4.7.5.1. Attributes of AbstractHttpProxy

auth_by_cookie (boolean, rw:r)
Default: FALSE
Authentication informations for one-time-password mode is organized by a cookie not the address of the client.

auth_by_form (boolean, rw:r)
Default: FALSE
When enabled, and the client tries to access an URL that requires authentication, a webpage where users can enter their authentication information is displayed. If the authentication is successful, the result is cached in a cookie.

auth_cache_time (integer, rw:r)
Default: 0
Caching authentication information this amount of seconds.

auth_cache_update (boolean, rw:r)
Default: FALSE
Update authentication cache by every connection.

auth_forward (boolean, rw:rw)
Default: FALSE
Controls whether inband authentication information (username and password) should be forwarded to the upstream server. When a parent proxy is present, the incoming authentication request is put into a 'Proxy-Authorization' header. In other cases the 'WWW-Authorization' header is used.

auth_realm (string, w:r)
Default: "Zorp HTTP auth"
The name of the authentication realm to be presented to the user in the dialog window during inband authentication.

buffer_size (integer, rw:r)
Default: 1500
Size of the I/O buffer used to transfer entity bodies.

connect_proxy (class, rw:rw)
Default: PlugProxy
For CONNECT requests the HTTP proxy starts an independent proxy to control the internal protocol. The connect_proxy attribute specifies which proxy class is used for this purpose.

connection_mode (enum, n/a:rw)
Default: n/a
This value reflects the state of the session. If the value equals to 'HTTP_CONNECTION_CLOSE', the session will be closed after serving the current request. Otherwise, if the value is 'HTTP_CONNECTION_KEEPALIVE' another request will be fetched from the client. This attribute can be used to forcibly close a keep-alive connection.

current_header_name (string, n/a:rw)
Default: n/a
Name of the header. It is defined when the header is processed, and can be modified by the proxy to actually change a header in the request or response.

current_header_value (string, n/a:rw)
Default: n/a
Value of the header. It is defined when the header is processed, and can be modified by the proxy to actually change the value of the header in the request or response.

default_port (integer, rw:rw)
Default: 80
This value is used in non-transparent mode when the requested URL does not contain a port number. The default should be 80, otherwise the proxy may not function properly.

enable_session_persistence (boolean, rw:rw)
Default: FALSE
Allow persistent load balanced connections when accessing session-aware application servers.

enable_url_filter (boolean, rw:r)
Default: FALSE
Enables URL filtering in HTTP requests. See Section 4.7.2.12, URL filtering in HTTP for details.

enable_url_filter_dns (boolean, rw:r)
Default: FALSE
Enables DNS- and reverse-DNS resolution to ensure that a domain or URL is correctly categorized even when it is listed in the database using its domain name, but the client tries to access it with its IP address (or vice-versa). See Section 4.7.2.12, URL filtering in HTTP for details.

error_files_directory (string, rw:rw)
Default: "/usr/share/zorp/http"
Location of HTTP error messages.

error_headers (string, n/a:rw)
Default: n/a
A string included as a header in the error response. The string must be a valid header and must end with a " " sequence.

error_info (string, n/a:rw)
Default: n/a
A string to be included in error messages.

error_msg (string, n/a:rw)
Default: n/a
A string used as an error message in the HTTP status line.

error_silent (boolean, rw:rw)
Default: FALSE
Turns off verbose error reporting to the HTTP client (makes firewall fingerprinting more difficult).

error_status (integer, rw:rw)
Default: 500
If an error occurs, this value will be used as the status code of the HTTP response it generates.

keep_persistent (boolean, rw:r)
Default: FALSE
Try to keep the connection to the client persistent even if the server does not support it.

language (string, rw:r)
Default: "en"
Specifies the language of the HTTP error pages displayed to the client. English (en) is the default. Other supported languages: de (German); hu (Hungarian).

max_auth_time (integer, rw:rw)
Default: 0
Request password authentication from the client, invalidating cached one-time-passwords. If the time specified (in seconds) in this attribute expires, a new authentication from the client browser is requested even if it still has a password cached.

max_body_length (integer, rw:rw)
Default: 0
Maximum allowed length of an HTTP request or response body. The default "0" value means that the length of the body is not limited.

max_chunk_length (integer, rw:rw)
Default: 0
Maximum allowed length of a single chunk when using chunked transfer-encoding. The default "0" value means that the length of the chunk is not limited.

max_header_lines (integer, rw:rw)
Default: 50
Maximum number of header lines allowed in a request or response.

max_hostname_length (integer, rw:rw)
Default: 256
Maximum allowed length of the hostname field in URLs.

max_keepalive_requests (integer, rw:rw)
Default: 0
Maximum number of requests allowed in a single session. If the number of requests in the session the reaches this limit, the connection is terminated. The default "0" value allows unlimited number of requests.

max_line_length (integer, rw:r)
Default: 4096
Maximum allowed length of lines in requests and responses. This value does not affect data transfer, as data is transmitted in binary mode.

max_url_length (integer, rw:rw)
Default: 4096
Maximum allowed length of an URL in a request. Note that this directly affects forms using the 'GET' method to pass data to CGI scripts.

parent_proxy (string, rw:rw)
Default: ""
The address or hostname of the parent proxy to be connected. Either DirectedRouter or InbandRouter has to be used when using parent proxy.

parent_proxy_port (integer, rw:rw)
Default: 3128
The port of the parent proxy to be connected.

permit_ftp_over_http (boolean, rw:r)
Default: FALSE
Allow processing FTP URLs in non-transparent mode.

permit_http09_responses (boolean, rw:r)
Default: TRUE
Allow server responses to use the limited HTTP/0.9 protocol. As these responses carry no control information, verifying the validity of the protocol stream is impossible. This does not pose a threat to web clients, but exploits might pass undetected if this option is enabled for servers. It is recommended to turn this option off for protecting servers and only enable it when Zorp is used in front of users.

permit_invalid_hex_escape (boolean, rw:r)
Default: FALSE
Allow invalid hexadecimal escaping in URLs (% must be followed by two hexadecimal digits).

permit_null_response (boolean, rw:r)
Default: TRUE
Permit RFC incompliant responses with headers not terminated by CRLF and not containing entity body.

permit_proxy_requests (boolean, rw:r)
Default: FALSE
Allow proxy-type requests in transparent mode.

permit_server_requests (boolean, rw:r)
Default: TRUE
Allow server-type requests in non-transparent mode.

permit_unicode_url (boolean, rw:r)
Default: FALSE
Allow unicode characters in URLs encoded as %u. This is an IIS extension to HTTP, UNICODE (UTF-7, UTF-8 etc.) URLs are forbidden by the RFC as default.

request (complex, rw:rw)
Default: empty
Normative policy hash for HTTP requests indexed by the HTTP method (e.g.: "GET", "PUT" etc.). See also Section 4.7.2.2, Configuring policies for HTTP requests and responses.

request_count (integer, n/a:r)
Default: 0
The number of keepalive requests within the session.

request_header (complex, rw:rw)
Default: empty
Normative policy hash for HTTP header requests indexed by the header names (e.g.: "Set-cookie"). See also Section 4.7.2.3, Configuring policies for HTTP headers.

request_method (string, n/a:r)
Default: n/a
Request method (GET, POST, etc.) sent by the client.

request_mime_type (string, n/a:r)
Default: n/a
The MIME type of the request entity. Its value is only defined when the request is processed.

request_stack (complex, rw:rw)
Default: n/a
Attribute containing the request stacking policy: the hash is indexed based on method names (e.g.: GET). See Section 4.7.2.9, Stacking.

request_url (string, n/a:rw)
Default: n/a
The URL requested by the client. It can be modified to redirect the current request.

request_url_file (string, n/a:r)
Default: n/a
Filename specified in the URL.

request_url_host (string, n/a:r)
Default: n/a
Remote hostname in the URL.

request_url_passwd (string, n/a:r)
Default: n/a
Password in the URL (if specified).

request_url_port (integer, n/a:r)
Default: n/a
Port number as specified in the URL.

request_url_proto (string, n/a:r)
Default: n/a
Protocol specifier of the URL. This attribute is an alias for request_url_scheme.

request_url_scheme (string, n/a:r)
Default: n/a
Protocol specifier of the URL (http://, ftp://, etc.).

request_url_username (string, n/a:r)
Default: n/a
Username in the URL (if specified).

request_version (string, n/a:r)
Default: n/a
Request version (1.0, 1.1, etc.) used by the client.

require_host_header (boolean, rw:r)
Default: TRUE
Require the presence of the Host header. If set to FALSE, the real URL cannot be recovered from certain requests, which might cause problems with URL filtering.

rerequest_attempts (integer, rw:rw)
Default: 0
Controls the number of attempts the proxy takes to send the request to the server. In case of server failure, a reconnection is made and the complete request is repeated along with POST data.

reset_on_close (boolean, rw:rw)
Default: FALSE
Whenever the connection is terminated without a proxy generated error message, send an RST instead of a normal close. Causes some clients to automatically reconnect.

response (complex, rw:rw)
Default: empty
Normative policy hash for HTTP responses indexed by the HTTP method and the response code (e.g.: "PWD", "209" etc.). See also Section 4.7.2.2, Configuring policies for HTTP requests and responses.

response_header (complex, rw:rw)
Default: empty
Normative policy hash for HTTP header responses indexed by the header names (e.g.: "Set-cookie"). See also Section 4.7.2.3, Configuring policies for HTTP headers.

response_mime_type (string, n/a:r)
Default: n/a
The MIME type of the response entity. Its value is only defined when the response is processed.

response_stack (complex, rw:rw)
Default: n/a
Attribute containing the response stacking policy: the hash is indexed based on method names (e.g.: GET). See Section 4.7.2.9, Stacking.

rewrite_host_header (boolean, rw:rw)
Default: TRUE
Rewrite the Host header in requests when URL redirection is performed.

session_persistence_cookie_name (string, rw:rw)
Default: "JSESSIONID"
The name of the cookie which will be used to persist load balanced connections when accessing session-aware application servers.

session_persistence_cookie_salt (string, rw:rw)
Default: n/a
The salt to use when hashing the target server addresses in persistent load balanced connections. If session persistence is enabled, this parameter must be set.

strict_header_checking (boolean, rw:r)
Default: FALSE
Require RFC conformant HTTP headers.

strict_header_checking_action (enum, rw:r)
Default: HTTP_HDR_DROP
This attribute controls what should happen if a non-rfc conform or unknown header found in the communication. Only the HTTP_HDR_ACCEPT, HTTP_HDR_DROP and HTTP_HDR_ABORT can be used.

target_port_range (string, rw:rw)
Default: "80,443"
List of ports that non-transparent requests are allowed to use. The default is to allow port 80 and 443 to permit HTTP and HTTPS traffic. (The latter also requires the CONNECT method to be enabled).

timeout (integer, rw:rw)
Default: 300000
General I/O timeout in milliseconds. If there is no timeout specified for a given operation, this value is used.

timeout_request (integer, rw:rw)
Default: 10000
Time to wait for a request to arrive from the client.

timeout_response (integer, rw:rw)
Default: 300000
Time to wait for the HTTP status line to arrive from the server.

transparent_mode (boolean, rw:r)
Default: TRUE
Set the operation mode of the proxy to transparent (TRUE) or non-transparent (FALSE).

url_category (complex, rw:rw)
Default: empty
Normative policy hash for category-based URL-filtering. The hash is indexed by the name of the category.

url_filter_uncategorized_action (enum, rw:rw)
Default: HTTP_URL_ACCEPT

The action applied to uncategorized (unknown) URLs when URL filtering is used. By default, uncategorized URLs are accepted: self.url_filter_uncategorized_action=(HTTP_URL_ACCEPT,). Note that if you set this option to HTTP_URL_REJECT, you must add every URL on your intranet to a category and set an HTTP_URL_ACCEPT rule to this category, otherwise your clients will not able to access your intranet sites. For details, see Section Configuring URL-filtering in HTTP.

use_canonicalized_urls (boolean, rw:rw)
Default: TRUE
This attribute enables URL canonicalization, which means to automatically convert URLs to their canonical form. This enhances security but might cause interoperability problems with some applications. It is recommended to disable this setting on a per-destination basis. URL filtering still sees the canonicalized URL, but at the end the proxy sends the original URL to the server.

use_default_port_in_transparent_mode (boolean, rw:rw)
Default: TRUE
Set the target port to the value of default_port in transparent mode. This ensures that only the ports specified in target_port_range can be used by the clients, even if InbandRouter is used.

Previous Up Next
 Home