Chapter 4 Advanced Proxy Cache Configuration

• "Viewing and Modifying Advanced Proxy Cache Configuration Properties"

• "Primary Configuration"

• "Proxy Cascade"

• "Cache Policy"

• "Access Control"

• "Storage Management"

• "Timeouts"

• "Log File Options"

• "Web Server Accelerator Options"

• "External Program Options"

This chapter explains how to perform advanced configuration of the proxy cache service. The chapter assumes you have completed configuration of your Netra Proxy Cache Array, as described in the Netra Proxy Cache Array Configuration Guide.

Viewing and Modifying Advanced Proxy Cache Configuration Properties

You view or modify advanced proxy cache configuration properties in web pages accessed through the Advanced Proxy Cache Configuration page. You reach this page through the Proxy Cache Administration page. See Chapter 3, Loading the Proxy Cache Administration Page," for instructions on loading this page.

To View or Modify Advanced Proxy Cache Configuration Properties

1. In the Proxy Cache Administration page, click Advanced Proxy Cache Configuration.

   The Advanced Proxy Cache Configuration page, shown in Figure 4-1, is displayed.

   Figure 4-1 Advanced Proxy Cache Configuration Page

   
   

The Advanced Proxy Cache Configuration page presents a list of links (shown in Figure 4-1), each of which corresponds to a category of proxy cache properties. For all categories, you follow the same procedure for viewing or modifying a property.

1. In the Advanced Proxy Cache Configuration page, click the link for the category in which a property resides.

2. In the page for that category, view or make changes to the value of a property.

   Most properties have editable fields. A few have toggles (either one value or another) or pulldown menus.

3. At the bottom of the category page, click OK.

   A page is displayed indicating the success or failure of your change. If a change fails, the page is redisplayed with the error indicated. Correct the error and click OK again. With some errors a new page, containing an error message, is displayed. If this occurs, click the Back button on your browser to return to the category page.

   If you click Reset, the values for the properties on a page revert to what they were when you first loaded the page.

4. After a successful change, click the up-arrow icon to return to the Advanced Proxy Cache Configuration page.

   Alternatively, you can click the home icon to return to the Netra Main Administration page.

5. If you make any changes to advanced proxy cache properties, you must use the Install Configuration function to install the changes on all machines in the array. You access this function by clicking the Install Configuration link in the Proxy Cache Administration page.

   See the Netra Proxy Cache Array Configuration Guide for instructions on the use of the Install Configuration function.

The remainder of this chapter is a description of the advanced proxy cache properties, broken down by the categories reflected in the links on the Advanced Proxy Cache Configuration page.

Primary Configuration

To View or Modify Primary Configuration Properties

1. In the Advanced Proxy Cache Configuration page, click Primary Configuration.

   The Primary Configuration page is displayed, as shown in Figure 4-2.

   Figure 4-2 Primary Configuration Page

   
   

2. In the Primary Configuration page, accept or modify values for the following properties:

Proxy Webmaster

An electronic mail address of the person or group who is to receive notices of abnormal conditions in the Netra Proxy Cache Server. The default postmaster is root, which means that the recipients you specified for the Netra System Administrator Alias (see the Netra Proxy Cache Array Configuration Guide) will receive mail bound for the Proxy Webmaster.

Visible Hostname

Error messages generated by the Netra Proxy Cache Server contain the hostname you specify here. The default is the return from the hostname command.

Append Domain Name to Unqualified Host Names

If a URL refers to a host name without a . (period) in its name, the domain name you specify for this property is appended to host name to form a fully qualified domain name.

Port for HTTP Client Requests

The port number at which the Netra Proxy Cache Server listens for HTTP requests. Most users can accept the default of 8080. Do not use 81; the Netra Proxy Cache product uses this number for administrative purposes.

Port for Neighboring Cache ICP Requests

The UDP port number on which the host listens for Internet Cache Protocol (ICP) queries. A value of 0 disables neighbor caching. The default is 3130.

Port for Proxy Cache Server Statistics Requests

The TCP or UDP port on which the Netra Proxy Cache Server provides statistics. The SNMP subagent shipped with the product uses this feature to export the statistics via SNMP. Setting this property to 0 (zero) disables the providing of statistics. The default is 3140. Entering a non-zero value enables proxy cache monitoring, which is described in "Proxy Cache Array Monitoring" and "Proxy Cache Monitoring for Host".

Receive ICP Requests on this Address

If you enter an address, the Netra Proxy Cache Server accepts ICP requests only at the IP address specified here.

Send ICP Requests from this Address

If you enter an address, the Netra Proxy Cache Server sends ICP requests from the IP address specified here.

Operation Mode

Choose between Proxy+Cache (the default) and Proxy Only. If you choose Proxy Only, the Netra Proxy Cache Server does not cache any objects.

Proxy Cascade

To View or Modify Proxy Cascade Properties

1. In the Advanced Proxy Cache Configuration page, click Proxy Cascade.

   The Proxy Cascade page is displayed, an example of which is shown in Figure 4-3.

   Figure 4-3 Proxy Cascade Page (Top Portion)

   
   

Note that the values shown in Figure 4-3 are for example purposes only.

1. In the top portion of the Proxy Cascade page, accept or modify values for the following properties:

Table of Parent and Sibling Proxy Caches

When you load the Proxy Cascade page the table of parents and siblings contains the hosts you entered when you last performed basic proxy cache configuration, as described in the Netra Proxy Cache Array Configuration Guide or Netra Proxy Cache Server Configuration Guide.

The Netra Proxy Cache Server supports associations with both parent and sibling proxy caches. In a Netra Proxy Cache Array, sibling configuration is automatic. That is, hosts in the array have a sibling relationship with one another, which implies an ability to communicate via ICP. You need not enter the host names in the array in this table. If you want to establish a sibling relationship with a host or hosts not in the array, specify the host(s) in the table.

If you have multiple parent proxies that do not support ICP, the proxy cache service contacts those parents in the order you list them here. If you have multiple parents that do support ICP, the proxy cache service determines the "closest" parent by comparing response times to its ICP queries.

The headings in the table of parent and sibling caches are as follows:

Proxy Name

Fully-qualified host name of the parent or sibling proxy cache host. If this host is not in the same domain as the Netra Proxy Cache host or array, you must specify the domain name; for example: webcache.eng.acme.com

Type

A toggle that can be either parent or neighbor (sibling). Upon a miss (not having a requested object) a Netra Proxy Cache Server checks its parents and siblings to see whether any have the object. A sibling only checks its local cache; if it does not have an object it does not ask a parent. A parent, by contrast, is responsible for returning the object, either from its own cache; from its own parent, further upstream (toward the source web server); or from the source web server. See "Parent, Siblings, and the ICP" for a discussion of the Netra Proxy Cache Server's support for parents and siblings.

HTTP Port

The HTTP port number on which the parent or sibling listens for HTTP requests.

ICP Port

The ICP port number on which the parent or sibling listens for ICP requests. A value of 0 means that the parent does not support ICP.

SSL

A checkbox indicating whether a host supports the tunneling of the Secure Sockets Layer protocol.

Persistence

A checkbox indicating whether a host supports the HTTP persistent connections feature, sometimes referred to as "keep-alive".

Query Parent Cache for Domains

The Netra Proxy Cache Server contacts parent or siblings specified for this property only for matching domain names. An alternative form enables you to specify a host for non-matching domain names.

Entries have the form <hostname> <domain name> or <hostname> !<domain name>. For example, if you have a parent wbyeats, in the same domain as the Netra Proxy Cache Server, to which you want directed all traffic related to URLs that contain the domain names sales.acme.com and eng.acme.com, you make an entry:

---

wbyeats sales.acme.com eng.acme.com

---

If you have multiple entries for one host--for example, in addition to the above, if you had: wbyeats fin.com--the domains in those entries are combined to form a single list.

You can also have a reverse match on domain names, so that requests related to URLs that contain domain names that do not match the specified domains are directed to the specified host. So, for example, if you want wbyeats to field all requests related to domains other than the domain names sales.acme.com, you make an entry:

---

wbyeats !sales.acme.com

---

Note that with the reverse-match feature, you can specify only one domain name, either as the only domain name in an entry or as the last domain name in an entry. If you want to prevent use of a given parent for multiple domains, specify additional entries. For example:

---

wbyeats !sales.acme.com
wbyeats !eng.acme.com

---

See "Parent, Siblings, and the ICP" for an example of the use of this property.

Domains Inside Firewall

When you load the Proxy Cascade page the Domains Inside Firewall field contains the domains you entered when you last performed basic proxy cache configuration, as described in the Netra Proxy Cache Array Configuration Guide.

The Netra Proxy Cache Server considers domains you list for this property as being inside a firewall. For URLs containing domains not in this list, the software does not perform a name service resolution (for example, a DNS lookup) of a host name specified in a URL. Also for domains not in this list, if the Netra Proxy Cache Server does not have a requested object in its local cache, it always tries to fetch the object from a parent or sibling cache.

1. Scroll down to the remaining properties in the Proxy Cascade page, as shown in Figure 4-4.

   Figure 4-4 Remaining Proxy Cascade Properties

   
   

IP Addresses Inside Firewall

The Netra Proxy Cache Server considers addresses you list for this property as being inside a firewall. When you specify one or more addresses, the Netra Proxy Cache Server performs a host name resolution (for example, a DNS or NIS lookup) of the address specified in a URL for all requests, to determine whether the address is inside the firewall. For addresses not in this list, if the Netra Proxy Cache Server does not have a requested object in its local cache, it always tries to fetch the object from a parent or sibling cache.

---

Note -

Use of this property degrades server response time because of the overhead associated with host name resolutions.

---

Source Ping

Choose between off (the default) and on. By default, when the Netra Proxy Cache Server receives a request, it pings (sends ICP requests to) its parents and siblings. If Source Ping is on, the software also pings the host specified in the URL of an object it retrieves. This feature can be useful where parents and siblings are overloaded and the source web server is not. Note that Source Ping packets are never sent beyond a firewall.

The following three properties relate to the relaying of WAIS URLs:

Wais Relay Host

Enter the host name of the proxy server to which WAIS URLs will be relayed.

Wais Relay Port

Enter the port number on the above-named host name to which WAIS URLs are to be relayed.

Max. Relay Object Size (MB)

Enter the maximum size (in MB) of a WAIS object that can be received from the Wais Relay Host. The Netra Proxy Cache Server does not relay WAIS objects that exceed this limit.

Local Domains Inside the Firewall

When you load the Proxy Cascade page the Local Domains Inside the Firewall contains the domains you entered for the Domains Inside Firewall field when you last performed basic proxy cache configuration, as described in the Netra Proxy Cache Array Configuration Guide.

The Netra Proxy Cache Server retrieves URLs containing the domains you specify here directly from the source and not from a parent or sibling. These domains should be the same as or a subset of the domains you specify for Domains Inside Firewall (see description above). Specify here domains to which you have good network connectivity, and from which users request relatively small objects. For a given domain, consider whether going to a sibling cache to retrieve an object offers a large advantage over going directly to the source. If it does not, you might want to list the domain here.

Local IP Addresses Inside the Firewall

The Netra Proxy Cache Server retrieves URLs containing the IP addresses you specify here directly from the source and not from a parent or sibling. These addresses should be a subset of the addresses you specify for IP Addresses Inside Firewall (see description above). Specify here addresses to which you have good network connectivity, and from which users request relatively small objects. For a given address, consider whether going to a sibling cache to retrieve an object offers a large advantage over going directly to the source. If it does not, you might want to list the address here.

---

Note -

Use of this property degrades server response time because of the overhead associated with host name resolutions.

---

Cache Policy

To View or Modify Cache Policy Properties

1. In the Advanced Proxy Cache Configuration page, click Cache Policy.

   The Cache Policy page is displayed, as shown in Figure 4-5.

