Query rewrite parameters

The query rewrite parameters affect the behavior of the S-TAP with respect to discovery.

These parameters are stored in the [TAP] section of the S-TAP properties file.

Attention: These are advanced parameters and should be modified only by IBM Technical Support.
Attention: If a parameter is available through both the GIM and the command line interface (CLI), then the GIM parameter, including any defaults, always overwrites any value that is available from WINSTAP_CMD_LINE.
GIM guard_tap.ini Default Value Description Protocol version
WINSTAP_QRW_INSTALLED QUERY_REWRITE_INSTALLED 0 Enable or disable the query rewrite feature. When set to 0, all other parameters in this group are ignored. Valid values:
  • 0: Disabled
  • 1: Enabled
Note: FIREWALL_INSTALLED and QUERY_REWRITE_INSTALLED cannot be enabled at the same time. If QUERY_REWRITE_INSTALLED is set to 1, then FIREWALL_INSTALLED is disabled.
 7 and 8
WINSTAP_QRW_DEFAULT_STATE QUERY_REWRITE_DEFAULT_STATE 0 Sets the query rewrite activation trigger. Must be 0 if firewall_default_state=1. Valid values:
  • 0: QRW activated per session when triggered by a rule in the installed policy
  • 1: QRW activated for every session regardless of the installed policy
  • 2: All traffic is watched by default for QRW policy violations, but if no event triggers the watch in the first PRIORITY_COUNT packets, query rewrite is turned off for the session.

    When set to 2, the QRW operation can be modified by the commands: Watch, Drop, Watch & Drop and Unwatch. When a watch command is received while state 2 is in effect, it changes the state from 2 to 1 so that the connection is permanently subject to firewall or query rewrite operations. When a Drop or Watch & Drop is received, the connection is immediately terminated. When an unwatch command is received while state 2 is in effect, it changes the state from 2 to 0 so the connection is no longer subject to firewall or query rewrite operations.

 7 and 8
WINSTAP_QRW_FORCE_WATCH QUERY_REWRITE_FORCE_WATCH NULL Comma-separated list of client IP/MASKs (for example, 1.1.1.1/1.1.1.1,2.2.2.2/2.2.2.2) to watch automatically. Valid when qrw_installed is 1, and qrw_default_state is 0. Cannot be configured to the same IP range as firewall_force_unwatch. 7 and 8
WINSTAP_QRW_FORCE_UNWATCH QUERY_REWRITE_FORCE_UNWATCH NULL Comma separated list of client IP/MASKs (for example, 1.1.1.1/1.1.1.1,2.2.2.2/2.2.2.2) to exclude from watching. Valid when qrw_installed is 1, and qrw_default_state is 1. Cannot be configured to the same IP range as firewall_force_unwatch. 7 and 8
WINSTAP_QUERY_REWRITE_FAIL_CLOSE QUERY_REWRITE_FAIL_CLOSE 0 If the verdict does not come back from the Guardium system and the QUERY_REWRITE_TIMEOUT expires: if QUERY_REWRITE_CLOSE=0 the query rewrite operation proceeds; if QUERY_REWRITE_CLOSE=1 the connection is terminated. 7 and 8
WINSTAP_QUERY_REWRITE_TIMEOUT QUERY_REWRITE_TIMEOUT 10 If the verdict does not come back from the Guardium system and the QUERY_REWRITE_TIMEOUT expires: if QUERY_REWRITE_CLOSE=0 the query rewrite operation proceeds; if QUERY_REWRITE_CLOSE=1 the connection is terminated. 7 and 8