|
| Sun ONE Web Proxy Server 3.6 SP3 Administrator's Guide - NT Version |
Contents
Chapter 1 IntroductionWhat iPlanet Web Proxy Server Provides
What's in This Book?
Conventions Used in This Book
Contacting Sun Microsystems Technical Support
Chapter 2 Starting the Administration and Proxy ServersStarting and Stopping the Administration Server
Starting the Administration Server
Using the Server Administration Page
Stopping the Administration Server
Starting and Stopping iPlanet Web Proxy Server
Starting the Proxy Server
Creating a New Proxy Server Instance
Using the Server Administration Page
Stopping the Proxy Server
Using the Control Panel
Using the Server Administration Page
Using the Control Panel
Chapter 3 Managing Your ServerOverview
Using the Server Manager
Chapter 4 Managing Templates and ResourcesWhat is a Template?
Understanding Regular Expressions
Creating Templates
Understanding Wildcard Patterns
Viewing and Removing Templates
Removing Resources
Online Forms for Controlling Resources
Chapter 5 Configuring Server PreferencesStarting and Stopping the Proxy Server
Viewing Server Settings
Restoring and Viewing Backup Configuration Files
Changing System Specifics
Server Port
Creating MIME Types
Server User
Authentication password
DNS
ICP
Proxy Array
Parent Array
Remote Access
Java IP Address Checking
Proxy Timeout
Allowing or Blocking Arbitrary Methods
WebDAV Support
Chapter 6 Controlling Access to Your ServerHow Does Access Control Work?
Access Control Files
Restricting Access
ACL File Syntax
Denying Access to a Resource
Allowing Access to a Resource
Chapter 7 Proxying and Routing URLsEnabling Proxying for a Resource
Configuring Routing for a Resource
Chaining Proxy Servers
Routing Through a SOCKS Server
Sending the Client's IP Address to the Server
Using Remote Access
Configuring Remote Access
Mapping URLs to Other URLs
Enabling Remote Access
Creating a URL Mapping
Client Autoconfiguration
Editing Existing Mappings
Redirecting URLs
Chapter 8 Reverse ProxyHow Reverse Proxying Works
Proxy as a Stand-in for a Server
Proxying for Load Balancing
Setting up a Reverse Proxy
Chapter 9 Using SOCKS v5Using a SOCKS Server
Configuring SOCKS v5
Authenticating Through a SOCKS Server Chain
Creating SOCKS v5 Authentication Entries
Editing SOCKS v5 Authentication Entries
Deleting SOCKS v5 Authentication Entries
Moving SOCKS v5 Authentication Entries
Creating SOCKS v5 Connection Entries
Editing SOCKS v5 Connection Entries
Deleting SOCKS v5 Connection Entries
Moving SOCKS v5 Connection Entries
Creating Routing Entries
Creating SOCKS v5 Routing Entries
Editing Routing Entries
Creating Proxy Routing Entries
Deleting Routing Entries
Moving Routing Entries
Enabling SOCKS
Chapter 10 CachingHow Caching Works
Understanding the Cache Structure
Distributing Files in the Cache
Creating a New Cache
Restructuring the Cache
Setting Cache Specifics
Enabling the Cache
Configuring the Cache
Caching HTTP Documents
Setting the HTTP Cache Refresh Interval
Caching FTP and Gopher Documents
Setting the HTTP Cache Expiration Policy
Setting FTP and Gopher Cache Refresh Intervals
Setting the Cache Default
Caching Local Hosts
Caching Pages that Require Authentication
Caching Queries
Setting the Minimum and Maximum Cache File Sizes
Setting the Cache Behavior for Client Aborts
Using Cache Batch Updates
Creating a Batch Update
Accessing Cache Manager Information
Editing or Deleting a Batch Update Configuration
Expiring and Removing Files from the Cache
Routing through Proxy Arrays
Creating a Proxy Array Member List
Routing Through ICP Neighborhoods
Deleting Proxy Array Members
Configuring Proxy Array Members
Editing Proxy Array Member List Information
Enabling Routing through a Proxy Array
Enabling a Proxy Array
Redirecting Requests in a Proxy Array
Generating a PAC File from a PAT File
Manually Generating a PAC File from a PAT File
Routing Through a Parent Array
Automatically Generating a PAC File from a PAT File
Viewing Parent Array Information
Adding Parents to an ICP Neighborhood
Removing Parents from an ICP Neighborhood
Editing Configurations for Parents in an ICP neighborhood
Adding Siblings to an ICP Neighborhood
Removing Siblings from an ICP Neighborhood
Editing Configurations for Siblings in an ICP Neighborhood
Configuring Individual ICP Neighbors
Enabling ICP
Enabling Routing Through an ICP Neighborhood
Chapter 11 Filtering Content Through the ProxyFiltering URLs
Creating a Filter File of URLs
Restricting Access to Specific Web Browsers
Setting Default Access for a Filter File
Request Blocking
Suppressing Outgoing Headers
Filtering by MIME Type
Filtering out HTML Tags
Chapter 12 Using the Client Autoconfiguration FileUnderstanding Autoconfiguration Files
What Does the Autoconfiguration File Do?
