Provided by: trafficserver_5.3.0-2ubuntu2_amd64 
NAME
records.config - Traffic Server configuration file
The records.config file (by default, located in /usr/local/etc/trafficserver/) is a list of configurable
variables used by the Traffic Server software. Many of the variables in the records.config file are set
automatically when you set configuration options in Traffic Line. After you modify the records.config
file, run the command traffic_line -x to apply the changes. When you apply changes to one node in a
cluster, Traffic Server automatically applies the changes to all other nodes in the cluster.
FORMAT
Each variable has the following format:
SCOPE variable_name DATATYPE variable_value
where
SCOPE is related to clustering and is either CONFIG (all members of the cluster) or LOCAL (only the local
machine)
DATATYPE is one of INT (integer), STRING (string), FLOAT (floating point). : A variable marked as
Deprecated is still functional but should be avoided as it may be removed in a future release without
warning.
A variable marked as Reloadable can be updated via the command:
traffic_line -x
INT type configurations are expressed as any normal integer, e.g. 32768. They can also be expressed using
more human readable values using standard prefixes, e.g. 32K. The following prefixes are supported for
all INT type configurations
• K Kilobytes (1024 bytes)
• M Megabytes (1024^2 or 1,048,576 bytes)
• G Gigabytes (1024^3 or 1,073,741,824 bytes)
• T Terabytes (1024^4 or 1,099,511,627,776 bytes)
NOTE:
Traffic Server currently writes back configurations to disk periodically, and when doing so, will not
preserve the prefixes.
EXAMPLES
In the following example, the variable proxy.config.proxy_name is a STRING datatype with the value
my_server. This means that the name of the Traffic Server proxy is my_server.
CONFIG proxy.config.proxy_name STRING my_server
If the server name should be that_server the line would be
CONFIG proxy.config.proxy_name STRING that_server
In the following example, the variable proxy.config.arm.enabled is a yes/no flag. A value of 0 (zero)
disables the option; a value of 1 enables the option.
CONFIG proxy.config.arm.enabled INT 0
In the following example, the variable sets the cluster startup timeout to 10 seconds.
CONFIG proxy.config.cluster.startup_timeout INT 10
The last examples configures a 64GB RAM cache, using a human readable prefix.
CONFIG proxy.config.cache.ram_cache.size INT 64G
ENVIRONMENT OVERRIDES
Every records.config configuration variable can be overridden by a corresponding environment variable.
This can be useful in situations where you need a static records.config but still want to tweak one or
two settings. The override variable is formed by converting the records.config variable name to upper
case, and replacing any dot separators with an underscore.
Overriding a variable from the environment is permanent and will not be affected by future configuration
changes made in records.config or applied with traffic_line.
For example, we could override the proxy.config.product_company variable like this:
$ PROXY_CONFIG_PRODUCT_COMPANY=example traffic_cop &
$ traffic_line -r proxy.config.product_company
CONFIGURATION VARIABLES
The following list describes the configuration variables available in the records.config file.
System Variables
proxy.config.product_company
Scope CONFIG.TP Type STRING.TP Default Apache Software Foundation.UNINDENT The name of the organization
developing Traffic Server.
proxy.config.product_vendor
Scope CONFIG.TP Type STRING.TP Default Apache.UNINDENT The name of the vendor providing Traffic Server.
proxy.config.product_name
Scope CONFIG.TP Type STRING.TP Default Traffic Server.UNINDENT The name of the product.
proxy.config.proxy_name
Scope CONFIG.TP Type STRING.TP Default ``build_machine``.TP Reloadable Yes.UNINDENT The name of the
Traffic Server node.
proxy.config.bin_path
Scope CONFIG.TP Type STRING.TP Default bin.UNINDENT The location of the Traffic Server bin directory.
proxy.config.proxy_binary
Scope CONFIG.TP Type STRING.TP Default traffic_server.UNINDENT The name of the executable that runs the
traffic_server process.
proxy.config.proxy_binary_opts
Scope CONFIG.TP Type STRING.TP Default -M.UNINDENT The command-line options for starting Traffic Server.
proxy.config.manager_binary
Scope CONFIG.TP Type STRING.TP Default traffic_manager.UNINDENT The name of the executable that runs the
traffic_manager process.
proxy.config.env_prep
Scope CONFIG.TP Type STRING.TP Default *NONE*.UNINDENT The script executed before the traffic_manager
process spawns the traffic_server process.
proxy.config.config_dir
Scope CONFIG.TP Type STRING.TP Default etc/trafficserver.UNINDENT The directory that contains Traffic
Server configuration files. This is a read-only configuration option that contains the SYSCONFDIR
value specified at build time relative to the installation prefix. The $TS_ROOT environment
variable can be used alter the installation prefix at run time.
proxy.config.syslog_facility
Scope CONFIG.TP Type STRING.TP Default LOG_DAEMON.UNINDENT The facility used to record system log files.
Refer to understanding-traffic-server-log-files.
proxy.config.cop.core_signal
Scope CONFIG.TP Type INT.TP Default 0.UNINDENT The signal sent to traffic_cop's managed processes to
stop them.
A value of 0 means no signal will be sent.
proxy.config.cop.linux_min_memfree_kb
Scope CONFIG.TP Type INT.TP Default 0.UNINDENT The minimum amount of free memory space allowed before
Traffic Server stops the traffic_server and traffic_manager processes to prevent the system from
hanging.
proxy.config.cop.linux_min_swapfree_kb
Scope CONFIG.TP Type INT.TP Default 0.UNINDENT The minimum amount of free swap space allowed before
Traffic Server stops the traffic_server and traffic_manager processes to prevent the system from
hanging. This configuration variable applies if swap is enabled in Linux 2.2 only.
proxy.config.output.logfile
Scope CONFIG.TP Type STRING.TP Default traffic.out.UNINDENT The name and location of the file that
contains warnings, status messages, and error messages produced by the Traffic Server processes.
If no path is specified, then Traffic Server creates the file in its logging directory.
proxy.config.snapshot_dir
Scope CONFIG.TP Type STRING.TP Default snapshots.UNINDENT The directory in which Traffic Server stores
configuration snapshots on the local system. Unless you specify an absolute path, this directory
is located in the Traffic Server SYSCONFDIR directory.
proxy.config.exec_thread.autoconfig
Scope CONFIG.TP Type INT.TP Default 1.UNINDENT When enabled (the default, 1), Traffic Server scales
threads according to the available CPU cores. See the config option below.
proxy.config.exec_thread.autoconfig.scale
Scope CONFIG.TP Type FLOAT.TP Default 1.5.UNINDENT Factor by which Traffic Server scales the number of
threads. The multiplier is usually the number of available CPU cores. By default this is scaling
factor is 1.5.
proxy.config.exec_thread.limit
Scope CONFIG.TP Type INT.TP Default 2.UNINDENT XXX What does this do?
proxy.config.accept_threads
Scope CONFIG.TP Type INT.TP Default 1.UNINDENT When enabled (1), runs a separate thread for accept
processing. If disabled (0), then only 1 thread can be created.
proxy.config.thread.default.stacksize
Scope CONFIG.TP Type INT.TP Default 1048576.UNINDENT The new default thread stack size, for all threads.
The original default is set at 1 MB.
proxy.config.exec_thread.affinity
Scope CONFIG.TP Type INT.TP Default 0.UNINDENT Bind threads to specific processing units.
──────────────────────────────────────────────
Value Effect
──────────────────────────────────────────────
0 assign threads to machine
──────────────────────────────────────────────
1 assign threads to NUMA nodes
──────────────────────────────────────────────
2 assign threads to sockets
──────────────────────────────────────────────
3 assign threads to cores
──────────────────────────────────────────────
4 assign threads to processing units
┌───────┬────────────────────────────────────┐
│ │ │
NOTE: │ │ │
--
NETWORK │ │ │
--
CLUSTER
proxy.local.cluster.type
Scope LOCAL.TP Type INT.TP Default 3.UNINDENT Sets the clustering mode:
┌───────┬──────────────────────┐
│ Value │ Effect │
├───────┼──────────────────────┤
│ 1 │ full-clustering mode │
├───────┼──────────────────────┤
│ 2 │ management-only mode │
├───────┼──────────────────────┤
│ 3 │ no clustering │
└───────┴──────────────────────┘
proxy.config.cluster.ethernet_interface
Scope CONFIG.TP Type INT.TP Default eth0.UNINDENT
The network interface to be used for cluster communication. This has to be identical on all
members of a clsuter. ToDo: Is that reasonable ?? Should this be local"
proxy.config.cluster.rsport
Scope CONFIG.TP Type INT.TP Default 8088.UNINDENT The reliable service port. The reliable service port
is used to send configuration information between the nodes in a cluster. All nodes in a cluster
must use the same reliable service port.
proxy.config.cluster.threads
Scope CONFIG.TP Type INT.TP Default 1.UNINDENT The number of threads for cluster communication. On heavy
cluster, the number should be adjusted. It is recommend that take the thread CPU usage as a
reference when adjusting.
proxy.config.clustger.ethernet_interface
Scope CONFIG.TP Type STRING.TP Default *NONE*.UNINDENT Set the interface to use for cluster
communications.
proxy.config.http.cache.cluster_cache_local
Scope CONFIG.TP Type INT.TP Default 0.UNINDENT This turns on the local caching of objects in cluster
mode. The point of this is to allow for popular or hot content to be cached on all nodes in a
cluster. Be aware that the primary way to configure this behavior is via the cache.config
configuration file using action=cluster-cache-local directives.
This particular records.config configuration can be controlled per transaction or per remap rule.
As such, it augments the cache.config directives, since you can turn on the local caching feature
without complex regular expression matching.
This implies that turning this on in your global records.config is almost never what you want;
instead, you want to use this either via e.g. conf_remap.so overrides for a certain remap rule, or
through a custom plugin using the appropriate APIs.
LOCAL MANAGER
proxy.config.lm.sem_id
Scope CONFIG.TP Type INT.TP Default 11452.UNINDENT The semaphore ID for the local manager.
proxy.config.admin.autoconf_port
Scope CONFIG.TP Type INT.TP Default 8083.UNINDENT The autoconfiguration port.
proxy.config.admin.number_config_bak
Scope CONFIG.TP Type INT.TP Default 3.UNINDENT The maximum number of copies of rolled configuration
files to keep.
proxy.config.admin.user_id
Scope CONFIG.TP Type STRING.TP Default nobody.UNINDENT Option used to specify who to run the
traffic_server process as; also used to specify ownership of config and log files.
The nonprivileged user account designated to Traffic Server.
As of version 2.1.1 if the user_id is prefixed with pound character (#) the remaining of the
string is considered to be a numeric user identifier. If the value is set to #-1 Traffic Server
will not change the user during startup.
Setting user_id to root or #0 is now forbidden to increase security. Trying to do so, will cause
the traffic_server fatal failure. However there are two ways to bypass that restriction
• Specify -DBIG_SECURITY_HOLE in CXXFLAGS during compilation.
• Set the user_id=#-1 and start trafficserver as root.
proxy.config.admin.api.restricted
Scope CONFIG.TP Type INT.TP Default 1.UNINDENT
This setting specifies whether the management API should be restricted to root processes. If this
is set to 0, then on platforms that support passing process credentials, non-root processes will
be allowed to make read-only management API calls. Any management API calls that modify server
state (eg. setting a configuration variable) will still be restricted to root processes.
This setting is not reloadable, since it is must be applied when program:traffic_manager
initializes.
NOTE:
In Traffic Server 6.0, the default value of proxy.config.admin.api.restricted will be changed to 0.
PROCESS MANAGER
proxy.config.process_manager.mgmt_port
Scope CONFIG.TP Type INT.TP Default 8084.UNINDENT The port used for internal communication between the
traffic_manager and traffic_server processes.
