APIRef_tm_ltm_profile_http¶
mgmt/tm/ltm/profile/http
Virtual server HTTP traffic profile configuration
REST Endpoints
- Collection URI
/mgmt/tm/ltm/profile/http
- Collection Methods
OPTIONS, GET
- Resource URI
/mgmt/tm/ltm/profile/http/~resource id
- Resource Methods
OPTIONS, GET, PUT, PATCH, DELETE, POST
- Resource Natural Key
name, partition, subPath
Properties
Name | Type | Default Value | Required | Access | Description |
---|---|---|---|---|---|
acceptXff |
string | disabled | optional | read/write | Enables or disables trusting the client IP address, and statistics from the client IP address, based on the request’s XFF (X-forwarded-for) headers, if they exist. |
appService |
string | optional | read/write | The application service to which the object belongs. | |
basicAuthRealm |
string | optional | read/write | Specifies a quoted string for the basic authentication realm. The system sends this string to a client whenever authorization fails. The default value is none. | |
defaultsFrom |
string | optional | read/write | Specifies the profile that you want to use as the parent profile. Your new profile inherits all settings and values from the parent profile specified. | |
description |
string | optional | read/write | User defined description. | |
encryptCookieSecret |
string | optional | read/write | Specifies a passphrase for the cookie encryption. | |
encryptCookies |
string | optional | read/write | Encrypts specified cookies that the BIG-IP system sends to a client system. | |
fallbackHost |
string | optional | read/write | Specifies an HTTP fallback host. HTTP redirection allows you to redirect HTTP traffic to another protocol identifier, host name, port number, or URI path. For example, if all members of the targeted pool are unavailable (that is, the members are disabled, marked as down, or have exceeded their connection limit), the system can redirect the HTTP request to the fallback host, with the HTTP reply Status Code 302 Found. | |
fallbackStatusCodes |
string | optional | read/write | Specifies one or more three-digit status codes that can be returned by an HTTP server. | |
headerErase |
string | optional | read/write | Specifies the header string that you want to erase from an HTTP request. You can also specify none. | |
headerInsert |
string | optional | read/write | Specifies a quoted header string that you want to insert into an HTTP request. You can also specify none. The HTTP header being inserted can include a client IP address. Including a client IP address in an HTTP header is useful when a connection goes through a secure network address translation (SNAT) and you need to preserve the original client IP address. When you assign the configured HTTP profile to a virtual server, the system then inserts the header specified by the profile into any HTTP request that the system sends to a pool or pool member. | |
insertXforwardedFor |
string | disabled | optional | read/write | When using connection pooling, which allows clients to make use of other client requests’ server-side connections, you can insert the X-Forwarded-For header and specify a client IP address. |
lwsSeparator |
string | optional | read/write | Specifies the linear white space separator that the system should use between HTTP headers when a header exceeds the maximum width specified by the lws width setting. | |
lwsWidth |
integer | 80 | optional | read/write | Specifies the maximum number of columns allowed for a header that is inserted into an HTTP request. |
oneconnectTransformations |
string | optional | read/write | Enables the system to perform HTTP header transformations for the purpose of keeping server-side connections open. This feature requires configuration of a OneConnect profile. | |
tmPartition |
string | Common | optional | read/write | Displays the administrative partition within which this profile resides. |
proxyType |
string | reverse | optional | read/write | Specifies the type of HTTP proxy. |
redirectRewrite |
string | none | optional | read/write | Specifies which of the application HTTP redirects the system rewrites to HTTPS. Use this feature when the application is generating HTTP redirects that send the client to HTTP (a non-secure channel) when you want the client to continue accessing the application using HTTPS (a secure channel). This is a common occurrence when using client-side SSL processing on a BIG-IP system. |
requestChunking |
string | preserve | optional | read/write | Specifies how to handle chunked and unchunked requests. |
responseChunking |
string | preserve | optional | read/write | Specifies how to handle chunked and unchunked responses. |
responseHeadersPermitted |
string | optional | read/write | Specifies headers that the BIG-IP system allows in an HTTP response. | |
serverAgentName |
string | BigIP | optional | read/write | Specifies the value of the Server header in responses that the BIG-IP itself generates. The default is “BigIP”. If no string is specified, then no Server header will be added to such responses. |
viaHostName |
string | optional | read/write | Specifies the hostname to include into Via header. | |
viaRequest |
string | preserve | optional | read/write | Specifies whether to append, remove, or preserve a Via header in an HTTP request. |
viaResponse |
string | preserve | optional | read/write | Specifies whether to append, remove, or preserve a Via header in an HTTP response. |
xffAlternativeNames |
string | optional | read/write | Specifies alternative XFF headers instead of the default X-forwarded-for header. |
Structures
Name | Type | Default Value | Required | Access | Description |
---|---|---|---|---|---|
/enforcement |
array_structure | optional | read/write | ||
/enforcement/excess-client-headers |
string | reject | optional | read/write | Specifies the behavior when too many client headers are received. If enabled, will switch to pass through mode instead of rejecting the connection. |
/enforcement/excess-server-headers |
string | reject | optional | read/write | Specifies the behavior when too many server headers are received. If enabled, will switch to pass through mode instead of rejecting the connection. |
/enforcement/known-methods |
string | CONNECT DELETE GET HEAD LOCK OPTIONS POST PROPFIND PUT TRACE UNLOCK | optional | read/write | Specifies which HTTP methods count as being known. Removing RFC-defined methods from this list will cause the HTTP filter to not recognize them. |
/enforcement/max-header-count |
integer | 64 | optional | read/write | Specifies the maximum number of headers allowed in HTTP request/response. The default is 64 headers. |
/enforcement/max-header-size |
integer | 32768 | optional | read/write | Specifies the maximum header size. |
/enforcement/max-requests |
integer | optional | read/write | Specifies the number of requests that the system accepts on a per-connection basis. The default value is 0 (zero), which means the system does not limit the number of requests per connection. | |
/enforcement/oversize-client-headers |
string | reject | optional | read/write | Specifies the behavior when too-large client headers are received. If enabled, will switch to pass through mode instead of rejecting the connection. |
/enforcement/oversize-server-headers |
string | reject | optional | read/write | Specifies the behavior when too-large server headers are received. If enabled, will switch to pass through mode instead of rejecting the connection. |
/enforcement/pipeline |
string | allow | optional | read/write | Enables HTTP/1.1 pipelining. This allows clients to make requests even when prior requests have not received a response. In order for this to succeed, however, destination servers must include support for pipelining. If set to pass-through, pipelined data will cause the BigIP to immediately switch to pass-through mode and disable the HTTP filter. |
/enforcement/truncated-redirects |
string | disabled | optional | read/write | Specifies what happens if a truncated redirect is seen from a server. If enabled, the redirect will be forwarded to the client, otherwise the malformed HTTP will be silently ignored. |
/enforcement/unknown-method |
string | allow | optional | read/write | Specifies whether to allow, reject or switch to pass-through mode when an unknown HTTP method is parsed. |
/enforcement/excess-client-headers |
string | reject | optional | read/write | Specifies the behavior when too many client headers are received. If enabled, will switch to pass through mode instead of rejecting the connection. |
/enforcement/excess-server-headers |
string | reject | optional | read/write | Specifies the behavior when too many server headers are received. If enabled, will switch to pass through mode instead of rejecting the connection. |
/enforcement/known-methods |
string | CONNECT DELETE GET HEAD LOCK OPTIONS POST PROPFIND PUT TRACE UNLOCK | optional | read/write | Specifies which HTTP methods count as being known. Removing RFC-defined methods from this list will cause the HTTP filter to not recognize them. |
/enforcement/max-header-count |
integer | 64 | optional | read/write | Specifies the maximum number of headers allowed in HTTP request/response. The default is 64 headers. |
/enforcement/max-header-size |
integer | 32768 | optional | read/write | Specifies the maximum header size. |
/enforcement/max-requests |
