Auditor

The type for each auditor config is map, the keys are as follows:

name

required, type: metric node name

Set the auditor name, which will can be referenced in server config.

protocol_inspection

optional, type: protocol inspection

Set basic config for protocol inspection.

default: set with default value

server_tcp_portmap

optional, type: server tcp portmap

Set the portmap for protocol inspection based on server side tcp port.

default: set with default value

client_tcp_portmap

optional, type: client tcp portmap

Set the portmap for protocol inspection based on client side tcp port.

default: set with default value

tls_cert_agent

optional, type: tls cert agent

Set certificate generator for TLS interception.

If not set, TLS interception will be disabled.

default: not set, alias: tls_cert_generator

tls_ticketer

optional, type: tls ticketer

Set a (remote) rolling TLS ticketer.

default: not set

Added in version 1.9.9.

tls_interception_client

optional, type: tls interception client

Set the tls client config for server handshake in TLS interception.

default: set with default value

tls_interception_server

optional, type: tls interception server

Set the tls server config for client handshake in TLS interception.

default: set with default value

tls_stream_dump

optional, type: stream dump

Set this to dump the intercepted inner tls streams to a remote service.

default: not set

Added in version 1.7.34.

log_uri_max_chars

optional, type: usize

Set the max chars for the log of URI.

default: 1024

h1_interception

optional, type: h1 interception

Set http 1.x interception config.

default: set with default value

h2_inspect_policy

optional, type: protocol inspect policy

Set what we should do with HTTP/2.0 traffic.

default: intercept

Added in version 1.9.0.

h2_interception

optional, type: h2 interception

Set http 2.0 interception config.

default: set with default value

websocket_inspect_policy

optional, type: protocol inspect policy

Set what we should do with WebSocket traffic.

default: intercept

Added in version 1.9.8.

smtp_inspect_policy

optional, type: protocol inspect policy

Set what we should do with SMTP traffic.

default: intercept

Added in version 1.9.0.

smtp_interception

optional, type: smtp interception

Set the SMTP Interception config options.

default: set with default value

Added in version 1.9.2.

imap_inspect_policy

optional, type: protocol inspect policy

Set what we should do with IMAP traffic.

default: intercept

Added in version 1.9.4.

imap_interception

optional, type: smtp interception

Set the IMAP Interception config options.

default: set with default value

Added in version 1.9.7.

icap_reqmod_service

optional, type: icap service config

Set the ICAP REQMOD service config.

default: not set

Added in version 1.7.3.

icap_respmod_service

optional, type: icap service config

Set the ICAP RESPMOD service config.

default: not set

Added in version 1.7.3.

stream_detour_service

optional, type: stream detour service config

Set the Stream Detour service config.

You also need to change the inspect policy for each protocol to detour in order to really enable it.

If no stream detour service config set here, the protocols that is configured to use a detour policy will by bypassed.

default: not set

Added in version 1.9.8.

task_audit_ratio

optional, type: random ratio

Set the task audit (like ICAP REQMOD/RESPMOD) ratio for incoming requests.

This also controls whether protocol inspection is really enabled for a specific request.

User side settings may override this.

default: 1.0, alias: application_audit_ratio

Added in version 1.7.4.