Intel 1520 Configuring security options

82 Intel NetStructure Cache Appliance Administrator’s Guide

▼Viewing cache rules

1Select the conﬁg menu, and press Enter.

2Select cache, and press Enter.

3Select rules, and press Enter.

4Select view rules, and press Enter. Doing so displays the ﬁle containing the

cache rules.

Configuring security options

You can control client access to the appliance and access to the Manager UI.

Controlling client access to the appliance

The appliance uses IP Allow rules to specify ranges of IP addresses that are

allowed to use the appliance as a web proxy. If you want to deny access to

speciﬁc IP addresses, do not include them in an IP Allow rule. You can add,

delete, and view IP Allow rules.

▼Adding IP Allow rules

1Select the conﬁg menu, and press Enter.

2Select security, and press Enter.

3Select server, and press Enter.

4Select add rules, and press Enter.

5Enter an IP allow rule, and press Enter.

6Press CTRL-X to save your rule and return to the previous screen.

Each rule must have the following format:

The IP address or range of IP addresses speciﬁed in the src_ip ﬁeld are

allowed to use the appliance as a web proxy.

Examples

The following rule allows all clients to use the appliance as a web proxy:

The following rule allows a speciﬁc subnet to use the appliance as a web

proxy:

▼Deleting IP Allow rules

1Select the conﬁg menu, and press Enter.

2Select security, and press Enter.

src_ip=IPaddress or IPaddress_range action=ip_allow

src_ip=0.0.0.0-255.255.255.255 action=ip_allow

src_ip=123.12.3.000-123.12.3.123 action=ip_allow

Contents

Main Page Contents Page Page Page Page Page Page Page Preface Who should read this manual This manual uses the following conventions. Conventions used in this manual Chapter 1 Introduction Flexible cache architecture Why use this caching appliance? NetStructure What is an Intel Cache Appliance? Intel NetStructure Cache Appliance features Page How to use this guide Page Page Starting the system for the first time Page Page Page Accessing the Manager UI Page Page Using online help Accessing the command-line interface Verifying that caching works Changing passwords Page Chapter 3 Monitoring Appliance Performance Accessing monitor pages Using the Dashboard page Dashboard alert lights Resolving alarms Exposing node detail Changing the selected node Using the Node page Using the Graphs page Using the Protocols page Using the Cache page Using the ARM page Using the Other page Using the MRTG page Chapter 4 Configuring the Appliance Accessing configure pages Using the Server Basics page Setting general options Setting Web management options Setting virtual IP addressing options What are virtual IP addresses? Using virtual IP addressing for node failover Adding entries to the Virtual IP address list Setting browser auto configuration options Setting throttling of network connections Configuring load-shedding Enabling SNMP agents Using the Protocols page Configuring HTTP Configuring NNTP The following table describes the options. Page Configuring FTP The FTP section lets you congure FTP protocols. The following table describes the options. Using the Cache page Cache activation Storage The following table describes the storage options. The following table describes the freshness options. Freshness Variable content Using the Security page Using the Routing page Setting HTTP parent caching options Setting ICP options Establishing ICP peers Page Setting server accelerator options Checking transparency Checking WCCP Using the Host Database page Configuring the host database Page Configuring DNS Using the Snapshots page Page Chapter 5 Using the Command-Line Interface Starting the command-line interface Starting the appliance the first time Using the appliance after initial start-up Navigating the command-line interface Using the setup menu Changing network addresses configuration Changing the controller speed and transmission mode Changing the DNS address and domain name Changing the gateway address Configuring time zone settings Configuring date and time settings Viewing current network address settings Using the main menu Checking the status of the Server and Manager Starting the appliance Stopping the appliance Viewing and maintaining versions of the software Identifying which versions of the software are currently installed Installing a new version of the appliance software Application upgrade Patch upgrade OS/Application upgrade Running a different version of the appliance software Deleting a version of the appliance software Viewing which version of the appliance software is currently running Clearing statistics Rebooting the System Halting the System Changing the administrator password for telnet or serial access Resetting to factory settings Preparing a cache disk Using the config menu Setting general controls Configuring protocol options Configuring HTTP options Configuring NNTP options Page Page Page Page Page Page Configuring Secure Socket Layer (SSL) port Configuring FTP options Setting filter rules Page Setting remap rules Page Configuring the cache Enabling caching for different protocols Setting disk storage options Setting object freshness options The following table shows the options: Configuring caching rules Page Page Configuring security options Controlling client access to the appliance Controlling access to the Manager UI Configuring routing options Configuring and maintaining ICP peers Page Page Page Page Controlling parent proxy caching Page Page Configuring WCCP options Configuring the Adaptive Redirection Module (ARM) Enabling and disabling transparent redirection Configuring ARM bypass rules Page Configuring load-shedding options Configuring the host database options The following table describes the options: Configuring logging options Using the monitor menu Viewing Node statistics Viewing Protocol statistics Page Page The following table describes the statistics for the FTP protocol: Viewing Cache statistics screen. The following table describes the statistics. Viewing Other statistics the screen. The following table describes the statistics. Page Using the expert menu Using the save menu Using the load menu Using the logoff menu Chapter 6 Troubleshooting Problems Rebooting your system Rebooting your system from the CLI Page Page Appendix A Caching Solutions and Performance Web proxy caching A day in the life of a cache request Ensuring cached object freshness Revalidating objects HTTP object freshness tests Deciding whether to serve HTTP objects Configuring HTTP freshness options Configuring HTTP revalidation Configuring HTTP cachability Caching HTTP alternates To cache or not to cache? Transparent proxy caching Serving requests transparently Interception strategies Using a layer 4-aware switch to filter transparency requests Using a WCCP-enabled router for transparency Using policy-based routing to filter transparency requests ARM redirection Adaptive interception bypass Appliance adaptive bypass More about bypass rules Static and dynamic (adaptive) bypass Configuring bypass options Server acceleration Advantages of server acceleration How server acceleration works Retrieving requested documents Page Web server redirects Understanding server acceleration mapping rules Examples of rules and translations Page Understanding cache hierarchies HTTP cache hierarchies ICP cache hierarchies NNTP cache hierarchies News article caching The appliance as a news server The appliance as a caching proxy news server Supporting several parent news servers Blocking particular groups Clustering Transparency Posting Maintaining the cache: updates and feeds Configuring Access control Obeying NNTP control messages Client bandwidth throttling Carrier-class architecture Performance Page High-availability Alarms Virtual IP failover Load shedding Node fault tolerance Expansion capabilities Centralized administration Page Page Page HTML messages sent to clients Page Standard HTTP response messages Page Page Glossary Page Page Page Page Page Index