Configuring security options | Intel 1520 guide

▼Viewing cache rules

1 Select the conﬁg menu, and press Enter.

2 Select cache, and press Enter.

3 Select rules, and press Enter.

4 Select view rules, and press Enter. Doing so displays the ﬁle containing the cache rules.

Configuring security options

You can control client access to the appliance and access to the Manager UI.

Controlling client access to the appliance

The appliance uses IP Allow rules to specify ranges of IP addresses that are allowed to use the appliance as a web proxy. If you want to deny access to speciﬁc IP addresses, do not include them in an IP Allow rule. You can add, delete, and view IP Allow rules.

▼Adding IP Allow rules

1 Select the conﬁg menu, and press Enter.

2 Select security, and press Enter.

3 Select server, and press Enter.

4 Select add rules, and press Enter.

5 Enter an IP allow rule, and press Enter.

6 Press CTRL-X to save your rule and return to the previous screen.

Each rule must have the following format:

src_ip=IPaddress or IPaddress_range action=ip_allow

The IP address or range of IP addresses speciﬁed in the src_ip ﬁeld are allowed to use the appliance as a web proxy.

Examples

The following rule allows all clients to use the appliance as a web proxy:

src_ip=0.0.0.0-255.255.255.255 action=ip_allow

The following rule allows a speciﬁc subnet to use the appliance as a web proxy:

src_ip=123.12.3.000-123.12.3.123 action=ip_allow

▼Deleting IP Allow rules

1 Select the conﬁg menu, and press Enter.

2 Select security, and press Enter.

82Intel NetStructure Cache Appliance Administrator’s Guide

Image 94

Intel 1520 manual Configuring security options, Controlling client access to the appliance

Contents

Intel NetStructure 1520 Cache Appliance Copyright 2000, Intel Corporation. All rights reserved Contents Configuring the Appliance Using the Command-Line Interface Troubleshooting Problems 109 Error Messages 151 Changing network address configuration on the NIC Contents 106 Preface Convention Purpose Who should read this manualConventions used in this manual Bold Chapter Introduction Flexible cache architecture What is an Intel NetStructure Cache Appliance?Why use this caching appliance? Web proxy cache Intel NetStructure Cache Appliance features High-speed caching Secure, single-point administrationMultithreading process support Broad protocol support Performance reporting How to use this guideSnmp Network Management To find out about … See …Page Getting Started Controls and physical features on your system Starting the system for the first time Command-line interface‚ on Hhmmss Getting Started Accessing the Manager UI Using Monitor and Configure mode Dashboard Monitor mode frame Configure mode frame Changing passwords Using online helpAccessing the command-line interface Verifying that caching worksPage Monitoring Appliance Performance Accessing monitor pages Using the Dashboard Exposing node detail Resolving alarmsDashboard alert lights Alert light Condition Description Using the Node Changing the selected node Using the Cache Using the GraphsUsing the Protocols Using the ARM Using the Other Using the Mrtg Configuring the Appliance Accessing configure pages Using the Server Basics NetStructure Cache section Setting general optionsOption Description Using virtual IP addressing for node failover Setting Web management optionsSetting virtual IP addressing options What are virtual IP addresses? Adding entries to the Virtual IP address list Setting throttling of network connections Setting browser auto configuration optionsConfiguring load-shedding Enabling Snmp agents Configuring Http Option Definition Configuring Nntp Name and port see Option Definition Configuring FTP FTP Cache activation Storage Freshness For IMS If Modified Since revalidation requests Variable content Following table describes the variable conﬁguration options Using the Routing Using the SecurityLink displays the Change Administrator’s Password Setting Http parent caching options Setting ICP options Establishing ICP peers Field Description Setting server accelerator options Option Description Checking transparency Using the Host DatabaseChecking Wccp Configuring the host database Another invalid hostname message to the user Configuring DNS Using the Snapshots Reaching the Snapshots Using the Command-Line Interface Using the appliance after initial start-up Starting the command-line interfaceStarting the appliance the first time Navigating the command-line interface To do this Do this Using the setup menu Changing network addresses configuration Changing the DNS address and domain name Changing the controller speed and transmission modeChanging the gateway address Viewing current network address settings Configuring time zone settingsConfiguring date and time settings Using the main menu Starting the appliance Checking the status of the Server and ManagerStopping the appliance Installing a new version of the appliance software Viewing and maintaining versions of the software Application upgrade OS/Application upgrade Patch upgradeRunning a different version of the appliance software Clearing statistics Deleting a version of the appliance software Rebooting the System Halting the System Using the config menu Resetting to factory settingsPreparing a cache disk Setting general controls Configuring protocol options Configuring Http options Configuring Nntp options Conﬁguring Nntp servers Following table describes the tags you can use in a rule Tag Description Tag Description Examples Conﬁguring Nntp access Following table lists the access directive options If access is Authenticator is User is Pass is Configuring Secure Socket Layer SSL port Configuring FTP options Setting filter rules Primary Destination Allowed Value Secondary Specifier Allowed Value Action Value Setting remap rules Target Configuring the cache Enabling caching for different protocols Setting disk storage options Setting object freshness options Following table shows the options Configuring caching rules Request URL method use one of the following Destip=112.12.12.12 scheme=ftp action=never-cache Configuring security options Controlling client access to the appliance Controlling access to the Manager UI Configuring and maintaining ICP peers Configuring routing optionsViewing and modifying ICP rules Following table describes each ﬁeld Example Mcttl Viewing current ICP settings Enabling and disabling ICP Setting the ICP query timeout Setting the ICP port numberEnabling and disabling multicast in ICP Controlling parent proxy caching Secondary Specifiers Allowed Value Action Tag Allowed Value Action Tag Allowed Value Configuring Wccp options Configuring the Adaptive Redirection Module ARM Enabling and disabling transparent redirection Configuring ARM bypass rules Rule Description Bypass rules have the following format Rule Format Configuring the host database options Configuring load-shedding options Option Description Configuring logging options Statistic Description Cache Using the monitor menuViewing Node statistics Progress Network Viewing Protocol statisticsStatistic Description Statistics Description Statistics Description Client Server Statistics Description Operations Originating Statistics Description QueriesFrom this Node Viewing Cache statistics From ICP Peers Viewing Other statistics Statistic Description Using the expert menu Using the load menu Using the save menuUsing the logoff menu Troubleshooting Problems Rebooting your system Rebooting your system from the CLI Upgrading software Page Caching Solutions and Performance Appendix a Web proxy caching Day in the life of a cache request Ensuring cached object freshness Cache miss Expires header test Revalidating objectsHttp object freshness tests Last-Modiﬁed / Date header test Deciding whether to serve Http objects Default testRevalidate rules Configuring Http freshness options Configuring Http revalidation Caching Http alternates Configuring Http cachabilityTo cache or not to cache? Transparent proxy caching Directive source Caching directives Serving requests transparently Interception strategies Using a layer 4-aware switch to filter transparency requests Using a WCCP-enabled router for transparency Using policy-based routing to filter transparency requests Using a router to ﬁlter Http requests ARM redirection Appliance adaptive bypass Adaptive interception bypassMore about bypass rules Source bypass Configuring bypass optionsStatic and dynamic adaptive bypass Destination bypass Server acceleration How server acceleration works Advantages of server accelerationRetrieving requested documents Whereas the corresponding proxy request would look like this Web server redirects Understanding server acceleration mapping rules Examples of rules and translations User Request Translated Request User Request Origin Server Header Translated Header Understanding cache hierarchies Http cache hierarchies ICP cache hierarchies Miss Nntp cache hierarchies Bombay News article caching Appliance as a caching proxy news server Appliance as a news serverSupporting several parent news servers Several news servers supplying the same groups Blocking particular groupsClustering Several servers supplying different groups Posting Maintaining the cache updates and feedsTransparency Pull the overview information for speciﬁed groups Dynamically subscribe to speciﬁed groups Configuring Access controlPull the articles for speciﬁed groups Take a partial feed push for speciﬁed groups Client bandwidth throttling Self-tuning DataFlow coreObeying Nntp control messages Carrier-class architecture Alias-free caching Fine-grained parallelismRaw-disk object store Fast space reclamation High-availability AlarmsAdvanced protocol features Fast kernel packet engine Virtual IP failover Monitor Dashboard Expansion capabilities Node fault toleranceLoad shedding Centralized administration Client ACL Page Error Messages Appendix B Html messages sent to clients Title Code Description Appendix B Error Messages 153 Standard Http response messages Message Description Appendix B Error Messages 155 Page Glossary DNS ISP POP Wccp Page Index News server features