Contents
Figures
About this book
Who should read this book
Conventions and terminology used in this book
Accessibility
How to send your comments
Related information
Getting started with Caching Proxy
Overview
Basic Caching Proxy configurations
Reverse proxy (default)
Forward proxy
New feature support
Using the Configuration and Administration forms
Browser requirements
Accessing the Configuration and Administration forms
Setting the administrator password
Using the Configuration Wizard
Manually editing the ibmproxy.conf file
Starting and stopping Caching Proxy
Automatic startup and shutdown on Linux and UNIX systems
Manual startup on Linux and UNIX systems
On AIX:
On HP-UX:
On Linux:
On Solaris:
Startup as a Windows service
Startup as a Windows application
Using the Start menu
Using the command prompt
Starting multiple proxy servers
Manual shutdown on Linux and UNIX systems
Limitations of the shutdown commands
Manual shutdown on a Windows system
Restarting after configuration changes
Configuring and tuning the Caching Proxy process
Define the server
Associated directives
Configuration and Administration forms
Establish process ownership
Associated directives
Configuration and Administration forms
Manage connections
Associated directives
Configuration and Administration forms
Tune the proxy server process
Set performance-related directives
Examine other applications
Verify paging space
Tune the file system
Tune TCP/IP configuration
Tune TCP time wait interval for high-load environments (HP-UX, Linux, Solaris, Windows)
Adjust the Linux kernel
Adjust the AIX thread tuning variables
Configuring Caching Proxy behavior
Manage request processing
Enable HTTP/FTP methods
Associated directives
Configuration and Administration forms
Enable WebDAV methods, MS Exchange methods, and User-defined methods
Associated directives
Define mapping rules
Mapping rules
Configure a surrogate server
Associated directives
Configuration and Administration forms
Enable junction rewrite (optional)
Define the junction without the JunctionPrefix option
Define the junction with the JunctionPrefix option (recommended method)
Associated directives
Configuration and Administration forms
UseCookie as an alternative to JunctionRewrite
Sample transmogrifier plugin to extend JunctionRewrite functionality
Manage delivery of local content
Define document root directory
Associated directives
Configuration and Administration forms
Define default welcome pages
Associated directives
Configuration and Administration forms
Manage FTP connections
Protect FTP files
Manage FTP server login
Manage FTP directory paths
Manage FTP chaining
Customize server processing
Server-side includes
Considerations for server-side includes
Configuration for server-side includes
Format for server-side includes
Directives for server-side includes
Customizing error messages
Real Time Streaming Protocol (RTSP) redirection
About RTSP redirection
RTSP limitation
RTSP enhancement
Configuring RTSP redirection
Configure header options
Associated directives
Configuration and Administration forms
About the application programming interface
Associated directives
Configuration and Administration forms
Configuring proxy server caching
Overview of proxy server caching
Cache storage
The cache index
FTP caching
DNS caching
Cache exclusions
Cache management
Configuring basic caching
1. Enable caching
2. Configure cache storage
Optional customizations
Set cache memory
Save or load cache memory to disk
Set caching filters
Configure caching for query results and dynamically generated files
Configure file expiration and garbage collection
Configure automatic preloading
Configure cache sharing
Configure logging
Controlling what is cached
Configuring URL-based caching filters
Caching query responses
Additional requirements for query response caching
Caching locally served files
Caching files by partial URL
Related configuration file directives
Maintaining cache content
File expiration
Additional information about cache freshness
About dates in FTP
Configuring cache freshness
Garbage collection
Configuring garbage collection
Configuring the cache agent for automatic refreshing and preloading
Setting the server host name
Preloading the cache with specific files
Preloading the cache with frequently cached files
Delving
Related proxy configuration file directives
Starting the cache agent manually
Using a shared cache
Remote cache access
Configuring remote cache access
Configuring the Internet Caching Protocol plug-in
Configuring the ICP plug-in
Caching dynamically generated content
Configuring IBM WebSphere Application Server for proxy caching
Configure dynamic caching at the application server
Configure the application server adapter
Configuring Caching Proxy for dynamic caching
Set the Service directive to enable the dynamic caching plug-in
Set the ExternalCacheManager directive to specify file sources
Tuning the proxy server cache
Choosing the cache storage media
Optimizing disk cache performance
Cache garbage collection
