Skip to main content
Version: 8.2411.x.x RR

UnbluFilter

The UnbluFilter allows integration of the Unblu Secure Flow Manager (SFM) with the Nevis Security Suite. The filter acts as a wrapper of the SFM distributed with nevisProxy. The SFM can be configured to inject the Unblu JavaScript to the HTML content sent to the client. It also forwards selected resources from the responses to a co-browsing server as necessary. An Unblu Co-browsing server must be configured for this to work. See as well the official Unblu documentation.

A typical configuration is to map the UnbluFilter, the application backend and the Unblu server behind an IdentityCreationFilter. The UnbluFilter and the application backend are mapped to the application URL. The Unblu server is usually mapped to /unblu.

UnbluFilter Co-Browsing Flow
Classname
 ch::nevis::isiweb4::thirdparty::cobrowsing::unblu::UnbluFilter
Library
libUnbluFilter.so.1

Configuration

UnbluCompatMode

Type: Integer
Usage Constraint: optional
Default: 5

The UnbluFilter is compatible with the different versions of the Unblu server. With this parameter, it is possible to select the feature set of the filter matching the Unblu server in use:

  • 4: Set it to 4 if the Unblu server has version 4 or lower.
  • 5: Set it to 5 if the Unblu server has version 5 or higher (includes Unblu cluster support).

UnbluConfigMode

Type: Enum
Possible values: LOCAL, REMOTE
Usage Constraint: optional
Default: LOCAL

Defines the configuration mode:

  • LOCAL: the configuration will be taken from the file configured in the UnbluConfigFile parameter
  • REMOTE: the configuration will be downloaded from the Unblu server behind the UploadServlet

UnbluRemoteConfigUrl

Type: String
Usage Constraint: optional
Default: <UnbluSystemPath>/<UnbluServerInterfacePath>

The URL where to get the configuration from. Only valid if UnbluConfigMode is set to REMOTE.

UnbluDefaultCharset

Type: String
Usage Constraint: optional
Default: iso-8859-1

Charset to be used by default. For UnbluCompatMode > 0 only.

UnbluApiKey

Type: String
Usage Constraint: optional if UnbluCompatMode >=5, ignored for all other
Default: MZsy5sFESYqU7MawXZgR_w

The api key for the Unblu server.

UnbluConfigFile

Type: Filename with absolute path
Usage Constraint: optional
Default: /var/opt/nevisproxy/<instance_name>/conf/unblu.conf

Name and path of the JSON configuration file for the Unblu filter library. A sample unblu.conf is provided, you may need to customize it for particular applications.

UploadServlet

Type: String
Usage Constraint: required

This is the name of the Http(s)ConnectorServlet used for uploading resources on the Unblu server.

UnbluPath

Type: String
Usage Constraint: optional
Default: /unblu

The path prefix for Unblu server requests. The configured path on the co-browsing server needs to be reachable by the client. In a typical setup, it should be proxied appropriately. The path specified in UnbluPath has to start with a forward slash. This setting must correspond to com.unblu.identifier.publicPathPrefixPattern on the co-browsing server.

UnbluSystemPath

Type: String
Usage Constraint: optional
Default: /sys-unblu

The path prefix for resource uploads on the Unblu server. Resources are only uploaded by the UnbluFilter from within nevisProxy. The path should not be reachable by the client, it does not need to be proxied. The path specified in UnbluSystemPath has to start with a forward slash. This setting must correspond to com.unblu.identifier.systemPath-PrefixPattern on the co-browsing server.

UnbluServerInterfacePath

Type: String
Usage Constraint: optional
Default: rest/filterBackend

The path to the interface of the Unblu server where resources are uploaded. This setting complements unbluSystemPath and the configuration of the servlet referred to by UploadServlet.

UnbluURL

Type: String
Usage Constraint: required

URL of the Unblu server as seen by the client. In a typical setup, the co-browsing server is behind a nevisProxy instance. The unbluURL should therefore point to the proxy, an appropriate mapping must be configured. The URL specified in UnbluURL has to start either with http:// or with https://. In the usual configuration, it is the URL to the root of the Unblu server: https://<unblu-server-host-name>:<port>/.

MaxUploadSize

Type: Integer
Unit: bytes
Usage Constraint: optional
Default: 512K

Maximal length in bytes of HTTP responses that are uploaded as resources on the Unblu server.

MaxInjectionSize

Type: Integer
Unit: bytes
Usage Constraint: optional
Default: 512K

Maximal length in bytes of the buffer used when injecting co-browsing code in HTML responses.

PropagateUserIdToUploadServlet

Type: String
Usage Constraint: optional

Name of the HTTP header containing user.auth.UserId to send in uploads via UploadServlet.

OriginalUrlPrefix

Type: String
Usage Constraint: optional, conditional

Configures the base URL that is sent to the UploadServlet instead of the hostname received in the Host header.

UnbluFilter example

For a sample filter configuration, check the UnbluFilter.example file in the examples directory.