...
Code Block |
---|
{
"session": {},
"destinations": ],
"locations": [
{
"location.enabled": true,
"location.enabled": true,
"enable.dynatrace": false,
"plugin": {},
"session.needed": false,
"response.compress": true,
"response.redirect": "https://%{HTTP_HOST}:8443%{PATH_WITH_QUERY}",
"name": "Unsecured requests",
"action": "respond",
"description": "Redirect http to https",
"conditions": [
{
"values": ["http"],
"type": "scheme"
},
{
"deny": true,
"values": [
"127.0.0.1",
"localhost",
"::1",
"0:0:0:0:0:0:0:1"
],
"type": "remoteip"
}
],
"response.status": 307,
"cookiesnapper": {}
},
{
"name": "OpenID Connect Google",
"description": "OpenID Connect authorization code flow example using Google",
"conditions": [{
"deny": false,
"values": ["/openid"],
"type": "path"
}],
"authentication": {
"plugins": ["io.ceptor.authentication.AuthenticatorOpenIDConnect"],
"openidconnect": {
"response.contenttype": "text/html",
"identityprovider.name": "google",
"authenticationplugin": 48,
"redirecturl": "https://%{HTTP_HOST}/openid",
"scope": "openid email profile",
"authorize.url": "https://accounts.google.com/o/oauth2/auth",
"response.status": 200,
"response.content": "<html>\n<head><title>Success<\/title>\n<body>\n<h1>Success<\/h1>\nWelcome %{statevariable:email} - authentication succeeded using google.\n<\/body>\n<\/html>",
"parameters": "access_type=online",
"client.id": "371213948273-79eceu24cm64ft69pln0hk2lfapok1bq.apps.googleusercontent.com"
}
}
},
{
"name": "OpenID Connect Microsoft",
"description": "OpenID Connect authorization code flow example using Microsoft",
"conditions": [{
"deny": false,
"values": ["/openidmicrosoft"],
"type": "path"
}],
"authentication": {
"plugins": ["io.ceptor.authentication.AuthenticatorOpenIDConnect"],
"openidconnect": {
"response.contenttype": "text/html",
"identityprovider.name": "microsoft",
"authenticationplugin": 48,
"redirecturl": "https://%{HTTP_HOST}/openidmicrosoft",
"scope": "openid email profile",
"authorize.url": "https://login.microsoftonline.com/common/oauth2/v2.0/authorize",
"response.status": 200,
"response.content": "<html>\n<head><title>Success<\/title>\n<body>\n<h1>Success<\/h1>\nWelcome %{REMOTE_USER} - authentication succeeded using Microsoft Online.\n<\/body>\n<\/html>",
"client.id": "317190f9-efec-4307-beb9-7f8380a8ae16"
}
}
},
{
"authorization": {
"roles": [],
"authorization.script": "state.agent.logoff(state.id);\ntrue;"
},
"response.contenttype": "text/html",
"content.preload": false,
"plugin": {},
"session.needed": true,
"session.afterconditionsmatch": false,
"name": "Logoff",
"description": "Logs off the session",
"action": "respond",
"conditions": [{
"deny": false,
"values": ["/logoff"],
"type": "path"
}],
"response.status": 200,
"response.content": "<html><body>You are now logged off.<\/body><\/html>",
"cookiesnapper": {}
},
{
"response.contenttype": "text/html",
"plugin": {},
"session.needed": true,
"name": "WebSSO",
"description": "WebSSO / ADFS Example",
"action": "respond",
"response.reason": "OK",
"response.status": 200,
"response.content": "<html>\n<body>Hello... %{REMOTE_USER}\n<\/body>\n<\/html>",
"cookiesnapper": {},
"conditions": [{
"deny": false,
"values": ["/adfs"],
"type": "path"
}],
"authentication": {
"websso": {
"response.contenttype": "text/html",
"identityprovider.name": "%{script}var name=state.getQueryOrPostParam(\"idpname\");\nif (name === null) name = 'microsoft';\nname;",
"redirecturl": "%{REQUEST_URL}",
"serviceprovider.name": "%{script}state.getQueryOrPostParam(\"spname\");",
"failure": {
"response.contenttype": "text/html",
"action": "respond",
"response.status": 403,
"response.content": "<html><body>Authentication failed<p/>\nDetails:<\/br>\n<pre>\n%{htmlencode:EXCEPTION_LOG}\n<\/pre>\n<\/body><\/html>"
},
"response.status": 200,
"response.content": "<html><body>Success %{REMOTE_USER}<\/body><\/html>",
"federation.enabled": true
},
"plugins": ["io.ceptor.authentication.AuthenticatorWebSSO"]
}
},
{
"content.preload": false,
"description": "Every single request",
"request.concurrent.max": 0,
"cookiesnapper": {
"classifier": "%{HTTP_HOST}",
"pattern": "JSESSIONID"
},
"request.queue.size": 10000,
