Disable Override Request URL Port, Host, or Protocol
Map of request host header to overrides set by Enable Override Request URL Port, Enable Override Request URL Host, and Enable Override Request URL Protocol:
-
Map key: Regular expression to be matched against the host header of the request
-
Map value: One or more overrides to disable in the format
port|host|proto
In most load balanced deployments, X-Forwarded-* headers provide the load balancer protocol, port, and host to the agent. The agent returns a URL that points to the load-balancer instead of to the agent.
To access the agent directly, bypassing the load balancer, disable overrides with this property. When you access the agent directly, authentication flows bypass the load balancer.
| Configuration with disabled overrides isn’t recommended. If you disable overrides, make sure that when bypassing the load balancer you meet the security requirements of your application deployment. Other access controls might be required to ensure that only authorized users have direct access to the application. |
The agent disables overrides when all of the following circumstances are met:
-
The request host header matches the key.
-
The load balancer uses the agent IP address instead of hostname.
-
X-Forwarded-headers are not defined on the proxy or load-balancer;X-Forwarded-override this property.
Example: When the request host header matches am.fr.*, overrides for the protocol and host are disabled:
com.sun.identity.agents.config.override.hostmap[am.fr.*]=proto|host
com.sun.identity.agents.config.override.protocol=true
com.sun.identity.agents.config.override.host=true
Default: Don’t disable overrides
Property name |
|
Function |
Load balancing |
Type |
Unused |
Bootstrap property |
No |
Required property |
No |
Restart required |
No |