   Figure 4-5 Cache Policy Properties (Top Portion)

   
   

2. Under the Cache Policy heading, enter or accept values for the properties described below.

   The properties are divided into groups reflected in the following headings. Following Gopher Policy parameters (covered in "Gopher Policy"), you must scroll down the web page to view the remaining Cache Policy parameters.

HTTP Policy

Time To Live (min)

The limit on the length of time an HTTP object can remain in the cache. The default is 720 minutes (12 hours).

Max Object Size (MB)

The limit on the size of an HTTP object for caching. The Netra Proxy Cache Server proxies for, but does not cache, HTTP objects that exceed this limit. The default is four MB.

Do not Cache URLs Containing

The Netra Proxy Cache Server does not cache HTTP URLs containing strings you add to this list. The defaults are:

---

/cgi-bin/
/htbin/
/WWW-bin/
?

---

Gopher Policy

Time To Live

The limit on the length of time a Gopher object can remain in the cache. The default, 4320 minutes, is three days.

Max Object Size

The limit on the size of a Gopher object for caching. The Netra Proxy Cache Server proxies for, but does not cache, Gopher objects that exceed this limit. The default is four MB.

Do not Cache URLs Containing

The Netra Proxy Cache Server does not cache Gopher URLs containing strings you add to this list. The default is ? (question mark).

Scroll down to view the remaining properties in the Cache Policy page, as shown in Figure 4-6.

Figure 4-6 Remaining Cache Policy Properties

FTP Policy

Time To Live

The limit on the length of time an FTP object can remain in the cache. The default, 4320 minutes, is three days.

Max Object Size

The limit on the size of an FTP object for caching. The Netra Proxy Cache Server proxies for, but does not cache, FTP objects that exceed this limit. The default is four MB.

Do not Cache URLs Containing

The Netra Proxy Cache Server does not cache FTP URLs containing strings you add to this list. There are no defaults.

URL Policy

Do not Query Neighbors for URLs Containing

For URLs containing strings you add to this list, the Netra Proxy Cache Server looks in its own cache and does not query parent and sibling caches.

TTL Selection Based on URL

The Netra Proxy Cache Server enables you to set the TTL for URLs containing strings that you specify. You can specify the TTL in either of two ways: as an absolute value or as a percentage of an object's age. Entries have the following form:

---

<reg expression>
 <absolute TTL>
 <percentage>
 <maximum TTL>

---

where the variables mean the following:

<reg expression> is a regular expression that is matched against a URL. See "Rules for Pattern Matching for TTL Selection Property" for rules for the regular expression.

<absolute TTL> is the TTL (in minutes) used by the Netra Proxy Cache Server if the percentage method is not used.

<percentage> is the percentage of the duration between an object's last-modified timestamp and the current time.

<maximum TTL> is the upper limit (in minutes) on the TTL.

The proxy cache uses the percentage method of determining the TTL if a matched object has a last-modified timestamp. If an object does not have such a timestamp, the absolute TTL is used instead. You can specify a negative value for <absolute TTL> thereby forcing the percentage method to be used. If a matched object then does not have the required timestamp, the TTL is set from a value set under Cache Policy (see Step 1 under "Cache Policy").

If neither the absolute TTL nor percentage methods result in a TTL for a matched object, the TTL is determined from the values set in the Cache Policy properties.

The Netra Proxy Cache Server checks all patterns in the list and uses the last match.

An example of a TTL-selection entry:

---

^http:// 1440 20 43200

---

The preceding example matches URLs that start with http://. If a URL contains a last-modified timestamp, the TTL for that URL is set to 20% of the difference between the timestamp and the current time. If the URL does not have such a timestamp, the TTL is set to 1440 minutes. In any event, the URL will not stay in the cache longer than 43200 minutes.

Other

Max Request Size

The maximum size of a request, in KB. The default is 100. This value should be large enough to accommodate users who use the POST method to upload files.