"valid.methods": "GET|POST|OPTIONS|HEAD",
"noauthentication.for.options": false,
"authorization": {
"noauthorization.for.options": false,
"roles": [],
"server.identifier": "none"
},
"proxy.destination": "demoapp",
"request.headers": [
{
"name": "X-Forwarded-Proto",
"value": "%{HTTP_SCHEME}"
},
{
"name": "X-Forwarded-For",
"value": "%{REMOTE_ADDR}"
},
{
"name": "X-Forwarded-Port",
"value": "%{REMOTE_PORT}"
},
{
"name": "X-Forwarded-Server",
"value": "%{SERVER_NAME}"
}
],
"plugin": {"classifier": "%{HTTP_HOST}"},
"request.persecond.max": 0,
"response.maxbytes.persecond": 0,
"urlrewrite": [{
"newurl": "/secret/$1",
"last": true,
"pattern.flags": "CASE_INSENSITIVE",
"decode.before.match": true,
"name": "TOPSECRET to secret",
"pattern": "^/TOPSECRET/(.*)",
"redirect": false,
"clear.query.params": false,
"conditions": [{
"deny": false,
"values": [
"localhost*",
"{regex:IGNORE_CASE}LoCaLhOsT.*"
],
"type": "host"
}]
}],
"session.needed": false,
"response.compress": true,
"name": "All requests",
"response.cookies": [{
"path": "/stuff",
"discard": false,
"name": "IWasHere",
"httponly": true,
"samesite": lax,
"secure": true,
"value": "%{GEOIP_ISP}"
}],
"action": "continue",
"response.headers": [
{
"name": "Via",
"value": "ceptor.io"
},
{
"name": "Server",
"value": null
},
{
"name": "Location",
"value": "%{rewrite:responseheader:location;\"http\\:\\/\\/(.*)$\";\"CASE_INSENSITIVE\";\"https://$1\"}"
}
],
"conditions": [],
"request.cookies": [
{
"name": "sessionid",
"value": null
},
{
"name": "sslsessionid",
"value": null
}
]
},
{
"request.attributes": [{
"name": "NotAGif",
"value": "true"
}],
"plugin": {},
"response.hooks": [
{
"expected.response.status": "404",
"respond": true,
"response.headers": [{
"name": "X-Content",
"value": "WasNotFound"
}],
"response.status": 404,
"response.reason": "Sorry, not found",
"response.contenttype": "text/plain",
"response.content": "Oh no, I did not find that"
},
{
"expected.response.status": "401",
"respond": false,
"response.status": 302,
"response.redirect": "https://somewhere.else",
"script": "%{script}// Example javascript that simply sends the response configured in the response hook\r\n\r\ncontext.gateway.sendResponse(context, context.currentResponseHook.response);"
}
],
"session.notvalid.action": "continue",
"url.validator": {
"verify.encoding": true,
"verify.fullurl": true,
"maxlength": 32768,
"query.key.maxlength": 1024,
"query.value.maxlength": 8192,
"enabled": true,
"authority.regex": null
},
"session.needed": false,
"name": "All requests except jpg,png,gif,css",
"action": "continue",
"conditions": [
{
"values": ["*"],
"type": "path"
},
{
"deny": true,
"values": ["*.jpg|*.png|*.gif|*.css"],
"type": "path"
}
],
"param.validator": {
"verify.pathparams": true,
"verify.params": [{
"value.lowercase": true,
"key.lowercase": true,
"value": "*abc*1",
"key": "test*"
}],
"failure": {
"response.contenttype": "text/html",
"action": "respond",
"response.headers": [],
"response.reason": "Invalid parameter",
"response.status": 400,
"response.content": "<html><body><h1>Invalid parameter<\/h1><\/body><\/html>"
},
"verify.postparams": false,
"verify.params.required": true,
"verify.params.extra.allowed": true,
"verify.queryparams": true
},
"cookiesnapper": {},
"authentication": {
"ntlm": {
"authenticationplugin": 35,
"failure": {
"response.contenttype": "%{script:if (state.httpExchange.getRequestHeaders().getFirst('Content-Type') == 'application/json') 'application/json'; else 'text/html';}",
"action": "respond",
"response.reason": "Invalid userid/password",
"response.status": 403,
"response.content": "%{script:if (state.httpExchange.getRequestHeaders().getFirst('Content-Type') == 'application/json') '{\"error\":\"access.denied\"\\}'; else '<html><head><title>No access<\/title><body><h1>Invalid userid/password<\/h1><\/body><\/html>';}"
},
"required": false,
"allow.anonymous": true
},
"plugins": [
"io.ceptor.authentication.AuthenticatorSSLClientCert",
"io.ceptor.authentication.AuthenticatorBasicAuth"
],
"spnego": {
"authenticationplugin": 26,
"failure": {
