Web Agents 2024.9

Disable Override Request URL Port, Host, or Protocol

  • Map key: Regular expression to be matched against the host header of the request

  • Map value: One or more overrides to disable in the format port|host|proto

In most load balanced deployments, X-Forwarded-* headers provide the load balancer protocol, port, and host to the agent. The agent returns a URL that points to the load-balancer instead of to the agent.

To access the agent directly, bypassing the load balancer, disable overrides with this property. When you access the agent directly, authentication flows bypass the load balancer.

Configuration with disabled overrides isn’t recommended. If you disable overrides, make sure that when bypassing the load balancer you meet the security requirements of your application deployment. Other access controls might be required to ensure that only authorized users have direct access to the application.

The agent disables overrides when all of the following circumstances are met:

  • The request host header matches the key.

  • The load balancer uses the agent IP address instead of hostname.

  • X-Forwarded- headers are not defined on the proxy or load-balancer; X-Forwarded- override this property.

Example: When the request host header matches am.fr.*, overrides for the protocol and host are disabled:

com.sun.identity.agents.config.override.hostmap[am.fr.*]=proto|host

com.sun.identity.agents.config.override.protocol=true

com.sun.identity.agents.config.override.host=true

Default: Don’t disable overrides

Property name

com.sun.identity.agents.config.override.disable.hostmap
  Introduced in Web Agent 2024.6

Function

Load balancing

Type

Unused

Bootstrap property

No

Required property

No

Restart required

No

Copyright © 2010-2024 ForgeRock, all rights reserved.