Quick Abort

By default, the Netra Proxy Cache Server completes the retrieval of an object even when the request for that object is aborted. This is potentially a benefit because the cache will then have the object should it be requested subsequently and the machine resources and bandwidth consumed to the point of the aborting of the request are not wasted. However, this feature can be a detriment where you have slow links or very busy caches. This feature also allows for the possibility of impatient users tying up a URL by repeatedly aborting and re-requesting non-cachable objects. You have the option of turning this "quick abort" feature on (meaning that object retrieval ceases if the request is aborted). The default is off.

Access Control

To View or Modify Access Control Properties

1. In the Advanced Proxy Cache Configuration page, click Access Control.

   The Access Control page is displayed, as shown in Figure 4-7.

   Figure 4-7 Access Control Properties

   
   

2. Under the Access Control heading, enter or accept values for the properties listed below.

   Enter access control definitions one to a line. To edit an entry, click the entry in the table, then make any changes you want.

Access List Definition

Access lists enable you to control access to the functions of the Netra Proxy Cache Server based on characteristics of a request. To create an access list, you create a name (an arbitrary string), specify the type of access list (types are described below), and specify an argument that is used to match against the request. After creating an access list, you can specify that list for the following properties:

• Client Access Control

• Access to Cache via ICP

• ACLs for Cache Host

• URL Redirection

These properties are described below.

Access list definitions have the following form:

---

<name> <type> <argument>

---

Access list types are as follows:

• src Matches on the source address in a request. It takes an argument of the form: <ip address>/<netmask>. You can specify multiple pairings of IP address and netmask.

• domainMatches on the domain specified in a URL. It takes an argument of the form: .<domain name>. You can specify multiple domain names.

• timeMatches on a time period specified in a URL. It takes an argument of the form: <day of the week> <start time>-<end time>. The variable <day of the week> is expressed as one of the following abbreviations:

Table 4-1 Day-of-Week Abbreviations

S	Sunday
M	Monday
T	Tuesday
W	Wednesday
H	Thursday
F	Friday
A	Saturday

The <start time>-<end time> variables are expressed as <hour>:<minutes>, using a 24-hour clock. So for example, to express a period in the mid-afternoon, you specify 14:15-16:30, meaning from 2:15 PM to 4:30 PM.

• patternMatches on a pattern specified in a URL. It takes an argument of the form: <pattern to be matched>. You can specify multiple patterns.

• portMatches on a port number specified in a URL. It takes an argument of the form: <port number>. You can specify multiple port numbers.

• protoMatches on a protocol specified in a URL. It takes an argument of the form: <protocol> (HTTP, FTP, Gopher, or WAIS). You can specify multiple protocols.

• methodMatches on a method (CONNECT, HEAD, POST, or GET) specified in a URL. It takes an argument of the form: <method name>. You can specify multiple methods.

• serviceMatches on the service specified in a request. It takes an argument of the form: <ip address>/<netmask>. "Service," in this context, is an instance of a service on a host in a Netra Proxy Cache Array, as identified by a service address and netmask.

---

Note -

If you have multiple access lists of the same type, the Netra Proxy Cache Server, when determining which list a URL is in, works from top to bottom and stops after the first match.

---

An example of an access list:

---

adults domain sex.com

---

The preceding example creates an access list named adults of type domain. This list includes all URLs containing a destination domain of sex.com. In the HTTP Access property (described below), you can, for example, deny access to the adults list.

The defaults for Access List Definition are shown in Figure 4-7.

Client Access Control

An entry of the form:

---

allow (or deny) <access list> . . .

---

This and the following properties are used in conjunction with the access lists you create. For a given access list, you can allow or deny access to the HTTP port on the Netra Proxy Cache Server.

The defaults for Client Access Control are shown in Figure 4-7.

Access to Cache via ICP

An entry of the form:

---

allow (or deny) <access list> . . .

---

This and the following property are used in conjunction with the access lists you create. For a given access list, you can allow or deny access to the ICP port on the Netra Proxy Cache Server.