Platform-specific optimizations
AIX
HP-UX and Solaris
Windows
Configuring Caching Proxy security
About proxy server security
Server protection setups
Using the Configuration and Administration forms to set protection
Using configuration file directives to set protection
Default protection settings
Secure Sockets Layer (SSL)
The SSL handshake
SSL performance tuning
SSL tunneling
Configuring SSL tunneling
Configuring secure remote administration
Key and certificate management
Certificate authorities
Using the IBM Key Manager utility
Creating a new key database, password, and stash file
Receiving a CA certificate
Storing a CA certificate
Supported cipher specifications
Enabling the support of cryptographic hardware
Using the Tivoli Access Manager plug-in
Configuration
Steps to take before using the configuration script
Using the configuration script
Starting Caching Proxy and Access Manager plug-in
Using the PAC-LDAP authorization module
Overview
Authentication
Authorization
Lightweight Directory Access Protocol (LDAP)
Installation
Additional requirements and restrictions for secure PACD-LDAP server connections
GSKit is required by LDAP client package
LD_PRELOAD environment variable must be set for Linux systems
On Linux systems, the PACD process fails to start when using IBM Tivoli Directory Server (ITDS) 6.0 LDAP client
On AIX systems, the PAC-LDAP module is unable to load when using IBM Tivoli Directory Server (ITDS) LDAP client
Editing the ibmproxy.conf file to enable the PAC-LDAP authorization module
Editing the PAC-LDAP authorization module configuration files
paccp.conf
pac.conf
pacpolicy.conf
Creating pac_ldap.cred
Starting and stopping pacd
Monitoring Caching Proxy
Configuring logging
About logs
Log file names and basic options
Access log filters
Reasons to control what is logged
Configuring access log filters
Default log settings
Maintaining and archiving logs
Log file scenario
Using the Server Activity Monitor
Appendixes
Appendix A. Using Caching Proxy commands
cgiparse command
cgiutils command
htadm command
htcformat command
ibmproxy command
Appendix B. Configuration file directives
Directives not changed on restart
Overview of directives
Acceptable values
Syntax of configuration file records
Caching Proxy directives
AcceptAnything -- Serve all files
AccessLog -- Name the path for the access log file
AccessLogExcludeMethod -- Suppress log entries for files or directories requested by a specified method
AccessLogExcludeMimeType -- Suppress Proxy access log entries for specific MIME types
AccessLogExcludeReturnCode -- Suppress log entries for specific return codes
AccessLogExcludeURL -- Suppress log entries for specific files or directories
AccessLogExcludeUserAgent -- Suppress log entries from specific browsers
AddBlankIcon -- Specify the URL for the icon used to align the headings of directory listings
AddDirIcon -- Specify the icon URL for directories on directory listings
AddEncoding -- Specify the MIME content encoding of files with particular suffixes
AddIcon -- Bind an icon to a MIME content type or encoding type
AddParentIcon -- Specify the URL for the icon representing a parent directory on directory listings
AddType -- Specify the data type of files with particular suffixes
AddUnknownIcon -- Specify the icon URL for unknown file types on directory listings
AdminPort -- Specify the port for requesting administrative pages or forms
AggressiveCaching -- Specify caching for noncacheable files
AlwaysWelcome -- Specify whether to search the requested directory for welcome files
appendCRLFtoPost -- Append CRLF to POST requests
ArrayName -- Name the remote cache array
Authentication -- Customize the Authentication step
Authorization -- Customize the Authorization step
AutoCacheRefresh -- Specify whether cache refreshing is to be used
BindSpecific -- Specify whether the server binds to one or all IP addresses
BlockSize -- Specify the size of blocks in the cache
CacheAccessLog -- Specify the path for the cache access log files
CacheAlgorithm -- Specify the cache algorithm
CacheByIncomingUrl -- Specify the basis for generating cache file names
CacheClean -- Specify how long to keep cached files
CacheDefaultExpiry -- Specify the default expiration time for files
CacheDev -- Specify a storage device for the cache
CacheExpiryCheck -- Specify whether the server returns expired files
CacheFileSizeLimit -- Specify the maximum size for files to be cached
CacheLastModifiedFactor -- Specify the value for determining expiration dates
CacheLocalDomain -- Specify whether to cache the local domain
CacheMatchLanguage -- Specify the language preference for the returned cache content
CacheMaxExpiry -- Specify the maximum lifetime for cached files
CacheMemory -- Specify the cache RAM
CacheMinHold -- Specify how long to keep files available
CacheNoConnect -- Specify the stand-alone cache mode
CacheOnly -- Cache only the files with URLs that match a template
CacheQueries -- Specify cache responses to URLs containing a question mark (?)
CacheRefreshInterval -- Specify the time interval for revalidating cached objects
CacheRefreshTime -- Specify when to start the cache agent
CacheTimeMargin -- Specify the minimum lifetime for caching a file
CacheUnused -- Specify how long to keep unused cached files
Caching -- Enable proxy caching
CompressAge -- Specify when to compress logs
CompressCommand -- Specify the compression command and parameters
CompressDeleteAge -- Specify when to delete logs
CompressionFilterAddContentType -- Specify the content type of HTTP response you want to compress
CompressionFilterEnable -- Enable the compression filter to compress the HTTP responses
ConfigFile -- Specify the name of an additional configuration file
ConnThreads -- Specify the number of connection threads to be used for connection management
ContinueCaching -- Specify how much of a file is required for caching
DefinePicsRule -- Supply a content-filtering rule
DefProt -- Specify default protection setup for requests that match a template
DelayPeriod -- Specify pausing between requests
DelveAcrossHosts -- Specify caching across domains
DelveDepth -- Specify how far to follow links while caching
DelveInto -- Specify whether the cache agent follows links
DirBackgroundImage -- Specify a background image to directory listings
DirShowBytes -- Show byte count for small files on directory listings
DirShowCase -- Use case when sorting files on directory listings
DirShowDate -- Show the date of last modification on directory listings
DirShowDescription -- Show descriptions for files on directory listings
DirShowHidden -- Show hidden files on directory listings
DirShowIcons -- Show icons in directory listings
DirShowMaxDescrLength -- Specify the maximum length for descriptions on directory listings
DirShowMaxLength -- Specify the maximum length for file names on directory listings
DirShowMinLength -- Specify the minimum length for file names on directory listings
DirShowSize -- Show the file size on directory listings
Disable -- Disable HTTP methods
DisInheritEnv -- Specify the environment variables that are disinherited by CGI programs
DNS-Lookup -- Specify whether the server looks up client host names
Enable -- Enable HTTP methods
EnableTcpNodelay -- Enable TCP NODELAY socket option
Error -- Customize the Error step
ErrorLog -- Specify the file where server errors are logged
ErrorPage -- Specify a customized message for a particular error condition
Defaults
EventLog -- Specify the path for the event log file
Exec -- Run a CGI program for matching requests
ExportCacheImageTo -- Export cache memory to disk
ExternalCacheManager -- Configure the Caching Proxy for dynamic caching from IBM WebSphere Application Server
Fail -- Reject matching requests
FIPSEnable -- Enable Federal Information Processing Standard (FIPS) approved ciphers for SSLV3 and TLS
flexibleSocks -- Enable flexible SOCKS implementation
FTPDirInfo -- Generate a welcome or description message for a directory
ftp_proxy -- Specify another proxy server for FTP requests
FTPUrlPath -- Specify how FTP URLs are interpreted
Gc -- Specify garbage collection
GCAdvisor -- Customize the garbage collection process
GcHighWater -- Specify when garbage collection begins
GcLowWater -- Specify when garbage collection ends
gopher_proxy -- Specify another proxy server for Gopher requests
GroupId -- Specify the group ID
HeaderServerName -- Specify the name of the proxy server returned in the HTTP header
Hostname -- Specify the fully qualified domain name or IP address for the server
http_proxy -- Specify another proxy server for HTTP requests
HTTPSCheckRoot -- Filter HTTPS requests
ICP_Address -- Specify IP address for ICP queries
ICP_MaxThreads -- Specify maximum threads for ICP queries
Occupier -- Specify a member of an ICP cluster
ICP_Port -- Specify port number for ICP queries
ICP_Timeout -- Specify maximum wait time for ICP queries
IgnoreURL -- Specify URLs that are not refreshed
imbeds -- Specify whether server-side include processing is used
ImportCacheImageFrom -- Import cache memory from a file
InheritEnv -- Specify which environment variables are inherited by CGI programs
InputTimeout -- Specify the input timeout
JunctionReplaceUrlPrefix -- Replace URL instead of insert prefix when used with JunctionRewrite plugin
JunctionRewrite -- Enables URL rewriting
JunctionRewriteSetCookiePath -- Rewrite the path option in the Set-Cookie header, when used with JunctionRewrite plugin
JunctionSkipUrlPrefix -- Skip rewriting URLs that already contain the prefix, when used with JunctionRewrite plugin
KeepExpired -- Specify returning the expired copy of the resource if that resource is being updated on the proxy
KeyRing -- Specify the file path to the key ring database
KeyRingStash -- Specify the file path to the key ring database's password file
LimitRequestBody -- Specify the maximum body size in PUT or POST requests
LimitRequestFields -- Specify the maximum number of headers in client requests
LimitRequestFieldSize -- Specify the maximum header length and request line
ListenBacklog -- Specify the number of listen backlog client connections that the server can carry
LoadInlineImages -- Control the refreshing of imbedded images
LoadTopCached -- Specify the number of popular pages to refresh
LoadURL -- Specify the URLs to refresh
Log -- Customize the Log step
LogArchive -- Specify the behavior of log archiving
LogFileFormat -- Specify the access log format
LogToGUI (Windows only) -- Display log entries in the server window
LogToSyslog -- Specify whether to send access information to the system log (Linux and UNIX only)
Map -- Change matching requests to a new request string, using the request path string to match the rule
MapQuery -- Change matching requests to a new request string, using the request path and query string to match the rule
MaxActiveThreads -- Specify the maximum number of active threads
MaxContentLengthBuffer -- Specify the size of the buffer for dynamic data
MaxLogFileSize -- Specify the maximum size for each log file
MaxPersistRequest -- Specify the maximum number of requests to receive on a persistent connection
MaxQueueDepth -- Specify the maximum number of URLs to queue
MaxRuntime -- Specify the maximum time for a cache agent run
MaxSocketPerServer -- Specify the maximum open idle sockets for server
MaxUrls -- Specify the maximum number of URLs to refresh
Member -- Specify a member of an array
Midnight -- Specify the API plugin used to archive logs
NameTrans -- Customize the Name Translation step
NoBG -- Run the Caching Proxy process in foreground
NoCaching -- Specify that files with URLs that match a template are not cached
NoLog -- Suppress log entries for specific hosts or domains that match a template
no_proxy -- Specify templates for connecting directly to domains
NoCacheOnRange -- Specify no caching for Range requests
NoProxyHeader -- Specify the client headers to block
NumClients -- Specify the number of cache agent threads to use
ObjectType -- Customize the Object Type step
OptimizeRuleMapping -- Optimize the rule mapping process for incoming requests when the number of rules increases
OutputTimeout -- Specify the output timeout
PacFilePath -- Specify the directory containing the PAC files
Pass -- Specify the template for accepting requests
PersistTimeout -- Specify the time to wait for the client to send another request
PICSDBLookup -- Customize the PICS label retrieval step
PidFile (Linux and UNIX only) -- Specify the file in which to store the process ID of Caching Proxy
PKCS11DefaultCert, PKCS11DriverPath, PKCS11TokenPassword -- Supports IBM 4960 PCI Cryptographic Accelerator Card (AIX only)
Plugin module directives
Port -- Specify the port on which the server listens for requests
PostAuth -- Customize the PostAuth step
PostExit -- Customize the PostExit step
PreExit -- Customize the PreExit step
Protect -- Activate a protection setup for requests that match a template
