Skip to content
CA API Gateway - 9.3
Documentation powered by DocOps

Listen Port Properties

Last update March 28, 2019

When you create or view details about a CA API Gateway listen port, the Listen Port Properties appear. The port properties are organized across these tabs:

  • Basic Settings
  • SSL/TLS Settings
  • Pool Settings
  • FTP Settings
  • Other Settings
  • Advanced

Note: A listen port automatically restarts when its properties are edited.

Contents:

Defining FTP Ports

The following are some important details about FTP(S) support in the CA API Gateway:

  • Common FTP clients such as: FileZilla, FireFTP, and WinSCP are supported.
  • FTP support is available only in the SOA Gateway. FTP endpoints are not supported in the XML Data Screen, XML Firewall, or XML Accelerator products.
  • Only passive FTP is supported
  • The FTP(S) server uses the specified private key for its SSL listener (client certificates not supported); files may only be transferred in binary mode (ASCII/EBCDIC not supported).

  • For upload-only FTP requests, the Content-Type is assumed to be “text/xml”, while the SOAPAction header is assumed to be empty. For extended mode, the content type is "application/octet-stream."

To access the properties for a listen port:

  1. Run the Manage Listen Ports task.
  2. Select a port and then click [Properties]. You can also click [Create] to enter the properties for a new port. The Listen Port Properties appear.
  3. Configure each tab within the properties as necessary. Refer to the appropriate section below for a complete description of each tab.
  4. Click [OK] when done.

Configuring the [Basic Settings] Tab

The [Basic Settings] tab configures basic information relevant to all listen ports, regardless of type.

Setting

Description

Name

Describe the purpose of the listen port. This "friendly" description is displayed on the Manage Listen Ports dialog.

Enabled

Select this check box to listen for traffic on the specified port. If the listener is disabled for a port, the CA API Gateway will behave as if no listener had been configured for the port.

Example: If you disable the listener on port 8080, the system will behave as if there was no listener configured for port 8080. Attempts to connect to that port will result in a "connection refused" error.

Protocol

From the drop-down list, select the protocol to be used: HTTP, HTTPS, FTP, FTPS, or SSH2. If custom transport protocols have been added, they are listed here. There is one predefined custom transport protocol l7.raw.tcp.

Port

Enter the TCP port number. For FTP and FTPS, this will be the port number used to open the control connection. The passive data connections will use ports allocated from the FTP passive range configured on the [FTP Settings] tab.

Note: If the listen port is using the SSH2 protocol, avoid using port 22, as it may conflict with the default SSH port 22 on Linux or Unix systems.

Interface

From the drop-down list, select an interface or IP address to monitor. The list displays all available IP addresses on the CA API Gateway and interfaces configured using the [Manage] button.

To listen on all available addresses, select All.

Tip: Understanding the message: "Possible Input Error. With a cluster, using an interface identified by a raw IP address can have unexpected effects." This error warns you that you have defined an interface tag based on an entire IP address (as opposed to a pattern). This could be problematic because in a cluster, listen ports bound to this interface tag will only be able to open the cluster node that owns this IP address. There may also be other ramifications. Exception: You may ignore this message if you are intentionally creating an interface tag to bind a listen port to a loop-back address (for example, "127.0.0.1") and you expect each cluster node to accept connections to this listen port only from its own local processes.

Manage

Click [Manage] to add or remove interfaces from the list. For more information, see Managing Interfaces.

Enabled Features: This section determines which CA API Gateway services can be accessed through this listen port.

Published service message input


Allows requests to be made to the following built-in services. Use  and  to expand and collapse the list of built-in services.

Select the Built-in services check box to enable all applicable services. Clear the check box to disable all the built-in services.

Note: A cleared check box may also indicate one or more services has been disabled.

You can also enable or disable specific services:

  • Policy download service: Used by the CA API Gateway - XML VPN Client
  • Ping service: Used to test CA API Gateway availability. For more information, see Ping URI Test.
  • WS-Trust security token service: Used by the CA API Gateway - XML VPN Client for getting SAML assertions and establishing WS-SecureConversation sessions
  • Certificate signing (CA) service: Used by the CA API Gateway - XML VPN Client (only available when the 'Protocol' for the port is set to HTTPS).
  • Password changing service: Used by the CA API Gateway - XML VPN Client (only available when the 'Protocol' for the port is set to HTTPS).
  • WSDL download service: Used by the CA API Gateway - XML VPN Client and end user programs.
  • SNMP query service: HTTP-based SNMP query service that uses localhost as host.