integer | optional | read/write | Specifies the number of requests that the system accepts on a per-connection basis. The default value is 0 (zero), which means the system does not limit the number of requests per connection. | |
/enforcement/oversize-client-headers |
string | reject | optional | read/write | Specifies the behavior when too-large client headers are received. If enabled, will switch to pass through mode instead of rejecting the connection. |
/enforcement/oversize-server-headers |
string | reject | optional | read/write | Specifies the behavior when too-large server headers are received. If enabled, will switch to pass through mode instead of rejecting the connection. |
/enforcement/pipeline |
string | allow | optional | read/write | Enables HTTP/1.1 pipelining. This allows clients to make requests even when prior requests have not received a response. In order for this to succeed, however, destination servers must include support for pipelining. If set to pass-through, pipelined data will cause the BigIP to immediately switch to pass-through mode and disable the HTTP filter. |
/enforcement/truncated-redirects |
string | disabled | optional | read/write | Specifies what happens if a truncated redirect is seen from a server. If enabled, the redirect will be forwarded to the client, otherwise the malformed HTTP will be silently ignored. |
/enforcement/unknown-method |
string | allow | optional | read/write | Specifies whether to allow, reject or switch to pass-through mode when an unknown HTTP method is parsed. |
/explicit-proxy |
array_structure | optional | read/write | ||
/explicit-proxy/bad-request-message |
string | optional | read/write | Specifies the error message that will be returned to the browser when a proxy request can’t be completed because the request was malformed. | |
/explicit-proxy/bad-response-message |
string | optional | read/write | Specifies the error message that will be returned to the browser when a proxy request can’t be completed because the response was malformed. | |
/explicit-proxy/connect-error-message |
string | optional | read/write | Specifies the error message that will be returned to the browser when a proxy request can’t be completed because of a failure to establish the outbound connection. | |
/explicit-proxy/default-connect-handling |
string | deny | optional | read/write | Specifies the behavior of the proxy service for CONNECT requests. If set to ‘deny’, CONNECT requests will only be honored if there is another virtual server listening for the requested outbound connection. If set to ‘allow’ outbound connections will be made regardless of other virtual servers. |
/explicit-proxy/dns-error-message |
string | optional | read/write | Specifies the error message that will be returned to the browser when a proxy request can’t be completed because of a failure to resolve the hostname in the request. | |
/explicit-proxy/dns-resolver |
string | optional | read/write | Specifies the dns-resolver object that will be used to resolve hostnames in proxy requests. | |
/explicit-proxy/host-names |
string | optional | read/write | Specifies the which host names are to be treated as local. Proxy requests made for those hosts will be treated as regular HTTP requests and will be sent to the configured default pool. | |
/explicit-proxy/route-domain |
string | optional | read/write | Specifies the route-domain that will be used for outbound proxy requests. | |
/explicit-proxy/tunnel-name |
string | optional | read/write | Specifies the tunnel that will be used for outbound proxy requests. This enables other virtual servers to receive connections initiated by the proxy service. | |
/explicit-proxy/bad-request-message |
string | optional | read/write | Specifies the error message that will be returned to the browser when a proxy request can’t be completed because the request was malformed. | |
/explicit-proxy/bad-response-message |
string | optional | read/write | Specifies the error message that will be returned to the browser when a proxy request can’t be completed because the response was malformed. | |
/explicit-proxy/connect-error-message |
string | optional | read/write | Specifies the error message that will be returned to the browser when a proxy request can’t be completed because of a failure to establish the outbound connection. | |
/explicit-proxy/default-connect-handling |
string | deny | optional | read/write | Specifies the behavior of the proxy service for CONNECT requests. If set to ‘deny’, CONNECT requests will only be honored if there is another virtual server listening for the requested outbound connection. If set to ‘allow’ outbound connections will be made regardless of other virtual servers. |
/explicit-proxy/dns-error-message |
