Two properties are outside the scope of the previous categories.
Table 10-8 Other Properties
Property |
Description |
---|---|
Max Request Size |
The maximum size of a request, in KB. The default is 100. This value should be large enough to accommodate users who use the POST method to upload files. |
Quick Abort |
By default, the Netra j proxy cache server completes the retrieval of an object even when the request for that object is aborted. This is potentially a benefit because the cache will then have the object should it be requested subsequently and the machine resources and bandwidth consumed to the point of the aborting of the request are not wasted. However, this feature can be a detriment where you have slow links or very busy caches. This feature also allows for the possibility of impatient users tying up a URL by repeatedly aborting and re-requesting non-cachable objects. You have the option of turning this "quick abort" feature on (meaning that object retrieval ceases if the request is aborted). The default is off. |
In the Advanced Proxy Cache Configuration page, click Access Control.
The Access Control page is displayed.
Under the Access Control heading, enter or accept values for the properties listed below.
Enter access control definitions one to a line. To edit an entry, click the entry in the table, and then make any changes you want.
Table 10-9 Access Control Properties
Property |
Description |
---|---|
Access List Definition |
Access lists enable you to control access to the functions of the Netra j proxy cache server based on characteristics of a request. See "Access List Definition". |
Client Access Control |
This and the following properties are used in conjunction with the access lists you create. For a given access list, you can allow or deny access to the HTTP port on the Netra j proxy cache server. The Client Access Control property takes an entry of the form: allow (or deny) access_list . . . The default values for Client Access Control are: deny CONNECT !SSL_ports allow all |
Access to Cache Via ICP |
An entry of the form: allow (or deny) access_list . . . The default for Access to Cache via ICP is to allow all accesses. |
ACLs for the Cache Host |
An entry of the form: cache_server access_list . . . Enables you to limit the ICP queries sent to a given host (such as ICP-capable parent proxy), based on the contents of an access list. If you specify multiple access lists, the Netra j proxy cache server applies the first list that matches for a given URL. |
URL Redirection |
An entry of the form: access_list . . . : HOST hostname PATH path Enables you to redirect a URL to a specified host and path. The access lists must be of types domain, service, or pattern. For example, the entry: games : HOST restricted.acme.com PATH /restricted.html redirects a URL that matches the games access list to: http://restricted.acme.com/restricted.html To create a URL Redirection entry, enter:
|
Access lists enable you to control access to the functions of the Netra j proxy cache server based on characteristics of a request. To create an access list, you create a name (an arbitrary string), specify the type of access list (types are described below), and specify an argument that is used to match against the request. After creating an access list, you can specify that list for the following properties:
Client Access Control
Access to Cache via ICP
ACLs for Cache Host
URL Redirection
These properties are described below.
Access list definitions have the following form:
name type argument
Access list types are as follows:
src Matches on the source address in a request. It takes an argument of the form: ip_address/netmask. You can specify multiple pairings of IP address and netmask.
domainMatches on the domain specified in a URL. It takes an argument of the form: .domain_name. You can specify multiple domain names.
timeMatches on a time period specified in a URL. It takes an argument of the form: day_of_the_week start_time-end_time. The variable day_of_the_week is expressed as one of the following abbreviations:
S |
Sunday |
M |
Monday |
T |
Tuesday |
W |
Wednesday |
H |
Thursday |
F |
Friday |
A |
Saturday |
The start_time-end_time variables are expressed as hour:minutes, using a 24-hour clock. For example, to express a period in the mid-afternoon, you specify 14:15-16:30, meaning from 2:15 p.m. to 4:30 p.m.
patternMatches on a pattern specified in a URL. It takes an argument of the form: pattern_to_be_matched. You can specify multiple patterns.
portMatches on a port number specified in a URL. It takes an argument of the form: port_number. You can specify multiple port numbers.
protoMatches on a protocol specified in a URL. It takes an argument of the form: protocol (HTTP, FTP, Gopher, or WAIS). You can specify multiple protocols.
methodMatches on a method (CONNECT, HEAD, POST, or GET) specified in a URL. It takes an argument of the form: method_name. You can specify multiple methods.
serviceMatches on the service specified in a request. It takes an argument of the form: ip_address/netmask. "Service," in this context, is an instance of a service on a Netra j proxy cache host, as identified by a service address and netmask.
If you have multiple access lists of the same type, the Netra j proxy cache server, when determining which list a URL is in, works from top to bottom and stops after the first match.
The following is an example of an access list:
games domain game.com
This example creates an access list named games of type domain. This list includes all URLs containing a destination domain of game.com. In the HTTP Access property (described in Table 10-9), you can, for example, deny access to the games list.
