HTTP transport channel custom properties

If you are using an HTTP transport channel, you can add any of the following custom properties to the configuration settings for that channel.

To add a custom property, complete the following task:
  1. In the administrative console, click Servers > Server Types, and then select one of the following options, depending on the type of chain that you are modifying:
    • WebSphere application servers > server_name. Under Web Container Settings, click Web container transport chains > chain_name > HTTP inbound channel > Custom properties > New.
    • WebSphere proxy servers > server_name. Under HTTP Proxy Server Settings, click Proxy server transports, select either HTTPS_PROXY_CHAIN or HTTP_PROXY_CHAIN, and then click HTTP inbound channel > Custom properties > New.
  2. Under General Properties specify the name of the custom property in the Name field and a value for this property in the Value field. You can also specify a description of this property in the Description field.
  3. Click Apply or OK.
  4. Click Save to save your configuration changes.
  5. Restart the server.

accessLogFormat

Avoid trouble: If you use this custom property, ensure that the Use chain-specific logging option is selected as part of your configuration settings for NCSA access logging. By default, the Use global logging service option is selected for NCSA access logging. For more information, see Enabling access logging.

Use the accessLogFormat property to specify the information you want included in the NCSA access log for an HTTP transport channel, and how you want that information formatted. The value for this property is a space separated list of options. The order that you specify the options determines the format of this information in the log.

Each option can be enclosed in quotation marks, but the quotation marks are not required. Unless otherwise noted, a value of - is printed for an option if the requested information cannot be obtained for that option.

The Following list indicates the available options and the information that is printed if that option is specified as part of the value specified for this property.
%a
Remote IP address
%A
Local IP address
%b
Response size in bytes excluding headers
%B
Response size in bytes excluding headers

0 is printed instead of - if no value is found.

%{CookieName}C or %C
The request cookie specified within the brackets, or if the brackets are not included, prints all of the request cookies.
%D
The elapsed time of the request - millisecond accuracy, microsecond precision
%h
Remote host
%{HeaderName}i
HeaderName header value from the request
%m
Request method
%{HeaderName}o
HeaderName header value from the response
%q
Output the query string with any password escaped
%r
First line of the request
%{R}W
Service time of the request from the moment the request is received until the first set of bytes of the response is sent - millisecond accuracy, microsecond precision
%s
Status code of the response
%t
NCSA format of the start time of the request
%(t)W
The current time when the message to the access log is queued to be logged in normal NCSA format
%u
Remote user according to the WebSphere Application Server specific $WSRU header
%U
URL Path, not including the query string
%{X}W
Cross Component Tracing (XCT) Context ID

For example, you might specify the following directives as the value for this property:

%h "%{HeaderName}i" %u %t "%r" %s %b
Based on this setting, the NCSA access log will include the following information for each request in the specified order:
  • The remote host
  • The HeaderName header value from the request
  • The remote user according to the WebSphere Specific $WSRU header
  • The NCSA format of the start time of the request
  • The first line of the request
  • The status code of the response
  • The response size in bytes excluding headers
Important: In the preceding code example, the double quotation marks ("") around the %r and %{HeaderName}i options indicate that these values can contain spaces that are not field delimiters. Not enclosing these fields in double quotation marks does not result in an error. However, it might cause problems for some programs that process the output file.

CookiesConfigureNoCache

Use the CookiesConfigureNoCache property to specify whether the presence of a Set-Cookie header in an HTTP response message triggers the addition of several cache related headers. If this property is set to true, an Expires header with a very old date, and a Cache-Control header that explicitly tells the client not to cache the Set-Cookie header are automatically added. These headers are not automatically added if this property is set to false.

This property is functionality equivalent to the com.ibm.websphere.cookies.no.header property that was available in previous versions of the product.

Information Value
Data type Boolean
Default True

DoNotAllowDuplicateSetCookies

Use the DoNotAllowDuplicateSetCookies property to prevent the HTTP Channel from sending multiple Set-Cookie headers with the same name. The default value is false.

Information Value
Default False

EnableBuildBackupList

Use the EnableBuildBackupList property to enable the HTTP channel to scan for the history files in the access and error logs directory, and rolling these files over with any newer log files created.

When this property is set to true, the HTTP Channel scans for the history files in the access and error logs directory, and rolls these files over with any newer log files created.

  • After you configure the HTTP error log and the NCSA access log, make sure that the Enable NCSA access logging field is selected for the HTTP channels for which you want logging to occur. To verify that this field is selected for an HTTP channel, click Servers > Server Types > WebSphere application servers > server_name > Web container transport chains > HTTP inbound channel. This setting has to be enabled before setting this custom property to true has any effect on the HTTP channel functionality.
  • If you use this custom property you must also ensure that the Use chain-specific logging option is selected as part of your configuration settings for NCSA access logging. By default, the Use global logging service option is selected for NCSA access logging.
Information Value
Data type Boolean
Default False

HonorTransferEncoding

Use the HonorTransferEncoding property to indicate whether the HTTP transport channels should convert a chunked message to a content-length delimited message when there is only one chunk.

