Limiting Access to the Server

See "Access Control" for a description of the properties you use to limit access to the Netra Proxy Cache Server.

To limit access to the server, you define a filter in the Access List Definition property, then specify one or more filters for the following properties:

• Client Access Control

• Access to Cache via ICP

• ACLs for Cache Host

• URL Redirection

When you specify multiple entries for any of the preceding properties, list the lines in the order from the most exclusive (smallest set) toward the most inclusive (largest set). In processing multiple entries, the proxy cache service evaluates entries from to bottom, stopping at the first entry that matches a URL request.

When you specify multiple access lists for a given property, those lists are ANDed.

Limiting by Source Address

The following are example access lists:

---

Under Access List Definition:
eng src 129.144.118.0/255.255.255.0
sales src 129.144.130.0/255.255.255.0
division src 129.144.0.0/255.255.0.0

---

The preceding access lists might be used as follows:

---

Under Client Access Control:
allow eng sales
deny division

---

The preceding entries specify that machines on the subnets 129.144.118.0 and 129.144.130.0 are allowed HTTP access to the Netra Proxy Cache Server, while machines in the division list are excluded.

You might want to restrict Inter Cache Protocol (ICP) access to a server to only those machines. This is illustrated in the following example:

---

Under Access List Definition:
arrayhosts src 129.144.107.1/255.255.255.255 129.144.107.2/255.255.255.255 \
129.144.107.3/255.255.255.255 127.0.0.1/255.255.255.255 
all src 0.0.0.0/0.0.0.0

---

The list arrayhosts includes the host addresses of all machines in a Netra Proxy Cache Array. The list might be used as follows:

---

Under Access to Cache via ICP:
allow arrayhosts
deny all

---

The preceding entries specify that only the array machines are allowed ICP access to the Netra Proxy Cache Server, while all other machines are excluded.

Limiting by Time

The following are example access lists:

---

Under Access List Definition:
nights time M-F 17:01-07:59
weekends time A-S 00:00-24:00
worktime time M-F 08:00-1700

---

The preceding access lists might be used as follows:

---

Under Client Access Control:
deny nights weekends
allow worktime

---

Note that A is the abbreviation for Saturday and S for Sunday.

Limiting by Domain in Request

The following are example access lists:

---

Under Access List Definition:
poets domain .poetry .rhyme
sports domain .espn .cnnsi
cooks domain .culinary .gourmet

---

The preceding access lists might be used as follows:

---

Under Client Access Control:
deny poets sports cooks

---

You might want to allow users access to the cache for non-work-hours web access. The following example uses time-based access lists defined in the preceding subsection.

---

Under Client Access Control:
deny worktime poets sports cooks
allow nights weekends poets sports cooks

---

Redirecting Requests

The following are example access lists:

---

Under Access List Definition:
politics domain .rightwing .leftwing
pop_culture domain .disney .twarner

---

The preceding access lists might be used as follows:

---

Under URL Redirection:
politics : HOST www.vatican.net PATH /index.html
pop_culture : HOST lcweb.loc.gov PATH /homepage/lchp.html

---

The effect of the preceding lines is that URL requests that match the politics filter are redirected to http://www.vatican.net/index.html. Requests that match pop_culture are redirected to http://lcweb.loc.gov/homepage/lchp.html.