Using the Server Manager Forms to Create an Autoconfiguration File
Accessing the Proxy as a Web Server
Creating the Autoconfiguration File Manually
The FindProxyForURL Function
The Function Return Values
JavaScript Functions and Environment
host name-based functions
Related Utility Functions
URL/host-name-based Condition
Time-based Conditions
Example 1: Proxy All Servers Except Local Hosts
Example 2: Proxy Local Servers Outside the Firewall
Example 3: Proxy Only Unresolved Hosts
Example 4: Connect Directly to a Subnet
Example 5: Balance Proxy Load with dnsDomainIs()
Example 6: Balance Proxy Load with shExpMatch()
Example 7: Proxying a Specific Protocol
Chapter 13 Monitoring the Server's StatusWorking with Log Files
Viewing the Error Log File
Monitoring the Server Using SNMP
Viewing an Access Log File
Understanding Access Logfile Syntax
Understanding Status Codes
Setting Access Log Preferences
Working with the Log Analyzer
Transfer Time Distribution Report
Running the Log Analyzer from the Server Manager
Status Code Report
Data Flow Report
Requests and Connections Report
Cache Performance Report
Transfer Time Report
Hourly Activity Report
Archiving Log Files
How Does SNMP Work?
Using the Performance Monitor
The Proxy Server MIB
Enabling the Subagent
Chapter 14 Proxy Error Log MessagesProxy Error Messages
Catastrophe
SOCKS Error Messages
Failure
Misconfig
Warning
Chapter 15 Tuning Server PerformanceUsing Timeouts Effectively
Proxy Timeout
Controlling Up-To-Date Checks
Setting the Last-modified Factor
Using DNS Effectively
Using SOCKS Effectively
Worker threads
Optimizing Cache Architecture
Accept Threads
Chapter 16 Proxy Reserved Ports
Chapter 17 Configuring the Proxy ManuallyThe magnus.conf File
The obj.conf File
The Structure of obj.conf
The mime.types File
Directive Syntax
Required Objects for obj.conf
A Sample Object
The Default Object
How the Proxy Server Handles Objects
The admpw File
The socks5.conf File
The bu.conf File
Object Boundaries
The icp.conf File
Examples of bu.conf
The parray.pat File
The parent.pat File
The ras.conf File
Chapter 18 Creating Server Plug-in FunctionsWhat Is the Server Plug-in API?
Writing Plug-in Functions
The Server Plug-in API Header Files
Compiling and Linking Your Code
Getting Data from the Server: The Parameter Block
Passing Parameters to Server Application Functions
Parameter-manipulating Functions
Reporting Errors to the Server
Data Structures and Data Access Functions
Application Function Status Codes
Setting an HTTP Response Status Code
Error Reporting
Loading Your Shared Object
Using Your Plug-in Functions
Appendix A Server Plug-in API Function Definitionscondvar_init (declared in base\crit.h)
condvar_notify (declared in base\crit.h)
condvar_terminate (declared in base\crit.h)
condvar_wait (declared in base\crit.h)
crit_enter (declared in base\crit.h)
daemon_atrestart (declared in netsite.h)
filebuf_buf2sd (declared in base\buffer.h)
filebuf_close (declared in base\buffer.h)
filebuf_getc (declared in base\buffer.h)
filebuf_open (declared in base\buffer.h)
filebuf_open_nostat (declared in base\buffer.h)
FREE (declared in netsite.h)
func_exec (declared in frame\func.h)
func_find (declared in frame\func.h)
http_dump822 (declared in frame\http.h)
http_hdrs2env (declared in frame\http.h)
http_scan_headers (declared in frame\http.h)
http_set_finfo (declared in frame\http.h)
http_start_response (declared in frame\http.h)
http_status (declared in frame\http.h)
http_uri2url (declared in frame\http.h)
log_error (declared in frame\log.h)
magnus_atrestart (declared in netsite.h)
make_log_time (declared in libproxy\util.h)
MALLOC (declared in netsite.h)
netbuf_buf2sd (declared in base\buffer.h)
netbuf_close (declared in base\buffer.h)
netbuf_getc (declared in base\buffer.h)
netbuf_grab (declared in base\buffer.h)
netbuf_open (declared in base\buffer.h)
net_ip2host (declared in base\net.h)
net_read (declared in base\net.h)
net_socket (declared in base\net.h)
net_write (declared in base\net.h)
param_create (declared in base\pblock.h)
param_free (declared in base\pblock.h)