When this property is set to true, the HTTP transport channels write out the chunks instead of switching to a content-length message even if the message only consists of one chunk. There is a performance impact to this setting because the HTTP transport channels does two writes for every single-chunk message: the first write is for the message, and the second write is for the zero byte chunk that marks the end of the message

When this property is set to false, the HTTP transport channels convert a chunked message to a content-length delimited message when there is only one chunk. This setting improves channel performance because the channel only does one write for a single-chunk message that is converted to a content-length message.

Information Value
Data type Boolean
Default False

limitFieldSize

Use the limitFieldSize property to enforce the size limits on various HTTP fields, such as request URLs, or individual header names or values. Enforcing the size limits of these fields guards against possible Denial of Service attacks. An error is returned to the remote client if a field exceeds the allowed size.

Information Value
Data type Integer
Default 32768
Range 50-32768

limitNumHeaders

Use the limitNumHeaders property to limit the number of HTTP headers that can be present in an incoming message. If this limit is exceeded, an error is returned to the client.

Information Value
Data type Integer
Default 500
Range 50 to 4000

localLogFilenamePrefix

Use the localLogFilenamePrefix property to specify a prefix for the filename of the network log file. Normally, when inprocess optimization is enabled, requests through the inprocess path are logged based on the logging attributes set up for the web container's network channel chain. You can use this property to add a prefix to the filename of the network log file. This new filename is then used as the filename for the log file for inprocess requests. Requests sent through the inprocess path are logged to this file instead of to the network log file. For example, if the log file for a network transport chain is named .../httpaccess.log, and this property is set to local for the HTTP channel in that chain, the filename of the log file for inprocess requests to the host associated with that chain is …/localhttpaccess.log.

Avoid trouble: If you specify a value for the localLogFilenamePrefix custom property, you must also set the accessLogFileName HTTP channel custom property to the fully qualified name of the log file you want to use for in process requests. You cannot specify a variable, such as $(SERVER_LOG_ROOT), as the value for this custom property.
Information Value
Data type String

loggingDisable

Use this custom property to disable NCSA, FRCA, and error logging on the specified chain.

Information Value
Data type Boolean
Default False

PurgeDataDuringClose

Use this custom property when you want the HTTP Channel, before closing the connection, to read until there is no more data to read.

Information Value
Default False

QuoteAddedNoCacheValue

Use this custom property to add a quoted no-cache attribute to a Cache-Control response header that doesn't already have the attribute on it.

The HTTP Channel will correctly add the quoted no-cache attribute to the header. In the following example, the no-cache attribute is added to this header that is supplied on the response: Cache-Control: public, max-age=604800, no-cache="set-cookie".

Information Value
Default False

RemoveCLHeaderInTempStatusRespRFC7230compat

Use the RemoveCLHeaderInTempStatusRespRFC7230compat property to ensure that the HTTP Channel prevents sending the Content-Length header on response messages with an information status of 1xx or 204.

Information Value
Default False

RemoveServerHeader

Use the RemoveServerHeader property to force the removal of any server header from HTTP responses that the application server sends, thereby hiding the identity of the server program.

Information Value
Data type Boolean
Default False
[9.0.5.4 or later]

sameSiteLax

Use this property to provide a list of cookie names or patterns for the Lax value that is set on the SameSite attribute.

You can specify a single wildcard character (*) as a stand-alone value, or as a character that follows a cookie name prefix. Any cookie name or pattern in the list must be unique. Also, the cookie name or pattern must not be in any configurations that are created by specifying the None value or Strict value on the SameSite attribute.

[9.0.5.4 or later]

sameSiteNone

Use this property to provide a list of cookie names or patterns for the None value that is set on the SameSite attribute.

You can specify a single wildcard character (*) as a stand-alone value, or as a character that follows a cookie name prefix. Any cookie name or pattern in the list must be unique. Also, the cookie name or pattern must not be in any configurations that are created by specifying the Lax value or Strict value on the SameSite attribute. Each cookie that is modified to contain a SameSite value of None as a result of this configuration also has the Secure attribute set.

[9.0.5.4 or later]

sameSiteStrict

Use this property to provide a list of cookie names or patterns for the Strict value that is set on the SameSite attribute.

You can specify a single wildcard character (*) as a stand-alone value, or as a character that follows a cookie name prefix. Any cookie name or pattern in the list must be unique. Also, the cookie name or pattern must not be in any configurations that are created by specifying the Lax value or None value on the SameSite attribute.

ServerHeaderValue

Use the ServerHeaderValue property to replace the default value of the Server header that is added to all outgoing HTTP responses by server if a Server header does not already exist. The default value for the Server header is WebSphere Application Server v/x.x, where x.x is the version of WebSphere Application Server that is running on your system.

Prior to Version 8.5.0.2, if a Server header does not already exist, either the default Server header, or the header you specify as the value of this property, is added to all outgoing HTTP responses by server.

