PAS for OpenEdge comes preconfigured with certain server features and HTTP request filters (referred to as valves) that are executed on each client request. Although the default settings work for most situations, some server features or filters can be disabled to adjust security or HTTP request processing time. The recommended method of controlling server options is to use the PASMAN command line utility: 

pasman.[bat|sh] feature feature-name={on|off} -I instance-name

The complete list of instance features can be displayed by typing the following command:

proenv>pasman.[bat|sh] feature -I instance-name
VersionLoggerListener=off
SecurityListener=off
APRListener=off
PSClifecycle=on
JMXLifecycle=off
PSCRegistry=on
HealthCheck=off
HTTP=on
HTTPS=on
AJP13=off
Cluster=off
UserDatabase=on
JAASRealm=off
LDAPRealm=off
PASInstrument=off
RemoteHostValve=on
RemoteAddrValve=on
SingleSignOn=on
AccessLog=on
CrawlerSessionManager=on
StuckSessionValve=on

A description of each individual feature can be displayed by typing the following command:

pasman.{bat|sh} help feature-name -I instance-name

Tuning tips

  • The StuckSessionValve applies to all deployed web applications, including the OpenEdge web applications that execute the ABL language requests. This setting can result in false positives so interpret the information as informational and not an error.
  • The CrawlerSessionManager feature protects against large numbers of HTTP sessions being started by external web page indexers which consume a lot of heap space. For web-based PAS for OpenEdge instances, Progress recommends that you leave the feature enabled. If you have intranet PAS for OpenEdge instances you may disable the feature.
  • The AccessLog feature uses processing time to format and write the tracking of HTTP clients. This feature should be disabled unless deemed necessary.
  • The SingleSignOn (SSO) feature allows the user to log in just once to the PAS for OpenEdge instance for all web applications in a particular realm. Both the Apache Tomcat management and OpenEdge remote administration web applications share the same realm and benefit from SSO. The OpenEdge web applications (oeabl.war) can also benefit from this functionality if they are configured for container security. If your production PAS for OpenEdge instance does not deploy those administration web applications or need to benefit from SSO, disable this feature.
  • PAS for OpenEdge instance clusters are advanced web server architectures and the Cluster feature should remain disabled until it is necessary to support your ABL application using multiple PAS for OpenEdge instances.
  • The SecurityListener feature is used infrequently but is available for best-practice production security configurations. Enable this feature only if you are certain that PAS for OpenEdge instances are deployed using the required OS file and directory permissions.
  • The RemoteHostValve and RemoteAddrValve default configuration allows all host names and addresses, so their overhead is small. Both DNS and IP addresses are considered unreliable for identifying internet clients, so you may disable these if PAS for OpenEdge is web-based. They may be of more use when PAS for OpenEdge is running on what the end user site considers a secured intranet.