Skip to main content
Version: 7.2405.x.x LTS

Appendix G - Sizing Parameters in the Nevis Proxy

This appendix page lists the most important nevisProxy parameters regarding buffer sizes, memory sizes, file sizes, HTTP message (part) sizes. These parameters can be relevant for tuning memory consumption.

Excluded

Log file sizing, lua helper methods involving buffers, crypto key sizes and parameters involving the size of other structures are not discussed here.

Parameter description structure

The description of each parameter contains the following elements:

  • Parameter ID
  • The configuration file in which the parameter can be used, or the owning filter/servlet, followed by the full parameter name
  • Description
  • Warnings
  • Related parameters
  • Reference guide link
  • Type and default value

Notations

In XML configuration files, the notation SomeElement.SomeAttribute means: The SomeAttribute attribute of the SomeElement element.

Global parameters

IDLocation and Full NameDescriptionWarningsRelated ParametersRelevant Reference Guide PageType, Default Value
S1navajo.xml, Core.memorySizeDeprecated This property is deprecated and ignored. Defines the Initial Shared Memory allocated by Navajo for servlet and filter instance data. The memory is allocated when Navajo boots, then set to read-only.Warning NVCT-0048 "OutOfMemoryError" will be thrown if the memory is used up. From that moment on, the proxy is not usable. You have to specify the maximum in advance.byte, 10 MByte
S4bc.properties, ch.nevis.navajo.request.BufferSizeDefines the number of bytes for request body bufferingbyte, 64 KByte
S6navajo.xml, Server.LimitRequestBodyApache level. Defines the maximum body size of an upload HTTP requestbyte, 512000
S7navajo.xml, Server.LimitRequestLineApache level. Defines the maximum length of the HTTP request line.byte, 5120
S9bc.properties, bc.lang.system.MaxAllocSizeProtects/limits the "Process Heap" memory. This property allows you to increase the maximal allocable size.Important: Be aware that an attacker may try to allocate several times the defined size. leading to a memory overflow on your server. This is a low-level, technical parameter, consult support before changing it.This property sets a limit for a single allocation, not for the total usage. Basically every buffer has to fit into a single allocation, so it will be limited by S9.S4 < S9 should be trueS1 < S9 makes no sense- [Low-level properties]byte, 16777215
S16navajo.xml, LimitRequestFieldsizeDefines the maximum length of one HTTP header line.S6, S7
S17navajo.xml, ThreadStackSizeConfigures the size of a thread stack.Each thread has its own stack. Each request has its own thread. So many concurrent requests will use a lot of memory. For example, 8 MByte stacksize * 1000 requests = 8 GByte, only for stacks.Not related to the BC parametersbyte, 1048576
S18navajo.xml, Connector.SSLCache.maxEntrySizeThe attribute maxEntrySize configures the maximum size of one serialized TLS/SSL session, in bytes.If client certificates are used, increase the attribute's value (to, for example, "1500").integer, 150

Filter- or servlet-level parameters

IDOwning Filter/Servlet - Full NameDescriptionWarningsRelated ParametersReference Guide LinkType, Default Value
S11InputValidationFilter.MaxBodySizeDefines the maximum size of a request body. If not configured, an unlimited length is allowed. The InputValidationFilter may block the request, depending on the setting of the filter parameter BlockOnError.S15[InputValidationFilter]byte, unlimited
S12EncryptionFilter.RewriteBufferSizeDefines the size of the internal buffer for buffering HTML tags.[EncryptionFilter]bytes, 16 KByte
S13IdentityCreationFilter.BodyReadSizeSets a limit for the Content-Length of the intercepted request, if the filter parameter StoreInterceptedRequest is enabled. If the request is too large to be stored, an error will be traced and the request will be handled as if StoreInterceptedRequest was false.[IdentityCreationFilter]byte, 5120
S21CacheFilter.MaxEntrySizeDefines the maximum size (in bytes) of a document to be placed in the cache. Documents bigger than MaxEntrySize will never be cached. For the CacheType "file", the cache directory requires MaxEntrySizeMaxEntries* of free disk space.[CacheFilter]byte, 1000000
S27ICAPFilter.RequestBufferSizeDefines the maximum size of an HTTP request body that will be buffered.[ICAPFilter]byte, 100000
S28ICAPFilter.ResponseBufferSizeDefines the maximum size of an HTTP response body that will be buffered.Every response buffer must fit into a single allocation, so S28 < S9[ICAPFilter]byte, 100000
S30ICAPFilter.BlockSizeDefines the block size for read/write operations.[ICAPFilter]byte, 4096
S31ICAPFilter.PreviewSizeDefines the ICAP "Preview Size". This parameter sets the header Preview on REQMOD and RESPMOD. If the PreviewSize is "0", no preview header will be set.[ICAPFilter]ICAP-specific size, 4096
S33IdentityCreationFilter.StoreInterceptedRequest.MaxSizeDefines the maximum size (Content-Length) of a request that may have to be stored by the filter parameter StoreInterceptedRequest. If the Content-Length is bigger than the StoreInterceptedRequest.MaxSize, then the StoreInterceptedRequest.FallbackURI will be called.Seems to be the same as S32. The intercepted request will not be stored if the body is bigger than this value.[IdentityCreationFilter]bytes, not set
S38LocalSessionStoreServlet.MemorySizeDefines the number of bytes available in the store for local session storage. The maximum value is 4294973847 bytes (ca. 4 GB).- If 90% of the memory is used, an ERROR will be traced. It is no longer possible to create a new session.- If 95% of the memory is used, an ERROR will be traced. It is no longer possible to modify a session.Does not relate to S9 (meaning that S9 > S38 must not be hold). The LocalSessionStore uses a different memory system (non-BC, called TLSF memory). This memory has a maximum size of around 4 Gigabyte.[LocalSessionStoreServlet]
S42HttpConnectorServlet.ResponseLineSizeDefines the maximum allowed line size in the HTTP header of the response. Minimum value: 512, maximum value: 524288[HttpConnectorServlet]byte, no default
S43HttpConnectorServlet.RewriteBufferSizeDefines the size of the internal buffer for buffering HTML tags. Only relevant if the response is rewritten (see AutoRewrite). Minimum value: 5120[HttpConnectorServlet]byte, no default
S44MySQLSessionStoreServlet.MaxAttributeSizeDefines the maximum expected size of a session attribute. Usually the default is enough, unless you have hundreds of roles per login, or the parameter StoreInterceptedRequest of the IdentityCreationFilter is set to "true". If the latter is the case, you should set the bc property ch.nevis.navajo.request.BufferSize (S4) to at least the same value as the parameter MaxAttributeSize of the MysqlSessionStoreServlet.S4, S45,S45 >= S44[MySQLSessionStoreServlet]byte, 256 kB
S45ATTRIBUTE table, VALUE columnDefines the data type of the VALUE column in the ATTRIBUTE table of the MySQL-based remote session store.Your database will also have limitations for a table column size. Be aware that the number of bytes given in S44 is the maximum size supported by nevisProxy, even if a BLOB is configured as the column datatype.S44, S45 >= S44`http://mariadb.com/kb/en/varbinary/VARBINARY, (60000)This is 60000 bytes