Web Policy Agents 2024.6

Disable Override Request URL Port, Host, or Protocol

  • Map key: Regular expression to be matched against the host header of the request

  • Map value: One or more overrides to disable in the format port|host|proto

In most load balanced deployments, X-Forwarded-* headers provide the load balancer protocol, port, and host to the agent. The agent returns a URL that points to the load-balancer instead of to the agent.

To access the agent directly, bypassing the load balancer, disable overrides with this property. When you access the agent directly, authentication flows bypass the load balancer.

Configuration with disabled overrides isn’t recommended. If you disable overrides, make sure that when bypassing the load balancer you meet the security requirements of your application deployment. Other access controls might be required to ensure that only authorized users have direct access to the application.

The agent disables overrides when all of the following circumstances are met:

  • The request host header matches the key.

  • The load balancer uses the agent IP address instead of hostname.

  • X-Forwarded- headers are not defined on the proxy or load-balancer; X-Forwarded- override this property.

Example: When the request host header matches am.fr.*, overrides for the protocol and host are disabled:




Default: Don’t disable overrides

Property name

  Introduced in Web Agent 2024.6


Load balancing



Bootstrap property


Required property


Restart required


Copyright © 2010-2024 ForgeRock, all rights reserved.