ALARM CONFIGURATION
proxy.config.alarm_email
Scope CONFIG.TP Type STRING.TP Default *NONE*.TP Reloadable Yes.UNINDENT The address to which the alarm
script should send email.
proxy.config.alarm.bin
Scope CONFIG.TP Type STRING.TP Default example_alarm_bin.sh.TP Reloadable Yes.UNINDENT Name of the
script file that can execute certain actions when an alarm is signaled. The script is invoked with
up to 4 arguments:
• the alarm message
• the value of proxy.config.product_name
• the value of proxy.config.admin.user_id
• the value of proxy.config.alarm_email
proxy.config.alarm.abs_path
Scope CONFIG.TP Type STRING.TP Default NULL.TP Reloadable Yes.UNINDENT The absolute path to the
directory containing the alarm script. If this is not set, the script will be located relative to
proxy.config.bin_path.
proxy.config.alarm.script_runtime
Scope CONFIG.TP Type INT.TP Default 5.TP Reloadable Yes.UNINDENT The number of seconds that Traffic
Server allows the alarm script to run before aborting it.
HTTP ENGINE
proxy.config.http.server_ports
Scope CONFIG.TP Type STRING.TP Default 8080.UNINDENT Ports used for proxying HTTP traffic.
This is a list, separated by space or comma, of port descriptors. Each descriptor is a sequence of
keywords and values separated by colons. Not all keywords have values, those that do are
specifically noted. Keywords with values can have an optional '=' character separating the keyword
and value. The case of keywords is ignored. The order of keywords is irrelevant but unspecified
results may occur if incompatible options are used (noted below). Options without values are
idempotent. Options with values use the last (right most) value specified, except for ip-out as
detailed later.
Quick reference chart.
┌────────────┬──────────┬──────────────────────────────┐
│ Name │ Note │ Definition │
├────────────┼──────────┼──────────────────────────────┤
│ number │ Required │ The local port. │
├────────────┼──────────┼──────────────────────────────┤
│ blind │ │ Blind (CONNECT) port. │
├────────────┼──────────┼──────────────────────────────┤
│ compress │ N/I │ Compressed. Not implemented. │
├────────────┼──────────┼──────────────────────────────┤
│ ipv4 │ Default │ Bind to IPv4 address family. │
├────────────┼──────────┼──────────────────────────────┤
│ ipv6 │ │ Bind to IPv6 address family. │
├────────────┼──────────┼──────────────────────────────┤
│ ip-in │ Value │ Local inbound IP address. │
├────────────┼──────────┼──────────────────────────────┤
│ ip-out │ Value │ Local outbound IP address. │
├────────────┼──────────┼──────────────────────────────┤
│ ip-resolve │ Value │ IP address resolution style. │
├────────────┼──────────┼──────────────────────────────┤
│ proto │ Value │ List of supported session │
│ │ │ protocols. │
├────────────┼──────────┼──────────────────────────────┤
│ ssl │ │ SSL terminated. │
├────────────┼──────────┼──────────────────────────────┤
│ tr-full │ │ Fully transparent (inbound │
│ │ │ and outbound) │
├────────────┼──────────┼──────────────────────────────┤
│ tr-in │ │ Inbound transparent. │
├────────────┼──────────┼──────────────────────────────┤
│ tr-out │ │ Outbound transparent. │
├────────────┼──────────┼──────────────────────────────┤
│ tr-pass │ │ Pass through enabled. │
└────────────┴──────────┴──────────────────────────────┘
number Local IP port to bind. This is the port to which ATS clients will connect.
blind Accept only the CONNECT method on this port.
Not compatible with: tr-in, ssl.
compress
Compress the connection. Retained only by inertia, should be considered "not implemented".
ipv4 Use IPv4. This is the default and is included primarily for completeness. This forced if the ip-in
option is used with an IPv4 address.
ipv6 Use IPv6. This is forced if the ip-in option is used with an IPv6 address.
ssl Require SSL termination for inbound connections. SSL must be configured for this option to provide
a functional server port.
Not compatible with: blind.
proto Specify the session level protocols supported. These should be separated by semi-colons. For TLS
proxy ports the default value is all available protocols. For non-TLS proxy ports the default is
HTTP only. SPDY can be enabled on non-TLS proxy ports but that must be done explicitly.
tr-full
Fully transparent. This is a convenience option and is identical to specifying both tr-in and
tr-out.
Not compatible with: Any option not compatible with tr-in or tr-out.
tr-in Inbound transparent. The proxy port will accept connections to any IP address on the port. To have
IPv6 inbound transparent you must use this and the ipv6 option. This overrides
proxy.local.incoming_ip_to_bind for this port.
Not compatible with: ip-in, blind
tr-out Outbound transparent. If ATS connects to an origin server for a transaction on this port, it will
use the client's address as its local address. This overrides proxy.local.outgoing_ip_to_bind for
this port.
Not compatible with: ip-out, ip-resolve
tr-pass
Transparent pass through. This option is useful only for inbound transparent proxy ports. If the
parsing of the expected HTTP header fails, then the transaction is switched to a blind tunnel
instead of generating an error response to the client. It effectively enables
proxy.config.http.use_client_target_addr for the transaction as there is no other place to obtain
the origin server address.
ip-in Set the local IP address for the port. This is the address to which clients will connect. This
forces the IP address family for the port. The ipv4 or ipv6 can be used but it is optional and is
an error for it to disagree with the IP address family of this value. An IPv6 address must be
enclosed in square brackets. If this option is omitted proxy.local.incoming_ip_to_bind is used.
Not compatible with: tr-in.
ip-out Set the local IP address for outbound connections. This is the address used by ATS locally when it
connects to an origin server for transactions on this port. If this is omitted
proxy.local.outgoing_ip_to_bind is used.
This option can used multiple times, once for each IP address family. The address used is selected
by the IP address family of the origin server address.
Not compatible with: tr-out.
ip-resolve
Set the host resolution style for transactions on this proxy port.
Not compatible with: tr-out - this option requires a value of client;none which is forced and
should not be explicitly specified.
Example
Listen on port 80 on any address for IPv4 and IPv6.:
80 80:ipv6
Example
Listen transparently on any IPv4 address on port 8080, and transparently on port 8080 on local address
fc01:10:10:1::1 (which implies ipv6).:
IPv4:tr-FULL:8080 TR-full:IP-in=[fc02:10:10:1::1]:8080
Example
Listen on port 8080 for IPv6, fully transparent. Set up an SSL port on 443. These ports will use the IP
address from proxy.local.incoming_ip_to_bind. Listen on IP address 192.168.17.1, port 80, IPv4, and
connect to origin servers using the local address 10.10.10.1 for IPv4 and fc01:10:10:1::1 for IPv6.:
8080:ipv6:tr-full 443:ssl ip-in=192.168.17.1:80:ip-out=[fc01:10:10:1::1]:ip-out=10.10.10.1
Example
Listen on port 9090 for TSL enabled SPDY or HTTP connections, accept no other session protocols.:
9090:proto=spdy;http:ssl
proxy.config.http.connect_ports
Scope CONFIG.TP Type STRING.TP Default 443 563.UNINDENT The range of origin server ports that can be
used for tunneling via CONNECT.
Traffic Server allows tunnels only to the specified ports. Supports both wildcards ('*') and
ranges ("0-1023").
NOTE:
These are the ports on the origin server, not Traffic Server proxy ports.
proxy.config.http.insert_request_via_str
Scope CONFIG.TP Type INT.TP Default 1.TP Reloadable Yes.UNINDENT Set how the Via field is handled on a
request to the origin server.
┌───────┬───────────────────────────────────────┐
│ Value │ Effect │
├───────┼───────────────────────────────────────┤
│ 0 │ Do not modify / set this via header │
├───────┼───────────────────────────────────────┤
│ 1 │ Update the via, with normal verbosity │
├───────┼───────────────────────────────────────┤
│ 2 │ Update the via, with higher verbosity │
├───────┼───────────────────────────────────────┤
│ 3 │ Update the via, with highest │
│ │ verbosity │
└───────┴───────────────────────────────────────┘
NOTE:
The Via header string can be decoded with the Via Decoder Ring.
proxy.config.http.insert_response_via_str
Scope CONFIG.TP Type INT.TP Default 0.TP Reloadable Yes.UNINDENT Set how the Via field is handled on the
response to the client.
┌───────┬───────────────────────────────────────┐
│ Value │ Effect │
├───────┼───────────────────────────────────────┤
│ 0 │ Do not modify / set this via header │
├───────┼───────────────────────────────────────┤
│ 1 │ Update the via, with normal verbosity │
├───────┼───────────────────────────────────────┤
│ 2 │ Update the via, with higher verbosity │
├───────┼───────────────────────────────────────┤
│ 3 │ Update the via, with highest │
│ │ verbosity │
└───────┴───────────────────────────────────────┘
NOTE:
The Via header string can be decoded with the Via Decoder Ring.
proxy.config.http.send_100_continue_response
Scope CONFIG.TP Type INT.TP Default 0.TP Reloadable Yes.UNINDENT You can specify one of the following:
• 0 ATS buffer the request until the post body has been recieved and then send the request to origin.
• 1 immediately return a 100 Continue from ATS without waiting for the post body
proxy.config.http.response_server_enabled
Scope CONFIG.TP Type INT.TP Default 1.TP Reloadable Yes.UNINDENT You can specify one of the following:
• 0 no Server: header is added to the response.
• 1 the Server: header is added (see string below).
• 2 the Server: header is added only if the response from origin does not have one already.
proxy.config.http.insert_age_in_response
Scope CONFIG.TP Type INT.TP Default 1.TP Reloadable Yes.UNINDENT This option specifies whether Traffic
Server should insert an Age header in the response. The Age field value is the cache's estimate of
the amount of time since the response was generated or revalidated by the origin server.
• 0 no Age header is added
• 1 the Age header is added
proxy.config.http.response_server_str
Scope CONFIG.TP Type STRING.TP Default ATS/.TP Reloadable Yes.UNINDENT The Server: string that ATS will
insert in a response header (if requested, see above). Note that the current version number is
always appended to this string.
proxy.config.http.enable_url_expandomatic
Scope CONFIG.TP Type INT.TP Default 0.TP Reloadable Yes.UNINDENT Enables (1) or disables (0) .com domain
expansion. This configures the Traffic Server to resolve unqualified hostnames by prepending with
www. and appending with .com before redirecting to the expanded address. For example: if a client
makes a request to host, then Traffic Server redirects the request to www.host.com.
proxy.config.http.chunking_enabled
Scope CONFIG.TP Type INT.TP Default 1.TP Reloadable Yes.UNINDENT Specifies whether Traffic Sever can
generate a chunked response:
• 0 Never
• 1 Always
• 2 Generate a chunked response if the server has returned HTTP/1.1 before
• 3 = Generate a chunked response if the client request is HTTP/1.1 and the origin server has returned
HTTP/1.1 before
NOTE:
If HTTP/1.1 is used, then Traffic Server can use keep-alive connections with pipelining to origin
servers. If HTTP/0.9 is used, then Traffic Server does not use keep-alive connections to origin
servers. If HTTP/1.0 is used, then Traffic Server can use keep-alive connections without pipelining to
origin servers.
proxy.config.http.send_http11_requests
Scope CONFIG.TP Type INT.TP Default 1.TP Reloadable Yes.UNINDENT Specifies when and how Traffic Sever
uses HTTP/1.1 to communicate with the origin server
• 0 Never
• 1 Always
• 2 If the server has returned HTTP/1.1 before
• 3 If the client request is HTTP/1.1 and the server has returned HTTP/1.1 before
NOTE:
If proxy.config.http.use_client_target_addr is set to 1, options 2 and 3 cause the proxy to use the
client HTTP version for upstream requests.
proxy.config.http.share_server_sessions
Scope CONFIG.TP Type INT.TP Default 2.TP Deprecated Yes.UNINDENT Enables (1) or disables (0) the reuse
of server sessions. The default (2) is similar to enabled, except it creates a server session pool
per network thread. This has the best performance characteristics. Note that setting this
parameter to (2) will not work correctly unless the dedicated SSL threads are disabled (‐
proxy.config.ssl.number.threads is set to (-1)).
proxy.config.http.auth_server_session_private
Scope CONFIG.TP Type INT.TP Default 1.UNINDENT If enabled (1) anytime a request contains a
(Authorization), (Proxy-Authorization) or (Www-Authenticate) header the connection will be closed
and not reused. This marks the connection as private. When disabled (0) the connection will be
available for reuse.
proxy.config.http.server_session_sharing.match
Scope CONFIG.TP Type STRING.TP Default both.UNINDENT Enable and set the ability to re-use server
connections across client connections. The valid values are
none Do not match, do not re-use server sessions.
ip Re-use server sessions, check only that the IP address and port of the origin server matches.
host Re-use server sessions, check only that the fully qualified domain name matches.
both Re-use server sessions, but only if the IP address and fully qualified domain name match.
