Configure how Liberator handles HTTP connections

Here’s how to configure Liberator’s HTTP connections.

Clients can connect to Liberator over HTTP as they would to any other web server, and Liberator’s supplied with a built-in HTTP Config blade that’s automatically activated when you install the Liberator (see Built-in blades). Liberator has a built-in web server that hosts pages that are useful when you’re developing your Caplin Platform installation; for example a status page that displays the state of Liberator and its connections, and the Liberator Explorer diagnostic tool. These pages are accesed via HTTP. RTTP connections are also encapsulated in HTTP.

Liberator’s built-in web pages are only intended for use in development environments. They aren’t secure enough to use in production systems.

Configuring Liberator’s HTTP port and interface

When you install Liberator to run under the Caplin Platform Deployment Framework, it’s automatically configured to use HTTP through the built-in HTTP Config blade. The Liberator listens for HTTP connections on all available interfaces, on port 18080.

If you want to change the Liberator’s HTTP connection interface and/or HTTP port, set the following configuration items.

In a production installation, clients shouldn’t be allowed to connect to Liberator through HTTP, for security reasons. Use secure HTTP (HTTPS) connections instead - see How can I… Configure how Liberator handles HTTPSconnections. You should disable Liberator’s built-in web pages too - see Enabling HTTPS in the HTTPS How can I…​

To change the Liberator’s HTTP port, add the macro definition LIBERATOR${THIS_LEG}_HTTPPORT to the Deployment Framework file <Framework-root>/global_config/environment.conf

Insert the definition at the end of the section headed "Add updated configuration after this point"

For example:

# Add updated configuration after this point
# Set Liberator's HTTP port to the conventional default
Don’t change value of the configuration item http-port directly. Always define the HTTP port using the macro LIBERATOR${THIS_LEG}_HTTPPORT

If you want to restrict Liberator to listening for HTTP connection requests on specific network interfaces, add the macro definition LIBERATOR${THIS_LEG}_HTTPINTERFACE to the Deployment Framework file <Framework-root>/global_config/environment.conf

Insert the definition at the end of the section headed "Add updated configuration after this point"

For example:

# Add updated configuration after this point
# Restrict Liberator's HTTP interface to specific network interfaces
Don’t change value of the configuration item http-interface directly. Always define the HTTP interface using the macro LIBERATOR${THIS_LEG}_HTTPINTERFACE

Configuring the HTTP Keep Alive feature

By default, the HTTP Keep Alive feature is enabled for Liberator’s HTTP connections. To change the settings, specify new values for the following configuration items. Put the settings in the Deployment Framework file <Framework-root>/global_config/overrides/servers/Liberator/etc/rttpd.conf

  • http-keepalive-max The maximum number of requests the Liberator will allow per persistent HTTP connection.

  • http-keepalive-timeout The maximum time in seconds for which the Liberator will keep a persistent HTTP connection open.

Using cookies to aid HTTP connection

Liberator can use cookies to indicate which RTTP link type and MIME type were used to successfully connect, so that on subsequent attempts the client knows which connection type to try first. To enable this feature, set the configuration items http-connection-cookie-enable and http-connection-cookie-expires in the Deployment Framework file <Framework-root>/global_config/overrides/servers/Liberator/etc/rttpd.conf

http-connection-cookie-expires <number-of-days>

Setting up HTTP authenticated directories (authentication realms)

HTTP authentication realms allow you to control individual users' access to specific areas of the Liberator web site. Set this up by defining an add-authdir configuration item for each HTTP directory name that constitutes a realm. Add the items to the Deployment Framework file <Framework-root>/global_config/overrides/servers/Liberator/etc/rttpd.conf


Only allow the Liberator users admin, admin1 and admin2 to access the Liberator’s status page:

   name /status
   realm Liberator Admin
   username admin admin2 admin3
   password admin admin2 admin3

Customising Liberator’s response to HTTP errors

In development environments, you can write custom web pages that are returned to the client in response to certain HTTP errors, such as HTTP error 400 ("Bad Request") and HTTP error 404 ("Not Found").

Once you’ve customised an error page, specify its filename and location within Liberator’s web site, using the appropriate configuration item; one of:

Add the configuration item to the Deployment Framework file <Framework-root>/global_config/overrides/servers/Liberator/etc/rttpd.conf

Improving the security of HTTP connections

To resist attacks on your system, Liberator includes a number of configuration options that limit the allowed length of each part of an HTTP message. If Liberator receives a message longer than that configured, it’ll reject it rather than reading it continuously until memory runs out.

The following configuration items configure the various maximum lengths of messages and their elements.

The default settings for these items should be sufficient, but if you experience security problems, set them to lower values. Add the items to the Deployment Framework file <Framework-root>/global_config/overrides/servers/Liberator/etc/rttpd.conf

See also: