Understanding the magic.properties Configuration Settings

Setting

Details

homeDir

The home directory for the X Engine. All files and rule sets deployed to the server will be stored in this folder and backup copies of any rule sets that have been replaced will be stored in a subfolder called “backup”.

The value can be an absolute or relative file path.

Port

The TCP/IP port where the X Engine will listen for instructions from a Composable Architecture Platform console.

If using vertical scaling (multiple application server instances on the same server sharing a common configuration folder), then provide a list of port numbers separated by commas. Make sure to create a server instance in the console for each of the ports specified in the port list. Each server clone can then be managed as an individual X Engine. Please note that for vertical scaling, rules for the "Master" (first port in the list) will be stored in the top level home directory, whereas rules for any one of the "slaves" will be deployed to a sub-directory of the home directory named "CloneX" - where X is a sequential number.

validIPs

This directive is a comma separated list (CSV) of IP addresses of Composable Architecture Platform consoles that are allowed to send commands to this server. This setting is optional.

For stronger security, specify a list of trusted console servers that can communicate with this server.

failOpen

Determines the behaviour in case of a failure. If set to true, the X Engine will terminate itself if an internal problem occurs. If set to false, the X Engine will attempt to recover from any failure.

Note: use the Fail Safe Point rule to manage this in a finer grained manner.

preserveStream

This setting is specifically used for implementations that store and forward requests provided to it over HTTP. Examples of this include the Java/PHP Bridge and the built in forwarding proxy.

Generally speaking, if this setting is used in inline filter installations it should be set to false (unless this causes the application to somehow fail). Setting it needlessly to true will impact performance.

maxRequestSize

This setting is for filter and built in forwarding proxy installations only and determines the maximum request size the filter will accept in bytes. This can be used to protect an application against excessive sized upload attempts and also applies to multi-part POSTs.

If not specified, the default setting is 10MB.

bannedVariableNames

This setting nominates variables that are never allowed to be set within the X Engine when the variables are accessed inline in a proxy or servlet filter. For example, to make sure a user is unable to see an end user’s password, nominate the field name for the password here. Consequently, the rule set will not see the variable.

The list is a CSV list of disallowed variable names and is case sensitive.

bannedVariableMasks

This setting determines what happens when an attempt to set a given banned variable is done within the X Engine. It is a CSV list of tokens that must match the list in bannedVariableNames. Valid tokens are:

REMOVE meaning the variable will not be set at all

MD5HASH meaning the variable will be set, but encoded with an MD5 Hash

SHA1HASH meaning the variable will be set but encoded with an SHA-1 Hash

PCIMASK meaning the variable will be treated as a credit card number where only the first 6 and last 4 digits will be visible.

Masks and hashes can be combined using the & operator. For example: SHA1HASH&PCIMASK will result in two new variables:

[fieldname]_SHA1HASH and [fieldname]_PCIMASK

EncryptionKey

If the connection between the console and the X Engine is to be encrypted, specify a secret password here. The same password must be provided when the host is defined in the console. If an incorrect match between the console and the host is made, the server will be seen as offline in the console. Note that this field is case sensitive.

This setting is optional.

EncryptionAlgorithm

If using an encrypted connection between the console and the X Engine, specify the encryption algorithm to be used here. The available algorithms depend on the cryptographic extension installed with the JDK version.

If left blank, PBEWithMD5AndDES will be used if an EncryptionKey is specified.