Firewall constraints for RUM

  • Reference
  • 9-min read

Real User Monitoring (RUM) uses HTTP technologies to send performance data from your end users' browsers to Dynatrace. To do this, the RUM JavaScript is injected into your application's webpages. This tag or code snippet communicates with Dynatrace. However, you must verify the configuration of your firewalls, proxies, and web servers to allow all required data to pass through.

Requests

For RUM to function fully, the following HTTP requests must pass through your infrastructure:

  • Requests for the RUM monitoring code.

    • In case of agentless monitoring, these requests are sent to the Dynatrace CDN with a URL that contains the string js-cdn.dynatrace.com/jstag/.
    • In case of auto-injection, they are, by default, sent to the web or app server that hosts the application, and their URL path contains the string ruxitagentjs_.

    For details on the default URL and the available configuration options, see Configure the Real User Monitoring code source.

  • RUM beacons reporting the data captured by the RUM JavaScript back to Dynatrace.

    • In case of agentless monitoring, beacons are, by default, sent to a beacon endpoint that is part of the Dynatrace SaaS infrastructure. The URL path is /bf or /bf/<id>.
    • In case of auto-injection, beacons are, by default, sent to the web or app server that hosts the application, and the URL contains the string /rb_<id>.
    • The beacon URL contains query parameters. Ensure that your firewall does not remove any query parameters.
    • The POST body contains the payload. The payload is sent with the text/plain content type. For Session Replay, the application/octet-stream content type can also be used.

    For the available beacon endpoint configuration options, see Configure beacon endpoint for web applications.

Headers

RUM uses the following HTTP headers. All of these headers must be able to reach Dynatrace.

Request headers

Response headers

Cookies

RUM uses the following cookies. All of these must be able to reach Dynatrace. See Cookies for more information on how Dynatrace uses cookies.

1

For details, see RUM cookie names.

Mobile RUM

For RUM Classic, OneAgent for Mobile tags HTTP requests with the x-dynatrace header. Dynatrace uses this header to link the mobile part of a web request with the service part captured by another OneAgent. For the New RUM Experience, OneAgent for Mobile tags HTTP requests using the traceparent and tracestate headers.

For hybrid applications, the dtAdk cookie allows to join a session from OneAgent for Mobile and a session from the RUM JavaScript so that these sessions appear as a single session, while the dtAdkSettings cookie is used for syncing settings between OneAgent for Mobile and the RUM JavaScript.

/mbeacon is the monitor signal that OneAgent for Mobile sends back to Dynatrace if the data is transferred through ActiveGate. If the data is sent to another OneAgent, the monitor signal is /dtmb.

Related tags
Digital ExperienceWeb Classic