Contents

Preface

What iPlanet Web Proxy Server Provides
What's in This Book?
Conventions Used in This Book
Contacting iPlanet Technical Support

Administering the Proxy Server

Chapter 1 Starting the Administration and Proxy Servers

Starting and Stopping the Administration Server

Starting the Administration Server
Stopping the Administration Server

Using the Server Administration Page
Starting and Stopping iPlanet Web Proxy Server

Starting the Proxy Server
Restarting the Proxy Server
Stopping the Proxy Server

Creating a New Proxy Server Instance

Chapter 2 Managing Your Server

Overview
Using the Server Manager

Chapter 3 Managing Templates and Resources

What is a Template?

Understanding Regular Expressions
Understanding Wildcard Patterns

Creating Templates
Viewing and Removing Templates
Removing Resources
Online Forms for Controlling Resources

Chapter 4 Configuring Server Preferences

Starting and Stopping the Proxy Server
Viewing Server Settings
Restoring and Viewing Backup Configuration Files
Changing System Specifics

Bind Address
Server Port
Server User
Processes
Process Life
DNS
ICP
Proxy Array
Parent Array
Proxy Timeout

Creating MIME Types

Understanding DNS Caching
Setting Levels of DNS Subdomains

Disabling HTTP Keep-Alive
Allowing or Blocking Arbitrary Methods
WebDAV Support

Chapter 5 Controlling Access to Your Server

How Does Access Control Work?

Access Control Files
Controlling Access with Client Certificates

Restricting Access

Denying Access to a Resource
Allowing Access to a Resource

Chapter 6 Proxying and Routing URLs

Enabling Proxying for a Resource
Configuring Routing for a Resource
Chaining Proxy Servers
Routing Through a SOCKS Server
Sending the Client's IP Address to the Server
Allowing Clients to Check IP Addresses
Disconnecting the Proxy from the Network
Changing the Default FTP Transfer Mode
Mapping URLs to Other URLs

Creating a URL Mapping
Editing Existing Mappings
Redirecting URLs

Specifying the SOCKS Name Server IP Address
Client Autoconfiguration

Chapter 7 Reverse Proxy

How Reverse Proxying Works

Proxy as a Stand-in for a Server
Proxying for Load Balancing

Setting up a Reverse Proxy

Virtual Multihosting in Reverse Proxy

Chapter 8 Using SOCKS v5

Using a SOCKS Server

Configuring SOCKS v5
Creating SOCKS v5 Authentication Entries
Editing SOCKS v5 Authentication Entries
Deleting SOCKS v5 Authentication Entries
Moving SOCKS v5 Authentication Entries
Creating SOCKS v5 Connection Entries
Editing SOCKS v5 Connection Entries
Deleting SOCKS v5 Connection Entries
Moving SOCKS v5 Connection Entries
Creating Routing Entries
Editing Routing Entries
Deleting Routing Entries
Moving Routing Entries
Enabling SOCKS

Authenticating Through a SOCKS Server Chain

Chapter 9 Caching

How Caching Works
Understanding the Cache Structure
Distributing Files in the Cache
Setting Cache Specifics

Enabling the Cache
Creating a Cache Working Directory
Recording URLs
Setting the Cache Size
Editing the Cache Capacity
Caching HTTP Documents
Caching FTP and Gopher Documents

Configuring the Cache

Setting the Cache Default
Caching Pages Retrieved Using HTTPS
Caching Pages that Require Authentication
Caching Queries
Setting the Minimum and Maximum Cache File Sizes
Setting the Cache Behavior for Client Interruptions
Setting the Cache Behavior for Failed Origin Server Connections

Adding and Modifying Cache Partitions
Adding and Modifying Cache Sections
Setting the Cache Capacity
Enabling the Cache Monitor and Manager

Accessing Cache Manager Information

Caching Local Hosts
Using Cache Batch Updates

Creating a Batch Update
Editing or Deleting a Batch Update Configuration

Using the Cache Command Line Utilities

Building the Cache Directory Structure
Upgrading the Cache Structure
Repairing the Cache URL List
Cleaning the URL List

Routing through Proxy Arrays

Creating a Proxy Array Member List
Configuring Proxy Array Members
Enabling Routing Through a Proxy Array
Enabling a Proxy Array
Redirecting Requests in a Proxy Array
Generating a PAC File from a PAT File
Routing Through a Parent Array

Routing Through ICP Neighborhoods

Adding Parents to an ICP Neighborhood
Removing Parents from an ICP Neighborhood
Editing Configurations for Parents in an ICP neighborhood
Adding Siblings to an ICP Neighborhood
Removing Siblings from an ICP Neighborhood
Editing Configurations for Siblings in an ICP Neighborhood
Configuring Individual ICP Neighbors
Enabling ICP
Enabling Routing Through an ICP Neighborhood

Chapter 10 Filtering Content Through the Proxy

Filtering URLs

Creating a Filter File of URLs
Setting Default Access for a Filter File

Restricting Access to Specific Web Browsers
Request Blocking
Suppressing Outgoing Headers
Appending Customized Outgoing Headers
Filtering by MIME Type
Filtering out HTML Tags

