Enhancements in Sun Java System Web Proxy Server Releases

The following enhancements have been made in recent releases of Proxy Server:

URL Mapping

URL Mapping has been implemented in Proxy Server 4.0.8. It allows the Proxy Server to act as a reverse proxy. This feature allows Proxy Server to provide a single front-end hostname for back-end application servers. Based on a requester's URI, access is provided to back-end servers.

For more information on URL Mapping, see Reverse Proxy Scenario in Sun Java System Web Proxy Server 4.0.9 Configuration File Reference.

For information on Server Application Functions (SAFs) used in URL Mapping, see Server Application Functions (SAFs) in Sun Java System Web Proxy Server 4.0.9 Configuration File Reference.

Registration with Sun Connection

You can use the Admin Server to register the Web Proxy Server with Sun Connection. Click the Register with Sun Connection button, a client.jnlp application opens up. Follow the wizard to complete the registration.

By registering the Web Proxy Server with Sun Connection you receive the following benefits:

• Patch information and bug updates

• News and events

• Support and training offerings

This feature is supported only on Solaris SPARC, x86 and Linux platforms. To avail this feature on Solaris, you need to install SUNWservicetagr and SUNWservicetagu packages in SPARC and x86 systems.

To avail this feature on Linux, you should install the sun-servicetag-1.0.0-1.0.i386.rpm.

Monitoring Server

The monitoring capabilities of Sun Java System Web Proxy Server provides a detailed list of the server parameters that you can monitor at instance level.

From the Web Proxy Administration Server, you can perform the following actions:

• View server statistics at an instance level.

• Enable/Disable at an instance level.

Monitoring Server

1. Access the Administration Server

2. Click the Instance link from the Manage Servers page

3. Click the Server Status tab

4. Click the Monitor Current Activity tab

5. Set the Monitoring Current Activity to ON to monitor the server

   You can also refresh the server in following intervals 5,10 and 15 seconds and view the statistics of the DNS, Keep-Alive, Cache, Server Requests and Work Thread connections.

Embedded DNS Resolution

The embedded DNS supports the non-default name resolution. The DNS client interacts with a DNS server to perform the name resolution. The new SAF dns-lookup, receives the DNS server's IP address as a server argument. This IP address should be added as a DNS directive in the obj.conf file.

In the following example, IP of the DNS server is specified in the server parameter.

<object>
....
DNS fn="dns-lookup" server="170.168.10.3"
...
</object>

In the following example, you can add multiple DNS server IPs to dns-lookup-init, and it will be used in round robin model. In this scenario, do not add DNS server IP to dns-lookup. If DNS server parameters are added to both dns-lookup and dns-lookup-init, the dns-lookup argument will take the precedence.

...
<Object>
...
DNS fn="dns-lookup"
....
Init fn="dns-lookup-init" servers="170.168.10.3, 170.158.10.4"
</Object>

ACL Cache Tuning

The ACLCacheMax is a magnus.conf parameter that sets a limit to the total number of ACLs stored in the ACL cache. There is no default value for ACLCacheMax and it should be configured for a specific limit.

For example, ACLCacheMax 16384

The ACL cache in this context does not refer to the ACL user cache. It refers to a cache where ACLs are applicable to specific URLs that are cached for performance reasons.

The GCAtStartup is a magnus.conf parameter that allows boolean value. By default the value is false, if set to true, Cache garbage collector clears the garbage during the server startup. This can increase the server startup time when the cache size is high.

The New Directives in the magnus.conf File

This section lists the newly added parameters in the magnus.conf file.

Cache PURGE Feature

Proxy Server allows PURGE requests to clear the cached URL. If the requested URL is purged successfully, a response with an HTTP status code of 200 (OK) is sent by the server. If the specified URL is not cached, a 404 (Not Found) response is sent.

In the following example, the server returns the value 200

bash-2.03$ telnet localhost 8088
Trying 172.9.10.1...
Connected to localhost.
Escape character is '^]'.
PURGE http://foo.com/ HTTP/1.0

HTTP/1.1 200 OK
Server: Sun-Java-System-Web-Proxy-Server/4.0
Date: Fri, 26 Oct 2007 08:15:30 GMT
Connection: close

In the following example, the server returns the value 404.

Connection closed by foreign host.
bash-2.03$ telnet localhost 8088
Trying 172.9.10.1...
Connected to localhost.
Escape character is '^]'.
PURGE http://foo.com/ HTTP/1.0

HTTP/1.1 404 Not Found
Server: Sun-Java-System-Web-Proxy-Server/4.0
Date: Mon, 17 Sep 2007 10:13:28 GMT
Content-length: 96
Content-type: text/html
Connection: close

Internet Protocol Version 6 (IPv6) Support

You can connect to an IPv6 enabled Website through the Proxy Server 4.0.9. Proxy server also supports ftp extension for IPv6 in default (passive) mode.

NSS 3.11.7 and NSPR 4.6.7 Support

Proxy Server 4.0.9 supports Network Security Services (NSS) 3.11.7 and Netscape Portable Runtime (NSPR) 4.6.7.

Modified FTP Transfer Mode

From Proxy Server 4.0.6 release, support for Extended address Passive port (EPSV) mode has been introduced.

Upgrade Support

From Proxy Server 4.0.2 release, the installer supports the upgrade of an existing Proxy Server 4.0 installation to the later version. For the Java Enterprise System installations of Proxy Server 4.0.1, you need to install the patches that correspond to the later release.

Enhanced Hardware Accelerator Encryption Support

Proxy Server 4.0.9 provides hardware accelerator support for Sun^TM Crypto Accelerator 6000, a cryptographic accelerator board that enhances the performance of SSL on the Proxy Server.