Proxying and routing URLs

his chapter describes how you can configure the proxy server to route URLs to different URLs or to different servers. This chapter also describes how to turn on proxying for specific resources

Enabling proxying for a resource

To enable proxying for a resource,

1. In the Server Manager, click Routing|Enable, Disable.
2. In the Editing drop-down list, choose the resource you want to configure.
3. You can choose a default setting for the resource you specified: you can choose not to proxy that resource (disable proxying), or you can enable proxying of that resource.
   • Use default setting derived from a more general resource means that the settings for a more general resource that includes this one will be used for this resource.
   • Enable proxying of this resource means the proxy lets clients access this resource (provided they pass the other security and authorization checks). When you enable proxying for a resource, all methods are enabled. The read methods, including GET, HEAD, PUT, INDEX, and POST (and CONNECT for SSL proxying), and the write methods, including PUT, MKDIR, RMDIR, MOVE, and DELETE, are all enabled for that resource. Barring any other security checks, clients have all read and write access.
   • Do not proxy this resource means this resource cannot be reached through the proxy.
4. Click OK.

When you route URLs, the proxy can let the client know that the URL is being rerouted. In Netscape Navigator, the location box can display the URL where the proxy retrieved the document. This means that if the client enters the URL http://some.company.com, when the proxy returns the document to the client, it can tell the client that the file really came from http://another.company.com.

If you don't want the proxy server to return the routed URL to the client, use the URL mapping feature, as discussed on page 76.

The following sections describe how to set up routing from one proxy server to another and from one proxy server to a SOCKS server.

Routing through another proxy

For example, within an organization you can chain departmental proxies to a main proxy server, as shown in Figure 5.1. You can also set up several proxies in your organization so that each proxy server accesses and caches only specific files, such as one proxy that services HTTP requests and another that services FTP. Or, you might have one server that caches all files form the .com domain and another that caches all other files.

Chaining proxies together

To route URLs through another proxy,

1. In the Server Manager, choose Routing|Routing.
2. Select the template you want to use. You can choose to route all requests to the proxy server, but this isn't an efficient use of the proxy server.
3. Choose the routing option you want.
   • Derived default configuration means the proxy server uses a more general template (that is, one with a shorter, matching regular expression) to determine if it should use the remote server or another proxy. For example, if the proxy routes all http://.* requests to another proxy server and all http://www.* requests to the remote server, you could create a derived default configuration routing for http://www.netscape.* requests, which would then go directly to the remote server because of the setting for the http://www.* template.
   • Direct connections means the request will always go directly to the remote server instead of through the proxy.
   • Use proxy server lets you specify the other proxy server and its port number in a proxy chain.
4. Click OK. Be sure to save and apply your changes.

1. In the Server Manager, choose Routing|Routing.
2. Select the template you want to use. You can choose to route all requests to the proxy server, but this isn't an efficient use of the proxy server.
3. Choose the routing option you want.
   • Derived default configuration means the proxy server uses a more general template (that is, one with a shorter, matching regular expression) to determine if it should use the remote server or proxy.
   • Direct connections means the request will always go directly to the remote server instead of through the proxy.
   • Use SOCKS server lets you specify the SOCKS server and its port number. See page 67 for more information about SOCKS daemons.
4. Click OK. Be sure to save and apply your changes.

However, there are times when you might want to pass on the client's IP address:

• If your proxy is one in a chain of internal proxies.
• If your clients need to access servers that depend on knowing the client IP address. You can use templates to send the client's IP address only when accessing a particular server or set of servers.

1. In the Server Manager, choose Routing|Client IP Address Forwarding.
2. Choose the template you want to use or choose the entire proxy server to always send the client's IP address.
3. Select an option to turn on IP address forwarding. By default, the proxy server doesn't send IP addresses, but if you have several proxies in a chain and one proxy forwards the IP address to another, the subsequent proxy will also forward the IP address if its option is set to either default or enabled. Choose enabled to have the proxy server forward the client's IP addresses. Choose blocked to never forward the IP address.
4. You can specify an HTTP header for the proxy to use when forwarding IP addresses. The normal HTTP header is named Client-ip, but you can send the IP address in any header you choose.
5. Click OK. Be sure to save and apply your changes.

When disconnected from the network, documents are returned directly from the cache--the proxy can't do up-to-date checks, so the documents are retrieved very quickly (the documents might not be up to date; see Chapter 7 for more information on caching).

Also, if you are not connected to a network, connections never hang because the proxy server is aware that there is no network and never tries to connect to a remote server. You can use this "no network" setting when the network is down, but the proxy server machine is running.

Note
Keep in mind that running the proxy disconnected from the network means that you will eventually be accessing stale data from the cache. Also, running without the network makes the proxy security features unnecessary.

Default Mode is the same as Normal Mode.

Normal Mode is the normal operating mode for the proxy. The proxy retrieves documents from the content server if they are not already in the cache. If they are in the cache, they are checked against the content server to determine if they are up to date. If a cached file has changed, it is replaced with the current copy.

Fast-demo Mode is intended for giving smooth demonstrations. If a document is found in the cache, the content server is not contacted, not even to find out if the document has changed. This gets rid of any latency created by waiting for the content server to respond. If a document is not in the cache, it is retrieved from the content server and cached. The fast-demo mode has less latency than the normal mode, but can occasionally return stale data because once it has a copy of a document, it doesn't do up-to-date checks on it.

No-Network Mode is designed for portable machines during the time they are not connected to the network. The proxy returns the document if it is in the cache, or returns an error if it isn't. The proxy never tries to contact the content server, which prevents the proxy from hanging and timing out while trying to get a connection that doesn't exist.

1. In the Server Manager, choose Routing|Connectivity Mode.
2. Choose the template you want to use or choose to change the mode for the entire proxy server.
3. Select the mode you want, and then click OK.

Changing the default FTP transfer mode

• PASV Mode (the default) means the data connection is initiated from the proxy server, and the FTP server accepts the connection. This is safer for the site running the proxy server because it doesn't have to accept inbound connections.
• PORT Mode means the data connection is initiated by the remote FTP server, and the proxy accepts the incoming connection. If the proxy server is within a firewall, the firewall might block the incoming FTP data connection from the FTP server, which means the PORT mode might not work.

Note
Even when PASV mode is on, the proxy server will use PORT mode if the remote FTP server doesn't support PASV mode.

Mapping URLs to other URLs

To map a URL to a mirror server, you specify a URL prefix and where to map it. The following sections describe the various types of URL mappings.

Creating a URL mapping

• Regular mappings map a partial URL to an absolute URL. For example, you can configure the proxy to go to a specific URL anytime it gets a request that begins http://www.netscape.com.
• Reverse mappings map a partial URL to an absolute URL. These are used with reverse proxies when the internal server sends an error message instead of the document to the proxy. See Chapter 6, "Reverse proxy" for more information.
• Regular expressions map all URLs matching the expression to a single URL. For example, you can map all URLs matching .*sex.* to a specific URL (perhaps one that explains why the proxy server won't let a user go to a particular URL).
• Client autoconfiguration maps URLs to a specific .pac file stored on the proxy server. For more information on autoconfiguration files, see Chapter 10, "Using the client autoconfiguration file."

For example, suppose you have a heavily-loaded web server called hi.load.com that you want mirrored to another server called mirror.load.com. For URLs that go to the hi.load.com computer, you can configure the proxy server to use the mirror.load.com computer.

The source URL prefix must be unescaped, but in the destination (mirror) URL, illegal characters must be escaped.

Warning!
Do not use trailing slashes in the prefixes!

1. In the Server Manager, click URLs|Create Mappings.
2. Choose the type of mapping you want to create.
3. Type the URL prefix. For regular and reverse mappings, this should be the part of the URL you want to substitute. For regular expression mappings, this value should be a regular expression that for all the URLs you want to match. If you also choose a template for the mapping, the regular expression will only work for the URLs within the template's regular expression.

   For client autoconfiguration mappings, this value should be the full URL the client accesses.

4. Type a map destination. For all mapping types except client autoconfiguration, this should be the full URL to map to. For client autoconfiguration, this value should be the absolute path to the .pac file on the proxy server's hard disk.
5. Click OK to create the mapping.

1. Click URLs|View/Edit Mappings. The View, Edit, or Remove URL Mappings form appears.
2. You can edit the prefix, the mapped URL, and template that are affected by the mapping.
3. To remove a mapping, click the mapping you want to change, then click the link at the top of the form called Remove.
4. Click OK to confirm your changes, or click Reset to undo them.

URL redirection is useful when you want to deny access to an area because you can redirect the user to a URL that explains why they were denied access.

To redirect one or more URLs,

1. In the Server Manager, click URLs|Redirect.
2. Type a URL prefix. This can be a complete URL or it can be a wildcard pattern.
3. Type either a URL prefix or a fixed URL to map to.
   • A URL prefix is useful for substituting new domain names or URIs. For example, you could redirect the URL http://www.netscape.com.* to http://home.netscape.com.*.
   • A fixed URL maps to a single URL.
4. Click OK to create the mapping.