Protocols

A protocol is used by a network listener to determine the nature of the communication expected by the listener. For example, a protocol determines the timeout of a request, as well as whether HTTPS should be used. The reason the protocol is separate to the listener is so that the same protocol configuration can be used to listen on multiple ports.

Configuration

Existing protocols can be configured from the admin console or with asadmin commands. The protocol configurations can be found in the admin console under Configurations → your-config → Network Config → Protocols.

The following fields can be configured for protocols:

Standard Options

Security

Whether security is enabled for the protocol. When disabled, all the SSL options are ignored.

Asadmin Command:

set configs.config.server-config.network-config.protocols.protocol.${protocol-name}.security-enabled=[true/false]

HTTP Options

Server Name

The name of the server. This will be sent as the Server header in responses.

Asadmin Command:

set configs.config.server-config.network-config.protocols.protocol.${protocol-name}.http.server-name-enabled=value

Default Virtual Server

The default virtual server for the protocol. If multiple virtual servers are appropriate for a request, this determines the priority.

Asadmin Command:

set configs.config.server-config.network-config.protocols.protocol.${protocol-name}.http.default-virtual-server=value

Redirect Port

The port used for SSL redirects.

Asadmin Command:

set configs.config.server-config.network-config.protocols.protocol.${protocol-name}.http.redirect-port=value

Max Connections

The maximum number of requests per connection to keep in keep-alive mode.

Asadmin Command:

set configs.config.server-config.network-config.protocols.protocol.${protocol-name}.http.max-connections=value

Timeout

The amount of time in seconds before a connection is deemed as idle. After this, the connection will no longer be in keep-alive state.

Asadmin Command:

set configs.config.server-config.network-config.protocols.protocol.${protocol-name}.http.timeout-seconds=value

Upload Timeout Enabled

Enables closing a connection that is reading bytes slowly after the Connection Upload Timeout is reached.

Asadmin Command:

set configs.config.server-config.network-config.protocols.protocol.${protocol-name}.http.upload-timeout-enabled=value

Connection Upload Timeout

The timeout, in milliseconds, for uploads. A value of -1 will disable it.

Asadmin Command:

set configs.config.server-config.network-config.protocols.protocol.${protocol-name}.http.connection-upload-timeout-millis=value

Request Timeout

The timeout, in seconds, for requests. A value of -1 will disable it.

Asadmin Command:

set configs.config.server-config.network-config.protocols.protocol.${protocol-name}.http.request-timeout-seconds=value

Send Buffer Size

The size, in bytes, of the send buffer.

Asadmin Command:

set configs.config.server-config.network-config.protocols.protocol.${protocol-name}.http.send-buffer-size-bytes=value

Header Buffer Length

The size, in bytes, of the buffer used to read the request data.

Asadmin Command:

set configs.config.server-config.network-config.protocols.protocol.${protocol-name}.http.header-buffer-length-bytes=value

Max Post Size

The maximum size, in bytes, of POST actions.

Asadmin Command:

set configs.config.server-config.network-config.protocols.protocol.${protocol-name}.http.max-post-size-bytes=value

Max Form Post Size

The maximum size, in bytes, of a POST form.

Asadmin Command:

set configs.config.server-config.network-config.protocols.protocol.${protocol-name}.http.max-form-post-size-bytes=value

Max Save Post Size

The maximum size, in bytes, of a POST which will be saved during authentication.

Asadmin Command:

set configs.config.server-config.network-config.protocols.protocol.${protocol-name}.http.max-save-post-size-bytes=value

URI Encoding

The character set used to decode the request URIs received.

Asadmin Command:

set configs.config.server-config.network-config.protocols.protocol.${protocol-name}.http.uri-encoding=value

HTTP/2 Enabled

Whether to enable HTTP/2 support for the protocol. Note that HTTP/2 can only be used on a secure listener.

Asadmin Command:

set configs.config.server-config.network-config.protocols.protocol.${protocol-name}.http.http2-enabled=[true/false]

Disable HTTP/2 Cipher Check

Whether TLS connections can be established using insecure cipher suites.

Asadmin Command:

set configs.config.server-config.network-config.protocols.protocol.${protocol-name}.http.http2-disable-cipher-check=[true/false]

HTTP/2 Max Concurrent Streams

The number of concurrent streams allowed per HTTP/2 connection.

Asadmin Command:

set configs.config.server-config.network-config.protocols.protocol.${protocol-name}.http.http2-max-concurrent-streams=value

HTTP/2 Initial Window Size

The initial window size in bytes.

Asadmin Command:

set configs.config.server-config.network-config.protocols.protocol.${protocol-name}.http.http2-initial-window-size-in-bytes=value

HTTP/2 Max Frame Payload Size

The maximum size of the HTTP/2 frame payload to be accepted.

Asadmin Command:

set configs.config.server-config.network-config.protocols.protocol.${protocol-name}.http.http2-max-frame-payload-size-in-bytes=value

HTTP/2 Max Header List Size

The maximum size, in bytes, of the header list.

Asadmin Command:

set configs.config.server-config.network-config.protocols.protocol.${protocol-name}.http.http2-max-header-list-size-in-bytes=value

Streams High Water Mark

Streams are periodically cleaned when the stream count exceeds this value, as a proportion of the max concurrent streams

Asadmin Command:

set configs.config.server-config.network-config.protocols.protocol.${protocol-name}.http.http2-streams-high-water-mark=value

Streams Clean Percentage

The number of streams to process when the high water mark is exceeded. Only closed streams will be removed.

Asadmin Command:

set configs.config.server-config.network-config.protocols.protocol.${protocol-name}.http.http2-clean-percentage=value

Streams Clean Frequency Check

The number of streams that must be closed before checking if the number of streams exceeds the high water mark.

Asadmin Command:

set configs.config.server-config.network-config.protocols.protocol.${protocol-name}.http.http2-clean-frequency-check=value

HTTP/2 Push

Enables server push. This is enabled by default.

Asadmin Command:

set configs.config.server-config.network-config.protocols.protocol.${protocol-name}.http.http2-push-enabled=[true|false]

Compression

Whether to enable HTTP/1.1 GZIP compression to save server bandwidth. Will be ignored when HTTP/2 is used.

Asadmin Command:

set configs.config.server-config.network-config.protocols.protocol.${protocol-name}.http.compression=[off/on/force]

Compressible Mime Types

Comma separated list of MIME types for which HTTP compression is used.

Asadmin Command:

set configs.config.server-config.network-config.protocols.protocol.${protocol-name}.http.compressable-mime-type=value

Compression Minimum Size

The minimum size of a file when compression is applied.

Asadmin Command:

set configs.config.server-config.network-config.protocols.protocol.${protocol-name}.http.compression-min-size-bytes=value

No-Compression User Agents

Comma separated list of regular expressions matching user agents for which compression should not be used.

Asadmin Command:

set configs.config.server-config.network-config.protocols.protocol.${protocol-name}.http.no-compression-user-agents=value

Restricted User Agents

List of restricted user agents for which HTTP compression is applied.

Asadmin Command:

set configs.config.server-config.network-config.protocols.protocol.${protocol-name}.http.restricted-user-agents=value

Default Response Type

The default response type if none are matched. Specified as a semi-colon delimited string consisting of content type, encoding, language, charset.

Asadmin Command:

set configs.config.server-config.network-config.protocols.protocol.${protocol-name}.http.default-response-type=value

Adapter

The class name of the static resources adapter.

Asadmin Command:

set configs.config.server-config.network-config.protocols.protocol.${protocol-name}.http.adapter=value

Comet Support

Whether comet support is enabled or not.

Asadmin Command:

set configs.config.server-config.network-config.protocols.protocol.${protocol-name}.http.comet-support-enabled=[true/false]

DNS Lookup

Enables Domain Name System lookups.

Asadmin Command:

set configs.config.server-config.network-config.protocols.protocol.${protocol-name}.http.dns-lookup-enabled=[true/false]

Trace Enabled

Enables the TRACE operation. Setting this to false helps prevent cross-site scripting attacks.

Asadmin Command:

set configs.config.server-config.network-config.protocols.protocol.${protocol-name}.http.trace-enabled=[true/false]

Auth Pass Through

Enable this if the network listener receives traffic from an SSL terminating proxy server.

Asadmin Command:

set configs.config.server-config.network-config.protocols.protocol.${protocol-name}.http.auth-pass-through-enabled=[true/false]

Chunking Enabled

Enables HTTP response chunking.

Asadmin Command:

set configs.config.server-config.network-config.protocols.protocol.${protocol-name}.http.chunking-enabled=[true/false]

XPoweredBy

Whether to include the X-Powered-By header in responses.

Asadmin Command:

set configs.config.server-config.network-config.protocols.protocol.${protocol-name}.http.xpowered-by=value

XFrame Options

When enabled, the X-Frame-Options header will be set to SAMEORIGIN. This can still be overrided by a deployed application.

Asadmin Command:

set configs.config.server-config.network-config.protocols.protocol.${protocol-name}.http.xframe-options=value

Encoded Slash

Allow encoded slashes (e.g. %2F) in URIs.

Asadmin Command:

set configs.config.server-config.network-config.protocols.protocol.${protocol-name}.http.encoded-slash-enabled=[true/false]

Websockets Support Enabled

Allows websockets to be used.

Asadmin Command:

set configs.config.server-config.network-config.protocols.protocol.${protocol-name}.http.websockets-support-enabled=[true/false]

Scheme Mapping

HTTP header name used for identifying the originating protocol of a HTTP request.

