config web-proxy global
Description: Configure Web proxy global settings.
set ssl-cert {string}
set ssl-ca-cert {string}
set fast-policy-match [enable|disable]
set proxy-fqdn {string}
set max-request-length {integer}
set max-message-length {integer}
set strict-web-check [enable|disable]
set forward-proxy-auth [enable|disable]
set tunnel-non-http [enable|disable]
set unknown-http-version [reject|tunnel|...]
set forward-server-affinity-timeout {integer}
set max-waf-body-cache-length {integer}
set webproxy-profile {string}
set learn-client-ip [enable|disable]
set learn-client-ip-from-header {option1}, {option2}, ...
set learn-client-ip-srcaddr <name1>, <name2>, ...
set learn-client-ip-srcaddr6 <name1>, <name2>, ...
end
Parameter Name | Description | Type | Size |
---|---|---|---|
ssl-cert | SSL certificate for SSL interception. | string | Maximum length: 35 |
ssl-ca-cert | SSL CA certificate for SSL interception. | string | Maximum length: 35 |
fast-policy-match | Enable/disable fast matching algorithm for explicit and transparent proxy policy. enable: Enable setting. disable: Disable setting. |
option | - |
proxy-fqdn | Fully Qualified Domain Name (FQDN) that clients connect to (default = default.fqdn) to connect to the explicit web proxy. | string | Maximum length: 255 |
max-request-length | Maximum length of HTTP request line (2 - 64 Kbytes, default = 8). | integer | Minimum value: 2 Maximum value: 64 |
max-message-length | Maximum length of HTTP message, not including body (16 - 256 Kbytes, default = 32). | integer | Minimum value: 16 Maximum value: 256 |
strict-web-check | Enable/disable strict web checking to block web sites that send incorrect headers that don't conform to HTTP 1.1. enable: Enable strict web checking. disable: Disable strict web checking. |
option | - |
forward-proxy-auth | Enable/disable forwarding proxy authentication headers. enable: Enable forwarding proxy authentication headers. disable: Disable forwarding proxy authentication headers. |
option | - |
tunnel-non-http | Enable/disable allowing non-HTTP traffic. Allowed non-HTTP traffic is tunneled. enable: Allow non-HTTP traffic. disable: Block non-HTTP traffic. |
option | - |
unknown-http-version | Action to take when an unknown version of HTTP is encountered: reject, allow (tunnel), or proceed with best-effort. reject: Rejects requests with unknown HTTP version. tunnel: Tunnels requests with unknown HTTP version. best-effort: Allow unknown HTTP requests and process them using best efforts. |
option | - |
forward-server-affinity-timeout | Period of time before the source IP's traffic is no longer assigned to the forwarding server (6 - 60 min, default = 30). | integer | Minimum value: 6 Maximum value: 60 |
max-waf-body-cache-length | Maximum length of HTTP messages processed by Web Application Firewall (WAF) (10 - 1024 Kbytes, default = 32). | integer | Minimum value: 10 Maximum value: 1024 |
webproxy-profile | Name of the web proxy profile to apply when explicit proxy traffic is allowed by default and traffic is accepted that does not match an explicit proxy policy. | string | Maximum length: 63 |
learn-client-ip | Enable/disable learning the client's IP address from headers. enable: Enable learning the client's IP address from headers. disable: Disable learning the client's IP address from headers. |
option | - |
learn-client-ip-from-header | Learn client IP address from the specified headers. true-client-ip: Learn the client IP address from the True-Client-IP header. x-real-ip: Learn the client IP address from the X-Real-IP header. x-forwarded-for: Learn the client IP address from the X-Forwarded-For header. |
option | - |
learn-client-ip-srcaddr <name> |
Source address name (srcaddr or srcaddr6 must be set). Address name. |
string | Maximum length: 79 |
learn-client-ip-srcaddr6 <name> |
IPv6 Source address name (srcaddr or srcaddr6 must be set). Address name. |
string | Maximum length: 79 |
config web-proxy global
Description: Configure Web proxy global settings.
