Server Settings Definitions
The WebUI Server settings are listed below. Any default settings are noted. If a setting has no default the parameter might not appear in the BigFix Console unless you create it.
_WebUIAppEnv_WEB_COOKIE_MAX_AGE_MINUTES Specifies the amount of time (in minutes) in which the session cookie of the WebUI remains valid. After that amount of time, the session cookie of the WebUI expires. The default value is 60 minutes.
_WebUIAppEnv_MSSQL_CXN_ENCRYPT A string value of 1
indicates that
the user's MSSQL Server is configured to encrypt all traffic, either via Forced
Encryption
or a connection to an Azure Cloud virtual machine. Default is
1
. The value 0
should be used when DB is running
on operating systems (as, for example, Windows 2012) that are not able to select a
suitable cipher compatible with TLSv1 as minimum causing a connection error.
- 'TLSv1.3' is only supported on BigFix Platform Version 11.
- In SAML environments, if you enable the TLS 1.3 restriction on the WebUI side, it will no longer be possible to log in on the BigFix Console and Web Reports with SAML.
TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:
ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-SHA256:
DHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA384:DHE-RSA-AES256-SHA384:ECDHE-RSA-AES256-SHA256:
DHE-RSA-AES256-SHA256:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!SRP:!CAMELLIA:
!kRSA:!DSS:!DSA
_WebUIAppEnv_APP_PORT Configures the port to be used by the WebUI. If you are going to use SAML, remember to set the _WebUI_Monitor_Port key of the BigFix server computer to the very same port.
_WebUIAppEnv_APP_PORT_MIN Sets the min port range to use for express apps (set by bfappmonitor).
_WebUIAppEnv_APP_PORT_MAX Sets the max port range to use for express apps (set by bfappmonitor).
_WebUIAppEnv_APP_CIPHERS The set of ciphers used by the WebUI on port _WebUIAppEnv_APP_PORT (default 5000). The cipher list must be colon-delimited as specified in the _WebUIAppEnv_WEB_CIPHERS setting described above.
_WebUIAppEnv_CACHE_TTL Value is in seconds. Datasync will invalidate things in WebUI.COMPUTED_FIXLET_COUNTS, WebUI.COMPUTED_DEVICE_COUNTS, Webui.SWD_COMPUTED_FIXLET_COUNTS, and Webui.CUSTOM_COMPUTED_FIXLET_COUNTS after the delta between when we cached and the current time exceeds AppEnv_CacheTTL in seconds. The value defaults to 600 if _WebUIAppEnv_CACHE_TTL is not set or the setting is malformed. The polling interval at which Datasync checks to see if CACHE_TTL has elapsed is 60 seconds, so the minimum CACHE_TTL time is 60 seconds. Actual invalidation can occur anywhere from CACHE_TTL seconds up to CACHE_TTL+60 seconds. The minimum value is 180. Anything lower will default to 180.
_WebUIAppEnv_LOGIN_CACHE_TTL_HOURS Value is in hours. At login, it uses this value to determine whether it should repopulate caches or not. Default is 24 hours, minimum is 1 hour. There is no maximum value.
_WebUIAppEnv_NOTIFICATION_EXPIRATION_DAYS Enter the number of days after which the message sent through WebUI to target devices is expired; and hence, the message will be automatically deleted from the SSA Messages tab of the target device. The default value is 3 days.
_WebUIAppEnv_SAML_ONLY When set to 1, sets WebUI to run only in SAML only mode. Disables all other apps except for common and login to allow WebUI to configure SAML but not have anything else run.
_WebUIAppEnv_SAML_SSO_ENABLE When set to 1, will enable Web-based Single Sign-On (SSO) authentication method with SAML. Without the flag set, the default value is Disabled.
_WebUIAppEnv_SAML_AUTHNCONTEXT Defines the authentication context specified on the
SAML exchange. In general, the allowable values are listed in section 3.4 of the SAML
2.0 specification (https://docs.oasis-open.org/security/saml/v2.0/saml-authn-context-2.0-os.pdf), but the value must be allowed/understood by the
SAML Identify Provider (IdP) being used. Most IdPs accept a subset of the values listed
in the spec but might also have their own additional values. See your IdP documentation
to confirm the required value for your environment. (For example, for ADFS, see https://msdn.microsoft.com/en-us/library/hh599318.aspx). If not set,
urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport
is used, which results in FORMS-based authentication requiring a user name and password
to be entered. For two-factor authentication using smart cards, most IdPs require the
use of urn:oasis:names:tc:SAML:2.0:ac:classes:TLSClient
, or
urn:federation:authentication:windows
.
_WebUIAppEnv_QueryOnly When set to 1, sets WebUI to run in Query only mode. Disables all other apps except for common and login to allow WebUI to configure Query but not have anything else run.
_WebUIAppEnv_ENABLE_WEBUI_METRICS A value of 1 turns on logging for all of the webUI route requests. Default location in runapps: <app>/app/dev.out production/site: <app>/dev.out
_WebUIAppEnv_METRICS_PATH Specify path for when ENABLE_WEBUI_METRICS flag is enabled within which sql files and metrics details are generated. Default: <app>/app/dev.out in runapps or <app>/dev.out in production/site
_WebUIAppEnv_APP_UPDATE_ENABLE_AUTO If set to 1, WebUI Apps will auto update to the earliest versions in the pending sites cache. If set to 0, auto update is disabled. By default, auto updates are enabled.
_WebUIAppEnv_APP_UPDATE_DELAY_DAYS When a new site version is released, WebUI will wait this many days before it will replace the currently running version. Only applies when auto updates is enabled. Defaults to 0.
_WebUIAppEnv_LOGIN_SESSION_TIMEOUT_SECONDS Specifies the amount of time before a user is logged out of WebUI due to inactivity. The default timeout is 900 seconds (15 min).
_WebUIAppEnv_PLATFORM_HOST The value is set at install time using the host name specified in the masthead. Change this setting when deploying the WebUI against a non-primary server to configure the client setting on the WebUI host machine to connect to the secondary server. .
_WebUI_Logging_Filter The value of this parameter is a regular expression that
filters events to be logged. The default is
bf*error,bf:bfetl:debug,bf:bfapp:debug,bf:appmonitor:debug,bf:datasync:initialize:debug
.
To enable verbose logging for all BigFix events, use bf*
. To log all
debug events, including third party applications, use simply *
.
_WebUI_Logging_LogPath This value defines the full file path of the service app
log. It also defines the directory in which all other logs will be written. The default
value is
<server_dir>/WebUI/logs/service-app.log
. If the value is
changed to <server_dir>/bananas/fruit.log
for example, the
service app log will be named fruit.log
. However, all other logs will
retain their default names, but they will be written in
<service_dir>/bananas/
. Note that it is not possible to
define the names of any logs except the service app log.
_WebUI_Logging_LogMaxSize Defines the maximum size of each log file in bytes. The default is 5,242,880 or 5 MB (5*1024*1024). When a log file exceeds the limit set here, a second log file is created. This continues until 10 log files have been created, at which point, the first log file is overridden. Therefore the maximum log file size for each log is ten times the value defined here. Note that, depending on usage, log files for each WebUI Application may be written at very different rates. This parameter defines the size of all log files.
_WebUI_HTTPS_Port This parameter defines the port used for HTTPS. The default is 443. This parameter is written by Fixlet 2252 during WebUI Enablement. Fixlet 2250 can be used to change this value at any time.
_WebUI_Redirect_Port This parameter defines the HTTP port used by WebUI if port 80 is not used. This setting does not exist by default. If a port other than 80 is required, this parameter must be defined in conjunction with _WebUI_Redirect_Enable. When Fixlets 2252 and 2250 define a port other than 80, this parameter is defined and enabled.
_WebUI_Redirect_Enable Controls HTTP port access. Use this setting if you don’t want to redirect to the https port. The setting does not exist by default, allowing HTTP port access. To disable HTTP port access, the setting value must equal 0. This parameter works in conjunction with _WebUI_Redirect_Port setting.
_BESRelay_WebUISiteGather_IntervalMinutes Defines how often the WebUI Server gathers sites published by HCL. As the title suggests, this variable is an integer representing minutes between site updates. The default is 5.
_BESRelay_WebUISiteGather_Schedule Sets repeating times where the WebUI Server
gathers sites published by HCL and overrides the setting in
_BESRelay_WebUISiteGather_IntervalMinutes. It is best practice to change the
interval minutes to the default of 5 if you have changed it previously. Enter
comma-separated values in the following case-sensitive format
<Day>:<hh:mm>
where <Day> = Mon, Tue,
Wed, Thu, Fri, Sat, or Sun
. <hh:mm>
is in 24 hour
clock format. For example, the following value will schedule site updates every Sunday
at 9am, Saturday at noon, and Friday at 10:30 PM:
_BESRelay_WebUISiteGather_Schedule=Sun09:00,Sat12:00,Fri22:30
_WebUI_HTTPS_StrictTransportSecurity This setting prevents browsers from connecting to the WebUI using HTTP in favor of HTTPS. The default value is 0. Set this to 1 to enable this security feature.
_WebUIAppEnv_ENABLE_WEBUI_METRICS This setting can be enabled with a value of 1. The primary audience for this setting is WebUI developers, it has little value for administrators under most circumstances.
_WebUIAppEnv_APP_RESTART_DELAY_SECONDS This setting defines the number of seconds the App Monitor will wait before attempting to restart any applications that have stopped for any reason.
_WebUIAppEnv_DEPLOYMENT_DOC_REFRESH_RATE_MS This setting controls how frequently deployment status is refreshed on the deployment document. By default, deployment status refresh is disabled.
_WebUIAppEnv_SP_QUEUE_CONCURRENT This setting sets a limit on the number of stored procedures per App the WebUI allows at any given time in the background (to improve performance). User logins cache requests bypass the queue and get executed immediately. The minimum and the default value is 5.
_WebUIAppEnv_LANG This client setting sets LANG environment variable in the WebUI node processes. This setting does not exist by default. When WebUI is installed on a Linux machine, the LANG environment variable is not set by default on node processes. As such, not all localized messages are displayed correctly. To set the LANG environment variable, this parameter must be defined and set to a preferred language; for example, ja_JP.UTF-8 for Japanese.
_WebUIAppEnv_ENABLE_INLINE_REPORTING This client setting enables inline reporting feature. If WebUI is running on BigFix platform versions less than 10, inline reporting feature is not enabled by default. To enable this feature, this parameter must be set to 1.
_WebUIAppEnv_MAX_FILTERS_NUMBER This setting specifies the maximum number of simultaneous filters that can be applied in The Device List page. If this limit is exceeded, a message is displayed to the user to warn that the performance can be affected. The default value is 5.
_WebUIAppEnv_ENABLE_EXTENSIONS_MANAGEMENT When you set this server setting to 1, it installs and enables the Extension Management application in WebUI. Extension Management Application is not installed in WebUI by default. Configuring a different value to this server setting disables the Extension Management application. You must restart the WebUI service for any changes in this server setting to take effect.
_WebUIAppEnv_APPSTORE_UPDATE_APPS_DELAY is the delay between one entire update process (check all appstore apps) and the next one. It is expressed in hours and the default value is 168 hours (every week). Minimum value is 24 hours.
_WebUIAppEnv_APPSTORE_UPDATE_BETWEEN_APPS_DELAY is the delay between one "round" of ten apps and the next one. It is expressed in seconds and the default value is 3600 seconds. Minimum value is 60 seconds and maximum value is 7200 seconds.
_WebUIAppEnv_APPSTORE_SYNC_VPP_APPS_DELAY is the delay between one entire vpp sync process (check all vpp applications) and the next one. It is expressed in seconds with default value as 300 seconds (5 minutes) and minimum value of 60 seconds. With the default setting, the VPP sync process starts every 5 minutes and updates 25 apps at a time.