| Oracle® iPlanet Web Proxy Server Release Notes Release 4.0.28 E18782-14 |
|
|
PDF · Mobi · ePub |
| Oracle® iPlanet Web Proxy Server Release Notes Release 4.0.28 E18782-14 |
|
|
PDF · Mobi · ePub |
This chapter contains information about the features, enhancements, and resolved issues in the 4.0.28 release of Oracle iPlanet Web Proxy Server. Read this document before installing and configuring Oracle iPlanet Web Proxy Server, and then periodically thereafter for the most up-to-date information. This chapter also provides information about the platforms, software, technologies, and protocols that the latest release supports.
This chapter contains the following sections:
There are no new features or enhancements in Oracle iPlanet Web Proxy Server 4.0.28.
For information about the new features and enchancements in the previous Oracle iPlanet Web Proxy Server releases, see Appendix A.
Table 1-1 lists the issues resolved in Oracle iPlanet Web Proxy Server 4.0.28. The documentation issues are prefixed "Doc:" in the Summary column of the table.
Table 1-1 Issues Resolved in Oracle iPlanet Web Server 4.0.28
| Issue ID | Summary |
|---|---|
|
22591150 |
Need an option to disable/suppress the warning header. |
|
23074461 |
NSS Upgrade to 3.25 or later. |
|
23614417 |
iPlanet Web Proxy Server enabled with only TLS 1.1 and TLS 1.2 fails to start. |
|
24557798 |
Version changes for 4.0.28. |
For information about issues resolved in the previous Proxy Server releases, see Appendix B.
The following table lists the issue IDs available for Oracle iPlanet Web Proxy Server 4.0.28 on My Oracle Support (http://support.oracle.com).
| Platform | Issue ID |
|---|---|
| Oracle Solaris SPARC (32-bit) | 24671497 |
| Oracle Solaris on x86 (32-bit) | 24671497 |
| HP-UX PA-RISC (32- bit) | 24671497 |
| Linux x86-64 (Linux 6) | 24671497 |
| Linux x86 (Linux 6) | 24671497 |
| Microsoft Windows (32-bit) | 24671497 |
This section provides information about the hardware and software requirements of Oracle iPlanet Web Proxy Server 4.0.28.
This section includes the following topics:
Complete information about supported operating environments and hardware for Oracle iPlanet Web Proxy Server 4.0.28 is available in the Oracle iPlanet Web Proxy Server 4.0.14+ Certification Matrix, which is available at:
http://www.oracle.com/technetwork/middleware/ias/downloads/fusion-certification-100350.html
System virtualization is a technology that enables multiple operating system (OS) instances to execute independently on shared hardware. Functionally, software deployed to an OS hosted in a virtualized environment is generally unaware that the underlying platform has been virtualized. Oracle performs testing of its products on select system virtualization and OS combinations to help validate that Oracle products continue to function on properly sized and configured virtualized environments as they do on non-virtualized systems.
For information about support for Oracle products in virtualized environments, see:
http://www.oracle.com/technetwork/middleware/ias/oracleas-supported-virtualization-089265.html
In addition to the requirements provided in Oracle iPlanet Web Proxy Server 4.0.14+ Certification Matrix, your system must also have adequate swap space:
Solaris requires a swap space that is at least as large as the amount of RAM on your system (twice the amount of RAM is recommended).
Linux requires 256 megabytes of swap space.
It is recommended that you update your operating system with the latest applicable patches. Required patches are listed by platform.
The following is the required patch level for Oracle iPlanet Web Proxy Server 4.0.28 on Solaris SPARC and x86:
Solaris 8 (SPARC): 108434-18 (shared library patch for C++)
Solaris 9 (SPARC): 111711-12 (shared library patch for C++)
Solaris 9 (x86): 111713-12 (shared library patch for C++)
Solaris 10 (SPARC): NOT REQUIRED
Solaris 10 (x86): 119964-03 (shared library patch for C++)
The following are the required patch levels for Oracle iPlanet Web Proxy Server 4.0.28 in Linux:
Red Hat Enterprise Linux Advanced Server 3: compat-libstdc++-7.3-2.96.128.rpm
Red Hat Enterprise Linux Advanced Server 4: compat-libstdc++-33-3.2.3-47.3.rpm, compat-libstdc++-296-2.96-132.7.2.rpm
SUSE Linux Enterprise Server 10 service pack 3: libstdc++33-3.3.3-7.8.1.rpm
SUSE Linux Enterprise Server 11 service pack 1: libstdc++33-3.3.3-11.9.rpm
Complete information about supported web browsers for Oracle iPlanet Web Proxy Server 4.0.28 is available in Oracle iPlanet Web Proxy Server 4.0.14+ Certification Matrix, which is available at:
http://www.oracle.com/technetwork/middleware/ias/downloads/fusion-certification-100350.html
Operating System Versions. As of the release of Oracle iPlanet Web Proxy Server 4.0.16, the following operating system versions are deprecated and will become unsupported in a future release of Oracle iPlanet Web Proxy Server:
Web Browser Versions. As of the release of Oracle iPlanet Web Proxy Server 4.0.16, the following web browser versions are deprecated and will become unsupported in a future release of Oracle iPlanet Web Proxy Server:
The recent releases of Oracle iPlanet Web Proxy Server include the enhancements described in the following subsections.
Oracle iPlanet Web Proxy Server 4.0 supports transparent proxy for HTTP/1.1 connections. Transparent proxying involves intercepting and processing web requests by using the proxy server, without the knowledge or control of clients. For example, a router for a local network is configured to redirect incoming TCP connections to the local port, in which the proxy server is active.
Add the following directive to the proxy server default object in the obj.conf file:
NameTrans fn="host-map"
This configuration enables the proxy server to use the HTTP Host: header of incoming requests to identify and redirect the request to the target remote server.
Note:
Transparent proxy servers that decide connections based on the HTTP
Host: headers are vulnerable to fake HTTP Host: headers forged through the active content. Therefore, suitable ACL configurations must be implemented to prevent connections to web sites that might host malicious content.URL mapping was implemented in Oracle iPlanet Web Proxy Server 4.0.8. It enables Oracle iPlanet Web Proxy Server to act as a reverse proxy. This feature enables Oracle iPlanet Web Proxy Server to provide a single front-end host name for back-end application servers. Based on a requester's URI, access is provided to back-end servers.
For more information about URL mapping, see "Reverse Proxy Scenario" in Oracle iPlanet Web Proxy Server 4.0.14 Configuration File Reference.
For information about Server Application Functions (SAFs) used in URL mapping, see "Server Application Functions (SAFs)" in Oracle iPlanet Web Proxy Server 4.0.14 Configuration File Reference.
The monitoring capabilities of Oracle iPlanet Web Proxy Server provide a detailed list of the server parameters that you can monitor at instance level.
From the Proxy Administration Server, you can perform the following actions:
View server statistics at an instance level
Enable or disable parameters at an instance level
To monitor the server, do the following:
Access the Administration Server
Click the Instance link from the Manage Servers page
Click the Server Status tab
Click the Monitor Current Activity tab
Set the Monitoring Current Activity to ON to monitor the server
You can also refresh the server in intervals of 5,10, and 15 seconds and view the statistics of the DNS, Keep-Alive, Cache, Server Requests, and Work Thread connections.
The embedded DNS supports the nondefault name resolution. The DNS client interacts with a DNS server to perform the name resolution. The new SAF dns-lookup, receives the DNS server's IP address as a server argument. This IP address should be added as a DNS directive in the obj.conf file.
In the following example, the IP address of the DNS server is specified in the server parameter:
<object> .... DNS fn="dns-lookup" server="170.168.10.3" ... </object>
In the following example, you can add multiple DNS server IPs to dns-lookup-init, and it will be used in a round-robin model. In this scenario, do not add DNS server IP address to dns-lookup. If DNS server parameters are added to both dns-lookup and dns-lookup-init, the dns-lookup argument will take precedence.
... <Object> ... DNS fn="dns-lookup" .... Init fn="dns-lookup-init" servers="170.168.10.3, 170.158.10.4" </Object>
Information about the Parameter cont
The dns-lookup SAF takes a cont parameter (for continue), which is true by default. If the embedded DNS resolution fails, the server reverts to the system DNS resolution. If set to false, the server reports an error when embedded DNS resolution fails.
ACLCacheMax is a magnus.conf parameter that sets a limit to the total number of ACLs stored in the ACL cache. There is no default value for ACLCacheMax and it should be configured for a specific limit.
For example, ACLCacheMax 16384
Note:
The ACL cache in this context does not refer to the ACL user cache. It refers to a cache where ACLs are applicable to specific URLs that are cached for performance reasons.GCAtStartup is a magnus.conf parameter that allows a Boolean value. By default, the value is false; if set to true, cache garbage collector clears the garbage during the server startup. This can increase the server startup time when the cache size is large.
PURGE FeatureOracle iPlanet Web Proxy Server allows PURGE requests to clear the cached URL. If the requested URL is purged successfully, a response with an HTTP status code of 200 (OK) is sent by the server. If the specified URL is not cached, a 404 (Not Found) response is sent.
In the following example, the server returns the value 200:
bash-2.03$ telnet localhost 8088 Trying 172.9.10.1... Connected to localhost. Escape character is '^]'. PURGE http://foo.com/ HTTP/1.0 HTTP/1.1 200 OK Server: Oracle-iPlanet-Proxy-Server/4.0 Date: Fri, 26 Oct 2007 08:15:30 GMT Connection: close
In the following example, the server returns the value 404:
Connection closed by foreign host. bash-2.03$ telnet localhost 8088 Trying 172.9.10.1... Connected to localhost. Escape character is '^]'. PURGE http://foo.com/ HTTP/1.0 HTTP/1.1 404 Not Found Server: Oracle-iPlanet-Proxy-Server/4.0 Date: Mon, 17 Sep 2007 10:13:28 GMT Content-length: 96 Content-type: text/html Connection: close
You can connect to an IPv6-enabled web site through Oracle iPlanet Web Proxy Server 4.0.11. Proxy Server also supports the ftp extension for IPv6 in default (passive) mode.
Oracle iPlanet Web Proxy Server 4.0.28 supports Network Security Services (NSS) 3.25 and Netscape Portable Runtime (NSPR) 4.11.
From the Oracle iPlanet Web Proxy Server 4.0.6 release, support for extended address passive port (EPSV) mode has been introduced.
From the Oracle iPlanet Web Proxy Server 4.0.2 release, the installer supports the upgrade of an existing Oracle iPlanet Web Proxy Server 4.0 installation to the later release. For the Java Enterprise System installations of Oracle iPlanet Web Proxy Server 4.0.1, you must install the patches that correspond to the later release.
The minimum required memory for installing Oracle iPlanet Web Proxy Server is 512 MB. The minimum recommended disk space for installing Oracle iPlanet Web Proxy Server is 550 MB.
Oracle iPlanet Web Proxy Server 4.0.12 provides hardware accelerator support for Sun Crypto Accelerator 6000, a cryptographic accelerator board that enhances the performance of SSL on Oracle iPlanet Web Proxy Server.
Daylight Savings Time (DST) starts in U.S.A from the 2nd Sunday of March and ends on the 1st Sunday of November. This impacts the date and time rules of the operating system.
To ensure that the log files contain the correct time in US time zones, and that the Administration Server is not impacted by this change, do the following:
Download and install the appropriate operating system patches.
For other platforms, download similar DST-compatible patches from the respective operating system vendor's web site.
For Solaris, Windows, and Linux, run Oracle iPlanet Web Proxy Server with JRE 1.5.0_12. For HP-UX, run Oracle iPlanet Web Proxy Server with JRE 1.5.0_12.
|
 Copyright © 2001, 2016, Oracle and/or its affiliates. All rights reserved. Legal Notices |
|