It is strongly recommended to use either none or both for this value unless you have a specific need to
use ip or host. The most common reason is virtual hosts that share an IP address in which case
performance can be enhanced if those sessions can be re-used. However, not all web servers support
requests for different virtual hosts on the same connection so use with caution.
proxy.config.http.server_session_sharing.pool
Scope CONFIG.TP Type STRING.TP Default thread.UNINDENT Control the scope of server session re-use if it
is enabled by proxy.config.http.server_session_sharing.match. The valid values are
global Re-use sessions from a global pool of all server sessions.
thread Re-use sessions from a per-thread pool.
proxy.config.http.attach_server_session_to_client
Scope CONFIG.TP Type INT.TP Default 0.UNINDENT Control the re-use of an server session by a user agent
(client) session.
If a user agent performs more than one HTTP transaction on its connection to Traffic Server a
server session must be obtained for the second (and subsequent) transaction as for the first. This
settings affects how that server session is selected.
If this setting is 0 then after the first transaction the server session for that transaction is
released to the server pool (if any). When a server session is needed for subsequent transactions
one is selected from the server pool or created if there is no suitable server session in the
pool.
If this setting is not 0 then the current server session for the user agent session is "sticky".
It will be preferred to any other server session (either from the pool or newly created). The
server session will be detached from the user agent session only if it cannot be used for the
transaction. This is determined by the proxy.config.http.server_session_sharing.match value. If
the server session matches the next transaction according to this setting then it will be used,
otherwise it will be released to the pool and a different session selected or created.
proxy.config.http.record_heartbeat
Scope CONFIG.TP Type INT.TP Default 0.TP Reloadable Yes.UNINDENT Enables (1) or disables (0) traffic_cop
heartbeat logging.
proxy.config.http.use_client_target_addr
Scope CONFIG.TP Type INT.TP Default 0.UNINDENT For fully transparent ports use the same origin server
address as the client.
This option causes Traffic Server to avoid where possible doing DNS lookups in forward transparent
proxy mode. The option is only effective if the following three conditions are true -
• Traffic Server is in forward proxy mode.
• The proxy port is inbound transparent.
• The target URL has not been modified by either remapping or a plugin.
If any of these conditions are not true, then normal DNS processing is done for the connection.
There are three valid values. * 0 - Disables the feature. * 1 - Enables the feature with address
verification. The Proxy does the regular DNS processing. If the client-specified origin address is not
in the set of addresses found by the Proxy, the request continues to the client specified address, but
the result is not cached. * 2 - Enables the feature with no address verification. No DNS processing is
performed. The result is cached (if allowed otherwise). This option is vulnerable to cache poisoning if
an incorrect Host header is specified, so this option should be used with extreme caution. See bug
TS-2954 for details.
If all of these conditions are met, then the origin server IP address is retrieved from the original
client connection, rather than through HostDB or DNS lookup. In effect, client DNS resolution is used
instead of Traffic Server DNS.
This can be used to be a little more efficient (looking up the target once by the client rather than by
both the client and Traffic Server) but the primary use is when client DNS resolution can differ from
that of Traffic Server. Two known uses cases are:
1. Embedded IP addresses in a protocol with DNS load sharing. In this case, even though Traffic Server
and the client both make the same request to the same DNS resolver chain, they may get different
origin server addresses. If the address is embedded in the protocol then the overall exchange will
fail. One current example is Microsoft Windows update, which presumably embeds the address as a
security measure.
2. The client has access to local DNS zone information which is not available to Traffic Server. There
are corporate nets with local DNS information for internal servers which, by design, is not propagated
outside the core corporate network. Depending a network topology it can be the case that Traffic
Server can access the servers by IP address but cannot resolve such addresses by name. In such as case
the client supplied target address must be used.
This solution must be considered interim. In the longer term, it should be possible to arrange for much
finer grained control of DNS lookup so that wildcard domain can be set to use Traffic Server or client
resolution. In both known use cases, marking specific domains as client determined (rather than a single
global switch) would suffice. It is possible to do this crudely with this flag by enabling it and then
use identity URL mappings to re-disable it for specific domains.
proxy.config.http.keep_alive_enabled_in
Scope CONFIG.TP Type INT.TP Default 1.UNINDENT Enables (1) or disables (0) incoming keep-alive
connections.
proxy.config.http.keep_alive_enabled_out
Scope CONFIG.TP Type INT.TP Default 1.UNINDENT
Enables (1) or disables (0) outgoing keep-alive connections.
NOTE:
Enabling keep-alive does not automatically enable purging of keep-alive requests when nearing the
connection limit, that is controlled by proxy.config.http.server_max_connections.
proxy.config.http.keep_alive_post_out
Scope CONFIG.TP Type INT.TP Default 1.UNINDENT Controls wether new POST requests re-use keep-alive
sessions (1) or create new connections per request (0).
proxy.config.http.send_408_post_timeout_response
Scope CONFIG.TP Type INT.TP Default 0.UNINDENT Controls wether POST timeout sends a HTTP status 408
response (1)
proxy.config.http.disallow_post_100_continue
Scope CONFIG.TP Type INT.TP Default 0.UNINDENT Allows you to return a 405 Method Not Supported with
Posts also containing an Expect: 100-continue.
When a Post w/ Expect: 100-continue is blocked the stat
proxy.process.http.disallowed_post_100_continue will be incremented.
PARENT PROXY CONFIGURATION
proxy.config.http.parent_proxy_routing_enable
Scope CONFIG.TP Type INT.TP Default 0.TP Reloadable Yes.UNINDENT Enables (1) or disables (0) the parent
caching option. Refer to hierarchical-caching.
proxy.config.http.parent_proxy.retry_time
Scope CONFIG.TP Type INT.TP Default 300.TP Reloadable Yes.UNINDENT The amount of time allowed between
connection retries to a parent cache that is unavailable.
proxy.config.http.parent_proxy.fail_threshold
Scope CONFIG.TP Type INT.TP Default 10.TP Reloadable Yes.UNINDENT The number of times the connection to
the parent cache can fail before Traffic Server considers the parent unavailable.
proxy.config.http.parent_proxy.total_connect_attempts
Scope CONFIG.TP Type INT.TP Default 4.TP Reloadable Yes.UNINDENT The total number of connection attempts
allowed to a parent cache before Traffic Server bypasses the parent or fails the request
(depending on the go_direct option in the parent.config file).
proxy.config.http.parent_proxy.per_parent_connect_attempts
Scope CONFIG.TP Type INT.TP Default 2.TP Reloadable Yes.UNINDENT The total number of connection attempts
allowed per parent, if multiple parents are used.
proxy.config.http.parent_proxy.connect_attempts_timeout
Scope CONFIG.TP Type INT.TP Default 30.TP Reloadable Yes.UNINDENT The timeout value (in seconds) for
parent cache connection attempts.
proxy.config.http.forward.proxy_auth_to_parent
Scope CONFIG.TP Type INT.TP Default 0.TP Reloadable Yes.UNINDENT Configures Traffic Server to send proxy
authentication headers on to the parent cache.
proxy.config.http.no_dns_just_forward_to_parent
Scope CONFIG.TP Type INT.TP Default 0.TP Reloadable Yes.UNINDENT Don't try to resolve DNS, forward all
DNS requests to the parent. This is off (0) by default.
HTTP CONNECTION TIMEOUTS
proxy.config.http.keep_alive_no_activity_timeout_in
Scope CONFIG.TP Type INT.TP Default 115.TP Reloadable Yes.UNINDENT Specifies how long Traffic Server
keeps connections to clients open for a subsequent request after a transaction ends. A value of 0
will disable the no activity timeout.
proxy.config.http.keep_alive_no_activity_timeout_out
Scope CONFIG.TP Type INT.TP Default 120.TP Reloadable Yes.UNINDENT Specifies how long Traffic Server
keeps connections to origin servers open for a subsequent transfer of data after a transaction
ends. A value of 0 will disable the no activity timeout.
proxy.config.http.transaction_no_activity_timeout_in
Scope CONFIG.TP Type INT.TP Default 30.TP Reloadable Yes.UNINDENT Specifies how long Traffic Server
keeps connections to clients open if a transaction stalls.
proxy.config.http.transaction_no_activity_timeout_out
Scope CONFIG.TP Type INT.TP Default 30.TP Reloadable Yes.UNINDENT Specifies how long Traffic Server
keeps connections to origin servers open if the transaction stalls.
proxy.config.http.transaction_active_timeout_in
Scope CONFIG.TP Type INT.TP Default 900.TP Reloadable Yes.UNINDENT The maximum amount of time Traffic
Server can remain connected to a client. If the transfer to the client is not complete before this
timeout expires, then Traffic Server closes the connection.
The value of 0 specifies that there is no timeout.
proxy.config.http.transaction_active_timeout_out
Scope CONFIG.TP Type INT.TP Default 0.TP Reloadable Yes.UNINDENT The maximum amount of time Traffic
Server waits for fulfillment of a connection request to an origin server. If Traffic Server does
not complete the transfer to the origin server before this timeout expires, then Traffic Server
terminates the connection request.
The default value of 0 specifies that there is no timeout.
proxy.config.http.accept_no_activity_timeout
Scope CONFIG.TP Type INT.TP Default 120.TP Reloadable Yes.UNINDENT The timeout interval in seconds
before Traffic Server closes a connection that has no activity.
proxy.config.http.background_fill_active_timeout
Scope CONFIG.TP Type INT.TP Default 0.TP Reloadable Yes.UNINDENT Specifies how long Traffic Server
continues a background fill before giving up and dropping the origin server connection.
proxy.config.http.background_fill_completed_threshold
Scope CONFIG.TP Type FLOAT.TP Default 0.0.TP Reloadable Yes.UNINDENT The proportion of total document
size already transferred when a client aborts at which the proxy continues fetching the document
from the origin server to get it into the cache (a background fill).
ORIGIN SERVER CONNECT ATTEMPTS
proxy.config.http.connect_attempts_max_retries
Scope CONFIG.TP Type INT.TP Default 6.TP Reloadable Yes.UNINDENT The maximum number of connection
retries Traffic Server can make when the origin server is not responding. Each retry attempt
lasts for proxy.config.http.connect_attempts_timeout seconds. Once the maximum number of retries
is reached, the origin is marked dead. After this, the setting
proxy.config.http.connect_attempts_max_retries_dead_server is used to limit the number of retry
attempts to the known dead origin.
proxy.config.http.connect_attempts_max_retries_dead_server
Scope CONFIG.TP Type INT.TP Default 3.TP Reloadable Yes.UNINDENT Maximum number of connection retries
Traffic Server can make while an origin is marked dead. Typically this value is smaller than
proxy.config.http.connect_attempts_max_retries so an error is returned to the client faster and
also to reduce the load on the dead origin. The timeout interval
proxy.config.http.connect_attempts_timeout in seconds is used with this setting.
proxy.config.http.server_max_connections
Scope CONFIG.TP Type INT.TP Default 0.TP Reloadable Yes.UNINDENT Limits the number of socket connections
across all origin servers to the value specified. To disable, set to zero (0).
