Proxy Overview
Proxy Server Setup
Configuring Proxy Clients
Access Control
Access Control - Examples
Cache Improvements
Proxy Cache
WWW Internet Proxy service functions:
The proxy server collects data from the Internet and passes it to
the requesting browsers on the local network. This data is also stored in a shareable cache.
If the same information is required again, the information is retrieved from the cache.
Since the cache is on the local network the retrieval is performed at local network rates,
much more quickly than re-accessing the Internet.
Generally, the cache speeds Internet access by locally providing data already visited,
thus allowing the Internet access to retrieve only unvisited data.
The effect is an increased performance with no change in communication resources.
Access Control
The Proxy server may be used to control access to WWW Service resources.
For example, you may limit access of specific users to particular Internet web sites.
Restrictions may be applied to individual users, groups of users or particular URL's.
Proxy Server Setup
General Properties
Port
Port number used by browsers to communicate with proxy server.
The default value is 3128. Generally, the default is appropriate.
Enable Logging
Enable logging of Web Page URLs visited by proxied browsers.
Cache Enabled
Enable proxy cache functions. When disabled, browser data is retrieved only from the Internet.
Cache Directory
Directory path of proxy cache data.
Cache Size
The maximum cache extent, in mega-bytes. When the cache exceeds this
limit, cache pruning is performed until the extent is reduced to 85% of the limit.
The least recently visited data is discarded.
Continue Aborted
When a user selects either the browser's stop button or a new page link
before the current page has been completely loaded, the proxy server can continue
loading the current page into the cache. Then if the user returns to this page later,
it will be presented from the cache.
With this option enabled, it is quicker to explore a web site.
The back pages will be quickly and completely loaded for review.
The first perusal caches the "skipped over" pages; then when back tracking (using the [Back Button])
Keep Aborted
Enable storing of incomplete objects (html pages, images, ...).
Incomplete objects may occur when an Internet browser session is disrupted for some reason:
lost connection, power loss, sever when off-line, etc.
Caching partial pages provides at least some of the desired data for perusal.
Cache FTP directory only
When enabled, only FTP directory listings will be cached. File transfer will not be cached.
Time-To-Live
This value determines the number of days that objects (web pages, images, ...)
are retained in the cache. Any requests for objects in the cache older than
this are reloaded from the Internet.
TTL Advanced
You can set the number of days any object is retained in the cache based
on the object's URL. URL specifications may include wild-card characters
(denoted by asterisk) to specify related URL groups.
Examples: *www*, ftp://*.zip
Max. Object Size
Maximum object extent in kilobytes that may be cached. Any single object larger than this limit
will be passed to the requesting browser without being copied into the cache.
Advanced Properties
Parent Proxy
DNS name or IP address and port number of a parent proxy server, if one exists.
When set, all requests will be forwarded.
Autoconfig File
A location of proxy-autoconfiguration file. This file may be used
to configure clients' browser proxy settings. This feature is supported
by Netscape Navigator and higher versions of MS Internet Explorer.
The file must be edited to insert the computer name and port of the computer
running WinRoute proxy server.
In browser, you must enter the URL location of the file. The location is as follows:
http://<host>:3129/autoconfig where <host> is the name of the computer running WinRoute.
Idle Timeout
A TCP connection will close when it has been inactive for this period of time.
Connect Retry
Determinates the number of attempts to establish a connection .
Enable Reverse DNS
Enables Reverse DNS resolution for logging purposes.
Configuring Proxy Clients
To use a proxy server, you must set the browser's Proxy IP address and port number fields.
Here are some sample configurations for popular browsers:
Netscape Navigator 2.0, 3.0
Netscape Communicator
MS Internet Explorer 3.0
Access Control
Access Control allows you to limit a user's WWW Server access rights.
Access Properties Sheet.
The Access List contains URLs that are to be restricted to specific users and groups.
Each URL entry is format as: scheme://host/path -- asterisks may be used to denote arbitrary strings.
Each restricted URL has an associated list of users and groups that may access the URL,
provided they enter a user name and password when prompted by their browser.
Note: Restricted URLs may always be accessed by members of the Admins group.
WinRoute's Web Interface Access Restriction
Access restrictions may also apply to the WinRoute's administrator web interface.
To restrict the web interface add the following line to the Access List: http://WinRoute/admin/*
Enter the URL exactly as shown. WinRoute will recognize it's own name;
there is no need to enter the actual host name.
Before restricting the WinRoute's web interface, confirm that you, as an administrator,
are a member of the Admins group. Otherwise you will be blocked from accessing the web interface.
However, you may always access the WinRoute configuration setting using the WinRoute GUI application.
Browser Notice:
Access List | users/groups |
---|---|
* | boss |
*.domain.com/* | [users] |
*.work.com/* | [users] |
2. To block all accesses to domain bad.com :
Access List | users/groups |
---|---|
*.bad.com/* |
Cache size : 150 MB 1.th column: size in kB 2.nd column: number of objects 3.rd column: % of total objects 1 5738 17.57 2 5626 17.23 3 4804 14.71 4 3254 9.96 5 2615 8.01 6 1975 6.05 7 1303 3.99 8 962 2.95 9 877 2.69 10 660 2.02 11 596 1.83 12 485 1.49 13 417 1.28 14 298 0.91You may see from the table that 50% of all objects in the cache are smaller than 6 kB. The reason for this is that WWW usually consists of many small objects (html pages, inline images, ...). Storing each object in a single file significantly wastes the disk space on nearly every filesystem.
The following calculation assumes the worst case: large disc formatted with 16-bit FAT table. In this case, the size of allocation unit (cluster) is 32kB.
The actual size allocated on disk by file-oriented cache is :
32 * (5738 + 5626 + 4804 + 3254 + 2615 + 1975 + 1303) = 32 * 25315 = 810080 kB = 791 MB
The actual size allocated in WinRoute cache is :
5738 + 2*5626 + 3*4804 + 4*3254 + 5*2615 + 6*1975 + 7*1303 = 78464 kB = 76 MB
The WinRoute cache needs 10.4 times smaller disk space for storing the cached objects.