http
Beginning of an HTTP server clause with a name defined as a parameter. Multiple HTTP servers can be defined.
HTTP servers handle web-based requests and can be used for custom HTTP APIs, webhooks, or REST-based authentication services. The server processes incoming HTTP requests through AAA policies, where handlers match requests based on HTTP method, path, headers, and other attributes.
Protocols
The HTTP server supports the following transport protocols:
- tcp - Plain HTTP over TCP.
- tls - HTTPS with TLS encryption. Requires certificate configuration. Supports HTTP/1.1 and HTTP/2.
Parameters
| Parameter | Description | Required |
|---|---|---|
| listen | Network listener configuration (protocol, port, IP addresses, TLS) | Yes |
| clients | Reference to an HTTP client list that defines allowed client sources | No |
| pre-client | Pipeline executed before client matching | No |
| policy | Default AAA policy for handling requests | No |
| capture | Packet capture configuration name | No |
| statistics | Statistics collection configuration | No |
HTTP Context Variables
When processing HTTP requests, context variables in the http namespace are available in pipelines.
For the complete list of available variables, see the HTTP namespace documentation.
Default Response Behavior
When no custom response body is set via http.response.*, the server returns a JSON object based on the pipeline result:
{
"result": "accept",
"message": "Optional message"
}
Default HTTP status codes based on pipeline results:
| Pipeline Result | HTTP Status |
|---|---|
| accept | 200 OK |
| reject | 403 Forbidden |
| ignore | 404 Not Found |
| error | 500 Internal Server Error |
Set http.status explicitly to override these defaults.
Response headers automatically included:
X-AAA-Context-Id- The AAA context identifierX-AAA-Result- The pipeline result (accept, reject, ignore, error)X-AAA-Message- Optional message from the pipeline (when set)
Example: Basic HTTP Server
servers {
http "HTTP_SERVER" {
listen {
protocol tcp;
ip 0.0.0.0;
port 8000;
}
clients "HTTP_CLIENTS";
}
}
clients {
http "HTTP_CLIENTS" {
client "LOCALHOST" {
source {
ip 127.0.0.1;
ip ::1;
}
}
}
}
Example: HTTPS Server with TLS
certificates {
x509 "SERVER_CERT" {
filename "/etc/radiator/certs/server.pem";
}
key "SERVER_KEY" {
filename "/etc/radiator/private/server-key.pem";
}
x509 "CA_CERT" {
filename "/etc/radiator/certs/ca.pem";
}
}
servers {
http "HTTPS_SERVER" {
listen {
protocol tls;
ip 0.0.0.0;
port 8443;
tls {
certificate "SERVER_CERT";
certificate_key "SERVER_KEY";
server_ca_certificate "CA_CERT";
require_client_certificate false;
}
}
clients "HTTP_CLIENTS";
}
}
Example: Multiple Endpoints with Different Responses
This example demonstrates an HTTP server with multiple endpoints returning different JSON responses:
logging {
aaa {
logger "HTTP_ACCESS" {
file {
filename "/var/log/radiator/http-access.log";
}
}
}
}
clients {
http "HTTP_CLIENTS" {
client "LOCALHOST" {
source {
ip 127.0.0.1;
ip ::1;
}
}
}
}
servers {
http "HTTP_SERVER" {
listen {
protocol tcp;
ip 0.0.0.0;
port 4000;
}
clients "HTTP_CLIENTS";
}
}
aaa {
pipeline "LOG_REQUEST" {
log "HTTP_ACCESS" {
json {
"timestamp" datetime.timestamp;
"method" http.method;
"path" http.path;
"client_ip" http.client.ip;
"status" http.status;
"handler" aaa.handler;
}
}
}
policy "DEFAULT" {
handler "FOO" {
conditions all {
http.method == "GET";
http.path == "/foo";
}
authentication {
modify {
http.status = 200;
http.response.endpoint = "foo";
http.response.message = "Hello from /foo";
}
accept;
}
final-authentication {
invoke "LOG_REQUEST";
}
}
handler "BAR" {
conditions all {
http.method == "GET";
http.path == "/bar";
}
authentication {
modify {
http.status = 200;
http.response.endpoint = "bar";
http.response.data.value = 42;
http.response.data.items = "one,two,three";
}
accept;
}
final-authentication {
invoke "LOG_REQUEST";
}
}
handler "NESTED_PATH" {
conditions all {
http.method == "GET";
http.path == "/some/path";
}
authentication {
modify {
http.status = 200;
http.response.endpoint = "some/path";
http.response.nested.level1.level2 = "deep value";
}
accept;
}
final-authentication {
invoke "LOG_REQUEST";
}
}
handler "POST_HANDLER" {
conditions all {
http.method == "POST";
http.path == "/some/path";
}
authentication {
modify {
http.status = 201;
http.response.endpoint = "some/path";
http.response.method = "POST";
http.response.received = http.body;
}
accept;
}
final-authentication {
invoke "LOG_REQUEST";
}
}
handler "NOT_FOUND" {
authentication {
modify {
http.status = 404;
http.response.error = "Not Found";
http.response.message = "The requested path does not exist";
}
reject;
}
final-authentication {
invoke "LOG_REQUEST";
}
}
}
}
This configuration:
- Serves
/fooreturning{"endpoint": "foo", "message": "Hello from /foo"} - Serves
/barreturning nested data with{"endpoint": "bar", "data": {"value": 42, ...}} - Serves GET
/some/pathreturning deeply nested JSON - Serves POST
/some/pathreturning status 201 with the received body - Returns 404 for any unmatched paths
- Logs all requests in JSON format to an access log file
See Also
- servers - Server configuration overview
- clients.http - HTTP client list configuration
- aaa.policy - AAA policy configuration