Applies To:

Show Versions Show Versions

Manual Chapter: Configuration Guide for BIG-IP® Application Security Management: Appendix A - Internal Parameters for Advanced Configuration
Manual Chapter
Table of Contents   |   << Previous Chapter   |   Next Chapter >>


A

Internal Parameters for Advanced Configuration


Overview of internal parameters

The Application Security Manager has several internal parameters that control how the product functions. In almost all cases, there is no need to change the internal parameters from their default setting.

To view internal parameters in the Configuration utility

  1. On the Main tab of the navigation pane, expand Application Security, and then click Options.
    The RegExp Pool screen opens.
  2. On the menu bar, click Advanced Configuration.
    The Advanced Configuration screen opens, where you can review the settings for the internal parameters.
Important

We recommend that you change the values for the internal parameters only with the guidance of the technical support staff.

Table A.1 lists the internal parameters, their default value, and a description of their purpose.

Table A.1 Internal parameters for the Application Security Manager
Internal Parameter
Default Value
Description
MemoryThreshold
90
When the memory allocated by the Policy Enforcer's umu mechanism reaches this threshold, the Policy Enforcer stops accepting new requests. The threshold is calculated as a percentage of the maximum memory configured for the umu mechanism.
Port_80
8080
The port that the Application Security Manager uses.
ecard_max_http_req_uri_len
2048
Defines a maximum URI length that the bd utility can support in its internal buffers. If this number is higher than the URI length defined per file type, then this number is the limit. If this number is higher than the file type limit, then the file type limit sets the maximum URI length.
MaxJobs
15000
Maximum number of concurrent sessions that the Application Security Manager can handle.
ssl_SSLport
4433
The port on which the Application Security Manager listens for incoming encrypted HTTP requests (SSL). Even though the request is decrypted by TMM utility, the Application Security Manager needs to differentiate between requests that originated as HTTP and requests that originated as encrypted requests.
TcpMaxSynBackLog
500
This parameter configures the backlog parameter of listen() on the incoming requests socket. The backlog parameter defines the maximum queue length of pending connections.
log_bad_msg_sent_to_server
1
When set to 0, the system logs only blocked requests to the database that generates Forensics information.
http_error_filter_list
400,401,404,407,503
If the HTTP response code is between 401 and 599, only responses with a response code that appears in this list are returned as-is to the client. The system blocks all other response codes, and issues the Illegal HTTP status violation.
ecard_regexp_email
^\s*([\w.-]+)@([\w.-]+)\s*$
Specifies the regular expression that defines a valid pattern for parameter values of type email.
cookie_max_age
900
This parameter is the default value (in seconds) assigned to the Max-Age option for the ASM cookie, which is created by the Policy Enforcer.
ssl_CloseSocket
0
When set to 1, the bd utility closes the connection to the client at the end of the response (applies to SSL sessions).
ecard_regexp_phone
^\s*[0-9 ()+-]+\s*$
Specifies the regular expression that defines a valid pattern for parameter values of type phone number.
max_filtered_html_length
52428800
Defines the maximum response size that the bd utility can accumulate for the purposes of checking or extracting data from the response (for example, dynamic parameters or dynamic session in URL).
cookie_expiration_time_out
600
This value is used by the bd utility to determine the length of time (in seconds) for which the ASM cookie data is valid.
cookie_renewal_time_stamp
300
Defines how often the bd utility renews the ASM cookie time. This internal parameter is tightly coupled with cookie_expiration_time_out (in seconds).
tcp_CloseSocket
0
When set to 1, the bd utility closes the connection to the client at the end of the response (applies to TCP session).
ecard_regexp_decimal
^\s*[+-]?\d*(\.\d+)?\s*$
Specifies the regular expression that defines a valid pattern for parameter values of type decimal.
max_concurrent_long_request
100
Maximum number of concurrent long requests that the bd utility can handle. A long request is a request longer than request_buffer_size and less than long_request_buffer_size.
request_buffer_size
4096
Common request length supported by the Policy Enforcer.
long_request_buffer_size
10000000
Longest request length supported by the Policy Enforcer.
allow_all_cookies_at_entry_point
0
When set to 0, if a request arrives with no main ASM cookie (entry point) then every domain cookie that is not configured as ALLOWED-COOKIE is considered an ILLEGAL_DOMAIN_COOKIE.
When set to 1, all cookies are accepted.
ResponseBufferSize
106496
Specifies the maximum amount of clean response data that the system retains.
non_rfc_bitmask
59
Specifies the bit mask that the system applies requests to expose RFC violations.
startup_end_timeout
300
Specifies the maximum time for the bd utility to receive all configuration information, and finish the startup process.
total_umu_max_size
1572864
Specifies the maximum memory size (in bytes) available for the Policy Enforcer's umu mechanism.
max_len_for_pattern_checks
51200
Specifies the maximum length for pattern checks.
cookie_digest_key
11112222333344445555666677778888
This parameter is used as a key in the cookie digest calculations for ASM cookies.
RWThreads
1
Specifies the number of threads that the Application Security Manager uses.




Table of Contents   |   << Previous Chapter   |   Next Chapter >>

Was this resource helpful in solving your issue?




NOTE: Please do not provide personal information.



Incorrect answer. Please try again: Please enter the words to the right: Please enter the numbers you hear:

Additional Comments (optional)