Configuring IAG global URL parameters

  • Article

Applies To: Intelligent Application Gateway (IAG)

Configure Whale Communications Intelligent Application Gateway (IAG) 2007 global URL settings in order to define the following:

  • Global parameter rules that are automatically added to each of the parameter rules you define in the URL Set tab. Global parameter rules are automatically added as follows:

    • To each of the URL inspection rules defined in the URL Set tab.

    • To the individual parameter rules defined in the Parameter List of the URL Set tab. When the request is checked against the rule, the individual parameter rules are applied first. Then the global parameter rules are applied.

  • A global list of rejected parameter values.

  • Global URL settings, including download and upload URLs and the requests that are ignored in session timeout calculations.

  • Set download file limit. In IAG Service Pack 2 you can configure a registry entry to set the maximum size of a downloadable file. This change was first introduced in IAG Service Pack One, Update 4. Prior to this change, the size of a downloadable file was set to 10 megabytes and this value could not be modified.

Configuring global parameter rules

Parameter rules are rules that IAG applies to a URL when its URL inspection rule is set to handle parameters. The global parameter rules you configure in the Global Parameter List are automatically added to each of the URL inspection rules defined on the URL Set tab. The global rules are added to the individual parameter rules you define in the URL Set tab, in the Parameter List. When the request is checked against the rule, the individual parameter rules are applied first and then the global parameter rules.

If the Global Parameter List contains parameters that are also configured in one or more of the individual parameter rules, IAG alerts you of the duplication when you activate the configuration. If two parameters by the same name exist in both the individual and global lists, the individual parameter rule overrides the global parameter rule.

Before configuring parameters, acquaint yourself with the URL Set tab and read the descriptions provided in Configuring IAG URL rules. Then configure global parameter list settings as follows.

To configure global parameter settings

  1. In the IAG Configuration console, click the relevant trunk node.

  2. On the main page of the trunk properties, click Advanced Trunk Configuration. Then click the Global URL Settings tab.

  3. To add a new entry, click Add.

  4. In Name, specify the parameter name. The name must match the name sent by the browser. Note that names are not case sensitive.

  5. In Name Type, specify the type of parameter name as a string or regular expression.

  6. In Value, specify the parameter value. This is dependent upon the value defined in Value Type. For strings, enter a regular expression that defines the acceptable values. For integer and real parameters, a comma divides values, and a colon represents a range of values. Parameter values must be listed according to their length, in descending order from the longest to the shortest.

  7. In Value Type, specify the parameter value type: Integer, Real, or String.

  8. In Length, specify the length of the value.

  9. In Existence, specify how the parameter is evaluated. Select one of the following:

    • Mandatory—To specify that the URL will only be considered valid if this parameter is present.

    • Optional—To specify that the parameter is optional.

    • Reject—To specify that if the parameter appears in the request, then the request is evaluated as invalid.

  10. In Occurrences, specify whether the parameter can appear in the URL once or multiple times.

  11. In Max Total Length, specify the total length of parameter values of all occurrences of this parameter.

  12. In Rejected values checking, specify whether to check the parameter against the Rejected Values list. Select one of the following:

    • On—To check against the list.

    • Off—To specify that the parameter should not be checked against the list.

  13. To remove an entry, select it in the list, and then click Remove.

Configuring rejected values

This section describes how to configure the rejected values list. If a requested URL or a parameter in a URL is configured to handle parameters, is configured to be checked against this list, and contains a parameter value that matches with a rejected value, the request is rejected. You can select whether to check parameter values against the rejected values list when you configure any of the following:

  • Global parameter rules

  • Parameters that you configure for the individual URL-inspection rules, in the URL Set tab, in the Parameter List

  • Unlisted Parameters, in the URL Set tab

If a request’s parameter value is checked against this list and it matches any of the values you configure here, the request is denied.

To configure rejected values

  1. In the IAG Configuration console, click the relevant trunk node.

  2. On the main page of the trunk properties, click Advanced Trunk Configuration. Then click the Global URL Settings tab.

  3. In Rejected Values, click Add, and then enter the value by using regular expressions.

Configuring global URL settings

You can configure the following global URL settings:

  • Download URLs and Upload URLs rules. These rules are applicable in portal trunks for built-in services, Web applications, and browser-embedded applications, and they are also applicable in trunks for directly published Web applications. They are used by IAG when the method by which an application identifies downloads or uploads, in order to enforce its download or upload policy, is set to Identify by URLs. The method by which an application identifies URLs is determined in the Application Properties dialog box, in the Download/Upload tab.

  • Restricted Zone URLs rules. These rules are applicable in portal trunks for built-in services, Web applications, browser-embedded applications, and Web mail and Basic trunks. They are used by IAG when the Restricted Zone option is activated for an application. You activate the Restricted Zone option in the Application Properties dialog box, in the Web Settings tab.