NOTE:
This value is used in determining when and if to prune active origin sessions. Without this value set
connections to origins can consume all the way up to ts:cv:proxy.config.net.connections_throttle
connections, which in turn can starve incoming requests from available connections.
proxy.config.http.origin_max_connections
Scope CONFIG.TP Type INT.TP Default 0.TP Reloadable Yes.UNINDENT Limits the number of socket connections
per origin server to the value specified. To enable, set to one (1).
proxy.config.http.origin_min_keep_alive_connections
Scope CONFIG.TP Type INT.TP Default 0.TP Reloadable Yes.UNINDENT As connection to an origin server are
opened, keep at least 'n' number of connections open to that origin, even if the connection isn't
used for a long time period. Useful when the origin supports keep-alive, removing the time needed
to set up a new connection from the next request at the expense of added (inactive) connections.
To enable, set to one (1).
proxy.config.http.connect_attempts_rr_retries
Scope CONFIG.TP Type INT.TP Default 3.TP Reloadable Yes.UNINDENT The maximum number of failed connection
attempts allowed before a round-robin entry is marked as 'down' if a server has round-robin DNS
entries.
proxy.config.http.connect_attempts_timeout
Scope CONFIG.TP Type INT.TP Default 30.TP Reloadable Yes.UNINDENT The timeout value (in seconds) for
time to first byte for an origin server connection.
proxy.config.http.post_connect_attempts_timeout
Scope CONFIG.TP Type INT.TP Default 1800.TP Reloadable Yes.UNINDENT The timeout value (in seconds) for
an origin server connection when the client request is a POST or PUT request.
proxy.config.http.down_server.cache_time
Scope CONFIG.TP Type INT.TP Default 300.TP Reloadable Yes.UNINDENT Specifies how long (in seconds)
Traffic Server remembers that an origin server was unreachable.
proxy.config.http.down_server.abort_threshold
Scope CONFIG.TP Type INT.TP Default 10.TP Reloadable Yes.UNINDENT The number of seconds before Traffic
Server marks an origin server as unavailable after a client abandons a request because the origin
server was too slow in sending the response header.
proxy.config.http.uncacheable_requests_bypass_parent
Scope CONFIG.TP Type INT.TP Default 1.UNINDENT When enabled (1), Traffic Server bypasses the parent
proxy for a request that is not cacheable.
CONGESTION CONTROL
proxy.config.http.congestion_control.enabled
Scope CONFIG.TP Type INT.TP Default 0.UNINDENT Enables (1) or disables (0) the Congestion Control
option, which configures Traffic Server to stop forwarding HTTP requests to origin servers when
they become congested. Traffic Server sends the client a message to retry the congested origin
server later. Refer to using-congestion-control.
proxy.config.http.flow_control.enabled
Scope CONFIG.TP Type INT.TP Default 0.UNINDENT Transaction buffering / flow control is enabled if this
is set to a non-zero value. Otherwise no flow control is done.
proxy.config.http.flow_control.high_water
Scope CONFIG.TP Type INT.TP Default 0.TP Metric bytes.UNINDENT The high water mark for transaction
buffer control. External source I/O is halted when the total buffer space in use by the
transaction exceeds this value.
proxy.config.http.flow_control.low_water
Scope CONFIG.TP Type INT.TP Default 0.TP Metric bytes.UNINDENT The low water mark for transaction buffer
control. External source I/O is resumed when the total buffer space in use by the transaction is
no more than this value.
NEGATIVE RESPONSE CACHING
proxy.config.http.negative_caching_enabled
Scope CONFIG.TP Type INT.TP Default 0.TP Reloadable Yes.UNINDENT When enabled (1), Traffic Server caches
negative responses (such as 404 Not Found) when a requested page does not exist. The next time a
client requests the same page, Traffic Server serves the negative response directly from cache.
When disabled (0) Traffic Server will only cache the response if the response has Cache-Control
headers.
NOTE:
The following negative responses are cached by Traffic Server::
204 No Content
305 Use Proxy
400 Bad Request
403 Forbidden
404 Not Found
405 Method Not Allowed
500 Internal Server Error
501 Not Implemented
502 Bad Gateway
503 Service Unavailable
504 Gateway Timeout
The cache lifetime for objects cached from this setting is controlled via
proxy.config.http.negative_caching_lifetime.
proxy.config.http.negative_caching_lifetime
Scope CONFIG.TP Type INT.TP Default 1800.UNINDENT How long (in seconds) Traffic Server keeps the
negative responses valid in cache. This value only affects negative responses that do have
explicit Expires: or Cache-Control: lifetimes set by the server.
PROXY USER VARIABLES
proxy.config.http.anonymize_remove_from
Scope CONFIG.TP Type INT.TP Default 0.TP Reloadable Yes.UNINDENT When enabled (1), Traffic Server
removes the From header to protect the privacy of your users.
proxy.config.http.anonymize_remove_referer
Scope CONFIG.TP Type INT.TP Default 0.TP Reloadable Yes.UNINDENT When enabled (1), Traffic Server
removes the Referrer header to protect the privacy of your site and users.
proxy.config.http.anonymize_remove_user_agent
Scope CONFIG.TP Type INT.TP Default 0.TP Reloadable Yes.UNINDENT When enabled (1), Traffic Server
removes the User-agent header to protect the privacy of your site and users.
proxy.config.http.anonymize_remove_cookie
Scope CONFIG.TP Type INT.TP Default 0.TP Reloadable Yes.UNINDENT When enabled (1), Traffic Server
removes the Cookie header to protect the privacy of your site and users.
proxy.config.http.anonymize_remove_client_ip
Scope CONFIG.TP Type INT.TP Default 0.TP Reloadable Yes.UNINDENT When enabled (1), Traffic Server
removes Client-IP headers for more privacy.
proxy.config.http.anonymize_insert_client_ip
Scope CONFIG.TP Type INT.TP Default 1.TP Reloadable Yes.UNINDENT When enabled (1), Traffic Server
inserts Client-IP headers to retain the client IP address.
proxy.config.http.anonymize_other_header_list
Scope CONFIG.TP Type STRING.TP Default NULL.TP Reloadable Yes.UNINDENT Comma separated list of headers
Traffic Server should remove from outgoing requests.
proxy.config.http.insert_squid_x_forwarded_for
Scope CONFIG.TP Type INT.TP Default 1.TP Reloadable Yes.UNINDENT When enabled (1), Traffic Server adds
the client IP address to the X-Forwarded-For header.
proxy.config.http.normalize_ae_gzip
Scope CONFIG.TP Type INT.TP Default 1.TP Reloadable Yes.UNINDENT Enable (1) to normalize all
Accept-Encoding: headers to one of the following:
• Accept-Encoding: gzip (if the header has gzip or x-gzip with any q) OR
• blank (for any header that does not include gzip)
This is useful for minimizing cached alternates of documents (e.g. gzip, deflate vs. deflate, gzip).
Enabling this option is recommended if your origin servers use no encodings other than gzip.
SECURITY
proxy.config.http.push_method_enabled
Scope CONFIG.TP Type INT.TP Default 0.TP Reloadable Yes.UNINDENT Enables (1) or disables (0) the HTTP
PUSH option, which allows you to deliver content directly to the cache without a user request.
IMPORTANT:
If you enable this option, then you must also specify a filtering rule in the ip_allow.config file to
allow only certain machines to push content into the cache.
CACHE CONTROL
proxy.config.cache.enable_read_while_writer
Scope CONFIG.TP Type INT.TP Default 1.TP Reloadable Yes.UNINDENT Specifies when to enable the ability to
read a cached object while another connection is completing the write to cache for that same
object. The goal here is to avoid multiple origin connections for the same cacheable object upon a
cache miss. The possible values of this config are:
• 0 = never read while writing
• 1 = always read while writing
• 2 = always read while writing, but allow non-cached Range requests through to the origin
The 2 option is useful to avoid delaying requests which can not easily be satisfied by the partially
written response.
Several other configuration values need to be set for this to be usable. See Reducing Origin Server
Requests.
proxy.config.cache.force_sector_size
Scope CONFIG.TP Type INT.TP Default 0.TP Reloadable Yes.UNINDENT Forces the use of a specific hardware
sector size (512 - 8192 bytes).
proxy.config.http.cache.http
Scope CONFIG.TP Type INT.TP Default 1.TP Reloadable Yes.UNINDENT Enables (1) or disables (0) caching of
HTTP requests.
proxy.config.http.cache.allow_empty_doc
Scope CONFIG.TP Type INT.TP Default 1.TP Reloadable Yes.UNINDENT Enables (1) or disables (0) caching
objects that have an empty response body. This is particularly useful for caching 301 or 302
responses with a Location header but no document body. This only works if the origin response also
has a Content-Length header.
proxy.config.http.cache.ignore_client_no_cache
Scope CONFIG.TP Type INT.TP Default 1.TP Reloadable Yes.UNINDENT When enabled (1), Traffic Server
ignores client requests to bypass the cache.
proxy.config.http.cache.ims_on_client_no_cache
Scope CONFIG.TP Type INT.TP Default 1.TP Reloadable Yes.UNINDENT When enabled (1), Traffic Server issues
a conditional request to the origin server if an incoming request has a No-Cache header.
proxy.config.http.cache.ignore_server_no_cache
Scope CONFIG.TP Type INT.TP Default 0.TP Reloadable Yes.UNINDENT When enabled (1), Traffic Server
ignores origin server requests to bypass the cache.
proxy.config.http.cache.cache_responses_to_cookies
Scope CONFIG.TP Type INT.TP Default 1.TP Reloadable Yes.UNINDENT Specifies how cookies are cached:
• 0 = do not cache any responses to cookies
• 1 = cache for any content-type
• 2 = cache only for image types
• 3 = cache for all but text content-types
proxy.config.http.cache.ignore_authentication
Scope CONFIG.TP Type INT.TP Default 0.UNINDENT When enabled (1), Traffic Server ignores
WWW-Authentication headers in responses WWW-Authentication headers are removed and not cached.
proxy.config.http.cache.cache_urls_that_look_dynamic
Scope CONFIG.TP Type INT.TP Default 1.TP Reloadable Yes.UNINDENT Enables (1) or disables (0) caching of
URLs that look dynamic, i.e.: URLs that end in ``.asp`` or contain a question mark (``?``), a
semicolon (``;``), or ``cgi``. For a full list, please refer to HttpTransact::url_looks_dynamic
proxy.config.http.cache.enable_default_vary_headers
Scope CONFIG.TP Type INT.TP Default 0.TP Reloadable Yes.UNINDENT Enables (1) or disables (0) caching of
alternate versions of HTTP objects that do not contain the Vary header.
proxy.config.http.cache.when_to_revalidate
Scope CONFIG.TP Type INT.TP Default 0.TP Reloadable Yes.UNINDENT Specifies when to revalidate content:
• 0 = use cache directives or heuristic (the default value)
• 1 = stale if heuristic
• 2 = always stale (always revalidate)
• 3 = never stale
•
4 = use cache directives or heuristic (0) unless the request
has an If-Modified-Since header
If the request contains the If-Modified-Since header, then Traffic Server always revalidates the cached
content and uses the client's If-Modified-Since header for the proxy request.
proxy.config.http.cache.required_headers
Scope CONFIG.TP Type INT.TP Default 2.TP Reloadable Yes.UNINDENT The type of headers required in a
request for the request to be cacheable.
• 0 = no headers required to make document cacheable
• 1 = either the Last-Modified header, or an explicit lifetime header, Expires or Cache-Control: max-age,
is required
• 2 = explicit lifetime is required, Expires or Cache-Control: max-age
proxy.config.http.cache.max_stale_age
Scope CONFIG.TP Type INT.TP Default 604800.TP Reloadable Yes.UNINDENT The maximum age allowed for a
stale response before it cannot be cached.
proxy.config.http.cache.range.lookup
Scope CONFIG.TP Type INT.TP Default 1.UNINDENT When enabled (1), Traffic Server looks up range requests
in the cache.
proxy.config.http.cache.range.write
Scope CONFIG.TP Type INT.TP Default 0.UNINDENT When enabled (1), Traffic Server will attempt to write
(lock) the URL to cache. This is rarely useful (at the moment), since it'll only be able to write
to cache if the origin has ignored the Range:` header. For a use case where you know the origin
will respond with a full (``200) response, you can turn this on to allow it to be cached.
proxy.config.http.cache.ignore_accept_mismatch
Scope CONFIG.TP Type INT.TP Default 2.TP Reloadable Yes.UNINDENT When enabled with a value of 1, Traffic
Server serves documents from cache with a Content-Type: header even if it does not match the
Accept: header of the request. If set to 2 (default), this logic only happens in the absence of a
Vary header in the cached response (which is the recommended and safe use).
NOTE:
This option should only be enabled with 1 if you're having problems with caching and you origin server
doesn't set the Vary header. Alternatively, if the origin is incorrectly setting Vary: Accept or
doesn't respond with 406 (Not Acceptable), you can also enable this configuration with a 1.
proxy.config.http.cache.ignore_accept_language_mismatch
Scope CONFIG.TP Type INT.TP Default 2.TP Reloadable Yes.UNINDENT When enabled with a value of 1, Traffic
Server serves documents from cache with a Content-Language: header even if it does not match the
Accept-Language: header of the request. If set to 2 (default), this logic only happens in the
absence of a Vary header in the cached response (which is the recommended and safe use).
NOTE:
This option should only be enabled with 1 if you're having problems with caching and you origin server
doesn't set the Vary header. Alternatively, if the origin is incorrectly setting Vary: Accept-Language
or doesn't respond with 406 (Not Acceptable), you can also enable this configuration with a 1.
proxy.config.http.cache.ignore_accept_encoding_mismatch
Scope CONFIG.TP Type INT.TP Default 2.TP Reloadable Yes.UNINDENT When enabled with a value of 1, Traffic
Server serves documents from cache with a Content-Encoding: header even if it does not match the
Accept-Encoding: header of the request. If set to 2 (default), this logic only happens in the
absence of a Vary header in the cached response (which is the recommended and safe use).
NOTE:
This option should only be enabled with 1 if you're having problems with caching and you origin server
doesn't set the Vary header. Alternatively, if the origin is incorrectly setting Vary: Accept-Encoding
or doesn't respond with 406 (Not Acceptable) you can also enable this configuration with a 1.
proxy.config.http.cache.ignore_accept_charset_mismatch
Scope CONFIG.TP Type INT.TP Default 2.TP Reloadable Yes.UNINDENT When enabled with a value of 1, Traffic
Server serves documents from cache with a Content-Type: header even if it does not match the
Accept-Charset: header of the request. If set to 2 (default), this logic only happens in the
absence of a Vary header in the cached response (which is the recommended and safe use).
NOTE:
This option should only be enabled with 1 if you're having problems with caching and you origin server
doesn't set the Vary header. Alternatively, if the origin is incorrectly setting Vary: Accept-Charset
or doesn't respond with 406 (Not Acceptable), you can also enable this configuration with a 1.
proxy.config.http.cache.ignore_client_cc_max_age
Scope CONFIG.TP Type INT.TP Default 1.TP Reloadable Yes.UNINDENT When enabled (1), Traffic Server
ignores any Cache-Control: max-age headers from the client. This technically violates the HTTP
RFC, but avoids a problem where a client can forcefully invalidate a cached object.
proxy.config.cache.max_doc_size
Scope CONFIG.TP Type INT.TP Default 0.UNINDENT Specifies the maximum object size that will be cached. 0
is unlimited.
proxy.config.cache.permit.pinning
Scope CONFIG.TP Type INT.TP Default 1.TP Reloadable Yes.UNINDENT When enabled (1), Traffic Server will
keep certain HTTP objects in the cache for a certain time as specified in cache.config.
proxy.config.cache.hit_evacuate_percent
Scope CONFIG.TP Type INT.TP Default 0.UNINDENT The size of the region (as a percentage of the total
content storage in a cache stripe) in front of the write cursor that constitutes a recent access
hit for evacutating the accessed object.
When an object is accessed it can be marked for evacuation, that is to be copied over the write
cursor and thereby preserved from being overwritten. This is done if it is no more than a specific
number of bytes in front of the write cursor. The number of bytes is a percentage of the total
number of bytes of content storage in the cache stripe where the object is stored and that
percentage is set by this variable.
By default, the feature is off (set to 0).
proxy.config.cache.hit_evacuate_size_limit
Scope CONFIG.TP Type INT.TP Default 0.TP Metric bytes.UNINDENT Limit the size of objects that are hit
evacuated.
Objects larger than the limit are not hit evacuated. A value of 0 disables the limit.
proxy.config.cache.limits.http.max_alts
Scope CONFIG.TP Type INT.TP Default 5.UNINDENT The maximum number of alternates that are allowed for any
given URL. Disable by setting to 0.
proxy.config.cache.target_fragment_size
Scope CONFIG.TP Type INT.TP Default 1048576.UNINDENT Sets the target size of a contiguous fragment of a
file in the disk cache. When setting this, consider that larger numbers could waste memory on
slow connections, but smaller numbers could increase (waste) seeks.
RAM CACHE
proxy.config.cache.ram_cache.size
Scope CONFIG.TP Type INT.TP Default -1.UNINDENT By default the RAM cache size is automatically
determined, based on disk cache size; approximately 10 MB of RAM cache per GB of disk cache.
Alternatively, it can be set to a fixed value such as 20GB (21474836480)
proxy.config.cache.ram_cache_cutoff
Scope CONFIG.TP Type INT.TP Default 4194304.UNINDENT Objects greater than this size will not be kept in
the RAM cache. This should be set high enough to keep objects accessed frequently in memory in
order to improve performance. 4MB (4194304)
proxy.config.cache.ram_cache.algorithm
Scope CONFIG.TP Type INT.TP Default 0.UNINDENT Two distinct RAM caches are supported, the default (0)
being the CLFUS (Clocked Least Frequently Used by Size). As an alternative, a simpler LRU (Least
Recently Used) cache is also available, by changing this configuration to 1.
proxy.config.cache.ram_cache.use_seen_filter
Scope CONFIG.TP Type INT.TP Default 0.UNINDENT Enabling this option will filter inserts into the RAM
cache to ensure that they have been seen at least once. For the LRU, this provides scan
resistance. Note that CLFUS already requires that a document have history before it is inserted,
so for CLFUS, setting this option means that a document must be seen three times before it is
added to the RAM cache.
proxy.config.cache.ram_cache.compress
Scope CONFIG.TP Type INT.TP Default 0.UNINDENT The CLFUS RAM cache also supports an optional in-memory
compression. This is not to be confused with Content-Encoding: gzip compression. The RAM cache
compression is intended to try to save space in the RAM, and is not visible to the User-Agent
(client).
Possible values are:
• 0 = no compression
• 1 = fastlz (extremely fast, relatively low compression)
• 2 = libz (moderate speed, reasonable compression)
• 3 = liblzma (very slow, high compression)
NOTE:
Compression runs on task threads. To use more cores for RAM cache compression, increase
proxy.config.task_threads.
HEURISTIC EXPIRATION
proxy.config.http.cache.heuristic_min_lifetime
Scope CONFIG.TP Type INT.TP Default 3600.TP Reloadable Yes.UNINDENT The minimum amount of time an HTTP
object without an expiration date can remain fresh in the cache before is considered to be stale.
proxy.config.http.cache.heuristic_max_lifetime
Scope CONFIG.TP Type INT.TP Default 86400.TP Reloadable Yes.UNINDENT The maximum amount of time an HTTP
object without an expiration date can remain fresh in the cache before is considered to be stale.
proxy.config.http.cache.heuristic_lm_factor
Scope CONFIG.TP Type FLOAT.TP Default 0.10.TP Reloadable Yes.UNINDENT The aging factor for freshness
computations. Traffic Server stores an object for this percentage of the time that elapsed since
it last changed.
proxy.config.http.cache.fuzz.time
Scope CONFIG.TP Type INT.TP Default 240.TP Reloadable Yes.UNINDENT How often Traffic Server checks for
an early refresh, during the period before the document stale time. The interval specified must be
in seconds. See fuzzy-revalidation
proxy.config.http.cache.fuzz.probability
Scope CONFIG.TP Type FLOAT.TP Default 0.005.TP Reloadable Yes.UNINDENT The probability that a refresh is
made on a document during the specified fuzz time.
proxy.config.http.cache.fuzz.min_time
Scope CONFIG.TP Type INT.TP Default 0.TP Reloadable Yes.UNINDENT Handles requests with a TTL less than
fuzz.time – it allows for different times to evaluate the probability of revalidation for small
TTLs and big TTLs. Objects with small TTLs will start "rolling the revalidation dice" near the
fuzz.min_time, while objects with large TTLs would start at fuzz.time. A logarithmic like function
between determines the revalidation evaluation start time (which will be between fuzz.min_time and
fuzz.time). As the object gets closer to expiring, the window start becomes more likely. By
default this setting is not enabled, but should be enabled anytime you have objects with small
TTLs. The default value is 0.
DYNAMIC CONTENT & CONTENT NEGOTIATION
proxy.config.http.cache.vary_default_text
Scope CONFIG.TP Type STRING.TP Default NULL.TP Reloadable Yes.UNINDENT The header on which Traffic
Server varies for text documents.
For example: if you specify User-agent, then Traffic Server caches all the different user-agent
versions of documents it encounters.
proxy.config.http.cache.vary_default_images
Scope CONFIG.TP Type STRING.TP Default NULL.TP Reloadable Yes.UNINDENT The header on which Traffic
Server varies for images.
proxy.config.http.cache.vary_default_other
Scope CONFIG.TP Type STRING.TP Default NULL.TP Reloadable Yes.UNINDENT The header on which Traffic
Server varies for anything other than text and images.
CUSTOMIZABLE USER RESPONSE PAGES
proxy.config.body_factory.enable_customizations
Scope CONFIG.TP Type INT.TP Default 1.UNINDENT Specifies whether customizable response pages are
language specific or not:
• 1 = enable customizable user response pages in the default directory only
• 2 = enable language-targeted user response pages
proxy.config.body_factory.enable_logging
Scope CONFIG.TP Type INT.TP Default 0.UNINDENT Enables (1) or disables (0) logging for customizable
response pages. When enabled, Traffic Server records a message in the error log each time a
customized response page is used or modified.
proxy.config.body_factory.template_sets_dir
Scope CONFIG.TP Type STRING.TP Default etc/trafficserver/body_factory.UNINDENT The customizable response
page default directory. If this is a relative path, Traffic Server resolves it relative to the
PREFIX directory.
proxy.config.body_factory.response_suppression_mode
Scope CONFIG.TP Type INT.TP Default 0.UNINDENT Specifies when Traffic Server suppresses generated
response pages:
• 0 = never suppress generated response pages
• 1 = always suppress generated response pages
• 2 = suppress response pages only for intercepted traffic
proxy.config.http_ui_enabled
Scope CONFIG.TP Type INT.TP Default 0.UNINDENT Specifies which http UI endpoints to allow within
remap.config:
• 0 = disable all http UI endpoints
• 1 = enable only cache endpoints
• 2 = enable only stats endpoints
• 3 = enable all http UI endpoints
To enable any enpoint there needs to be an entry in remap.config which specifically enables it. Such a
line would look like:
map / http://{stat}
The following are the cache endpoints:
• cache = UI to interact with the cache
The following are the stats endpoints:
• cache-internal = statistics about cache evacuation and volumes
• hostdb = lookups against the hostdb
• http = HTTPSM details, this endpoint is also gated by proxy.config.http.enable_http_info
• net = lookup and listing of open connections
• stat = list of all records.config options and metrics
• test = test callback page
proxy.config.http.enable_http_info
Scope CONFIG.TP Type INT.TP Default 0.UNINDENT Enables (1) or disables (0) access to an endpoint within
proxy.config.http_ui_enabled which shows details about inflight transactions (HttpSM).
DNS
proxy.config.dns.search_default_domains
Scope CONFIG.TP Type INT.TP Default 0.TP Reloadable Yes.UNINDENT Enables (1) or disables (0) local
domain expansion.
Traffic Server can attempt to resolve unqualified hostnames by expanding to the local domain. For
example if a client makes a request to an unqualified host (host_x) and the Traffic Server local
domain is y.com , then Traffic Server will expand the hostname to host_x.y.com.
proxy.config.dns.splitDNS.enabled
Scope CONFIG.TP Type INT.TP Default 0.TP Reloadable Yes.UNINDENT Enables (1) or disables (0) DNS server
selection. When enabled, Traffic Server refers to the splitdns.config file for the selection
specification. Refer to Configuring DNS Server Selection (Split DNS).
proxy.config.dns.url_expansions
Scope CONFIG.TP Type STRING.TP Default NULL.UNINDENT Specifies a list of hostname extensions that are
automatically added to the hostname after a failed lookup. For example: if you want Traffic Server
to add the hostname extension .org, then specify org as the value for this variable (Traffic
Server automatically adds the dot (.)).
NOTE:
If the variable proxy.config.http.enable_url_expandomatic is set to 1 (the default value), then you do
not have to add ``www.`` and ``.com`` to this list because Traffic Server automatically tries www. and
.com after trying the values you've specified.
proxy.config.dns.resolv_conf
Scope CONFIG.TP Type STRING.TP Default /etc/resolv.conf.UNINDENT Allows to specify which resolv.conf
file to use for finding resolvers. While the format of this file must be the same as the standard
resolv.conf file, this option allows an administrator to manage the set of resolvers in an
external configuration file, without affecting how the rest of the operating system uses DNS.
proxy.config.dns.round_robin_nameservers
Scope CONFIG.TP Type INT.TP Default 1.TP Reloadable Yes.UNINDENT Enables (1) or disables (0) DNS server
round-robin.
proxy.config.dns.nameservers
Scope CONFIG.TP Type STRING.TP Default NULL.TP Reloadable Yes.UNINDENT The DNS servers.
proxy.config.srv_enabled
Scope CONFIG.TP Type INT.TP Default 0.TP Reloadable Yes.UNINDENT Indicates whether to use SRV records
for orgin server lookup.
proxy.config.dns.dedicated_thread
Scope CONFIG.TP Type INT.TP Default 0.UNINDENT Create and dedicate a thread entirely for DNS processing.
This is probably most useful on system which do a significant number of DNS lookups, typically
forward proxies. But even on other systems, it can avoid some contention on the first worker
thread (which otherwise takes on the burden of all DNS lookups).
proxy.config.dns.validate_query_name
Scope CONFIG.TP Type INT.TP Default 0.UNINDENT When enabled (1) provides additional resilience against
DNS forgery (for instance in DNS Injection attacks), particularly in forward or transparent
proxies, but requires that the resolver populates the queries section of the response properly.
HOSTDB
proxy.config.hostdb.lookup_timeout
Scope CONFIG.TP Type INT.TP Default 120.TP Metric seconds.TP Reloadable Yes.UNINDENT Time to wait for a
DNS response in seconds.
proxy.config.hostdb.serve_stale_for
Scope CONFIG.TP Type INT.TP Default *NONE*.TP Metric seconds.TP Reloadable Yes.UNINDENT The number of
seconds for which to use a stale NS record while initiating a background fetch for the new data.
If not set then stale records are not served.
proxy.config.hostdb.storage_size
Scope CONFIG.TP Type INT.TP Default 33554432.TP Metric bytes.UNINDENT The amount of space (in bytes)
used to store hostdb. The value of this variable must be increased if you increase the size of
the proxy.config.hostdb.size variable.
proxy.config.hostdb.size
Scope CONFIG.TP Type INT.TP Default 120000.UNINDENT The maximum number of entries that can be stored in
the database.
NOTE:
For values above 200000, you must increase proxy.config.hostdb.storage_size by at least 44 bytes per
entry.
proxy.config.hostdb.ttl_mode
Scope CONFIG.TP Type INT.TP Default 0.TP Reloadable Yes.UNINDENT A host entry will eventually time out
and be discarded. This variable controls how that time is calculated. A DNS request will return a
TTL value and an internal value can be set with proxy.config.hostdb.timeout. This variable
determines which value will be used.
┌───────┬───────────────────────────────────────┐
│ Value │ TTL │
├───────┼───────────────────────────────────────┤
│ 0 │ The TTL from the DNS response. │
├───────┼───────────────────────────────────────┤
│ 1 │ The internal timeout value. │
├───────┼───────────────────────────────────────┤
│ 2 │ The smaller of the DNS and internal │
│ │ TTL values. The internal timeout │
│ │ value becomes a maximum TTL. │
├───────┼───────────────────────────────────────┤
│ 3 │ The larger of the DNS and internal │
│ │ TTL values. The internal timeout │
│ │ value become a minimum TTL. │
└───────┴───────────────────────────────────────┘
proxy.config.hostdb.timeout
Scope CONFIG.TP Type INT.TP Default 1440.TP Metric minutes.TP Reloadable Yes.UNINDENT Internal time to
live value for host DB entries, in minutes.
See proxy.config.hostdb.ttl_mode for when this value is used.
proxy.config.hostdb.strict_round_robin
Scope CONFIG.TP Type INT.TP Default 0.TP Reloadable Yes.UNINDENT Set host resolution to use strict round
robin.
When this and proxy.config.hostdb.timed_round_robin are both disabled (set to 0), Traffic Server
always uses the same origin server for the same client, for as long as the origin server is
available. Otherwise if this is set then IP address is rotated on every request. This setting
takes precedence over proxy.config.hostdb.timed_round_robin.
proxy.config.hostdb.timed_round_robin
Scope CONFIG.TP Type INT.TP Default 0.TP Reloadable Yes.UNINDENT Set host resolution to use timed round
robin.
When this and proxy.config.hostdb.strict_round_robin are both disabled (set to 0), Traffic Server
always uses the same origin server for the same client, for as long as the origin server is
available. Otherwise if this is set to N the IP address is rotated if more than N seconds have
past since the first time the current address was used.
proxy.config.hostdb.host_file.path
Scope CONFIG.TP Type STRING.TP Default /etc/hosts.UNINDENT Set the file path for an external host file.
If this is set (non-empty) then the file is presumed to be a hosts file in the standard host file
format. It is read and the entries there added to the HostDB. The file is periodically checked for
a more recent modification date in which case it is reloaded. The interval is set by the value
proxy.config.hostdb.host_file.interval.
While not technically reloadable, the value is read every time the file is to be checked so that
if changed the new value will be used on the next check and the file will be treated as modified.
proxy.config.hostdb.host_file.interval
Scope CONFIG.TP Type INT.TP Default 86400.TP Metric seconds.TP Reloadable Yes.UNINDENT Set the file
changed check timer for proxy.config.hostdb.host_file.path.
The file is checked every this many seconds to see if it has changed. If so the HostDB is updated
with the new values in the file.
proxy.config.hostdb.ip_resolve
Scope CONFIG.TP Type STRING.TP Default NULL.UNINDENT Set the host resolution style.
This is an ordered list of keywords separated by semicolons that specify how a host name is to be
resolved to an IP address. The keywords are case insensitive.
┌─────────┬───────────────────────────────────────┐
│ Keyword │ Meaning │
├─────────┼───────────────────────────────────────┤
│ ipv4 │ Resolve to an IPv4 address. │
├─────────┼───────────────────────────────────────┤
│ ipv6 │ Resolve to an IPv6 address. │
├─────────┼───────────────────────────────────────┤
│ client │ Resolve to the same family as the │
│ │ client IP address. │
├─────────┼───────────────────────────────────────┤
│ none │ Stop resolving. │
└─────────┴───────────────────────────────────────┘
The order of the keywords is critical. When a host name needs to be resolved it is resolved in
same order as the keywords. If a resolution fails, the next option in the list is tried. The
keyword none means to give up resolution entirely. The keyword list has a maximum length of three
keywords, more are never needed. By default there is an implicit ipv4;ipv6 attached to the end of
the string unless the keyword none appears.
Example
Use the incoming client family, then try IPv4 and IPv6.
client;ipv4;ipv6
Because of the implicit resolution this can also be expressed as just
client
Example
Resolve only to IPv4.
ipv4;none
Example
Resolve only to the same family as the client (do not permit cross family transactions).
client;none
This value is a global default that can be overridden by proxy.config.http.server_ports.
NOTE:
This style is used as a convenience for the administrator. During a resolution the resolution order
will be one family, then possibly the other. This is determined by changing client to ipv4 or ipv6
based on the client IP address and then removing duplicates.
IMPORTANT:
This option has no effect on outbound transparent connections The local IP address used in the
connection to the origin server is determined by the client, which forces the IP address family of the
address used for the origin server. In effect, outbound transparent connections always use a
resolution style of "client".
LOGGING CONFIGURATION
proxy.config.log.logging_enabled
Scope CONFIG.TP Type INT.TP Default 3.TP Reloadable Yes.UNINDENT Enables and disables event logging:
• 0 = logging disabled
• 1 = log errors only
• 2 = log transactions only
• 3 = full logging (errors + transactions)
Refer to working-with-log-files.
proxy.config.log.max_secs_per_buffer
Scope CONFIG.TP Type INT.TP Default 5.TP Reloadable Yes.UNINDENT The maximum amount of time before data
in the buffer is flushed to disk.
proxy.config.log.max_space_mb_for_logs
Scope CONFIG.TP Type INT.TP Default 25000.TP Metric megabytes.TP Reloadable Yes.UNINDENT The amount of
space allocated to the logging directory (in MB).
NOTE:
All files in the logging directory contribute to the space used, even if they are not log files. In
collation client mode, if there is no local disk logging, or
proxy.config.log.max_space_mb_for_orphan_logs is set to a higher value than
proxy.config.log.max_space_mb_for_logs, TS will take proxy.config.log.max_space_mb_for_orphan_logs for
maximum allowed log space.
proxy.config.log.max_space_mb_for_orphan_logs
Scope CONFIG.TP Type INT.TP Default 25.TP Metric megabytes.TP Reloadable Yes.UNINDENT The amount of
space allocated to the logging directory (in MB) if this node is acting as a collation client.
