Configure environment variables to affect the user that is running the web server, virtual host, or location that the agent protects.
This section describes Web Agent properties that are configured by environment variables. After setting an environment variable, restart Web Agent.
For information about environment variables for installation, see Installation environment variables.
For information about allowing environment variables to be used in NGINX, see the env directive in the NGINX Core functionality documentation.
(Unix only) The base number for IPC identifiers used by the agent. The shared memory semaphore ID range used by the agent starts at the specified value. Set this variable only if you detect that the agent semaphores are clashing with those of other processes in your environment.
Default: Arbitrary value
The maximum number of agent instances in the installation. The higher the number, the more shared memory the agent reserves.
When the maximum is reached, an additional agent instances that starts will log an error, and will not protect resources.
The maximum size in bytes of the shared memory for the session and policy cache:
Not set, or set to
For multiple concurrent sessions, consider using a higher value.
The number of seconds for which the agent installer can contact AM during agent configuration validation.
If the installer takes longer than this value to contact AM and validate the configuration, installation fails.
Default: 4 seconds
onto enable the policy cache.
Specify a directory in which to store the policies in the
The directory in which to store the policy cache. The agent must be able to write to this directory.
(Unix only) The permissions that the agent sets for its runtime resources.
AM_RESOURCE_PERMISSIONSenvironment variable requires the
umaskvalue to allow these permissions for the files.
Consider an example where the Apache agent is running with the
0666. The agent runtime resources have the following permissions:
Resource Permissions Example in Linux Resource Permission Owner
Any semaphores owned by the
644permissions as well.
Consider another example where
0666. The files are created with
664permissions, which allows them to be read and written by the members of the group, as well.
Overrides the default SSL/TLS protocols for the agent, set in the Security Protocol List bootstrap property.
Specifies a space-separated list of security protocols preceded by a dash (
-) that will not be used when connecting to AM.
For example, to configure
TLSv1.1, set the environment variable to
AM_SSL_OPTIONS = -SSLv3 -TLSv1 -TLSv1.2.
The log level of garbage collector statistics for all Web Agent instances in the web server. The logs are written to the
nindicates the agent group number.
Consider an environment with two Apache HTTP Server installations:
Apache_1has two agent instances configured,
agent_2, configured to share runtime resources (AmAgentId is set to 0). Both agent instances will write to the
Apache_2has one agent instance configured,
agent_3, with AmAgentId set to 1. The instance will write to the
By default, the
system_n.logfile is stored in the
/path/to/web_agents/agent_type/logdirectory. To modify its path or its size, configure the
system_n.logfile can contain the following information:
Agent version information, written when the agent instance starts up.
Logs for the agent background processes.
WebSocket connection errors.
Cache stats and removal of old POST data preservation files.
The default value of the
Error. Increase it to
Allfor fine-grained detail.
The directory where the
system_n.logfile is stored.
The size in bytes of the
Valid range: 0 (unlimited log file size) to 4294967295 bytes (4GB)
(Unix only) The directory where agent instances store temporary pipe files.