Search okapi website
Subscribe to newsletter
HTTP Proxy Server |
|
Introduction
Http Proxy Server acts as a web cache. It listens to client requests and fetches the internet resource on behalf of the client. It can be configured to be a pass-all or pass-none cache. It can also be configured to act as a web filter by creating acl rules.
Network Diagram 
Let us first setup a pass-all web cache (refer to the Network Diagram above) which does nothing except listening to the client requests and caching the fetched responses. The server can listen on 10.20.50.248 on port 3200.
Configuration
Okapi(config)# service httpProxy If the following command is issued without defining any acls, the server does not respond to any client requests and all the traffic is redirected to the redirect-url i.e., http://www.kritikalsolutions.com in this case.
Now to configure the server to act as a url-filter, so that the clients in the network 10.20.55.* should not be able to access any audio-video sites, the domain orkut.com and the urls containing pattern cgi-bin between 10:00am to 6:00pm on weekdays. First, the listen-address and the redirect-url to the server is provided.
Then, the source group is defined, say srcgrp1, containing all the ips in the network 10.20.55.*. Make sure that the name of an existing source group is not repeated for any new source-group (same applies to the destination group as well as the time groups).
Next step is to define the destination group. Note: 'audio-video' is a blacklist category (available with installation package that comes with Okapi) and hence does not need to be defined. However, the domain name and url pattern need to be defined as a destination group, say dstgrp1.
On similar pattern the time-group with the name timegrp1 is created. To specify weekdays we tell the server to configure the group for the first five days of the week i.e., from monday to friday by giving the number sequence '1 2 3 4 5'.
Now, we tell the server that access from srcgrp1 should be blocked to dstgrp1 and audio-video category during timegrp1.
After the Okapi router is correctly configured , the HTTP Proxy server becomes functional and is ready to listen to incoming client requests.
To test the server, configure a browser to point to the proxy server at 10.20.50.248:3200. On Mozilla Firefox: Go to Edit->Preferences->Advanced->Network->Connection->Settings and select 'Manul proxy configuration'. Fill in the server address 10.20.50.248 in the text box 'HTTP Proxy' and port 3200 int the text box 'Port'. Check the box saying 'Use this proxy server for all protocols'. Now try to access any internet resource. For instance: a client with ip 10.20.55.32 trying to visit http://www.youtube.com at 2:00pm in the noon gets redirected to http://www.kritikalsolutions.com
In order to use this proxy server for the traffic coming on default HTTP port(i.e. port 80) through the Okapi gateway, rather than port 3200, we just need to port map the traffic from port 80 to the port 3200. Okapi(config)# ip port-map 80 port tcp 3200 This will result in the traffic from port 80 to be directed through the proxy server.
|