Starting with Version 8.5.0.2, a Server header is no longer automatically added to all outgoing HTTP responses if a Server header does not already exist. If you add this property with a value, that value is included in the Server header that appears in the response. If you specify the value DefaultServerValue, WebSphere Application Server v/x.x is used as the Server header value.

Information Value
Data type String
[9.0.0.11 or later]

trustedHeaderOrigin

The trustedHeaderOrigin custom property acts as an access control list for the receipt of private headers. For example, the $WSPR private headers are sent by proxy servers.

Before fix pack 9.0.5.7, this property accepts a list of comma-separated IP addresses, a value of *, or a value of none. However, before fix pack 9.0.5.7, no hostnames are allowed in the list. The list denotes IP addresses of proxy servers that are allowed to send WebSphere Application Server private headers to the server. When the value is *, any remote host can send private headers. However, when the value is none, no remote hosts are allowed to send private headers.

[9.0.5.7 or later]This property accepts a list of comma-separated IP addresses and hostnames, a value of *, or a value of none. The list denotes IP addresses or hostnames of proxy servers that are allowed to send WebSphere Application Server private headers to the server. When the value is *, any remote host can send private headers. However, when the value is none, no remote hosts are allowed to send private headers.

[9.0.5.7 or later]The IP addresses and hostname can include the * value to denote wildcards, but with restrictions. IP addresses cannot be shortened and must contain a value for each field. For example, the 127.0.0.* and 0:0:0:0:0:ffff:*:* values are valid representations for IP addresses. Hostnames that use wildcards must start with the * value, for example *.ibm.com. The following example shows a valid list that includes wildcards:
localhost, 127.0.0.1, 192.168.*.*, 0:0:0:0:0:ffff:*:*, *.ibm.com, www.example.com

If the web container custom property of trusted is set to false, no inbound private headers are processed, regardless of the setting for the trustedHeaderOrigin property. Additionally, any IP addresses that are defined in the trustedSensitiveHeaderOrigin custom property are implicitly trusted to send non-sensitive private headers, regardless of the setting for the trustedHeaderOrigin property.

Information Value
Data type String
Default *
[9.0.0.11 or later]

trustedSensitiveHeaderOrigin

The trustedSensitiveHeaderOrigin custom property acts as an access control list for the receipt of sensitive private headers, which can be sent by proxy servers.

Before fix pack 9.0.5.7, this property accepts a list of comma-separated IP addresses, a value of *, or a value of none. However, before fix pack 9.0.5.7, no hostnames are allowed in the list. The list denotes IP addresses of proxy servers that are allowed to send sensitive WebSphere Application Server private headers to the server. When the property is set to *, any remote host can send private headers. However, when the value is set to none, no remote hosts are allowed to send private headers.

[9.0.5.7 or later]This property accepts a list of comma-separated IP addresses and hostnames, a value of *, or a value of none. The list denotes IP addresses or hostnames of proxy servers that are allowed to send sensitive WebSphere Application Server private headers to the server. When the value is *, any remote host can send private headers. However, when the value is none, no remote hosts are allowed to send private headers.

[9.0.5.7 or later]The IP addresses and hostname can include the * value to denote wildcards, but with restrictions. IP addresses cannot be shortened and must contain a value for each field. For example, the 127.0.0.* and 0:0:0:0:0:ffff:*:* values are valid representations for IP addresses. Hostnames that use wildcards must start with the * value, for example *.ibm.com. The following example shows a valid list that includes wildcards:
localhost, 127.0.0.1, 192.168.*.*, 0:0:0:0:0:ffff:*:*, *.ibm.com, www.example.com

When the web container custom property of trusted is set to false, no inbound private headers are processed, regardless of this property.

Information Value
Data type String
Default none

SustainedHighVolumeLogging

Use the SustainedHighVolumeLogging property to allow the logging code to attempt to catch up with the backlog of entries. This property is set in the administrative console. Click Servers > Server Types > WebSphere application servers > server_name > Web container transport chains > chain_name > HTTP_channel_name > Custom properties.

UseCaseSensitiveKeyMatcher

UseCaseSensitiveKeyMatcher is to be used in conjunction to accessLogFormat.

Setting this property to true will allow the Key Matcher used in accessLogFormat to be case sensitive. This addresses the case where directives exist both in lowercase and uppercase.

Information Value
Default False

v0CookieDateRFC1123compat

Use the v0CookieDateRFC1123compat property to indicate that the value for the V0 Set-Cookie header Expires attribute is specified in the four digit year format instead of the two digit year format.

By default, the value for the V0 Set-Cookie header Expires attribute is specified in the two digit year format. Set the v0CookieDateRFC1123compat property to true if you need to use the older RFC1123, which requires a four digit year format value for the V0 Set-Cookie Expires attribute.

Information Value
Data type Boolean
Default False

WaitForEndOfMessage

Use this custom property to force the channel to wait for the end of message to be read before starting to service the response.

Information Value
Default False