Any server accessible from the Internet is at risk for attracting unwanted attention to the system on which it runs. Unauthorized people might try to guess passwords, update files, execute files, or read confidential data. Part of the attraction of the World Wide Web is its openness. However, the Web is open to both positive use and abuse.
The following sections describe how to control who has access to the files on your Caching Proxy server.
Caching Proxy supports Secure Sockets Layer (SSL) connections, in which secure transmissions involving encryption and decryption are established between the client browser and the destination server (either a content server or a surrogate server).
When Caching Proxy is configured as a surrogate, it can establish secure connections with clients, with content servers, or both. To enable SSL connections, in the Configuration and Administration forms, select Proxy Configuration -> SSL Settings. On this form select the Enable SSL check box and specify a key ring database and a key ring database password file.
When Caching Proxy is configured as a forward proxy server, it follows a pass-through protocol called SSL tunneling to pass encrypted requests between the client and the content server. Encrypted information is not cached because the proxy server does not decrypt the tunneled requests. In a forward proxy installation, SSL tunneling is enabled. To disable it, in the Configuration and Administration forms, select Proxy Configuration -> Proxy Settings, and clear the SSL Tunneling check box on this form.
You can take several basic precautions to protect your system:
Packet filtering allows you to define where data can come from and where it can go. You can configure your system to reject certain source-destination combinations.
A firewall separates an internal network from a publicly accessible network, such as the Internet. The firewall can be a group of computers or a single computer that acts as a gateway in both directions, regulating and tracking the traffic passing through it. IBM Firewall is an example of firewall software.
Examples:
Proxy /* http://content server :443
or
Proxy /* https://content server :443