WinRoute - User's Manual

Proxy Server


Content

Proxy Overview
Proxy Server Setup
Configuring Proxy Clients
Access Control
Access Control - Examples
Cache Improvements


Proxy Overview

Proxy Cache
WWW Internet Proxy service functions: The proxy server collects data from the Internet and passes it to the requesting browsers on the local network. This data is also stored in a shareable cache. If the same information is required again, the information is retrieved from the cache. Since the cache is on the local network the retrieval is performed at local network rates, much more quickly than re-accessing the Internet.
Generally, the cache speeds Internet access by locally providing data already visited, thus allowing the Internet access to retrieve only unvisited data. The effect is an increased performance with no change in communication resources.

Access Control
The Proxy server may be used to control access to WWW Service resources. For example, you may limit access of specific users to particular Internet web sites.
Restrictions may be applied to individual users, groups of users or particular URL's.

Proxy Server Setup

General Properties

Port
Port number used by browsers to communicate with proxy server. The default value is 3128. Generally, the default is appropriate.

Enable Logging
Enable logging of Web Page URLs visited by proxied browsers.

Cache Enabled
Enable proxy cache functions. When disabled, browser data is retrieved only from the Internet.

Cache Directory
Directory path of proxy cache data.

Cache Size
The maximum cache extent, in mega-bytes. When the cache exceeds this limit, cache pruning is performed until the extent is reduced to 85% of the limit. The least recently visited data is discarded.

Continue Aborted
When a user selects either the browser's stop button or a new page link before the current page has been completely loaded, the proxy server can continue loading the current page into the cache. Then if the user returns to this page later, it will be presented from the cache. With this option enabled, it is quicker to explore a web site. The back pages will be quickly and completely loaded for review. The first perusal caches the "skipped over" pages; then when back tracking (using the [Back Button])

Keep Aborted
Enable storing of incomplete objects (html pages, images, ...). Incomplete objects may occur when an Internet browser session is disrupted for some reason: lost connection, power loss, sever when off-line, etc. Caching partial pages provides at least some of the desired data for perusal.

Cache FTP directory only
When enabled, only FTP directory listings will be cached. File transfer will not be cached.

Time-To-Live
This value determines the number of days that objects (web pages, images, ...) are retained in the cache. Any requests for objects in the cache older than this are reloaded from the Internet.

TTL Advanced
You can set the number of days any object is retained in the cache based on the object's URL. URL specifications may include wild-card characters (denoted by asterisk) to specify related URL groups.
Examples: *www*, ftp://*.zip

Max. Object Size
Maximum object extent in kilobytes that may be cached. Any single object larger than this limit will be passed to the requesting browser without being copied into the cache.

Advanced Properties

Parent Proxy
DNS name or IP address and port number of a parent proxy server, if one exists. When set, all requests will be forwarded.
Autoconfig File
A location of proxy-autoconfiguration file. This file may be used to configure clients' browser proxy settings. This feature is supported by Netscape Navigator and higher versions of MS Internet Explorer. The file must be edited to insert the computer name and port of the computer running WinRoute proxy server.
In browser, you must enter the URL location of the file. The location is as follows: http://<host>:3129/autoconfig where <host> is the name of the computer running WinRoute.
Idle Timeout
A TCP connection will close when it has been inactive for this period of time.
Connect Retry
Determinates the number of attempts to establish a connection .
Enable Reverse DNS
Enables Reverse DNS resolution for logging purposes.

Configuring Proxy Clients

To use a proxy server, you must set the browser's Proxy IP address and port number fields.

Here are some sample configurations for popular browsers:

Netscape Navigator 2.0, 3.0

  1. Select the menu item: Options->Network Configuration->Proxies
  2. Choose Manual Proxy Configuration
  3. Push the [View] button
  4. Enter the WinRoute IP address and port number for the HTTP, FTP and GOPHER fields. The default port number is 3128.

Netscape Communicator

  1. Select the menu items: Edit -> Preferences -> Advanced -> Proxies
  2. Choose Manual Proxy Configuration
  3. Push [View...] button
  4. Enter the WinRoute IP address and port number for the HTTP, FTP and GOPHER fields. The default port number is 3128.

MS Internet Explorer 3.0

  1. Select the menu items: View->Options->Connections
  2. For the Windows 95 version, press the Proxy button
  3. Enable the check box for Use the same proxy for all protocols.
  4. Enter the WinRoute IP address and port number in the provided fields.

Access Control

Access Control allows you to limit a user's WWW Server access rights.

Access Properties Sheet.
The Access List contains URLs that are to be restricted to specific users and groups. Each URL entry is format as: scheme://host/path -- asterisks may be used to denote arbitrary strings. Each restricted URL has an associated list of users and groups that may access the URL, provided they enter a user name and password when prompted by their browser.
Note: Restricted URLs may always be accessed by members of the Admins group.

WinRoute's Web Interface Access Restriction
Access restrictions may also apply to the WinRoute's administrator web interface. To restrict the web interface add the following line to the Access List: http://WinRoute/admin/* Enter the URL exactly as shown. WinRoute will recognize it's own name; there is no need to enter the actual host name. Before restricting the WinRoute's web interface, confirm that you, as an administrator, are a member of the Admins group. Otherwise you will be blocked from accessing the web interface. However, you may always access the WinRoute configuration setting using the WinRoute GUI application.

Browser Notice:

Access Control - Examples

1. We want to restrict members of [users] group to the following domains: domain.com, work.com, while the user boss should have access anywhere. Set the Access List and user/group list as illustrated:

Access List users/groups
* boss
*.domain.com/* [users]
*.work.com/* [users]

2. To block all accesses to domain bad.com :

Access List users/groups
*.bad.com/*  

Note: Members of [Admins] group may not be blocked from any domain.

 

Cache Improvements

This section describes improvements of Http-Cache in WinRoute. The main difference is the method of storing data in the disk cache. Unlike the other proxy servers with caching functionality (including Microsoft Proxy and Netscape Proxy server) the new version stores cached data in one fixed-length file instead of using a single file for each object. The cache file is organized in a FAT-like fashion with allocation unit of 1024 bytes. This significantly saves the disk space occupied by the cache. For better understanding, see the following table which shows a typical distribution of objects in the cache:
Cache size : 150 MB
1.th column: size in kB 
2.nd column: number of objects
3.rd column: % of total objects

   1   5738  17.57
   2   5626  17.23
   3   4804  14.71
   4   3254   9.96
   5   2615   8.01
   6   1975   6.05
   7   1303   3.99
   8    962   2.95
   9    877   2.69
  10    660   2.02
  11    596   1.83
  12    485   1.49
  13    417   1.28
  14    298   0.91
You may see from the table that 50% of all objects in the cache are smaller than 6 kB. The reason for this is that WWW usually consists of many small objects (html pages, inline images, ...). Storing each object in a single file significantly wastes the disk space on nearly every filesystem.

The following calculation assumes the worst case: large disc formatted with 16-bit FAT table. In this case, the size of allocation unit (cluster) is 32kB.

The actual size allocated on disk by file-oriented cache is :
32 * (5738 + 5626 + 4804 + 3254 + 2615 + 1975 + 1303) = 32 * 25315 = 810080 kB = 791 MB

The actual size allocated in WinRoute cache is :
5738 + 2*5626 + 3*4804 + 4*3254 + 5*2615 + 6*1975 + 7*1303 = 78464 kB = 76 MB

The WinRoute cache needs 10.4 times smaller disk space for storing the cached objects.

 


Copyright © 1997-98 MT-Net