The recent releases of Proxy Server includes the following enhancements.:
Proxy Server 4.0 supports transparent proxy for HTTP/1.1 connections. Transparent proxying involves intercepting and processing web requests by using the proxy server, without the knowledge or control of clients. For example, a router for a local network is configured to redirect incoming TCP connections to the local port, in which the proxy server is active.
Add the following directive to the proxy server default object in the obj.conf file:
NameTrans fn="host-map" |
This configuration enables the proxy server to use the HTTP Host: header of incoming requests to identify and redirect the request to the target remote server.
Transparent proxy servers that decide connections based on the HTTP Host: headers are vulnerable to fake HTTP Host: headers forged through the active content. Therefore, suitable ACL configurations must be implemented to prevent connection to web sites that might host malicious content.
URL Mapping has been implemented in Proxy Server 4.0.8. It enables the Proxy Server to act as a reverse proxy. This feature enables Proxy Server to provide a single front-end hostname for back-end application servers. Based on a requester's URI, access is provided to back-end servers.
For more information about URL Mapping, see Reverse Proxy Scenario in Oracle iPlanet Web Proxy Server 4.0.14 Configuration File Reference.
For information about Server Application Functions (SAFs) used in URL Mapping, see Server Application Functions (SAFs) in Oracle iPlanet Web Proxy Server 4.0.14 Configuration File Reference.
The monitoring capabilities of iPlanet Web Proxy Server provides a detailed list of the server parameters that you can monitor at instance level.
From the Web Proxy Administration Server, you can perform the following actions:
View server statistics at an instance level.
Enable/Disable at an instance level.
Access the Administration Server
Click the Instance link from the Manage Servers page
Click the Server Status tab
Click the Monitor Current Activity tab
Set the Monitoring Current Activity to ON to monitor the server
You can also refresh the server in following intervals 5,10 and 15 seconds and view the statistics of the DNS, Keep-Alive, Cache, Server Requests and Work Thread connections.
The embedded DNS supports the non-default name resolution. The DNS client interacts with a DNS server to perform the name resolution. The new SAF dns-lookup, receives the DNS server's IP address as a server argument. This IP address should be added as a DNS directive in the obj.conf file.
In the following example, IP of the DNS server is specified in the server parameter.
<object> .... DNS fn="dns-lookup" server="170.168.10.3" ... </object>
In the following example, you can add multiple DNS server IPs to dns-lookup-init, and it will be used in round robin model. In this scenario, do not add DNS server IP to dns-lookup. If DNS server parameters are added to both dns-lookup and dns-lookup-init, the dns-lookup argument will take the precedence.
... <Object> ... DNS fn="dns-lookup" .... Init fn="dns-lookup-init" servers="170.168.10.3, 170.158.10.4" </Object>
The ACLCacheMax is a magnus.conf parameter that sets a limit to the total number of ACLs stored in the ACL cache. There is no default value for ACLCacheMax and it should be configured for a specific limit.
For example, ACLCacheMax 16384
The ACL cache in this context does not refer to the ACL user cache. It refers to a cache where ACLs are applicable to specific URLs that are cached for performance reasons.
The GCAtStartup is a magnus.conf parameter that allows boolean value. By default the value is false, if set to true, Cache garbage collector clears the garbage during the server startup. This can increase the server startup time when the cache size is high.
Proxy Server allows PURGE requests to clear the cached URL. If the requested URL is purged successfully, a response with an HTTP status code of 200 (OK) is sent by the server. If the specified URL is not cached, a 404 (Not Found) response is sent.
In the following example, the server returns the value 200
bash-2.03$ telnet localhost 8088 Trying 172.9.10.1... Connected to localhost. Escape character is '^]'. PURGE http://foo.com/ HTTP/1.0 HTTP/1.1 200 OK Server: Oracle-iPlanet-Proxy-Server/4.0 Date: Fri, 26 Oct 2007 08:15:30 GMT Connection: close
In the following example, the server returns the value 404.
Connection closed by foreign host. bash-2.03$ telnet localhost 8088 Trying 172.9.10.1... Connected to localhost. Escape character is '^]'. PURGE http://foo.com/ HTTP/1.0 HTTP/1.1 404 Not Found Server: Oracle-iPlanet-Proxy-Server/4.0 Date: Mon, 17 Sep 2007 10:13:28 GMT Content-length: 96 Content-type: text/html Connection: close
You can connect to an IPv6 enabled Web site through the Proxy Server 4.0.11. Proxy server also supports ftp extension for IPv6 in default (passive) mode.
Proxy Server 4.0.15 supports Network Security Services (NSS) 3.12.6 and Netscape Portable Runtime (NSPR) 4.8.4.
From Proxy Server 4.0.6 release, support for Extended address Passive port (EPSV) mode has been introduced.
From Proxy Server 4.0.2 release, the installer supports the upgrade of an existing Proxy Server 4.0 installation to the later version. For the Java Enterprise System installations of Proxy Server 4.0.1, you need to install the patches that correspond to the later release.
Proxy Server 4.0.12 provides hardware accelerator support for Sun Crypto Accelerator 6000, a cryptographic accelerator board that enhances the performance of SSL on the Proxy Server.
Daylight Savings Time (DST) starts in USA from the 2nd Sunday of March and ends on the 1st Sunday of November. This impacts the date and time rules of the Operating System.
To make sure that the log files contain the correct time in US time zones, and that the Administration Server is not impacted by this change, you should do the following:
Download and install the appropriate Operating System patches. You can download the Solaris patches from: http://sunsolve.sun.com/search/document.do?assetkey=1-26-102775-1
For other platforms, download similar DST compatible patches from the respective Operating System vendor's web sites.
For Solaris, Windows, and Linux, run Proxy Server with JRE 1.5.0_12. For HP-UX, run Proxy Server with JRE 1.5.0_12.