ObjectType directives determine the MIME type of the file to send to the client in response to a request. MIME attributes currently sent are type, encoding, and language. The MIME type is sent to the client as the value of the Content-Type header.
ObjectType directives also set the type parameter, which is used by Service directives to determine how to process the request according to what kind of content is being requested.
If an object contains more than one ObjectType directive, all of the directives are applied in the order they appear. If a directive sets an attribute and later directives try to set that attribute to another value , the first setting is used and the subsequent settings are ignored.
The obj.conf file has an ObjectType directive that calls the type-by-extension function. This function instructs the server to look in the MIME types file to deduce the content type from the extension of the requested resource.
The following ObjectType-class functions are described in detail in this section:
block-auth-cert instructs the proxy server not to forward the client’s SSL/TLS certificate to remote servers.
block-cache-info instructs the proxy server not to forward information about local cache hits to remote servers.
block-cipher instructs the proxy server to forward the name of the client’s SSL/TLS cipher suite to remote servers.
block-ip instructs the proxy server not to forward the client’s IP address to remote servers.
block-issuer-dn instructs the proxy server not to forward the distinguished name of the issuer of the client’s SSL/TLS certificate to remote servers.
block-keysize instructs the proxy server not to forward the size of the client’s SSL/TLS key to remote servers.
block-proxy-auth instructs the proxy server not to forward the client’s proxy authentication credentials.
block-secret-keysize instructs the proxy server not to forward the size of the client’s SSL/TLS secret key to remote servers.
block-ssl-id instructs the proxy server not to forward the client’s SSL/TLS session ID to remote servers.
block-user-dn instructs the proxy server not to forward the distinguished name of the subject of the client’s SSL/TLS certificate to remote servers.
cache-disable disables cache.
cache-enable tells the proxy that an object is cacheable, based on specific criteria.
cache-setting sets parameters used for cache control.
force-type sets the Content-Type header for the response to a specific type.
forward-auth-cert instructs the proxy server to forward the client’s SSL/TLS certificate to remote servers.
forward-cache-info instructs the proxy server to forward information about local cache hits to remote servers.
forward-cipher instructs the proxy server to forward the name of the client’s SSL/TLS cipher suite to remote servers.
forward-ip instructs the proxy server to forward the client’s IP address to remote servers.
forward-issuer-dn instructs the proxy server to forward the distinguished name of the issuer of the client’s SSL/TLS certificate to remote servers.
forward-keysize instructs the proxy server to forward the size of the client’s SSL/TLS key to remote servers.
forward-proxy-auth instructs the proxy server to forward the client’s proxy authentication credentials
forward-secret-keysize instructs the proxy server to forward the size of the client’s SSL/TLS secret key to remote servers.
forward-ssl-id instructs the proxy server to forward the client’s SSL/TLS session ID to remote servers.
forward-user-dn instructs the proxy server to forward the distinguished name of the subject of the client’s SSL/TLS certificate to remote servers.
http-client-config configures the proxy server’s HTTP client.
java-ip-check allows clients to query the proxy server for the IP address used to reroute a resource.
match-browser matches specific strings in the User-Agent string supplied by the browser, and then modifies the behavior of Sun Java System Web Proxy Server based upon the results by setting values for specified variables.
set-basic-auth sets the HTTP basic authentication credentials used by the proxy server when it sends an HTTP request.
set-default-type enables you to define a default charset, content-encoding, and content-language for the response being sent back to the client.
set-variable enables you to change server settings based upon conditional information in a request, and to manipulate variables in parameter blocks by using specific commands.
shtml-hacktype requests that .htm and .html files are parsed for server-parsed HTML commands.
ssl-client-config configures options used when the proxy server connects to a remote server using SSL/TLS.
suppress-request-headers configures the proxy server to remove outgoing headers from the request.
type-by-exp sets the Content-Type header for the response based on the requested path.
type-by-extension sets the Content-Type header for the response based on the file’s extension and the MIME types database.
Applicable in ObjectType-class directives.
The block-auth-cert function instructs the proxy server not to forward the client’s SSL/TLS certificate to remote servers.
None.
Applicable in ObjectType-class directives.
The block-cache-info function instructs the proxy server not to forward information about local cache hits to remote servers.
