records.config

The records.config file is a list of configurable variables used by the Traffic Server software. Many of the variables in the records.config file are set automatically when you set configuration options in Traffic Line or Traffic Shell. After you modify the records.config file, run the command traffic_line -x to apply the changes. When you apply changes to one node in a cluster, Traffic Server automatically applies the changes to all other nodes in the cluster.

Format

Each variable has the following format:

SCOPE variable_name DATATYPE variable_value

where

SCOPE is related to clustering and is either CONFIG (all members of the cluster) or LOCAL (only the local machine)

DATATYPE is one of INT (integer), STRING (string), FLOAT (floating point). : A variable marked as Deprecated is still functional but should be avoided as it may be removed in a future release without warning.

A variable marked as Reloadable can be updated via the command:

traffic_line -x

INT type configurations are expressed as any normal integer, e.g. 32768. They can also be expressed using more human readable values using standard prefixes, e.g. 32K. The following prefixes are supported for all INT type configurations

• K Kilobytes (1024 bytes)
• M Megabytes (1024^2 or 1,048,576 bytes)
• G Gigabytes (1024^3 or 1,073,741,824 bytes
• T Terabytes (1024^4 or 1,099,511,627,776 bytes)

Note

Traffic Server currently writes back configurations to disk periodically, and when doing so, will not preserve the prefixes.

Examples

In the following example, the variable proxy.config.proxy_name is a STRING datatype with the value my_server. This means that the name of the Traffic Server proxy is my_server.

CONFIG proxy.config.proxy_name STRING my_server

If the server name should be that_server the line would be

CONFIG proxy.config.proxy_name STRING that_server

In the following example, the variable proxy.config.arm.enabled is a yes/no flag. A value of 0 (zero) disables the option; a value of 1 enables the option.

CONFIG proxy.config.arm.enabled INT 0

In the following example, the variable sets the cluster startup timeout to 10 seconds.

CONFIG proxy.config.cluster.startup_timeout INT 10

The last examples configures a 64GB RAM cache, using a human readable prefix.

CONFIG proxy.config.cache.ram_cache.size INT 64G

Environment Overrides

Every records.config configuration variable can be overridden by a corresponding environment variable. This can be useful in situations where you need a static records.config but still want to tweak one or two settings. The override variable is formed by converting the records.config variable name to upper case, and replacing any dot separators with an underscore.

Overriding a variable from the environment is permanent and will not be affected by future configuration changes made in records.config or applied with traffic_line.

For example, we could override the proxy.config.product_company variable like this:

$ PROXY_CONFIG_PRODUCT_COMPANY=example traffic_cop &
$ traffic_line -r proxy.config.product_company

Configuration Variables

The following list describes the configuration variables available in the records.config file.

System Variables

proxy.config.product_company

Scope:CONFIG Type:STRING Default:Apache Software Foundation

The name of the organization developing Traffic Server.

proxy.config.product_vendor

Scope:CONFIG Type:STRING Default:Apache

The name of the vendor providing Traffic Server.

proxy.config.product_name

Scope:CONFIG Type:STRING Default:Traffic Server

The name of the product.

proxy.config.proxy_name

Scope:CONFIG Type:STRING Default:``build_machine`` Reloadable:Yes

The name of the Traffic Server node.

proxy.config.bin_path

Scope:CONFIG Type:STRING Default:bin

The location of the Traffic Server bin directory.

proxy.config.proxy_binary

Scope:CONFIG Type:STRING Default:traffic_server

The name of the executable that runs the traffic_server process.

proxy.config.proxy_binary_opts

Scope:CONFIG Type:STRING Default:-M

The command-line options for starting Traffic Server.

proxy.config.manager_binary

Scope:CONFIG Type:STRING Default:traffic_manager

The name of the executable that runs the traffic_manager process.

proxy.config.env_prep

Scope:CONFIG Type:STRING Default:*NONE*

The script executed before the traffic_manager process spawns the traffic_server process.

proxy.config.config_dir

Scope:CONFIG Type:STRING Default:config

The directory that contains Traffic Server configuration files.

proxy.config.alarm_email

Scope:CONFIG Type:STRING Default:*NONE* Reloadable:Yes

The email address to which Traffic Server sends alarm messages.

During a custom Traffic Server installation, you can specify the email address; otherwise, Traffic Server uses the Traffic Server user account name as the default value for this variable.

proxy.config.syslog_facility

Scope:CONFIG Type:STRING Default:LOG_DAEMON

The facility used to record system log files. Refer to Understanding Traffic Server Log Files.

proxy.config.cop.core_signal

Scope:CONFIG Type:INT Default:0

The signal sent to traffic_cop‘s managed processes to stop them.

A value of 0 means no signal will be sent.

proxy.config.cop.linux_min_swapfree_kb

Scope:CONFIG Type:INT Default:10240

The minimum amount of free swap space allowed before Traffic Server stops the traffic_server and traffic_manager processes to prevent the system from hanging. This configuration variable applies if swap is enabled in Linux 2.2 only.

proxy.config.output.logfile

Scope:CONFIG Type:STRING Default:traffic.out

The name and location of the file that contains warnings, status messages, and error messages produced by the Traffic Server processes. If no path is specified, then Traffic Server creates the file in its logging directory.

proxy.config.snapshot_dir

Scope:CONFIG Type:STRING Default:snapshots

The directory in which Traffic Server stores configuration snapshots on the local system. Unless you specify an absolute path, this directory is located in the Traffic Server config directory.

proxy.config.exec_thread.autoconfig

Scope:CONFIG Type:INT Default:1

When enabled (the default, 1), Traffic Server scales threads according to the available CPU cores. See the config option below.

proxy.config.exec_thread.autoconfig.scale

Scope:CONFIG Type:FLOAT Default:1.5

Factor by which Traffic Server scales the number of threads. The multiplier is usually the number of available CPU cores. By default this is scaling factor is 1.5.

proxy.config.exec_thread.limit

Scope:CONFIG Type:INT Default:2

XXX What does this do?

proxy.config.accept_threads

Scope:CONFIG Type:INT Default:0

When enabled (1), runs a separate thread for accept processing. If disabled (0), then only 1 thread can be created.

proxy.config.thread.default.stacksize

Scope:CONFIG Type:INT Default:1096908

The new default thread stack size, for all threads. The original default is set at 1 MB.

Value	Effect
1	assign threads to sockets
2	assign threads to real cores
3	assign threads to logical cores
0	don’t assign threads to any cores

Note

This option only has an affect when Traffic Server has been compiled with --enable-hwloc.

Network

proxy.local.incoming_ip_to_bind

Scope:LOCAL Type:STRING Default:0.0.0.0 ::

Controls the global default IP addresses to which to bind proxy server ports. The value is a space separated list of IP addresses, one per supported IP address family (currently IPv4 and IPv6).

Unless explicitly specified in proxy.config.http.server_ports the server port will be bound to one of these addresses, selected by IP address family. The built in default is any address. This is used if no address for a family is specified. This setting is useful if most or all server ports should be bound to the same address.

Note

This is ignored for inbound transparent server ports because they must be able to accept connections on arbitrary IP addresses.

Example

Set the global default for IPv4 to 192.168.101.18 and leave the global default for IPv6 as any address.:

LOCAL proxy.local.incoming_ip_to_bind STRING 192.168.101.18

Example

Set the global default for IPv4 to 191.68.101.18 and the global default for IPv6 to fc07:192:168:101::17.:

LOCAL proxy.local.incoming_ip_to_bind STRING 192.168.101.18 fc07:192:168:101::17

proxy.local.outgoing_ip_to_bind

Scope:LOCAL Type:STRING Default:0.0.0.0 ::

This controls the global default for the local IP address for outbound connections to origin servers. The value is a list of space separated IP addresses, one per supported IP address family (currently IPv4 and IPv6).

Unless explicitly specified in proxy.config.http.server_ports one of these addresses, selected by IP address family, will be used as the local address for outbound connections. This setting is useful if most or all of the server ports should use the same outbound IP addresses.

Note

This is ignored for outbound transparent ports as the local outbound address will be the same as the client local address.

Example

Set the default local outbound IP address for IPv4 connectionsn to 192.168.101.18.:

LOCAL proxy.local.outgoing_ip_to_bind STRING 192.168.101.18

Example

Set the default local outbound IP address to 192.168.101.17 for IPv4 and fc07:192:168:101::17 for IPv6.:

LOCAL proxy.local.outgoing_ip_to_bind STRING 192.168.101.17 fc07:192:168:101::17

Cluster

proxy.local.cluster.type

Scope:LOCAL Type:INT Default:3

Sets the clustering mode:

Value	Effect
1	full-clustering mode
2	management-only mode
3	no clustering

proxy.config.cluster.rsport

Scope:CONFIG Type:INT Default:8088

The reliable service port. The reliable service port is used to send configuration information between the nodes in a cluster. All nodes in a cluster must use the same reliable service port.

proxy.config.cluster.threads

Scope:CONFIG Type:INT Default:1

The number of threads for cluster communication. On heavy cluster, the number should be adjusted. It is recommend that take the thread CPU usage as a reference when adjusting.

proxy.config.clustger.ethernet_interface

Scope:CONFIG Type:STRING Default:*NONE*

Set the interface to use for cluster communications.

proxy.config.http.cache.cluster_cache_local

Scope:CONFIG Type:INT Default:0

This turns on the local caching of objects in cluster mode. The point of this is to allow for popular or hot content to be cached on all nodes in a cluster. Be aware that the primary way to configure this behavior is via the cache.config configuration file using action=cluster-cache-local directives.

This particular records.config configuration can be controlled per transaction or per remap rule. As such, it augments the cache.config directives, since you can turn on the local caching feature without complex regular expression matching.

This implies that turning this on in your global records.config is almost never what you want; instead, you want to use this either via e.g. conf_remap.so overrides for a certain remap rule, or through a custom plugin using the appropriate APIs.

Local Manager

proxy.config.lm.sem_id

Scope:CONFIG Type:INT Default:11452

The semaphore ID for the local manager.

proxy.config.admin.autoconf_port

Scope:CONFIG Type:INT Default:8083

The autoconfiguration port.

proxy.config.admin.number_config_bak

Scope:CONFIG Type:INT Default:3

The maximum number of copies of rolled configuration files to keep.

proxy.config.admin.user_id

Scope:CONFIG Type:STRING Default:nobody

Option used to specify who to run the traffic_server process as; also used to specify ownership of config and log files.

The nonprivileged user account designated to Traffic Server.

As of version 2.1.1 if the user_id is prefixed with pound character (#) the remaining of the string is considered to be a numeric user identifier. If the value is set to #-1 Traffic Server will not change the user during startup.

Setting user_id to root or #0 is now forbidden to increase security. Trying to do so, will cause the traffic_server fatal failure. However there are two ways to bypass that restriction

• Specify -DBIG_SECURITY_HOLE in CXXFLAGS during compilation.
• Set the user_id=#-1 and start trafficserver as root.

Process Manager

proxy.config.process_manager.mgmt_port

Scope:CONFIG Type:INT Default:8084

The port used for internal communication between the traffic_manager and traffic_server processes.

Alarm Configuration

proxy.config.alarm.bin

Scope:CONFIG Type:STRING Default:example_alarm_bin.sh

Name of the script file that can execute certain actions when an alarm is signaled. The default file is a sample script named example_alarm_bin.sh located in the bin directory. You must dit the script to suit your needs.

proxy.config.alarm.abs_path

Scope:CONFIG Type:STRING Default:NULL

The full path to the script file that sends email to alert someone bout Traffic Server problems.

HTTP Engine

proxy.config.http.server_ports

Scope:CONFIG Type:STRING Default:8080

Ports used for proxying HTTP traffic.

This is a list, separated by space or comma, of port descriptors. Each descriptor is a sequence of keywords and values separated by colons. Not all keywords have values, those that do are specifically noted. Keywords with values can have an optional ‘=’ character separating the keyword and value. The case of keywords is ignored. The order of keywords is irrelevant but unspecified results may occur if incompatible options are used (noted below). Options without values are idempotent. Options with values use the last (right most) value specified, except for ip-out as detailed later.

Quick reference chart.

Name	Note	Definition
number	Required	The local port.
ipv4	Default	Bind to IPv4 address family.
ipv6		Bind to IPv6 address family.
tr-in		Inbound transparent.
tr-out		Outbound transparent.
tr-full		Fully transparent (inbound and outbound)
tr-pass		Pass through enabled.
ssl		SSL terminated.
ip-in	Value	Local inbound IP address.
ip-out	Value	Local outbound IP address.
ip-resolve	Value	IP address resolution style.
blind		Blind (CONNECT) port.
compress	N/I	Compressed. Not implemented.

number

Local IP port to bind. This is the port to which ATS clients will connect.

ipv4

Use IPv4. This is the default and is included primarily for completeness. This forced if the ip-in option is used with an IPv4 address.

ipv6

Use IPv6. This is forced if the ip-in option is used with an IPv6 address.

tr-in

Inbound transparent. The proxy port will accept connections to any IP address on the port. To have IPv6 inbound transparent you must use this and the ipv6 option. This overrides proxy.local.incoming_ip_to_bind.

Not compatible with: ip-in, ssl, blind

tr-out

Outbound transparent. If ATS connects to an origin server for a transaction on this port, it will use the client’s address as its local address. This overrides proxy.local.outgoing_ip_to_bind.

Not compatible with: ip-out, ssl, ip-resolve

tr-full

Fully transparent. This is a convenience option and is identical to specifying both tr-in and tr-out.

Not compatible with: Any option not compatible with tr-in or tr-out.

tr-pass

Transparent pass through. This option is useful only for inbound transparent proxy ports. If the parsing of the expected HTTP header fails, then the transaction is switched to a blind tunnel instead of generating an error response to the client. It effectively enables proxy.config.http.use_client_target_addr for the transaction as there is no other place to obtain the origin server address.

ip-in

Set the local IP address for the port. This is the address to which clients will connect. This forces the IP address family for the port. The ipv4 or ipv6 can be used but it is optional and is an error for it to disagree with the IP address family of this value. An IPv6 address must be enclosed in square brackets. If this options is omitted proxy.local.incoming_ip_to_bind is used.

Not compatible with: tr-in.

ip-out

Set the local IP address for outbound connections. This is the address used by ATS locally when it connects to an origin server for transactions on this port. If this is omitted proxy.local.outgoing_ip_to_bind is used.

This option can used multiple times, once for each IP address family. The address used is selected by the IP address family of the origin server address.

Not compatible with: tr-out.

ip-resolve

Set the host resolution style for transactions on this proxy port.

Not compatible with: tr-out.

ssl

Require SSL termination for inbound connections. SSL must be configured for this option to provide a functional server port.

Not compatible with: tr-in, tr-out, blind.

blind

Accept only CONNECT transactions on this port.

Not compatible with: tr-in, ssl.

compress

Compress the connection. Retained only by inertia, should be considered “not implemented”.

Example

Listen on port 80 on any address for IPv4 and IPv6.:

80 80:ipv6

Example

Listen transparently on any IPv4 address on port 8080, and transparently on port 8080 on local address fc01:10:10:1::1 (which implies ipv6).:

IPv4:tr-FULL:8080 TR-full:IP-in=[fc02:10:10:1::1]:8080

Example

Listen on port 8080 for IPv6, fully transparent. Set up an SSL port on 443. These ports will use the IP address from proxy.local.incoming_ip_to_bind. Listen on IP address 192.168.17.1, port 80, IPv4, and connect to origin servers using the local address 10.10.10.1 for IPv4 and fc01:10:10:1::1 for IPv6.:

8080:ipv6:tr-full 443:ssl ip-in=192.168.17.1:80:ip-out=[fc01:10:10:1::1]:ip-out=10.10.10.1

proxy.config.http.connect_ports

Scope:CONFIG Type:STRING Default:443 563

The range of origin server ports that can be used for tunneling via CONNECT.

Traffic Server allows tunnels only to the specified ports. Supports both wildcards (‘*’) and ranges (“0-1023”).

Note

These are the ports on the origin server, not Traffic Server proxy ports.

proxy.config.http.insert_request_via_str

Scope:CONFIG Type:INT Default:1 Reloadable:Yes

Set how the Via field is handled on a request to the origin server.

Value	Effect
0	Do not modify / set this via header
1	Update the via, with normal verbosity
2	Update the via, with higher verbosity
3	Update the via, with highest verbosity

Note

The Via header string interpretation can be decoded here.

proxy.config.http.insert_response_via_str

Scope:CONFIG Type:INT Default:0 Reloadable:Yes

Set how the Via field is handled on the response to the client.

Value	Effect
0	Do not modify / set this via header
1	Update the via, with normal verbosity
2	Update the via, with higher verbosity
3	Update the via, with highest verbosity

Note

The Via header string interpretation can be decoded here.

proxy.config.http.response_server_enabled

Scope:CONFIG Type:INT Default:1 Reloadable:Yes

You can specify one of the following:

• 0 no Server: header is added to the response.
• 1 the Server: header is added (see string below).
• 2 the Server: header is added only if the response from rigin does not have one already.

proxy.config.http.insert_age_in_response

Scope:CONFIG Type:INT Default:1 Reloadable:Yes

This option specifies whether Traffic Server should insert an Age header in the response. The Age field value is the cache’s estimate of the amount of time since the response was generated or revalidated by the origin server.

• 0 no Age header is added
• 1 the Age header is added

proxy.config.http.response_server_str

Scope:CONFIG Type:STRING Default:ATS/ Reloadable:Yes

The Server: string that ATS will insert in a response header (if requested, see above). Note that the current version number is always appended to this string.

proxy.config.http.enable_url_expandomatic

Scope:CONFIG Type:INT Default:1 Reloadable:Yes

Enables (1) or disables (0) .com domain expansion. This configures the Traffic Server to resolve unqualified hostnames by prepending with www. and appending with .com before redirecting to the expanded address. For example: if a client makes a request to host, then Traffic Server redirects the request to www.host.com.

proxy.config.http.chunking_enabled

Scope:CONFIG Type:INT Default:1 Reloadable:Yes

Specifies whether Traffic Sever can generate a chunked response:

• 0 Never
• 1 Always
• 2 Generate a chunked response if the server has returned HTTP/1.1 before
• 3 = Generate a chunked response if the client request is HTTP/1.1 and the origin server has returned HTTP/1.1 before

Note

If HTTP/1.1 is used, then Traffic Server can use keep-alive connections with pipelining to origin servers. If HTTP/0.9 is used, then Traffic Server does not use keep-alive connections to origin servers. If HTTP/1.0 is used, then Traffic Server can use keep-alive connections without pipelining to origin servers.

proxy.config.http.share_server_sessions

Scope:CONFIG Type:INT Default:1

Enables (1) or disables (0) the reuse of server sessions.

proxy.config.http.record_heartbeat

Scope:CONFIG Type:INT Default:0 Reloadable:Yes

Enables (1) or disables (0) traffic_cop heartbeat ogging.

proxy.config.http.use_client_target_addr

Scope:CONFIG Type:INT Default:0

For fully transparent ports use the same origin server address as the client.

This option causes Traffic Server to avoid where possible doing DNS lookups in forward transparent proxy mode. The option is only effective if the following three conditions are true -

• Traffic Server is in forward proxy mode.
• The proxy port is inbound transparent.
• The target URL has not been modified by either remapping or a plugin.

If any of these conditions are not true, then normal DNS processing is done for the connection.

If all of these conditions are met, then the origin server IP address is retrieved from the original client connection, rather than through HostDB or DNS lookup. In effect, client DNS resolution is used instead of Traffic Server DNS.

This can be used to be a little more efficient (looking up the target once by the client rather than by both the client and Traffic Server) but the primary use is when client DNS resolution can differ from that of Traffic Server. Two known uses cases are:

1. Embedded IP addresses in a protocol with DNS load sharing. In this case, even though Traffic Server and the client both make the same request to the same DNS resolver chain, they may get different origin server addresses. If the address is embedded in the protocol then the overall exchange will fail. One current example is Microsoft Windows update, which presumably embeds the address as a security measure.
2. The client has access to local DNS zone information which is not available to Traffic Server. There are corporate nets with local DNS information for internal servers which, by design, is not propagated outside the core corporate network. Depending a network topology it can be the case that Traffic Server can access the servers by IP address but cannot resolve such addresses by name. In such as case the client supplied target address must be used.

This solution must be considered interim. In the longer term, it should be possible to arrange for much finer grained control of DNS lookup so that wildcard domain can be set to use Traffic Server or client resolution. In both known use cases, marking specific domains as client determined (rather than a single global switch) would suffice. It is possible to do this crudely with this flag by enabling it and then use identity URL mappings to re-disable it for specific domains.

proxy.config.http.keep_alive_enabled_in

Scope:CONFIG Type:INT Default:0

Enables (1) or disables (0) incoming keep-alive connections.

proxy.config.http.keep_alive_enabled_out

Scope:CONFIG Type:INT Default:0

Enables (1) or disables (0) outgoing keep-alive connections.

Note

Enabling keep-alive does not automatically enable purging of keep-alive requests when nearing the connection limit, that is controlled by `proxy.config.http.server_max_connections.

proxy.config.http.keep_alive_post_out

Scope:CONFIG Type:INT Default:0

Controls wether new POST requests re-use keep-alive sessions (1) or create new connections per request (0).

Parent Proxy Configuration

proxy.config.http.parent_proxy_routing_enable

Scope:CONFIG Type:INT Default:0 Reloadable:Yes

Enables (1) or disables (0) the parent caching option. Refer to Hierarchical Caching.

proxy.config.http.parent_proxy.retry_time

Scope:CONFIG Type:INT Default:300 Reloadable:Yes

The amount of time allowed between connection retries to a parent cache that is unavailable.

proxy.config.http.parent_proxy.fail_threshold

Scope:CONFIG Type:INT Default:10 Reloadable:Yes

The number of times the connection to the parent cache can fail before Traffic Server considers the parent unavailable.

proxy.config.http.parent_proxy.total_connect_attempts

Scope:CONFIG Type:INT Default:4 Reloadable:Yes

The total number of connection attempts allowed to a parent cache before Traffic Server bypasses the parent or fails the request (depending on the go_direct option in the parent.config file).

proxy.config.http.parent_proxy.per_parent_connect_attempts

Scope:CONFIG Type:INT Default:2 Reloadable:Yes

The total number of connection attempts allowed per parent, if multiple parents are used.

proxy.config.http.parent_proxy.connect_attempts_timeout

Scope:CONFIG Type:INT Default:30 Reloadable:Yes

The timeout value (in seconds) for parent cache connection attempts.

proxy.config.http.forward.proxy_auth_to_parent

Scope:CONFIG Type:INT Default:0 Reloadable:Yes

Configures Traffic Server to send proxy authentication headers on to the parent cache.

proxy.config.http.no_dns_just_forward_to_parent

Scope:CONFIG Type:INT Default:0 Reloadable:Yes

Don’t try to resolve DNS, forward all DNS requests to the parent. This is off (0) by default.

HTTP Connection Timeouts

proxy.config.http.keep_alive_no_activity_timeout_in

Scope:CONFIG Type:INT Default:10 Reloadable:Yes

Specifies how long Traffic Server keeps connections to clients open for a subsequent request after a transaction ends.

proxy.config.http.keep_alive_no_activity_timeout_out

Scope:CONFIG Type:INT Default:10 Reloadable:Yes

Specifies how long Traffic Server keeps connections to origin servers open for a subsequent transfer of data after a transaction ends.

proxy.config.http.transaction_no_activity_timeout_in

Scope:CONFIG Type:INT Default:120 Reloadable:Yes

Specifies how long Traffic Server keeps connections to clients open if a transaction stalls.

proxy.config.http.transaction_no_activity_timeout_out

Scope:CONFIG Type:INT Default:120 Reloadable:Yes

Specifies how long Traffic Server keeps connections to origin servers open if the transaction stalls.

proxy.config.http.transaction_active_timeout_in

Scope:CONFIG Type:INT Default:0 Reloadable:Yes

The maximum amount of time Traffic Server can remain connected to a client. If the transfer to the client is not complete before this timeout expires, then Traffic Server closes the connection.

The default value of 0 specifies that there is no timeout.

proxy.config.http.transaction_active_timeout_out

Scope:CONFIG Type:INT Default:0 Reloadable:Yes

The maximum amount of time Traffic Server waits for fulfillment of a connection request to an origin server. If Traffic Server does not complete the transfer to the origin server before this timeout expires, then Traffic Server terminates the connection request.

The default value of 0 specifies that there is no timeout.

proxy.config.http.accept_no_activity_timeout

Scope:CONFIG Type:INT Default:120 Reloadable:Yes

The timeout interval in seconds before Traffic Server closes a connection that has no activity.

proxy.config.http.background_fill_active_timeout

Scope:CONFIG Type:INT Default:60 Reloadable:Yes

Specifies how long Traffic Server continues a background fill before giving up and dropping the origin server connection.

proxy.config.http.background_fill_completed_threshold

Scope:CONFIG Type:FLOAT Default:0.50000 Reloadable:Yes

The proportion of total document size already transferred when a client aborts at which the proxy continues fetching the document from the origin server to get it into the cache (a background fill).

Origin Server Connect Attempts

proxy.config.http.connect_attempts_max_retries

Scope:CONFIG Type:INT Default:6 Reloadable:Yes

The maximum number of connection retries Traffic Server can make when the origin server is not responding.

proxy.config.http.connect_attempts_max_retries_dead_server

Scope:CONFIG Type:INT Default:2 Reloadable:Yes

The maximum number of connection retries Traffic Server can make when the origin server is unavailable.

proxy.config.http.server_max_connections

Scope:CONFIG Type:INT Default:0 Reloadable:Yes

Limits the number of socket connections across all origin servers to the value specified. To disable, set to zero (0).

Note

This value is used in determining when and if to prune active origin sessions. Without this value set connections to origins can consume all the way up to proxy.config.net.connections_throttle connections, which in turn can starve incoming requests from available connections.

proxy.config.http.origin_max_connections

Scope:CONFIG Type:INT Default:0 Reloadable:Yes

Limits the number of socket connections per origin server to the value specified. To enable, set to one (1).

proxy.config.http.origin_min_keep_alive_connections

Scope:CONFIG Type:INT Default:0 Reloadable:Yes

As connection to an origin server are opened, keep at least ‘n’ number of connections open to that origin, even if the connection isn’t used for a long time period. Useful when the origin supports keep-alive, removing the time needed to set up a new connection from the next request at the expense of added (inactive) connections. To enable, set to one (1).

proxy.config.http.connect_attempts_rr_retries

Scope:CONFIG Type:INT Default:2 Reloadable:Yes

The maximum number of failed connection attempts allowed before a round-robin entry is marked as ‘down’ if a server has round-robin DNS entries.

proxy.config.http.connect_attempts_timeout

Scope:CONFIG Type:INT Default:30 Reloadable:Yes

The timeout value (in seconds) for an origin server connection.

proxy.config.http.post_connect_attempts_timeout

Scope:CONFIG Type:INT Default:1800 Reloadable:Yes

The timeout value (in seconds) for an origin server connection when the client request is a POST or PUT request.

proxy.config.http.down_server.cache_time

Scope:CONFIG Type:INT Default:900 Reloadable:Yes

Specifies how long (in seconds) Traffic Server remembers that an origin server was unreachable.

proxy.config.http.down_server.abort_threshold

Scope:CONFIG Type:INT Default:10 Reloadable:Yes

The number of seconds before Traffic Server marks an origin server as unavailable after a client abandons a request because the origin server was too slow in sending the response header.

Congestion Control

proxy.config.http.congestion_control.enabled

Scope:CONFIG Type:INT Default:0

Enables (1) or disables (0) the Congestion Control option, which configures Traffic Server to stop forwarding HTTP requests to origin servers when they become congested. Traffic Server sends the client a message to retry the congested origin server later. Refer to Using Congestion Control.

proxy.config.http.flow_control.enabled

Scope:CONFIG Type:INT Default:0

Transaction buffering / flow control is enabled if this is set to a non-zero value. Otherwise no flow control is done.

proxy.config.http.flow_control.high_water

Scope:CONFIG Type:INT Default:65536 Metric:bytes

The high water mark for transaction buffer control. External source I/O is halted when the total buffer space in use by the transaction exceeds this value.

proxy.config.http.flow_control.low_water

Scope:CONFIG Type:INT Default:65536 Metric:bytes

The low water mark for transaction buffer control. External source I/O is resumed when the total buffer space in use by the transaction is no more than this value.

Negative Response Caching

proxy.config.http.negative_caching_enabled

Scope:CONFIG Type:INT Default:0 Reloadable:Yes

When enabled (1), Traffic Server caches negative responses (such as 404 Not Found) when a requested page does not exist. The next time a client requests the same page, Traffic Server serves the negative response directly from cache. When disabled (0) Traffic Server will only cache the response if the response has Cache-Control headers.

Note

Cache-Control directives from the server forbidding ache are ignored for the following HTTP response codes, regardless of the value specified for the proxy.config.http.negative_caching_enabled variable.

The following negative responses are cached by Traffic Server::

204  No Content
305  Use Proxy
400  Bad Request
403  Forbidden
404  Not Found
405  Method Not Allowed
500  Internal Server Error
501  Not Implemented
502  Bad Gateway
503  Service Unavailable
504  Gateway Timeout

The cache lifetime for objects cached from this setting is controlled via proxy.config.http.negative_caching_lifetime.

Proxy User Variables

proxy.config.http.anonymize_remove_from

Scope:CONFIG Type:INT Default:0 Reloadable:Yes

When enabled (1), Traffic Server removes the From header to protect the privacy of your users.

proxy.config.http.anonymize_remove_referer

Scope:CONFIG Type:INT Default:0 Reloadable:Yes

When enabled (1), Traffic Server removes the Referrer header to protect the privacy of your site and users.

proxy.config.http.anonymize_remove_user_agent

Scope:CONFIG Type:INT Default:0 Reloadable:Yes

When enabled (1), Traffic Server removes the User-agent header to protect the privacy of your site and users.

proxy.config.http.anonymize_remove_cookie

Scope:CONFIG Type:INT Default:0 Reloadable:Yes

When enabled (1), Traffic Server removes the Cookie header to protect the privacy of your site and users.

proxy.config.http.anonymize_remove_client_ip

Scope:CONFIG Type:INT Default:0 Reloadable:Yes

When enabled (1), Traffic Server removes Client-IP headers for more privacy.

proxy.config.http.anonymize_insert_client_ip

Scope:CONFIG Type:INT Default:1 Reloadable:Yes

When enabled (1), Traffic Server inserts Client-IP headers to retain the client IP address.

proxy.config.http.append_xforwards_header

Scope:CONFIG Type:INT Default:0

When enabled (1), Traffic Server appends X-Forwards headers to outgoing requests.

proxy.config.http.anonymize_other_header_list

Scope:CONFIG Type:STRING Default:NULL Reloadable:Yes

The headers Traffic Server should remove from outgoing requests.

proxy.config.http.insert_squid_x_forwarded_for

Scope:CONFIG Type:INT Default:0 Reloadable:Yes

When enabled (1), Traffic Server adds the client IP address to the X-Forwarded-For header.

proxy.config.http.normalize_ae_gzip

Scope:CONFIG Type:INT Default:0 Reloadable:Yes

Enable (1) to normalize all Accept-Encoding: headers to one of the following:

• Accept-Encoding: gzip (if the header has gzip or x-gzip with any q) OR
• blank (for any header that does not include gzip)

This is useful for minimizing cached alternates of documents (e.g. gzip, deflate vs. deflate, gzip). Enabling this option is recommended if your origin servers use no encodings other than gzip.

Security

proxy.config.http.push_method_enabled

Scope:CONFIG Type:INT Default:0 Reloadable:Yes

Enables (1) or disables (0) the HTTP PUSH option, which allows you to deliver content directly to the cache without a user request.

Important

If you enable this option, then you must also specify a filtering rule in the ip_allow.config file to allow only certain machines to push content into the cache.

Cache Control

proxy.config.cache.enable_read_while_writer

Scope:CONFIG Type:INT Default:0 Reloadable:Yes

Enables (1) or disables (0) ability to a read cached object while the another connection is completing the write to cache for the same object. Several other configuration values need to be set for this to become active. See Reducing Origin Server Requests (Avoiding the Thundering Herd)

proxy.config.cache.force_sector_size

Scope:CONFIG Type:INT Default:512 Reloadable:Yes

Forces the use of a specific hardware sector size (512 - 8192 bytes).

proxy.config.http.cache.http

Scope:CONFIG Type:INT Default:1 Reloadable:Yes

Enables (1) or disables (0) caching of HTTP requests.

proxy.config.http.cache.allow_empty_doc

Scope:CONFIG Type:INT Default:0 Reloadable:Yes

Enables (1) or disables (0) caching objects that have an empty response body. This is particularly useful for caching 301 or 302 responses with a Location header but no document body. This only works if the origin response also has a Content-Length header.

proxy.config.http.cache.ignore_client_no_cache

Scope:CONFIG Type:INT Default:0 Reloadable:Yes

When enabled (1), Traffic Server ignores client requests to bypass the cache.

proxy.config.http.cache.ims_on_client_no_cache

Scope:CONFIG Type:INT Default:0 Reloadable:Yes

When enabled (1), Traffic Server issues a conditional request to the origin server if an incoming request has a No-Cache header.

proxy.config.http.cache.ignore_server_no_cache

Scope:CONFIG Type:INT Default:0 Reloadable:Yes

When enabled (1), Traffic Server ignores origin server requests to bypass the cache.

proxy.config.http.cache.cache_responses_to_cookies

Scope:CONFIG Type:INT Default:3 Reloadable:Yes

Specifies how cookies are cached:

• 0 = do not cache any responses to cookies
• 1 = cache for any content-type
• 2 = cache only for image types
• 3 = cache for all but text content-types

proxy.config.http.cache.ignore_authentication

Scope:CONFIG Type:INT Default:0

When enabled (1), Traffic Server ignores WWW-Authentication headers in responses WWW-Authentication headers are removed and not cached.

proxy.config.http.cache.cache_urls_that_look_dynamic

Scope:CONFIG Type:INT Default:1 Reloadable:Yes

Enables (1) or disables (0) caching of URLs that look dynamic, i.e.: URLs that end in ``.asp`` or contain a question mark (``?``), a semicolon (``;``), or ``cgi``. For a full list, please refer to HttpTransact::url_looks_dynamic

proxy.config.http.cache.enable_default_vary_headers

Scope:CONFIG Type:INT Default:0 Reloadable:Yes

Enables (1) or disables (0) caching of alternate versions of HTTP objects that do not contain the Vary header.

proxy.config.http.cache.when_to_revalidate

Scope:CONFIG Type:INT Default:0 Reloadable:Yes

Specifies when to revalidate content:

• 0 = use cache directives or heuristic (the default value)

• 1 = stale if heuristic

• 2 = always stale (always revalidate)

• 3 = never stale

• 4 = use cache directives or heuristic (0) unless the request

  has an If-Modified-Since header

If the request contains the If-Modified-Since header, then Traffic Server always revalidates the cached content and uses the client’s If-Modified-Since header for the proxy request.

proxy.config.http.cache.when_to_add_no_cache_to_msie_requests

Scope:CONFIG Type:INT Default:0 Reloadable:Yes

Specifies when to add no-cache directives to Microsoft Internet Explorer requests. You can specify the following:

• 0 = no-cache is not added to MSIE requests
• 1 = no-cache is added to IMS MSIE requests
• 2 = no-cache is added to all MSIE requests

proxy.config.http.cache.required_headers

Scope:CONFIG Type:INT Default:0 Reloadable:Yes

The type of headers required in a request for the request to be cacheable.

• 0 = no headers required to make document cacheable
• 1 = either the Last-Modified header, or an explicit lifetime header, Expires or Cache-Control: max-age, is required
• 2 = explicit lifetime is required, Expires or Cache-Control: max-age

proxy.config.http.cache.max_stale_age

Scope:CONFIG Type:INT Default:604800 Reloadable:Yes

The maximum age allowed for a stale response before it cannot be cached.

proxy.config.http.cache.range.lookup

Scope:CONFIG Type:INT Default:1

When enabled (1), Traffic Server looks up range requests in the cache.

proxy.config.http.cache.ignore_accept_mismatch

Scope:CONFIG Type:INT Default:0 Reloadable:Yes

When enabled with a value of 1, Traffic Server serves documents from cache with a Content-Type: header even if it does not match the Accept: header of the request. If set to 2, this logic only happens in the absence of a Vary header in the cached response (which is the recommended and safe use).