Chapter 11 Using the Client Autoconfiguration File

Understanding Autoconfiguration Files

What Does the Autoconfiguration File Do?
Accessing the Proxy as a Web Server

Using the Server Manager Forms to Create an Autoconfiguration File
Creating the Autoconfiguration File Manually

The FindProxyForURL Function
The Function Return Values
JavaScript Functions and Environment

Chapter 12 Monitoring the Server's Status

Monitoring the Server Using HTTP

Server Usage
Activity Breakdown
Totals

Working with Log Files

Viewing the Error Log File
Viewing an Access Log File
Understanding Access Logfile Syntax
Understanding Status Codes
Setting Access Log Preferences
Working with the Log Analyzer
Running the Log Analyzer from the Server Manager
Running the Log Analyzer from the Command Line
Archiving Log Files

Monitoring the Server Using SNMP

How Does SNMP Work?
The Proxy Server MIB

Chapter 13 Proxy Error Log Messages

Proxy Error Messages

Catastrophe
Failure
Warning
Security

SOCKS Error Messages

Chapter 14 Understanding Encryption and SSL

What is Encryption?

Using Encryption in the Proxy Server

What is SSL?

Tunneling SSL through the Proxy Server

What is HTTPS?

Enabling HTTPS Proxying

Enabling SSL on Your Server

Activating SSL

Setting Encryption Preferences

SSL Version
Client Certificates
Ciphers
Keeping Clients from Caching SSL Files
Configuring SSL Tunneling

Increasing Server Security
What is Client Authentication?

Client Authentication in a Reverse Proxy
Setting up Client Authentication in a Reverse Proxy

Effects of an SSL-Enabled Server

Secure URL Construction
Secure Server Document Root
Unprotected Server Document Directory
Changes to the magnus.conf File

Chapter 15 Tuning Server Performance

Using Timeouts Effectively

Read Timeout
Proxy Timeout
Timeout After Interrupt
Keep-Alive Timeout
Global Netlib Timeout
Stall Timeout Override

Controlling Up-to-Date Checks

Setting the Last-modified Factor

Using DNS Effectively
Determining the Number of Processes
Disabling Keep-Alives
Using SOCKS Effectively

Worker Threads
Accept Threads

Tuning FTP Listing Width
Using the Cache Effectively

Optimizing Cache Architecture
Tuning the Cache

Tuning the Garbage Collector

Gc URL DB Interval
Gc Nap Length
Hard Gc Nap Count
Soft Gc Nap Count
Hard Gc Max Entries
Gc Dir Chunk
Gc Hi Margin Percent
Gc Lo Margin Percent
Gc Extra Margin Percent
Gc Leave Fs Full Percent

Chapter 16 Configuring the Proxy Manually

The magnus.conf File
The obj.conf File

The Structure of obj.conf
Required Objects for obj.conf
How the Proxy Server Handles Objects

The mime.types File
The admpw File
The socks5.conf File
The bu.conf File

Object Boundaries
Examples of bu.conf

The icp.conf File
The parray.pat File
The parent.pat File

Programming the Proxy Server

Chapter 17 Creating Server Plug-in Functions

What Is the Server Plug-in API?
Writing Plug-in Functions

The Server Plug-in API Header Files
Getting Data From the Server: The Parameter Block
Passing Parameters to Server Application Functions
Reporting Errors to the Server

Compiling and Linking Your Code
Loading Your Shared Object
Using Your Plug-in Functions

Appendix A Server Plug-in API Function Definitions

Appendix B Server Data Structures

The Session Data Structure
The Parameter Block (pblock) Data Structure

The Pb_entry Data Structure
The Pb_param Data Structure

The Client Parameter Block

The Request Data Structure
The Stat Data Structure
The Shared Memory Structure, Shmem_s
The Netbuf Data Structure
The Filebuffer Data Structure
The Cinfo Data Structure
The SYS_NETFD Data Structure
The SYS_FILE Data Structure
The SEMAPHORE Data Structure
The Sockaddr_in Data Structure
The CONDVAR Data Structure
The CRITICAL Data Structure
The SYS_THREAD Data Structure
The CacheEntry Data Structure
The CacheState Data Structure
The ConnectMode Data Structure

Appendix C Proxy Configuration Files

The magnus.conf File

Certfile
Ciphers
DNS
ErrorLog
Keyfile
LDAPConnPool
LoadObjects
MaxProcs
PidLog
Port
ProcessLife
RootObject
Security
ServerName
SSLClientAuth
SSL2
SSL3
SSL3Ciphers
User

The obj.conf File

AddLog
AuthTrans
Connect
DNS
Error
Filter
Init
NameTrans
ObjectType
PathCheck
Route
Service

The socks5.conf File

Authentication/Ban Host Entries
Routing Entries
Variables and Flags

The bu.conf File

Accept
Connections
Count
Days
Depth
Object boundaries
Reject
Source
Time
Type

The icp.conf File

Glossary

Index