Configuring Outbound Traffic

The Sonatypey IQ Server requires internet connectivity to perform license validation and vulnerability scans. It needs to communicate securely with the Sonatype Data Services using HTTPS.

Network firewall and HTTP proxy server administrators must ensure the following URL is accessible to IQ Server:

https://clm.sonatype.com:443

The IQ Server sends notification emails containing links to static resources loaded from:

https://cdn.sonatype.com:443

Email clients should also have access to the cdn.sonatype.com subdomain.

Many organizations manage HTTP network traffic via an HTTP proxy server. To allow the IQ Server to reach Sonatype Data Services, you may have to configure the IQ Server to use a specific HTTP Proxy Server for outbound requests. The proxy server must support the CONNECT method of tunneling.

IQ Server 84 and newer

The connection details are specified using the HTTP Proxy Server Configuration REST API or through IQ Server's UI via the Proxy option in the System Preferences menu.

NTLM Authentication

Note

IQ Server supports NTLM 1 authentication. It does not support NTLM 2.

If your proxy server uses NTLM authentication, supply your username in the following format:

# Proxy settings.
#proxy:

  # The host running the proxy server to use.
  #hostname: "127.0.0.1"

  # The port at which the proxy server listens on.
  #port: 80

  # The username used to access the proxy server.
  #username: "anonymous"

  # The password used to access the proxy server.
  #password: "guest"

  username: "DOMAIN\\username"

You may customize the user-agent header used for HTTP requests when needed by some network firewall configurations.

Control characters are not permitted in the user agent and the max length of the text is 128 characters.

Configure the user agent string as follows:

userAgentSuffix: "test string"