Chapter 3
Managing Templates and Resources
Templates allow you to group URLs together so that you can configure how the proxy handles them. You can make the proxy behave differently depending on the URL the client tries to retrieve. For example, you might require the client to authenticate (type in a user name and password) when accessing URLs from a specific domain. Or, you might deny access to URLs that point to image files. You can configure different cache refresh settings based on the file type (keep some files in the cache longer than others).
What is a Template?
A template is a collection of URLs, called resources. A resource might be a single URL, a group of URLs that have something in common, or an entire protocol. You name and create a template and then you assign URLs to that template by using regular expressions. This means that you can configure the proxy server to handle requests for various URLs differently. Any URL pattern you can create with regular expressions can be included in a template. Table 3-1 lists the default resources and provides some ideas for other templates.
Table 3-1 Resource regular expression wildcard patterns
|
Regular expression pattern
|
What it configures
|
|
ftp://.*
|
All FTP requests
|
|
http://.*
|
All HTTP requests
|
|
https://.*
|
All secure HTTP requests
|
|
gopher://.*
|
All Gopher requests
|
|
connect://.*:443
|
All SSL (secure) transactions to HTTPS port.
|
|
http://home\.iplanet\.com.*
|
All documents on the home.iplanet.com web site.
|
|
.*\.gif.*
|
Any URL that includes the string .gif
|
|
.*\.edu.*
|
Any URL that includes the string .edu
|
|
http://.*\.edu.*
|
Any URL going to a computer in the .edu domain
|
Understanding Regular Expressions
iPlanet Web Proxy Server allows you to use regular expressions to identify resources. Regular expressions specify a pattern of character strings. In the proxy server, regular expressions are used to find matching patterns in URLs.
Here is an example of a regular expression:
[a-z]*://[^:/]*\.abc\.com.*>
This regular expression would match any documents from the .abc.com domain. The documents could be of any protocol and could have any file extension.
Table 3-2 contains regular expressions and their corresponding meanings.
Table 3-2 Regular expressions and their meanings
|
Expression
|
Meaning
|
|
.
|
Matches any single character except a newline.
|
|
x?
|
Matches zero or one occurrences of regular expression x.
|
|
x*
|
Matches zero or more occurrences of regular expression x.
|
|
x+
|
Matches one or more occurrences of regular expression x.
|
|
x{n,m}
|
Matches the character x where x occurs at least n times but no more than m times.
|
|
x{n,}
|
Matches the character x where x occurs at least n times.
|
|
x{n}
|
Matches the character x where x occurs exactly n times.
|
|
[abc]
|
Matches any of the characters enclosed in the brackets.
|
|
[^abc]
|
Matches any character not enclosed in the brackets.
|
|
[a-z]
|
Matches any characters within the range in the brackets.
|
|
x
|
Matches the character x where x is not a special character.
|
|
\x
|
Removes the meaning of special character x.
|
|
"x"
|
Removes the meaning of special character x.
|
|
xy
|
Matches the occurrence of regular expression x followed by the occurrence of regular expression y.
|
|
x|y
|
Matches either the regular expression x or the regular expression y.
|
|
^
|
Matches the beginning of a string.
|
|
$
|
Matches the end of a string.
|
|
(x)
|
Groups regular expressions.
|
This example illustrates how you can use some of the regular expressions in Table 3-2.
[a-z]*://([^.:/]*[:/]|.*\.local\.com).*"
[a-z]* matches a document of any protocol.
:// matches a (:) followed by (//).
[^.:/]*[:/] matches any character string that does not include a (.),(:) or (/), and is followed by either a (:) or a (/). It therefore matches host names that are not fully qualified and hosts with port numbers.
|.*\.local\.com does not match fully qualified domain name host names such as local.com but does match documents in the .local.com domain.
.*" matches documents with any file extension.
|
Note
|
As noted in Table 3-2, the backslash can be used to escape or remove the meaning of special characters. Characters such as the period and question mark have special meanings, and therefore, must be escaped if they are used to represent themselves. The period, in particular, is found in many URLs. So, to remove the special meaning of the period in your regular expression, you need to precede it with a backslash.
|
Understanding Wildcard Patterns
You can create lists of wildcard patterns that enable you to specify which URLs can be accessed from your site. Wildcards can be in the form of regular expressions or shell expressions, depending on usage. As a general rule:
Use regular expressions for any pattern that matches destination URLs. This includes <Object ppath=...>, URL filters, and the NameTrans, PathCheck, and ObjectType functions.
Use shell expressions for any pattern that matches incoming client or user IDs, including user names and groups for access control and the IP addresses or DNS names of incoming users (for example, <Client dns=...>).
You can specify several URLs by using regular expression wildcard patterns. Wildcards let you filter by domain name or by any URL with a given word in the URL. For example, you might want to block access to URLs that contain the string "sex." To do this, you could specify http://.*sex.* as the regular expression for the template.
Hierarchies of Templates
Templates adhere to a hierarchy when a URL matches more than one template. For example, if you have one template for URLs matching http://.* and another template for URLs matching http://.*\.com/.*, how do you know which template is used for http://home.netscape.com/index.html?
The longest regular expression that matches the URL takes precedence over other regular expressions. So, in the previous example, the second template, http://.*\.com/.*, takes precedence over the first template. It is important to note that the proxy server uses all matching templates but uses the longest (and usually most specific) templates first. The proxy determines the longest template based on the number of characters in the regular expression.
For example, you might have one template with a regular expression that is 15 characters long and another that is only 12 characters, but the shorter regular expression is actually more specific than the longer one. The following two regular expressions illustrate this point:
.*://.*\.com/.*
.*acme.com.*
In this example, the first template takes precedence because it has the longer regular expression pattern. If you want to ensure that the proxy uses the more specific of the regular expressions, you could add characters to it so that it would then take precedence over the other regular expression while still keeping the same meaning. For example, you could change *acme.com.* to .*://.*acme\.com.*.
Creating Templates
You can create a template using a regular expression wildcard pattern. You can then configure aspects that affect only the URLs specified in that template. For example, you might use one type of caching configuration for .GIF images and another for plain .HTML files.
To create a template:
From the Server Manager, choose Templates|New Templates.
-
The Create a New Template form appears.
In the Template Name field, type a name for the template you're creating, and click OK.
-
The name should be something you can easily remember. The Server Manager prompts you to save and apply your changes. You can save the changes after you create a regular expression for the template, as described in the remaining steps.
Click Templates|Apply Template.
-
The Apply a Configuration Template form appears.
Type a regular expression wildcard pattern that includes all of the URLs you want to include in your template.
From the list, select the name of the new template you just added.
Click OK.
Viewing and Removing Templates
You can view the templates created in the Server Manager. To do this, choose Templates|View Template. The templates are shown in a table that lists the regular expression for the template and the template name. To edit an existing template, click the Edit link, which takes you to the Apply form.
You can also remove existing templates. Removing a template deletes all of the associated configurations for the template. For example, if you have access control set up for all URLs in the template TEST, removing the TEST template also removes the access control to the URLs contained in then template.
To remove a template,
From the Server Manager, choose Templates|Remove Templates.
Choose the template from the Remove list.
Click OK.
Removing Resources
You can delete an entire regular expression object and its corresponding configurations with the Remove an Existing Resource form. For instance, you can remove the gopher resource so that all settings associated with that resource will be removed from the proxy server's configuration files.
To remove a resource,
From the Server Manager, choose Templates|Remove Resource. The Remove an Existing Resource form appears.
Select the resource you want to remove by either choosing it from the Remove pull-down menu or clicking the Regular Expression button, entering a regular expression, and clicking OK.
Click OK.
Online Forms for Controlling Resources
This section briefly lists the features that use templates. The features are listed along with information on how to access the Server Manager forms and where to find descriptions of the features: