Auditor

Each auditor configuration item is a map. The supported keys are described below.

Auditor objects are referenced from server config. If a server names a missing auditor, vey-proxy falls back to the built-in default auditor instance.

name

required, type: metric node name

The auditor name. It can be referenced from server config.

protocol_inspection

optional, type: protocol inspection

Basic protocol-inspection configuration.

default: set with default value

server_tcp_portmap

optional, type: server tcp portmap

Port mapping used for protocol inspection based on the server-side TCP port.

default: set with default value

client_tcp_portmap

optional, type: client tcp portmap

Port mapping used for protocol inspection based on the client-side TCP port.

default: set with default value

tls_cert_agent

optional, type: tls cert agent

Certificate generator used for TLS interception.

If this field is not set, TLS interception is disabled.

default: not set, alias: tls_cert_generator

tls_ticketer

optional, type: tls ticketer

Configures a remote rolling TLS ticketer.

default: not set

Added in version 1.9.9.

tls_interception_client

optional, type: tls interception client

TLS client configuration used for the upstream-side handshake during TLS interception.

default: set with default value

tls_interception_server

optional, type: tls interception server

TLS server configuration used for the client-side handshake during TLS interception.

default: set with default value

tls_stream_dump

optional, type: stream dump

Configures export of intercepted inner TLS streams to a remote service.

default: not set

Added in version 1.7.34.

log_uri_max_chars

optional, type: usize

Maximum number of URI characters retained in logs.

default: 1024

h1_interception

optional, type: h1 interception

HTTP/1.x interception configuration.

default: set with default value

h2_inspect_policy

optional, type: protocol inspect policy

Controls how HTTP/2 traffic is handled.

default: intercept

Added in version 1.9.0.

h2_interception

optional, type: h2 interception

HTTP/2 interception configuration.

default: set with default value

websocket_inspect_policy

optional, type: protocol inspect policy

Controls how WebSocket traffic is handled.

default: intercept

Added in version 1.9.8.

smtp_inspect_policy

optional, type: protocol inspect policy

Controls how SMTP traffic is handled.

default: intercept

Added in version 1.9.0.

smtp_interception

optional, type: smtp interception

SMTP interception configuration.

default: set with default value

Added in version 1.9.2.

imap_inspect_policy

optional, type: protocol inspect policy

Controls how IMAP traffic is handled.

default: intercept

Added in version 1.9.4.

imap_interception

optional, type: smtp interception

IMAP interception configuration.

default: set with default value

Added in version 1.9.7.

icap_reqmod_service

optional, type: icap service config

ICAP REQMOD service configuration.

default: not set

Added in version 1.7.3.

icap_respmod_service

optional, type: icap service config

ICAP RESPMOD service configuration.

default: not set

Added in version 1.7.3.

stream_detour_service

optional, type: stream detour service config

Configuration for the Stream Detour service.

To actually enable detouring, the inspect policy for the relevant protocol must also be set to detour.

If no stream detour service is configured here, protocols set to detour are bypassed instead.

default: not set

Added in version 1.9.8.

task_audit_ratio

optional, type: random ratio

Sampling ratio for task-level auditing, such as ICAP REQMOD and RESPMOD, on incoming requests.

This setting also controls whether protocol inspection is actually enabled for a given request.

User-side settings may override this value.

default: 1.0, alias: application_audit_ratio

Added in version 1.7.4.