HTTP transport channel custom properties

Use the accessLogFormat property to specify the information you want included in the NCSA access log for an HTTP transport channel, and how you want that information formatted. The value for this property is a space separated list of options. The order that you specify the options determines the format of this information in the log.

Each option can be enclosed in quotation marks, but the quotation marks are not required. Unless otherwise noted, a value of - is printed for an option if the requested information cannot be obtained for that option.

For example, you might specify the following directives as the value for this property:

%h "%{HeaderName}i" %u %t "%r" %s %b

Use the CookiesConfigureNoCache property to specify whether the presence of a Set-Cookie header in an HTTP response message triggers the addition of several cache related headers. If this property is set to true, an Expires header with a very old date, and a Cache-Control header that explicitly tells the client not to cache the Set-Cookie header are automatically added. These headers are not automatically added if this property is set to false.

This property is functionality equivalent to the com.ibm.websphere.cookies.no.header property that was available in previous versions of the product.

Use the decompressionRatioLimit property to specify the maximum decompression ratio to compression ratio for the request body payload. The HTTP channel reads the request body and verifies the ratio as the body decompresses. The channel stops decompression of the request body if the decompression ratio exceeds the configured value and the decompressionTolerance is reached.

Use the decompressionTolerance property to specify the maximum number of times the HTTP channel tolerates a decompression ratio that exceeds the configured ratio, which is depicted by the decompressionRatioLimit httpOption attribute. The HTTP channel stops decompressing the request body if this value is reached and the subsequent decompression cycle still contains a decompression ratio that exceeds the ratio limit.

Use the DoNotAllowDuplicateSetCookies property to prevent the HTTP Channel from sending multiple Set-Cookie headers with the same name. The default value is false.

Use the EnableBuildBackupList property to enable the HTTP channel to scan for the history files in the access and error logs directory, and rolling these files over with any newer log files created.

When this property is set to true, the HTTP Channel scans for the history files in the access and error logs directory, and rolls these files over with any newer log files created.

• After you configure the HTTP error log and the NCSA access log, make sure that the Enable NCSA access logging field is selected for the HTTP channels for which you want logging to occur. To verify that this field is selected for an HTTP channel, click Servers > Server Types > WebSphere application servers > server_name > Web container transport chains > HTTP inbound channel. This setting has to be enabled before setting this custom property to true has any effect on the HTTP channel functionality.
• If you use this custom property you must also ensure that the Use chain-specific logging option is selected as part of your configuration settings for NCSA access logging. By default, the Use global logging service option is selected for NCSA access logging.

Use the HonorTransferEncoding property to indicate whether the HTTP transport channels should convert a chunked message to a content-length delimited message when there is only one chunk.

When this property is set to true, the HTTP transport channels write out the chunks instead of switching to a content-length message even if the message only consists of one chunk. There is a performance impact to this setting because the HTTP transport channels does two writes for every single-chunk message: the first write is for the message, and the second write is for the zero byte chunk that marks the end of the message

When this property is set to false, the HTTP transport channels convert a chunked message to a content-length delimited message when there is only one chunk. This setting improves channel performance because the channel only does one write for a single-chunk message that is converted to a content-length message.

Use the limitFieldSize property to enforce the size limits on various HTTP fields, such as request URLs, or individual header names or values. Enforcing the size limits of these fields guards against possible Denial of Service attacks. An error is returned to the remote client if a field exceeds the allowed size.

Use the limitNumHeaders property to limit the number of HTTP headers that can be present in an incoming message. If this limit is exceeded, an error is returned to the client.

Use the localLogFilenamePrefix property to specify a prefix for the filename of the network log file. Normally, when inprocess optimization is enabled, requests through the inprocess path are logged based on the logging attributes set up for the web container's network channel chain. You can use this property to add a prefix to the filename of the network log file. This new filename is then used as the filename for the log file for inprocess requests. Requests sent through the inprocess path are logged to this file instead of to the network log file. For example, if the log file for a network transport chain is named .../httpaccess.log, and this property is set to local for the HTTP channel in that chain, the filename of the log file for inprocess requests to the host associated with that chain is …/localhttpaccess.log.

Use this custom property to disable NCSA, FRCA, and error logging on the specified chain.

Use this custom property when you want the HTTP Channel, before closing the connection, to read until there is no more data to read.

Use this custom property to add a quoted no-cache attribute to a Cache-Control response header that doesn't already have the attribute on it.

The HTTP Channel will correctly add the quoted no-cache attribute to the header. In the following example, the no-cache attribute is added to this header that is supplied on the response: Cache-Control: public, max-age=604800, no-cache="set-cookie".

Use the RemoveCLHeaderInTempStatusRespRFC7230compat property to ensure that the HTTP Channel prevents sending the Content-Length header on response messages with an information status of 1xx or 204.

Use the RemoveServerHeader property to force the removal of any server header from HTTP responses that the application server sends, thereby hiding the identity of the server program.

Use this property to provide a list of cookie names or patterns for the Lax value that is set on the SameSite attribute.

You can specify a single wildcard character (*) as a stand-alone value, or as a character that follows a cookie name prefix. Any cookie name or pattern in the list must be unique. Also, the cookie name or pattern must not be in any configurations that are created by specifying the None value or Strict value on the SameSite attribute.

Use this property to provide a list of cookie names or patterns for the None value that is set on the SameSite attribute.

