UnbluFilter
The UnbluFilter allows integration of the Unblu Secure Flow Manager (SFM) with the Nevis Security Suite. The filter acts as a wrapper of the SFM distributed with nevisProxy. The SFM can be configured to inject the Unblu JavaScript to the HTML content sent to the client. It also forwards selected resources from the responses to a co-browsing server as necessary. An Unblu Co-browsing server must be configured for this to work. See as well the official Unblu documentation.
A typical configuration is to map the UnbluFilter, the application backend and the Unblu server behind an IdentityCreationFilter. The UnbluFilter and the application backend are mapped to the application URL. The Unblu server is usually mapped to /unblu
.
ch::nevis::isiweb4::thirdparty::cobrowsing::unblu::UnbluFilter
libUnbluFilter.so.1
Configuration
UnbluCompatMode
Type: Integer
Usage Constraint: optional
Default: 5
The UnbluFilter is compatible with the different versions of the Unblu server. With this parameter, it is possible to select the feature set of the filter matching the Unblu server in use:
- 4: Set it to 4 if the Unblu server has version 4 or lower.
- 5: Set it to 5 if the Unblu server has version 5 or higher (includes Unblu cluster support).
UnbluConfigMode
Type: Enum
Possible values: LOCAL, REMOTE
Usage Constraint: optional
Default: LOCAL
Defines the configuration mode:
- LOCAL: the configuration will be taken from the file configured in the UnbluConfigFile parameter
- REMOTE: the configuration will be downloaded from the Unblu server behind the UploadServlet
UnbluRemoteConfigUrl
Type: String
Usage Constraint: optional
Default: <UnbluSystemPath>/<UnbluServerInterfacePath>
The URL where to get the configuration from. Only valid if UnbluConfigMode is set to REMOTE.
UnbluDefaultCharset
Type: String
Usage Constraint: optional
Default: iso-8859-1
Charset to be used by default. For UnbluCompatMode > 0 only.
UnbluApiKey
Type: String
Usage Constraint: optional if UnbluCompatMode >=5, ignored for all other
Default: MZsy5sFESYqU7MawXZgR_w
The api key for the Unblu server.
UnbluConfigFile
Type: Filename with absolute path
Usage Constraint: optional
Default: /var/opt/nevisproxy/<instance_name>/conf/unblu.conf
Name and path of the JSON configuration file for the Unblu filter library. A sample unblu.conf is provided, you may need to customize it for particular applications.
UploadServlet
Type: String
Usage Constraint: required
This is the name of the Http(s)ConnectorServlet used for uploading resources on the Unblu server.
UnbluPath
Type: String
Usage Constraint: optional
Default: /unblu
The path prefix for Unblu server requests. The configured path on the co-browsing server needs to be reachable by the client. In a typical setup, it should be proxied appropriately. The path specified in UnbluPath has to start with a forward slash. This setting must correspond to com.unblu.identifier.publicPathPrefixPattern
on the co-browsing server.
UnbluSystemPath
Type: String
Usage Constraint: optional
Default: /sys-unblu
The path prefix for resource uploads on the Unblu server. Resources are only uploaded by the UnbluFilter from within nevisProxy. The path should not be reachable by the client, it does not need to be proxied. The path specified in UnbluSystemPath has to start with a forward slash. This setting must correspond to com.unblu.identifier.systemPath-PrefixPattern
on the co-browsing server.
UnbluServerInterfacePath
Type: String
Usage Constraint: optional
Default: rest/filterBackend
The path to the interface of the Unblu server where resources are uploaded. This setting complements unbluSystemPath and the configuration of the servlet referred to by UploadServlet.
UnbluURL
Type: String
Usage Constraint: required
URL of the Unblu server as seen by the client. In a typical setup, the co-browsing server is behind a nevisProxy instance. The unbluURL should therefore point to the proxy, an appropriate mapping must be configured. The URL specified in UnbluURL has to start either with http://
or with https://
. In the usual configuration, it is the URL to the root of the Unblu server: https://<unblu-server-host-name>:<port>/
.
MaxUploadSize
Type: Integer
Unit: bytes
Usage Constraint: optional
Default: 512K
Maximal length in bytes of HTTP responses that are uploaded as resources on the Unblu server.
MaxInjectionSize
Type: Integer
Unit: bytes
Usage Constraint: optional
Default: 512K
Maximal length in bytes of the buffer used when injecting co-browsing code in HTML responses.
PropagateUserIdToUploadServlet
Type: String
Usage Constraint: optional
Name of the HTTP header containing user.auth.UserId to send in uploads via UploadServlet.
OriginalUrlPrefix
Type: String
Usage Constraint: optional, conditional
Configures the base URL that is sent to the UploadServlet instead of the hostname received in the Host header.
For a sample filter configuration, check the UnbluFilter.example file in the examples directory.