set ssl-cert {string}
set ssl-ca-cert {string}
set fast-policy-match [enable|disable]
set proxy-fqdn {string}
set max-request-length {integer}
set max-message-length {integer}
set strict-web-check [enable|disable]
set forward-proxy-auth [enable|disable]
set tunnel-non-http [enable|disable]
set unknown-http-version [reject|tunnel|...]
set forward-server-affinity-timeout {integer}
set max-waf-body-cache-length {integer}
set webproxy-profile {string}
set learn-client-ip [enable|disable]
set learn-client-ip-from-header {option1}, {option2}, ...
set learn-client-ip-srcaddr <name1>, <name2>, ...
set learn-client-ip-srcaddr6 <name1>, <name2>, ...
end
Parameter Name | Description | Type | Size |
---|---|---|---|
ssl-cert | SSL certificate for SSL interception. | string | Maximum length: 35 |
ssl-ca-cert | SSL CA certificate for SSL interception. | string | Maximum length: 35 |
fast-policy-match | Enable/disable fast matching algorithm for explicit and transparent proxy policy. enable: Enable setting. disable: Disable setting. |
option | - |
proxy-fqdn | Fully Qualified Domain Name (FQDN) that clients connect to (default = default.fqdn) to connect to the explicit web proxy. | string | Maximum length: 255 |
max-request-length | Maximum length of HTTP request line (2 - 64 Kbytes, default = 8). | integer | Minimum value: 2 Maximum value: 64 |
max-message-length | Maximum length of HTTP message, not including body (16 - 256 Kbytes, default = 32). | integer | Minimum value: 16 Maximum value: 256 |
strict-web-check | Enable/disable strict web checking to block web sites that send incorrect headers that don't conform to HTTP 1.1. enable: Enable strict web checking. disable: Disable strict web checking. |
option | - |
forward-proxy-auth | Enable/disable forwarding proxy authentication headers. enable: Enable forwarding proxy authentication headers. disable: Disable forwarding proxy authentication headers. |
option | - |
tunnel-non-http | Enable/disable allowing non-HTTP traffic. Allowed non-HTTP traffic is tunneled. enable: Allow non-HTTP traffic. disable: Block non-HTTP traffic. |
option | - |
unknown-http-version | Action to take when an unknown version of HTTP is encountered: reject, allow (tunnel), or proceed with best-effort. reject: Rejects requests with unknown HTTP version. tunnel: Tunnels requests with unknown HTTP version. best-effort: Allow unknown HTTP requests and process them using best efforts. |
option | - |
forward-server-affinity-timeout | Period of time before the source IP's traffic is no longer assigned to the forwarding server (6 - 60 min, default = 30). | integer | Minimum value: 6 Maximum value: 60 |
max-waf-body-cache-length | Maximum length of HTTP messages processed by Web Application Firewall (WAF) (10 - 1024 Kbytes, default = 32). | integer | Minimum value: 10 Maximum value: 1024 |
webproxy-profile | Name of the web proxy profile to apply when explicit proxy traffic is allowed by default and traffic is accepted that does not match an explicit proxy policy. | string | Maximum length: 63 |
learn-client-ip | Enable/disable learning the client's IP address from headers. enable: Enable learning the client's IP address from headers. disable: Disable learning the client's IP address from headers. |
option | - |
learn-client-ip-from-header | Learn client IP address from the specified headers. true-client-ip: Learn the client IP address from the True-Client-IP header. x-real-ip: Learn the client IP address from the X-Real-IP header. x-forwarded-for: Learn the client IP address from the X-Forwarded-For header. |
option | - |
learn-client-ip-srcaddr <name> |
Source address name (srcaddr or srcaddr6 must be set). Address name. |
string | Maximum length: 79 |
learn-client-ip-srcaddr6 <name> |
IPv6 Source address name (srcaddr or srcaddr6 must be set). Address name. |
string | Maximum length: 79 |