You manage the agent configuration through the paa.conf and agent.properties configuration files.
The C:/Apache24/conf/paa.conf file contains these configuration options.
Parameter | Definition | Default Value |
---|---|---|
PaaCertificateDir |
String value containing the path to the certificates extracted from the .properties files. |
conf.d |
PaaEnabled |
Determines whether the agent is enabled or disabled for a specific server configuration. Valid values: on/off This value can be set globally; set for individual virtual hosts, directories, locations, or files; or both. The most specific value is used. Note:
If you disable the PaaEnabled parameter globally, ensure that the PaaEnabled directive is set to on for the PingAccess reserved application context root. This is /pa by default. For example, adding this text to an included configuration file
enables PingAccess for the
/pa/var/www/html/one
directory.
Adding this text to an included configuration file disables
PingAccess for all content in the
/var/www/html/two directory except for
files named
page2.html .
|
on |
PaaPropertyFiles |
List of .properties files that store configuration data used to connect the agent to the PingAccess engine nodes the agent will communicate with. |
conf.d/agent.properties |
PaaEnabledNoteName |
An optional parameter which defines a note name. If a request includes a note with this name and a value of on or off, this value overrides the PaaEnabled setting for that request. If you want to use this feature, you must deploy a custom module to include this note with the correct value. |
paa-enabled-note |
The configured agent.properties files can contain the following parameters.
Parameter | Definition | Default Value |
---|---|---|
agent.engine.configuration.scheme | The URI scheme used to connect to the engine node. Valid values are http and https. | https |
agent.engine.configuration.host | The PingAccess hostname. | The value in the Agent Node's PingAccess Host field. |
agent.engine.configuration.port | The port the agent connects to on the PingAccess host. This value is defined in the PingAccess run.properties file. | Defined in the PingAccess Admin UI |
agent.engine.configuration.username | The unique agent name that identifies the agent in PingAccess. | Defined in the PingAccess Admin UI |
agent.engine.configuration.shared.secret | The password used to authenticate the agent to the engine. | Defined in the PingAccess Admin UI |
agent.engine.configuration.bootstrap.truststore | The base64-encoded
public certificate used to establish HTTPS trust by the agent to the
PingAccess engine. Note:
If you are having difficulty connecting an agent to the PingAccess engine, verify that the Agent Trusted Certificate has been configured correctly in Agent Management. |
Generated by PingAccess |
agent.engine.configuration.maxConnections | The number of connections a single web server worker process maintains to the PingAccess engine defined in the agent.engine.configuration.host parameter. | 10 |
agent.engine.configuration.timeout | The maximum time (in milliseconds) a request to PingAccess can take from the agent. If this time is exceeded, the client will receive a generic 500 Server Error response. | 30000 |
agent.engine.configuration.connectTimeout | The maximum time (in milliseconds) the agent can take to connect to the PingAccess engine. If this time is exceeded, the client will receive a generic 500 Server Error response. | 30000 |
agent.cache.missInitialTimeout | The maximum time (in milliseconds) a web server worker process waits for a response to a policy cache request sent to other web server worker processes. | 5 |
agent.cache.broker.publisherPort | The network port web server processes use to publish policy cache requests to other web server worker processes. This port is bound to the localhost network only. | 3031 |
agent.cache.broker.subscriberPort | The network port web server processes use to receive policy cache requests from other web server worker processes. This port is bound to the localhost network only. | 3032 |
agent.cache.maxTokens | The maximum number of tokens stored in the policy cache for a single web server worker process. A value of 0 means there is no maximum. | 0 |
agent.cache.disabled | Determines whether caching of policy
decisions is enabled or disabled. A value of 1
disables caching, forcing the agent to communicate with the
PingAccess host any time a policy decision needs to be made.Warning:
Disabling caching has a significant impact on the scalability of the PingAccess Policy servers, as every rule evaluation is processed by the Policy Server. This option should only be used as a last resort because of the performance penalty. |
0 |
agent.engine.configuration.failover.hosts |
The hostname and port of the PingAccess server where the agent should send requests in the event of a failover from the PingAccess host. |
Defined in the PingAccess Admin UI |
agent.engine.configuration.failover.failedRetryTimeout |
Seconds before retrying a failed PingAccess server. |
60 |
agent.engine.configuration.failover.MaxRetries |
The maximum number of retries before considering a PingAccess server unavailable. |
2 |
agent.cache.type | Controls the type of policy cache
used by the agent. There are three valid values for this property:
|
AUTO |
agent.send.inventory |
Determines whether the This header contains the following fields:
For more information, see Agent inventory logging. |
|
agent.inventory |
Specifies additional values to include in the
The following syntax is used.
Note:
The specified header fields are case-sensitive. |
Not present by default. |
agent.apache.host.source.headerName |
If present, specifies a header that overrides the default
|
Not present by default. |
Add comments to the agent.properties files if necessary. Lines
beginning with the #
or !
characters are ignored
by the agent.
Changes to the agent.properties file require a restart of the web server.
See the Performance tuning guide for a discussion on improving agent performance.