pblock_copy (declared in base\pblock.h)
pblock_create (declared in base\pblock.h)
pblock_dup (declared in base\pblock.h)
pblock_find (declared in base\pblock.h)
pblock_findlong (declared in libproxy\util.h)
pblock_findval (declared in base\pblock.h)
pblock_free (declared in base\pblock.h)
pblock_nlinsert (declared in libproxy\util.h)
pblock_nninsert (declared in base\pblock.h)
pblock_nvinsert (declared in base\pblock.h)
pblock_pb2env (declared in base\pblock.h)
pblock_pblock2str (declared in base\pblock.h)
pblock_pinsert base\pblock.h)
pblock_remove (declared in base\pblock.h)
pblock_replace_name (declared in libproxy\util.h)
pblock_str2pblock (declared in base\pblock.h)
PERM_FREE (declared in netsite.h)
PERM_MALLOC (declared in netsite.h)
PERM_STRDUP (declared in netsite.h)
protocol_dump822 (declared in frame\protocol.h)
protocol_finish_request (declared in frame\protocol.h)
protocol_handle_session (declared in frame\protocol.h)
protocol_hdrs2env (declared in frame\protocol.h)
protocol_parse_request (declared in frame\protocol.h)
protocol_scan_headers (declared in frame\protocol.h)
protocol_set_finfo (declared in frame\protocol.h)
protocol_start_response (declared in frame\protocol.h)
protocol_status (declared in frame\protocol.h)
protocol_uri2url (declared in frame\protocol.h)
protocol_uri2url_dynamic (declared in frame\protocol.h)
REALLOC (declared in netsite.h)
request_create (declared in frame\req.h)
request_free (declared in frame\req.h)
request_header (declared in frame\req.h)
request_stat_path (declared in frame\req.h)
request_translate_uri (declared in frame\req.h)
sem_grab (declared in base\sem.h)
sem_init (declared in base\sem.h)
sem_release (declared in base\sem.h)
sem_terminate (declared in base\sem.h)
sem_tgrab (declared in base\sem.h)
session_create (declared in base\session.h)
session_free (declared in base\session.h)
session_maxdns (declared in base\session.h)
shexp_casecmp (declared in base\shexp.h)
shexp_cmp (declared in base\shexp.h)
shexp_match (declared in base\shexp.h)
shexp_valid (declared in base\shexp.h)
shmem_alloc (declared in base\shmem.h)
shmem_free (declared in base\shmem.h)
STRDUP (declared in netsite.h)
systhread_attach (declared in base\systhr.h)
systhread_current (declared in base\systhr.h)
systhread_getdata (declared in base\systhr.h)
systhread_init (declared in base\systhr.h)
systhread_newkey (declared in base\systhr.h)
systhread_setdata (declared in base\systhr.h)
systhread_sleep (declared in base\systhr.h)
systhread_start (declared in base\systhr.h)
systhread_terminate (declared in base\systhr.h)
systhread_timerset (declared in base\systhr.h)
system_errmsg (declared in base\file.h)
system_fclose (declared in base\file.h)
system_flock (declared in base\file.h)
system_fopenRO (declared in base\file.h)
system_fopenRW (declared in base\file.h)
system_fopenWA (declared in base\file.h)
system_fread (declared in base\file.h)
system_fwrite (declared in base\file.h)
system_fwrite_atomic (declared in base\file.h)
system_gmtime (declared in base\file.h)
system_localtime (declared in base\file.h)
system_ulock (declared in base\file.h)
system_unix2local (declared in base\file.h)
util_can_exec (declared in base\util.h)
util_chdir2path (declared in base\util.h)
util_does_process_exist (declared in libproxy\util.h)
util_env_create (declared in base\util.h)
util_env_find (declared in base\util.h)
util_env_free (declared in base\util.h)
util_env_replace (declared in base\util.h)
util_env_str (declared in base\util.h)
util_get_current_gmt (declared in libproxy\util.h)
util_get_int_from_aux_file (declared in libproxy\cutil.h)
util_get_long_from_aux_file (declared in libproxy\cutil.h)
util_get_string_from_aux_file (declared in libproxy\cutil.h)
util_getline (declared in base\util.h)
util_host name (declared in base\util.h)
util_is_mozilla (declared in base\util.h)
util_is_url (declared in base\util.h)
util_itoa (declared in base\util.h)
util_later_than (declared in base\util.h)
util_make_gmt (declared in libproxy\util.h)
util_make_local (declared in libproxy\util.h)
util_move_dir (declared in libproxy\util.h)
util_move_file (declared in libproxy\util.h)
util_parse_http_time (declared in libproxy\util.h)
util_put_string_to_aux_file (declared in libproxy\cutil.h)
util_sh_escape (declared in base\util.h)
util_snprintf (declared in base\util.h)
util_sprintf (declared in base\util.h)
util_strcasecmp (declared in base\systems.h)
util_strncasecmp (declared in base\systems.h)
util_uri_check (declared in libproxy\util.h)
util_uri_escape (declared in base\util.h)
util_uri_is_evil (declared in base\util.h)
util_uri_parse (declared in base\util.h)
util_uri_unescape (declared in base\util.h)
util_url_cmp (declared in libproxy\util.h)
util_url_fix_host name (declared in libproxy\util.h)
util_url_has_FQDN (declared in libproxy\util.h)
util_vsnprintf (declared in base\util.h)
util_vsprintf (declared in base\util.h)
Appendix B Server Data StructuresThe Session Data Structure
The Parameter Block (pblock) Data Structure
The Pb_entry Data Structure
The Client Parameter Block
The Pb_param Data Structure
The Request Data Structure
The Stat Data Structure
The Shared Memory Structure, Shmem_s
The Netbuf Data Structure
The Filebuffer Data Structure
The Cinfo Data Structure
The SYS_NETFD Data Structure
The SYS_FILE Data Structure
The SEMAPHORE Data Structure
The Sockaddr_in Data Structure
The CONDVAR Data Structure
The CRITICAL Data Structure
The SYS_THREAD Data Structure
The CacheEntry Data Structure
Appendix C Proxy Configuration FilesThe magnus.conf File
Ciphers
The obj.conf File
DNS
ErrorLog
LDAPConnPool
LoadObjects
Port
RootObject
Security
ServerName
SSLClientAuth
SSL2
SSL3
SSL3Ciphers
AddLog
The socks5.conf File
flex-log (starting proxy logging)
AuthTrans
proxy-auth (translating proxy authorization)
Connect
DNS
dns-config (suggest treating certain host names as remote)
Error
your-dns-function (a plug-in dns function you create)
Init
Init function order in obj.conf
NameTrans
Calling Init functions
flex-init (starting the flex-log access logs)
icp-init (initializes ICP)
init-batch-update (starting batch updates)
init-cache (starting the caching system)
init-proxy (starting the network software for proxy)
init-proxy-auth (specifying the authentication strategy)
init-ras (starting remote access)
load-modules (loading shared object modules)
load-types (loading MIME-type mappings)
pa-init-parent-array (initializing a parent array member)
pa-init-proxy-array (initializing a proxy array member)
assign name (associating templates with path)
ObjectType
map (mapping URLs to mirror sites)
pac-map (mapping URLs to a local file)
pat-map (mapping URLs to a local file)
pfx2dir (replacing path prefixes with directory names)
cache-enable (enabling caching)
PathCheck
cache-setting (specifying caching parameters)
force-type (assigning MIME types to objects)
http-config (using keep-alive feature)
java-ip-check (checking IP addresses)
type-by-extension (determining file information)
check-acl (attaching an ACL to an object)
Route
deny-service (denying client access)
require-proxy-auth (requiring proxy authentication)
url-check (checking URL syntax)
icp-route (routing with ICP)
Service
pa-enforce-internal-routing (enforcing internal distributed routing)
pa-set-parent-route (setting a hierarchical route)
set-proxy-server (using another proxy to retrieve a resource)
set-socks-server (using a SOCKS server to retrieve a resource)
unset-proxy-server (unsetting a proxy route)
unset-socks-server (unsetting a SOCKS route)
proxy-retrieve (retrieving documents with the proxy)
send-file (sending text file contents to client)
deny-service (denying access to a resource)
Authentication/Ban Host Entries
The bu.conf File
Routing Entries
Variables and Flags
Available Settings
Proxy Entries
Access Control Entries
Specifying Ports
Accept
The icp.conf File
Connections
Count
Days
Depth
Object boundaries
Reject
Source
Time
Type
The ras.conf File
add_parent (adding parent servers to an ICP neighborhood)
add_sibling (adding sibling servers to an ICP neighborhood)
server (configuring the local proxy in an ICP neighborhood)