Web server plug-in custom properties
If you are using a web server plug-in, you can add one or more of the following custom properties to the configuration settings for that plug-in.
- In the administrative console, select web_server_name .
- Under General Properties, specify the name of the custom property in the Name field and a value for this property in the Value field. You can also specify a description of this property in the Description field.
- Click Apply or OK.
- Click Save to save your configuration changes.
- Regenerate and propagate the plugin-cfg.xml file.
When using a topology-centric configuration, custom properties may need to be added manually to the generated plugin-cfg.xml. Generation will not modify existing values in plugin-cfg.xml. To generate a new configuration without existing modifications, the file config/cells/plugin-cfg.xml must be removed prior to global plug-in configuration generation.
When working with an existing topology-centric configuration, you can update the global plugin-cfg.xml file using the administrative console or running the GenPluginCfg command for all of the clusters in a cell. However, you must delete the config/cells/plugin-cfg.xml file before you update the global plugin-cfg.xml file. Be aware that if you do not delete the config/cells/plugin-cfg.xml file, only the new properties and their values are added to the global plugin-cfg.xml file. Any updates to existing plug-in property values are not added to the global plugin-cfg.xml file.
CertLabel
Specifies the label of the certificate within the keyring that the plug-in is to use when the web container requests a client certificate from the plug-in. This custom property does not apply to any client certificate that is coming from the SSL connection with the browser. If you are using an SSL co-processor, and the plug-in is not running on a z/OS® or IBM® i system, if you specify the token label, followed by a colon, as the value for this custom property the entire CertLabel value is used as the keyring label.
Information | Value |
---|---|
Data type | Integer |
Range | One half of the value set for the application server transport's persistent time out |
Default | 2 |
HTTPMaxHeaders
Specifies the maximum number of headers that can be included in a request or response that passes through the web server plug-in. If a request or response contains more than the allowable number of headers, the web server plug-in drops the extra headers.
Information | Value |
---|---|
Data type | Integer |
Range | 1 - 4000 |
Default | 300 |
HTTPMaxHeaders = "<value>" in the Config tag. Example :
<Config ASDisableNagle="false" AcceptAllContent="false"
AppServerPortPreference="HostHeader" ChunkedResponse="false"
FIPSEnable="false" HTTPMaxHeaders="2500"
IISDisableNagle="false" IISPluginPriority="High"
IgnoreDNSFailures="false" RefreshInterval="60"
ResponseChunkSize="64" VHostMatchingCompat="false">
IgnoreAffinityRequests
Determines whether the plug-in counts affinity requests against dynamic round-robin weight
countdown. This custom property does not affect how affinity requests are routed. It affects only
round-robin load weight counts. If this custom property is set to true, then
affinity requests are not counted and only new requests are counted. The plug-in evenly distributes
new requests, but total requests that contain affinity
and new
can
seem skewed because of session affinity. If this custom property is set to
false, then affinity requests are counted against load balance weights. The
plug-in distributes new requests to more available cluster members with fewer total requests. This
setting skews the distribution of new requests in favor of better distribution of total
requests.
IISDisableFlushFlag
Specifies how Microsoft Internet Information Services (IIS) handles chunked responses. If the property's value is true, IIS holds chunked responses until it receives all responses. If the property's value is false, IIS passes chunked responses as it receives them.
Information | Value |
---|---|
Data type | Boolean |
Default | True |
KillWebServerStartUpOnParseErr
If the web server plug-in has a DNS failure and property ignoreDNSFailures is false, IBM HTTP Server starts, but the plug-in does not load. As a result, IBM HTTP Server only serves static requests from its own location. Set KillWebServerStartUpOnParseErr totrue when ignoreDNSFailures is false to prevent IBM HTTP Server from starting.
Information | Value |
---|---|
Data type | Boolean |
Default | False |
MarkBusyDown
If the value is true, the plug-in temporarily marks the server down to give it a chance to complete the restart. The duration of the markdown depends on the RetryInterval specified in the plug-in configuration.
Information | Value |
---|---|
Data type | Boolean |
Default | False |
SSLConsolidate
Specifies whether the web server plug-in is to compare the setup of each new SSL transport with the setup of other SSL transports that are already defined in the configuration file. When you set this property to true, and the plug-in determines that the keyring and CertLabel values specified for the new SSL transport match the values specified for an already defined SSL transport, the plug-in uses the existing SSL environment instead of creating a new SSL environment. Creating fewer SSL environments means that the plug-in requires less memory, and the plug-in initialization time decreases, thus optimizing your overall IBM Global Security Kit (GSKit) environment.
Information | Value |
---|---|
Data type | Boolean |
Default | True |
SSLPKCSDriver
Specifies the fully qualified name of the loadable module that interfaces with an optional SSL co-processor. The fully qualified name must include the directory path and the module name.
Information | Value |
---|---|
Data type | String |
Default | None |
SSLPKCSPassword
Specifies the password for the SSL co-processor with which the module, specified for the SSLPKCSDriver custom property, is interfacing.
If you are using an IBM HTTP Server, you can use the sslstash program to create a file that contains this password. In this situation, you can specify the fully qualified name of that file, instead of the actual password, as the value for this custom property.
Information | Value |
---|---|
Data type | String |
Default | None |
StrictSecurity
Indicates that you want to allow the plug-in to enable security compatible with the application server FIPS SP800-131 and TLSv1.2 handshake protocol settings.
Typically, the security library in the web server plug-in does not enable strict security by default. If strict security is enabled on the application server, connections fail unless an insecure connection is also configured.
To enable this property, set the StrictSecurity property to true.
Information | Value |
---|---|
Data type | String |
Default | False |
TrustedProxyEnable
Permits the web server plug-in to interface
with the proxy servers and load balancers that are listed for the
TrustedProxyList custom property. When this property is set to true
,
the proxy servers and load balancers in this trusted proxy list can
set values for the $WSRA and $WSRH internal headers. The $WSRA internal
header is the IP address of the remote host, which is typically the
browser, or an internal address that is obtained by Network Address
Translation (N.A.T.). The $WSRH internal header is the host name of
the remote host. This header information enables the web server plug-in
to interface with that specific proxy server or load balancer.
When you use this custom property, you must also use the TrustedProxyList custom property to specify a list of trusted proxy servers and load balancers. Also, you must clear the Remove special headers check box on the Request Routing panel within the administrative console. For more information, see the documentation on web server plug-in request routing properties.
Information | Value |
---|---|
Data type | Boolean |
Default | False |
TrustedProxyList
Specifies a comma-delimited list of all proxy servers or load balancers that have permission to interface with this web server plug-in. You must use this property with the TrustedProxyEnable=true custom property setting. If the TrustedProxyEnable custom property is set to false, this list is ignored.
TrustedProxyList = myProxyServer1.myDomain.com,myProxyServer2.com,192.168.0.1
Information | Value |
---|---|
Data type | String |
Default | None |
UseInsecure
Specifies that if you want to allow the plug-in to create unsecured connections when secure connections are defined, as was done in previous versions of WebSphere Application Server, you need to create the custom property UseInsecure=true.
Information | Value |
---|---|
Data type | Boolean |
Default | False |