General Settings

Attribute

Description

Host

The IP address for each server that Reblaze protects. This can be a normal web server, or it can be a load-balancer. Note that Reblaze also provides load-balancing capabilities in its own right, as seen in the next field.

Weight

The relative weight of each server for load-balancing purposes. Reblaze distributes traffic with a round-robin sequence, according to these weights. For example, if two servers are both set to 'weight=1', they will receive equal amounts of traffic. If the first is set to 'weight=3' while the second is set to 'weight=1', the first server will receive three visitors for every single visitor that the second server receives.

Max Fails

The maximum number of failed communication attempts that are allowed for this server. Once this number of failures occurs, Reblaze will consider the server to be inactive. If other servers are available, Reblaze will failover the traffic to them. If this was the only server available, Reblaze will return an error to the client (either 504 Timeout, or 502 Bad Gateway).

Fail Timeout

When a server fails, this is the length of time that Reblaze will wait before trying to send traffic to it again. Example: "10s" indicates a fail timeout of 10 seconds. This field uses TTL Expression Syntax.

Is Down

When this box is checked, Reblaze will not attempt to communicate with this server. This allows you to easily take a server offline for temporary maintenance or some other purpose.

Is Backup

When this box is checked, Reblaze will treat this server as a backup. In other words, Reblaze will not attempt to communicate with it unless all the primary servers (i.e., those for which this box is not checked) are unavailable.

HTTP Port

The HTTP port for the server.

HTTPS Port

The HTTPS port for the server.

Setting

Description

Host Header

Defines whether or not Reblaze will alter the Host field in the request header. The default value (“$host”) means that Reblaze will not change it; the server will receive the Host field that the client sent. A different string will replace the Host field in the header. For example, if you have multiple domains in your Reblaze planet, you might mandate that all incoming requests have a certain domain in the header, regardless of which domain the client is actually accessing.

Client’s IP Header Name (Upstream Side)

Defines the field name that contains the client's IP address. Reblaze is a proxy, and it passes incoming client requests to the upstream server. This means that the server will receive request headers which contain Reblaze's cloud IP address as the "client" IP. This is not useful; almost always, the server will need the IP of the actual client instead. To facilitate server logging, analytics, and so on, Reblaze adds the IP address of the originating client to the headers that it sends to the server. The Client’s IP Header Name (Upstream Side) entry allows you to define the name of the field within which this information is passed.

Client's IP Header Name (Client Side)

Defines one or more header fields within which Reblaze can find the client's IP address. When Reblaze receives an incoming request from a client, the request will have passed through a load balancer on its way to Reblaze. This means that the header will contain the client's IP and the load-balancer IP. These two IPs are usually found within the X-Forwarded-For field, which is the default entry for Client's IP Header Name (Client Side). In this situation, Reblaze knows how to extract the client IP from this field. In other situations, a different field name might be necessary. For example, if the Reblaze customer is using Akamai CDN, the incoming request will have the client IP in a field named True-Client-IP instead.

Domain Names

The list of domains that Reblaze will protect.

SSL Offload

Reblaze can send web traffic via HTTP instead of HTTPS. This improves server performance, because the server no longer needs to decrypt the traffic. Obviously, this decreases security, and so this setting should usually be disabled. However, under certain circumstances (e.g., when a VPN is established between Reblaze and the servers), it can make sense to enable this.

Connect Timeout

The time (in seconds) for Reblaze to wait, before treating a connection with the upstream server as having failed.

Send Timeouts

The time (in seconds) for Reblaze to wait, before treating an upstream data transfer attempt as having failed.

Read Timeout

The time (in seconds) for Reblaze to wait, before treating a downstream (toward Reblaze) data transfer attempt as having failed.

Mask Headers

Defines the response headers that Reblaze will mask (i.e., remove from the response), preventing them from being exposed to the client.

For example: a default response header might include information about the server software (e.g. “Server: Microsoft-IIS/8.5”). This tells an attacker exactly which platform he is targeting, and so he can know which vulnerabilities to exploit. The Mask Headers entry defines all the headers to remove. It can contain multiple values, connected by pipes, with asterisks as wildcards.

HTTP/HTTPS redirect lines

Used to redirect all requests coming into these ports.

Field name

Description

RBZ-GEO-Country

Client's country

RBZ-GEO-CountryCode

Abbreviation of client's country

RBZ-ORG

Client's organization

RBZ-REGION

Client's region

Log file Parameter

Description

Challenge Domain

Defines the domain you want Reblaze to use when setting a challenge cookie. The default value (“$host”) tells Reblaze to use the domain being accessed by the user.

Private Args

Defines the argument names which contain sensitive data, and therefore will not be saved in log files. Common examples of this are payment details and credit card numbers.