undefined. EXPERT TRAINING PERFORMANCE. UBIKA WAAP GATEWAY.
[Audio] Adjusting different parameters can improve the performance of our web application. Implementing timeout compression and caching separately is an option but using a reverse proxy profile allows us to make more detailed changes to our Apache configuration. Configuring the reverse proxy gives us the ability to adjust the Apache configuration and timeout helping our web application run with optimal performance..
Reverse Proxy Profile.
[Audio] Ubika WAAP Gateway powered by Apache 2.4 provides a Reverse Proxy Profile service to improve web application performance. Administrators can set up a reverse proxy on the appliance by picking a Reverse Proxy Profile from the Advanced tab which has a variety of Apache and Network settings. This Profile is needed to set up a tunnel or virtual host for the web application..
[Audio] Apache web server is a potent tool to effectively manage web traffic. On Ubika WAAP Gateway it is set up with Worker M-P-M (Multi-Processing Modules). This module contains a root process that starts and oversees a certain amount of child processes. Each child evokes a certain number of server threads in addition to a listener thread to register connections. Once a connection is registered it is then forwarded to a server thread for processing. The number of child processes is adjustable with two parameters the number of child processes upon Apache instance start and the maximum number of child processes. For each child a definite number of threads need to be managed. Each thread is only capable of dealing with one connection at one time..
[Audio] Reverse Proxy Profiles provide a way to regulate and control the flow of traffic that passes through the Reverse Proxy. The default settings provided by Ubika WAAP Gateway are typically sufficient and the default profile for a Reverse Proxy is set to '01K Connections'. However administrators have the option to customize and adjust Apache and Network parameters to optimize the performance of their web application..
[Audio] When creating a new Reverse Proxy Profile using Apache 2.4 the Server Limit parameter needs to be set. This establishes a hard upper bound to the number of children Apache spawns in response to user requests assisting with protecting against input errors that may lead to downtime revenue loss reputation loss or even data loss. Min & Max Spare Threads parameters control the minimum and total number of idle threads allowed on the server across all children with the aim of reducing memory consumption during off-peak hours. Additionally Threads Per Child defines the limit of threads each Apache child process is allowed to manage and the Max Requests per Child parameter determines the cumulative amount of requests a single process can handle..
[Audio] Reverse Proxy Profile “01K Connections” is an effective method for streamlining Apache and Network configurations for enhanced web application execution. It commences with 1 child process with each established to manage up to 100 threads. The Server Limit parameter designates the highest number of child processes that can be activated. As such 10 processes handling up to 100 threads individually can be initiated thereby enabling up to 1000 concurrent users. Furthermore the reverse proxy is also prepared to provide a maximum of 100 threads in the idle state; if that number exceeds 500 then the threads will be terminated..
[Audio] The maximum client number is an important factor in the performance of a reverse proxy. This value is determined by the "Server Limit" and "Threads per Child" parameters which can be adjusted to increase the maximum number of clients. Ubika WAAP Gateway offers different reverse proxy profiles already configured but it is also possible to create a custom profile tailored to the specific needs. It is important to remember to apply the configuration with a cold restart when making changes to a reverse proxy..
[Audio] As web managers it is imperative to grasp the correlation between child processes and threads per child in Apache 2.4 servers. Each child process initiated by Apache is composed of multiple threads. By comprehending the types of traffic and applications your websites process you can alter the amount of child processes and threads per child for optimal efficiency. The default settings of our Reverse Proxy Profile service are structured to enhance your reverse proxy yet some applications may necessitate manual configuration for the most proficient usage. Should your application necessitate special configuration you can adjust the values for "Server Limit" and "Threads per Child" in the Reverse Proxy Profile service to most appropriately suit the requirements of your web applications..
[Audio] The ubika-Appliance Monitoring dashboard provides access to Apache stats graphs which illustrate memory usage of the reverse proxy and the number of active child processes. These stats can be used to ensure the reverse proxy is operating efficiently..
[Audio] Mod_status is an Apache module that gives administrators a way to monitor the activity of their web server and identify performance issues. It provides an in-depth view on the server's current status including the number of workers serving requests the number of idle workers the status of each worker the total server uptime the number of requests per second the number of bytes served per second the average number of bytes per request and the C-P-U usage of each worker and in total. Additionally it displays the current hosts and requests being processed. This powerful tool helps administrators ensure their web server is being used efficiently..
[Audio] To gain access to Reverse Proxy statistics you must create an advanced parameter profile for Reverse Proxy and attach it to your Reverse Proxy. Then you can access the information via your web browser by typing in server-name replacing 'server-name' with one of the hostnames of your web application. To configure it properly you need to define ProxyPass and Location parameters. For ProxyPass you need to type in /server-status followed by a ! sign. For Location you need to type in /server-status and set a handler for server-status followed by the Require ip 192. and Require ip 172. This will grant you access to the Reverse Proxy statistics..
[Audio] A reverse proxy profile is useful for gaining insight into the performance of web applications. Mod_status is a tool which aids administrators in optimizing the operation of their web applications offering details on uptime load cpu and memory use as well as information on threads and recently processed requests. Mod_status allows administrators to modify and configure both Apache and Network parameters resulting in better functioning of web applications..
Lab.
[Audio] To ensure accurate timestamps for web application activities start by checking the local time of your appliance. Afterwards use the HTTPerf lab to generate traffic which simulates a production environment. Finally Kibana can be used to analyze the Reverse Proxy statistics. The graphical view of collected data can then be used to determine the best Reverse Proxy configuration..
[Audio] Creating an advanced parameter profile and adding a server-status configuration is the first step to configuring the Ubika WAAP Gateway Reverse Proxy service. Afterwards edit the reverse proxy to use the specified profile. To finish generate web traffic with HTTPerf and access /server-status to view the generated statistics. Doing so should give you the desired results for your web application performance..
Timeout.
Overview. Timeout. HTTP protocol is based on TCP protocol (for HTTP version 1.x and 2.0). When a client want to send a request to a web server, first he need to create a TCP connection. To create a new TCP connection, the client send a TCP Syn packet, receive a TCP Syn-Ack packets and reply then with a TCP Ack packet followed by TCP packets containing the HTTP requests..
Overview (2). Timeout. When you have a reverse proxy, two TCP connection will be generated: First TCP connection will be between the client and the reverse proxy The second one will be between the reverse proxy and the web server The second TCP connection will only be initiated if the first TCP is created (TCP 3-handshake succeeded)..
Overview (3). Timeout. When a TCP is established, it remains active until one of the side ask to close it. Between the client and the reverse proxy, the initiator of the closing connection can be the client or the reverse proxy. Between the reverse proxy and the backend server, the initiator of the closing connection can be the backend server or the reverse proxy. TCP connection can be close because one equipment decide that there is no more data to be send or the timeout of the TCP connection arrive to expires. Sometimes, the closing can be different with TCP FIN / TCP ACK / TCP RST / TCP ACK..
[Audio] Using timeout to manage the number of T-C-P connections can be an effective way to optimize web application performance. The reverse proxy typically has a predefined value however you can adjust the value in the reverse proxy profile and tunnel configuration. You may also modify and configure the values in the reverse proxy and web server separately for each tunnel if that is desired..
[Audio] "The Timeout setting lets you decide how long a T-C-P connection between the client and the Ubika WAAP Gateway device can remain open before it gets closed. The default value for this setting is 300 seconds and is set in either the reverse proxy profile or the tunnel configuration. To make sure your web application performs optimally you should set the Timeout value as low as possible while still allowing regular traffic to flow without interruption. You also need to make sure that this Timeout value is bigger than the Proxy Timeout value so that the client connection doesn't get closed while the server connection is still active..
[Audio] Proxy Timeout is an option that lets you customize the time Apache will spend connected between the Ubika WAAP Gateway device and the web server. The default is 60 seconds and you can change it in the reverse proxy profile or in the tunnel configuration. It's important to think about the traffic flow and the web application when setting this value since the ideal is to have it as low as possible and still enable regular traffic activity. This value must be compatible with the settings on the web application server..
[Audio] Enabling the KeepAlive parameter in the Reverse Proxy Profile of the Ubika WAAP Gateway can significantly reduce latency and improve performance. It allows the same connection between the browser and the appliance to be reused for multiple requests resulting in a 50% reduction in latency. This is a great way to reduce network and C-P-U usage when dealing with websites that contain a lot of elements. An analogy for this concept is holding a door open for a line of people rather than having each person open and close it multiple times. Without KeepAlive Apache works in a similar manner meaning network and C-P-U usage is higher. Enabling KeepAlive keeps the connection open until all requests have been processed leading to improved performance..
[Audio] A client's simple request necessitates a full T-C-P exchange beginning with the client transmitting a TCP SYN packet to the server. The server responds with a SYN-ACK packet acknowledging the client's S-Y-N packet and also including its own S-Y-N packet. The client then responds with an A-C-K packet acknowledging the server's SYN-ACK packet. Upon completion of the three-way handshake the client can start sending actual requests to the server. This entire process is enabled by the Ubika WAAP Gateway Reverse Proxy Profile service..
[Audio] The "disablereuse" option is a way to improve the performance of your reverse proxy setup. This option will close the connection between the reverse proxy and the backend server immediately after all requests were served. To activate it you need to add the following line in your advanced parameters profile: "ProxyPass "/" "A B C D" status= plus i retry=0 smax=0 ttl=4 upgrade=websocket disablereuse=On " This configuration will ensure that the connection pool worker retry timeout is set to 0 the retained connection pool entries above the set limit are freed during certain operations and the time to live is set to 4. By enabling this option you will be able to ensure your reverse proxy setup will be as efficient as possible..
[Audio] Without greetings without beginning with 'Today' and without thanks the following text provides an overview of the full Transmission Control Protocol (T-C-P--) exchange that takes place when a client with disabled reuse set to 'On' initiates a simple request. Ubika WAAP Gateway's reverse proxy profile service is based on Apache 2.4 which allows the administrator to adjust Apache and network settings for improved web application performance. When reuse is disabled the client will initiate a three-way handshake to establish a connection with the server. After the connection is established the client will send its request and the server will respond with a response. Finally the client will send a close request and the server will close the connection by sending a close response..
[Audio] A request timeout profile allows administrators to adjust and configure various timeouts for receiving headers and bodies of requests from clients. Should the client fail to conform to the timeouts a 408 request timeout error code is sent. The default values are configured in Apache to reduce the risk of attacks on the device. These values include a T-L-S handshake of 10 seconds header timeout of 20 seconds header maximum timeout of 40 seconds header minimum rate of 500 bytes body of 20 seconds and body minimum rate of 500 bytes. With a request timeout profile administrators can adjust and customize these values on each tunnel or reverse proxy allowing the tunnel to inherit the profile..
[Audio] Administrators can customize the Apache and Network parameters using the Request Timeout Profile menu. To create a new profile the “Add” button needs to be clicked after which the parameters can be customized to suit the requirements. This menu allows users to set a Header and Body Timeout and Rate in bytes before the request is read. Additionally the Header and Body Timeouts can be specified with an initial and maximum timeout..
[Audio] It is crucial to adjust timeouts for each application in order to optimize web application performance. Different applications may require different timeouts so making just a single second adjustment in the backend timeout will provide more control for your web application. To ensure that all requests are able to be processed it is important to specify a suitable timeout. The default value is often appropriate however if you expect slower internet speeds then increasing the timeout value may be necessary. Remember to also adjust any associated network equipment for the web traffic..
Lab.
[Audio] Slide outlines Lab 1 Timeout attack which is designed to launch a slow loris attack on a web application protected by a web application firewall. Attack involves sending a request to server waiting a set amount of time before sending it again. Each time the request is sent it refreshes every 10 seconds. This attack can cause an increase in server load slowing down web application..
