test

Sun Java System Web Proxy Server 4.0.5 Configuration File Reference

How the Proxy Server Functions

“Proxy” is a general term that means “to act on behalf of a user in an authorized capacity.” A web proxy server intercepts client connections and obtains the requested content from an origin server, the owner of the content on behalf of the client.

Typical web proxies accept connections from clients, make decisions as to whether the clients are permitted to use the proxy or access the requested resources, and then completes connections on behalf of the clients to the various origin servers. In this manner, the web proxy acts as both a server as well as a client of the requested resource.

The two basic types of web proxy servers are: a forward proxy and a reverse proxy. While they share much of the same functionality, some definite differences exist between the two types.

Forward Proxy Scenario

A Forward proxy provides internal clients access through a firewall to resources on the Internet. This service is often provided as part of a larger intranet security strategy. Forward proxying allows clients to access resources outside of the firewall without compromising the integrity of the private network.

A forward proxy can be configured to keep copies of content within their local cache. Subsequent requests for that content can then be serviced from the local cache rather than obtaining the content from the origin server. Caching increases performance by decreasing the time involved in traversing the network.

Most proxy servers have the capability to filter requests from users. Administrators can choose to limit access to certain resources that might not be appropriate for the workplace and therefore deny such access.

In a forward proxy scenario, the client is aware of the proxy server and is configured to use it for various requests. The firewall can then be configured to allow only certain traffic from the proxy server rather than permitting such access to all internal clients.

Reverse Proxy Scenario

A proxy server can also provide external clients with access to internal resources the reside behind the corporate firewall. When a proxy server is used to handle connections into a private network, the process is called Reverse proxying. The term reverse refers to the fact that traffic flows in the opposite direction from normal proxy traffic flow.

Forward proxies are best used to filter content, increase performance, and log user accesses Reverse proxies provide these benefits and more. You can use reverse proxy to load balance across multiple servers, provide failover capabilities, and provide access to corporate resources in a safe and secure manner.

In a reverse proxy scenario, the client is not even aware that it is using a proxy server. This transparency is one of the key differences between a forward and reverse proxy server scenario.

NSAPI Filters

The NSAPI API enables multiple Server Application Functions (SAFs) to interact in request processing. For example, one SAF could be used to authenticate the client after which a second SAF would generate the content.

Request-Handling Process

At startup, the server performs some initialization and then waits for a request from a client, such as a browser.

The obj.conf file for the server specifies how the request is handled.

  1. Init - The Init functions load and initialize server modules and plugins, and initialize log files.

  2. AuthTrans (authorization translation) - Verify any authorization information (such as name and password) sent in the request.

  3. NameTrans (name translation) - Translate the logical URI into a local file system path.

  4. PathCheck (path checking) - Check the local file system path for validity and check that the requestor has access privileges to the requested resource on the file system.

  5. ObjectType (object typing) - Determine the MIME-type (Multi-purpose Internet Mail Encoding) of the requested resource (for example, text/html, image/gif, and so on).

  6. Input (prepare to read input) - Select filters that will process incoming request data read by the Service step.

  7. Output (prepare to send output) - Select filters that will process outgoing response data generated by the Service step.

  8. Service (generate the response) - Generate and return the response to the client.

  9. AddLog (adding log entries) - Add entries to log file(s).

  10. Error (service) - This step is executed only if an error occurs in the previous steps. If an error occurs, the server logs an error message and aborts the process.

  11. Connect - Call the connect function you specify.

  12. DNS - Call either the dns-config built-in function or a DNS function that you specify.

  13. Filter - Run an external command and then pipe the data through the external command before processing that data in the proxy.

  14. Route - Specify information about where the proxy server should route requests.

Directives for Handling Requests

The obj.conf file contains a series of instructions, known as directives, that tell the Sun Java System Web Proxy Server what to do at each stage in the request-handling process. Each directive invokes a Server Application Function (SAF) with one or more arguments. Each directive applies to a specific stage in the request-handling process. The stages are Init, AuthTrans, NameTrans, PathCheck, ObjectType, Input, Output, Service, AddLog, Connect, DNS, Filter, and Route.