test

Oracle iPlanet Web Proxy Server 4.0.15 Release Notes

Supported Software, Technologies and Protocols

The recent releases of Proxy Server includes the following enhancements.:

Transparent Proxy

Proxy Server 4.0 supports transparent proxy for HTTP/1.1 connections. Transparent proxying involves intercepting and processing web requests by using the proxy server, without the knowledge or control of clients. For example, a router for a local network is configured to redirect incoming TCP connections to the local port, in which the proxy server is active.

Add the following directive to the proxy server default object in the obj.conf file:


NameTrans fn="host-map"

This configuration enables the proxy server to use the HTTP Host: header of incoming requests to identify and redirect the request to the target remote server.

Note –

Transparent proxy servers that decide connections based on the HTTP Host: headers are vulnerable to fake HTTP Host: headers forged through the active content. Therefore, suitable ACL configurations must be implemented to prevent connection to web sites that might host malicious content.

URL Mapping

URL Mapping has been implemented in Proxy Server 4.0.8. It enables the Proxy Server to act as a reverse proxy. This feature enables Proxy Server to provide a single front-end hostname for back-end application servers. Based on a requester's URI, access is provided to back-end servers.

For more information about URL Mapping, see Reverse Proxy Scenario in Oracle iPlanet Web Proxy Server 4.0.14 Configuration File Reference.

For information about Server Application Functions (SAFs) used in URL Mapping, see Server Application Functions (SAFs) in Oracle iPlanet Web Proxy Server 4.0.14 Configuration File Reference.

Monitoring Server

The monitoring capabilities of iPlanet Web Proxy Server provides a detailed list of the server parameters that you can monitor at instance level.

From the Web Proxy Administration Server, you can perform the following actions:

ProcedureMonitoring Server

  1. Access the Administration Server

  2. Click the Instance link from the Manage Servers page

  3. Click the Server Status tab

  4. Click the Monitor Current Activity tab

  5. Set the Monitoring Current Activity to ON to monitor the server

    You can also refresh the server in following intervals 5,10 and 15 seconds and view the statistics of the DNS, Keep-Alive, Cache, Server Requests and Work Thread connections.

Embedded DNS Resolution

The embedded DNS supports the non-default name resolution. The DNS client interacts with a DNS server to perform the name resolution. The new SAF dns-lookup, receives the DNS server's IP address as a server argument. This IP address should be added as a DNS directive in the obj.conf file.

In the following example, IP of the DNS server is specified in the server parameter.

<object>
....
DNS fn="dns-lookup" server="170.168.10.3"
...
</object>

In the following example, you can add multiple DNS server IPs to dns-lookup-init, and it will be used in round robin model. In this scenario, do not add DNS server IP to dns-lookup. If DNS server parameters are added to both dns-lookup and dns-lookup-init, the dns-lookup argument will take the precedence.

...
<Object>
...
DNS fn="dns-lookup"
....
Init fn="dns-lookup-init" servers="170.168.10.3, 170.158.10.4"
</Object>

ACL Cache Tuning

The ACLCacheMax is a magnus.conf parameter that sets a limit to the total number of ACLs stored in the ACL cache. There is no default value for ACLCacheMax and it should be configured for a specific limit.

For example, ACLCacheMax 16384

Note –

The ACL cache in this context does not refer to the ACL user cache. It refers to a cache where ACLs are applicable to specific URLs that are cached for performance reasons.

The GCAtStartup is a magnus.conf parameter that allows boolean value. By default the value is false, if set to true, Cache garbage collector clears the garbage during the server startup. This can increase the server startup time when the cache size is high.

Cache PURGE Feature

Proxy Server allows PURGE requests to clear the cached URL. If the requested URL is purged successfully, a response with an HTTP status code of 200 (OK) is sent by the server. If the specified URL is not cached, a 404 (Not Found) response is sent.

In the following example, the server returns the value 200

bash-2.03$ telnet localhost 8088
Trying 172.9.10.1...
Connected to localhost.
Escape character is '^]'.
PURGE http://foo.com/ HTTP/1.0

HTTP/1.1 200 OK
Server: Oracle-iPlanet-Proxy-Server/4.0
Date: Fri, 26 Oct 2007 08:15:30 GMT
Connection: close

In the following example, the server returns the value 404.

Connection closed by foreign host.
bash-2.03$ telnet localhost 8088
Trying 172.9.10.1...
Connected to localhost.
Escape character is '^]'.
PURGE http://foo.com/ HTTP/1.0

HTTP/1.1 404 Not Found
Server: Oracle-iPlanet-Proxy-Server/4.0
Date: Mon, 17 Sep 2007 10:13:28 GMT
Content-length: 96
Content-type: text/html
Connection: close

Internet Protocol Version 6 (IPv6) Support

You can connect to an IPv6 enabled Web site through the Proxy Server 4.0.11. Proxy server also supports ftp extension for IPv6 in default (passive) mode.

NSS and NSPR Support

Proxy Server 4.0.15 supports Network Security Services (NSS) 3.12.6 and Netscape Portable Runtime (NSPR) 4.8.4.

Modified FTP Transfer Mode

From Proxy Server 4.0.6 release, support for Extended address Passive port (EPSV) mode has been introduced.

Upgrade Support

From Proxy Server 4.0.2 release, the installer supports the upgrade of an existing Proxy Server 4.0 installation to the later version. For the Java Enterprise System installations of Proxy Server 4.0.1, you need to install the patches that correspond to the later release.

Enhanced Hardware Accelerator Encryption Support

Proxy Server 4.0.12 provides hardware accelerator support for Sun Crypto Accelerator 6000, a cryptographic accelerator board that enhances the performance of SSL on the Proxy Server.

Impact of US DST Changes 2007

Daylight Savings Time (DST) starts in USA from the 2nd Sunday of March and ends on the 1st Sunday of November. This impacts the date and time rules of the Operating System.

To make sure that the log files contain the correct time in US time zones, and that the Administration Server is not impacted by this change, you should do the following: