Configuring Redirect Server from the redir.properties File
If you run the SRC software on a Solaris platform, you configure the redirect server by editing the redir.properties file.
To configure the redirect server from the redir.properties file:
- On each host on which you installed the redirect server software, access the directory in which you installed the redirect server, and run the configuration script.
# cd /opt/UMC/redir# etc/config- Follow the instructions on the screen to configure the redirect server.
Because the script includes some error checking, we recommend that you follow the instructions on the screen rather than directly editing the /opt/UMC/redir/etc/redir.properties file.
For information about the properties to be configured, see Configuration Properties for the Redirect Server.
If you are configuring redundancy for the redirect server, assign one redirect server as the primary server, and the other as the redundant server.
For information about getting information about the requests the redirect server is receiving and processing, see Chapter 20, Configuring Traffic Redirection with the SRC CLI.
Configuration Properties for the Redirect Server
You can modify the following properties for the redirect server from the configuration script that saves changes to the /etc/redir.properties file.
redir.port
- TCP port on which the redirect server listens for requests.
- Value—Integer; valid port number in the range 1024-65535
- Default—8800
redir.url
- URL sent as a response to redirect requests. If redir.proxyurl is not configured, this URL is used for both proxied and nonproxied requests.
- Value—http://<serverHost>/accessDenied.do?url=%(url)
- Guidelines—The URL can contain the special strings "%(url)s" and "%(proxy)s." If the HTTP request is sent to a proxy, the "%(url)s" string is replaced with the originally requested URL, and the "%(proxy)s" string is replaced with the proxy's "<ipAddress>:<port>". If the request is sent directly, the string is replaced with "None."
- Default—http://<serverHost>/accessDenied.do?url=%(url)
redir.proxy
- Configures proxy support. If you do not enable proxy support, the redirect server handles proxy requests in the same manner as direct requests.
- Value
redir.proxyurl
- URL sent as a response to proxy requests. If you do not configure a value, then the URL defaults to the redir.url value. You can use this property to send proxy requests to a page different from the direct request page on the captive portal.
- Value—Valid URL; string of ASCII characters in URL string format
- Default—No value
redir.user
- Name of the user who owns the UNIX processes for the redirect server.
- Value—Text string
- Default—Nobody
redir.reqrate
- Number of requests that the redirect server can accept per minute from all clients (global sustained rate).
- Value—Integer in the range 0-2147483647
- Default—12000
redir.reqburst
- Maximum number of requests that the redirect server can accept from all clients (burst size). This value should exceed redir.reqrate. If the value for redir.reqrate exceeds this value, the redirect server drops the excess requests.
- Value—Integer in the range 0-2147483647
- Default—18000
redir.clientrate
- Number of requests that the redirect server can accept per minute for a single client (per client sustained rate).
- Value—Integer in the range 0-2147483647
- Default—25
redir.clientburst
- Maximum number of requests that the redirect server can accept for a single client (per client burst size). This value should exceed redir.clientrate.
- Value—Integer in the range 0-2147483647
- Default—50
redir.ext
- Specifies whether the redirect server should accept only URLs that point to files that have standard file extensions—<empty>, .asp, .htm, .html, .jsp, .php, .shtm, .shtml, and .xml. If you specify Y and the file does not have a standard file extension, the redirect server returns an HTTP 403 Forbidden message.
- Value
redir.extensions
- List of additional file extensions. Employed only if you specified Y for redir.ext.
- Value—Text string consisting of acceptable file extensions separated by commas
- Default—No value
redir.monitor
monitor.host
- IP address or hostname for the redundant redirect server.
- Value—Fully qualified IP address or string
- Default—No value
monitor.virtualIp
- Configures virtual IP address of the redirect server. You must configure primary and redundant redirect servers to share this address under a common name in the DNS. Clients access the redirect server through this virtual IP address.
- Value—Fully qualified IP address
- Default—192.168.254.1
monitor.realIp
- Real IP address of the redirect server. When a primary redirect server is started, it dynamically establishes and maintains a static route on the client router to which it connects. The static route directs traffic destined for the virtual IP address of the server to the real IP address of the active redirect server.
- Value—Fully qualified IP address
- Default—Host IP address
monitor.master
- Specifies whether the redirect server identified in monitor.realIP is the primary redirect server.
- Value—Y or N
- Default—Y
monitor.checkInt
- Interval at which the redirect server polls the redundant redirect server.
- Value—Number of seconds in the range 60/<clientRate>-2147483647
where <clientRate> is the number of requests per minute that the redirect engine accepts from one client
- Guidelines—Specifying a shorter time in the range leads to faster detection of problems and results in higher consumption of CPU resources.
- Default—30
ldap.url
- List of the URLs for directories employed by the redirect server.
- Value—Text string consisting of acceptable LDAP URLs in the format
ldap://<host>:<portNumber>where <host> is the IP address or hostname of the directory host and <portNumber> is the TCP port
ldap.binddn
- Distinguished name (DN) that the redirect server uses to authorize connections to the directory.
- Value—Text string in LDAP format
- Default—cn=ssp, ou=components, o=operators, o=umc
ldap.bindpw
ldap.basedn
monitor.vrs
- Comma-separated list of virtual routers to which the redirect server connects.
- Value—Text string in the format
<vrName>@<routerName>,<vrName>@<routerName>where <vrName> is the name of the virtual router and <routerName> is the name of the router on which the VR is configured
dns.enable
- Guidelines—Use this property only if you want to use the DNS server that is included with the redirect server. If you want to use another DNS server, do not enable the DNS server included with redirect server.
- Default—Y
dns.errorip
- IP address that is returned when a DNS request results in an unknown name (NXDOMAIN) error.
- Value—Fully qualified IP address
- Default—192.168.254.2
dns.forwarder
- DNS servers to which requests are forwarded.
- Value—Text string consisting of fully qualified IP addresses separated by commas
- Default—No value
dns.tcpport
If you set the value to 0, no TCP socket is opened.
dns.udpport
If you set the value to 0, no UDP socket is opened.
agent.path
- Path to the SNMP agent.
- Value—<directory path>
- Guidelines—If you install SRC components into the default directory structure, you do not need to change this value. You can change this value only by editing the /opt/UMC/redir.properties file.
- Default—.../agent/var
redir.refresh
- Specifies whether the redirect server sends an HTTP 200 OK response or an HTML document that includes the <HTTP-Equiv="Refresh"> header to a subscriber's browser in response to a captured request.
- Value
- Y—Sends an HTTP 200 OK response with an HTML document that includes the <HTTP-Equiv="Refresh"> header to a subscriber's browser in response to a captured request.
- N— Sends an HTTP 302 Found response to a subscriber's browser in response to a captured request.
- Guidelines—By selecting Y, the load on the Web server is decreased because non-browser (or non-HTML) client applications that use HTTP do not follow this refresh message; however, most client applications do follow HTTP 302 messages.
- Default—Y
redir.refreshDoc
- Directory path to a local HTML file that the redirect server returns to a subscriber's browser in response to a captured request.
- Value—<path to HTML file>
- Guidelines—This property is used only if the redir.refresh property is set to Y.
If you enter an invalid path, the redirect server uses a default file. This file can contain the string "%(url)s" which is replaced with the URL of the local HTML file to be returned to the subscriber's browser.