Note

This option should only be enabled with 1 if you’re having problems with caching and you origin server doesn’t set the Vary header. Alternatively, if the origin is incorrectly setting Vary: Accept or doesn’t respond with 406 (Not Acceptable), you can also enable this configuration with a 1.

proxy.config.http.cache.ignore_accept_language_mismatch

Scope:CONFIG Type:INT Default:0 Reloadable:Yes

When enabled with a value of 1, Traffic Server serves documents from cache with a Content-Language: header even if it does not match the Accept-Language: header of the request. If set to 2, this logic only happens in the absence of a Vary header in the cached response (which is the recommended and safe use).

Note

This option should only be enabled with 1 if you’re having problems with caching and you origin server doesn’t set the Vary header. Alternatively, if the origin is incorrectly setting Vary: Accept-Language or doesn’t respond with 406 (Not Acceptable), you can also enable this configuration with a 1.

proxy.config.http.cache.ignore_accept_encoding_mismatch

Scope:CONFIG Type:INT Default:0 Reloadable:Yes

When enabled with a value of 1, Traffic Server serves documents from cache with a Content-Encoding: header even if it does not match the Accept-Encoding: header of the request. If set to 2, this logic only happens in the absence of a Vary header in the cached response (which is the recommended and safe use).

Note

This option should only be enabled with 1 if you’re having problems with caching and you origin server doesn’t set the Vary header. Alternatively, if the origin is incorrectly setting Vary: Accept-Encoding or doesn’t respond with 406 (Not Acceptable) you can also enable this configuration with a 1.

proxy.config.http.cache.ignore_accept_charset_mismatch

Scope:CONFIG Type:INT Default:0 Reloadable:Yes

When enabled with a value of 1, Traffic Server serves documents from cache with a Content-Type: header even if it does not match the Accept-Charset: header of the request. If set to 2, this logic only happens in the absence of a Vary header in the cached response (which is the recommended and safe use).

Note

This option should only be enabled with 1 if you’re having problems with caching and you origin server doesn’t set the Vary header. Alternatively, if the origin is incorrectly setting Vary: Accept-Charset or doesn’t respond with 406 (Not Acceptable), you can also enable this configuration with a 1.

proxy.config.http.cache.ignore_client_cc_max_age

Scope:CONFIG Type:INT Default:1 Reloadable:Yes

When enabled (1), Traffic Server ignores any Cache-Control: max-age headers from the client. This technically violates the HTTP RFC, but avoids a problem where a client can forcefully invalidate a cached object.

proxy.config.cache.max_doc_size

Scope:CONFIG Type:INT Default:0

Specifies the maximum object size that will be cached. 0 is unlimited.

proxy.config.cache.permit.pinning

Scope:CONFIG Type:INT Default:0 Reloadable:Yes

When enabled (1), Traffic Server will keep certain HTTP objects in the cache for a certain time as specified in cache.config.

proxy.config.cache.hit_evacuate_percent

Scope:CONFIG Type:INT Default:10

The size of the region (as a percentage of the total content storage in a cache stripe) in front of the write cursor that constitutes a recent access hit for evacutating the accessed object.

When an object is accessed it can be marked for evacuation, that is to be copied over the write cursor and thereby preserved from being overwritten. This is done if it is no more than a specific number of bytes in front of the write cursor. The number of bytes is a percentage of the total number of bytes of content storage in the cache stripe where the object is stored and that percentage is set by this variable.

proxy.config.cache.hit_evacuate_size_limit

Scope:CONFIG Type:INT Default:0 Metric:bytes

Limit the size of objects that are hit evacuated.

Objects larger than the limit are not hit evacuated. A value of 0 disables the limit.

RAM Cache

proxy.config.cache.ram_cache.size

Scope:CONFIG Type:INT Default:-1

By default the RAM cache size is automatically determined, based on disk cache size; approximately 10 MB of RAM cache per GB of disk cache. Alternatively, it can be set to a fixed value such as 20GB (21474836480)

proxy.config.cache.ram_cache.algorithm

Scope:CONFIG Type:INT Default:0

Two distinct RAM caches are supported, the default (0) being the CLFUS (Clocked Least Frequently Used by Size). As an alternative, a simpler LRU (Least Recently Used) cache is also available, by changing this configuration to 1.

proxy.config.cache.ram_cache.use_seen_filter

Scope:CONFIG Type:INT Default:0

Enabling this option will filter inserts into the RAM cache to ensure that they have been seen at least once. For the LRU, this provides scan resistance. Note that CLFUS already requires that a document have history before it is inserted, so for CLFUS, setting this option means that a document must be seen three times before it is added to the RAM cache.

proxy.config.cache.ram_cache.compress

Scope:CONFIG Type:INT Default:0

The CLFUS RAM cache also supports an optional in-memory compression. This is not to be confused with Content-Encoding: gzip compression. The RAM cache compression is intended to try to save space in the RAM, and is not visible to the User-Agent (client).

Possible values are:

• 0 = no compression
• 1 = fastlz (extremely fast, relatively low compression)
• 2 = libz (moderate speed, reasonable compression)
• 3 = liblzma (very slow, high compression)

Note

Compression runs on task threads. To use more cores for RAM cache compression, increase proxy.config.task_threads.

Heuristic Expiration

proxy.config.http.cache.heuristic_min_lifetime

Scope:CONFIG Type:INT Default:3600 Reloadable:Yes

The minimum amount of time an HTTP object without an expiration date can remain fresh in the cache before is considered to be stale.

proxy.config.http.cache.heuristic_max_lifetime

Scope:CONFIG Type:INT Default:86400 Reloadable:Yes

The maximum amount of time an HTTP object without an expiration date can remain fresh in the cache before is considered to be stale.

proxy.config.http.cache.heuristic_lm_factor

Scope:CONFIG Type:FLOAT Default:0.10000 Reloadable:Yes

The aging factor for freshness computations. Traffic Server stores an object for this percentage of the time that elapsed since it last changed.

proxy.config.http.cache.fuzz.time

Scope:CONFIG Type:INT Default:240 Reloadable:Yes

How often Traffic Server checks for an early refresh, during the period before the document stale time. The interval specified must be in seconds. See Fuzzy Revalidation

proxy.config.http.cache.fuzz.probability

Scope:CONFIG Type:FLOAT Default:0.00500 Reloadable:Yes

The probability that a refresh is made on a document during the specified fuzz time.

proxy.config.http.cache.fuzz.min_time

Scope:CONFIG Type:INT Default:0 Reloadable:Yes

Handles requests with a TTL less than fuzz.time – it allows for different times to evaluate the probability of revalidation for small TTLs and big TTLs. Objects with small TTLs will start “rolling the revalidation dice” near the fuzz.min_time, while objects with large TTLs would start at fuzz.time. A logarithmic like function between determines the revalidation evaluation start time (which will be between fuzz.min_time and fuzz.time). As the object gets closer to expiring, the window start becomes more likely. By default this setting is not enabled, but should be enabled anytime you have objects with small TTLs. The default value is 0.

Dynamic Content & Content Negotiation

proxy.config.http.cache.vary_default_text

Scope:CONFIG Type:STRING Default:NULL Reloadable:Yes

The header on which Traffic Server varies for text documents.

For example: if you specify User-agent, then Traffic Server caches all the different user-agent versions of documents it encounters.

proxy.config.http.cache.vary_default_images

Scope:CONFIG Type:STRING Default:NULL Reloadable:Yes

The header on which Traffic Server varies for images.

proxy.config.http.cache.vary_default_other

Scope:CONFIG Type:STRING Default:NULL Reloadable:Yes

The header on which Traffic Server varies for anything other than text and images.

Customizable User Response Pages

proxy.config.body_factory.enable_customizations

Scope:CONFIG Type:INT Default:0 Specifies whether customizable response pages are enabled or disabled and which response pages are used:

• 0 = disable customizable user response pages
• 1 = enable customizable user response pages in the default directory only
• 2 = enable language-targeted user response pages

proxy.config.body_factory.enable_logging

Scope:CONFIG Type:INT Default:1

Enables (1) or disables (0) logging for customizable response pages. When enabled, Traffic Server records a message in the error log each time a customized response page is used or modified.

proxy.config.body_factory.template_sets_dir

Scope:CONFIG Type:STRING Default:config/body_factory

The customizable response page default directory.

proxy.config.body_factory.response_suppression_mode

Scope:CONFIG Type:INT Default:0

Specifies when Traffic Server suppresses generated response pages:

• 0 = never suppress generated response pages
• 1 = always suppress generated response pages
• 2 = suppress response pages only for intercepted traffic

proxy.config.http_ui_enabled

Scope:CONFIG Type:INT Default:0

Enable the user interface page.

DNS

proxy.config.dns.search_default_domains

Scope:CONFIG Type:INT Default:1 Reloadable:Yes

Enables (1) or disables (0) local domain expansion.