Protection -- Define a named protection setup within the configuration file
Protection subdirectives -- Specify how a set of resources is protected
Proxy -- Specify proxy protocols or reverse proxy
ProxyAccessLog -- Name the path for the proxy access log file
ProxyAdvisor -- Customize the servicing of proxy requests
ProxyForwardLabels -- Specify PICS filtering
ProxyFrom -- Specify a client with a From: header
ProxyIgnoreNoCache -- Ignore a reload request
ProxyPersistence -- Allow persistent connections
ProxySendClientAddress -- Generate the Client IP Address: header
ProxyUserAgent -- Modify User Agent string
ProxyVia -- Specify format of HTTP header
ProxyWAS -- Specify that requests are sent to WebSphere Application Server
PureProxy -- Disable a dedicated proxy
PurgeAge -- Specify the age limit for a log
PurgeSize -- Specify the limit for the size of the log archive
RCAConfigFile -- Specify an alias for ConfigFile
RCAThreads -- Specify the number of threads per port
ReadTimeout -- Specify the time limit for a connection
Redirect -- Specify a template for requests sent to another server
RegisterCacheIdTransformer -- Cache more than one variant of a resource based on the Cookie header
ReversePass -- Intercept automatically redirected requests
RewriteSetCookieDomain -- Specify the domain pattern that needs to be rewritten
RTSPEnable -- Enable RTSP redirection
rtsp_proxy_server - Specify servers for redirection
rtsp_proxy_threshold -- Specify number of requests before redirection to a cache
rtsp_url_list_size -- Specify number of URLs in proxy memory
RuleCaseSense -- Maps requests from application URLs that are not case sensitive
ScriptTimeout - Specify the timeout setting for scripts
SendHTTP10Outbound -- Specify the protocol version for proxied requests
SendRevProxyName -- Specify the Caching Proxy host name in the HOST header
ServerConnGCRun -- Specify the interval at which to run garbage collection thread
ServerConnPool -- Specify the pooling of connections to origin servers
ServerConnTimeout -- Specify maximum inactive period
ServerInit -- Customize the Server Initialization step
ServerRoot -- Specify the directory where the server program is installed
ServerTerm -- Customize the Server Termination step
Service -- Customize the Service step
SignificantURLTerminator -- Specify a terminating code for URL requests
SMTPServer (Windows only)-- set an SMTP server for the sendmail routine
SNMP -- Enable and disable SNMP support
SNMPCommunity -- Provide a security password for SNMP
SSLCaching -- Enable caching for a secure request
SSLCertificate -- Specify key labels for certificates
SSLCryptoCard -- Specify the installed cryptographic card
SSLEnable -- Specify listening on port 443 for secure requests
SSLForwardPort -- Specify which port to address for HTTP SSL upgrades
SSLOnly -- Disable listener threads for HTTP requests
SSLPort -- Specify HTTPS listening port other than default
SSLTunneling -- Enable SSL tunneling
SSLVersion -- Specify the version of SSL
SSLV2Timeout -- Specify the time to wait before a SSLV2 session expires
SSLV3Timeout -- Specify the time to wait before a SSLV3 session expires
SuffixCaseSense -- Specify whether suffix definitions are case sensitive
SupportVaryHeader -- Cache more than one variant of a resource based on the HTTP Vary header
TLSV1Enable -- Enable Transport Layer Secure protocol
Transmogrifier -- Customize the Data Manipulation step
TransmogrifiedWarning -- Send warning message to client
TransparentProxy -- Enable transparent proxy on Linux
UpdateProxy -- Specify the cache destination
UserId -- Specify the default user ID
V2CipherSpecs -- List the supported cipher specifications for SSL Version 2
V3CipherSpecs -- List the supported cipher specifications for SSL Version 3
WebMasterEMail -- Set an e-mail address to receive select server reports
WebMasterSocksServer (Windows only)-- set a socks server for the sendmail routine
Welcome -- Specify the names of welcome files