Understanding the magic.properties Configuration Settings
Each X Engine install is highly configurable. The configuration file is installed in the X Engine class path along with the magic jar file.
The following table provides an in-depth explanation of each of the settings that are available in the magic.properties
configuration file:
Setting | Details |
homeDir | The home directory for the X Engine. All files and rule sets deployed to the server will be stored in this folder and backup copies of any rule sets that have been replaced will be stored in a subfolder called “backup”. The value can be an absolute or relative file path. |
Port | The TCP/IP port where the X Engine will listen for instructions from a Composable Architecture Platform console. If using vertical scaling (multiple application server instances on the same server sharing a common configuration folder), then provide a list of port numbers separated by commas. Make sure to create a server instance in the console for each of the ports specified in the port list. Each server clone can then be managed as an individual X Engine. Please note that for vertical scaling, rules for the "Master" (first port in the list) will be stored in the top level home directory, whereas rules for any one of the "slaves" will be deployed to a sub-directory of the home directory named "CloneX" - where X is a sequential number. |
validIPs | This directive is a comma separated list (CSV) of IP addresses of Composable Architecture Platform consoles that are allowed to send commands to this server. This setting is optional. For stronger security, specify a list of trusted console servers that can communicate with this server. |
failOpen | Determines the behaviour in case of a failure. If set to true, the X Engine will terminate itself if an internal problem occurs. If set to false, the X Engine will attempt to recover from any failure. Note: use the Fail Safe Point rule to manage this in a finer grained manner. |
preserveStream | This setting is specifically used for implementations that store and forward requests provided to it over HTTP. Examples of this include the Java/PHP Bridge and the built in forwarding proxy. Generally speaking, if this setting is used in inline filter installations it should be set to false (unless this causes the application to somehow fail). Setting it needlessly to true will impact performance. |
maxRequestSize | This setting is for filter and built in forwarding proxy installations only and determines the maximum request size the filter will accept in bytes. This can be used to protect an application against excessive sized upload attempts and also applies to multi-part POSTs. If not specified, the default setting is 10MB. |
bannedVariableNames | This setting nominates variables that are never allowed to be set within the X Engine when the variables are accessed inline in a proxy or servlet filter. For example, to make sure a user is unable to see an end user’s password, nominate the field name for the password here. Consequently, the rule set will not see the variable. The list is a CSV list of disallowed variable names and is case sensitive. |
bannedVariableMasks | This setting determines what happens when an attempt to set a given banned variable is done within the X Engine. It is a CSV list of tokens that must match the list in bannedVariableNames. Valid tokens are: REMOVE meaning the variable will not be set at all MD5HASH meaning the variable will be set, but encoded with an MD5 Hash SHA1HASH meaning the variable will be set but encoded with an SHA-1 Hash PCIMASK meaning the variable will be treated as a credit card number where only the first 6 and last 4 digits will be visible. Masks and hashes can be combined using the & operator. For example: SHA1HASH&PCIMASK will result in two new variables: [fieldname]_SHA1HASH and [fieldname]_PCIMASK |
EncryptionKey | If the connection between the console and the X Engine is to be encrypted, specify a secret password here. The same password must be provided when the host is defined in the console. If an incorrect match between the console and the host is made, the server will be seen as offline in the console. Note that this field is case sensitive. This setting is optional. |
EncryptionAlgorithm | If using an encrypted connection between the console and the X Engine, specify the encryption algorithm to be used here. The available algorithms depend on the cryptographic extension installed with the JDK version. If left blank, PBEWithMD5AndDES will be used if an EncryptionKey is specified. |
Last updated