Configure server settings
Server settings let you configure how a server functions in each environment (development, test, and production).
Servers and Assess analysis fine tuning
New servers automatically pick a tuning profile based on their configured server environment. For servers that existed before May 20, 2025, Contrast assigns the Development profile for Dev and QA environments, and the Production profile for Production environments, unless you enabled custom sampling. In that case, Contrast assigns your Custom profile with its specified values.
For servers configured for a Production environment and have Assess enabled, Contrast always obfuscates the captured sample user input values to avoid capturing any sensitive data.
Steps
Select Servers in the header.
Find the server you want to modify using either of these methods:
Select the Filter icon (
) at the top of the Server column.Use the magnifying glass (
) to search.
Go to Server settings using either of these methods:
Hover over the end of the server's row and select the Settings icon (
).Select the name of the server and then, select the Settings icon (
) at the top of the list.
Modify the settings, as needed:
Modify the server name.
Designate the environment in which the server will be running: Development, QA (test), or Production.
In the Server log file, override the existing server log file path by entering the preferred path.
Note
Server log files are restricted to file types of LOG or TXT only.
Set the log level for the server.
Set bot blocking.
Bot blocking blocks traffic from scrapers, attack tools, and other unwanted automation.
To view blocked bot activity, under Attacks > Attack Events, use the filter options.
Supported languages: Java, .NET Framework, .NET Core, Ruby, and Python.
Note
You can configure bot blocking in the YAML files for Java, .NET Framework, .NET Core, Ruby, and Python.
Select Enable output of Protect events to syslog.
This setting is available when Protect is enabled.
Select the syslog message severity levels that the server outputs to syslog. Contrast offers syslog message categories according to the syslog RFC 3164 specification for severity.
These settings only apply for a supported agent and servers with Assess enabled.
Note
Currently the Contrast PHP agent doesn't support this feature. The Contrast Go agent has partial support.
Use these settings to select an application sampling level that balances the sampling rate with application performance impact, based on the server environment.
Fine-tuned for Development: The agent analyzes all URL observations. It is best for environments where code is changing frequently. This option has the most significant effect on application performance.
Fine-tuned for QA: The agent analyzes most URL observations. It is best for environments that have short-lived or changing code. This option has a less significant effect on application performance than the Development option.
Fine-tuned for Production: The agent analyzes fewer URL observations than the other options. It is best for environments that have stable code. This option has the least significant effect on application performance.
Custom: Use this option to set custom values for analysis:
Stack traces: You can chose to have the agent capture All stack traces, Some stack traces, or None.
The Some option captures stack traces for vulnerability source and sink events, but not propagation events in between. This data is typically enough details so that a developer cab make a fix. If full details are needed, the associated route can be exercised in a lower environment.
The exact behavior level of detail captured may also vary by agent language and version.
Baseline: The number of times that Contrast analyzes URLs to complete sampling. The default setting is 5.
Frequency: The number of times that Contrast analyzes URLs after the baseline is achieved. The default setting is 10.
Window: The number of seconds that Contrast retains samples before reverting to the baseline. The default setting is 180.