    Note: This option can be suppressed by changing the builtinService.snmpQuery.enabled cluster property

Policy Manager access

Allows the desktop client version of the Policy Manager to access the CA API Gateway.

Browser-based administration

Allows the browser client version of the Policy Manager to access the CA API Gateway. This option is available only when [Policy Manager access] is enabled.

Enabling browser-based administration also enables the following features:

  • ability to back up the CA API Gateway (for more information, see Back Up Gateways.
  • ability to ping the CA API Gateway(for more information, see Ping URI Test.

Enterprise Manager access

Allows the Enterprise Service Manager to access the CA API Gateway.

The associated port number must be set in the admin.esmPort cluster property so that the Enterprise Service Manager can communicate with the CA API Gateway cluster. For more information, see "Time Units" in Gateway Cluster Properties.

Note: The Enterprise Manager access check box is available only when the listener uses HTTPS (“Protocol” field in the [Basic Settings] tab) and permits client authentication (The “Client Authentication” field in the [SSL/TLS Settings] tab is set to either “Optional” or “Required”).

Inter-Node Communication

Allows communication between nodes and is required for certain administrative functionality, such as viewing logs. If disabled, logs for other nodes in the cluster cannot be viewed.

Node Control

Allows each CA API Gateway node in a cluster to be individually stopped/started. If disabled, the CA API Gateway status cannot be retrieved. Node control must be enabled for correct operation of a CA API Gateway appliance.

Note: The Node Control feature is available only when listening on "(All)" or a loopback/localhost address (for example, "127.0.0.1" or "::1").

Security Zone

Optionally choose a security zone. To remove this entity from a security zone (security role permitting), choose "No security zone".

For more information about security zones, see Understanding Security Zones.

Note: This control is hidden if either: (a) no security zones have been defined, or (b) you do not have Read access to any security zone (regardless of whether you have Read access to entities inside the zones).

Configuring the [SSL/TLS Settings] Tab

If the listener protocol is HTTPS or FTPS, complete the settings in the [SSL/TLS Settings] tab.

Setting

Description

Server Private Key

From the drop-down list, select the server private key to be used for the listen port. An SSL listener can use any private key in the system, from any keystore. If you do not see the appropriate private key, click [Manage Private Keys] to add it. For more information, see Manage Private Keys.

Note: If the Server Private Key is set to anything other than the default SSL key, then the [Policy Manager access] and [Browser-based administration] options are disabled on the [Basic Settings] tab.


Specify whether the client must present a certificate to authenticate:

  • None: The client never needs to present a certificate. This setting will not permit login via client certificate when connecting to the CA API Gateway using the desktop client. However this setting will result in fewer security prompts when connecting to the CA API Gateway using the browser client version of the Policy Manager.
  • Optional: The client can optionally present a certificate. This setting permits login via client certificate when connecting to the CA API Gateway.
  • Required: The client must always present a certificate to authenticate. With this setting, the [Policy Manager access] and [Browser-based administration] options are disabled on the [Basic Settings] tab.

The CA API Gateway will accept any client certificate during the SSL handshake, provided that the client holds the corresponding private key.

Enabled TLS Versions

Select the check box next to the TLS versions to be enabled for the listen port.

Enabled Cipher Suites

Select the cipher suites that will be enabled on the SSL listen port. During the SSL handshake, both sides negotiate a cipher suite based on what is available on each side and the preference order.

If you disable a cipher suite on a listener, the CA API Gateway will never allow it to be selected for use during an SSL handshake using that listener. If the client and server have no other cipher suites in common, the SSL handshake will fail.

You can use the [Move Up] and [Move Down] buttons to change a cipher suite's preference by the CA API Gateway if the client and server have more than one cipher suite in common. Cipher suites closer to the top of the list are preferred over those closer to the bottom.

The list of ciphers presented may vary, depending on the security configuration of the CA API Gateway. For a list of all the supported cipher suites, see Selecting Cipher Suites.

Use Default List

Click this button to restore the cipher list to the system default preference order and enable state.

Configuring the [Pool Settings] Tab

The [Pool Settings] tab allows configuration of the thread pool used by the listener, and is enabled only for these protocols: HTTP, HTTPS, or a custom transport protocol. By default, all new listeners use a shared thread pool. You may configure a listener to use a private thread pool if necessary. Private thread pools allow you to separate CA API Gateway resources and dedicate them to a particular listener. Message processing traffic should use the shared pool, but you could use private pools if you wanted to dedicate resources to particular listeners (perhaps for different users of your services) or for listen ports with high message traffic.

Restrictions caused by using private thread pools include:

  • Private threads cannot be used by other listeners, so this is a less flexible approach.
  • The CA API Gateway cannot support an unlimited number of threads, so using private pools will require other configuration changes to support this (for example, reduce the shared thread pool size, increase the number of available DB connections, reduce the maximum message size, etc.).

Tip: A private thread pool does not take threads away from the shared thread pool. For example, consider this configuration:

  • Cluster of three Gateways
  • Each node has io.httpMaxConcurrency = 1500 and a listen port with private thread pool for Service ABC= 300

In this scenario, Service ABC allows up to 900 private threads (300 x 3), while the rest of the services on the Gateway share the 4500 threads (1500 x 3) in the shared thread pool.

The default node configuration and control listen port 2124 ("Node Control") for the CA API Gateway uses a private thread pool for maximum performance.

Setting

Description

Use private thread pool

Enable the listener to use a private thread pool.

Thread pool size

Specify how many threads to allocate to this private pool. The minimum is 1 and the maximum is 10,000 (not recommended).

WARNING: If you intend to use a large value for thread pool size, contact CA Support for additional CA API Gateway configuration changes that may be required.

Configuring the [FTP Settings] Tab

If the listener protocol is FTP or FTPS, complete the settings in the [FTP Settings] tab.

Setting

Description

First Passive Port

Specify the first port in the range to use for passive data connections.

Number of Passive Ports

Specify the number of ports in the range to use for passive connections.

FTP Command Handling

Choose an FTP command handling mode to use. For a detailed description of each mode, see "Understand the FTP Command Handling Modes" below.

Tip: The default mode is "Process STOR/STOU commands only...", which replicates FTP command handling capability prior to version 8.2.0.

Understanding the FTP Command Handling Modes

Process STOR/STOU commands only, resolve service by working directory if no service associated

Choose this option if your needs are limited to upload-only FTP command set and handling. This option is best suited to non-interactive upload scenarios. In this mode:

  • When a STOR or STOU command is sent, the file will be transferred from the client by the CA API Gateway and is used to create a Request message to a published service.
  • PORT, PASS, TYPE, and most other standard connection-related commands will behave as expected.
  • Directory navigation commands (such as CWD, CDUP) will always succeed. The CA API Gateway does not confirm the existence of the directory. The client will assume all requested directories exist and that they are empty.
  • Other commands may produce unexpected or erroneous results. Because of this, it is recommended that you choose the "Support extended FTP command set..." option if you need to route more than STOR/STOU commands.

Support extended FTP command set, resolve requests to the associated service

Choose this option to use the extended FTP command set. This option is intended for use with the Route via FTP(S) Assertion in a FTP proxy scenario. Ensure that a published service is associated with the listen port (defined in the [Advanced] tab).

In this mode, all commands that can be proxied are processed as requests to the specified service.

Command

Description

APPE

Append a file

CDUP

Change working directory to parent

CWD

Change working directory

DELE

Delete the specified file

LIST

List the specified file or contents of the specified directory

MDTM

Return the last modified time of a specified file over the control connection

MKD Make directory

MLSD

List the details of the files in the specified directory in a standardized format

MLST

Returns info on the specified file over the control connection

NLST

List the names of files in the specified directory

NOOP

No operation

PWD

Return the working directory over the control connection

RETR

Retrieve (i.e., download/get) the specified file

RMD

Remove directory

SIZE

Returns the size of the file in bytes over the control connection

STOR

Store (i.e., upload/put) the specified file in the remote working directory

STOU

Store (i.e., upload/put) the specified file uniquely in the remote working directory

Note: Support for STOU (Store Unique)routing is not selectable from within the Route via FTP(S) Assertion and will be routed as a STOR command if encountered (for example, in a context variable). A NOOP (No operation) command will be routed if specified in a context variable (for example, the variable set by the listen port), but it is not selectable from within the Route via FTP(S) Assertion.