NOTE:
When max_space_mb_for_orphan_logs is take as the maximum allowed log space in the logging system, the
same rule apply to proxy.config.log.max_space_mb_for_logs also apply to
proxy.config.log.max_space_mb_for_orphan_logs, ie: All files in the logging directory contribute to
the space used, even if they are not log files. you may need to consider this when you enable full
remote logging, and bump to the same size as proxy.config.log.max_space_mb_for_logs.
proxy.config.log.max_space_mb_headroom
Scope CONFIG.TP Type INT.TP Default 1000.TP Metric megabytes.TP Reloadable Yes.UNINDENT The tolerance
for the log space limit (in megabytes). If the variable proxy.config.log.auto_delete_rolled_files
is set to 1 (enabled), then autodeletion of log files is triggered when the amount of free space
available in the logging directory is less than the value specified here.
proxy.config.log.hostname
Scope CONFIG.TP Type STRING.TP Default localhost.TP Reloadable Yes.UNINDENT The hostname of the machine
running Traffic Server.
proxy.config.log.logfile_dir
Scope CONFIG.TP Type STRING.TP Default var/log/trafficserver.TP Reloadable Yes.UNINDENT The path to the
logging directory. This can be an absolute path or a path relative to the PREFIX directory in
which Traffic Server is installed.
NOTE:
The directory you specify must already exist.
proxy.config.log.logfile_perm
Scope CONFIG.TP Type STRING.TP Default rw-r--r--.TP Reloadable Yes.UNINDENT The log file permissions.
The standard UNIX file permissions are used (owner, group, other). Permissible values are:
- no permission r read permission w write permission x execute permission
Permissions are subject to the umask settings for the Traffic Server process. This means that a
umask setting of002 will not allow write permission for others, even if specified in the
configuration file. Permissions for existing log files are not changed when the configuration is
changed.
proxy.config.log.custom_logs_enabled
Scope CONFIG.TP Type INT.TP Default 1.TP Reloadable Yes.UNINDENT Enables (1) or disables (0) custom
logging.
proxy.config.log.squid_log_enabled
Scope CONFIG.TP Type INT.TP Default 1.TP Reloadable Yes.UNINDENT Enables (1) or disables (0) the squid
log file format.
proxy.config.log.squid_log_is_ascii
Scope CONFIG.TP Type INT.TP Default 0.TP Reloadable Yes.UNINDENT The squid log file type:
• 1 = ASCII
• 0 = binary
proxy.config.log.squid_log_name
Scope CONFIG.TP Type STRING.TP Default squid.TP Reloadable Yes.UNINDENT The squid log filename.
proxy.config.log.squid_log_header
Scope CONFIG.TP Type STRING.TP Default NULL.UNINDENT The squid log file header text.
proxy.config.log.common_log_enabled
Scope CONFIG.TP Type INT.TP Default 0.TP Reloadable Yes.UNINDENT Enables (1) or disables (0) the
Netscape common log file format.
proxy.config.log.common_log_is_ascii
Scope CONFIG.TP Type INT.TP Default 1.TP Reloadable Yes.UNINDENT The Netscape common log file type:
• 1 = ASCII
• 0 = binary
proxy.config.log.common_log_name
Scope CONFIG.TP Type STRING.TP Default common.TP Reloadable Yes.UNINDENT The Netscape common log
filename.
proxy.config.log.common_log_header
Scope CONFIG.TP Type STRING.TP Default NULL.TP Reloadable Yes.UNINDENT The Netscape common log file
header text.
proxy.config.log.extended_log_enabled
Scope CONFIG.TP Type INT.TP Default 0.TP Reloadable Yes.UNINDENT Enables (1) or disables (0) the
Netscape extended log file format.
proxy.config.log.extended_log_is_ascii
Scope CONFIG.TP Type INT.TP Default 0.UNINDENT The Netscape extended log file type:
• 1 = ASCII
• 0 = binary
proxy.config.log.extended_log_name
Scope CONFIG.TP Type STRING.TP Default extended.UNINDENT The Netscape extended log filename.
proxy.config.log.extended_log_header
Scope CONFIG.TP Type STRING.TP Default NULL.TP Reloadable Yes.UNINDENT The Netscape extended log file
header text.
proxy.config.log.extended2_log_enabled
Scope CONFIG.TP Type INT.TP Default 0.TP Reloadable Yes.UNINDENT Enables (1) or disables (0) the
Netscape Extended-2 log file format.
proxy.config.log.extended2_log_is_ascii
Scope CONFIG.TP Type INT.TP Default 1.TP Reloadable Yes.UNINDENT The Netscape Extended-2 log file type:
• 1 = ASCII
• 0 = binary
proxy.config.log.extended2_log_name
Scope CONFIG.TP Type STRING.TP Default extended2.TP Reloadable Yes.UNINDENT The Netscape Extended-2 log
filename.
proxy.config.log.extended2_log_header
Scope CONFIG.TP Type STRING.TP Default NULL.TP Reloadable Yes.UNINDENT The Netscape Extended-2 log file
header text.
proxy.config.log.separate_icp_logs
Scope CONFIG.TP Type INT.TP Default 0.TP Reloadable Yes.UNINDENT When enabled (1), configures Traffic
Server to store ICP transactions in a separate log file.
• 0 = separation is disabled, all ICP transactions are recorded in the same file as HTTP transactions
• 1 = all ICP transactions are recorded in a separate log file.
• -1 = filter all ICP transactions from the default log files; ICP transactions are not logged anywhere.
proxy.config.log.separate_host_logs
Scope CONFIG.TP Type INT.TP Default 0.TP Reloadable Yes.UNINDENT When enabled (1), configures Traffic
Server to create a separate log file for HTTP transactions for each origin server listed in the
log_hosts.config file. Refer to HTTP Host Log Splitting.
proxy.local.log.collation_mode
Scope LOCAL.TP Type INT.TP Default 0.TP Reloadable Yes.UNINDENT Set the log collation mode.
┌───────┬───────────────────────────────────────┐
│ Value │ Effect │
├───────┼───────────────────────────────────────┤
│ 0 │ collation is disabled │
├───────┼───────────────────────────────────────┤
│ 1 │ this host is a log collation server │
├───────┼───────────────────────────────────────┤
│ 2 │ this host is a collation client and │
│ │ sends entries using standard formats │
│ │ to the collation server │
├───────┼───────────────────────────────────────┤
│ 3 │ this host is a collation client and │
│ │ sends entries using the traditional │
│ │ custom formats to the collation │
│ │ server │
├───────┼───────────────────────────────────────┤
│ 4 │ this host is a collation client and │
│ │ sends entries that use both the │
│ │ standard and traditional custom │
│ │ formats to the collation server │
└───────┴───────────────────────────────────────┘
For information on sending XML-based custom formats to the collation server, refer to
logs_xml.config.
NOTE:
Although Traffic Server supports traditional custom logging, you should use the more versatile
XML-based custom formats.
proxy.config.log.collation_host
Scope CONFIG.TP Type STRING.TP Default NULL.UNINDENT The hostname of the log collation server.
proxy.config.log.collation_port
Scope CONFIG.TP Type INT.TP Default 8085.TP Reloadable Yes.UNINDENT The port used for communication
between the collation server and client.
proxy.config.log.collation_secret
Scope CONFIG.TP Type STRING.TP Default foobar.TP Reloadable Yes.UNINDENT The password used to validate
logging data and prevent the exchange of unauthorized information when a collation server is being
used.
proxy.config.log.collation_host_tagged
Scope CONFIG.TP Type INT.TP Default 0.TP Reloadable Yes.UNINDENT When enabled (1), configures Traffic
Server to include the hostname of the collation client that generated the log entry in each entry.
proxy.config.log.collation_retry_sec
Scope CONFIG.TP Type INT.TP Default 5.TP Reloadable Yes.UNINDENT The number of seconds between collation
server connection retries.
proxy.config.log.rolling_enabled
Scope CONFIG.TP Type INT.TP Default 1.TP Reloadable Yes.UNINDENT Specifies how log files are rolled. You
can specify the following values:
• 0 = disables log file rolling
•
1 = enables log file rolling at specific intervals during the day (specified with the
proxy.config.log.rolling_interval_sec and proxy.config.log.rolling_offset_hr variables)
• 2 = enables log file rolling when log files reach a specific size (specified with the
proxy.config.log.rolling_size_mb variable)
• 3 = enables log file rolling at specific intervals during the day or when log files reach a specific
size (whichever occurs first)
•
4 = enables log file rolling at specific intervals during the day when log files reach a specific size
(i.e., at a specified
time if the file is of the specified size)
proxy.config.log.rolling_interval_sec
Scope CONFIG.TP Type INT.TP Default 86400.TP Reloadable Yes.UNINDENT The log file rolling interval, in
seconds. The minimum value is 60 (1 minute). The maximum, and default, value is 86400 seconds (one
day).
NOTE:
If you start Traffic Server within a few minutes of the next rolling time, then rolling might not
occur until the next rolling time.
proxy.config.log.rolling_offset_hr
Scope CONFIG.TP Type INT.TP Default 0.TP Reloadable Yes.UNINDENT The file rolling offset hour. The hour
of the day that starts the log rolling period.
proxy.config.log.rolling_size_mb
Scope CONFIG.TP Type INT.TP Default 10.TP Reloadable Yes.UNINDENT The size that log files must reach
before rolling takes place.
proxy.config.log.auto_delete_rolled_files
Scope CONFIG.TP Type INT.TP Default 1.TP Reloadable Yes.UNINDENT Enables (1) or disables (0) automatic
deletion of rolled files.
proxy.config.log.sampling_frequency
Scope CONFIG.TP Type INT.TP Default 1.TP Reloadable Yes.UNINDENT Configures Traffic Server to log only a
sample of transactions rather than every transaction. You can specify the following values:
• 1 = log every transaction
• 2 = log every second transaction
• 3 = log every third transaction and so on...
proxy.config.http.slow.log.threshold
Scope CONFIG.TP Type INT.TP Default 0.TP Metric milliseconds.TP Reloadable Yes.UNINDENT If set to a
non-zero value N then any connection that takes longer than N milliseconds from accept to
completion will cause its timing stats to be written to the debugging log file. This is
identifying data about the transaction and all of the transaction milestones.
DIAGNOSTIC LOGGING CONFIGURATION
proxy.config.diags.output.diag
Scope CONFIG.TP Type STRING.TP Default E.UNINDENT
proxy.config.diags.output.debug
Scope CONFIG.TP Type STRING.TP Default E.UNINDENT
proxy.config.diags.output.status
Scope CONFIG.TP Type STRING.TP Default L.UNINDENT
proxy.config.diags.output.note
Scope CONFIG.TP Type STRING.TP Default L.UNINDENT
proxy.config.diags.output.warning
Scope CONFIG.TP Type STRING.TP Default L.UNINDENT
proxy.config.diags.output.error
Scope CONFIG.TP Type STRING.TP Default SL.UNINDENT
proxy.config.diags.output.fatal
Scope CONFIG.TP Type STRING.TP Default SL.UNINDENT
proxy.config.diags.output.alert
Scope CONFIG.TP Type STRING.TP Default L.UNINDENT
proxy.config.diags.output.emergency
Scope CONFIG.TP Type STRING.TP Default SL.UNINDENT The diagnosic output configuration variables control
where Traffic Server should log diagnostic output. Messages at each diagnostic level can be
directed to any combination of diagnostic destinations. Valid diagnostic message destinations
are:
• 'O' = Log to standard output
• 'E' = Log to standard error
• 'S' = Log to syslog
• 'L' = Log to diags.log
Example
To log debug diagnostics to both syslog and diags.log:
CONFIG proxy.config.diags.output.debug STRING SL
proxy.config.diags.show_location
Scope CONFIG.TP Type INT.TP Default 1.UNINDENT Annotates diagnostic messages with the source code
location.
proxy.config.diags.debug.enabled
Scope CONFIG.TP Type INT.TP Default 0.UNINDENT Enables logging for diagnostic messages whose log level
is diag or debug.
proxy.config.diags.debug.tags
Scope CONFIG.TP Type STRING.TP Default http.*|dns.*.UNINDENT Each Traffic Server diag and debug level
message is annotated with a subsytem tag. This configuration contains a regular expression that
filters the messages based on the tag. Some commonly used debug tags are:
──────────────────────────────────────────────────────
Tag Subsytem usage
──────────────────────────────────────────────────────
dns DNS query resolution
──────────────────────────────────────────────────────
http_hdrs Logs the headers for HTTP requests
and responses
──────────────────────────────────────────────────────
privileges Privilege elevation
──────────────────────────────────────────────────────
ssl TLS termination and certificate
processing
┌────────────┬───────────────────────────────────────┐
--
REVERSE PROXY │ │ │
--
URL REMAP RULES │ │ │
--
SSL TERMINATION │ │ │
proxy.config.ssl.SSLv2 │ │ │
│ │ │
--
ICP CONFIGURATION
proxy.config.icp.enabled
Scope CONFIG.TP Type INT.TP Default 0.UNINDENT Sets ICP mode for hierarchical caching:
• 0 = disables ICP
• 1 = allows Traffic Server to receive ICP queries only
• 2 = allows Traffic Server to send and receive ICP queries
Refer to <admin-icp-peering>.
proxy.config.icp.icp_interface
Scope CONFIG.TP Type STRING.TP Default your_interface.UNINDENT Specifies the network interface used for
ICP traffic.
NOTE:
The Traffic Server installation script detects your network interface and sets this variable
appropriately. If your system has multiple network interfaces, check that this variable specifies the
correct interface.
proxy.config.icp.icp_port
Scope CONFIG.TP Type INT.TP Default 3130.TP Reloadable Yes.UNINDENT Specifies the UDP port that you want
to use for ICP messages.
proxy.config.icp.query_timeout
Scope CONFIG.TP Type INT.TP Default 2.TP Reloadable Yes.UNINDENT Specifies the timeout used for ICP
queries.
HTTP/2 CONFIGURATION
proxy.config.http2.enabled
Scope CONFIG.TP Type INT.TP Default 0.UNINDENT Enable the experimental HTTP/2 feature. This implements
most of the specifications, with the one big exception being server PUSH.
NOTE:
This configuration will be eliminated for v6.0.0, where HTTP/2 is enabled by default and controlled
via the ports configuration.
proxy.config.http2.max_concurrent_streams_in
Scope CONFIG.TP Type INT.TP Default 100.TP Reloadable Yes.UNINDENT The maximum number of concurrent
streams per inbound connection.
NOTE:
Reloading this value affects only new HTTP/2 connections, not the ones already established.
proxy.config.http2.initial_window_size_in
Scope CONFIG.TP Type INT.TP Default 65536.TP Reloadable Yes.UNINDENT The initial window size for inbound
connections.
proxy.config.http2.max_frame_size
Scope CONFIG.TP Type INT.TP Default 16384.TP Reloadable Yes.UNINDENT Indicates the size of the largest
frame payload that the sender is willing to receive.
proxy.config.http2.header_table_size
Scope CONFIG.TP Type INT.TP Default 4096.TP Reloadable Yes.UNINDENT The maximum size of the header
compression table used to decode header blocks.
proxy.config.http2.max_header_list_size
Scope CONFIG.TP Type INT.TP Default 4294967295.TP Reloadable Yes.UNINDENT This advisory setting informs
a peer of the maximum size of header list that the sender is prepared to accept blocks. The
default value, which is the unsigned int maximum value in Traffic Server, implies unlimited size.
SPDY CONFIGURATION
proxy.config.spdy.accept_no_activity_timeout
Scope CONFIG.TP Type INT.TP Default 30.TP Reloadable Yes.UNINDENT How long a SPDY connection will be
kept open after an accept without any streams created.
proxy.config.spdy.no_activity_timeout_in
Scope CONFIG.TP Type INT.TP Default 30.TP Reloadable Yes.UNINDENT How long a stream is kept open without
activity.
proxy.config.spdy.initial_window_size_in
Scope CONFIG.TP Type INT.TP Default 65536.TP Reloadable Yes.UNINDENT The initial window size for inbound
connections.
proxy.config.spdy.max_concurrent_streams_in
Scope CONFIG.TP Type INT.TP Default 100.TP Reloadable Yes.UNINDENT The maximum number of concurrent
streams per inbound connection.
NOTE:
Reloading this value affects only new SPDY connections, not the ones already established..
SCHEDULED UPDATE CONFIGURATION
proxy.config.update.enabled
Scope CONFIG.TP Type INT.TP Default 0.UNINDENT Enables (1) or disables (0) the Scheduled Update option.
proxy.config.update.force
Scope CONFIG.TP Type INT.TP Default 0.TP Reloadable Yes.UNINDENT Enables (1) or disables (0) a force
immediate update. When enabled, Traffic Server overrides the scheduling expiration time for all
scheduled update entries and initiates updates until this option is disabled.
proxy.config.update.retry_count
Scope CONFIG.TP Type INT.TP Default 10.TP Reloadable Yes.UNINDENT Specifies the number of times Traffic
Server can retry the scheduled update of a URL in the event of failure.
proxy.config.update.retry_interval
Scope CONFIG.TP Type INT.TP Default 2.TP Reloadable Yes.UNINDENT Specifies the delay (in seconds)
between each scheduled update retry for a URL in the event of failure.
proxy.config.update.concurrent_updates
Scope CONFIG.TP Type INT.TP Default 100.TP Reloadable Yes.UNINDENT Specifies the maximum simultaneous
update requests allowed at any time. This option prevents the scheduled update process from
overburdening the host.
PLUG-IN CONFIGURATION
proxy.config.plugin.plugin_dir
Scope CONFIG.TP Type STRING.TP Default config/plugins.UNINDENT Specifies the location of Traffic Server
plugins.
proxy.config.remap.num_remap_threads
Scope CONFIG.TP Type INT.TP Default 0.UNINDENT When this variable is set to 0, plugin remap callbacks
are executed in line on network threads. If remap processing takes significant time, this can be
cause additional request latency. Setting this variable to causes remap processing to take place
on a dedicated thread pool, freeing the network threads to service additional requests.
SOCKETS
proxy.config.net.defer_accept
Scope CONFIG.TP Type INT.TP Default 1.UNINDENT default: 1 meaning on all Platforms except Linux: 45
seconds
This directive enables operating system specific optimizations for a listening socket.
defer_accept holds a call to accept(2) back until data has arrived. In Linux' special case this is
up to a maximum of 45 seconds.
proxy.config.net.sock_send_buffer_size_in
Scope CONFIG.TP Type INT.TP Default 0.UNINDENT Sets the send buffer size for connections from the client
to Traffic Server.
proxy.config.net.sock_recv_buffer_size_in
Scope CONFIG.TP Type INT.TP Default 0.UNINDENT Sets the receive buffer size for connections from the
client to Traffic Server.
proxy.config.net.sock_option_flag_in
Scope CONFIG.TP Type INT.TP Default 0x0.UNINDENT Turns different options "on" for the socket handling
client connections::
TCP_NODELAY (1)
SO_KEEPALIVE (2)
SO_LINGER (4) - with a timeout of 0 seconds
NOTE:
This is a bitmask and you need to decide what bits to set. Therefore, you must set the value to 3 if
you want to enable nodelay and keepalive options above.
proxy.config.net.sock_send_buffer_size_out
Scope CONFIG.TP Type INT.TP Default 0.UNINDENT Sets the send buffer size for connections from Traffic
Server to the origin server.
proxy.config.net.sock_recv_buffer_size_out
Scope CONFIG.TP Type INT.TP Default 0.UNINDENT Sets the receive buffer size for connections from Traffic
Server to the origin server.
proxy.config.net.sock_option_flag_out
Scope CONFIG.TP Type INT.TP Default 0x1.UNINDENT Turns different options "on" for the origin server
socket::
TCP_NODELAY (1)
SO_KEEPALIVE (2)
SO_LINGER (4) - with a timeout of 0 seconds
NOTE:
This is a bitmask and you need to decide what bits to set. Therefore, you must set the value to 3 if
you want to enable nodelay and keepalive options above.
When SO_LINGER is enabled, the linger timeout time is set to 0. This is useful when ATS and origin
server were installed This is useful when Traffic Server and the origin server are co-located and
large numbers of sockets are retained in the TIME_WAIT state.
proxy.config.net.sock_mss_in
Scope CONFIG.TP Type INT.TP Default 0.UNINDENT Same as the command line option --accept_mss that sets
the MSS for all incoming requests.
proxy.config.net.sock_packet_mark_in
Scope CONFIG.TP Type INT.TP Default 0x0.UNINDENT Set the packet mark on traffic destined for the client
(the packets that make up a client response).
SEE ALSO:
Traffic Shaping
proxy.config.net.sock_packet_mark_out
Scope CONFIG.TP Type INT.TP Default 0x0.UNINDENT Set the packet mark on traffic destined for the origin
(the packets that make up an origin request).
SEE ALSO:
Traffic Shaping
proxy.config.net.sock_packet_tos_in
Scope CONFIG.TP Type INT.TP Default 0x0.UNINDENT Set the ToS/DiffServ Field on packets sent to the
client (the packets that make up a client response).
SEE ALSO:
Traffic Shaping
proxy.config.net.sock_packet_tos_out
Scope CONFIG.TP Type INT.TP Default 0x0.UNINDENT Set the ToS/DiffServ Field on packets sent to the
origin (the packets that make up an origin request).
SEE ALSO:
Traffic Shaping
proxy.config.net.poll_timeout
Scope CONFIG.TP Type INT.TP Default 10 (or 30 on Solaris).UNINDENT Same as the command line option
--poll_timeout, or -t, which specifies the timeout used for the polling mechanism used. This
timeout is always in milliseconds (ms). This is the timeout to epoll_wait() on Linux platforms,
and to kevent() on BSD type OSs. The default value is 10 on all platforms.
Changing this configuration can reduce CPU usage on an idle system, since periodic tasks gets
processed at these intervals. On busy servers, this overhead is diminished, since polled events
triggers morefrequently. However, increasing the setting can also introduce additional latency
for certain operations, and timed events. It's recommended not to touch this setting unless your
CPU usage is unacceptable at idle workload. Some alternatives to this could be:
Reduce the number of worker threads (net-threads)
Reduce the number of disk (AIO) threads
Make sure accept threads are enabled
The relevant configurations for this are:
CONFIG proxy.config.exec_thread.autoconfig INT 0
CONFIG proxy.config.exec_thread.limit INT 2
CONFIG proxy.config.accept_threads INT 1
CONFIG proxy.config.cache.threads_per_disk INT 8
proxy.config.task_threads
Scope CONFIG.TP Type INT.TP Default 2.UNINDENT Specifies the number of task threads to run. These
threads are used for various tasks that should be off-loaded from the normal network threads.
proxy.config.allocator.thread_freelist_size
Scope CONFIG.TP Type INT.TP Default 512.UNINDENT Sets the maximum number of elements that can be
contained in a ProxyAllocator (per-thread) before returning the objects to the global pool
proxy.config.allocator.thread_freelist_low_watermark
Scope CONFIG.TP Type INT.TP Default 32.UNINDENT Sets the minimum number of items a ProxyAllocator
(per-thread) will guarantee to be holding at any one time.
proxy.config.http.enabled
Scope CONFIG.TP Type INT.TP Default 1.UNINDENT Turn on or off support for HTTP proxying. This is rarely
used, the one exception being if you run Traffic Server with a protocol plugin, and would like for
it to not support HTTP requests at all.
COPYRIGHT
2014, dev@trafficserver.apache.org
5.3 April 18, 2016 RECORDS.CONFIG(5)