You can improve the Web Agent performance by ignoring requests for resources that you do not want to protect. Consider the following configurations to improve performance:
Reduce overhead by instructing the Web Agent to ignore requests for certain types of resources with the following parameter:
Specifies the types of resource requests that the Web Agent passes to the web server without checking access policies. The Web Agent allows access to the items with extensions specified by this parameter even if they exist in a realm that is protected by a policy.
You can configure Web Agent to ignore requests in the following conditions:
Default: .class, .gif, .jpg, .jpeg, .png, .fcc, .scc, .sfcc, .ccc, .ntc
By default, the Agent does not ignore requests for resources that contain two or more periods that are separated by a slash (/). Web Agents handle requests for resources using the process that is shown in the following example:
To reduce overhead, add the extensions to this parameter for the resources you want the Agent to ignore.
Important! Web Agent applies the IgnoreExt parameter to resources in a URL but not to parameter values. Consider this behavior when configuring the IgnoreExt setting.
If a web server at your site supports several virtual servers, there may be resources on these virtual servers that you do not want to protect with the Web Agent. To simplify how the Web Agent distinguishes which portions of a web server's content it protects, use the following parameter:
Specifies the fully qualified domain names of any virtual servers that you want the web Agent to ignore. Resources on such virtual servers will be auto-authorized, and the Web Agent always grants access to them regardless of which client makes the request. The authorization decision is based on the configuration of the Web Agent instead of being based on a policy.
The list of ignored hosts is checked first before any other auto-authorization checks, such as the IgnoreExt and IgnoreURL settings. Therefore, the double-dot rule will not trigger an authorization call to the Policy Server for resources on an ignored host but would not be ignored by extension.
The host portion of the URL entries for the IgnoreHost parameter must exactly match what the Web Agent reads for the host header of the requested resource.
Note: This value is case-sensitive.
If the URL uses a specific port, then the port must specified.
For centrally-managed agents, use a multi-value parameter in the Agent Configuration Object to represent several servers. For agents configured with a local configuration file, list each host on a separate line in the file.
Example: (URL shown with port specified)
Example: (local configuration file)
Default: No default
To specify virtual servers for the Web Agent to Ignore, do either of the following tasks:
For central configuration, add the servers you want to ignore to your agent configuration object. For more than one server, use the multi-value setting for the parameter.
Resources using the specified URLs are ignored by the Web Agent and access to those resources is granted automatically.
The IgnoreQueryData parameter affects the way Web Agents treat URLs. Use this parameter to prevent Web Agent from caching the entire URL and sending the URIs with their query strings to the Policy Server for rule processing.
Specifies whether the Web Agent will cache the entire URL (including the query strings) and send the entire URI to the Policy Server for rule processing. A full URL string contains a URI, a hook (?), and some query data, as shown in the following example:
URLs that have been the subjects of requests are cached by default. Subsequent requests search the cache for a match. If requests for the same URI contain different query data, the match fails. Ignoring the query data improves performance.
When the IgnoreQueryData parameter is set to yes, the following occurs:
When the IgnoreQueryData parameter is set to no, the following occurs:
To have the Web Agent send only URIs to the Policy Server for processing, set the value of the IgnoreQueryData parameter to yes.
If you do not want to protect a set of URIs, configure the IgnoreUrl parameter to direct Web Agent to ignore and allow unrestricted access to those URIs.
Specifies a URI within a URL that must not be protected. Web Agent does not challenge the users who attempt to access the resource associated with the specified URI and allows access to the resource automatically. It also ignores the specified URI in a different domain or multiple URIs. The value is case-sensitive.
You can configure the parameter value in the following formats:
Web Agent ignores the URI
directory in the following sample URIs:
To allow unrestricted access to a specific folder in a URI, configure the parameter in the following format:
Consider the same sample URIs that are mentioned in Example 1, Web Agent ignores only the following URI and protects the rest of the URIs:
For a central configuration, add the fully qualified domain names with the URIs that you want to ignore to your agent configuration object. For more than one URI, use the multivalue setting for the parameter. For local configuration, add a separate line for each fully qualified domain name and URI in the local configuration file.