTTP communication. See Microsoft RPC over HTTP.

We can apply a protected object policy (POP) to individual resources that directs WebSEAL to bypass buffering for those resources. To bypass buffering for a particular resource response, attach a POP to the resource with an attribute named response-buffer-control set with the value bypass. To bypass buffering for a particular resource request, attach a POP to the resource with an attribute named request-buffer-control set with the value bypass.

The following example

Steps

  1. Create a POP named bypassPOP with the appropriate attributes.
    pdadmin> pop create bypassPOP
    pdadmin> pop modify bypassPOP set attribute response-buffer-control bypass
    pdadmin> pop modify bypassPOP set attribute request-buffer-control bypass

  2. Attach the POP to the chosen resource.
    pdadmin> pop attach /WebSEAL/myinstance/myjunction/cgi-bin/smallCGI bypassPOP

    This POP only affects the data in the body of the request or response that is received from the client or junction. WebSEAL still buffers the request and response headers.

    When buffering HTTP requests using this POP technique, there are limitations. Certain WebSEAL functions require the entire request body, and this body is not available when streaming a request to a junctioned server.

    The following WebSEAL functionality cannot be used when using request streaming: WebSEAL response streaming can still be applied to resources that use this WebSEAL functionality.

Parent topic: Advanced junction configuration

Related concepts

Related tasks