Viewing and Modifying Advanced Configuration Properties

You can view or modify advanced proxy cache configuration properties in pages accessed through the Advanced Proxy Cache Configuration page. This section assumes you have completed the basic setup of your Netra j proxy cache server. See "Basic Proxy Cache Setup and Shutdown".

To View or Modify Advanced Proxy Cache Configuration Properties

1. From the Main Administration page, click Proxy Cache Service.

2. In the Advanced Proxy Cache Configuration page, click Advanced proxy cache configuration.

   The Advanced Proxy Cache Configuration page presents a list of links, each of which corresponds to a category of proxy cache properties. For all categories, you follow the same procedure for viewing or modifying a property.

3. In the Advanced Proxy Cache Configuration page, click the link for the category in which a property resides.

4. In the page for that category, view or make changes to the value of a property.

   Most properties have editable fields. A few have toggles (either one value or another) or pulldown menus.

5. At the bottom of the category page, click OK.

   A page is displayed indicating the success or failure of your change. If a change fails, the page is redisplayed with the error indicated. Correct the error and click OK again. With some errors, a new page containing an error message is displayed. If this occurs, click the Back button on your browser to return to the category page.

   If you click Reset, the values for the properties on a page revert to what they were when you first loaded the page.

6. After a successful change, click the up arrow icon to return to the Advanced Proxy Cache Configuration page.

   Alternatively, you can click the home icon to return to the Netra j Main Administration page.

The remainder of this chapter is a description of the advanced proxy cache properties, broken down by the categories reflected in the links on the Advanced Proxy Cache Configuration page.

To View or Modify Primary Configuration Properties

1. In the Advanced Proxy Cache Configuration page, click Primary Configuration.

   The Primary Configuration page is displayed.

2. In the Primary Configuration page, accept or modify values for the following properties.

   Table 10-1 Primary Configuration Properties

   Property	Description
   Proxy Webmaster	An e-mail address of the person or group who is to receive notices of abnormal conditions in the Netra j proxy cache server. The default postmaster is root, which means that the recipients you specified for the Netra System Administrator Alias will receive mail bound for the Proxy Webmaster.
   Visible Hostname	Error messages generated by the Netra j proxy cache server contain the host name you specify here. The default is the return from the hostname command.
   Append Domain Name to Unqualified Host Name	If a URL refers to a host name without a . (period) in its name, the domain name you specify for this property is appended to the host name to form a fully qualified domain name.
   Port for HTTP Client Requests	The port number at which the Netra j proxy cache server listens for HTTP requests. Most users can accept the default of 8080. Do not use 81; the Netra j proxy cache uses this number for administrative purposes.
   Port for Neighboring Cache ICP requests	The number of the port on which the proxy cache server will receive and process ICP (InterCache Protocol) requests by other proxy servers that support the ICP protocol.
   Port for Proxy Cache Server Statistics Requests	The TCP or UDP port on which the Netra j proxy cache server provides statistics. The SNMP subagent shipped with the product uses this feature to export the statistics via SNMP. Setting this property to 0 (zero) disables the providing of statistics. The default is 3140. Entering a non-zero value enables proxy cache monitoring, which is described in "Proxy Cache Monitoring".
   Receive ICP Requests on this Address	If you enter an address, the Netra j proxy cache server accepts ICP requests only at the IP address specified here.
   Send ICP Requests from this Address	If you enter an address, the Netra j proxy cache server sends ICP requests from the IP address specified here.
   Operation Mode	Choose between Proxy+Cache (the default) and Proxy Only. If you choose Proxy Only, the Netra j proxy cache server does not cache any objects.

To View or Modify Proxy Cascade Properties

1. In the Advanced Proxy Cache Configuration page, click Proxy Cascade.

   The Proxy Cascade page is displayed.

2. In the top portion of the Proxy Cascade page, accept or modify values for the following properties.

   Table 10-2 Proxy Cascade Properties

   Property	Description
   Table of Parent Proxy Caches	When you load the Proxy Cascade page, the table of parents contains the hosts you entered when you last performed basic proxy cache configuration. See "Table of Parent Proxy Caches".
   Query Parent Cache for Domains	The Netra j proxy cache server contacts parents specified for this property only for matching domain names. An alternative form enables you to specify a host for non-matching domain names. See "Query Parent Cache for Domains".
   Domains Inside Firewall	When you load the Proxy Cascade page, the Domains Inside Firewall field contains the domains you entered when you last performed basic proxy cache configuration.  The Netra j proxy cache server considers domains you list for this property as being inside a firewall. For URLs containing domains not in this list, the software does not perform a name service resolution (for example, a DNS lookup) of a host name specified in a URL. Also, for domains not in this list, if the Netra j proxy cache server does not have a requested object in its local cache, it always tries to fetch the object from a parent cache.

3. Scroll down to the remaining properties in the Proxy Cascade page.

   Table 10-3 Remaining Proxy Cascade Properties

   Property	Description
   IP Addresses Inside Firewall	The Netra j proxy cache server considers addresses you list for this property as being inside a firewall. When you specify one or more addresses, the Netra j proxy cache server performs a host name resolution (for example, a DNS or NIS lookup) of the address specified in a URL for all requests, to determine whether the address is inside the firewall. For addresses not in this list, if the Netra j proxy cache server does not have a requested object in its local cache, it always tries to fetch the object from a parent cache. Note that using this property degrades server response time because of the overhead associated with host name resolutions.
   Source Ping	Choose between off (the default) and on. By default, when the Netra j proxy cache server receives a request, it pings (sends ICP requests to) its parents. If Source Ping is on, the software also pings the host specified in the URL of an object it retrieves. This feature can be useful where parents are overloaded and the source web server is not. Note that Source Ping packets are never sent beyond a firewall.
   Wais Relay Host	Enter the host name of the proxy server to which WAIS URLs will be relayed.
   Wais Relay Port	Enter the port number on the above-named host name to which WAIS URLs are to be relayed.
   Max. Relay Object Size (MB)	Enter the maximum size (in MB) of a WAIS object that can be received from the Wais Relay Host. The Netra j proxy cache server does not relay WAIS objects that exceed this limit.
   Local Domains Inside the Firewall	When you load the Proxy Cascade page the Local Domains Inside the Firewall contains the domains you entered for the Domains Inside Firewall field when you last performed basic proxy cache configuration.  The Netra j proxy cache server retrieves URLs containing the domains you specify here directly from the source and not from a parent. These domains should be the same as or a subset of the domains you specify for Domains Inside Firewall (see description above). Specify here domains to which you have good network connectivity, and from which users request relatively small objects.
   Local IP Addresses Inside the Firewall	The Netra j proxy cache server retrieves URLs containing the IP addresses you specify here directly from the source and not from a parent. These addresses should be a subset of the addresses you specify for IP Addresses Inside Firewall (see description above). Specify here addresses to which you have good network connectivity, and from which users request relatively small objects.   Note that using this property degrades server response time because of the overhead associated with host name resolutions.

Table of Parent Proxy Caches

The table of parent proxy caches contains the hosts you entered when you last performed basic proxy cache configuration. If you have multiple parent proxies that do not support ICP, the proxy cache service contacts those parents in the order you list them here. If you have multiple parents that do support ICP, the proxy cache service determines the "closest" parent by comparing response times to its ICP queries.

The headings in the table of parent caches are as follows:

• Proxy Name - Fully qualified host name of the parent proxy cache host. If this host is not in the same domain as the Netra j proxy cache host, you must specify the domain name; for example: webcache.eng.acme.com

• HTTP Port - The HTTP port number on which the parent listens for HTTP requests.

• SSL - A checkbox indicating whether a host supports the tunneling of the Secure Sockets Layer protocol.

• Persistence - A checkbox indicating whether a host supports the HTTP persistent connections feature, sometimes referred to as "keep-alive."

Query Parent Cache for Domains

This property enables you to specify parents the Netra j Proxy Cache Server will contact only for URLs with matching domain names or, alternatively, with non-matching domain names.

Entries have the form hostname domain_name or hostname !domain_name. For example, if you have a parent wbyeats, in the same domain as the Netra j proxy cache server, to which you want directed all traffic related to URLs that contain the domain names sales.acme.com and eng.acme.com, you make an entry:

---

wbyeats sales.acme.com eng.acme.com

---

If you have multiple entries for one host--for example, in addition to the above, if you had: wbyeats fin.com--the domains in those entries are combined to form a single list.

You can also have a reverse match on domain names, so that requests related to URLs that contain domain names that do not match the specified domains are directed to the specified host. So, for example, if you want wbyeats to field all requests related to domains other than the domain names sales.acme.com, you make an entry:

---

wbyeats !sales.acme.com

---

Note that with the reverse-match feature, you can specify only one domain name, either as the only domain name in an entry or as the last domain name in an entry. If you want to prevent use of a given parent for multiple domains, specify additional entries. For example:

---

wbyeats !sales.acme.com
wbyeats !eng.acme.com

---

To View or Modify Cache Policy Properties

1. In the Advanced Proxy Cache Configuration page, click Cache Policy.

   The Cache Policy page is displayed.

2. Under the Cache Policy heading, enter or accept values for the properties described below.

   The properties are divided into groups reflected in the following sections.

HTTP Policy

There are three HTTP Policy properties.

Table 10-4 HTTP Policy Properties

Property	Description
Time To Live (min)	The limit on the length of time an HTTP object can remain in the cache. The default is 720 minutes (12 hours).
Max Object Size (MB)	The limit on the size of an HTTP object for caching. The Netra j proxy cache server proxies for, but does not cache, HTTP objects that exceed this limit. The default is 4 MB.
Do not Cache URLs Containing	The Netra j proxy cache server does not cache HTTP URLs containing strings you add to this list. The defaults are:  /cgi-bin/ /htbin/ /www-bin/ ?

Gopher Policy

There are three Gopher Policy properties.

Table 10-5 Gopher Policy Properties

Property	Description
Time To Live	The limit on the length of time a Gopher object can remain in the cache. The default is 4320 minutes (three days).
Max Object Size	The limit on the size of a Gopher object for caching. The Netra j proxy cache server proxies for, but does not cache, Gopher objects that exceed this limit. The default is 4 MB.
Do not Cache URLs Containing	The Netra j proxy cache server does not cache Gopher URLs containing strings you add to this list. The default is ? (question mark).

FTP Policy

There are three FTP Policy properties.

Table 10-6 FTP Policy Properties

Property	Description
Time To Live	The limit on the length of time an FTP object can remain in the cache. The default is 4320 minutes (three days).
Max Object Size	The limit on the size of an FTP object for caching. The Netra j proxy cache server proxies for, but does not cache, FTP objects that exceed this limit. The default is 4 MB.
Do not Cache URLs Containing	The Netra j proxy cache server does not cache FTP URLs containing strings you add to this list. There are no defaults.

URL Policy

There are two URL Policy properties.

Table 10-7 URL Policy Properties

Property	Description
Do not Query Neighbors for URLS Containing	For URLs containing strings you add to this list, the Netra j proxy cache server looks in its own cache and does not query parent caches.
TTL Selection Based on URL	The Netra j proxy cache server enables you to set the Time To Live for URLs containing strings that you specify (see below).

Setting the TTL for URLs

You can specify a URL's Time To Live in either of two ways: as an absolute value or as a percentage of an object's age. Entries have the following form:

reg_expression absolute_TTL percentage maximum_TTL

where:

• reg_expression is a regular expression that is matched against a URL. See "Rules for Pattern Matching for TTL Selection Property" for rules for the regular expression.

• absolute_TTL is the TTL (in minutes) used by the Netra j proxy cache server if the percentage method is not used.

• percentage is the percentage of the duration between an object's last-modified timestamp and the current time.

• maximum_TTL is the upper limit (in minutes) on the TTL.

The proxy cache uses the percentage method of determining the TTL if a matched object has a last-modified timestamp. If an object does not have such a timestamp, the absolute TTL is used instead. You can specify a negative value for absolute_TTL thereby forcing the percentage method to be used. If a matched object then does not have the required timestamp, the TTL is set from a value set under Cache Policy (see Step 2 in "To View or Modify Cache Policy Properties").

If neither the absolute TTL nor percentage methods result in a TTL for a matched object, the TTL is determined from the values set in the Cache Policy properties.

The Netra j proxy cache server checks all patterns in the list and uses the last match.

The following is an example of a TTL-selection entry:

---

^http:// 1440 20 43200 

---

The preceding example matches URLs that start with http://. If a URL contains a last-modified timestamp, the TTL for that URL is set to 20% of the difference between the timestamp and the current time. If the URL does not have such a timestamp, the TTL is set to 1440 minutes. In any event, the URL will not stay in the cache longer than 43200 minutes.

Other

Two properties are outside the scope of the previous categories.

Table 10-8 Other Properties

Property	Description
Max Request Size	The maximum size of a request, in KB. The default is 100. This value should be large enough to accommodate users who use the POST method to upload files.
Quick Abort	By default, the Netra j proxy cache server completes the retrieval of an object even when the request for that object is aborted. This is potentially a benefit because the cache will then have the object should it be requested subsequently and the machine resources and bandwidth consumed to the point of the aborting of the request are not wasted. However, this feature can be a detriment where you have slow links or very busy caches. This feature also allows for the possibility of impatient users tying up a URL by repeatedly aborting and re-requesting non-cachable objects. You have the option of turning this "quick abort" feature on (meaning that object retrieval ceases if the request is aborted). The default is off.

To View or Modify Access Control Properties

1. In the Advanced Proxy Cache Configuration page, click Access Control.

   The Access Control page is displayed.

2. Under the Access Control heading, enter or accept values for the properties listed below.

   Enter access control definitions one to a line. To edit an entry, click the entry in the table, and then make any changes you want.

   Table 10-9 Access Control Properties

   Property	Description
   Access List Definition	Access lists enable you to control access to the functions of the Netra j proxy cache server based on characteristics of a request. See "Access List Definition".
   Client Access Control	This and the following properties are used in conjunction with the access lists you create. For a given access list, you can allow or deny access to the HTTP port on the Netra j proxy cache server.   The Client Access Control property takes an entry of the form:   allow (or deny) access_list . . . The default values for Client Access Control are:  deny CONNECT !SSL_ports allow all
   Access to Cache Via ICP	An entry of the form:  allow (or deny) access_list . . . The default for Access to Cache via ICP is to allow all accesses.
   ACLs for the Cache Host	An entry of the form:  cache_server access_list . . . Enables you to limit the ICP queries sent to a given host (such as ICP-capable parent proxy), based on the contents of an access list. If you specify multiple access lists, the Netra j proxy cache server applies the first list that matches for a given URL.
   URL Redirection	An entry of the form:  access_list . . . : HOST hostname PATH path Enables you to redirect a URL to a specified host and path. The access lists must be of types domain, service, or pattern. For example, the entry:  games : HOST restricted.acme.com PATH /restricted.html redirects a URL that matches the games access list to: http://restricted.acme.com/restricted.html To create a URL Redirection entry, enter:  The name of one or more access lists, followed by a colon The word HOST and a fully-qualified host name The word PATH and an absolute path name

Access List Definition

Access lists enable you to control access to the functions of the Netra j proxy cache server based on characteristics of a request. To create an access list, you create a name (an arbitrary string), specify the type of access list (types are described below), and specify an argument that is used to match against the request. After creating an access list, you can specify that list for the following properties:

• Client Access Control

• Access to Cache via ICP

• ACLs for Cache Host

• URL Redirection

These properties are described below.

Access list definitions have the following form:

---

name type argument

---

Access list types are as follows:

• src Matches on the source address in a request. It takes an argument of the form: ip_address/netmask. You can specify multiple pairings of IP address and netmask.

• domainMatches on the domain specified in a URL. It takes an argument of the form: .domain_name. You can specify multiple domain names.

• timeMatches on a time period specified in a URL. It takes an argument of the form: day_of_the_week start_time-end_time. The variable day_of_the_week is expressed as one of the following abbreviations:

Table 10-10 Day-of-Week Abbreviations

S	Sunday
M	Monday
T	Tuesday
W	Wednesday
H	Thursday
F	Friday
A	Saturday

The start_time-end_time variables are expressed as hour:minutes, using a 24-hour clock. For example, to express a period in the mid-afternoon, you specify 14:15-16:30, meaning from 2:15 p.m. to 4:30 p.m.

• patternMatches on a pattern specified in a URL. It takes an argument of the form: pattern_to_be_matched. You can specify multiple patterns.

• portMatches on a port number specified in a URL. It takes an argument of the form: port_number. You can specify multiple port numbers.

• protoMatches on a protocol specified in a URL. It takes an argument of the form: protocol (HTTP, FTP, Gopher, or WAIS). You can specify multiple protocols.

• methodMatches on a method (CONNECT, HEAD, POST, or GET) specified in a URL. It takes an argument of the form: method_name. You can specify multiple methods.

• serviceMatches on the service specified in a request. It takes an argument of the form: ip_address/netmask. "Service," in this context, is an instance of a service on a Netra j proxy cache host, as identified by a service address and netmask.

  ---

  Note -

  If you have multiple access lists of the same type, the Netra j proxy cache server, when determining which list a URL is in, works from top to bottom and stops after the first match.

  ---

The following is an example of an access list:

---

games domain game.com

---

This example creates an access list named games of type domain. This list includes all URLs containing a destination domain of game.com. In the HTTP Access property (described in Table 10-9), you can, for example, deny access to the games list.

To View or Modify Storage Management Properties

1. In the Advance Proxy Cache Configuration page, click Storage Management.

   The Storage Management page is displayed.

2. Under "Storage Management," enter or accept values for the following properties.

   Table 10-11 Storage Management Properties

   Property	Description
   High-water mark for Memory (%)	Removing of the least recently used objects in memory begins when the high-water mark is reached and ends when enough objects are removed so that the low-water mark (see following property) is reached. Note that objects removed from memory remain on disk. Enter a percentage. The default is 90%.
   Low-water mark for Memory (%)	See the description of the high-water mark, above. Enter a percentage. The default is 75%.
   High-water mark for Disk Cache (%)	Replacement of the least recently used objects in the disk cache begins when the high-water mark is reached and ends when enough objects are removed so that the low-water mark (see following property) is reached. Enter a percentage. The default is 90%.
   Low-water mark for Disk Cache (%)	See the description of the high-water mark, above. Enter a percentage. The default is 75%.
   Garbage Collection (GC) Rate (min)	Specifies how often, in minutes, the Netra j proxy cache server runs a full garbage collection. Garbage collection involves checking the expiration time of every object in the cache. In the course of normal operation, the Netra j proxy cache server removes expired objects so that explicit garbage collection is not necessary. This feature can be helpful if you have a frequent need to reclaim disk space. Note that the server does not process client requests during garbage collection. Enter a number of minutes if you want to use this feature, or leave the field blank to disable garbage collection.
   Time of Day for GC (HH:MM:SS)	Enables you to schedule garbage collection at an off-peak time. Time is expressed on a 24-hour clock. For example, if you want garbage collection to occur at 3:30 a.m., enter 03:30:00.

To View or Modify Timeouts

1. In the Advanced Proxy Cache Configuration page, click Timeouts.

   The Timeouts page is displayed.

2. Under "Timeouts," enter or accept values for the following properties.

   Table 10-12 Timeout Properties

   Property	Description
   ICP Neighbor Timeout	The period of time after which ICP (InterCache Protocol) requests made to parent proxies will time out. The default is two seconds.
   Timeout for Server Connections (sec)	The maximum duration, in seconds, the server waits for a connection to be established. The default is two minutes. See "Proxy Cache Connect Timeout and Parent Failover" for a discussion of the relationship of this property to the operating system's TCP connect timeout.
   Read Timeout (min)	The duration beyond which the Netra j proxy cache server disconnects a connection on which no activity is occurring. The default value is 15 minutes.
   Client Lifetime (min)	The maximum duration a client (browser) is allowed to remain connected to the cache process. This timeout prevents clients that go away without shutting down from consuming software resources. The default is 200 minutes (3 hours, 20 minutes). If you have high-speed client connectivity or occasionally run out of file descriptors, you might want to reduce the default number.
   TTL for Negative Caching of Objects (min)	The server caches the fact that a cache request failed (for example, the object identified by a specified URL cannot be found). This negative caching lasts for the number of minutes specified for this property. The default is five minutes.
   TTL for Successful DNS Lookups (min)	The server caches the result of a successful host name lookup for the duration specified for this property. The default is six hours. Note that the proxy cache service does not observe the TTL specified in a DNS record.
   TTL for failed DNS Lookups (min)	The server can cache the fact that a host name lookup failed. The default is zero minutes, which means that, by default, the server does not perform this type of negative caching.

To View or Modify Log File Options

1. In the Advanced Proxy Cache Configuration page, click Log File Management.

   The Log File Management page is displayed. For instructions on using this page, see "Administering Proxy Cache Service Log Files".

To View or Modify Web Server Accelerator Options

1. In the Advanced Proxy Cache Configuration page, click Web Server Accelerator Options.

   The Web Server Accelerator Options page is displayed.

2. Under "Web Server Accelerator Options," enter or accept values for the following properties.

   Table 10-13 Web Server Accelerator Properties

   Property	Description
   Host for Real HTTP Server	The Netra j proxy cache server can act as a front end for an HTTP server. This function is sometimes referred to as an HTTP accelerator. This feature can be useful under the following conditions: If the Netra j proxy cache server is more powerful or more highly available than the HTTP server. If the HTTP server is connected to a slow network, while clients have relatively fast connectivity to the Netra j proxy cache server. The Netra j proxy cache server hides the effects of the slow link. If the HTTP server is vulnerable to attack. The Netra j proxy cache intercepts all requests. Also, you can set up an access list to limit the effect of an attack. A potential disadvantage of this feature is that the HTTP server does not have available the source IP address of clients.  Enter the fully-qualified hostname of the server for which the Netra j proxy cache server is acting as a front end.
   Port for Real HTTP Server	The HTTP port on the server for which the Netra j proxy cache server is acting as a front end. (See the preceding property.)
   % Main Memory for Caching Objects	The percentage of memory used for keeping a number of web objects. If you are using the Netra j proxy cache server as a front end for an HTTP server, use a value of 12.5 (percent).
   Enable Proxy Mode Also	This property determines whether a Netra j proxy cache server is acting as a front end, caching only the URLs of the HTTP server being "accelerated" or caches URLs from all web servers. Accept the default value of off, or select on to enable caching of URLs from all servers.

To View or Modify External Program Options

1. In the Advanced Proxy Cache Configuration page, click External Program Options.

   The External Program Options page is displayed.

2. Under the External Program Options heading, enter or accept values for the following properties.

   Table 10-14 External Program Properties

   Property	Description
   FTP User	The string supplied as the login password for anonymous ftp. This enables you to supply an informative address, if you want.
   Options for `ftpget'	The arguments supplied to the ftpget command. The ftpget command retrieves FTP data for the cache. HTTP and Gopher protocol support are built into the proxy cache software. To view a list of valid ftpget arguments, invoke /opt/SUNWcache/lib/ftpget, with no arguments.
   No. of Processes for DNS Lookups	The number of processes spawned by the Netra j proxy cache server to service DNS name lookups. This number indicates the maximum number of concurrent DNS lookups. On heavily loaded caches, you might want to increase this value from the default of 5 to 10. The maximum is 32.