The defaults for Access to Cache via ICP is to allow all accesses.

ACLs for the Cache Host

An entry of the form:

---

<cache server> <access list> . . .

---

Enables you to limit the ICP queries sent to a given host (sibling or ICP-capable parent), based on the content of an access list. If you specify multiple access lists, the Netra Proxy Cache Server applies the first list that matches for a given URL.

URL Redirection

An entry of the form:

---

<access list> . . . : HOST <hostname> PATH <path>

---

Enables you to redirect a URL to a specified host and path. The access lists must be of types domain, service, or pattern. For example, the entry

---

adults : HOST restricted.acme.com PATH /forbidden.html

---

:

...redirects a URL that matches the adults access list to:

---

http://restricted.acme.com/forbidden.html

---

1. To create a URL Redirection entry, enter:

   • The name of one or more access lists, followed by a colon

   • The word HOST and a fully-qualified hostname

   • The word PATH and an absolute pathname

Storage Management

To View or Modify Storage Management Properties

1. Click Storage Management in the Advance Proxy Cache Configuration page. The page shown in Figure 4-8 is displayed.

   Figure 4-8 Storage Management Properties

   
   

2. Under the Storage Management heading, enter or accept values for the following properties:

High-water mark for Memory (%)

Removing of the least recently used objects in memory begins when the high-water mark is reached and ends when enough objects are removed so that the low-water mark (see following property) is reached. Note that objects removed from memory remain on disk. Enter a percentage. The default is 90%.

Low-water mark for Memory (%)

See the description of the high-water mark, above. Enter a percentage. The default is 75%.

High-water mark for Disk Cache (%)

Replacement of the least recently used objects in the disk cache begins when the high-water mark is reached and ends when enough objects are removed so that the low-water mark (see following property) is reached. Enter a percentage. The default is 90%.

Low-water mark for Disk Cache (%)

See the description of the high-water mark, above. Enter a percentage. The default is 75%.

Garbage Collection (GC) Rate (min)

Specifies how often, in minutes, the Netra Proxy Cache Server runs a full garbage collection. Garbage collection involves checking the expiration time of every object in the cache. In the course of normal operation, the Netra Proxy Cache Server removes expired objects, so that explicit garbage collection is not necessary. This feature can be of use if you have a frequent need to reclaim disk space. Note that the server does not process client requests during garbage collection. Enter a number of minutes if you want to use this feature or leave the field blank to disable garbage collection.

Time of Day for GC (HH:MM:SS)

Enables you to schedule garbage collection at an off-peak time. Time is expressed on a 24-hour clock. For example, if you want garbage collection to occur at 3:30 AM, enter 03:30:00.

Timeouts

To View or Modify Timeouts

1. Click Timeouts in the Advanced Proxy Cache Configuration page. The page shown in Figure 4-9 is displayed.

   Figure 4-9 Timeouts Properties

   
   

2. Under the Timeouts heading, enter or accept values for the following properties:

ICP Neighbor Timeout (sec)

The duration the Netra Proxy Cache Server waits for a response to an ICP query. Beyond the timeout you specify, the software gives up on the query target. The default value for this property is 2 seconds. You might consider increasing this value if the network connection between the local machine and a sibling is subject to delays.

Timeout for Server Connections (sec)

The maximum duration, in seconds, the server waits for a connection to be established. The default is two minutes. "Proxy Cache Connect Timeout and Parent Failover" for a discussion of the relationship to this property to the operating system's TCP connect timeout.

Read Timeout (min)

The duration beyond which the Netra Proxy Cache Server disconnects a connection on which no activity is occurring. The default value is 15 minutes.

Client Lifetime (min)

The maximum duration a client (browser) is allowed to remain connected to the cache process. This timeout prevents clients that go away without shutting down from consuming software resources. The default 200 minutes (3 hours, 20 minutes). If you have high-speed client connectivity or occasionally run out of file descriptors, you might want to reduce the default number.

TTL for Negative Caching of Objects (min)

The server caches the fact that a cache request failed (for example, the object identified by a specified URL cannot be found). This negative caching lasts for the number of minutes specified for this property. The default is five minutes.

TTL for Successful DNS Lookups (min)

The server caches the result of a successful host name lookup for the duration specified for this property. The default is six hours. Note that the proxy cache service does not observe the TTL specified in a DNS record.

TTL for failed DNS Lookups (min)

The server can cache the fact that a host name lookup failed. The default is zero minutes, which means that, by default, the server does not perform this type of negative caching.

Log File Options

To View or Modify Log File Options

1. Click Log File Options in the Advanced Proxy Cache Configuration page. The page shown in Figure 4-10 is displayed.

   Figure 4-10 Logs File Options

   
   

2. Under the Logs File Options heading, enter or accept values for the following properties:

Emulate HTTPD Log

By default, the server emulates the log file format used by many HTTP servers. Accept the default of on or select off to turn this feature off.

No. of Logfile Rotations

Specifies the number of log file rotations the server performs upon receipt of a signal from an application such as the rotlog program. With the default of 10, the software creates log files with extensions from 0 through 9. Set this property to 0 to turn off log file rotation. See "Managing Proxy Cache Service Log Files" for a description of rotlog.

Log Directory

You do not have the option to change the default log-storage directory, /var/opt/SUNWcache/cachelogs, in the current release.

Web Server Accelerator Options

To View or Modify Web Server Accelerator Options

1. Click Web Server Accelerator Options in the Advanced Proxy Cache Configuration page. The page shown in Figure 4-11 is displayed.

   Figure 4-11 Web Server Accelerator Options Page

   
   

2. Under the Web Server Accelerator Options heading, enter or accept values for the following properties:

Host for Real HTTP Server

The Netra Proxy Cache Server can act as a front end for an HTTP server. This function is sometimes referred to as an HTTP accelerator. This feature can be useful under the following conditions:

• If the Netra Proxy Cache Server is more powerful or more highly available than the HTTP server.

• If the HTTP server is connected to a slow network, while clients have relatively fast connectivity to the Netra Proxy Cache Server. The Netra Proxy Cache Server hides the effects of the slow link.

• If the HTTP server is vulnerable to attack. The Netra Proxy Cache intercepts all requests. Also, you can set up an access list to limit the effect of an attack

A potential disadvantage of this feature is that the HTTP server does not have available the source IP address of clients.

Enter the fully-qualified hostname of the server for which the Netra Proxy Cache Server is acting as a front end.

Port for Real HTTP Server

The HTTP port on the server for which the Netra Proxy Cache Server is acting as a front end. (See preceding property.)

% Main Memory for Caching Objects

Percentage of memory used for keeping a number of web objects. If you are using the Netra Proxy Cache Server as a front end for an HTTP server, it is recommended you use a value of 12.5 (percent).

Enable Proxy Mode Also

This property determines whether a Netra Proxy Cache Server is acting as a front end, caching only the URLs of the HTTP server being "accelerated" or caches URLs from all web servers. Accept the default value of off or select on to enable caching of URLs from all servers.

External Program Options

To View or Modify External Program Options

1. Click External Program Options in the Advanced Proxy Cache Configuration page. The page shown in Figure 4-12 is displayed.

   Figure 4-12 External Program Options Page

   
   

2. Under the External Program Options heading, enter or accept values for the following properties:

FTP User

The string supplied as the login password for anonymous ftp. This enables you to supply an informative address, if you want.

Options for `ftpget'

The arguments supplied to the ftpget command. The ftpget command retrieves FTP data for the cache. HTTP and Gopher protocol support are built into the proxy cache software. To view a list of valid ftpget arguments, invoke /opt/SUNWcache/lib/ftpget, with no arguments.

No. of Processes for DNS Lookups

Number of processes spawned by the Netra Proxy Cache Server to service DNS name lookups. This number indicates the maximum number of concurrent DNS lookups. On heavily loaded caches, you might want to increase the this value from a default of 5 to 10. The maximum is 32.