User Site
User-site configuration lets you attach overrides to a subset of destinations for one user.
Each site block says what should match, whether site-level metrics should be emitted, and which per-site overrides should apply once it matches.
id
required, type: metric node name
Each site must have an ID. If site metrics are enabled, this ID is used in the metric name.
alias: name
exact_match
optional, type: host | seq
Exact domain or target IP address to match in the user request.
Both a single host value and a sequence of hosts are accepted.
Note
the value should be different within all sites config of the current user.
suffix_match
optional, type: domain | seq, alias: child_match
Parent domain to match. Any child domain under it also matches.
Both a single domain value and a sequence of domains are accepted.
Note
the value should be different within all sites config of the current user.
Changed in version renamed: to suffix_match since version 1.13.3
subnet_match
optional, type: ip network str | seq
Network to match when the user request target is an IP address.
Both a single network value and a sequence of networks are accepted.
Note
the value should be different within all sites config of the current user.
emit_stats
optional, type: bool
Controls whether site-level metrics are emitted for this site.
See user site metrics for the definition of metrics.
default: false, alias: emit_metrics
duration_stats
optional, type: histogram metrics
Histogram-metric configuration for site-level duration statistics.
default: set with default value, alias: duration_metrics
Added in version 1.7.32.
resolve_strategy
optional, type: resolve strategy
Custom resolve strategy at the user-site level. It overrides the user-level strategy, but must still remain within the limits allowed by the escaper. Not all escapers support this, see the documentation for each escaper for more info.
default: no custom resolve strategy is set
Added in version 1.7.10.
tls_client
optional, type: tls client
TLS client configuration used for the upstream-side handshake during TLS interception.
This will overwrite:
auditor tls_interception_client <conf_auditor_tls_interception_client> if tls interception is enabled
http_proxy server tls_client <conf_server_http_proxy_tls_client> if https forward is enabled
default: not set
Added in version 1.9.0.
Example:
- id: office-sites
exact_match:
- www.example.com
- 203.0.113.10
suffix_match: example.net
subnet_match:
- 192.0.2.0/24
- 2001:db8::/32
emit_metrics: true
resolve_strategy: ipv4_only
http_rsp_header_recv_timeout: 8s
http_rsp_header_recv_timeout
optional, type: humanize duration
Custom HTTP response-header receive timeout for this site.
This will set and overwrite:
default: not set
Added in version 1.9.0.