Protocols 7 and 8 Query rewrite parameters

The query rewrite parameters affect the behavior of the S-TAP with respect to discovery.

These parameters are stored in the [TAP] section of the S-TAP properties file.

Attention: These are advanced parameters and should be modified only by IBM Technical Support.
Attention: If a parameter is available through both the Guardium installation manager (GIM) and the command line interface (CLI), then the GIM parameter, including any defaults, always overwrites any value that is available from WINSTAP_CMD_LINE.
GIM guard_tap.ini Default Value Description
WINSTAP_QRW_INSTALLED QUERY_REWRITE_INSTALLED 0 Enable or disable the query rewrite feature. When set to 0, all other parameters in this group are ignored. Valid values:
  • 0: Disabled
  • 1: Enabled
Note: FIREWALL_INSTALLED and QUERY_REWRITE_INSTALLED cannot be enabled at the same time. If QUERY_REWRITE_INSTALLED is set to 1, then FIREWALL_INSTALLED is disabled.
WINSTAP_QRW_DEFAULT_STATE QUERY_REWRITE_DEFAULT_STATE 0 Sets the query rewrite activation trigger. Must be 0 if firewall_default_state=1. Valid values:
  • 0: QRW activated per session when triggered by a rule in the installed policy
  • 1: QRW activated for every session regardless of the installed policy
  • 2: All traffic is watched by default for QRW policy violations, but if no event triggers the watch in the first PRIORITY_COUNT packets, query rewrite is turned off for the session.

    When set to 2, the QRW operation can be modified by the commands: Watch, Drop, Watch & Drop and Unwatch. When a watch command is received while state 2 is in effect, it changes the state from 2 to 1 so that the connection is permanently subject to firewall or query rewrite operations. When a Drop or Watch & Drop is received, the connection is immediately terminated. When an unwatch command is received while state 2 is in effect, it changes the state from 2 to 0 so the connection is no longer subject to firewall or query rewrite operations.

WINSTAP_QRW_FORCE_WATCH QUERY_REWRITE_FORCE_WATCH NULL Comma-separated list of client IP/MASKs (for example, 1.1.1.1/1.1.1.1,2.2.2.2/2.2.2.2) to watch automatically. Valid when qrw_installed is 1, and qrw_default_state is 0. Cannot be configured to the same IP range as firewall_force_unwatch.
WINSTAP_QRW_FORCE_UNWATCH QUERY_REWRITE_FORCE_UNWATCH NULL Comma separated list of client IP/MASKs (for example, 1.1.1.1/1.1.1.1,2.2.2.2/2.2.2.2) to exclude from watching. Valid when qrw_installed is 1, and qrw_default_state is 1. Cannot be configured to the same IP range as firewall_force_unwatch.
WINSTAP_QUERY_REWRITE_FAIL_CLOSE QUERY_REWRITE_FAIL_CLOSE 0 If the verdict does not come back from the Guardium system and the QUERY_REWRITE_TIMEOUT expires: if QUERY_REWRITE_CLOSE=0 the query rewrite operation proceeds; if QUERY_REWRITE_CLOSE=1 the connection is terminated.
WINSTAP_QUERY_REWRITE_TIMEOUT QUERY_REWRITE_TIMEOUT 10 If the verdict does not come back from the Guardium system and the QUERY_REWRITE_TIMEOUT expires: if QUERY_REWRITE_CLOSE=0 the query rewrite operation proceeds; if QUERY_REWRITE_CLOSE=1 the connection is terminated.