HTTPApplicationProfile

HTTPApplicationProfile
HTTPApplicationProfile
JSON Example
{
    "allow_dots_in_header_name": false,
    "cache_config": {
        "age_header": false,
        "aggressive": false,
        "date_header": false,
        "default_expire": 0,
        "enabled": false,
        "heuristic_expire": false,
        "ignore_request_cache_control": false,
        "max_cache_size": 0,
        "max_object_size": 0,
        "mime_types_block_group_refs": [
            "string"
        ],
        "mime_types_block_lists": [
            "string"
        ],
        "mime_types_group_refs": [
            "string"
        ],
        "mime_types_list": [
            "string"
        ],
        "min_object_size": 0,
        "query_cacheable": false,
        "uri_non_cacheable": {
            "match_case": "string",
            "match_criteria": "string",
            "match_decoded_string": false,
            "match_str": [
                "string"
            ],
            "string_group_refs": [
                "string"
            ]
        },
        "xcache_header": false
    },
    "client_body_timeout": 0,
    "client_header_timeout": 0,
    "client_max_body_size": 0,
    "client_max_header_size": 0,
    "client_max_request_size": 0,
    "close_server_side_connection_on_error": false,
    "collect_client_tls_fingerprint": false,
    "compression_profile": {
        "buf_num": 0,
        "buf_size": 0,
        "compressible_content_ref": "string",
        "compression": false,
        "filter": [
            {
                "devices_ref": "string",
                "index": 0,
                "ip_addr_prefixes": [
                    {
                        "ip_addr": {
                            "addr": "string",
                            "type": "string"
                        },
                        "mask": 0
                    }
                ],
                "ip_addr_ranges": [
                    {
                        "begin": {
                            "addr": "string",
                            "type": "string"
                        },
                        "end": {
                            "addr": "string",
                            "type": "string"
                        }
                    }
                ],
                "ip_addrs": [
                    {
                        "addr": "string",
                        "type": "string"
                    }
                ],
                "ip_addrs_ref": "string",
                "level": "string",
                "match": "string",
                "name": "string",
                "user_agent": [
                    "string"
                ]
            }
        ],
        "hash_size": 0,
        "level_aggressive": 0,
        "level_normal": 0,
        "max_low_rtt": 0,
        "min_high_rtt": 0,
        "min_length": 0,
        "mobile_str_ref": "string",
        "remove_accept_encoding_header": false,
        "type": "string",
        "window_size": 0
    },
    "connection_multiplexing_enabled": false,
    "detect_ntlm_app": false,
    "disable_keepalive_posts_msie6": false,
    "disable_sni_hostname_check": false,
    "enable_chunk_merge": false,
    "enable_fire_and_forget": false,
    "enable_request_body_buffering": false,
    "enable_request_body_metrics": false,
    "fwd_close_hdr_for_bound_connections": false,
    "hsts_enabled": false,
    "hsts_max_age": 0,
    "hsts_subdomains_enabled": false,
    "http2_profile": {
        "enable_http2_server_push": false,
        "http2_initial_window_size": 0,
        "max_http2_concurrent_pushes_per_connection": 0,
        "max_http2_concurrent_streams_per_connection": 0,
        "max_http2_control_frames_per_connection": 0,
        "max_http2_empty_data_frames_per_connection": 0,
        "max_http2_header_field_size": 0,
        "max_http2_queued_frames_to_client_per_connection": 0,
        "max_http2_requests_per_connection": 0
    },
    "http_to_https": false,
    "http_upstream_buffer_size": 0,
    "httponly_enabled": false,
    "keepalive_header": false,
    "keepalive_timeout": 0,
    "max_bad_rps_cip": 0,
    "max_bad_rps_cip_uri": 0,
    "max_bad_rps_uri": 0,
    "max_header_count": 0,
    "max_keepalive_requests": 0,
    "max_response_headers_size": 0,
    "max_rps_cip": 0,
    "max_rps_cip_uri": 0,
    "max_rps_unknown_cip": 0,
    "max_rps_unknown_uri": 0,
    "max_rps_uri": 0,
    "pass_through_x_accel_headers": false,
    "pki_profile_ref": "string",
    "post_accept_timeout": 0,
    "reset_conn_http_on_ssl_port": false,
    "respond_with_100_continue": false,
    "secure_cookie_enabled": false,
    "server_side_redirect_to_https": false,
    "session_config": {
        "session_cookie_httponly": false,
        "session_cookie_name": "string",
        "session_cookie_samesite": "string",
        "session_cookie_secure": false,
        "session_establishment_timeout": 0,
        "session_idle_timeout": 0,
        "session_maximum_timeout": 0
    },
    "ssl_client_certificate_action": {
        "close_connection": false,
        "headers": [
            {
                "request_header": "string",
                "request_header_value": "string"
            }
        ]
    },
    "ssl_client_certificate_mode": "string",
    "true_client_ip": {
        "direction": "string",
        "headers": [
            "string"
        ],
        "index_in_header": 0
    },
    "use_app_keepalive_timeout": false,
    "use_true_client_ip": false,
    "websockets_enabled": false,
    "x_forwarded_proto_enabled": false,
    "xff_alternate_name": "string",
    "xff_enabled": false,
    "xff_update": "string"
}
boolean
allow_dots_in_header_name
Optional

Allow use of dot (.) in HTTP header names, for instance Header.app.special PickAppVersionX. Allowed in Enterprise edition with any value, Essentials edition(Allowed values- false), Basic edition(Allowed values- false), Enterprise with Cloud Services edition.

cache_config
Optional

cache_config

integer As int32 As int32
client_body_timeout
Optional
Constraints: default: 30000

The maximum length of time allowed between consecutive read operations for a client request body. The value '0' specifies no timeout. This setting generally impacts the length of time allowed for a client to send a POST. Allowed values are 0-100000000. Unit is MILLISECONDS. Allowed in Enterprise edition with any value, Essentials edition(Allowed values- 30000), Basic edition with any value, Enterprise with Cloud Services edition.

integer As int32 As int32
client_header_timeout
Optional
Constraints: default: 10000

The maximum length of time allowed for a client to transmit an entire request header. This helps mitigate various forms of SlowLoris attacks. Allowed values are 10-100000000. Unit is MILLISECONDS. Allowed in Enterprise edition with any value, Essentials edition(Allowed values- 10000), Basic edition(Allowed values- 10000), Enterprise with Cloud Services edition.

integer As int64 As int64
client_max_body_size
Optional

Maximum size for the client request body. This limits the size of the client data that can be uploaded/posted as part of a single HTTP Request. Default 0 => Unlimited. Unit is KB. Allowed in Enterprise edition with any value, Essentials, Basic, Enterprise with Cloud Services edition.

integer As int32 As int32
client_max_header_size
Optional
Constraints: default: 12

Maximum size in Kbytes of a single HTTP header in the client request. Allowed values are 1-64. Unit is KB. Allowed in Enterprise edition with any value, Essentials edition(Allowed values- 12), Basic, Enterprise with Cloud Services edition.

integer As int32 As int32
client_max_request_size
Optional
Constraints: default: 48

Maximum size in Kbytes of all the client HTTP request headers.This value can be overriden by client_max_header_size if that is larger. Allowed values are 1-256. Unit is KB. Allowed in Enterprise edition with any value, Essentials, Basic, Enterprise with Cloud Services edition.

boolean
close_server_side_connection_on_error
Optional

Close server-side connection when an error response is received. Field introduced in 30.2.1. Allowed in Enterprise edition with any value, Enterprise with Cloud Services edition.

boolean
collect_client_tls_fingerprint
Optional

If enabled, the client's TLS fingerprint will be collected and included in the Application Log. For Virtual Services with Bot Detection enabled, TLS fingerprints are always computed if 'use_tls_fingerprint' is enabled in the Bot Detection Policy's User-Agent detection component. Field introduced in 22.1.1. Allowed in Enterprise edition with any value, Enterprise with Cloud Services edition.

compression_profile
Optional

compression_profile

boolean
connection_multiplexing_enabled
Optional
Constraints: default: true

Allows HTTP requests, not just TCP connections, to be load balanced across servers. Proxied TCP connections to servers may be reused by multiple clients to improve performance. Not compatible with Preserve Client IP. Allowed in Enterprise edition with any value, Essentials, Basic, Enterprise with Cloud Services edition.

boolean
detect_ntlm_app
Optional
Constraints: default: true

Detect NTLM apps based on the HTTP Response from the server. Once detected, connection multiplexing will be disabled for that connection. Field introduced in 20.1.3. Allowed in Enterprise edition with any value, Basic edition with any value, Enterprise with Cloud Services edition.

boolean
disable_keepalive_posts_msie6
Optional
Constraints: default: true

Disable keep-alive client side connections for older browsers based off MS Internet Explorer 6.0 (MSIE6). For some applications, this might break NTLM authentication for older clients based off MSIE6. For such applications, set this option to false to allow keep-alive connections. Allowed in Enterprise edition with any value, Essentials edition(Allowed values- true), Basic edition(Allowed values- true), Enterprise with Cloud Services edition.

boolean
disable_sni_hostname_check
Optional

Disable strict check between TLS servername and HTTP Host name. Field introduced in 18.2.5. Allowed in Enterprise edition with any value, Essentials, Basic, Enterprise with Cloud Services edition.

boolean
enable_chunk_merge
Optional
Constraints: default: true

Enable chunk body merge for chunked transfer encoding response. Field introduced in 18.2.7. Allowed in Enterprise edition with any value, Essentials, Basic, Enterprise with Cloud Services edition.

boolean
enable_fire_and_forget
Optional

Enable support for fire and forget feature. If enabled, request from client is forwarded to server even if client prematurely closes the connection. Field introduced in 17.2.4. Allowed in Enterprise edition with any value, Essentials edition(Allowed values- false), Basic edition(Allowed values- false), Enterprise with Cloud Services edition.

boolean
enable_request_body_buffering
Optional

Enable request body buffering for POST requests. If enabled, max buffer size is set to lower of 32M or the value (non-zero) configured in client_max_body_size. Allowed in Enterprise edition with any value, Essentials, Basic, Enterprise with Cloud Services edition.

boolean
enable_request_body_metrics
Optional

Enable HTTP request body metrics. If enabled, requests from clients are parsed and relevant statistics about them are gathered. Currently, it processes HTTP POST requests with Content-Type application/x-www-form-urlencoded or multipart/form-data, and adds the number of detected parameters to the l7_client.http_params_count. This is an experimental feature and it may have performance impact. Use it when detailed information about the number of HTTP POST parameters is needed, e.g. for WAF sizing. Field introduced in 18.1.5, 18.2.1. Allowed in Enterprise edition with any value, Essentials edition(Allowed values- false), Basic edition(Allowed values- false), Enterprise with Cloud Services edition.

boolean
fwd_close_hdr_for_bound_connections
Optional
Constraints: default: true

Forward the Connection Close header coming from backend server to the client if connection-switching is enabled, i.e. front-end and backend connections are bound together. Field introduced in 18.2.3. Allowed in Enterprise edition with any value, Essentials, Basic, Enterprise with Cloud Services edition.

boolean
hsts_enabled
Optional

Inserts HTTP Strict-Transport-Security header in the HTTPS response. HSTS can help mitigate man-in-the-middle attacks by telling browsers that support HSTS that they should only access this site via HTTPS. Allowed in Enterprise edition with any value, Essentials edition(Allowed values- false), Basic edition(Allowed values- false), Enterprise with Cloud Services edition.

integer As uint64 As uint64
hsts_max_age
Optional
Constraints: default: 365

Number of days for which the client should regard this virtual service as a known HSTS host. Allowed values are 0-10000. Allowed in Enterprise edition with any value, Essentials edition(Allowed values- 365), Basic edition(Allowed values- 365), Enterprise with Cloud Services edition.

boolean
hsts_subdomains_enabled
Optional
Constraints: default: true

Insert the 'includeSubdomains' directive in the HTTP Strict-Transport-Security header. Adding the includeSubdomains directive signals the User-Agent that the HSTS Policy applies to this HSTS Host as well as any subdomains of the host's domain name. Field introduced in 17.2.13, 18.1.4, 18.2.1. Allowed in Enterprise edition with any value, Essentials edition(Allowed values- false), Basic edition(Allowed values- false), Enterprise with Cloud Services edition. Special default for Essentials edition is false, Basic edition is false, Enterprise is True.

http2_profile
Optional

http2_profile

boolean
http_to_https
Optional

Client requests received via HTTP will be redirected to HTTPS. Allowed in Enterprise edition with any value, Essentials edition(Allowed values- false), Basic, Enterprise with Cloud Services edition.

integer As uint32 As uint32
http_upstream_buffer_size
Optional

Size of HTTP buffer in kB. Allowed values are 1-256. Special values are 0- Auto compute the size of buffer. Field introduced in 20.1.1. Unit is KB. Allowed in Enterprise edition with any value, Essentials edition(Allowed values- 0), Basic edition(Allowed values- 0), Enterprise with Cloud Services edition.

boolean
httponly_enabled
Optional

Mark HTTP cookies as HTTPonly. This helps mitigate cross site scripting attacks as browsers will not allow these cookies to be read by third parties, such as javascript. Allowed in Enterprise edition with any value, Essentials edition(Allowed values- false), Basic edition(Allowed values- false), Enterprise with Cloud Services edition.

boolean
keepalive_header
Optional

Send HTTP 'Keep-Alive' header to the client. By default, the timeout specified in the 'Keep-Alive Timeout' field will be used unless the 'Use App Keepalive Timeout' flag is set, in which case the timeout sent by the application will be honored. Allowed in Enterprise edition with any value, Essentials, Basic, Enterprise with Cloud Services edition.

integer As int32 As int32
keepalive_timeout
Optional
Constraints: default: 30000

The max idle time allowed between HTTP requests over a Keep-alive connection. Allowed values are 10-100000000. Unit is MILLISECONDS. Allowed in Enterprise edition with any value, Essentials edition(Allowed values- 30000), Basic, Enterprise with Cloud Services edition.

integer As uint32 As uint32
max_bad_rps_cip
Optional

Maximum bad requests per second per client IP. Allowed values are 10-1000. Special values are 0- unlimited. Allowed in Enterprise edition with any value, Essentials, Basic, Enterprise with Cloud Services edition.

integer As uint32 As uint32
max_bad_rps_cip_uri
Optional

Maximum bad requests per second per client IP and URI. Allowed values are 10-1000. Special values are 0- unlimited. Allowed in Enterprise edition with any value, Essentials, Basic, Enterprise with Cloud Services edition.

integer As uint32 As uint32
max_bad_rps_uri
Optional

Maximum bad requests per second per URI. Allowed values are 10-1000. Special values are 0- unlimited. Allowed in Enterprise edition with any value, Essentials, Basic, Enterprise with Cloud Services edition.

integer As int32 As int32
max_header_count
Optional
Constraints: default: 256

Maximum number of headers allowed in HTTP request and response. Allowed values are 0-4096. Special values are 0- unlimited headers in request and response. Field introduced in 22.1.1. Allowed in Enterprise edition with any value, Essentials edition(Allowed values- 0), Basic edition(Allowed values- 0), Enterprise with Cloud Services edition. Special default for Essentials edition is 0, Basic edition is 0, Enterprise is 256.

integer As int32 As int32
max_keepalive_requests
Optional
Constraints: default: 100

The max number of HTTP requests that can be sent over a Keep-Alive connection. '0' means unlimited. Allowed values are 0-1000000. Special values are 0- Unlimited requests on a connection. Field introduced in 18.2.5. Allowed in Enterprise edition with any value, Essentials edition(Allowed values- 100), Basic edition(Allowed values- 100), Enterprise with Cloud Services edition.

integer As int32 As int32
max_response_headers_size
Optional
Constraints: default: 48

Maximum size in Kbytes of all the HTTP response headers. Allowed values are 1-256. Unit is KB. Allowed in Enterprise edition with any value, Essentials edition(Allowed values- 48), Basic, Enterprise with Cloud Services edition.

integer As uint32 As uint32
max_rps_cip
Optional

Maximum requests per second per client IP. Allowed values are 10-1000. Special values are 0- unlimited. Allowed in Enterprise edition with any value, Essentials, Basic, Enterprise with Cloud Services edition.

integer As uint32 As uint32
max_rps_cip_uri
Optional

Maximum requests per second per client IP and URI. Allowed values are 10-1000. Special values are 0- unlimited. Allowed in Enterprise edition with any value, Essentials, Basic, Enterprise with Cloud Services edition.

integer As uint32 As uint32
max_rps_unknown_cip
Optional

Maximum unknown client IPs per second. Allowed values are 10-1000. Special values are 0- unlimited. Allowed in Enterprise edition with any value, Essentials, Basic, Enterprise with Cloud Services edition.

integer As uint32 As uint32
max_rps_unknown_uri
Optional

Maximum unknown URIs per second. Allowed values are 10-1000. Special values are 0- unlimited. Allowed in Enterprise edition with any value, Essentials, Basic, Enterprise with Cloud Services edition.

integer As uint32 As uint32
max_rps_uri
Optional

Maximum requests per second per URI. Allowed values are 10-1000. Special values are 0- unlimited. Allowed in Enterprise edition with any value, Essentials, Basic, Enterprise with Cloud Services edition.

boolean
pass_through_x_accel_headers
Optional

Pass through X-ACCEL headers. Field introduced in 21.1.3. Allowed in Enterprise edition with any value, Enterprise with Cloud Services edition.

string
pki_profile_ref
Optional

Select the PKI profile to be associated with the Virtual Service. This profile defines the Certificate Authority and Revocation List. It is a reference to an object of type PKIProfile. Allowed in Enterprise edition with any value, Essentials, Basic, Enterprise with Cloud Services edition.

integer As int32 As int32
post_accept_timeout
Optional
Constraints: default: 30000

The max allowed length of time between a client establishing a TCP connection and Avi receives the first byte of the client's HTTP request. Allowed values are 10-100000000. Unit is MILLISECONDS. Allowed in Enterprise edition with any value, Essentials edition(Allowed values- 30000), Basic edition(Allowed values- 30000), Enterprise with Cloud Services edition.

boolean
reset_conn_http_on_ssl_port
Optional

If enabled, an HTTP request on an SSL port will result in connection close instead of a 400 response. Field introduced in 18.2.6. Allowed in Enterprise edition with any value, Essentials edition(Allowed values- false), Basic edition(Allowed values- false), Enterprise with Cloud Services edition.

boolean
respond_with_100_continue
Optional
Constraints: default: true

Avi will respond with 100-Continue response if Expect 100-Continue header received from client. Field introduced in 17.2.8. Allowed in Enterprise edition with any value, Essentials, Basic, Enterprise with Cloud Services edition.

boolean
secure_cookie_enabled
Optional

Mark server cookies with the 'Secure' attribute. Client browsers will not send a cookie marked as secure over an unencrypted connection. If Avi is terminating SSL from clients and passing it as HTTP to the server, the server may return cookies without the secure flag set. Allowed in Enterprise edition with any value, Essentials edition(Allowed values- false), Basic edition(Allowed values- false), Enterprise with Cloud Services edition.

boolean
server_side_redirect_to_https
Optional

When terminating client SSL sessions at Avi, servers may incorrectly send redirect to clients as HTTP. This option will rewrite the server's redirect responses for this virtual service from HTTP to HTTPS. Allowed in Enterprise edition with any value, Essentials edition(Allowed values- false), Basic edition(Allowed values- false), Enterprise with Cloud Services edition.

session_config
Optional

session_config

ssl_client_certificate_action
Optional

ssl_client_certificate_action

string
ssl_client_certificate_mode
Optional
Constraints: default: SSL_CLIENT_CERTIFICATE_NONE

Specifies whether the client side verification is set to none, request or require. Enum options - SSL_CLIENT_CERTIFICATE_NONE, SSL_CLIENT_CERTIFICATE_REQUEST, SSL_CLIENT_CERTIFICATE_REQUIRE. Allowed in Enterprise edition with any value, Essentials edition(Allowed values- SSL_CLIENT_CERTIFICATE_NONE,SSL_CLIENT_CERTIFICATE_REQUIRE), Basic edition(Allowed values- SSL_CLIENT_CERTIFICATE_NONE,SSL_CLIENT_CERTIFICATE_REQUIRE), Enterprise with Cloud Services edition.

true_client_ip
Optional

true_client_ip

boolean
use_app_keepalive_timeout
Optional

Use 'Keep-Alive' header timeout sent by application instead of sending the HTTP Keep-Alive Timeout. Allowed in Enterprise edition with any value, Essentials edition(Allowed values- false), Basic edition(Allowed values- false), Enterprise with Cloud Services edition.

boolean
use_true_client_ip
Optional

Detect client IP from user specified header. Field introduced in 21.1.3. Allowed in Enterprise edition with any value, Enterprise with Cloud Services edition.

boolean
websockets_enabled
Optional
Constraints: default: true

Enable Websockets proxy for traffic from clients to the virtual service. Connections to this VS start in HTTP mode. If the client requests an Upgrade to Websockets, and the server responds back with success, then the connection is upgraded to WebSockets mode. . Allowed in Enterprise edition with any value, Essentials, Basic, Enterprise with Cloud Services edition.

boolean
x_forwarded_proto_enabled
Optional

Insert an X-Forwarded-Proto header in the request sent to the server. When the client connects via SSL, Avi terminates the SSL, and then forwards the requests to the servers via HTTP, so the servers can determine the original protocol via this header. In this example, the value will be 'https'. Allowed in Enterprise edition with any value, Essentials edition(Allowed values- false), Basic edition(Allowed values- false), Enterprise with Cloud Services edition.

string
xff_alternate_name
Optional
Constraints: default: X-Forwarded-For

Provide a custom name for the X-Forwarded-For header sent to the servers. Allowed in Enterprise edition with any value, Essentials, Basic, Enterprise with Cloud Services edition.

boolean
xff_enabled
Optional
Constraints: default: true

The client's original IP address is inserted into an HTTP request header sent to the server. Servers may use this address for logging or other purposes, rather than Avi's source NAT address used in the Avi to server IP connection. Allowed in Enterprise edition with any value, Essentials, Basic, Enterprise with Cloud Services edition.

string
xff_update
Optional
Constraints: default: REPLACE_XFF_HEADERS

Configure how incoming X-Forwarded-For headers from the client are handled. Enum options - REPLACE_XFF_HEADERS, APPEND_TO_THE_XFF_HEADER, ADD_NEW_XFF_HEADER. Field introduced in 22.1.3. Allowed in Enterprise edition with any value, Enterprise with Cloud Services edition.