Creating an HTTP server

Note

  • A server object can be linked to only one anonymous account.
  • A server object can be linked to only one forward account.

Warning

HTTP rendering is a CPU intensive process and may have negative impact on system’s performance. A physical appliance is recommended for monitoring rendered HTTP connections with the following limitations regarding the maximum number of concurrent rendered HTTP sessions.

Model Maximum recommended number of concurrent HTTP sessions*
F100x 2
F300x 5
F500x 10

* The actual value depends on the Fudo PAM instance configuration.

  1. Click + icon in the main menu next to the Servers tab, or

Select Management > Servers and then click Add and select Static server.

  1. Enter server’s unique name.
  2. Enter optional description, which will help identifying this server object.
  1. Select Blocked option to disable access to server after it’s created.
../../_images/5-1-add-servers-http.png
  1. Select HTTP from the Protocol drop-down list.
  2. Enter value of the HTTP timeout parameter, determining the time period of inactivity (expressed in seconds), after which the user will have to authenticate again.
  3. From the Bind address drop-down list, select Fudo PAM IP address used for communicating with this server.

Note

  • The Bind address drop-down list elements are IP address defined in the Network configuration menu (Network interfaces configuration) or labeled IP addresses (Labeled IP addresses).
  • In case of cluster configuration, select a labeled IP address from the Bind address drop-down list and make sure that other nodes have IP addresses assigned to this label. For more information refer to the Labeled IP addresses topic.
  1. Select the Use TLS to connect to monitored server over TLS.
  • Select Legacy ciphers option to allow negotiating older encryption algorithms (DSA(1024), RSA(1024)) when establishing connections.
  • Select Use root store certificates option.
  • In the CA certificate field, click i to upload a certificate.
  1. In the Permissions section, add users allowed to manage this object.

  1. Click an Add host button in order to add address(es) into the Server adresses section.
  • Enter server’s IP address and port number.
  • If Use TLS option above was chosen, additionally click icon-fetch-key to download server key or paste the certificate into the text area.
  • In the HTTP host field, provide the HTTP host header value. The HTTP host header determines the requested content in case there are many web sites hosted on the specified server.
  • From the Authentication method drop-down list, select one of the pre-defined online services or select Other to provide custom login page details.

Note

Authentication method enables seamless login credentials substitution when establishing a monitored HTTP connection.

In case of custom login credentials, the login and the password fields are identified using CSS selectors.

../../_images/http_code.png

For more information on CSS selectors refer to https://www.w3.org/TR/selectors-3/

  1. Click an Add hosts button in order to add a range of IP addresses.
  • Enter a starting IP address and an ending IP address.
  • Enter a port number.
  • Click Add hosts.
  1. Click Save.

Related topics: