Skip to main content
Version: 8.2411.x.x RR

UnbluFilter

The UnbluFilter allows integration of the Unblu Secure Flow Manager (SFM) with the Nevis Security Suite. The filter acts as a wrapper of the SFM distributed with nevisProxy. The SFM can be configured to inject the Unblu JavaScript to the HTML content sent to the client. It also forwards selected resources from the responses to a co-browsing server as necessary. An Unblu Co-browsing server must be configured for this to work. See as well the official Unblu documentation.

A typical configuration is to map the UnbluFilter, the application backend and the Unblu server behind an IdentityCreationFilter. The UnbluFilter and the application backend are mapped to the application URL. The Unblu server is usually mapped to /unblu.

UnbluFilter Co-Browsing Flow
Classname
 ch::nevis::isiweb4::thirdparty::cobrowsing::unblu::UnbluFilter
Library
libUnbluFilter.so.1

Configuration

UnbluCompatMode

  • Type: Integer
  • Usage Constraint: optional
  • Default: 5
  • The UnbluFilter is compatible with the different versions of the Unblu server. With this parameter, it is possible to select the feature set of the filter matching the Unblu server in use:
    • 4: Set it to 4 if the Unblu server has version 4 or lower.
    • 5: Set it to 5 if the Unblu server has version 5 or higher (includes Unblu cluster support).

UnbluConfigMode

  • Type: Enum
  • Possible values: LOCAL, REMOTE
  • Usage Constraint: optional
  • Default: LOCAL
  • LOCAL: the configuration will be taken from the file configured in the UnbluConfigFile parameter
  • REMOTE: the configuration will be downloaded from the Unblu server behind the UploadServlet

UnbluRemoteConfigUrl

  • Type: String
  • Usage Constraint: optional
  • Default: <UnbluSystemPath>/<UnbluServerInterfacePath>
  • The URL where to get the configuration from. Only valid if UnbluConfigMode is set to REMOTE.

UnbluDefaultCharset

  • Type: String
  • Usage Constraint: optional
  • Default: iso-8859-1
  • Charset to be used by default. For UnbluCompatMode > 0 only.

UnbluApiKey

  • Type: String
  • Usage Constraint: optional if UnbluCompatMode >=5, ignored for all other
  • Default: MZsy5sFESYqU7MawXZgR_w
  • The api key for the Unblu server.

UnbluConfigFile

  • Type: Filename with absolute path
  • Usage Constraint: optional
  • Default: /var/opt/nevisproxy/<instance_name>/conf/unblu.conf
  • Name and path of the JSON configuration file for the Unblu filter library. A sample unblu.conf is provided, you may need to customize it for particular applications.

UploadServlet

  • Type: String
  • Usage Constraint: required
  • This is the name of the Http(s)ConnectorServlet used for uploading resources on the Unblu server.

UnbluPath

  • Type: String
  • Usage Constraint: optional
  • Default: /unblu
  • The path prefix for Unblu server requests. The configured path on the co-browsing server needs to be reachable by the client. In a typical setup, it should be proxied appropriately. The path specified in UnbluPath has to start with a forward slash. This setting must correspond to com.unblu.identifier.publicPathPrefixPattern on the co-browsing server.

UnbluSystemPath

  • Type: String
  • Usage Constraint: optional
  • Default: /sys-unblu
  • The path prefix for resource uploads on the Unblu server. Resources are only uploaded by the UnbluFilter from within nevisProxy. The path should not be reachable by the client, it does not need to be proxied. The path specified in UnbluSystemPath has to start with a forward slash. This setting must correspond to com.unblu.identifier.systemPath-PrefixPattern on the co-browsing server.

UnbluServerInterfacePath

  • Type: String
  • Usage Constraint: optional
  • Default: rest/filterBackend
  • The path to the interface of the Unblu server where resources are uploaded. This setting complements unbluSystemPath and the configuration of the servlet referred to by UploadServlet.

UnbluURL

  • Type: String
  • Usage Constraint: required
  • URL of the Unblu server as seen by the client. In a typical setup, the co-browsing server is behind a nevisProxy instance. The unbluURL should therefore point to the proxy, an appropriate mapping must be configured. The URL specified in UnbluURL has to start either with http:// or with https://. In the usual configuration, it is the URL to the root of the Unblu server: https://<unblu-server-host-name>:<port>/.

MaxUploadSize

  • Type: Integer
  • Unit: bytes
  • Usage Constraint: optional
  • Default: 512K
  • Maximal length in bytes of HTTP responses that are uploaded as resources on the Unblu server.

MaxInjectionSize

  • Type: Integer
  • Unit: bytes
  • Usage Constraint: optional
  • Default: 512K
  • Maximal length in bytes of the buffer used when injecting co-browsing code in HTML responses.

PropagateUserIdToUploadServlet

  • Type: String
  • Usage Constraint: optional
  • Name of the HTTP header containing user.auth.UserId to send in uploads via UploadServlet.

OriginalUrlPrefix

  • Type: String
  • Usage Constraint: optional, conditional
  • Configures the base URL that is sent to the UploadServlet instead of the hostname received in the Host header.
UnbluFilter example

For a sample filter configuration, check the UnbluFilter.example file in the examples directory.