Low-level properties

Under normal operating circumstances, there should be no need to alter the default values. However, if such a need arises, the following tables provide an overview of the default values for the carrier server and Navajo.

Name	Type, usage constraints, defaults	Description
ch.nevis.bc.net.AllowPostWithoutContentLength	Boolean, default: false	The HTTP 1.1 standard requires POST and PUT methods to have a valid Content-Length. If this attribute is configured, POST and PUT requests without a Content-Length will not cause an exception.
org.jdom.EntityExpansionLimit	integer, default: 1000	Limit the number of entity expansions of an xml-document.
bc.net.ssl.SSLCryptoDevice	string, default: not configured	This property enables the use of a cryptographic hardware accelerator board to offload some of the SSL processing overhead. See Gemalto GemEngine support for the HttpsConnectorServlet for an example use case with the Gemalto engine.
ch.nevis.session.sectoken.data.charset	string, default: ISO-8859-1	This property sets the charset you expect for the SecToken received by nevisAuth. Set the property's value to "UTF-8" if nevisAuth sends UTF-8-encoded SecTokens.

Name	Type, usage constraints, defaults	Description
org.apache.response.UseBufferdWrite	Boolean, default: false	If set to 'true', the response is buffered by Apache up to ~8kb. If set to 'false', Apache will not buffer the response.
org.apache.request.ParsedUri	Boolean, default: true	If set to true (which is the default), this parameter decodes the encoded URI of an incoming request for internal nevisProxy processing. E.g., if true, the parameter turns URI "/UIFont%20CMSStyle.swift" into "/UIFont CMSStyle.swift" (%20 stands for ' '). If set to false, the parameter does not modify anything and forwards the undecoded URI. E.g., if false, the parameter forwards the URI "/UIFont%20CMSStyle.swift" unchanged. This parameter is directly related to the parameter URLEncoding of the servlet HttpConnectorServlet ). The URLEncoding parameter encodes the outgoing URI from nevisProxy to the back-end application. We highly recommend setting both parameters to true. If your setup requires one of the parameters to be false, set the other one to false too, on all HttpConnectorServlets. The parameter URLEncoding can also be set to false centrally by adding the code line ch.nevis.isiweb4. servlet.connector.http.URLEncoding= false to the bc.properties configuration file. This file is usually located under "/var/opt/nevisProxy/ <instance name>/conf/bc.properties".
org.apache.runtime.UseApachePoolMemory	Boolean, default: false	If set to "true", this bc-property will improve the performance of nevisProxy when allocating memory. A performance increase of up to 10% is possible, depending on the filter chain: The bigger the chain, the higher the performance improvement.
org.apache.modules.ssl.disable.SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG	Boolean, default: not configured	If configured, the respective openssl option SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG will be disabled.
org.apache.hooks.TranslateName.disable	Boolean, default: not configured	If set to 'false', the apache default for the hook ap_hook_translate_name(..) will be invoked. If not configured, or set to any other value, the Apache default for the hook will not be invoked for performance reasons.
org.apache.hooks.MapToStorage.disable	Boolean, default: not configured	The same behavior like above for the MapToStorage hook.
org.apache.request.UseProxyReq	Boolean, default: false	If set to 'false', Apache adds an own HTTP "Server" header with value "Apache" for each response, no matter if the header has already been set by the back end (see also attribute SetServerHeader of the HttpConnectorServlet).

These parameters are defined (or can be overwritten) in the bc.properties configuration file. This file is usually located under /var/opt/nevisproxy/<instance name>/conf/bc.properties.

Name	Type, Usage Constraints, Defaults	Description
ch.nevis.navajo.boot.ShowErrorsOnBoot	Boolean, default: false	You may set this property if navajo doesn't start without a visible reason printed or logged.
ch.nevis.navajo.boot.PreventStartOnInvalidConfig	Boolean, default: false	This property defines the behavior of nevisProxy in case of an invalid configuration, such as an invalid web.xml file or a missing .cert file. - If you set the property to "true", nevisProxy will not start the instance at all.- If you set the property to "false", which is the default, nevisProxy will start the instance, but returns the HTTP status code "500".
ch.nevis.navajo.response.BufferBlocks	Integer, default: 512	Determines the number of blocks used for response buffering (one block is buffering 8192 bytes).
ch.nevis.navajo.request.BufferSize	Integer, default: 65536	Defines the number of bytes for request body buffering (needed for TLS renegotiation and body parsing).
ch.nevis.navajo.request.MemBufferSize	Integer, default: 102400	Maximum size of a request body that will be buffered into memory (needed if someone is calling mark(..) on the InputStream). If the request body exceeds that value, a file will be used for buffering.
ch.nevis.navajo.error-page.CheckAcceptHeader	Boolean, default: true	If this property is set to "true", nevisProxy checks the HTTP header Accept against the mime type for the configured error page.
ch.nevis.navajo.tracing.ReconfigurationPeriod	Integer, default: not configured	This property allows detecting changes in the trace configuration. It defines the period during which the changes are detected. By default, this property is not set.
ch.nevis.navajo.boot.PreloadLibraries	String, default: not configured	Configures list of shared object files that will be loaded first.
ch.nevis.navajo.loading.servlet.LibPath	String, default: not configured	Normally, all servlets and filters will be loaded from the directory WEB-INF/lib. With that property an alternative directory can be configured.
ch.nevis.navajo.admin.ListenerPeriod	Integer, default: 10	Periodicity of the admin listener, i.e. how fast a 'stop' event is propagated.
ch.nevis.navajo.request.ThrowExceptionOnInvalidHeader	Boolean, default: false	If this property is set to "true", nevisProxy returns a Bad Request (status code 400) to the client if a header is not RFC 2616 conform. If this property is set to "false", or not set at all, nevisProxy just cuts off the invalid header. In both cases, nevisProxy logs an ERROR message with one of the following error codes:* [NVRQ-0001], [NVRQ-0002], [NVRQ-0003]
ch.nevis.session.sectoken.algorithm.blacklist	String, default: MD2withRSA, MD5withRSA	Defines a blacklist of algorithms which are not accepted for sectoken signing. Existing algorithms: SHA1withRSA, SHA256withRSA, SHA384withRSA, SHA512withRSA, MD2withRSA, MD5withRSA, SHA1withDSA
bc.lang.system.MaxAllocSize	Integer default: 16777215	With this property the maximal allocatable size can be increased. The default is 16777215 bytesImportant: be aware that an attacker may try to allocate several times the defined size, which would cause a memory overflow on your server
ch.nevis.isiweb4.filter.lua.CheckMemory	Boolean, default: false	With this property the memory in the LuaFilter will be analyzed and an exception will be thrown in case of memory errors. NEVER use in production.
ch.nevis.bc.sql.mysql.MaxLoopsToGetAConnection	Integer, optional, advanced default: unlimited	With this property you can limit the number of retries to get an available MysqlConnection.
ch.nevis.navajo.TraceClIdAlwaysIfSessionIsThere	Boolean, optional, advanced default: false	Normally if nobody was interested in a session no ClId is logged. This property turns on ClId logging even if no filter/servlet needed a session at all. This also implies a session cache access.
ch.nevis.navajo.SessionCleanupWaitTimeout	Integer, optional, advanced	The maximal time (in msec) to wait for a reaper-call to wait, before shutting down an instance
ch.nevis.isiweb4.listener.SessionListener.MaxPendingWorkerJobs	Integer, optional, default: 10000	Defines the maximal number of jobs that will be queued when reaping. Once this limit is reached, the listeners will not be called for the related sessions.
ch.nevis.isiweb4.listener.SessionListener.NumWorkerThreads	Integer, optional, default: 10	Defines the number of threads which will be used to call the listeners when a session is invalidated. If set to '0' the reaping is done sequentially which may have a performance impact if many sessions expire at the same time.
ch.nevis.ErrorOn Deprecated	Boolean, optional, default: false	This property defines the behavior of nevisProxy in case a filter or servlet configuration contains a deprecated parameter.- If you set the property to "true", nevisProxy will not load the related filter or servlet and block all requests using this filter. Additionally, nevisProxy will log the error message CONF-0001. For more information on this error message, see CONF.- If you set the property to "false", which is the default, nevisProxy will only log a notice message (no error message). The related filter or servlet will be loaded and work as usual.
ch.nevis.bc.sql.mysql.ConnectTimeout	Integer, optional, default: 10	This property defines the default connection timeout in seconds for a MySQL connection. If you do not set this property, the connection may "hang" for several minutes before a timeout occurs. This is because the default built-in timeout of the MariaDB database can be up to 20 minutes, depending on the configuration of your MariaDB installation.
ch.nevis.nevisproxy.UseSecureDefaults	Boolean, optional, default: false	Some filter and servlet parameters provide both a "secure" and a "normal" default value. If you use the secure default values, you will enhance the security of your installation. This is, however, at the price of breaking the backward compatibility with "old" backends and browsers. The normal default values ensure backward compatibility, but your installation will be less secure. The use of the secure default values is recommended. The property ch.nevis.nevisproxy.UseSecureDefaults allows you to activate the recommended secure filter and servlet values as defaults. This is a global configuration option for the entire nevisProxy installation. The system will take the secure default value if:- The parameter is not explicitly configured in the filter or servlet itself.- The parameter is not configured via a Profile set in the filter or servlet "). In the reference guide, the secure defaults are explicitly mentioned in the description of the respective parameters.
ch.nevis.navajo.AllowUnknownParameters	Boolean, optional, default: false	If you set this property to "true", the system will silently accept unknown filter or servlet parameters. If the property is set to "false" or not set at all, the system will trace error NVUT-0010 in case of an unknown parameter. See Appendix B - Error Codes for more information about this error code.
ch.nevis.navajo.hsm.engine.hook	Boolean, default: false	Disables the Proxy's internal OpenSSL's at-exit cleanup when it is set to 'true'. Use this parameter when GemEngine's own OpenSSL's at-exit cleanup is causing cores.