Proxy server settings
Use this topic to perform advanced configuration on a proxy server. Proxy settings enable the system administrator to fine tune the behavior of the proxy server. In particular, we can configure the connections and requests to the appserver, enable caching, configure the requests that must be rejected, define how error responses are handled, and specify the location of the proxy logs.
The proxy server, upon creation, auto-senses the environment and is capable of routing requests to WAS ND. Additional configuration can be applied to the proxy server to meet the needs of a particular environment.
To view this admin console page, click...
Servers | Server Types | WebSphere proxy servers | proxy_server_name | HTTP Proxy Server Settings | Proxy settings
We can edit configurable field settings for the proxy server on the Configuration tab.
- Enable Web services support
-
Whether to enable the proxy server to route Web services traffic.
Data type Boolean Default True - Static routing file directory
-
Directory on the proxy server where the static routing file is located.
Data type String Default profile_home/staticRoutes - HTTP methods disabled
-
List of HTTP methods that are disabled for the proxy server. Select the checkbox to enable this setting. Click New or Delete to add or remove HTTP methods from the list.
Data type String Default Blank - Outbound connection settings
-
Specifies basic HTTP connection parameters between the proxy server and content servers.
- Outbound request timeout
- Default number of seconds the proxy server waits for a response before timing out a request to a content server. Consider this option carefully when changing the value.
- Outbound connect timeout
- Number of milliseconds that the proxy server waits to connect to a server. If this time expires, the proxy server attempts to connect to a different server. If no other available servers exist, the request times out. A value of 0 indicates that the proxy server should use the operating system kernel timeout value.
- Pool connections to content server
- Option to pool connections to the server is an optimization feature. Pooling prevents the need to frequently create and destroy socket connections to the server, by allowing the proxy server to pool these connections and reuse them.
- Maximum connections per server
- Maximum number of connections that will be pooled to any single content server.
- Local outbound TCP address
- Local outbound TCP address for data that enters and exits the SIP container. The value for this setting is the hostname or IP address to use for all communications between the SIP proxy and the SIP containers when the network is segmented.
Data type String Default * Range IP address or valid host name
The following proxy custom properties are available to adjust the outbound connections.
- key=http.maxTargetReconnects
Maximum number of reconnects to the same target content server for each request. The default is 5.
- key=http.maxTargetRetries
Maximum number of times the proxy will attempt to select a new target content server for each request. The default is 5.
- key=http.routing.sendReverseProxyNameInHost
Determine whether or not the host header is rewritten for content not on a WAS content server. The options are true or false and are not case sensitive. If the value of this property is false, which is the default setting, then the host header is rewritten as the host of the target server. If the value for this property is true, then the host header is not rewritten.
- key=http.compliance.disable
Determine whether HTTP V1.1 compliance is enforced on proxy content server connections. The options are true or false and are not case sensitive. The default is false.
- key=http.compliance.via
The value of the via header that is appended to requests and responses for HTTP compliance. If the value is null, a via header will not be appended. If the value is true, a default via value is appended. Otherwise, the specified string via value is appended. The default is null.
- Inbound connection SSL configuration
-
Specifies the SSL configuration from one of several sources.
- Centrally managed
- When selected, specifies to use the SSL configuration that is scoped for this endpoint.
- Specific to this endpoint
- When selected, enables the Select SSL Configuration list.
- Select SSL Configuration
- Predefined SSL configuration.
Data type String Default None Range NONE, CellDefaultSSLSettings, or NodeDefaultSSLSettings
- Caching
-
Whether to enable the proxy server to cache the content of servers.
When Enable caching is selected, static content caching is enabled for the proxy server, as defined by HTTP 1.1 specifications. By default, caching content is enabled.
The properties that follow apply only if caching is enabled:
- Cache instance name
- Dynamic cache object cache instance configured in Resources > Cache instances > Object cache instances, which is used to cache all static and dynamic content responses. This object cache instance must be configured to support new I/O (NIO) application program interfaces (APIs).
- Cache SSL content
- Determine whether client proxy server SSL connections that are terminated by the proxy server should have their responses cached.
- Cache aggressively
- Enables caching of HTTP responses that would not normally be cached. Caching rules defined by HTTP 1.1 may be broken in order to gain caching optimizations.
- Cache dynamic content
- Whether dynamic content that is generated by WASs V6.02 or later is cached. Caching dynamic content generated by content servers prior to WAS V6.02 is not supported.
- Limit memory cache entry size
- When selected, the setting Memory cache entry size is enabled.
- Memory cache entry size
- Maximum size of an individual cached response in MB. Any cached response larger than this will not be cached.
- Logging
-
The proxy server has logs that are generated for proxy and stored cache requests. When Enable access logging is selected, we can specify the size and location of the access logs.
- Access log maximum size
- Specify the maximum size, in megabytes, for an access log.
Data type Integer Units Megabytes Default 500
- Proxy access log
- Directory location for a proxy access log.
Data type String Default ${SERVER_LOG_ROOT}/proxy.log
- Cache access log
- Directory location for a cache access log.
Data type String Default ${SERVER_LOG_ROOT}/cache.log
- Local access log
- Directory location for a local access log.
Data type String Default ${SERVER_LOG_ROOT}/local.log
There is a log called ${SERVER_LOG_ROOT}/local.log that logs locally served proxy content. This content is not in the proxy cache.