Asadmin Command:

set configs.config.server-config.network-config.protocols.protocol.${protocol-name}.http.scheme-mapping=value

Remote User Mapping

HTTP header name used for identifying the originating user of a HTTP request.

Asadmin Command:

set configs.config.server-config.network-config.protocols.protocol.${protocol-name}.http.remote-user-mapping=value

SSL Options

SSLv3 Enabled

Whether to enable SSLv3 or not.

Asadmin Command:

set configs.config.server-config.network-config.protocols.protocol.${protocol-name}.ssl.ssl3-enabled=[true/false]

TLS Enabled

Whether to enable TLS or not.

Asadmin Command:

set configs.config.server-config.network-config.protocols.protocol.${protocol-name}.ssl.tls-enabled=[true/false]

TLS V1.1 Enabled

Whether to enable TLS V1.1 or not. Will be ignored if TLS is disabled.

Asadmin Command:

set configs.config.server-config.network-config.protocols.protocol.${protocol-name}.ssl.tls11-enabled=[true/false]

TLS V1.2 Enabled

Whether to enable TLS V1.2 or not. Will be ignored if TLS is disabled.

Asadmin Command:

set configs.config.server-config.network-config.protocols.protocol.${protocol-name}.ssl.tls12-enabled=[true/false]

Client Authentication

When enabled, clients will be required to authenticate themselves to the server.

Asadmin Command:

set configs.config.server-config.network-config.protocols.protocol.${protocol-name}.ssl.client-auth-enabled=[true/false]

Certificate Nickname

The alias of the certificate to be supplied on secure requests. The certificate should be present in the server keystore.

Asadmin Command:

set configs.config.server-config.network-config.protocols.protocol.${protocol-name}.ssl.cert-nickname=value

Key Store

The name of the keystore file. A keystore stores the certificate to be sent by the server with responses.

Asadmin Command:

set configs.config.server-config.network-config.protocols.protocol.${protocol-name}.ssl.key-store=value

Trust Store

The name of the trust store file. The trust store stores trusted certificates.

Asadmin Command:

set configs.config.server-config.network-config.protocols.protocol.${protocol-name}.ssl.trust-store=value

Trust Algorithm

The name of the trust management algorithm (e.g. PKIX) to use for certification path validation.

Asadmin Command:

set configs.config.server-config.network-config.protocols.protocol.${protocol-name}.ssl.trust-algorithm=value

Max Certificate Length

Maximum number of non self-issued intermediate certificates that can exist in a certification path. This is only valid if the trust algorithm is PKIX.

Asadmin Command:

set configs.config.server-config.network-config.protocols.protocol.${protocol-name}.ssl.trust-max-cert-length=value

Enabled Ciphers

A list of the server enabled ciphers. This string is stores as a comma separated list of the enabled ciphers with a + or a - at the start of each, depending on whether the cipher is enabled or disabled. E.g. +TLS_RSA_WITH_AES_256_CBC_SHA,+SSL_RSA_WITH_3DES_EDE_CBC_SHA.

Asadmin Command:

set configs.config.server-config.network-config.protocols.protocol.${protocol-name}.ssl.ssl3-tls-ciphers=value

Handshake Timeout

The timeout, in millis, for a handshake. After this timeout the handshake will be aborted.

Asadmin Command:

set configs.config.server-config.network-config.protocols.protocol.${protocol-name}.ssl.handshake-timeout-millis=value

TLS Rollback

Whether TLS rollback is enabled or not.

Asadmin Command:

set configs.config.server-config.network-config.protocols.protocol.${protocol-name}.ssl.tls-rollback-enabled=[true/false]

Asadmin Commands

The following asadmin commands are available for administering HTTP protocols instead of using the admin console. The parameters are all explained in the configuration options above.

create-protocol

The create-protocol command creates a bare protocol to be configured with create-http and create-ssl.

Format

asadmin> create-protocol [--help]
           [--securityenabled={false|true}]
           [--target target]
           protocol-name

create-http

The create-http command creates a set of HTTP parameters for a created protocol.

Format

asadmin> create-http [--help]
           --default-virtual-server virtual-server
           [--request-timeout-seconds timeout]
           [--timeout-seconds timeout]
           [--max-connection max-keepalive]
           [--dns-lookup-enabled={false|true}]
           [--servername server-name]
           [--target target]
           protocol-name

create-ssl

The create-ssl command creates a set of SSL parameters for a created protocol.

Format

asadmin> create-ssl [--help]
        --certname certname
        --type protocol
        [--ssl3enabled={false|true}]
        [--ssl3tlsciphers ssl3tlsciphers]
        [--tlsenabled={false|true}]
        [--tlsrollbackenabled={false|true}]
        [--clientauthenabled={false|true}]
        [--target target]
        listener-id