config.rst 25 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432
  1. .. _production_config:
  2. Configuration Considerations
  3. ============================
  4. General Guidance
  5. ----------------
  6. Use production logging
  7. ''''''''''''''''''''''
  8. Excessive logging may visibly affect the performance of your server. High logging levels are often necessary to track down issues, but during operation you should run with low levels. (You can switch the logging levels while GeoServer is running.)
  9. You can change the logging level in the :ref:`config_globalsettings_log_profile`. You will want to choose the ``PRODUCTION`` logging configuration, where only problems are written to the log files.
  10. Personalize your server
  11. '''''''''''''''''''''''
  12. In order to your GeoServer as welcoming as possible, you should customize the server's metadata to your organization. It may be tempting to skip some of the configuration steps, and leave in the same keywords and abstract as the defaults, but this will only confuse potential users.
  13. Suggestions:
  14. * Fill out :ref:`service_metadata` sections for WFS, WMS, WCS, WMTS web services.
  15. * Use :ref:`config_contact` to provide service welcome message, contact details and a link to your organisation.
  16. This message is be shown to visitors at the top of welcome page. The contact details and organisation information are included in the welcome page, and used to describe each web service in the capabilities documents.
  17. * When setting up a workspace you can provide more detailed service metadata and contact information.
  18. * Serve your data with your own namespace (and provide a correct URI)
  19. * Remove default layers (such as ``topp:states``)
  20. Configure service limits
  21. ''''''''''''''''''''''''
  22. Make sure clients cannot request an inordinate amount of resources from your server.
  23. In particular:
  24. * Set the :ref:`maximum amount of features <services_webadmin_wfs>` returned by each WFS GetFeature request (this can also be set on a per featuretype basis by modifying the :ref:`layer publishing wfs settings <data_webadmin_layers>`).
  25. * Set the :ref:`WMS request limits <wms_configuration>` so that no request will consume too much memory or too much time.
  26. * Set :ref:`WPS limits <webadmin_wps>`, so no process will consume too much memory or too much time. You may also limit the :ref:`size input parameters <wps_security>` for further control.
  27. * Install and configure the :ref:`control_flow` for greater control of client access.
  28. Welcome page selectors
  29. ''''''''''''''''''''''
  30. The workspace and layer selectors might take a lot of time to fill up against large catalogs. Because of this, GeoServer tries to limit the time taken to fill them (by default, 5 seconds), and the number of items in them (by default, ``1000``), and will fall back on simple text fields if the time limit is reached.
  31. In some situations, that won't be enough and the page might get stuck anyways. The following properties can be used to tweak the behavior:
  32. * ``GeoServerHomePage.selectionMode`` : can be set to ``text`` to always use simple text fields, ``dropdown`` to always use dropdowns, or ``auto`` to use the default automatic behavior.
  33. * ``GeoServerHomePage.selectionTimeout`` : the time limit in milliseconds, defaults to ``5000``.
  34. * ``GeoServerHomePage.selectionMaxItems`` : the maximum number of items to show in the dropdowns, defaults to ``1000``.
  35. When using ``text`` selection mode the page description is static, no longer offering of available workspace and layers.
  36. .. figure:: images/selector_text.png
  37. Welcome page text selection mode
  38. Cache your data
  39. '''''''''''''''
  40. Server-side caching of WMS tiles is the best way to increase performance. In caching, pre-rendered tiles will be saved, eliminating the need for redundant WMS calls. There are several ways to set up WMS caching for GeoServer. GeoWebCache is the simplest method, as it comes bundled with GeoServer. (See the section on :ref:`gwc` for more details.) Another option is `TileCache <https://tilecache.org>`__.
  41. You can also use a more generic non-spatial caching system, such as `Ehcache <https://www.ehcache.org>`__ (an embedded cache service) or `Squid <http://www.squid-cache.org>`__ (a web cache proxy).
  42. Caching is also possible for WFS layers, in a very limited fashion. For DataStores that don't have a quick way to determine feature counts (e.g. shapefiles), enabling caching can prevent querying a store twice during a single request. To enable caching, set the Java system property ``org.geoserver.wfs.getfeature.cachelimit`` to a positive integer. Any data sets that are smaller than the cache limit will be cached for the duration of a request, which will prevent the dataset from being queried a second time for the feature count. Note that this may adversely affect some types of DataStores, as it bypasses any feature count optimizations that may exist.
  43. Set security for data modification
  44. ''''''''''''''''''''''''''''''''''
  45. GeoServer includes support for WFS-T (transactions) which lets users modify your data.
  46. If you don't want your database modified, you can turn off transactions in the :ref:`services_webadmin_wfs`. Set the :guilabel:`Service Level` to ``Basic``. For extra security, we recommend any database access use datastore credentials providing read-only permissions. This will eliminate the possibility of a SQL injection (though GeoServer is generally not vulnerable to that sort of attack).
  47. If you would like some users to be able to modify data, set the service level :guilabel:`Service Level` to ``Transactional`` (or ``Complete``) and use :ref:`security_service` to limit access to the `WFS.Transaction` operation.
  48. If you would like some users to be able to modify some but not all of your data, set the :guilabel:`Service Level` to ``Transactional`` (or ``Complete``), and use :ref:`security_layer` to limit write access to specific layers. Data security can be used to allow write access based on workspace, datastore, or layer security.
  49. GeoServer Data Admin Guidance
  50. -----------------------------
  51. Establishing a data administrator user is a recommended configuration to privileged users with limited access to the Admin Console to manage the publication of information, but are not intended to be trusted as a GeoServer Administrator with responsibility for the full global settings and system integration controls.
  52. 1. Create a role to be used for data administration.
  53. 2. Provide this role to the Users (or Groups) requiring data admin access.
  54. 3. Provide this role :ref:`data security <security_webadmin_data>` admin access ``a`` to:
  55. * :ref:`workspace <workspace_security>` administration
  56. * :ref:`layer <layer_security>` administration
  57. 4. Recommendation: The combination of data admin permission for a workspace and GROUP_ADMIN access provides a good combination for an individual responsible for a workspace. This provides the ability to manage and control access to the data products in a workspace.
  58. GeoServer Administrator Guidance
  59. --------------------------------
  60. The GeoServer administration console provides a trusted GeoServer Administrator control of the application. This is often the same individual as the System Administrator who has deep knowledge of the operational environment.
  61. In this workflow the Administration Console is used to adapt the application to the operational environment:
  62. * :ref:`proxy_base`
  63. * :ref:`config_globalsettings_log_location`
  64. * ... and many more :ref:`config_globalsettings`.
  65. Management of a web service using an administration console is a more common practice when running GeoServer as a windows web service.
  66. System Administrator Guidance
  67. -----------------------------
  68. In situations where GeoServer is operating in an environment provided by a System Administrator the use of :ref:`application_properties` is available.
  69. * ``PROXY_BASE_URL``
  70. * ``GEOSERVER_LOG_LOCATION``
  71. * ``GEOSERVER_CONSOLE_DISABLED``
  72. * ... and many more :ref:`application_properties`
  73. This approach removes some functionality from the Administration Console and REST API.
  74. Management of web services using environmental variables is standard practice when running GeoServer in a Linux or Docker environment.
  75. Logging configuration hardening
  76. ''''''''''''''''''''''''''''''''
  77. For production systems, it is advised to set ``GEOSERVER_LOG_LOCATION`` parameter during startup. The value may be defined as either an environment variable, java system property, or servlet context parameter.
  78. The location set for ``GEOSERVER_LOG_LOCATION`` has priority, causing the setting provided using the Admin Console or REST API to be ignored.
  79. See :ref:`logging_location` for more information.
  80. Disable the GeoServer web administration interface
  81. ''''''''''''''''''''''''''''''''''''''''''''''''''
  82. In some circumstances, you might want to completely disable the web administration interface. There are two ways of doing this:
  83. * Set the Java system property ``GEOSERVER_CONSOLE_DISABLED`` to true by adding ``-DGEOSERVER_CONSOLE_DISABLED=true`` to your container's JVM options
  84. * Remove all of the :file:`gs-web*-.jar` files from :file:`WEB-INF/lib`
  85. .. _module_status_security_environment_vars:
  86. Showing Environment Variables and Java System Properties
  87. ''''''''''''''''''''''''''''''''''''''''''''''''''''''''
  88. Module status information is available describing the operational environment.
  89. * The :guilabel:`GeoServer Status` page :ref:`config_serverstatus_module`.
  90. * The REST ``/geoserver/rest/about/status`` endpoint lists module status information
  91. 1. By default GeoServer does **not** show Environment Variables and Java System Properties.
  92. 2. To show environment variables and Java system properties on the status page and REST API, start GeoServer with these environment variables set to ``true``:
  93. * `GEOSERVER_MODULE_SYSTEM_ENVIRONMENT_STATUS_ENABLED`
  94. * `GEOSERVER_MODULE_SYSTEM_PROPERTY_STATUS_ENABLED`
  95. 3. In a production system, these should be set to ``false`` (or leave them undefined).
  96. .. warning::
  97. While this feature can help an administrator debug a GeoServer instance's configuration, environment variables can include sensitive information such as database passwords and API access keys/tokens, particularly when running in a containerised environment (such as Docker or Kubernetes) or with ``ALLOW_ENV_PARAMETRIZATION=true``.
  98. .. note:: Linux
  99. Linux administrators can get a list of all environment variables set at GeoServer startup with:
  100. .. code-block:: bash
  101. tr '\0' '\n' < /proc/${GEOSERVER_PID}/environ
  102. Application Server Guidance
  103. ---------------------------
  104. A few settings are only available by adjusting the Application Server environment :ref:`web context parameters <application_properties>`.
  105. Set a service strategy
  106. ''''''''''''''''''''''
  107. A service strategy is the method in which output is served to the client. This is a balance between proper form (being absolutely sure of reporting errors with the proper OGC codes, etc.) and speed (serving output as quickly as possible). This is a decision to be made based on the function that GeoServer is providing.
  108. In Apache Tomcat you can provide system property by creating :file:`conf/Catalina/localhost/geoserver.xml`:
  109. .. code-block:: xml
  110. <Context>
  111. <Parameter name="serviceStrategy"
  112. value="PARTIAL-BUFFER2" override="false"/>
  113. </Context>
  114. You can configure the default service strategy by modifying the :file:`web.xml` file of your GeoServer instance:
  115. .. code-block:: xml
  116. <context-param>
  117. <param-name>serviceStrategy</param-name>
  118. <param-value>PARTIAL-BUFFER2</param-value>
  119. </context-param>
  120. The possible strategies are:
  121. .. list-table::
  122. :widths: 20 80
  123. * - **Strategy**
  124. - **Description**
  125. * - ``SPEED``
  126. - Serves output right away. This is the fastest strategy, but proper OGC errors are usually omitted.
  127. * - ``BUFFER``
  128. - Stores the whole result in memory, and then serves it after the output is complete. This ensures proper OGC error reporting, but delays the response quite a bit and can exhaust memory if the response is large.
  129. * - ``FILE``
  130. - Similar to ``BUFFER``, but stores the whole result in a file instead of in memory. Slower than ``BUFFER``, but ensures there won't be memory issues.
  131. * - ``PARTIAL-BUFFER2``
  132. - A balance between ``BUFFER`` and ``SPEED``, this strategy tries to buffer in memory a few KB of response, then serves the full output.
  133. Security and Service Hardening
  134. ------------------------------
  135. The following settings allow administrators to take greater control of the application allowing functionality to be disabled.
  136. Disable the Auto-complete on web administration interface login
  137. '''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
  138. To disable the Auto Complete on Web Admin login form:
  139. * Set the Java system property ``geoserver.login.autocomplete`` to off by adding ``-Dgeoserver.login.autocomplete=off`` to your container's JVM options
  140. * If the browser has already cached the credentials, please consider clearing the cache or form data after setting the JVM option.
  141. Disable anonymous access to the layer preview page
  142. ''''''''''''''''''''''''''''''''''''''''''''''''''
  143. In some circumstances, you might want to provide access to the layer preview page to authenticated users only. The solution is based on
  144. adding a new :guilabel:`filter chain` with a rule matching the path of the layer preview page to GeoServer's :ref:`security_auth_chain`. Here are the
  145. steps to reproduce:
  146. * Under :guilabel:`Security` -> :guilabel:`Authentication` -> :guilabel:`Filter Chains`, add a new HTML chain
  147. * Set the new chain's name to ``webLayerPreview`` (or likewise)
  148. * As Ant pattern, enter the path of the layer preview page, which is :file:`/web/wicket/bookmarkable/org.geoserver.web.demo.MapPreviewPage`
  149. (since it's an Ant pattern, the path could as well be written shorter with wildcards: :file:`/web/**/org.geoserver.web.demo.MapPreviewPage`)
  150. * Check option :guilabel:`Allow creation of an HTTP session for storing the authentication token`
  151. * Under :guilabel:`Chain filters`, add filters ``rememberme`` and ``form`` (in that order) to the :guilabel:`Selected` list on the right side
  152. * Close the dialog by clicking the :guilabel:`Close` button; the new HTML chain has been added to the list of chains as the last entry
  153. * Since all chains are processed in turn from top to bottom, in order to have any effect, the new ``webLayerPreview`` chain must be positioned
  154. **before** the ``web`` chain (which matches paths :file:`/web/**,/gwc/rest/web/**,/`)
  155. * Use the :guilabel:`Position` arrows on the left side of the list to move the newly added chain upwards accordingly
  156. * Save the changes you've made by clicking the :guilabel:`Save` button at the bottom of the page
  157. With that in place, unauthenticated users now just get forwarded to the login page when they click the layer preview menu item link.
  158. The above procedure could as well be applied to other pages of the web administration interface that one needs to remove anonymous access for. For example:
  159. * :guilabel:`Demos` -> :guilabel:`Demo requests`
  160. (path: :file:`/web/wicket/bookmarkable/org.geoserver.web.demo.DemoRequestsPage`)
  161. * :guilabel:`Demos` -> :guilabel:`WCS request builder`
  162. (path: :file:`/web/wicket/bookmarkable/org.geoserver.wcs.web.demo.WCSRequestBuilder`)
  163. .. warning::
  164. Although disabling anonymous access to the layer preview page **MAY** prevent some unauthenticated users from accessing data with some simple
  165. clicks, this is **NOT** a security feature. In particular, since other more sophisticated users, having the ability to build OGC requests, **MAY**
  166. still access critical data through GeoServer's services, this is **NOT** a replacement for a well-designed security concept based on data-level or
  167. service-level security.
  168. X-Frame-Options Policy
  169. ''''''''''''''''''''''
  170. In order to prevent clickjacking attacks GeoServer defaults to setting the X-Frame-Options HTTP
  171. header to ``SAMEORIGIN``. This prevents GeoServer from being embedded into an iFrame, which prevents certain
  172. kinds of security vulnerabilities. See the `OWASP Clickjacking entry <https://www.owasp.org/index.php/Clickjacking_Defense_Cheat_Sheet>`_ for details.
  173. If you wish to change this behavior you can do so through the following properties:
  174. * ``geoserver.xframe.shouldSetPolicy``: controls whether the X-Frame-Options header should be set at all. Default is true.
  175. * ``geoserver.xframe.policy``: controls what to set the X-Frame-Options header to. Default is ``SAMEORIGIN``. Valid options are ``DENY``, ``SAMEORIGIN`` and ``ALLOW-FROM [uri]``.
  176. .. note::
  177. The WMS GetMap OpenLayers output format uses iframes to display the WMS GetFeatureInfo output and
  178. this may not function properly if the policy is set to something other than ``SAMEORIGIN``.
  179. .. warning::
  180. The ``ALLOW-FROM`` option is not supported by modern browsers and should only be used if you know
  181. that browsers interacting with your GeoServer will support it. Applying this policy will be treated
  182. as if no policy was set by browsers that do not support this (i.e., **NO** protection).
  183. These properties can be set either via Java system property, command line argument (-D), environment
  184. variable or :file:`web.xml` init parameter.
  185. X-Content-Type-Options Policy
  186. '''''''''''''''''''''''''''''
  187. In order to mitigate MIME confusion attacks (which often results in Cross-Site Scripting), GeoServer defaults to setting the ``X-Content-Type-Options: nosniff`` HTTP header.
  188. See the `OWASP X-Content-Type-Options entry <https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Headers_Cheat_Sheet.html#x-content-type-options>`_ for details.
  189. If you wish to change this behavior you can do so through the following property:
  190. * ``geoserver.xContentType.shouldSetPolicy``: controls whether the X-Content-Type-Options header should be set. Default is true.
  191. This property can be set either via Java system property, command line argument (-D), environment
  192. variable or web.xml init parameter.
  193. X-XSS-Protection Policy
  194. '''''''''''''''''''''''
  195. GeoServer supports setting the X-XSS-Protection HTTP header in order to control the built-in reflected XSS filtering that existed in
  196. some older browsers. This header is **NOT** enabled by default since it does not affect modern browsers. Enabling the header without
  197. specifying a policy will default to Spring Security's default of ``0`` (which is also the current OWASP recommendation). See the
  198. `OWASP X-XSS-Protection entry <https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Headers_Cheat_Sheet.html#x-xss-protection>`_ for details.
  199. If you wish to change this behavior you can do so through the following properties:
  200. * ``geoserver.xXssProtection.shouldSetPolicy``: controls whether the X-XSS-Protection header should be set at all. Default is false.
  201. * ``geoserver.xXssProtection.policy``: controls what to set the X-XSS-Protection header to. Default is ``0``. Valid options are ``0``, ``1`` and ``1; mode=block``.
  202. These properties can be set either via Java system property, command line argument (-D), environment
  203. variable or web.xml init parameter.
  204. Strict-Transport-Security Policy
  205. ''''''''''''''''''''''''''''''''
  206. In order to reduce the possibility of man-in-the-middle attacks GeoServer supports setting the Strict-Transport-Security HTTP header.
  207. This header is **NOT** enabled by default and, when enabled, this header will only be set on HTTPS requests. If a policy has not been
  208. set, the default policy will be the same as Spring Security's default of ``max-age=31536000 ; includeSubDomains``. See the
  209. `OWASP Strict-Transport-Security entry <https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Headers_Cheat_Sheet.html#strict-transport-security-hsts>`_ for details.
  210. If you wish to change this behavior you can do so through the following properties:
  211. * ``geoserver.hsts.shouldSetPolicy``: controls whether the Strict-Transport-Security header should be set at all. Default is false.
  212. * ``geoserver.hsts.policy``: controls what to set the Strict-Transport-Security header to. Default is ``max-age=31536000 ; includeSubDomains``. Valid options can change the max-age to the desired age in seconds and can omit the includeSubDomains directive.
  213. These properties can be set either via Java system property, command line argument (-D), environment
  214. variable or web.xml init parameter.
  215. OWS ServiceException XML mimeType
  216. '''''''''''''''''''''''''''''''''
  217. By default, OWS Service Exception XML responses have content-type set to ``application/xml``.
  218. In case you want it set to ``text/xml`` instead, you need to setup the Java System properties:
  219. * ``-Dows10.exception.xml.responsetype=text/xml`` for OWS 1.0.0 version
  220. * ``-Dows11.exception.xml.responsetype=text/xml`` for OWS 1.1.0 version
  221. .. _production_config_freemarker_escaping:
  222. FreeMarker Template Auto-escaping
  223. '''''''''''''''''''''''''''''''''
  224. By default, FreeMarker's built-in automatic escaping functionality will be enabled to mitigate potential cross-site scripting
  225. (XSS) vulnerabilities in cases where GeoServer uses FreeMarker templates to generate HTML output and administrators are able
  226. to modify the templates and/or users have significant control over the output through service requests. When the
  227. ``GEOSERVER_FORCE_FREEMARKER_ESCAPING`` property is set to false, auto-escaping will delegate either to the feature's default
  228. behavior or other settings which allow administrators to enable/disable auto-escaping on a global or per virtual service
  229. basis. This property can be set to false either via Java system property, command line argument (-D), environment variable or
  230. web.xml init parameter.
  231. This setting currently applies to the WMS GetFeatureInfo HTML output format and may be applied to other applicable GeoServer
  232. functionality in the future.
  233. .. warning::
  234. While enabling auto-escaping will prevent XSS using the default templates and mitigate many cases where template authors
  235. are not considering XSS in their template design, it does **NOT** completely prevent template authors from creating
  236. templates that allow XSS (whether this is intentional or not). Additional functionality may be added in the future to
  237. mitigate those potential XSS vulnerabilities.
  238. .. _production_config_external_entities:
  239. External Entities Resolution
  240. ''''''''''''''''''''''''''''
  241. When processing XML documents from service requests (POST requests, and GET requests with FILTER and SLD_BODY parameters) XML entity resolution is used to obtain any referenced documents. This is most commonly seen when the XML request provides the location of an XSD schema location for validation).
  242. GeoServer provides a number of facilities to control external entity resolution:
  243. * By default `http` and `https` entity resolution is restricted to the following default::
  244. www.w3.org|schemas.opengis.net|www.opengis.net|inspire.ec.europa.eu/schemas
  245. The default list includes the common w3c, ogc, and inspire schema locations required for OGC Web Service operation.
  246. Access is provided to the proxy base url from global settings.
  247. Access to local `file` references is restricted.
  248. * To allow additional external entity `http` and `https` locations use a comma or bar separated list::
  249. -DENTITY_RESOLUTION_ALLOWLIST=server1|server2|server3/schemas
  250. These locations are in addition to the default w3c, ogc, and inspire schema locations above.
  251. Access is provided to the proxy base url from global settings.
  252. Access to local `file` references remains restricted.
  253. * To allow all `http` and `https` entity resolution use `*` wildcard::
  254. -DENTITY_RESOLUTION_ALLOWLIST=*
  255. Access to local `file` references remains restricted.
  256. * To turn off all restrictions (allowing ``http``, ``https``, and ``file`` references) use the global setting :ref:`config_globalsettings_external_entities`.
  257. This setting prevents ``ENTITY_RESOLUTION_ALLOWLIST`` from being used.
  258. .. _production_config_spring_firewall:
  259. Spring Security Firewall
  260. ''''''''''''''''''''''''
  261. GeoServer defaults to using Spring Security's StrictHttpFirewall to help improve protection against potentially malicious
  262. requests. However, some users will need to disable the StrictHttpFirewall if the names of GeoServer resources (workspaces,
  263. layers, styles, etc.) in URL paths need to contain encoded percent, encoded period or decoded or encoded semicolon characters.
  264. The ``GEOSERVER_USE_STRICT_FIREWALL`` property can be set to false either via Java system property, command line argument
  265. (-D), environment variable or web.xml init parameter to use the more lenient DefaultHttpFirewall.
  266. Static Web Files
  267. ''''''''''''''''
  268. GeoServer by default allows administrators to serve static files by simply placing them in the ``www``` subdirectory of the
  269. GeoServer data directory. If this feature is not being used to serve HTML/JavaScript files or is not being used at all, the
  270. ``GEOSERVER_DISABLE_STATIC_WEB_FILES`` property can be set to true to mitigate potential stored XSS issues with that directory.
  271. See the :ref:`tutorials_staticfiles` page for more details.
  272. Session Management
  273. ------------------
  274. GeoServer defaults to managing user sessions using cookies with the ``HttpOnly`` flag set to prevent attackers from using cross-site scripting (XSS) attacks to steal
  275. a user's session token. You can configure the session behavior by modifying the :file:`web.xml` file of your GeoServer instance.
  276. It is strongly recommended that production environments also set the ``Secure`` flag on session cookies. This can be enabled by uncommenting the following in the :file:`web.xml`
  277. file if the web interface is only being accessed through HTTPS but the flag may need to be set by a proxy server if the web interface needs to support both HTTP and HTTPS.
  278. .. code-block:: xml
  279. <secure>true</secure>