In the Advance Proxy Cache Configuration page, click Storage Management.
The Storage Management page is displayed.
Under "Storage Management," enter or accept values for the following properties.
Table 10-11 Storage Management Properties
Property |
Description |
---|---|
High-water mark for Memory (%) |
Removing of the least recently used objects in memory begins when the high-water mark is reached and ends when enough objects are removed so that the low-water mark (see following property) is reached. Note that objects removed from memory remain on disk. Enter a percentage. The default is 90%. |
Low-water mark for Memory (%) |
See the description of the high-water mark, above. Enter a percentage. The default is 75%. |
High-water mark for Disk Cache (%) |
Replacement of the least recently used objects in the disk cache begins when the high-water mark is reached and ends when enough objects are removed so that the low-water mark (see following property) is reached. Enter a percentage. The default is 90%. |
Low-water mark for Disk Cache (%) |
See the description of the high-water mark, above. Enter a percentage. The default is 75%. |
Garbage Collection (GC) Rate (min) |
Specifies how often, in minutes, the Netra j proxy cache server runs a full garbage collection. Garbage collection involves checking the expiration time of every object in the cache. In the course of normal operation, the Netra j proxy cache server removes expired objects so that explicit garbage collection is not necessary. This feature can be helpful if you have a frequent need to reclaim disk space. Note that the server does not process client requests during garbage collection. Enter a number of minutes if you want to use this feature, or leave the field blank to disable garbage collection. |
Time of Day for GC (HH:MM:SS) |
Enables you to schedule garbage collection at an off-peak time. Time is expressed on a 24-hour clock. For example, if you want garbage collection to occur at 3:30 a.m., enter 03:30:00. |
In the Advanced Proxy Cache Configuration page, click Timeouts.
The Timeouts page is displayed.
Under "Timeouts," enter or accept values for the following properties.
Table 10-12 Timeout Properties
Property |
Description |
---|---|
ICP Neighbor Timeout |
The period of time after which ICP (InterCache Protocol) requests made to parent proxies will time out. The default is two seconds. |
Timeout for Server Connections (sec) |
The maximum duration, in seconds, the server waits for a connection to be established. The default is two minutes. See "Proxy Cache Connect Timeout and Parent Failover" for a discussion of the relationship of this property to the operating system's TCP connect timeout. |
Read Timeout (min) |
The duration beyond which the Netra j proxy cache server disconnects a connection on which no activity is occurring. The default value is 15 minutes. |
Client Lifetime (min) |
The maximum duration a client (browser) is allowed to remain connected to the cache process. This timeout prevents clients that go away without shutting down from consuming software resources. The default is 200 minutes (3 hours, 20 minutes). If you have high-speed client connectivity or occasionally run out of file descriptors, you might want to reduce the default number. |
TTL for Negative Caching of Objects (min) |
The server caches the fact that a cache request failed (for example, the object identified by a specified URL cannot be found). This negative caching lasts for the number of minutes specified for this property. The default is five minutes. |
TTL for Successful DNS Lookups (min) |
The server caches the result of a successful host name lookup for the duration specified for this property. The default is six hours. Note that the proxy cache service does not observe the TTL specified in a DNS record. |
TTL for failed DNS Lookups (min) |
The server can cache the fact that a host name lookup failed. The default is zero minutes, which means that, by default, the server does not perform this type of negative caching. |
In the Advanced Proxy Cache Configuration page, click Log File Management.
The Log File Management page is displayed. For instructions on using this page, see "Administering Proxy Cache Service Log Files".
In the Advanced Proxy Cache Configuration page, click Web Server Accelerator Options.
The Web Server Accelerator Options page is displayed.
Under "Web Server Accelerator Options," enter or accept values for the following properties.
Table 10-13 Web Server Accelerator Properties
In the Advanced Proxy Cache Configuration page, click External Program Options.
The External Program Options page is displayed.
Under the External Program Options heading, enter or accept values for the following properties.
Table 10-14 External Program Properties
Property |
Description |
---|---|
FTP User |
The string supplied as the login password for anonymous ftp. This enables you to supply an informative address, if you want. |
Options for `ftpget' |
The arguments supplied to the ftpget command. The ftpget command retrieves FTP data for the cache. HTTP and Gopher protocol support are built into the proxy cache software. To view a list of valid ftpget arguments, invoke /opt/SUNWcache/lib/ftpget, with no arguments. |
No. of Processes for DNS Lookups |
The number of processes spawned by the Netra j proxy cache server to service DNS name lookups. This number indicates the maximum number of concurrent DNS lookups. On heavily loaded caches, you might want to increase this value from the default of 5 to 10. The maximum is 32. |