string | optional | read/write | Specifies the error message that will be returned to the browser when a proxy request can’t be completed because of a failure to resolve the hostname in the request. | |
/explicit-proxy/dns-resolver |
string | optional | read/write | Specifies the dns-resolver object that will be used to resolve hostnames in proxy requests. | |
/explicit-proxy/host-names |
string | optional | read/write | Specifies the which host names are to be treated as local. Proxy requests made for those hosts will be treated as regular HTTP requests and will be sent to the configured default pool. | |
/explicit-proxy/route-domain |
string | optional | read/write | Specifies the route-domain that will be used for outbound proxy requests. | |
/explicit-proxy/tunnel-name |
string | optional | read/write | Specifies the tunnel that will be used for outbound proxy requests. This enables other virtual servers to receive connections initiated by the proxy service. | |
/hsts |
array_structure | optional | read/write | ||
/hsts/include-subdomains |
string | enabled | optional | read/write | Specifies whether to include the includeSubdomains directive in the HSTS header. The default is enabled. |
/hsts/maximum-age |
integer | 16070400 | optional | read/write | Specifies the maximum age to assume the connection should remain secure. The default is 16070400 seconds. |
/hsts/mode |
string | disabled | optional | read/write | Specifies whether to include the HSTS response header. The default is disabled |
/hsts/preload |
string | disabled | optional | read/write | Specifies whether to include the preload directive in the HSTS header. The default is disabled. |
/hsts/include-subdomains |
string | enabled | optional | read/write | Specifies whether to include the includeSubdomains directive in the HSTS header. The default is enabled. |
/hsts/maximum-age |
integer | 16070400 | optional | read/write | Specifies the maximum age to assume the connection should remain secure. The default is 16070400 seconds. |
/hsts/mode |
string | disabled | optional | read/write | Specifies whether to include the HSTS response header. The default is disabled |
/hsts/preload |
string | disabled | optional | read/write | Specifies whether to include the preload directive in the HSTS header. The default is disabled. |
/sflow |
array_structure | optional | read/write | ||
/sflow/poll-interval |
integer | 0 | optional | read/write | Specifies the maximum interval in seconds between two pollings. To enable this setting, you must also set the poll-interval-global setting to no. |
/sflow/poll-interval-global |
string | yes | optional | read/write | Specifies whether the global HTTP poll-interval setting overrides the object-level poll-interval setting. The default value is yes. |
/sflow/sampling-rate |
integer | 0 | optional | read/write | Specifies the ratio of packets observed to the samples generated. For example, a sampling rate of 2000 specifies that 1 sample will be randomly generated for every 2000 packets observed. To enable this setting, you must also set the sampling-rate-global setting to no. |
/sflow/sampling-rate-global |
string | yes | optional | read/write | Specifies whether the global HTTP sampling-rate setting overrides the object-level sampling-rate setting. The default value is yes. |
/sflow/poll-interval |
integer | 0 | optional | read/write | Specifies the maximum interval in seconds between two pollings. To enable this setting, you must also set the poll-interval-global setting to no. |
/sflow/poll-interval-global |
string | yes | optional | read/write | Specifies whether the global HTTP poll-interval setting overrides the object-level poll-interval setting. The default value is yes. |
/sflow/sampling-rate |
integer | 0 | optional | read/write | Specifies the ratio of packets observed to the samples generated. For example, a sampling rate of 2000 specifies that 1 sample will be randomly generated for every 2000 packets observed. To enable this setting, you must also set the sampling-rate-global setting to no. |
/sflow/sampling-rate-global |
string | yes | optional | read/write | Specifies whether the global HTTP sampling-rate setting overrides the object-level sampling-rate setting. The default value is yes. |
Copyright (c) 2016, F5 Networks Inc. All Rights Reserved.
The BIG-IP API Reference documentation contains community-contributed content. F5 does not monitor or control community code contributions. We make no guarantees or warranties regarding the available code, and it may contain errors, defects, bugs, inaccuracies, or security vulnerabilities. Your access to and use of any code available in the BIG-IP API reference guides is solely at your own risk.