Traffic Server can attempt to resolve unqualified hostnames by expanding to the local domain. For example if a client makes a request to an unqualified host (host_x) and the Traffic Server local domain is y.com , then Traffic Server will expand the hostname to host_x.y.com.

proxy.config.dns.splitDNS.enabled

Scope:CONFIG Type:INT Default:0 Reloadable:Yes

Enables (1) or disables (0) DNS server selection. When enabled, Traffic Server refers to the splitdns.config file for the selection specification. Refer to Configuring DNS Server Selection (Split DNS).

proxy.config.dns.url_expansions

Scope:CONFIG Type:STRING Default:NULL

Specifies a list of hostname extensions that are automatically added to the hostname after a failed lookup. For example: if you want Traffic Server to add the hostname extension .org, then specify org as the value for this variable (Traffic Server automatically adds the dot (.)).

Note

If the variable proxy.config.http.enable_url_expandomatic is set to 1 (the default value), then you do not have to add ``www.`` and ``.com`` to this list because Traffic Server automatically tries www. and .com after trying the values you’ve specified.

proxy.config.dns.resolv_conf

Scope:CONFIG Type:STRING Default:/etc/resolv.conf

Allows to specify which resolv.conf file to use for finding resolvers. While the format of this file must be the same as the standard resolv.conf file, this option allows an administrator to manage the set of resolvers in an external configuration file, without affecting how the rest of the operating system uses DNS.

proxy.config.dns.round_robin_nameservers

Scope:CONFIG Type:INT Default:0 Reloadable:Yes

Enables (1) or disables (0) DNS server round-robin.

proxy.config.dns.nameservers

Scope:CONFIG Type:STRING Default:NULL Reloadable:Yes

The DNS servers.

proxy.config.srv_enabled

Scope:CONFIG Type:INT Default:0 Reloadable:Yes

Indicates whether to use SRV records for orgin server lookup.

proxy.config.dns.dedicated_thread

Scope:CONFIG Type:INT Default:0

Create and dedicate a thread entirely for DNS processing. This is probably most useful on system which do a significant number of DNS lookups, typically forward proxies. But even on other systems, it can avoid some contention on the first worker thread (which otherwise takes on the burden of all DNS lookups).

HostDB

proxy.config.hostdb.serve_stale_for

Scope:CONFIG Type:INT Default:*NONE* Metric:seconds

The number of seconds for which to use a stale NS record while initiating a background fetch for the new data.

If not set then stale records are not served.

proxy.config.hostdb.storage_size

Scope:CONFIG Type:INT Default:33554432 Metric:bytes

The amount of space (in bytes) used to store hostdb. The value of this variable must be increased if you increase the size of the proxy.config.hostdb.size variable.

proxy.config.hostdb.size

Scope:CONFIG Type:INT Default:200000

The maximum number of entries that can be stored in the database.

Note

For values above 200000, you must increase proxy.config.hostdb.storage_size by at least 44 bytes per entry.

proxy.config.hostdb.ttl_mode

Scope:CONFIG Type:INT Default:0 Reloadable:Yes

A host entry will eventually time out and be discarded. This variable controls how that time is calculated. A DNS request will return a TTL value and an internal value can be set with proxy.config.hostdb.timeout. This variable determines which value will be used.

Value	TTL
0	The TTL from the DNS response.
1	The internal timeout value.
2	The smaller of the DNS and internal TTL values. The internal timeout value becomes a maximum TTL.
3	The larger of the DNS and internal TTL values. The internal timeout value become a minimum TTL.

proxy.config.hostdb.timeout

Scope:CONFIG Type:INT Default:1440 Metric:minutes Reloadable:Yes

Internal time to live value for host DB entries, in minutes.

See proxy.config.hostdb.ttl_mode for when this value is used.

proxy.config.hostdb.strict_round_robin

Scope:CONFIG Type:INT Default:0 Reloadable:Yes

Set host resolution to use strict round robin.

When this and proxy.config.hostdb.timed_round_robin are both disabled (set to 0), Traffic Server always uses the same origin server for the same client, for as long as the origin server is available. Otherwise if this is set then IP address is rotated on every request. This setting takes precedence over proxy.config.hostdb.timed_round_robin.

proxy.config.hostdb.timed_round_robin

Scope:CONFIG Type:INT Default:0 Reloadable:Yes

Set host resolution to use timed round robin.

When this and proxy.config.hostdb.strict_round_robin are both disabled (set to 0), Traffic Server always uses the same origin server for the same client, for as long as the origin server is available. Otherwise if this is set to N the IP address is rotated if more than N seconds have past since the first time the current address was used.

proxy.config.hostdb.ip_resolve

Scope:CONFIG Type:STRING Default:ipv4;ipv6

Set the host resolution style.

This is an ordered list of keywords separated by semicolons that specify how a host name is to be resolved to an IP address. The keywords are case insensitive.

Keyword	Meaning
ipv4	Resolve to an IPv4 address.
ipv6	Resolve to an IPv6 address.
client	Resolve to the same family as the client IP address.
none	Stop resolving.

The order of the keywords is critical. When a host name needs to be resolved it is resolved in same order as the keywords. If a resolution fails, the next option in the list is tried. The keyword none means to give up resolution entirely. The keyword list has a maximum length of three keywords, more are never needed. By default there is an implicit ipv4;ipv6 attached to the end of the string unless the keyword none appears.

Example

Use the incoming client family, then try IPv4 and IPv6.

client;ipv4;ipv6

Because of the implicit resolution this can also be expressed as just

client

Example

Resolve only to IPv4.

ipv4;none

Example

Resolve only to the same family as the client (do not permit cross family transactions).

client;none

This value is a global default that can be overridden by proxy.config.http.server_ports.

Note

This style is used as a convenience for the administrator. During a resolution the resolution order will be one family, then possibly the other. This is determined by changing client to ipv4 or ipv6 based on the client IP address and then removing duplicates.

Important

This option has no effect on outbound transparent connections The local IP address used in the connection to the origin server is determined by the client, which forces the IP address family of the address used for the origin server. In effect, outbound transparent connections always use a resolution style of “client”.

Logging Configuration

proxy.config.log.logging_enabled

Scope:CONFIG Type:INT Default:3 Reloadable:Yes

Enables and disables event logging:

• 0 = logging disabled
• 1 = log errors only
• 2 = log transactions only
• 3 = full logging (errors + transactions)

Refer to Working with Log Files.

proxy.config.log.max_secs_per_buffer

Scope:CONFIG Type:INT Default:5 Reloadable:Yes

The maximum amount of time before data in the buffer is flushed to disk.

proxy.config.log.max_space_mb_for_logs

Scope:CONFIG Type:INT Default:2000 Metric:megabytes Reloadable:Yes

The amount of space allocated to the logging directory (in MB).

Note

All files in the logging directory contribute to the space used, even if they are not log files. In collation client mode, if there is no local disk logging, or proxy.config.log.max_space_mb_for_orphan_logs is set to a higher value than proxy.config.log.max_space_mb_for_logs, TS will take proxy.config.log.max_space_mb_for_orphan_logs for maximum allowed log space.

proxy.config.log.max_space_mb_for_orphan_logs

Scope:CONFIG Type:INT Default:25 Metric:megabytes Reloadable:Yes

The amount of space allocated to the logging directory (in MB) if this node is acting as a collation client.

Note

When max_space_mb_for_orphan_logs is take as the maximum allowedlog space in the logging system, the same rule apply to proxy.config.log.max_space_mb_for_logs also apply to proxy.config.log.max_space_mb_for_orphan_logs, ie: All files in the logging directory contribute to the space used, even if they are not log files. you may need to consider this when you enable full remote logging, and bump to the same size as proxy.config.log.max_space_mb_for_logs.

proxy.config.log.max_space_mb_headroom

Scope:CONFIG Type:INT Default:10 Metric:megabytes Reloadable:Yes

The tolerance for the log space limit (in megabytes). If the variable proxy.config.log.auto_delete_rolled_files is set to 1 (enabled), then autodeletion of log files is triggered when the amount of free space available in the logging directory is less than the value specified here.

proxy.config.log.hostname

Scope:CONFIG Type:STRING Default:localhost Reloadable:Yes

The hostname of the machine running Traffic Server.

proxy.config.log.logfile_dir

Scope:CONFIG Type:STRING Default:install_dir\ ``/logs`` Reloadable:Yes

The full path to the logging directory. This can be an absolute path or a path relative to the directory in which Traffic Server is installed.

Note

The directory you specify must already exist.

proxy.config.log.logfile_perm

Scope:CONFIG Type:STRING Default:rw-r–r– Reloadable:Yes

The log file permissions. The standard UNIX file permissions are used (owner, group, other). Permissible values are:

- no permission r read permission w write permission x execute permission

Permissions are subject to the umask settings for the Traffic Server process. This means that a umask setting of002 will not allow write permission for others, even if specified in the configuration file. Permissions for existing log files are not changed when the configuration is changed.

proxy.config.log.custom_logs_enabled

Scope:CONFIG Type:INT Default:0 Reloadable:Yes

Enables (1) or disables (0) custom logging.

proxy.config.log.squid_log_enabled

Scope:CONFIG Type:INT Default:1 Reloadable:Yes

Enables (1) or disables (0) the squid log file format.

proxy.config.log.squid_log_is_ascii

Scope:CONFIG Type:INT Default:1 Reloadable:Yes

The squid log file type:

• 1 = ASCII
• 0 = binary

proxy.config.log.squid_log_name

Scope:CONFIG Type:STRING Default:squid Reloadable:Yes

The squid log filename.

proxy.config.log.squid_log_header

Scope:CONFIG Type:STRING Default:NULL

The squid log file header text.

proxy.config.log.common_log_enabled

Scope:CONFIG Type:INT Default:0 Reloadable:Yes

Enables (1) or disables (0) the Netscape common log file format.

proxy.config.log.common_log_is_ascii

Scope:CONFIG Type:INT Default:1 Reloadable:Yes

The Netscape common log file type:

• 1 = ASCII
• 0 = binary

proxy.config.log.common_log_name

Scope:CONFIG Type:STRING Default:common Reloadable:Yes

The Netscape common log filename.

proxy.config.log.common_log_header

Scope:CONFIG Type:STRING Default:NULL Reloadable:Yes

The Netscape common log file header text.

proxy.config.log.extended_log_enabled

Scope:CONFIG Type:INT Default:0 Reloadable:Yes

Enables (1) or disables (0) the Netscape extended log file format.

proxy.confg.log.extended_log_is_ascii

Scope:CONFIG Type:INT Default:1

The Netscape extended log file type:

• 1 = ASCII
• 0 = binary

proxy.config.log.extended_log_name

Scope:CONFIG Type:STRING Default:extended

The Netscape extended log filename.

proxy.config.log.extended_log_header

Scope:CONFIG Type:STRING Default:NULL Reloadable:Yes

The Netscape extended log file header text.

proxy.config.log.extended_log_is_ascii

Scope:CONFIG Type:INT Default:0

Set whether the extend log is written as ASCII (text) or binary.

proxy.config.log.extended2_log_enabled

Scope:CONFIG Type:INT Default:0 Reloadable:Yes

Enables (1) or disables (0) the Netscape Extended-2 log file format.

proxy.config.log.extended2_log_is_ascii

Scope:CONFIG Type:INT Default:1 Reloadable:Yes

The Netscape Extended-2 log file type:

• 1 = ASCII
• 0 = binary

proxy.config.log.extended2_log_name

Scope:CONFIG Type:STRING Default:extended2 Reloadable:Yes

The Netscape Extended-2 log filename.

proxy.config.log.extended2_log_header

Scope:CONFIG Type:STRING Default:NULL Reloadable:Yes

The Netscape Extended-2 log file header text.

proxy.config.log.separate_icp_logs

Scope:CONFIG Type:INT Default:0 Reloadable:Yes

When enabled (1), configures Traffic Server to store ICP transactions in a separate log file.

• 0 = separation is disabled, all ICP transactions are recorded in the same file as HTTP transactions
• 1 = all ICP transactions are recorded in a separate log file.
• -1 = filter all ICP transactions from the default log files; ICP transactions are not logged anywhere.

proxy.config.log.separate_host_logs

Scope:CONFIG Type:INT Default:0 Reloadable:Yes

When enabled (1), configures Traffic Server to create a separate log file for HTTP transactions for each origin server listed in the log_hosts.config file. Refer to HTTP Host Log Splitting.

proxy.local.log.collation_mode

Scope:LOCAL Type:INT Default:0 Reloadable:Yes

Set the log collation mode.

Value	Effect
0	collation is disabled
1	this host is a log collation server
2	this host is a collation client and sends entries using standard formats to the collation server
3	this host is a collation client and sends entries using the traditional custom formats to the collation server
4	this host is a collation client and sends entries that use both the standard and traditional custom formats to the collation server

For information on sending XML-based custom formats to the collation server, refer to logs_xml.config.

Note

Although Traffic Server supports traditional custom logging, you should use the more versatile XML-based custom formats.

proxy.config.log.collation_host

Scope:CONFIG Type:STRING Default:NULL

The hostname of the log collation server.

proxy.config.log.collation_port

Scope:CONFIG Type:INT Default:8085 Reloadable:Yes

The port used for communication between the collation server and client.

proxy.config.log.collation_secret

Scope:CONFIG Type:STRING Default:foobar Reloadable:Yes

The password used to validate logging data and prevent the exchange of unauthorized information when a collation server is being used.

proxy.config.log.collation_host_tagged

Scope:CONFIG Type:INT Default:0 Reloadable:Yes

When enabled (1), configures Traffic Server to include the hostname of the collation client that generated the log entry in each entry.

proxy.config.log.collation_retry_sec

Scope:CONFIG Type:INT Default:5 Reloadable:Yes

The number of seconds between collation server connection retries.

proxy.config.log.rolling_enabled

Scope:CONFIG Type:INT Default:1 Reloadable:Yes

Specifies how log files are rolled. You can specify the following values:

• 0 = disables log file rolling

• 1 = enables log file rolling at specific intervals during the day (specified with the

  proxy.config.log.rolling_interval_sec and proxy.config.log.rolling_offset_hr variables)

• 2 = enables log file rolling when log files reach a specific size (specified with the proxy.config.log.rolling_size_mb variable)

• 3 = enables log file rolling at specific intervals during the day or when log files reach a specific size (whichever occurs first)

• 4 = enables log file rolling at specific intervals during the day when log files reach a specific size (i.e., at a specified

  time if the file is of the specified size)

proxy.config.log.rolling_interval_sec

Scope:CONFIG Type:INT Default:86400 Reloadable:Yes

The log file rolling interval, in seconds. The minimum value is 300 (5 minutes). The maximum, and default, value is 86400 seconds (one day).

Note

If you start Traffic Server within a few minutes of the next rolling time, then rolling might not occur until the next rolling time.

proxy.config.log.rolling_offset_hr

Scope:CONFIG Type:INT Default:0 Reloadable:Yes

The file rolling offset hour. The hour of the day that starts the log rolling period.

proxy.config.log.rolling_size_mb

Scope:CONFIG Type:INT Default:10 Reloadable:Yes

The size that log files must reach before rolling takes place.

proxy.config.log.auto_delete_rolled_files

Scope:CONFIG Type:INT Default:1 Reloadable:Yes

Enables (1) or disables (0) automatic deletion of rolled files.

proxy.config.log.sampling_frequency

Scope:CONFIG Type:INT Default:1 Reloadable:Yes

Configures Traffic Server to log only a sample of transactions rather than every transaction. You can specify the following values:

• 1 = log every transaction
• 2 = log every second transaction
• 3 = log every third transaction and so on...

proxy.config.http.slow.log.threshold

Scope:CONFIG Type:INT Default:0 Metric:milliseconds Reloadable:Yes

If set to a non-zero value N then any connection that takes longer than N milliseconds from accept to completion will cause its timing stats to be written to the debugging log file. This is identifying data about the transaction and all of the transaction milestones.

Diagnostic Logging Configuration

proxy.config.diags.output.status

Scope:CONFIG Type:STRING Default:*NONE*

proxy.config.diags.output.warning

Scope:CONFIG Type:STRING Default:*NONE*

proxy.config.diags.output.emergency

Scope:CONFIG Type:STRING Default:*NONE*

control where Traffic Server should log diagnostic output. Messages at diagnostic level can be directed to any combination of diagnostic destinations. Valid diagnostic message destinations are::

* 'O' = Log to standard output
* 'E' = Log to standard error
* 'S' = Log to syslog
* 'L' = Log to diags.log

Example

To log debug diagnostics to both syslog and diags.log::

proxy.config.diags.output.debug STRING SL

Reverse Proxy

proxy.config.reverse_proxy.enabled

Scope:CONFIG Type:INT Default:1 Reloadable:Yes

Enables (1) or disables (0) HTTP reverse proxy.

proxy.config.header.parse.no_host_url_redirect

Scope:CONFIG Type:STRING Default:NULL Reloadable:Yes

The URL to which to redirect requests with no host headers (reverse proxy).

URL Remap Rules

proxy.config.url_remap.filename

Scope:CONFIG Type:STRING Default:remap.config

Sets the name of the remap.config file.

proxy.config.url_remap.default_to_server_pac

Scope:CONFIG Type:INT Default:0 Reloadable:Yes

Enables (1) or disables (0) requests for a PAC file on the proxy service port (8080 by default) to be redirected to the PAC port. For this type of redirection to work, the variable proxy.config.reverse_proxy.enabled must be set to 1.

proxy.config.url_remap.default_to_server_pac_port

Scope:CONFIG Type:INT Default:-1 Reloadable:Yes

Sets the PAC port so that PAC requests made to the Traffic Server proxy service port are redirected this port. -1 is the default setting that sets the PAC port to the autoconfiguration port (the default autoconfiguration port is 8083). This variable can be used together with the proxy.config.url_remap.default_to_server_pac variable to get a PAC file from a different port. You must create and run a process that serves a PAC file on this port. For example: if you create a Perl script that listens on port 9000 and writes a PAC file in response to any request, then you can set this variable to 9000. Browsers that request the PAC file from a proxy server on port 8080 will get the PAC file served by the Perl script.

proxy.config.url_remap.remap_required

Scope:CONFIG Type:INT Default:1 Reloadable:Yes

Set this variable to 1 if you want Traffic Server to serve requests only from origin servers listed in the mapping rules of the remap.config file. If a request does not match, then the browser will receive an error.

proxy.config.url_remap.pristine_host_hdr

Scope:CONFIG Type:INT Default:1 Reloadable:Yes

Set this variable to 1 if you want to retain the client host header in a request during remapping.

SSL Termination

proxy.config.ssl.SSLv2

Scope:CONFIG Type:INT Default:0

Enables (1) or disables (0) SSLv2. Please don’t enable it.

proxy.config.ssl.SSLv3

Scope:CONFIG Type:INT Default:1

Enables (1) or disables (0) SSLv3.

proxy.config.ssl.TLSv1

Scope:CONFIG Type:INT Default:1

Enables (1) or disables (0) TLSv1.

proxy.config.ssl.client.certification_level

Scope:CONFIG Type:INT Default:0

Sets the client certification level:

• 0 = no client certificates are required. Traffic Server does

  not verify client certificates during the SSL handshake. Access to Traffic Server depends on Traffic Server configuration options (such as access control lists).

• 1 = client certificates are optional. If a client has a

  certificate, then the certificate is validated. If the client does not have a certificate, then the client is still allowed access to Traffic Server unless access is denied through other Traffic Server configuration options.

• 2 = client certificates are required. The client must be

  authenticated during the SSL handshake. Clients without a certificate are not allowed to access Traffic Server.

proxy.config.ssl.server.multicert.filename

Scope:CONFIG Type:STRING Default:ssl_multicert.config

The location of the ssl_multicert.config file, relative to the Traffic Server configuration directory. In the following example, if the Traffic Server configuration directory is /etc/trafficserver, the Traffic Server SSL configuration file and the corresponding certificates are located in /etc/trafficserver/ssl:

CONFIG proxy.config.ssl.server.multicert.filename STRING ssl/ssl_multicert.config
CONFIG proxy.config.ssl.server.cert.path STRING etc/trafficserver/ssl
CONFIG proxy.config.ssl.server.private_key.path STRING etc/trafficserver/ssl

proxy.config.ssl.server.cert.path

Scope:CONFIG Type:STRING Default:/config

The location of the SSL certificates and chains used for accepting and validation new SSL sessions. If this is a relative path, it is appended to the Traffic Server installation PREFIX. All certificates and certificate chains listed in ssl_multicert.config will be loaded relative to this path.

proxy.config.ssl.server.private_key.path

Scope:CONFIG Type:STRING Default:NULL

The location of the SSL certificate private keys. Change this variable only if the private key is not located in the SSL certificate file. All private keys listed in ssl_multicert.config will be loaded relative to this path.

proxy.config.ssl.server.cert_chain.filename

Scope:CONFIG Type:STRING Default:NULL

The name of a file containing a global certificate chain that should be used with every server certificate. This file is only used if there are certificates defined in ssl_multicert.config. Unless this is an absolute path, it is loaded relative to the path specified by proxy.config.ssl.server.cert.path.

proxy.config.ssl.CA.cert.path

Scope:CONFIG Type:STRING Default:NULL

The location of the certificate authority file that client certificates will be verified against.

proxy.config.ssl.CA.cert.filename

Scope:CONFIG Type:STRING Default:NULL

The filename of the certificate authority that client certificates will be verified against.

proxy.config.ssl.auth.enabled

Scope:CONFIG Type:INT Default:0

TBD

Client-Related Configuration

proxy.config.ssl.client.verify.server

Scope:CONFIG Type:INT Default:0

Configures Traffic Server to verify the origin server certificate with the Certificate Authority (CA).

proxy.config.ssl.client.cert.filename

Scope:CONFIG Type:STRING Default:NULL

The filename of SSL client certificate installed on Traffic Server.

proxy.config.ssl.client.cert.path

Scope:CONFIG Type:STRING Default:/config

The location of the SSL client certificate installed on Traffic Server.

proxy.config.ssl.client.private_key.filename

Scope:CONFIG Type:STRING Default:NULL

The filename of the Traffic Server private key. Change this variable only if the private key is not located in the Traffic Server SSL client certificate file.

proxy.config.ssl.client.private_key.path

Scope:CONFIG Type:STRING Default:NULL

The location of the Traffic Server private key. Change this variable only if the private key is not located in the SSL client certificate file.

proxy.config.ssl.client.CA.cert.filename

Scope:CONFIG Type:STRING Default:NULL

The filename of the certificate authority against which the origin server will be verified.

proxy.config.ssl.client.CA.cert.path

Scope:CONFIG Type:STRING Default:NULL

Specifies the location of the certificate authority file against which the origin server will be verified.

ICP Configuration

proxy.config.icp.enabled

Scope:CONFIG Type:INT Default:0

Sets ICP mode for hierarchical caching:

• 0 = disables ICP
• 1 = allows Traffic Server to receive ICP queries only
• 2 = allows Traffic Server to send and receive ICP queries

Refer to ICP Peering.

proxy.config.icp.icp_interface

Scope:CONFIG Type:STRING Default:your_interface

Specifies the network interface used for ICP traffic.

Note

The Traffic Server installation script detects your network interface and sets this variable appropriately. If your system has multiple network interfaces, check that this variable specifies the correct interface.

proxy.config.icp.icp_port

Scope:CONFIG Type:INT Default:3130 Reloadable:Yes

Specifies the UDP port that you want to use for ICP messages.

proxy.config.icp.query_timeout

Scope:CONFIG Type:INT Default:2 Reloadable:Yes

Specifies the timeout used for ICP queries.

Scheduled Update Configuration

proxy.config.update.enabled

Scope:CONFIG Type:INT Default:0

Enables (1) or disables (0) the Scheduled Update option.

proxy.config.update.force

Scope:CONFIG Type:INT Default:0 Reloadable:Yes

Enables (1) or disables (0) a force immediate update. When enabled, Traffic Server overrides the scheduling expiration time for all scheduled update entries and initiates updates until this option is disabled.

proxy.config.update.retry_count

Scope:CONFIG Type:INT Default:10 Reloadable:Yes

Specifies the number of times Traffic Server can retry the scheduled update of a URL in the event of failure.

proxy.config.update.retry_interval

Scope:CONFIG Type:INT Default:2 Reloadable:Yes

Specifies the delay (in seconds) between each scheduled update retry for a URL in the event of failure.

proxy.config.update.concurrent_updates

Scope:CONFIG Type:INT Default:100 Reloadable:Yes

Specifies the maximum simultaneous update requests allowed at any time. This option prevents the scheduled update process from overburdening the host.

Remap Plugin Processor

proxy.config.remap.use_remap_processor

Scope:CONFIG Type:INT Default:0

Enables (1) or disables (0) the ability to run separate threads for remap plugin processing.

proxy.config.remap.num_remap_threads

Scope:CONFIG Type:INT Default:1

Specifies the number of threads that will be used for remap plugin rocessing.

Plug-in Configuration

proxy.config.plugin.plugin_dir

Scope:CONFIG Type:STRING Default:config/plugins

Specifies the location of Traffic Server plugins.

Sockets

proxy.config.net.defer_accept

Scope:CONFIG Type:INT Default:`1`

default: 1 meaning on all Platforms except Linux: 45 seconds

This directive enables operating system specific optimizations for a listening socket. defer_accept holds a call to accept(2) back until data has arrived. In Linux’ special case this is up to a maximum of 45 seconds.

proxy.config.net.sock_send_buffer_size_in

Scope:CONFIG Type:INT Default:0

Sets the send buffer size for connections from the client to Traffic Server.

proxy.config.net.sock_recv_buffer_size_in

Scope:CONFIG Type:INT Default:0

Sets the receive buffer size for connections from the client to Traffic Server.

proxy.config.net.sock_option_flag_in

Scope:CONFIG Type:INT Default:0

Turns different options “on” for the socket handling client connections::

TCP_NODELAY (1)
SO_KEEPALIVE (2)

Note

This is a flag and you look at the bits set. Therefore, you must set the value to 3 if you want to enable both options above.

proxy.config.net.sock_send_buffer_size_out

Scope:CONFIG Type:INT Default:0

Sets the send buffer size for connections from Traffic Server to the origin server.

proxy.config.net.sock_recv_buffer_size_out

Scope:CONFIG Type:INT Default:0

Sets the receive buffer size for connections from Traffic Server to the origin server.

proxy.config.net.sock_option_flag_out

Scope:CONFIG Type:INT Default:0

Turns different options “on” for the origin server socket::

TCP_NODELAY (1)
SO_KEEPALIVE (2)

Note

This is a flag and you look at the bits set. Therefore, you must set the value to 3 if you want to enable both options above.

proxy.config.net.sock_mss_in

Scope:CONFIG Type:INT Default:0

Same as the command line option --accept_mss that sets the MSS for all incoming requests.

Undocumented

These are referenced but not documented. Please contribute a definition.

proxy.config.http.negative_caching_lifetime

Scope:CONFIG Type:INT Default:0

proxy.config.task_threads

Scope:CONFIG Type:INT Default:0

proxy.config.cache.limits.http.max_alts

Scope:CONFIG Type:INT Default:5

proxy.config.http.enabled

Scope:CONFIG Type:INT Default:1