None.
Applicable in ObjectType-class directives.
The block-cipher function instructs the proxy server to forward the name of the client’s SSL/TLS cipher suite to remote servers.
None.
Applicable in ObjectType-class directives.
The block-ip function instructs the proxy server not to forward the client’s IP address to remote servers.
None.
Applicable in ObjectType-class directives.
The block-issuer-dn function instructs the proxy server not to forward the distinguished name of the issuer of the client’s SSL/TLS certificate to remote servers.
None.
Applicable in ObjectType-class directives.
The block-keysize function instructs the proxy server not to forward the size of the client’s SSL/TLS key to remote servers.
None.
Applicable in ObjectType-class directives.
The block-proxy-auth function instructs the proxy server not to forward the client’s proxy authentication credentials, that is, the client’s Proxy-authorization HTTP request header, to remote servers.
None.
Applicable in ObjectType-class directives.
The block-secret-keysize function instructs the proxy server not to forward the size of the client’s SSL/TLS secret key to remote servers.
None.
Applicable in ObjectType-class directives.
The block-ssl-id function instructs the proxy server not to forward the client’s SSL/TLS session ID to remote servers.
None.
Applicable in ObjectType-class directives.
The block-user-dn function instructs the proxy server not to forward the distinguished name of the subject of the client’s SSL/TLS certificate to remote servers.
None.
Applicable in ObjectType-class directives.
The cache-disable function disables cache. It replaces the cache-enable function when cache is disabled through the administration interface.
ObjectType fn=cache-disable
None.
Applicable in ObjectType-class directives.
The cache_enable function tells the proxy that an object is cacheable, based on specific criteria. As an example, if the function appears in the object <Object ppath="http://.*">, then all the HTTP documents are considered cacheable, as long as other conditions for an object to be cacheable are met.
ObjectType fn=cache-enable cache-auth=0|1 query-maxlen=number min-size=number max-size=number log-report=feature cache-local=0|1
The following table describes the parameter for the cache-enable function.
Table 5–74 cache-enable Parameters
Parameter |
Description |
---|---|
cache-enable |
Tells the proxy that an object is cacheable. As an example, if it appears in the object <Object ppath="http://.*">, then all HTTP documents are considered cacheable as long as other conditions for an object to be cacheable are met. |
cache-auth |
Specifies whether to cache items that require authentication. If set to 1, pages that require authentication can be cached also. If not specified, defaults to 0. |
query-maxlen |
Specifies the number of characters in the query string the “?string” part at the end of the URL that are still cacheable. The same queries are rarely repeated exactly in the same form by more than one user, and so caching them is often not desirable. That’s why the default is 0. |
min-size |
The minimum size, in kilobytes, of any document to be cached. The benefits of caching are greatest with the largest documents. For this reason, some people prefer to cache only larger documents. |
max-size |
The maximum size in kilobytes of any document to be cached. This setting allows users to limit the maximum size of cached documents, so no single document can take up too much space. |
log-report |
Used to control the feature that reports local cache accesses back to the origin server so that content providers get their true access logs. |
cache-local |
Used to enable local host caching, that is, URLs without fully qualified domain names, in the proxy. If set to 1, local hosts are cached. If not specified, it defaults to 0, and local hosts are not cached. |
The following example of cache-enable allows you to enable caching of objects matching the current resource. This function applies to normal, non-query, non-authenticated documents of any size. The proxy requires that the document carries either last-modified or expires headers or both, and that the content-type reported by the origin server is accurate.
ObjectType fn=cache-enable
The example below is like the first example, but it also caches documents that require user authentication, and it caches queries up to five characters long. The cache-auth=1 indicates that an up-to-date check is always required for documents that need user authentication. This function forces authentication again.
ObjectType fn=cache-enable cache-auth=1 query-maxlen=5
The example below is also like the first example, except that it limits the size of cache files to a range of 2 Kbytes to 1 Mbytes.
ObjectType fn=cache-enable min-size=2 max-size=1000
Applicable in ObjectType-class directives.
cache-setting is an ObjectType function that sets parameters used for cache control.
This function is used to explicitly cache or not cache a resource, create an object for that resource, and set the caching parameters for the object.
