|
|
| Previous | Table of Contents | Next |
The userid, directory, and timeout values serve the same functions as the other proxy agents in the Toolkit. However, you need to examine the rules that the default-httpd server, default-gopher server, and default-ftp server play. To understand their impact, you need to examine how a non-proxy-aware and a proxy-aware WWW client operate.
A non-proxy-aware HTTP client, such as Internet Explorer Version 1.0 from Microsoft, cannot communicate with a proxy. The user must configure the client to connect first to the firewall, and then to go to the desired site. To do this, the user must specify the URL in the format:
http://firewall_system/http://destinationas in
http://pc.unilabs.org/http://www.unilabs.orgThe client will pass the request for http://www.unilabs.org to the firewall. The firewall then establishes the connections required to bring the requested information to the client.
Although a proxy-aware client can still use this format, this is the only format that can be used with non-proxy HTTP clients. World Wide Web clients are also capable of accessing FTP and Gopher services. Table 6.12 lists the URL formats used for each of these services.
| Service | URL |
|---|---|
| HTTP | http://firewall_name/http://www_server |
| Gopher | http://firewall_name/gopher://gopher_server |
| FTP | http://firewall_name/ftp://FTP_server |
Internet users who work with non-proxy-aware clients need to make changes to their WWW client if a firewall is installed after the users have developed and built their hotlists. In these situations, their WWW client hotlists will have to be edited to include the firewall in the URL.
A proxy-aware HTTP client such as Netscape Navigator or NCSA Mosaic does not have these problems. However, some application-specific configuration is required to make it work. Although nothing additional must be done on the HTTP proxy side, the client must be configured with the appropriate proxy information.
Aside from this application-specific customization, there are no other difficulties in using the proxy-aware client. When these WWW clients have been configured, they are much easier for the end user to handle because there is less confusion in accessing sites.
All World Wide Web clients can access Gopher (and FTP) sites. As you have seen, if the client is aware of the proxy, access to these different types of Internet sites is much simpler to set up. Accessing a Gopher server with a World Wide Web browser is much easier than with many Gopher clients, if the World Wide Web browser is proxy-aware. Connecting to the Gopher server is as simple as specifying an URL:
http://firewall_host_name/gopher://gopher_server_nameThis syntax allows the connection to the external Gopher server through the firewall.
Up to this point in the chapter, you have seen how the user interacts with the proxy. Now examine how you can alter the operation of the proxy by applying some host access rules. Some of these rules have been examined already, and are important enough to mention again. The host access rules may include optional parameters to further control the session. Some of these parameters include restricting the allowable functions. The rules and their parameters are included in table 6.13.
| Option | Descriptions |
|---|---|
| Hosts host-pattern [host-pattern …] [options] Permit-hosts host-pattern [host-pattern …] options] Deny-hosts host-pattern [host-pattern …] | Rules specify host and access permissions.Typically, a host rule will be in the form of: http-gw: deny-hosts unknownhttp-gw: hosts 192.33.112.* 192.94.214.* |
| -permit function -permit { function [function …] } | Only the specified functions are permitted. Other functions will be denied. If this option is not specified, then all functions are initially permitted. |
| -deny function -deny { function [function …] } | Specifies a list of Gopher/HTTP functions to deny. |
| -gopher server | Makes server the default server for this transaction. |
| -httpd server | Makes server the default HTTP server for this transaction. This will be used if the request came in through the HTTP protocol. |
| -filter function -filter { function [function …] } | Removes the specified functions when rewriting selectors and URLs. This rule does not stop the user from entering selectors that the client will execute locally but this rule can be used to remove them from retrieved documents. |
Several host patterns may follow the “hosts” keyword; the first optional parameter after these patterns begins with “-.” Optional parameters permit the selective enabling or disabling of logging information.
Some basic configuration rules are shown here to help you understand how the options for host rules are used:
http-gw: userid www # http-gw: directory /usr/local/secure/www http-gw: timeout 1800 http-gw: default-httpd www.fonorola.net http-gw: default-gopher gopher.fonorola.net http-gw: permit-hosts 206.116.65.*
The permit-hosts line establishes what hosts or networks are allowed to pass through the firewall using the proxy. To deny access to specific hosts or networks, use a line similar to:
http-gw: deny-hosts 206.116.65.2
| Previous | Table of Contents | Next |