You can specify a single wildcard character (*) as a stand-alone value, or as a character that follows a cookie name prefix. Any cookie name or pattern in the list must be unique. Also, the cookie name or pattern must not be in any configurations that are created by specifying the Lax value or Strict value on the SameSite attribute. Each cookie that is modified to contain a SameSite value of None as a result of this configuration also has the Secure attribute set.

Tip: If cookies are shared in cross-site requests, you might need to set the sameSitePartitioned custom property to true.

Use this property to add the Partitioned attribute to a cookie when the SameSite attribute is set to None.

A true value for this property specifies that the Partitioned attribute is added.

This property is browser-dependent. For more information, see the list of supported browsers.

Use this property to provide a list of cookie names or patterns for the Strict value that is set on the SameSite attribute.

You can specify a single wildcard character (*) as a stand-alone value, or as a character that follows a cookie name prefix. Any cookie name or pattern in the list must be unique. Also, the cookie name or pattern must not be in any configurations that are created by specifying the Lax value or None value on the SameSite attribute.

Use the ServerHeaderValue property to replace the default value of the Server header that is added to all outgoing HTTP responses by server if a Server header does not already exist. The default value for the Server header is WebSphere Application Server v/x.x, where x.x is the version of WebSphere Application Server that is running on your system.

Prior to Version 8.5.0.2, if a Server header does not already exist, either the default Server header, or the header you specify as the value of this property, is added to all outgoing HTTP responses by server.

Starting with Version 8.5.0.2, a Server header is no longer automatically added to all outgoing HTTP responses if a Server header does not already exist. If you add this property with a value, that value is included in the Server header that appears in the response. If you specify the value DefaultServerValue, WebSphere Application Server v/x.x is used as the Server header value.

The trustedHeaderOrigin custom property acts as an access control list for the receipt of private headers. For example, the $WSPR private headers are sent by proxy servers.

Before fix pack 9.0.5.7, this property accepts a list of comma-separated IP addresses, a value of *, or a value of none. However, before fix pack 9.0.5.7, no hostnames are allowed in the list. The list denotes IP addresses of proxy servers that are allowed to send WebSphere Application Server private headers to the server. When the value is *, any remote host can send private headers. However, when the value is none, no remote hosts are allowed to send private headers.

This property accepts a list of comma-separated IP addresses and hostnames, a value of *, or a value of none. The list denotes IP addresses or hostnames of proxy servers that are allowed to send WebSphere Application Server private headers to the server. When the value is *, any remote host can send private headers. However, when the value is none, no remote hosts are allowed to send private headers.

The IP addresses and hostname can include the * value to denote wildcards, but with restrictions. IP addresses cannot be shortened and must contain a value for each field. For example, the 127.0.0.* and 0:0:0:0:0:ffff:*:* values are valid representations for IP addresses. Hostnames that use wildcards must start with the * value, for example *.ibm.com. The following example shows a valid list that includes wildcards:

localhost, 127.0.0.1, 192.168.*.*, 0:0:0:0:0:ffff:*:*, *.ibm.com, www.example.com

If the web container custom property of trusted is set to false, no inbound private headers are processed, regardless of the setting for the trustedHeaderOrigin property. Additionally, any IP addresses that are defined in the trustedSensitiveHeaderOrigin custom property are implicitly trusted to send non-sensitive private headers, regardless of the setting for the trustedHeaderOrigin property.

The trustedSensitiveHeaderOrigin custom property acts as an access control list for the receipt of sensitive private headers, which can be sent by proxy servers.

Before fix pack 9.0.5.7, this property accepts a list of comma-separated IP addresses, a value of *, or a value of none. However, before fix pack 9.0.5.7, no hostnames are allowed in the list. The list denotes IP addresses of proxy servers that are allowed to send sensitive WebSphere Application Server private headers to the server. When the property is set to *, any remote host can send private headers. However, when the value is set to none, no remote hosts are allowed to send private headers.

This property accepts a list of comma-separated IP addresses and hostnames, a value of *, or a value of none. The list denotes IP addresses or hostnames of proxy servers that are allowed to send sensitive WebSphere Application Server private headers to the server. When the value is *, any remote host can send private headers. However, when the value is none, no remote hosts are allowed to send private headers.

The IP addresses and hostname can include the * value to denote wildcards, but with restrictions. IP addresses cannot be shortened and must contain a value for each field. For example, the 127.0.0.* and 0:0:0:0:0:ffff:*:* values are valid representations for IP addresses. Hostnames that use wildcards must start with the * value, for example *.ibm.com. The following example shows a valid list that includes wildcards:

localhost, 127.0.0.1, 192.168.*.*, 0:0:0:0:0:ffff:*:*, *.ibm.com, www.example.com

When the web container custom property of trusted is set to false, no inbound private headers are processed, regardless of this property.

UseCaseSensitiveKeyMatcher is to be used in conjunction to accessLogFormat.

Setting this property to true will allow the Key Matcher used in accessLogFormat to be case sensitive. This addresses the case where directives exist both in lowercase and uppercase.

Use the v0CookieDateRFC1123compat property to indicate that the value for the V0 Set-Cookie header Expires attribute is specified in the four digit year format instead of the two digit year format.

By default, the value for the V0 Set-Cookie header Expires attribute is specified in the two digit year format. Set the v0CookieDateRFC1123compat property to true if you need to use the older RFC1123, which requires a four digit year format value for the V0 Set-Cookie Expires attribute.

Use this custom property to force the channel to wait for the end of message to be read before starting to service the response.