ObjectType fn=cache-setting max-uncheck=seconds lm-factor=factor connect-mode=always|fast-demo|never cover-errors=number
The following table describes the parameter for the cache-setting function.
Table 5–75 cache-setting Parameters
<Object ppath="http://.*"> ObjectType fn=cache-enable ObjectType fn=cache-setting max-uncheck="7200" ObjectType fn=cache-setting lm-factor="0.020" ObjectType fn=cache-setting connect-mode="fast-demo" ObjectType fn=cache-setting cover-errors="3600" Service fn=proxy-retrieve </Object> # Force check every time ObjectType fn=cache-setting max-uncheck=0 # Check every 30 minutes, or sooner if changed less than # 6 hours ago (factor 0.1; last change 1 hour ago would # give 6-minute maximum check interval). ObjectType fn=cache-setting max-uncheck=1800 lm-factor=0.1 |
Applicable in ObjectType-class directives.
The force-type function assigns a type to requests that do not already have a MIME type. This function is used to specify a default object type.
Make sure that the directive that calls this function comes last in the list of ObjectType directives, so that all other ObjectType directives have a chance to set the MIME type first. If an object contains more than one ObjectType directive all of the directives are applied in the order they appear. If a directive sets an attribute and later directives try to set that attribute to a different value, the first setting is used and the subsequent settings are ignored.
The following table describes the parameter for the force-type function.
Table 5–76 force-type parameters
Parameter |
Description |
---|---|
(Optional) Type assigned to a matching request (the Content-Type header). |
|
(Optional) Encoding assigned to a matching request (the Content-Encoding header). |
|
(Optional) Language assigned to a matching request (the Content-Language header). |
|
(Optional) Character set for the magnus-charset parameter in rq->srvhdrs. If the browser sent the Accept-Charset header or its User-Agent is MozillaTM /1.1 or newer, then append “; charset=charset” to content-type, where charset is the value of the magnus-charset parameter in rq->srvhdrs. |
|
bucket |
(Optional) Common to all obj.conf functions. |
ObjectType fn=force-type type=text/plain ObjectType fn=force-type lang=en_US |
type-by-extension, type-by-exp
Applicable in ObjectType-class directives.
The forward-auth-cert function instructs the proxy server to forward the client’s SSL/TLS certificate to remote servers.
The following table describes the parameter for the forward-auth-cert function.
Table 5–77 forward-auth-cert Parameters
Parameter |
Description |
---|---|
hdr |
(Optional) Name of the HTTP request header used to communicate the client’s DER-encoded SSL/TLS certificate in Base64 encoding. The default is Proxy-auth-cert. |
Applicable in ObjectType-class directives.
The forward-cache-info function instructs the proxy server to forward information about local cache hits to remote servers.
The following table describes the parameter for the forward-cache-info function.
Table 5–78 forward-cache-info Parameters
Parameter |
Description |
---|---|
hdr |
(Optional) Name of the HTTP request header used to communicate information about local cache hits. The default is Cache-info. |
Applicable in ObjectType-class directives.
The forward-cipher function instructs the proxy server to forward the name of the client’s SSL/TLS cipher suite to remote servers.
The following table describes the parameter for the forward-cipher function.
Table 5–79 forward-cipher Parameters
Parameter |
Description |
---|---|
hdr |
(Optional) Name of the HTTP request header used to communicate the name of the client’s SSL/TLS cipher suite. The default is Proxy-cipher. |
Applicable in ObjectType-class directives.
The forward-ip function instructs the proxy server to forward the client’s IP address to remote servers.
The following table describes the parameter for the forward-ip function.
Table 5–80 forward-ip Parameters
Parameter |
Description |
---|---|
hdr |
(Optional) Name of the HTTP request header used to communicate the client’s IP address. The default is Client-ip. |
Applicable in ObjectType-class directives.
The forward-issuer-dn function instructs the proxy server to forward the distinguished name of the issuer of the client’s SSL/TLS certificate to remote servers.
The following table describes the parameter for the forward-issuer-dn function.
Table 5–81 forward-issuer-dn
Parameter |
Description |
---|---|
hdr |
(Optional) Name of the HTTP request header used to communicate the distinguished name of the issuer of the client’s SSL/TLS certificate. The default is Proxy-issuer-dn. |
Applicable in ObjectType-class directives.
The forward-keysize function instructs the proxy server to forward the size of the client’s SSL/TLS key to remote servers.
The following table describes the parameter for the forward-keysize function.
Table 5–82 forward-keysize
Parameter |
Description |
---|---|
hdr |
(Optional) Name of the HTTP request header used to communicate the size of the client’s SSL/TLS key. The default is Proxy-keysize. |
Applicable in ObjectType-class directives.
The forward-proxy-auth instructs the proxy server to forward the client’s proxy authentication credentials, that is, the client’s Proxy-authorization HTTP request header, to remote servers.
None.
Applicable in ObjectType-class directives.
The forward-secret-keysize function instructs the proxy server to forward the size of the client’s SSL/TLS secret key to remote servers.
The following table describes the parameter for the forward-secret-keysize function.
Table 5–83 forward-secret-keysize Parameters
Parameter |
Description |
---|---|
hdr |
(Optional) Name of the HTTP request header used to communicate the size of the client’s SSL/TLS secret key. The default is Proxy-secret-keysize. |
Applicable in ObjectType-class directives.
The forward-ssl-id function instructs the proxy server to forward the client’s SSL/TLS session ID to remote servers.
The following table describes the parameter for the forward-ssl-id function.
Table 5–84 forward-ssl-id Parameters
Parameter |
Description |
---|---|
hdr |
(Optional) Name of the HTTP request header used to communicate the client’s SSL/TLS session ID. The default is Proxy-ssl-id. |
Applicable in ObjectType-class directives.
The forward-user-dn function instructs the proxy server to forward the distinguished name of the subject of the client’s SSL/TLS certificate to remote servers.
The following table describes the parameter for the forward-user-dn function.
Table 5–85 forward-user-dn Parameters
Parameter |
Descrioption |
---|---|
hdr |
(Optional) Name of the HTTP request header used to communicate the distinguished name of the subject of the client’s SSL/TLS certificate. The default is Proxy-user-dn. |
Applicable in ObjectType-class directives.
The http-client-config function configures the proxy server’s HTTP client.
The following table describes the parameter for the http-client-config function.
Table 5–86 http-client-config Parameters
Parameter |
Description |
---|---|
keep-alive |
(Optional) Boolean that indicates whether the HTTP client should attempt to use persistent connections. The default is true. |
keep-alive-timeout |
(Optional) The maximum number of seconds to keep a persistent connection open. The default is 29. |
always-use-keep-alive |
(Optional) Boolean that indicates whether the HTTP client can reuse existing persistent connections for all types of requests. The default is false, meaning persistent connections will not be reused for non-GET requests nor for requests with a body. |
protocol |
(Optional) HTTP protocol version string. By default, the HTTP client uses either "HTTP/1.0" or "HTTP/1.1" based on the contents of the HTTP request. Do not use the protocol parameter unless you encounter specific protocol interoperability problems. |
proxy-agent |
(Optional) Value of the Proxy-agent HTTP request header. The default is a string that contains the proxy server product name and version. |
Applicable in ObjectType-class directives.
The java-ip-check function enables clients to query the proxy server for the IP address used to reroute a resource. Because DNS spoofing often occurs with Java applets, this feature enables clients to see the true IP address of the origin server. When this feature is enabled, the proxy server attaches a header containing the IP address that was used for connecting to the destination origin server.
Syntax
ObjectType fn=java-ip-check status=on|off
Parameters
The following table describes the parameter for the java-ip-check function.
Table 5–87 java-ip-check Parameters
See match-browser.
Applicable in ObjectType-class directives.
The set-basic-auth function sets the HTTP basic authentication credentials used by the proxy server when it sends an HTTP request. set-basic-auth can be used to authenticate to a remote origin server or proxy server.
The following table describes the parameter for the set-basic-auth function.
Table 5–88 set-basic-auth Parameters
Parameter |
Description |
---|---|
user |
To authenticate user |
password |
The user’s password |
hdr |
(Optional) Name of the HTTP request header used to communicate the credentials |
Applicable in ObjectType-class directives.
The set-default-type function enables you to define a default charset, content-encoding, and content-language for the response being sent back to the client.
