Order of precedence
Active configuration values are determined using the following order of precedence:
An expired license or exceeding a license quota disables all agent behavior regardless of configuration.
Command line or system property value (if appropriate for the language you are using).
For example:
-Dcontrast.enableFor example:
CONTRAST__ENABLEAn application-specific configuration file (.NET Framework only).
For example: web.config
Configuration values in a YAML file are pulled from the first file found in the following order:
A YAML file indicated by the user
For example:
Java: the
contrast.config.pathsystem propertyNode.js: the
--configFilecommand line flagAny agent: the
CONTRAST_CONFIG_PATHenvironment variable.
A contrast_security.yaml file in the current working directory (all agents except Java)
For example: ./contrast_security.yaml
A contrast_security.yaml file in the application’s configuration directory (Ruby and Python only)
For example:
Ruby on Rails: ./config/contrast_security.yaml
Django: ./settings/contrast_security.yaml
A contrast_security.yaml file in an agent-specific configuration directory. For agents that use a service, use this directory if you need to use separate YAML files for agent and service.
For example:
/etc/contrast/agentname/contrast_security.yaml (where agentname is one of: dotnet, go, java, node, python, ruby, or webserver)
%ProgramData%\Contrast\agentname\contrast_security.yaml (where agentname is one of: dotnet, dotnet-core, java, node, python, ruby, or webserver)
A contrast_security.yaml file within the server's /etc/contrast directory (all agents except .NET Framework, and .NET Core). For agents that use a service, use this directory if you need to share YAML files between agent and service.
For example:
/etc/contrast/contrast_security.yaml
%ProgramData%\Contrast\contrast_security.yaml
Values set in the Contrast web interface.
For example: Server mode toggles for Assess and Protect, which map to
assess.enableandprotect.enableThe default value set by Contrast Security.