Defining extra interfaces

Edit online

As an administrator, you can define extra interfaces so that you can configure a set of values for a specific group of settings.

About this task

To configure extra interfaces, define each custom-named interface within the [interfaces] stanza of the WebSEAL configuration file.

Each interface definition includes a list of properties. Most properties imitate equivalent stanza entry names that are found in the WebSEAL configuration file and that are part of the default interface specification (see Default interface specification).

A custom interface specification uses the following format:

[interfaces]
interface-name = property=value[;property=value[;...]]

The following table lists the available properties and values that are used to configure a custom interface:

Table 1. Valid properties and values for extra interface definitions
Property	Values	Description
http-port	port number `disabled` (default)	Port number to listen for HTTP requests on the specified network-interface. The value can also be set to `disabled`. One of either http-port or https-port must be specified when you define an interface.
https-port	port number `disabled` (default)	Port number to listen for HTTPS requests on the specified network-interface. The value can also be set to `disabled`. One of either http-port or https-port must be specified you define an interface.
worker-threads	count `default` (default)	Number of worker threads that are used to process requests received only on this interface. The `default` value can be used to specify use of the worker thread pool that belongs to the default interface (see Default interface specification).
network-interface	IP address `0.0.0.0` (default)	IP address to listen for requests on the specified http-port or https-port. Both IPv4 and IPv6 formats are supported.
certificate-label	key-file-label	Label name of a certificate in the `pdsrv.kdb` key database file. Only valid when https-port is specified. The server-side certificate WebSEAL uses to authenticate to the client.
accept-client-certs	`never` (default) `required` `optional` `prompt_as_needed`	Specifies how WebSEAL is to handle client-side certificates. Only valid when https-port is specified. See Client-side certificate authentication.
websocket-max-worker-threads	`count`	The size of the pool of worker threads which are used to service WebSocket requests on this interface. If no value is specified, the global pool of WebSocket worker threads is used.

Syntax rules for property values:

A value that contains a semicolon (;), double quotation mark ("), or backslash (\) must be preceded by a backslash (\).
Double quotation marks (") must be used to specify values that contain leading or trailing spaces.
If a semicolon (;) appears inside a double-quoted value, it does not require a preceding backslash.

Example

[interfaces]
support = network-interface=9.0.0.8;https-port=444;certificate-label=WS6;
worker-threads=16

This example (entered as one line) creates an interface that is named "support" with the following properties:

Allows WebSEAL to listen for requests at IP address 9.0.0.8, on HTTPS port 444.
The HTTP port defaults to "disabled".
WebSEAL authenticates to SSL clients with a server-side certificate named "WS6" stored in the WebSEAL key database file.
The interface uses its own pool of 16 worker threads to service requests.
The interface defaults to never requiring (prompting for) client-side certificates during authentication.

Note: When you configure WebSEAL with multiple DNS aliases that are assigned to its interfaces, each alias and interface must be assigned to a virtual host junction. WebSEAL does not support multiple DNS aliases that are assigned to its interface definitions, which are not assigned to virtual host junctions.