The following commands are accepted by the FTP listen port, but will not be processed as messages by the associated policy:

Command Description RFC Notes
ABOR Abort an active file transfer 959
AUTH Establish authentication/security mechanism 2228
EPRT Specifies extended address & port for connection 2428
EPSV Enter extended passive mode 2428
FEAT List the supported extended features 2389 Content of lists depends on "FTP command handling" mode of listen port
HELP Help 959
LANG Language negotiation 2640 Only English currently supported.
MODE Specify transfer mode 959 'Streaming' and 'Compressed' only
OPTS Select options for a feature 2228 As 'UTF8' is the listen port server default, the setting 'OPTS UTF8' has no effect.
"OPTS MLSD" commands will not affect the format of MLSD results because they are dependent on the settings of the remote FTP server.
PASS Specify user password 959 User name and password are not authenticated by the listen port server, but are part of the request made to the associated service, so they may be authenticated there.
PASV Enter passive mode 959
PBSZ Protection buffer size 2228 Supports PBSZ 0 only.
PORT Specify address and port to connect to 959
PROT Set Data Channel Protection Level 2228 Supports 'Clear' and 'Private'.
QUIT Disconnect 959
REIN Reinitialize user connection 959
STAT Returns the current status 959 Listen port server only; does not reflect the status of the remote FTP server
STRU Set file transfer structure 959 File structure only
SYST Return system type 959
Corresponds to " os.name" Java system property of the CA API Gateway.
TYPE Set the transfer mode 959 Will accept Binary and ASCII options, but routed transfer commands will fail if not set to Binary.
USER Authentication username 959 User name and password are not authenticated by the listen port server, but are part of the request made to the associated service, so they may be authenticated there.

Unsupported FTP Commands

The following commands are currently not supported:

Command Description RFC
ACCT Account information 959
ALLO Allocate disk space 959
CCC Clear command channel 2228
ADAT Authentication/Security mechanism 2228
CONF Confidentiality protection command 2228
ENC Privacy protected command 2228
MIC Integrity protected command 2228
LPRT Specify long address & port 1639
LPSV Enter long passive mode 1639
REST Restart file transfer 3659
RNFR Rename from 959
RNTO Rename to 959
SITE Issue site-specific commands 959
SMNT Mount file structure 959
X*** All RFC 775 commands 775

Example: How to Configure an Extended FTP Command Support Proxy

The following example shows how to use the extended FTP commands along with the listen ports and Route via FTP(S) Assertion. This configuration is compatible with FileZilla, FireFTP, WinFTP and WinSCP clients.

Precondition:

  • A configured remote FTP server
  • A service policy that includes the Route via FTP(S) Assertion configured to route to the remote FTP server with the relevant host, security and port settings.

To configure an extended FTP command support proxy:

  1. Complete the [Basic Settings] tab of the Listen Port Properties.
  2. Complete the [FTP Settings] tab of the Listen Port Properties. Be sure to choose the "Support extended FTP..." option.
  3. Complete the [Advanced] tab of the Listen Port Properties as follows:
    1. If you need to support large uploads (>2GB), select the "Override maximum message size" check box and specify a new limit or allow unlimited message size.
    2. Associate the port with a published service. This is required in order to support the extended FTP command set.
    3. Configure the Advanced Properties if you wish to override any of the cluster properties for this listen port. The following are the available FTP-related advanced properties, shown with their default values:
      ftp.sessionIdleTimeout=60
      ftp.maxRequestProcessingThreads=10
      ftp.anonymousLoginsEnabled=true
      ftp.maxAnonymousLogins=10
      ftp.maxConcurrentLogins=10
      ftp.userMaxConcurrentLogins=10
      ftp.userMaxConcurrentLoginsPerIp=10
    For a description of these properties, see FTP Cluster Properties.
  4. Construct a service policy. The following example shows how to use the extended FTP commands along with the listen ports and the Route via FTP(S) Assertion. In this example, the credentials supplied by the FTP client will be used for authenticating the connection to the remote FTP server:
    Require FTP Credentials
    Request: Configure Message Streaming: enable streaming
    Route via FTPS Server

    Note: The Configure Message Streaming Assertion allows the transparent uploading of files and more accurate progress monitors in FTP clients. Omitting this assertion will slow down the routing of most (non-trivial) uploads and introduce the potential for timeouts.

  5. Configure these settings in the [Connection] tab of the FTP(s) Routing Properties as follows:
    1. Choose "From Variable" for the command and then enter request.ftp.command for the command variable.
    2. Enter ${request.ftp.path} as the directory.
    3. Enter ${request.ftp.argument} as the argument.
    4. Choose the assertion outcome "Never fail as long as target replies". This setting permits the FTP clients to receive useful responses from the remote FTP server that will (in most cases) indicate reasons for failure (for example, insufficient privileges, incorrectly-formatted arguments).
  6. Configure all the remaining settings in the assertion properties as appropriate for your environment. For a description of each setting, see the Route via FTP(S) assertion.

