System DB

This page within the L11WAAP console displays the current System Database. The parameters contained here are used throughout the system.

Most of these settings are displayed for informational purposes only. In some cases, they can reflect features of the system not currently in use.

The following features are available for configuration by customer admins:

Except for these, it is not recommended that admins attempt to edit settings within System DB. If you would like assistance, contact support.

Enabling certificates for mTLS

By default, the Link11 WAAP interface does not offer management of certificates for mTLS. These features can be enabled through the System DB.

To do this, begin by selecting the system namespace for editing, then select feature-toggle.

As shown above, this contains three parameters:

  • ssl-client-to-v5-client-ca-certificate, for mTLS between Link11 WAAP and end users.

  • ssl-server-to-backend-mtls-certificate, for mTLS between Link11 WAAP and the customer origin (a certificate for customer origins to validate L11WAAP).

  • ssl-server-to-backend-ca-certificate, for mTLS between Link11 WAAP and the customer origin (a certificate for L11WAAP to validate customer origins).

Set the appropriate parameter(s) to true, save the changes, and then publish.

  • If ssl-client-to-v5-client-ca-certificatewas activated, the CA Certificates tab will appear on the Certificates page. After being added there, certificates will be available for use in Server Groups.

  • If ssl-server-to-backend-mtls-certificatewas activated, the Server-to-Backend mTLS Certificates tab will appear on the Certificates page. After being added there, certificates will be available for use in Backend Services.

  • If ssl-server-to-backend-ca-certificate was activated, the Server-to-Backend CA Certificates tab will appear on the Certificates page. After being added there, certificates will be available for use in Backend Services.

The following can be helpful in understanding the names and usage of the various certificates:

Limiting Log Exporter data lengths

Log Exporters include the ability to include encoded request data. Using System DB, admins can limit the maximum lengths of various data included in the messages.

This is done by selecting the system namespace for editing, then selecting log-exporter. The values shown above will be available for editing.

After editing any of these parameters, save the changes and then publish.

The max_characters settings are the allowable lengths for the various data fields.

  • Each setting is specified as the maximum number of characters. Data exceeding those lengths will be truncated.

  • The encoded_fields limit applies to all fields within encoded requests, i.e. to each header, cookie, and argument.

The request_data_max_parameters_num limit defines the maximum number of parameters in the encoded data. For example, when this is set to 100, then the following limits are enforced:

  1. The maximum number of POST data parameters is 100

  2. The maximum number of GET data parameters is 100

  3. The maximum number of header data parameters is 100

The numbers shown in the screenshot above are the default values. If for some reason the log-exporter settings are deleted from System DB, these values will be used.

PreviousVersion ControlNextPublish Changes

Last updated

Was this helpful?