"response.contenttype": "%{script:if (state.httpExchange.getRequestHeaders().getFirst('Content-Type') == 'application/json') 'application/json'; else 'text/html';}",
"action": "respond",
"response.reason": "Invalid userid/password",
"response.status": 403,
"response.content": "%{script:if (state.httpExchange.getRequestHeaders().getFirst('Content-Type') == 'application/json') '{\"error\":\"access.denied\"\\}'; else '<html><head><title>No access<\/title><body><h1>Invalid userid/password<\/h1><\/body><\/html>';}"
},
"allow.ntlm.fallback": true
},
"basicauth": {
"authenticationplugin": 9,
"failure": {
"response.contenttype": "%{script:if (state.httpExchange.getRequestHeaders().getFirst('Content-Type') == 'application/json') 'application/json'; else 'text/html';}",
"action": "respond",
"response.headers": [{
"name": "WWW-Authenticate",
"value": "Basic realm=\"ceptor.io\""
}],
"response.reason": "Invalid userid/password",
"response.status": 401,
"response.content": "%{script:if (state.httpExchange.getRequestHeaders().getFirst('Content-Type') == 'application/json') '{\"error\":\"access.denied\"\\}'; else '<html><head><title>No access<\/title><body><h1>Invalid userid/password<\/h1><\/body><\/html>';}"
},
"realm": "ceptor.io",
"required": false
},
"ssl": {
"authenticationplugin": 18,
"failure": {
"response.contenttype": "%{script:if (state.httpExchange.getRequestHeaders().getFirst('Content-Type') == 'application/json') 'application/json'; else 'text/html';}",
"action": "respond",
"response.reason": "Invalid client cert",
"response.status": 401,
"response.content": "%{script:if (state.httpExchange.getRequestHeaders().getFirst('Content-Type') == 'application/json') '{\"error\":\"access.denied\"\\}'; else '<html><head><title>No access<\/title><body><h1>Invalid client certificate<\/h1><\/body><\/html>';}"
},
"required": false
}
},
"ip.restriction": {
"ranges": [
{
"values": [
"127.0.0.1-127.0.0.255",
"::1"
],
"name": "local"
},
{
"values": ["192.168.1.0/24"],
"name": "intranet"
},
{
"values": ["{file}${portalprotect.home}/config/iprange1.txt"],
"name": "range1"
}
],
"allowchange": true,
"action.invalid": {
"response.redirect": "/invalid?originalUrl=%{urlencode:REQUEST_URL}",
"action": "respond",
"response.reason": "Invalid IP",
"response.status": 302
},
"ip.address.maxcount": 32,
"geoip.type": "complex",
"geoip.distance": 100,
"geoip.complexrules": [
"ip1=ip2",
"country1=country2&country2=\"DK\"",
"distance=300"
],
"script": "if (input == '127.0.0.1') true; else false;"
}
},
{
"plugin": {
"response.wrapper.script": "%{file}/responsedumper.js",
"response.wrapper.class": "io.ceptor.gateway.plugin.ResponseDumper",
"request.wrapper.class": "io.ceptor.gateway.plugin.RequestDumper",
"XXXrequest.wrapper.script": "%{file}/requestdumper.js"
},
"session.needed": false,
"name": "JSP response dumper",
"conditions": [{
"values": ["*.jsp"],
"type": "path"
}],
"cookiesnapper": {}
},
{
"proxy.destination": "google",
"plugin": {},
"urlrewrite": [{
"newurl": "https://www.google.com/search?q=$1",
"last": true,
"decode.before.match": true,
"name": "googl",
"pattern": "^/search/(.*)$"
}],
"session.needed": false,
"roles": ["pp_everyone"],
"name": "Google",
"action": "proxy",
"conditions": [{
"values": ["/search*"],
"type": "path"
}],
"cookiesnapper": {}
},
{
"authorization": {
"failure": {
"response.contenttype": "%{script:if (state.httpExchange.getRequestHeaders().getFirst('Content-Type') == 'application/json') 'application/json'; else 'text/html';}",
"action": "respond",
"response.reason": "No access",
"response.status": 403,
"response.content": "%{script:if (state.httpExchange.getRequestHeaders().getFirst('Content-Type') == 'application/json') '{\"error\":\"access.denied\"\\}'; else '<html><head><title>No access<\/title><body><h1>403 No Access<\/h1><\/body><\/html>';}"
},
"roles": [
"staff",
"pp_identifiedusers"
],
"server.identifier": "default"
},
"request.headers": [
{
"name": "authorization",
"value": null
},
{
"name": "x-user",
"value": null
},
{
"name": "x-forwarded-server",
"value": null
},
{
"name": "user-agent",
"value": null
},
{
"name": "Host",
"value": "ekstrabladet.dk"
},
{
"name": "Referer",
"value": null
}
],
"name": "Secret Destination",
"action": "continue",
"locations": [
{
"proxy.destination": "ekstrabladet",
"name": "EB",
"action": "proxy",
"conditions": [{
"values": ["localhost*"],
"type": "host"
}]
},
{
"proxy.destination": "google",
"name": "Google",
"action": "proxy",
"conditions": []
}
],
"conditions": [
{
"ignorecase": true,
"values": [
"/secret/*",
"/secret",
"{regex}^/verysecret.*$"
],
"type": "path"
},
{
"values": ["*"],
"type": "host"
}
],
"request.cookies": [{
"name": "pp_jsessionid",
"value": null
}],
"ip.restriction": {
"ranges": [{
"values": ["192.168.1.0/30"],
"name": "Internal"
}],
"allowchange": false
},
"authentication": {
"plugins": [
"io.ceptor.authentication.AuthenticatorScript",
"io.ceptor.authentication.AuthenticatorForms",
"io.ceptor.authentication.AuthenticatorBasicAuth"
],
"basicauth": {
"realm": "ceptor",
"required": false
},
"forms": {
"redirect": {
"response.redirect": "/login.jsp",
"action": "respond"
},
"authenticationplugin": 9,
"failure": {
"response.contenttype": "%{script:if (state.httpExchange.getRequestHeaders().getFirst('Content-Type') == 'application/json') 'application/json'; else 'text/html';}",
"action": "respond",
"response.reason": "Invalid userid/password",
"response.status": 403,
"response.content": "%{script:if (state.httpExchange.getRequestHeaders().getFirst('Content-Type') == 'application/json') '{\"error\":\"access.denied\"\\}'; else '<html><head><title>No access<\/title><body><h1>Invalid userid/password<\/h1><\/body><\/html>';}"
},
"required": false
},
"script": {
"content.preload": false,
"authentication.script": "authenticate();\r\n\r\nfunction authenticate() {\r\n // If already authenticated, just continue\r\n if (state.agent.isLoggedOn(state.id))\r\n return 'CONTINUE';\r\n \r\n try {\r\n var user = state.httpExchange.getRequestHeaders().getFirst('X-User');\r\n var pass = state.httpExchange.getRequestHeaders().getFirst('X-Password');\r\n if (user === null) {\r\n user = state.httpExchange.getQueryParameters().get('X-User').getFirst();\r\n }\r\n if (pass === null) {\r\n pass = state.httpExchange.getQueryParameters().get('X-Password').getFirst();\r\n }\r\n \r\n if (user === null || pass === null) {\r\n // Ignore if user or password is not supplied - making this type of authentication optional\r\n return 'CONTINUE';\r\n } else {\r\n state.trace.trace('About to logon from script with user: ' + user);\r\n // 9 is authentication plugin type\r\n state.agent.logon(state.id, 9, user, pass, null);\r\n return 'SUCCESS';\r\n }\r\n } catch(err) {\r\n state.gateway.sendAndLogError(state, 401, 'Authentication Required', err);\r\n return 'RESPOND';\r\n }\r\n}"
}
}
},
{
"proxy.destination": "demoapp",
"roles": ["pp_everyone"],
"name": "Local",
"action": "proxy",
"conditions": [{
"values": ["/*"],
"type": "path"
}],
"request.cookies": [{
"name": "ppSessionId",
"value": "%{REQUEST_ID}"
}]
},
{
"response.contenttype": "text/html",
"#description": "Deny access to everything, by default if no other rule is matching",
"name": "Default",
"action": "respond",
"response.headers": [{
"name": "X-Access",
"value": "Denied"
}],
"response.reason": "No access",
"conditions": [{
"values": ["/*"],
"type": "path"
}],
"response.status": 403,
"response.content": "<html><head><title>No access<\/title><body><h1>403 No Access<\/h1><\/body><\/html>"
}
],
"gateway": {},
"listen": []
} |
...
It has many sections below it - note that they are marked with a blank circle if no values are defined for that particular section, and a cog if something is defined for this section. This makes it easy to see if you need to look at a particular session when going through the configuration to view the settings for a particular location.
Location configuration
...
Default: true
JSON key: response.compress
Enable Dynatrace support
If set, Dynatrace OneAgent SDK is called with information about both incoming and outgoing requests, and Dynatrace HTTP tracing header is added to all outgoing requests.
Note |
---|
This requires minimum version 6.5.0 |
Default: false
JSON key: enable.dynatrace
Limits
Can be used to limit the number of concurrent requests, or requests per second for this location.
...