The Default Settings screen enables you to set several global configuration settings to optimize the behavior of the API Gateway for your environment.
To configure the Default Settings, in the Policy Studio main menu, select Tasks -> Manage Settings -> Default Settings. Alternatively, in the Policy Studio tree, select the Settings node, and click the Default Settings tab.
After changing any settings, you must deploy to the API Gateway for the changes to be enforced. You can do this in the Policy Studio main menu by selecting Server -> Deploy. Alternatively, click the Deploy button in the toolbar, or press F6.
You can configure the following settings in the Default Settings screen:
| Setting | Description | |||
|---|---|---|---|---|
| Trace Level |
Enables you to set the trace level for the API Gateway at
runtime. Select the appropriate option from the Trace
Level drop-down list. Defaults to INFO.
|
|||
| Active Timeout |
When the API Gateway receives a large HTTP request, it reads the
request off the network when it becomes available. If the time
between reading successive blocks of data exceeds the Active
Timeout specified in milliseconds, the API Gateway closes
the connection. This guards against a host closing the connection
in the middle of sending data. For example, if the host's network
connection is pulled out of the machine while in the middle of
sending data to the API Gateway. When the API Gateway has read all
the available data off the network, it waits the Active
Timeout period before closing the connection. Defaults
to 30000 milliseconds.
|
|||
| Date Format |
Configures the format of the date for the purposes of tracing, logging, and
reporting. Defaults to MM.dd.yyyy HH:mm:ss,SSS. For more information, see
http://java.sun.com/j2se/1.4.2/docs/api/java/text/SimpleDateFormat.html
|
|||
| Cache Refresh Interval |
Configures the number of seconds that the server caches data loaded
from an external source (external database, LDAP directory, and so on)
before refreshing the data from that source. The default value is
5 seconds. If you do not wish any caching to occur,
set this value to 0.
|
|||
| Idle Timeout |
The API Gateway supports HTTP 1.1 persistent connections. The Idle
Timeout specified in milliseconds is the time that the API Gateway
waits after sending a message over a persistent connection before it closes
the connection. Typically, the host tells the API Gateway that it wants to
use a persistent connection. The API Gateway acknowledges this instruction
and decides to keep the connection open for a certain amount of time after
sending the message to the host. If the connection is not reused within the
Idle Timeout period, the API Gateway closes the connection.
Defaults to 15000 milliseconds.
|
|||
| LDAP Service Provider |
Specifies the service provider used for looking up an LDAP server
(for example, com.sun.jndi.ldap.LdapCtxFactory).
The provider is typically used to connect to LDAP directories for
certificate and attribute retrieval.
|
|||
| Maximum Memory per Request |
The maximum amount of memory allocated to each request.
|
|||
| Realm | Specifies the realm for authentication purposes. | |||
| Schema Pool Size | Sets the size of the Schema Parser pool. | |||
| Server Brand | Specifies the branding to be used in the API Gateway. | |||
| SSL Session Cache |
Specifies the number of idle SSL sessions that can be kept in memory.
You can use this setting to improve performance because the slowest part
of establishing the SSL connection is cached. A new connection does not
need to go through full authentication if it finds its target in the cache.
Defaults to 32. If there are more than 32 simultaneous SSL
sessions, this does not prevent another SSL connection from being established,
but means that no more SSL sessions are cached. A cache size of 0
means no cache, and no outbound SSL connections are cached.
|
|||
| Token Drift Time | Specifies the number of seconds drift allowed for WS-Security tokens. This is important in cases where the API Gateway is checking the date on incoming WS-Security tokens. It is likely that the machine on which the token was created is out-of-sync with the machine on which the API Gateway is running. The drift time allows for differences in the respective machine clock times. | |||
| Allowed number of operations to limit XPath transforms |
Specifies the total number of node operations permitted in XPath
transformations. Complex XPath expressions (or those constructed together
with content to produce expensive processing) might lead to a denial-of-service
risk. Defaults to 4096.
|
|||
| Input Encodings |
Click the browse button to specify the HTTP content encodings that the API Gateway
can accept from peers. The available content encodings include gzip
and deflate. For more details, see the topic
on Compressed Content Encoding.
|
|||
| Output Encodings |
Click the browse button to specify the HTTP content encodings that the API Gateway
can apply to outgoing messages. The available content encodings include gzip
and deflate. For more details, see the topic on
Compressed Content Encoding.
|
|||
| Server's SSL cert's name must match name of requested server | Ensures that the certificate presented by the server matches the name of the host address being connected to. This prevents host spoofing and man-in-the-middle attacks. This setting is enabled by default. | |||
| Send desired servername to server during TLS negotiation | Specifies whether to add a field to outbound TLS/SSL calls that shows the name that the client used to connect. For example, this can be useful if the server handles several different domains, and needs to present different certificates depending on the name that the client used to connect. |
![[Note]](../common_oracle/images/admon/note.png)
