Creating an HTTP Server

Note

• A server object can be linked to only one anonymous account.

• A server object can be linked to only one forward account.

Warning

HTTP rendering is a CPU intensive process and may have negative impact on system’s performance. A physical appliance is recommended for monitoring rendered HTTP connections with the following limitations regarding the maximum number of concurrent rendered HTTP sessions.

Model	Maximum recommended number of concurrent HTTP sessions*
F100x	2
F300x	5
F500x	10

* The actual value depends on the Fudo Enterprise instance configuration.

1. Click + icon next to the Servers tab of the Session Management sub-section, or

2. Select Session Management > Servers and then click + Add server.

3. Enter server’s unique name.

4. Select Blocked option if the object should be unavailable after creation. A blocked server cannot be used to establish connections until it is manually unblocked. Providing a reason for blocking is required.

5. Optionally, click the Description checkbox and provide a text that will help identifying this server object.

SETTINGS TAB

1. Go to the SETTINGS tab.

2. In the Protocol section, select HTTP.

Warning

After server’s definition is saved, protocol’s field is uneditable.

3. Select the TLS enabled to connect to monitored server over TLS.

4. Select Legacy crypto option to allow negotiating older encryption algorithms (DSA(1024), RSA(1024)) when establishing connections.

5. Select the Use SSH tunnel option and provide the SSH tunnel key if you want to establish the connection through an SSH reverse tunnel.

Note

• In the Tunnel mode, the target host and port are exposed through a secure remote tunnel endpoint instead of being reached directly through the Bind address and Destination settings. See Use SSH Tunnel - SSH Reverse Tunnel Server Configuration.

• If you want to connect using a Tunnel-type listener to a server configured with the Use SSH tunnel option (SSH reverse tunnel), you must use the server name instead of a direct IP address and port. See Connection to a Server with Reverse Tunnel via Tunnel-type Listener.

6. If you do not use the SSH tunnel, from the Network address drop-down list, select the IP address from which connections to the monitored server will be initiated, and then configure the Destination settings.

7. In the HTTP host field provide the HTTP host header value.

Note

The HTTP host header determines the requested content in case there are many web sites hosted on the specified server.

7. Enter value of the HTTP timeout parameter, determining the time period of inactivity (expressed in seconds), after which the user will have to authenticate again.

8. Click the HTTP Authentication option to enable additional verification process and select one of the available platforms. If None is selected, provide custom login page details:

   • Login page URL,

   • Username and Password,

   • optionally, check the Press the enter key prior to password option.

Note

HTTP authentication is active only when the Render sessions option is enabled in the HTTP listener settings. To enable Render sessions option, please refer to the Setting up the HTTP Listener topic.

9. From the Network address drop-down list, select Fudo Enterprise IP address used for communicating with this server.

Note

• The Network address drop-down list elements are IP address defined in the Network configuration menu (Network Interfaces Configuration) or labeled IP addresses (Labeled IP Addresses).

• In case of cluster configuration, select a labeled IP address from the Network address drop-down list and make sure that other nodes have IP addresses assigned to this label. For more information refer to the Labeled IP Addresses topic.

10. In the Destination section select Host, IPv4 or IPv6. Enter server’s IP address.

Note

• Depending on selected option, default values for the Mask and Port fields are filled out automatically. This way the Fudo Enterprise system detects server as one with unique address. In order to set up address for entire subnet, provide a dedicated value for the Address and the Mask fields.

• In the case of overlapping address definitions, during connection establishment the more specific configuration (higher network mask) is always selected, even if the user does not have permissions assigned to it. This mechanism enables defining exceptions within broader access rules (e.g., granting access to /24 while explicitly excluding /32).

• If the TLS enabled was checked, in the Server verification section select one of the following options:Server certificate or CA certificate and provide respective certificate data. Select None to disable server verification.

11. Click Save.

OBJECT RIGHTS TAB

The OBJECT RIGHTS tab is used to define which users and roles are allowed to manage the object and which capabilities (Read, Modify, Delete, Block) are assigned to them.

1. Go to the OBJECT RIGHTS tab.

2. Open the USERS sub-tab.

3. Click Assign User, select the users from the list, and click Save.

4. In the Users list, select the capabilities for each user by enabling the options available for the given object, such as Read, Modify, Delete, or Block.

5. Open the Roles sub-tab.

6. Click Assign Role, select the roles from the list, and click Save.

7. In the Roles list, select the capabilities for each role by enabling the options available for the given object, such as Read, Modify, Delete, or Block.

Related topics:

• Pools

• Protocols - HTTP

• Data model

• Accounts

• Listeners

• Safes