Auditor
Each auditor configuration item is a map. The supported keys are described below.
Auditor objects are referenced from server config.
If a server names a missing auditor, vey-proxy falls back to the built-in
default auditor instance.
name
required, type: metric node name
The auditor name. It can be referenced from server config.
protocol_inspection
optional, type: protocol inspection
Basic protocol-inspection configuration.
default: set with default value
server_tcp_portmap
optional, type: server tcp portmap
Port mapping used for protocol inspection based on the server-side TCP port.
default: set with default value
client_tcp_portmap
optional, type: client tcp portmap
Port mapping used for protocol inspection based on the client-side TCP port.
default: set with default value
tls_cert_agent
optional, type: tls cert agent
Certificate generator used for TLS interception.
If this field is not set, TLS interception is disabled.
default: not set, alias: tls_cert_generator
tls_ticketer
optional, type: tls ticketer
Configures a remote rolling TLS ticketer.
default: not set
Added in version 1.9.9.
tls_interception_client
optional, type: tls interception client
TLS client configuration used for the upstream-side handshake during TLS interception.
default: set with default value
tls_interception_server
optional, type: tls interception server
TLS server configuration used for the client-side handshake during TLS interception.
default: set with default value
tls_stream_dump
optional, type: stream dump
Configures export of intercepted inner TLS streams to a remote service.
default: not set
Added in version 1.7.34.
log_uri_max_chars
optional, type: usize
Maximum number of URI characters retained in logs.
default: 1024
h1_interception
optional, type: h1 interception
HTTP/1.x interception configuration.
default: set with default value
h2_inspect_policy
optional, type: protocol inspect policy
Controls how HTTP/2 traffic is handled.
default: intercept
Added in version 1.9.0.
h2_interception
optional, type: h2 interception
HTTP/2 interception configuration.
default: set with default value
websocket_inspect_policy
optional, type: protocol inspect policy
Controls how WebSocket traffic is handled.
default: intercept
Added in version 1.9.8.
smtp_inspect_policy
optional, type: protocol inspect policy
Controls how SMTP traffic is handled.
default: intercept
Added in version 1.9.0.
smtp_interception
optional, type: smtp interception
SMTP interception configuration.
default: set with default value
Added in version 1.9.2.
imap_inspect_policy
optional, type: protocol inspect policy
Controls how IMAP traffic is handled.
default: intercept
Added in version 1.9.4.
imap_interception
optional, type: smtp interception
IMAP interception configuration.
default: set with default value
Added in version 1.9.7.
icap_reqmod_service
optional, type: icap service config
ICAP REQMOD service configuration.
default: not set
Added in version 1.7.3.
icap_respmod_service
optional, type: icap service config
ICAP RESPMOD service configuration.
default: not set
Added in version 1.7.3.
stream_detour_service
optional, type: stream detour service config
Configuration for the Stream Detour service.
To actually enable detouring, the inspect policy for the relevant protocol must
also be set to detour.
If no stream detour service is configured here, protocols set to detour are
bypassed instead.
default: not set
Added in version 1.9.8.
task_audit_ratio
optional, type: random ratio
Sampling ratio for task-level auditing, such as ICAP REQMOD and
RESPMOD, on incoming requests.
This setting also controls whether protocol inspection is actually enabled for a given request.
User-side settings may override this value.
default: 1.0, alias: application_audit_ratio
Added in version 1.7.4.