Options
Configuration options for Node.js Agent. They are modifiable using Hdiv Toolbar configuration page or more generally using environment variables.
| Key | Type | Description |
|---|---|---|
| hdiv.console.level | Custom | Define the logging level the following options are available |
| hdiv.file.level | Custom | Define the logging level the following options are available |
| hdiv.log.file.location | String | Agent log file complete path. For example, /opt/hdiv/logs/agent.log |
| hdiv.log.append | Boolean | Define whether agent traces should be appended during startup or not, by default false |
| hdiv.config.dir | String | Path to the config dir where the license is present |
| hdiv.console.url | String | Defines de URL of the Web Console, by default http://localhost:8089/hdiv-console-services |
| hdiv.console.token | String | Authentication token for the environment in the Web Console |
| hdiv.server.name | String | The name that will identify this server in the Web Console |
| hdiv.console.timeout | String | Console communication timeout (ms) , by default 2000 |
| hdiv.console.validate.certificate | Boolean | Whether the Web Console certificate should be verified when using https or not, by default true |
| hdiv.toolbar.enabled | Boolean | Whether Hdiv toolbar should be shown or not, when the agent is not configured to communicate with a Web Console it will be always displayed, otherwise by default is false |
| hdiv.toolbar.enabled.on.demand | Boolean | With this parameter Hdiv toolbar could be manually activated in runtime but it is not displayed otherwise, by default false |
| hdiv.toolbar.disabled.patterns | List | A comma separated list, including regular expressions to avoid the toolbar in URLs matching those |
| hdiv.trace.queries | Boolean | Flag to indicate that SQL Queries will be displayed in Hdiv Toolbar, by default true |
| hdiv.validation.info | Boolean | Flag to allow validation info to be displayed on the toolbar when using Hdiv Library Protection, by default true |
| hdiv.toolbar.delete.location.change | Boolean | In some SPA vulnerabilities will not be emptied in the toolbar, they can be manually cleaned with the button in the toolbar or otherwise use this option (but it may have issues depending on the browser used), by default false |
| hdiv.toolbar.xhr.header | Boolean | By default Hdiv toolbar includes (if not present) X-Requested-With header in AJAX calls to identify them, by default true |
| hdiv.toolbar.only.in.html.responses | Boolean | If true, Hdiv toolbar will be included only in responses that have HTML Content-Type and whose content looks like actual HTML. If false, the toolbar will be included in any page with HTML Content-Type or without any Content-Type header and HTML-like content. Defaults to true. |
| hdiv.throughput.rate | Integer | Defines the percent of the requests for which the detection will be activated, by default 100 |
| hdiv.artifact.detection.additional.disabled | Boolean | Flag to indicate if additional artifacts (OS, DB & JVM) should be disabled or not, by default false |
| hdiv.default.task.time.period | Number | Time period for all agent communication tasks (in seconds) |
| hdiv.metrics.task.time.period | Number | Time period for metrics task (in seconds), by default 60 |
| hdiv.security.threats.task.time.period | Number | Time period for security threads task (in seconds), by default 5 |
| hdiv.update.config.task.time.period | Number | Time period for Hdiv library configuration update (in seconds), by default 5 |
| hdiv.vulnerability.config.task.time.period | Number | Time period for Hdiv agent configuration update (in seconds), by default 60 |
| hdiv.rule.info.task.time.period | Number | Time period for rule configuration update (in seconds), by default 60 |
| hdiv.excluded.stacks | List | A comma separated list, including packages that should be avoided in vulnerability stacks |
| hdiv.root.app.name | String | Mandatory name for application deployed on root context path |
| hdiv.mandatory.app.name | String | Mandatory name for any application deployed on this server. If more that one application is deployed, it is possible to define a mapping like the following app_1:First;app_2:Second |
| hdiv.js.cache.maxage | Number | Time in minutes that javascript files are cached on the client with the Cache-Control header. Default value is 30 |
| hdiv.always.excluded.files | List | Colon separated list of filenames to exclude from scanning |
The app's name and version are taken from the app's package.json file but the name could be overwritten if desired with hdiv.root.app.name.