Command Line Interface Reference Guide > The SLB Configuration Menu
/cfg/slb/virt <server number>/service/http
HTTP Load Balancing Menu
 
[HTTP Load Balancing Menu]
httpslb - Set content based server selection
cachepol - Set caching policy for this virtual service
http2pol - Set HTTP2 policy for this virtual service
comppol - Set compression policy for this virtual service
      botmng   - Set Bot Manager Protection policy for this virtual service
     secpath - Set SecPath Protection policy for this virtual service
      fastwa - Set FastView web application for this virtual service
secwa - Set secured web application for this virtual service
errcode - Set error code update
urlchang - Set URL adjustments for page location changes in servers
pathhide - Set URL path obfuscation
textrep - Set free text replacement for server responses
httpmod - Set HTTP content modification rule-list
connmgt - Set connection management for HTTP traffic
clntprox - Set client proximity processing type for Global SLB
urlcont - Set BW cont of an SLB string specific to this service
rcount - Set multi response count
parselen - Set buffer length for content based selection
parselmt - Enable/disable buffer limit for content based selection
      jsinject - Enable/disable JS injection to client’s browser
urinorm - Enable/disable URI normalization for HTTP modification and content matching
xforward - Enable/disable X-Forwarded-For for proxy mode
cloaksrv - Enable/disable server cloaking
redirect - Enable/disable HTTP/HTTPS redirection for Global SLB
cur - Display current HTTP configuration
 
HTTP Load Balancing Menu Options (/cfg/slb/virt/service/http) 
Command Syntax and Usage
httpslb urlslb|host|cookie|browser|urlhash|headerhash|version|others|none
 
Specifies the HTTP server Layer 7 selection method for this virtual service.
*none — No legacy Layer 7 selection. Server selection is either performed at Layer 4, or at Layer 7 using the more advanced content classes.
*urlslb — Selects a server by matching strings configured at real server level to the request URL.
*host — Selects a server by matching strings configured at real server level to the request Host header.
*cookie — Selects a server by matching strings configured at real server level to a cookie in the request. You are prompted for the following: cookie name, starting point of the cookie value, number of bytes to be extracted, enable or disable checking for cookie in URI. The length of the cookie value must be 28.
*browser — Selects a server by matching strings configured at real server level to the browser type.
*urlhash — Selects a server by performing hash on the request URL.
*others — Requires inputs for a particular header field.
*headerhash — Selects a server by performing hash on the specified header value.
*version
*cd ..
Default: none
For a description of the cookie options, see Cookie-Based Persistence.
You can combine or select applications to load balance using the and and/or or operators. For example:
httpslb <application>
httpslb application and|or <application>
cachepol
 
Displays the Caching Policy menu for setting the caching policy for this virtual service. To view this menu, see /cfg/slb/accel/caching/cachepol <policy ID (alphanumeric)> Caching Policy Menu.
http2pol
 
Sets the HTTP/2 policy to be associated with this HTTPS service. To configure an HTTP/2 policy, see /cfg/slb/accel/http2 HTTP2 Menu.
comppol
 
Displays the Compression Policy menu for setting the compression policy for this virtual service. To view this menu, see /cfg/slb/accel/compress/comppol <compression policy ID> Compression Policy Menu.
botmng
 
Associates a Bot Manager protection policy with this virtual service.
Bot Manager provides comprehensive protection of web applications, mobile apps and APIs from automated threats like bots. Bot Manager provides precise bot management across all channels by combining behavioral modeling for granular intent analysis, collective bot intelligence and fingerprinting of browsers, devices and machines. It protects against all forms of account takeover (such as credential stuffing and brute force), denial of inventory, DDoS, ad and payment fraud, and web scraping to help organizations safeguard and grow their online operations.
Enter new Bot Manager policy or none.
You use /cfg/security/botmng/ to configure a Bot Manager policy. For details, see  /cfg/security/botmng Bot Manager Menu.
secpath enable|disable
 
Specifies whether to enable or disable SecPath protection for this virtual service.
Values: enable, disable
Default: disable
fastwa
 
Associates the FastView web application with this virtual service.
FastView is a Web Performance Optimization (WPO) solution that accelerates Web sites and customer-facing Web applications by up to 40% (with the FastView configuration optimized by Radware Technical Support). It transforms front-end optimization (FEO) from a lengthy and complex process to an automated function performed in real-time, accelerating Web application response time for any browser, client, or end-user device. FastView is a simple-to-deploy solution, based on an asymmetrical architecture that does not require any integration into Web application servers or any client installation on the end-user device.
Note: A FastView license must be installed and resources allocated before Web acceleration can be enabled.
Enter new FastView web application or none.
secwa
 
Sets the Secured Web Application for this virtual service.
errcode disable|enable|clear
 
Controls server response codes. You can change the error code generated by the server, edit the error reason, or redirect to a different HTTP location. You can define multiple error codes per service if all use the same behavior.
Values:
*enable — Enables this option. You are prompted to configure the following parameters:
Match error codes — The error codes to be matched.
HTTP Redirection — Determines whether or not to redirect to a different HTTP location:
*y — Redirect. You are prompted to enter the URL to which to redirect, and the error code.
*n — Do not redirect. You are prompted to enter a new error code and the error reason.
*disable — Disables this option.
*clear — Clears the current error code configuration.
Default: disable
urlchang disable|enable|clear
 
Changes URLs in server responses. You can adjust changes made on servers, making them transparent to end-users, by matching the hostname, URL, page, and page type, and updating the URL, page, and page type.
Values:
*enable — When you enable this option, you are prompted to configure the following parameters:
Hostname match type — Enter one of the following hostname types to determine how to match the hostname you provide for the hostname to match parameter:
*sufx — Suffix
*prefx — Prefix
*eq — Equals
*incl — Includes
*any — If you enter any, the prompt skips to the path match type parameter.
Hostname to match — Enter the hostname to be matched based on the selected hostname match type.
Examples:
If you set the type to eq, if the hostname to match is set to www.company.com, then only www.company.com matches.
If you set the type to prefx, if the hostname to match is set to www.company, then www.company.com, www.company1.com, www.company1111.com, and www.companyabcgtalk.com match.
Path match type — The path you provide for the path the match parameter:
*sufx — Suffix
*prefx — Prefix
*eq — Equals
*incl — Includes
*any — If you enter any, the prompt skips to the page name to match parameter.
Path to match — The path to be matched based on the selected path match type.
Page name to match — The page name to be matched.
Page type to match — The page type to be matched.
Path action type — Enter one of the following path action types:
*insert — The following path section is inserted:
>> Enter path to insert []:
>>Insert the specified path before or after the matched
section? [b/a]:
*replace — The following path section is replaced:>>Enter new path to replace the matched section:remove — The matched path section is removed.
*none — No action is taken.
 
New page name — The new page name to be used for the path change or none.
New type name — The new page type to be used for the path change or none.
*disable — Disables this option.
*clear — Clears the current URL change configuration.
Default: disable
pathhide disable|enable|clear
 
Specifies whether to enhance security by hiding page locations. This capability hides links within the server responses to avoid exposing the internal data structure on the server. When hiding path locations, specified URLs within the server responses are removed and added back to the client requests.
Default: disable
textrep disable|enable|clear
 
Replaces or removes free text in server responses.
Disabled by default.
When you enable this option, configure the following parameters:
*replace — The matched text to be replaced and then enter the replacement text.
*remove — The matched text to be removed.
Note: Alteon performs de-chunking on the server response before text modification, but does not decompress the response unless you have added a compression policy.
httpmod
 
Sets an HTTP modification rule list. After setting an HTTP Modification rule list, you can configure it. To view this menu, see /cfg/slb/layer7/httpmod HTTP Modification Rule-List Menu.
connmgt enabled|disabled|pooling|h2
Specifies the connection management mode for HTTP/S traffic.
Connection management increases throughput and server capacity by minimizing the number of TCP connection establishments between Alteon and back-end servers. The TCP overhead is reduced by allowing multiple client connections to reuse existing server connections.
Values:
*enabled — HTTP multiplexing is performed. When a client sends an HTTP request, a server-side connection is selected from the server pool and used to service the request. When the client request is complete, the server connection is returned to the pool.
This feature can work in conjunction with SSL, caching, and compression. When used with back-end SSL (where SSL is used between Alteon and the servers), it also reduces load on servers because fewer SSL handshakes are needed to be performed by them.
In this mode Alteon operates as a proxy (force proxy mode) and Client NAT (PIP) is required.
Prompts you to set a timeout, in minutes, after which an idle server connection is closed.
Values: 0 – 32768
Default: 10
*disabled — No intelligent connection management is performed (a back-end server connection is opened for each server connection).
*pooling — In this mode TCP connection pooling is performed. When a client opens an HTTP connection, a server-side connection is selected from the server pool and used to service the client connection. When the client connection ends, the server connection is returned to the pool.
This mode is supported only in delayed bind enable mode.
Note: From Alteon version 32.6.2.0 delayed bind enable mode is supported for backward compatibility only. Virtual services that were configured with delayed bind enable, and server connections management pooling in older versions, will retain the capability after upgrade, but delayed bind enable mode is no longer available for new virtual services.
Note: TCP connection pooling is also available for basic TCP services.
*h2 — For HTTPS services that use HTTP/2, the HTTP/2 Gateway uses transparent connection management for session reuse to the back-end servers. For HTTPS services that use HTTP/1 for front-end connections, the behavior is the same as connection management set to Disabled.
Radware recommends that you use this option for services that use HTTP/2 and require client IP visibility on back-end servers.
Note: This option only works if you have configured an HTTP/2 policy.
Default: disabled
clntprox
 
Sets the client proximity processing type for GSLB.
The GSLB client proximity metric measures the response time between each data center and the client. Using GSLB with the client proximity metric, Alteon selects the optimal site for the end-client, when HTTP/S redirection must be performed because local resources are unavailable. This is based on the calculated shortest response time from site to site in GSLB mode.
When configuring client proximity, carefully analyze your network mask requirements. Increasing the client IP mask reduces computation time for client proximity, because the clients with the same IP subnet mask can reuse the client proximity that is already calculated.
Values: http, https, none
Default: none
urlcont
 
Sets the Bandwidth Management contract of an SLB string specific to this service.
rcount <1-16>
 
The maximum number of responses in which Alteon looks for the specified cookie (when the server does not insert the cookie in the first response).
Cookie-based persistence requires Alteon to search the HTTP response packet from the server and, if a persistence cookie is found, set up a persistence connection between the server and the client. Alteon looks through the first HTTP response from the server. While this approach works for most servers, some customers with complex server configurations might send the persistence cookie a few responses later. In order to achieve cookie-based persistence in such cases, Alteon lets the network administrator configure Alteon to search through multiple HTTP responses from the server.
In Alteon, the network administrator can modify a response counter to a value from 1 through 16. Alteon looks for the persistence cookie in this number of responses (each of them can be multi-frame) from the server.
Note: When a passive cookie is used, the server might not insert the cookie in the first response.
Values: 1 – 16
Default: 1
parselen <buffer length in bytes (0-18200)>
 
Specifies the length of the HTTP request, in bytes, that Alteon parses when a buffer size is set in the parselmt command.
Default: 0
parselmt enable|disable
 
Specifies whether to enable or disable a limit for the amount of content Alteon collects.
When using Layer 7 rules to parse requests, by default Alteon buffers an incoming HTTP request until a match is found. This option allows you to set a fixed buffer to prevent issues when the HTTP headers or body are very large.
Default: disable
jsinject enable|disable
 
Specifies whether to enable or disable JS injection to client’s browser.
As part of generic HTTP sideband, JS injection to a client browser may be required.
When enabled, it will automatically attach a compression policy to the service.
Values: enable, disable
Default: disable
urinorm enable|disable
 
Specifies whether to enable or disable the URI normalization for HTTP modification and content matching.
When enabled, Alteon normalizes characters in the HTTP strings that are encoded to real characters and performs URL path traversal reversals before performing rule matching for HTTP Layer 7 content switching and HTTP modifications. After matching the content, it is sent back to the real servers in its original format.
Values: enable, disable
Default: disable
xforward enable|disable
 
Specifies whether to insert an X-Forwarded-For header with the client IP address in HTTP requests. This capability is useful in preserving client IP address information when NAT is performed.
Alteon can insert the inclusion of the X-Forwarded-For header in client HTTP requests to preserve client IP address information. This feature is useful in proxy mode, where the client source IP address information is replaced with the proxy IP address. However, it may also be used for all Layer 4 load balancing in both proxy and non-proxy mode, if there is a need to include the X-Forwarded-For header. This feature is supported for Layer 4 and Layer 7.
Note: To enable X-Forwarded-For, either set delayed binding to full proxy mode and configure a proxy IP address, or enable Direct Access Mode.
cloaksrv enable|disable
 
Specifies whether to enhance server security by hiding its identity. This is achieved by modifying in HTTP responses the HTTP headers that include information about the server computer and operating system.
redirect enable|disable
 
Enables or disables HTTP and HTTPS redirection for GSLB.
Typically, client requests for HTTP applications are redirected to the location with the best response and least load for the requested content. The HTTP protocol has a built-in redirection function that allows requests to be redirected to an alternate site. However, if a client requests a non-HTTP application such as FTP, POP3, or SMTP, then the lack of a redirection functionality in these applications requires that a proxy IP address be configured on the client port. The client port initiates a redirect only if resources are unavailable at the first site.
Note: This feature should be used as the method of last resort for GSLB implementations in topologies where the remote servers are usually virtual server IP addresses in other Alteons.
Default: enable
cur
 
Displays the current HTTP configuration.