If the charset, content-encoding, and content-language have not been set for a response, then just before the headers are sent the defaults defined by set-default-type are used. By placing this function in different objects in obj.conf, you can define different defaults for different parts of the document tree.
The following table describes the parameter for the set-default-type function.
Table 5–89 set-default-type Parameters
Parameter |
Description |
---|---|
(Optional) Encoding assigned to a matching request (the Content-Encoding header). |
|
(Optional) Language assigned to a matching request (the Content-Language header). |
|
(Optional) Character set for the magnus-charset parameter in rq->srvhdrs. If the browser sent the Accept-Charset header or its User-agent is Mozilla/1.1 or newer, then append “; charset=charset” to content-type, where charset is the value of the magnus-charset parameter in rq->srvhdrs. |
|
bucket |
(Optional) Common to all obj.conf functions. |
ObjectType fn="set-default-type" charset="iso_8859-1" |
See set-variable.
Applicable in ObjectType-class directives.
The shtml-hacktype function changes the Content-Type of any .htm or .html file to magnus-internal/parsed-html and returns REQ_PROCEED. This function provides backward compatibility with server-side includes for files with .htm or .html extensions. The function can also check the execute bit for the file on UNIX systems. The use of this function is not recommended.
The following table describes the parameter for the shtml-hacktype function.
Table 5–90 shtml-hacktype Parameters
Parameter |
Description |
---|---|
(UNIX only, optional) Indicates that the function should change the content-type only if the execute bit is enabled. The value of the parameter is not important; it need only be provided. You may use exec-hack=true. |
|
bucket |
(Optional) Common to all obj.conf functions. |
ObjectType fn=shtml-hacktype exec-hack=true |
Applicable in ObjectType-class directives.
The ssl-client-config function configures options used when the proxy server connects to a remote server using SSL/TLS.
The following table describes the parameter for the ssl-client-config function.
Table 5–91 ssl-client-config Parameters
Parameter |
Description |
---|---|
client-cert-nickname |
(Optional) Nickname of the client certificate to present to the remote server. The default is not to present a client certificate. |
validate-server-cert |
(Optional) Boolean that indicates whether the proxy server validates the certificate presented by the remote server. The default is false, meaning the proxy server will accept any certificate. |
Applicable in ObjectType-class directives.
The type-by-exp function matches the current path with a wildcard expression. If the two match, the type parameter information is applied to the file. This function is the same as type-by-extension except that you use wildcard patterns for the files or directories specified in the URLs.
The following table describes the parameter for the type-by-exp function.
Table 5–92 type-by-exp Parameters
Parameter |
Description |
---|---|
Wildcard pattern of paths for which this function is applied. |
|
(Optional) Type assigned to a matching request (the Content-Type header). |
|
(Optional) Encoding assigned to a matching request (the Content-Encoding header). |
|
(Optional) Language assigned to a matching request (the Content-Language header). |
|
(Optional) The character set for the magnus-charset parameter in rq->srvhdrs. If the browser sent the Accept-Charset header or its User-Agent is Mozilla/1.1 or newer, then append “; charset=charset” to content-type, where charset is the value of the magnus-charset parameter in rq->srvhdrs. |
|
bucket |
(Optional) Common to all obj.conf functions. |
ObjectType fn=type-by-exp exp=*.test type=application/html |
Applicable in ObjectType-class directives.
The type-by-extension function instructs the server to look in a table of MIME type mappings to find the MIME type of the requested resource according to the extension of the requested resource. The MIME type is added to the Content-Type header sent back to the client.
The table of MIME type mappings is created by a MIME element in the server.xml file, which loads a MIME types file or list and creates the mappings. For more information about server.xml , see Chapter 2, Server Configuration Elements in the server.xml file.
For example, the following two lines are part of a MIME types file:
type=text/html exts=htm,htmltype=text/plain exts=txt |
If the extension of the requested resource is htm or html, the type-by-extension file sets the type to text/html. If the extension is .txt, the function sets the type to text/plain.
The following table describes the parameter for the type-by-extension function.
Table 5–93 type-by-extension Parameters
Parameter |
Description |
---|---|
bucket |
(Optional) Common to all obj.conf functions. |
ObjectType fn=type-by-extension |