The recent releases of Proxy Server includes the following enhancements.:
A performance tuning, sizing, and scaling guide has been introduced in 4.0.11. This document provides tuning, sizing, and scaling tips and suggestions; possible solutions to common performance problems; and data from scalability studies. It also addresses miscellaneous configuration and platform-specific issues. For more information, see Sun Java System Web Proxy Server 4.0.12 Performance Tuning, Sizing, and Scaling Guide
Proxy Server 4.0 supports transparent proxy for HTTP/1.1 connections. Transparent proxying involves intercepting and processing web requests by using the proxy server, without the knowledge or control of clients. For example, a router for a local network is configured to redirect incoming TCP connections to the local port, in which the proxy server is active.
Add the following directive to the proxy server default object in the obj.conf file:
NameTrans fn="host-map" |
This configuration enables the proxy server to use the HTTP Host: header of incoming requests to identify and redirect the request to the target remote server.
Transparent proxy servers that decide connections based on the HTTP Host: headers are vulnerable to fake HTTP Host: headers forged through the active content. Therefore, suitable ACL configurations must be implemented to prevent connection to web sites that might host malicious content.
URL Mapping has been implemented in Proxy Server 4.0.8. It enables the Proxy Server to act as a reverse proxy. This feature enables Proxy Server to provide a single front-end hostname for back-end application servers. Based on a requester's URI, access is provided to back-end servers.
For more information about URL Mapping, see Reverse Proxy Scenario in Sun Java System Web Proxy Server 4.0.12 Configuration File Reference.
For information about Server Application Functions (SAFs) used in URL Mapping, see Server Application Functions (SAFs) in Sun Java System Web Proxy Server 4.0.12 Configuration File Reference.
You can use the Admin Server to register the Web Proxy Server with Sun Connection. Click the Register with Sun Connection button, a client.jnlp application opens up. Follow the wizard to complete the registration.
By registering the Web Proxy Server with Sun Connection you receive the following benefits:
Patch information and bug updates
News and events
Support and training offerings
This feature is supported only on Solaris SPARC, x86 and Linux platforms. To avail this feature on Solaris, you need to install SUNWservicetagr and SUNWservicetagu packages in SPARC and x86 systems.
To avail this feature on Linux, you should install the sun-servicetag-1.0.0-1.0.i386.rpm.
The monitoring capabilities of Sun Java System Web Proxy Server provides a detailed list of the server parameters that you can monitor at instance level.
From the Web Proxy Administration Server, you can perform the following actions:
View server statistics at an instance level.
Enable/Disable at an instance level.
Access the Administration Server
Click the Instance link from the Manage Servers page
Click the Server Status tab
Click the Monitor Current Activity tab
Set the Monitoring Current Activity to ON to monitor the server
You can also refresh the server in following intervals 5,10 and 15 seconds and view the statistics of the DNS, Keep-Alive, Cache, Server Requests and Work Thread connections.
The embedded DNS supports the non-default name resolution. The DNS client interacts with a DNS server to perform the name resolution. The new SAF dns-lookup, receives the DNS server's IP address as a server argument. This IP address should be added as a DNS directive in the obj.conf file.
In the following example, IP of the DNS server is specified in the server parameter.
<object> .... DNS fn="dns-lookup" server="170.168.10.3" ... </object>
In the following example, you can add multiple DNS server IPs to dns-lookup-init, and it will be used in round robin model. In this scenario, do not add DNS server IP to dns-lookup. If DNS server parameters are added to both dns-lookup and dns-lookup-init, the dns-lookup argument will take the precedence.
... <Object> ... DNS fn="dns-lookup" .... Init fn="dns-lookup-init" servers="170.168.10.3, 170.158.10.4" </Object>
The ACLCacheMax is a magnus.conf parameter that sets a limit to the total number of ACLs stored in the ACL cache. There is no default value for ACLCacheMax and it should be configured for a specific limit.
For example, ACLCacheMax 16384
The ACL cache in this context does not refer to the ACL user cache. It refers to a cache where ACLs are applicable to specific URLs that are cached for performance reasons.
The GCAtStartup is a magnus.conf parameter that allows boolean value. By default the value is false, if set to true, Cache garbage collector clears the garbage during the server startup. This can increase the server startup time when the cache size is high.
This section lists the newly added parameters in the magnus.conf file.
Table 1 magnus.conf Directives
Parameters |
Valid Values |
Description |
---|---|---|
ACLCacheMax |
1 |
Specify a configurable limit for the ACL cache. This directive restricts the size of ACL cache, thus removing old entries from the cache which otherwise contributes significantly to memory usage. |
FtpPoolSize |
1 – 65536 |
Specify the size of the FTP connection pool. The default value is 256. |
FtpPoolLife |
1 – 65536 |
Specify the life of the connection in seconds, that the FTP connection remain unused in the pool before the monitor thread closes it. The default value is 3600. |
FtpPoolMonitorThread |
OFF |
Specify the boolean value to monitor the FTP thread functionality. The default is ON. |
FtpPoolMonitorLevel |
0 |
Specify an integer value. If set to 0 the pool monitor thread checks whether the connection is dead or alive. If set to 1, the NOOP command is sent to the connection and awaits for the reply. Failure to get a response will cause the connection to be removed from the pool. The default level is 1. |
FtpPoolMonitorInterval |
30 – 65536 |
Specify an integer value in seconds, after which the pool connections are monitored. The default value is 30 |
LDAPPoolMonitorThread |
Takes a boolean value. |
If set to TRUE, a ldap pool monitor thread would be created which monitors the ldap connection pool at regular intervals. The default value is FALSE. |
LDAPPoolMonitorInterval |
Takes an integer argument. |
Specifies the interval at which the ldap pool monitor thread inspects the ldap connection pool. The default value is 30. |
LDAPPoolRevalidate |
Takes a boolean value. |
If set to TRUE, every connection that is picked off the connection pool will be "revalidated" before being passed on to the caller. The default value is FALSE. |
Proxy Server allows PURGE requests to clear the cached URL. If the requested URL is purged successfully, a response with an HTTP status code of 200 (OK) is sent by the server. If the specified URL is not cached, a 404 (Not Found) response is sent.
In the following example, the server returns the value 200
bash-2.03$ telnet localhost 8088 Trying 172.9.10.1... Connected to localhost. Escape character is '^]'. PURGE http://foo.com/ HTTP/1.0 HTTP/1.1 200 OK Server: Sun-Java-System-Web-Proxy-Server/4.0 Date: Fri, 26 Oct 2007 08:15:30 GMT Connection: close
In the following example, the server returns the value 404.
Connection closed by foreign host. bash-2.03$ telnet localhost 8088 Trying 172.9.10.1... Connected to localhost. Escape character is '^]'. PURGE http://foo.com/ HTTP/1.0 HTTP/1.1 404 Not Found Server: Sun-Java-System-Web-Proxy-Server/4.0 Date: Mon, 17 Sep 2007 10:13:28 GMT Content-length: 96 Content-type: text/html Connection: close
You can connect to an IPv6 enabled Web site through the Proxy Server 4.0.11. Proxy server also supports ftp extension for IPv6 in default (passive) mode.
Proxy Server 4.0.11 supports Network Security Services (NSS) 3.12.3 and Netscape Portable Runtime (NSPR) 4.7.4.
From Proxy Server 4.0.6 release, support for Extended address Passive port (EPSV) mode has been introduced.
From Proxy Server 4.0.2 release, the installer supports the upgrade of an existing Proxy Server 4.0 installation to the later version. For the Java Enterprise System installations of Proxy Server 4.0.1, you need to install the patches that correspond to the later release.
Proxy Server 4.012. provides hardware accelerator support for SunTM Crypto Accelerator 6000, a cryptographic accelerator board that enhances the performance of SSL on the Proxy Server.