Other

Two properties are outside the scope of the previous categories.

Table 10-8 Other Properties

Property	Description
Max Request Size	The maximum size of a request, in KB. The default is 100. This value should be large enough to accommodate users who use the POST method to upload files.
Quick Abort	By default, the Netra j proxy cache server completes the retrieval of an object even when the request for that object is aborted. This is potentially a benefit because the cache will then have the object should it be requested subsequently and the machine resources and bandwidth consumed to the point of the aborting of the request are not wasted. However, this feature can be a detriment where you have slow links or very busy caches. This feature also allows for the possibility of impatient users tying up a URL by repeatedly aborting and re-requesting non-cachable objects. You have the option of turning this "quick abort" feature on (meaning that object retrieval ceases if the request is aborted). The default is off.

To View or Modify Access Control Properties

1. In the Advanced Proxy Cache Configuration page, click Access Control.

   The Access Control page is displayed.

2. Under the Access Control heading, enter or accept values for the properties listed below.

   Enter access control definitions one to a line. To edit an entry, click the entry in the table, and then make any changes you want.

   Table 10-9 Access Control Properties

   Property	Description
   Access List Definition	Access lists enable you to control access to the functions of the Netra j proxy cache server based on characteristics of a request. See "Access List Definition".
   Client Access Control	This and the following properties are used in conjunction with the access lists you create. For a given access list, you can allow or deny access to the HTTP port on the Netra j proxy cache server.   The Client Access Control property takes an entry of the form:   allow (or deny) access_list . . . The default values for Client Access Control are:  deny CONNECT !SSL_ports allow all
   Access to Cache Via ICP	An entry of the form:  allow (or deny) access_list . . . The default for Access to Cache via ICP is to allow all accesses.
   ACLs for the Cache Host	An entry of the form:  cache_server access_list . . . Enables you to limit the ICP queries sent to a given host (such as ICP-capable parent proxy), based on the contents of an access list. If you specify multiple access lists, the Netra j proxy cache server applies the first list that matches for a given URL.
   URL Redirection	An entry of the form:  access_list . . . : HOST hostname PATH path Enables you to redirect a URL to a specified host and path. The access lists must be of types domain, service, or pattern. For example, the entry:  games : HOST restricted.acme.com PATH /restricted.html redirects a URL that matches the games access list to: http://restricted.acme.com/restricted.html To create a URL Redirection entry, enter:  The name of one or more access lists, followed by a colon The word HOST and a fully-qualified host name The word PATH and an absolute path name

Access List Definition

Access lists enable you to control access to the functions of the Netra j proxy cache server based on characteristics of a request. To create an access list, you create a name (an arbitrary string), specify the type of access list (types are described below), and specify an argument that is used to match against the request. After creating an access list, you can specify that list for the following properties:

• Client Access Control

• Access to Cache via ICP

• ACLs for Cache Host

• URL Redirection

These properties are described below.

Access list definitions have the following form:

---

name type argument

---

Access list types are as follows:

• src Matches on the source address in a request. It takes an argument of the form: ip_address/netmask. You can specify multiple pairings of IP address and netmask.

• domainMatches on the domain specified in a URL. It takes an argument of the form: .domain_name. You can specify multiple domain names.

• timeMatches on a time period specified in a URL. It takes an argument of the form: day_of_the_week start_time-end_time. The variable day_of_the_week is expressed as one of the following abbreviations:

Table 10-10 Day-of-Week Abbreviations

S	Sunday
M	Monday
T	Tuesday
W	Wednesday
H	Thursday
F	Friday
A	Saturday

The start_time-end_time variables are expressed as hour:minutes, using a 24-hour clock. For example, to express a period in the mid-afternoon, you specify 14:15-16:30, meaning from 2:15 p.m. to 4:30 p.m.

• patternMatches on a pattern specified in a URL. It takes an argument of the form: pattern_to_be_matched. You can specify multiple patterns.

• portMatches on a port number specified in a URL. It takes an argument of the form: port_number. You can specify multiple port numbers.

• protoMatches on a protocol specified in a URL. It takes an argument of the form: protocol (HTTP, FTP, Gopher, or WAIS). You can specify multiple protocols.

• methodMatches on a method (CONNECT, HEAD, POST, or GET) specified in a URL. It takes an argument of the form: method_name. You can specify multiple methods.

• serviceMatches on the service specified in a request. It takes an argument of the form: ip_address/netmask. "Service," in this context, is an instance of a service on a Netra j proxy cache host, as identified by a service address and netmask.

  ---

  Note -

  If you have multiple access lists of the same type, the Netra j proxy cache server, when determining which list a URL is in, works from top to bottom and stops after the first match.

  ---

The following is an example of an access list:

---

games domain game.com

---

This example creates an access list named games of type domain. This list includes all URLs containing a destination domain of game.com. In the HTTP Access property (described in Table 10-9), you can, for example, deny access to the games list.

To View or Modify Storage Management Properties

1. In the Advance Proxy Cache Configuration page, click Storage Management.

   The Storage Management page is displayed.

2. Under "Storage Management," enter or accept values for the following properties.

   Table 10-11 Storage Management Properties

   Property	Description
   High-water mark for Memory (%)	Removing of the least recently used objects in memory begins when the high-water mark is reached and ends when enough objects are removed so that the low-water mark (see following property) is reached. Note that objects removed from memory remain on disk. Enter a percentage. The default is 90%.
   Low-water mark for Memory (%)	See the description of the high-water mark, above. Enter a percentage. The default is 75%.
   High-water mark for Disk Cache (%)	Replacement of the least recently used objects in the disk cache begins when the high-water mark is reached and ends when enough objects are removed so that the low-water mark (see following property) is reached. Enter a percentage. The default is 90%.
   Low-water mark for Disk Cache (%)	See the description of the high-water mark, above. Enter a percentage. The default is 75%.
   Garbage Collection (GC) Rate (min)	Specifies how often, in minutes, the Netra j proxy cache server runs a full garbage collection. Garbage collection involves checking the expiration time of every object in the cache. In the course of normal operation, the Netra j proxy cache server removes expired objects so that explicit garbage collection is not necessary. This feature can be helpful if you have a frequent need to reclaim disk space. Note that the server does not process client requests during garbage collection. Enter a number of minutes if you want to use this feature, or leave the field blank to disable garbage collection.
   Time of Day for GC (HH:MM:SS)	Enables you to schedule garbage collection at an off-peak time. Time is expressed on a 24-hour clock. For example, if you want garbage collection to occur at 3:30 a.m., enter 03:30:00.

To View or Modify Timeouts

1. In the Advanced Proxy Cache Configuration page, click Timeouts.

   The Timeouts page is displayed.

2. Under "Timeouts," enter or accept values for the following properties.

   Table 10-12 Timeout Properties

   Property	Description
   ICP Neighbor Timeout	The period of time after which ICP (InterCache Protocol) requests made to parent proxies will time out. The default is two seconds.
   Timeout for Server Connections (sec)	The maximum duration, in seconds, the server waits for a connection to be established. The default is two minutes. See "Proxy Cache Connect Timeout and Parent Failover" for a discussion of the relationship of this property to the operating system's TCP connect timeout.
   Read Timeout (min)	The duration beyond which the Netra j proxy cache server disconnects a connection on which no activity is occurring. The default value is 15 minutes.
   Client Lifetime (min)	The maximum duration a client (browser) is allowed to remain connected to the cache process. This timeout prevents clients that go away without shutting down from consuming software resources. The default is 200 minutes (3 hours, 20 minutes). If you have high-speed client connectivity or occasionally run out of file descriptors, you might want to reduce the default number.
   TTL for Negative Caching of Objects (min)	The server caches the fact that a cache request failed (for example, the object identified by a specified URL cannot be found). This negative caching lasts for the number of minutes specified for this property. The default is five minutes.
   TTL for Successful DNS Lookups (min)	The server caches the result of a successful host name lookup for the duration specified for this property. The default is six hours. Note that the proxy cache service does not observe the TTL specified in a DNS record.
   TTL for failed DNS Lookups (min)	The server can cache the fact that a host name lookup failed. The default is zero minutes, which means that, by default, the server does not perform this type of negative caching.

To View or Modify Log File Options

1. In the Advanced Proxy Cache Configuration page, click Log File Management.

   The Log File Management page is displayed. For instructions on using this page, see "Administering Proxy Cache Service Log Files".

To View or Modify Web Server Accelerator Options

1. In the Advanced Proxy Cache Configuration page, click Web Server Accelerator Options.

   The Web Server Accelerator Options page is displayed.

2. Under "Web Server Accelerator Options," enter or accept values for the following properties.

   Table 10-13 Web Server Accelerator Properties

   Property	Description
   Host for Real HTTP Server	The Netra j proxy cache server can act as a front end for an HTTP server. This function is sometimes referred to as an HTTP accelerator. This feature can be useful under the following conditions: If the Netra j proxy cache server is more powerful or more highly available than the HTTP server. If the HTTP server is connected to a slow network, while clients have relatively fast connectivity to the Netra j proxy cache server. The Netra j proxy cache server hides the effects of the slow link. If the HTTP server is vulnerable to attack. The Netra j proxy cache intercepts all requests. Also, you can set up an access list to limit the effect of an attack. A potential disadvantage of this feature is that the HTTP server does not have available the source IP address of clients.  Enter the fully-qualified hostname of the server for which the Netra j proxy cache server is acting as a front end.
   Port for Real HTTP Server	The HTTP port on the server for which the Netra j proxy cache server is acting as a front end. (See the preceding property.)
   % Main Memory for Caching Objects	The percentage of memory used for keeping a number of web objects. If you are using the Netra j proxy cache server as a front end for an HTTP server, use a value of 12.5 (percent).
   Enable Proxy Mode Also	This property determines whether a Netra j proxy cache server is acting as a front end, caching only the URLs of the HTTP server being "accelerated" or caches URLs from all web servers. Accept the default value of off, or select on to enable caching of URLs from all servers.

To View or Modify External Program Options

1. In the Advanced Proxy Cache Configuration page, click External Program Options.

   The External Program Options page is displayed.

2. Under the External Program Options heading, enter or accept values for the following properties.

   Table 10-14 External Program Properties

   Property	Description
   FTP User	The string supplied as the login password for anonymous ftp. This enables you to supply an informative address, if you want.
   Options for `ftpget'	The arguments supplied to the ftpget command. The ftpget command retrieves FTP data for the cache. HTTP and Gopher protocol support are built into the proxy cache software. To view a list of valid ftpget arguments, invoke /opt/SUNWcache/lib/ftpget, with no arguments.
   No. of Processes for DNS Lookups	The number of processes spawned by the Netra j proxy cache server to service DNS name lookups. This number indicates the maximum number of concurrent DNS lookups. On heavily loaded caches, you might want to increase this value from the default of 5 to 10. The maximum is 32.