Configuration metadata for outbound HTTP connections | HCL Digital Experience
You can add general proxy configuration parameters to the file proxy-config.xml by using meta-data settings.
You can specify all of these parameters within a
proxy-rules
or
mapping
setting.- HTTP connection handling parameters:
- Use the following configuration parameters to determine how the proxy handles the HTTP connection:
- socket-timeout
- Use this parameter to define the default socket timeout in milliseconds. The socket timeout determines how long the proxy server waits for data after it successfully establishes a connection with the target server. The default value is 20 seconds. A timeout value of zero means that a timeout is not applied.
- retries
- Use this parameter to define the number of retries that you want the proxy to do if it cannot establish a connection with the target server. The default value is 2 retries.
- max-total-connections
- Use this parameter to define the maximum number of HTTP connections that the proxy can open to connect to arbitrary target hosts. The default value is 100 connections.
- max-connections-per-host
- Use this parameter to define the number of HTTP connections that the proxy can open to connect to a specific host. The default value is 50 connections per host.
- User Agent identifier:
- Use the following configuration parameter to redefine the user agent parameter:
- user-agent
- Use this parameter to specify the user agent identifier that you want to be used for the outbound connection.
- Control Redirection:
- Use the following configuration parameter to specify the reaction on an HTTP redirect status
(HTTP status 302):
- follow-redirects
- Set this parameter to
true
if the caller wants an HTTP redirect status to be resolved automatically, that is, the connection is reestablished to the redirection URL. Set this parameter tofalse
if no automated redirection is required. In that case, the proxy returns an HTTP status 302 to the caller. If you do not set this parameter, then the default reaction on a 302 HTTP status depends on the HTTP request method:- For all requests of
HEAD
andGET
, the portal follows the HTTP redirection. - For all other request methods, the portal does not follow the HTTP redirection.
- For all requests of
- Deactivate policy rules, mappings, or custom connection filters:
- A policy rule, a mapping, or a custom connection filter can be set to be deactivated. In this
case, the disabled policy rule or mapping remains in the configuration, but does not take effect at
run time. Ensure that you use the metadata setting to control the activation state of a policy rule
or mapping:
- active
- Valid values are false and true:
- true
- This is the default value. If you set this parameter to
true
, the policy rule is in effect. - false
- If you want the policy rule to be deactivated, set the
active
parameter to the valuefalse
.
- Security parameters:
- Use the following configuration parameters to specify security-related settings of the proxy.
You can also define these security-related parameters within
policy
settings.- unsigned_ssl_certificate_support
- Valid values are false and true:
- true
- If you set this parameter to
true
, the proxy connects to any HTTPS URL that is allowed by the policy, regardless of whether it trusts the specified host. This is the default value. - false
- If you set this parameter to
false
, the proxy connects only to HTTPS URLs that it trusts.
- forward-http-errors
- This parameter defines whether the proxy forwards extra HTTP error codes to the client. Valid
values are false and true:
- false
- This value is the default value. It means that only 2xx and 3xx status codes are forwarded, whereas 4xx error codes are automatically mapped to a 404 'Not Found' error.
- true
- If you set the
forward-http-errors
parameter to true, the proxy forwards every status code, even if it represents an error code.
- forward-credentials-from-vault
- This parameter defines whether user credentials that are retrieved from the credential vault of
the portal can be forwarded to the specified target host by using an HTTP authorization request
header. Valid values are false and true:
- false
- This is the default value. If you set this parameter to
false
, the proxy does not forward credentials. - true
- If you set this parameter to
true
, the proxy forwards credentials.
- xhr-authentication-support
- This parameter defines whether HTTP BASIC user credential challenges from the external service
are rewritten. Valid values are false and true:
- false
- This value is the default value. If you set this parameter to false, the
proxy does not change the
WWW-Authenticate
HTTP header, and the user is prompted for credentials. - true
- If you set this parameter to true, the browser does not ask the user to
provide credentials. Instead, the client-side code can handle that challenge. In detail, the proxy
changes the value of the HTTP header
WWW-Authenticate
fromBASIC
toXHRBASIC
.
- Configuring a Boundary (pass-through) Proxy:
- Use the following configuration parameters to make connections through a boundary (pass-through) proxy:
- passthru_host
- This parameter defines the host name of the pass-through proxy.
- passthru_port
- This parameter defines the port of the pass-through proxy.
- passthru_realm
- This parameter is optional. It defines the authentication realm of the pass-through proxy.
- passthru_username
- This parameter is optional. It defines the user name for the pass-through proxy.
- passthru_password
- This parameter is optional. It defines the password for the pass-through proxy.
<proxy-rules xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:noNamespaceSchemaLocation="http://www.ibm.com/xmlns/prod/sw/http/outbound/proxy-config/2.0">
<policy url="http://www.myremotehost.com/*" name="SamplePolicy">
<actions><method>GET</method></actions>
</policy>
<meta-data>
<name>socket-timeout</name>
<value>10000</value>
</meta-data>
<meta-data>
<name>retries</name>
<value>2</value>
</meta-data>
<meta-data>
<name>max-connections-per-host</name>
<value>50</value>
</meta-data>
<meta-data>
<name>max-total-connections</name>
<value>100</value>
</meta-data>
</proxy-rules>