It seems like your browser didn't download the required fonts. Please revise your security settings and try again.
Barracuda Web Application Firewall

How can I get detailed explanation for Server (Advanced Configuration) options?

  • Type: Knowledgebase
  • Date changed: one year ago

Solution #00006066


Scope:

All Barracuda Web Application Firewalls. All firmware versions

Answer:

The Server (Advanced Configuration) option is available under Basic > Services. We need to enable expert settings to see this hidden option. It is not recommended to change these values. Please contact Barracuda support for assistance. 


1: Max Connections: Enter the maximum number of request that can be sent to the Web server.(default is 10000)


Description: 

Sets the maximum number of connections established to the back-end server at any time. For an apache server, this value is defined by the MaxClients value in httpd.conf. 


WAF opens as many connections as necessary up to Max Connection to the back-end server. These connections are only opened on an as needed basis, i.e. when there is a new request from a client and there is no free connection to the back-end server, a new connection is opened.


This value should always be set lower than the back-end web-server's max clients value. Else there is a possibility that monitoring connections will not be accepted by the back-end server since the connection limit is reached at the back-end server and WAF will take the server out-of-service. Set the value of Max Connections on the WAF lower than the Max Clients value at least by 2-3 times the Max Probes value in the OOB Healthcheck container.


A value of 0 will allow unlimited connections to the back-end server.


2: Max Requests: Enter the maximum number of request that can be sent to the Web server (default is 1000)


3: Max Keep-alive Requests: Enter the maximum number of requests on a persistent connection before the connection is shut down, if the Web server does not close the connection first (default is 0).


Description: 

- Setting keep-alive requests to 0, allows the WAF to reuse the connection until it is closed by the back-end server. 

- The response from the back-end server is a HTTP/1.1 response. An HTTP/1.1 response is implicitly keep-alive and doesn't need to have the Connection header. Hence this connection is being reused until it is closed by the server or by the WAF if the keepalive-timeout expires. 

- For an apache server, this value is determined by the KeepAlive and MaxKeepAliveRequests values in httpd.conf. Its value is 1 if KeepAlive is "off"; its value is MaxKeepAliveRequests if KeepAlive is "on".


4: Max Establishing Connections: Enter the maximum number of connection that will attempt to connect to this Web server, if the Web server does not close the connection first (default is 100).


Description: 

This option sets the maximum number of simultaneous connections that can be established to the server. If the server can only handle gradual load increases, then make this value lower; if it can handle rapid load increases, this value can be higher. The value should be equal to or lower than the Max Connections value.


5: Max Spare Connections: Sets the maximum number of pre-allocated connections that can be sent to this Web server (default is 0). Set this to 0 if the server can handle not more than one connection at a time (default is 0)


6: Timeout: Enter the time in millisecond when an unused connection should time out (default is 300000). 


Description: 

This option Sets the time in milliseconds that an unused connection times out. The timeout in the server configuration only applies to connections that can be pooled. In the case of custom applications this timeout does not have any effect, the only timeout that closes the connection is the one configured on the custom application.


7: Client Impersonation: Select whether the connection to the back-end should use the originating client's IP address rather than the private interface address (default is No). In most cases, this should remain off.


Before enabling client impersonation, The back-end server's gateway "points" to Barracuda device.


Link to This Page:

https://campus.barracuda.com/solution/50160000000Ix0eAAC