The following is a high level overview of FTP request proxying using the LIST command as an example:

  1. The FTP client connects to the CA API Gateway on the designated listen port.
  2. The FTP client sends a request to the CA API Gateway to list the contents of the working directory using the FTP command "LIST".
  3. The CA API Gateway processes this command and opens a data connection to the FTP client. The FTP request variables are populated.
  4. After the user's credentials are extracted by the Require FTP Credentials assertion (if using the credentials from the FTP client for authentication), the Route via FTP(S) assertion reads the values of the FTP request variables to find the command, working directory, and argument. It then connects to the remote server using the extracted credentials.
  5. The Route via FTP(S) Assertion issues the LIST command to the remote server and receives the listing, which it uses to create a response message. The FTP response variables are populated.
  6. The response message body is transferred to the FTP client over the data connection, which is closed when the transfer is complete. The reply code and text from the remote FTP server is sent to the FTP client over the control connection.

Configuring the [Other Settings] Tab

The [Other Settings] tab is available when either SSH2 or a custom transport protocol has been selected on the [Basic Settings] tab. If SSH2 was selected, the following fields display.

Setting

Description

Enable

 Select the network protocol(s) to support on the SSH2 server. Both SCP and SFTP are enabled by default..

Supported SCP Commands

PUT

Select this option to allow SCP clients to upload files.

GET

Select this option to allow the file to be sent back to the SCP client.

  • Retrieve file size from context variable: Select this option to retrieve the file size from the specified context variable. Clear this check box to not retrieve the file size from a context variable. In this case, the entire message stream will need to be read in order to detect the file size.  

Supported SFTP Commands

PUT

Select this option to allow SFTP clients to upload files.

  • Forward SFTP partial uploads to policy: Select this option to allow uploading files in parts. This will execute policy once for every file partially uploaded. Clear this check box to not allow partial uploads.

GET

Select this option to allow SFTP clients to download files.

  • Forward SFTP partial downloads to policy: Select this option to allow downloading files in parts. This will execute policy once for every file partially downloaded. Clear this check box to not allow partial downloads.

LIST

Select this option to allow SFTP clients to list files. When the SFTP client sends the LIST command, the policy will be called with the LIST set as the request.command.type.

STAT

Select this option to retrieve the file attributes for the file specified. When the SFTP client sends the STAT command, the policy will be called with the STAT set as the request.command.type.

Note: You must enable STAT or LIST to be able to upload and download files. If both are disabled, only one of GET or PUT can be enabled. In this case dummy file statistics will be returned to the SFTP client.

DELETE

Select this option to retrieve the file attributes for the file specified.

  • Delete file on truncate request: Select this optional check box if you have selected "Forward SFTP partial uploads" under PUT. In most cases the files are automatically truncated before they are overwritten. Clear this check box to retain the file on truncated requests.

MOVE

Select this option to allow SFTP clients to move or rename the files.

MKDIR

Select this option to allow SFTP clients to create directories.

RMDIR

Select this option to allow SFTP clients to remove directories.

Common Configurations

Host private key type

Click [Manage Stored Passwords] to enter a private key for the SSH2 server. For more information, see Manage Stored Passwords. This field is required.

Idle timeout (in minutes)

Enter the number of minutes for the idle timeout. This field is required.

The default is 10 minutes.

Max. concurrent session(s) per user:

Enter how many concurrent sessions are permitted for a user. A value of "0" (zero) means unlimited. The default is 10.

Note: The concurrent sessions allowed for a user is limited by the maximum number of concurrent sessions permitted (see the following setting).

Max. concurrent session(s):

Enter the total maximum number of concurrent sessions permitted. A value of "0" (zero) means unlimited. The default is 10.

If a custom transport protocol was selected, the contents of this tab will depend on the protocol. For the "l7.raw.tcp" transport protocol, the following field is shown:

  • Socket timeout: Enter the period of time before the socket times out, in milliseconds.

Configuring the [Advanced] Tab

The Advanced tab is used to define advanced settings for the listen port. In particular, it is recommended that only advanced technical users modify the Advanced Properties table.

Setting

Description

Request Properties

Override maximum message size

Select this check box to override the permitted maximum size of the routing message. Clear this check box to use the value set in the io.xmlPartMaxBytes cluster property.

  • Restrict messages to: Enter the maximum permitted size of the request message, in bytes. You may reference context variables.
  • Allow unlimited message size (not recommended): Select this option to allow response messages of unlimited size. This is not recommended and should be used only under the direction of CA Support.

Service Resolution: The settings under "Service Resolution" are available for all types of transport, predefined or custom. These two settings are designed for transports that do not communicate information that are necessary for correct operation of the listen port.

Associate port with single published service

Select this option to preselect a published service for the listen port. Any message arriving via this listen port will be routed immediately to the specified published service. Choose the service to use from the drop-down list. For more information about published services, see Working with SOAP Web Services.

Always use specified request content type

Select this option to preselect a Content-Type for the listen port. Choose the Content-Type to use from the drop-down list or type a valid Content-Type.

Advanced Properties

This section is used to define additional settings for the listen port. You will be directed by CA Support when such properties are required.

The following are some examples for advanced properties:

  • The Advanced Properties can be used to obfuscate the default server for the CA API Gateway HTTP listener. For example, the response returns "Apache-Coyote/1.1", which is the Tomcat default server. To minimize information disclosure, add the advanced property server = <value>. For example, adding the property server with the value foobar replaces "Apache-Coyote/1.1" with "foobar" in the "Server" heading in the response.
  • If you need to allow renegotiations, add the advanced property allowUnsafeLegacyRenegotiation = true. This suppresses the application-level disablement of renegotiation and allows the underlying JSSE provider to handle it.

    Tip: Setting this advanced property does not introduce any security vulnerabilities with current JDK versions.

  • By default, the CA API Gateway truncates any space between the Content-Type and the charset in the response header. To prevent this, add the advanced property trimContentType = false.  Note: This does not affect the outbound request headers, where truncation does not occur.
    • You can override the default FTP(S) listen port behavior for a specific listen port, by using the following advanced properties:

      ftp.sessionIdleTimeout

      ftp.maxRequestProcessingThreads
      ftp.anonymousLoginsEnabled
      ftp.maxAnonymousLogins
      ftp.maxConcurrentLogins
      ftp.userMaxConcurrentLogins
      ftp.userMaxConcurrentLoginsPerIp

      These properties match their corresponding FTP cluster property counterparts. For more information about these properties, see  FTP Cluster Properties.

      Technical tip: Impact of setting processing threads to zero. The default value for ftp.maxRequestProcessingThreads (10) should suffice for most instances. However if you set it to zero, there are circumstances where the resulting threads will be non-zero.

      If ftp.maxConcurrentLogins is set to unlimited, then the CA API Gateway will use the default thread number of 10.

      If ftp.maxConcurrentLogins is set to any other fixed value, then the maximum number of threads created will be equal to that value.

      Note: If the same FTP advanced property and cluster property are set, then the advanced property will take precedence for the listen port.

  • By default, the maximum number of headers that can be retrieved in a single GET call is 100. If you need to retrieve a greater number, add the advanced property maxHeaderCount = <new maximum value>.
  • To track the current concurrency of each HTTP(S) thread pool, add the advanced property concurrencyWarningThreshold with a specific threshold value. When the thread pool concurrency exceeds this threshold, the Gateway logs an audit record at specific intervals. The interval period is defined by the io.httpConcurrencyWarning.repeatDelay cluster property and defaults to 60 seconds.

    Note: Connectors not using a private thread pool share the global thread pool. These are controlled by the io.httpCoreConcurrency and io.httpMaxConcurrency cluster properties.

    The logged audits include:

    • System audit record: Server: HTTP Listeners components, action: "Concurrency Exceeded", message: "Listener concurrency exceeded: 999" (where "999" is the current concurrency).

    • Audit detail record: 2403, WARNING, "Listener concurrency too high: {0} {1}" (where "{0}" is the current concurrency and "{1}" is the connector identifier)

  • The default maximum HTTP header size for a listen port is 8KB (8192 bytes). This should suffice in the majority of instances. However this value may need to be increased for exceptional use cases (for example, running a large number of iterations in the Run Assertions for Each Item Assertion). To do this, add the advanced property: maxHttpHeaderSize = <new value in bytes> 
  • By default, the Gateway queues up to 100 incoming connection requests when all request processing threads are in use. All requests received once the queue is full are refused. To change the queue size, add the advanced property acceptCount = <queue size> 
  • By default, a Gateway HTTPS listener will wait 60 seconds for another request before closing the connection and a Gateway HTTP listener will wait 20 seconds for another request before closing the connection. If you need to adjust these defaults, add the advanced property keepAliveTime = <new value in milliseconds> 
Was this helpful?

Please log in to post comments.