[Audio] Create a new Request Timeout Profile in this Lab2 with parameters consisting of a Header timeout between 5 and 10 seconds. After completion use a SlowLoris attack to test it and observe the difference..
Compression.
[Audio] Compression is a method of reducing the amount of data sent from the web server to the client. Web browsers typically inform web servers that they are able to process compressed data by sending the Accept-Encoding header which can have multiple values including gzip compress deflate br identity or *. If a web server is unable to compress data the WAAP Gateway is capable of providing this service..
[image] apple informatique ordinateur portable macbook macbook pro pro icone 6676 128.
[Audio] Administrators must configure Apache and Network parameters for the Reverse Proxy Profile service provided by Ubika WAAP Gateway in order to improve web application performance. This can be done by accessing the tunnel configuration window via the Performance tab. Once there administrators can enable compression by selecting a Compression Profile from the list. Additionally checking the “Forward gzip encoding” parameter will keep the response sent by the backend compressed without any modification made by the workflow..
[Audio] Go to Setup > Tunnels > Compression Profiles to manage the Compression Profile which is an optional configuration setting that allows you to tailor your web application performance for improved efficiency. This menu offers the ability to add delete or modify existing profiles. To create a new profile click the "Add" button and a popup window will appear on your screen..
[Audio] Creating a compression profile for web applications is an important way to optimize performance. It is important to understand the parameters that need to be set including content type browser to exclude buffer size compression level memory level and window size. Setting each parameter carefully enables the best performance for the application. For instance the buffer size and compression level work in tandem to reduce data size while still preserving hardware resources. The memory level and window size must also be set accurately to maximize the compression rate. Configuring these parameters accurately helps to optimize web application performance..
[Audio] To gain more information on the compression create a new access log profile and add the following details: %h %a %u %t "%r" %>s %b "%i" "%i" %b (%n) %b: size of the file %n: rate of compression. This will give you the information you need on your compression rates..
[Audio] To optimize the performance of your web application pay attention to the compression stats you view on your web browser. Firefox for example displays two columns that provide insight. The "transferred" column displays the size of the file that has been compressed while the "Size" column displays the real size of the file. Knowing this data helps assess the performance of your web application and determine what steps need to be taken to optimize it..
Lab.
[Audio] To analyze the compression performance of your web application generate some traffic. An analysis of the traffic can then be conducted to check whether it is being compressed. Applying the correct settings and parameters makes sure the traffic is compressed as effectively as possible optimizing the performance of your web application..
[Audio] Create a new compression profile with a compression level set at "9" using the standard parameters of Lab2. Apply the profile to the tunnel. Generate some traffic to compare the compressed and uncompressed data for the purpose of analyzing the data. Evaluate the efficiency of the new profile based on the result..
[Audio] Before configuring Apache and Network parameters for better web application performance with Ubika WAAP Gateway’s Reverse Proxy Profile service here are some useful guidelines to keep in mind. Make sure to check the server’s system resources such as the number of simultaneous connections memory and storage capacity. Also ensure that the correct drivers are installed and properly configured. Further be aware of security concerns and make sure that all passwords are kept private and all services are up to date..
[Audio] You will be instructed how to modify the compression profile of your Ubika WAAP Gateway service so as to adjust and configure Apache and Network parameters for an optimal web application performance. Specifically you will gain knowledge about how to modify your compression profile to handle application/javascript content type. After completing the given steps create some traffic for confirmation that the javascript files have been compressed successfully..
[Audio] Administrators in Lab3 should consider several Apache and Network configuration tips to optimize the performance of the Reverse Proxy Profile service. Port Forwarding should be configured so incoming requests can be directed to the internal web server. The Apache Keep Alive parameter should be set up to prevent creation of too many new connections. Additionally the Firewall Configuration settings should be adjusted to guarantee secure connection to the internal web server for all clients..
[Audio] For this task you will need to create a custom access logs profile with the mentioned parameters: %h %a %u %t "%r" %>s %b "%i" "%i" %b (%n). After that generate some traffic to the web application and verify that the additional information on compression is present in the access logs..
Caching.