  • Ignore pre-defined URLs, such as URLs requested by KeepAlive mechanisms, in system timeout calculations.

Configuring download URLs

This section describes how you configure the rules that IAG uses in order to identify downloads, when the application’s method for identifying downloads is set to Identify by URLs. For some applications, IAG supplies you with predefined, Application Aware rules, as applicable.

To configure Download URLs rules

  1. In the IAG Configuration console, click the required trunk node.

  2. On the main page of the trunk properties, click Advanced Trunk Configuration. Then click the Global URL Settings tab.

  3. In URL Settings, click Configure next to Download URLs.

  4. In the Download URLs Settings dialog box, click Add.

  5. In the Add Download URLs dialog box, in Type, for portal trunks, select the application type from the list of applications. For Web Mail and Basic trunks, select whether to apply this rule to the application server or to the internal Web site.

  6. In URL, specify the URL by using regular expressions.

  7. In Method, (optional) specify the HTTP method used to access the URL. Multiple methods are separated by commas.

  8. Click OK. The rule is added to the Download URLs Settings dialog box.

  9. Repeat to all download URL rules for all relevant applications. After you next activate the configuration, the defined rules are used to identify downloads.

  10. To edit an existing rule, select the rule in the Download URLs Settings dialog box, and then click Edit.

  11. To delete an existing rule, select the rule in the Download URLs Settings dialog box, and then click Delete.

Configuring upload URLs

Configure upload URL rules as follows.

To configure Upload URLs rules

  1. In the IAG Configuration console, click the relevant trunk node.

  2. On the main page of the trunk properties, click Advanced Trunk Configuration. Then click the Global URL Settings tab.

  3. In URL Settings, next to Upload URLs, click Configure.

  4. In the Upload URLs Settings dialog box, click Add.

  5. In the Add Upload URLs dialog box, in Type, for portal trunks, select the application type from the list of applications. For Web Mail and Basic trunks, select whether to apply this rule to the application server or to the internal Web site.

  6. In URL, specify the URL by using regular expressions. If you wish to check query string parameters, make sure the URL includes the query string.

  7. In Method, (optional) specify the HTTP method used to access the URL. Multiple methods are separated by commas.

  8. Enable Check for Attachments in Content to specify that the contents of the URL should be checked for attachments. When this setting is enabled, only URLs containing attachments are considered uploads.

  9. If you want to specify that POST data parameters should not be checked, select Don't Check POST data parameters.

    If you want to specify that parameters should be checked and that the data must contain all of the rule parameters as defined in the parameter list, select Check with And.

    If you want to specify that parameters should be checked and that the data must contain one or more of the defined parameters, select Check with Or. Note that if you configure the rule to check POST data parameters, ensure that you define the parameters in the parameter list.

  10. Click OK. The rule is added to the Upload URLs Settings dialog box.

  11. Repeat for all upload URL rules for all relevant applications. After you next activate the configuration, the defined rules are used to identify uploads.

  12. To edit an existing rule, select the rule in the Upload URLs Settings dialog box, and then click Edit. If POST data parameters are configured for the selected rule, the parameters are listed in the lower area of the dialog box.

  13. To delete an existing rule, select the rule in the Upload URLs Settings dialog box, and then click Delete.

Configuring restricted zone URLs

This section describes how you configure the rules that IAG uses in order to identify the application’s restricted zone, when the option Activate Restricted Zone is activated. For some applications, IAG supplies you with pre-defined, application-aware rules, as applicable. Configure restricted zone URL rules as follows.

To configure restricted zone URL rules

  1. In the IAG Configuration console, click the required trunk node.

  2. On the main page of the trunk properties, click Advanced Trunk Configuration. Then click the Global URL Settings tab.

  3. In URL Settings, next to Restricted Zone URLs, click Configure.

  4. In the Restricted Zone URLsSettings dialog box, in Type, for portal trunks, select the application type from the list of applications. For Web mail and Basic trunks, select whether to apply this rule to the application server or to the internal Web site.

  5. In URL, specify the URL by using regular expressions. If you wish to check query string parameters, make sure the URL includes the query string.

  6. In Method, (optional) specify the HTTP method used to access the URL. Multiple methods are separated by commas.

  7. Enable Check for Attachments in Content to specify that the contents of the URL should be checked for attachments. When this setting is enabled, only URLs containing attachments are considered uploads.

  8. If you want to specify that POST data parameters should not be checked, select Don't Check POST data parameters.

    If you want to specify that parameters should be checked and that the data must contain all of the rule parameters as defined in the parameter list, select Check with And.

    If you want to specify that parameters should be checked and that the data must contain one or more of the defined parameters, select Check with Or. Note that if you configure the rule to check POST data parameters, ensure that you define the parameters in the parameter list.

  9. Click OK. The rule is added to the Restricted Zone URLs Settings dialog box.

  10. Repeat for all restricted zone URL rules for all relevant applications. After you next activate the configuration, the defined rules are used to identify restricted zones.

  11. To edit an existing rule, select the rule in the Restricted Zone URLs Settings dialog box, and then click Edit. If POST data parameters are configured for the selected rule, the parameters are listed in the lower area of the dialog box.

  12. To delete an existing rule, select the rule in the Restricted Zone URLs Settings dialog box, and then click Delete.

Ignoring URL requests in Inactive Session Timeout calculations

In the Session tab, you can define an Inactive Session Timeout, whereby when a session is inactive for the defined timeout, it expires. Some applications, however, send regular requests for specific URLs, as does, for example, a KeepAlive mechanism. When IAG calculates the Inactive Session Timeout, those requests are included in the calculation. For example, if the configured Inactive Session Timeout is 300 seconds and the application sends a KeepAlive request every 200 seconds, the Inactive Session Timeout is reset every 200 seconds, when the application requests the KeepAlive URL. In this example, the session is never deemed inactive, even if no requests are received from the browser for more than 300 seconds.

You can configure a list of URLs that will be ignored in the calculation of the Inactive Session Timeout. In the example above, if you configure the KeepAlive URL in the Ignore list, the request is excluded from Inactive Session Timeout calculations, and the Inactive Session Timeout is not reset when the application requests the KeepAlive URL. If no requests are received from the browser for 300 seconds, the filter deems the session invalid and closes it. Note the following:

  • Activation of the option for an application is determined in the Application Properties dialog box, in the Web Settings tab, by the option Ignore Requests in Timeout Calculations.

  • Internal Web site URLs that should be ignored during timeout calculations are configured by default. IAG also applies out-of-the- box, Application-Aware rules for supported applications, as applicable.

  • This section describes how you configure additional URLs that will be ignored in session timeout calculation, when the option Ignore Requests in Timeout Calculations is activated. The list is configured per application type and is applied for all applications of this type.

  • The feature is applicable for built-in services, Web applications, and browser-embedded applications.

Configure the inactive session timeout calculations as follows.

To configure the list of URLs that are ignored in Inactive Session Timeout calculations

  1. In the IAG Configuration console, click the required trunk node.

  2. On the main page of the trunk properties, click Advanced Trunk Configuration. Then click the Global URL Settings tab.

  3. In URL Settings, next to Ignore Requests in Timeout Calculations, click Configure.

  4. In the Ignore Requests in Session Timeout Calculations dialog box, click Add.

  5. In the Add URLs dialog box, in Type, for portal trunks, select the application type from the list of applications. For Web mail and Basic trunks, select whether to apply this rule to the application server or to the internal Web site.

  6. In URL, specify the URL by using regular expressions.

  7. In Method, (optional) specify the HTTP method used to access the URL. Multiple methods are separated by commas.

  8. Click OK. The URL is added to the Ignore Requests in Session Timeout Calculations dialog box. Repeat to add all the URLs that you wish to ignore in inactive session timeout calculations to the list. When the filter calculates the Inactive Session Timeout, it will ignore requests for the URLs listed here.

  9. Repeat for all download URL rules for all relevant applications. After you next activate the configuration, the defined rules are used to identify downloads.

  10. To edit an existing rule, select the rule in the Ignore Requests in Session Timeout Calculations dialog box, and then click Edit.

  11. To delete an existing rule, select the rule in the Ignore Requests in Session Timeout Calculations dialog box, and then click Delete.

Setting download file limits

Specify a limit on the size of downloadable files as follows:

To set a download file size limit

  1. Click Start, and type regedit to open Registry Editor.

  2. Locate and then click the following registry subkey: HKEY_LOCAL_MACHINE\SOFTWARE\WhaleCom\e-Gap\von\UrlFilter

  3. On the Edit menu, point to New, and then click DWORD Value.

  4. Type MaxBodyBufferSize, and then press ENTER.

  5. Right-click MaxBodyBufferSize, and then click Modify.

  6. Under Base, click Decimal. In the Value data box, type the desired maximum size value, and then click OK. If the MaxBodyBufferSize registry entry is not present, the maximum size is set to a default of 10 megabytes). Do not set too large a value for the MaxBodyBufferSize registry entry. If the value is too large, the system is likely to run out of memory.

  7. Exit Registry Editor.

Important

Serious problems might occur if you modify the registry incorrectly. Therefore, make sure that you follow these steps carefully. For added protection, back up the registry before you modify it. Then, you can restore the registry if a problem occurs. For more information about how to back up and restore the registry, click the following article number to view the article in the Microsoft Knowledge Base: 322756 https://support.microsoft.com/kb/322756/) How to back up and restore the registry in Windows.