HTTP requests are logged in one of three logs: proxy, cache, and local. Local log configuration is not currently available in the admin console, but it is available at ${SERVER_LOG_ROOT}/local.log. Specify the location of this log by setting the http.log.localFileName custom property to the file location. The content of each log is formatted using National Center for Supercomputing Applications (NCSA) common log format.
- Proxy access log: Logs responses that are received from remote servers.
- Cache access log: Logs responses that are served from the local cache.
- Local access log: Logs all non-cache local responses, for example, redirects and internal errors.
Proxy custom properties that can be used to set logging are as follows:
- key=http.log.disableAll: This property disables all logging. A value of true stops proxy, cache, and local logging.
- key=http.log.maxSize:The maximum log size in megabytes (MB). A value of UNLIMITED indicates unlimited. 25 MB is the default.
- key=http.log.localFileName: Contains the name of the local log. A value of NULL indicates that the default ${SERVER_LOG_ROOT}/local.log is used.
- Security
-
Use this section to set up security options.
- Use a proxy-masking server header
- When selected, specifies to forward the content server's name to the client.
- Use the backend server header
- When selected, specifies the default server name is sent as the content server name.
- Specify a server header value
- When selected, the Server header setting is enabled.
- Server header
- Server name used in HTTP responses.
- Trusted security proxies
- Specifies intermediaries other than the proxy server to handle requests. This setting identifies which proxies can be trusted; for example, Web servers read incoming requests to verify which proxy they are routed to. Use an IP or fully qualified host name in this field.
- Select the checkbox to enable Security proxy. Click New or Delete to add or remove proxies from the list.
An empty list of trusted security proxies indicates that all WAS plug-in clients are trusted.
Data type String Default Blank Range IP address or valid host name
- Proxy plug-in configuration policy
-
Use this section to configure proxy plug-ins.
- Generate plug-in configuration
- Generation of a proxy plug-in configuration file that we can use on a Web server that is deployed in front of the proxy server. The plug-in can determine the URI that the proxy is handling on behalf of the appserver. The plug-in can determine the endpoint, or boundaries of the proxy so that it can properly route requests that it receives to the proxy.
- The options available to generate the plug-in are described in the following table:
Scope Description None No scope. All The proxy server generates a plug-in configuration that includes all of the URIs that are handled by proxy servers in the local cell and all cells that are connected by a core group bridge. Cell The proxy server generates a plug-in configuration that includes all of the URIs that are handled by all the proxy servers in the cell. Node Includes all of the URIs that are configured for the node. Server The proxy server generates a plug-in configuration file only for the proxy server that is currently configured.
- Plug-in config change script
- Path to a script that is run after the WAS plug-in configuration is generated.
- Custom error page policy
-
Use this section to configure settings for error pages when errors occur during the processing of a request.
The default is for no customized error pages to be generated.
- Error page generation application URI
- Specifies that if a valid uniform resource locator (URI) to an installed application is provided, the custom error page policy is enabled. If a valid URI to an installed application is not provided, the custom error page policy does not handle requests.
- Handle remote errors
- When selected, specifies HTTP response error status codes generated by the proxy server and HTTP response error status codes generated elsewhere after the proxy on the proxy content server connection error responses are handled. When not selected, only HTTP response error status codes generated by the proxy server are handled. A best practice is to configure an error page application on the same physical machine as the proxy server.
- Headers to forward to error page application
- Specifies additional header values from the client request to forward to the error page application as query parameters. The responseCode and URI query parameters are always sent to the error page application, in addition to the ones that are configured. The responseCode parameter is the HTTP status code that generates internally or is returned by the content server. The URI parameter is the request URI for the client.Example - The error page URI is /ErrorPageApp/ErrorPage, the headers to forward contain Host, and a client sends the following request:
GET /house/rooms/kitchen.jpg HTTP/1.1 Host: homeserver.companyx.com
The request results in a HTTP 404 response (local or remote), and the request URI to the error page application would be:
/ErrorPageApp/ErrorPage?responseCode=404&uri=/house/rooms/kitchen.jpg&Host= homeserver.companyx.com
- HTTP status codes that are to be recognized as errors
- Status codes that the error page policy provides a response for. If a status code is not specified, the original content of responses with that status code are returned. If no HTTP status codes are specified, the defaults, 404 and 5XX, are used. Instead of specifying status codes individually, the following method is recommended to represent a range:
- 5XX: 500-599
- 4XX: 400-499
- 3XX: 300-399
- 2XX: 200-299
Proxy custom property to use when seting the custom error page: key=http.statuscode.errorPageRedirect. This custom property determines whether error page generation is done using the redirect, instead of using the proxy error page application. The values are true or false. The default is false.
- Static file serving
-
Values needed for the proxy server to perform static file serving.
- Static file document root
- Location on the file system where the static document files are located.
Data type String Default ${USER_INSTALL_ROOT}/staticContent
- Content mappings
- Content type mapping for a particular file extension. Specify a value for the following settings.
Extension The subject file extension to map to a context type Header The header name to send to the client Value The value of the header to send to the client in the context-type header Weight A float value used to calculate the rank of files with this extension
- Workload management
-
Values needed for the proxy server to perform workload management.
- High availability monitor timeout
- Amount of time, in seconds, before a high availability monitor timeout.
Data type String Units Seconds Default 300
- Advisor URI
- URI for an advisor.
Data type String Default /
- Load balancing algorithm
- Algorithm for the load balancer.
Data type String Default Blank
Related tasks
Set up the proxy server
Related information
Overview of the custom error page policy