Cisco Cisco Web Security Appliance S170 Guía Del Usuario
6-21
Cisco IronPort AsyncOS 7.5.7 for Web User Guide
Chapter 6 Web Proxy Services
Advanced Proxy Configuration
Advanced Proxy Configuration
AsyncOS includes the
advancedproxyconfig
CLI command so you can configure more advanced Web
Proxy configurations, such as authentication and DNS parameters.
The
advancedproxyconfig
command includes the following subcommands:
•
Authentication. Configure authentication parameters, such as the number of outstanding concurrent
Basic or NTLMSSP authentication requests to be authenticated by the authentication server and
whether or not to log the username that appears in the request URI. You can also use the
Basic or NTLMSSP authentication requests to be authenticated by the authentication server and
whether or not to log the username that appears in the request URI. You can also use the
authentication
subcommand to enable the user acknowledgment page. For more information
about the user acknowledgment page, see
For more information, see
•
Caching. Configure advanced Web Proxy caching options, such as:
–
Whether or not to ignore client requests to not retrieve content from the proxy cache
–
Whether or not to cache content from an untrusted server
You can configure the parameters separately by selecting “Customized Mode,” or you can choose a
predefined set of parameter values. You can choose the following modes:
predefined set of parameter values. You can choose the following modes:
–
Safe mode. This mode uses less caching. You might want to use safe mode if clients are
encountering web servers sending error responses with Last-Modified headers (so they get
cached), and these are transient whereby you do not want to cache the error responses. Or, you
might want to use safe mode if some web servers are not responding properly to
If-Modified-Since queries, and caching objects when no cache lifetime is specified is causing
incorrect cache hits.
encountering web servers sending error responses with Last-Modified headers (so they get
cached), and these are transient whereby you do not want to cache the error responses. Or, you
might want to use safe mode if some web servers are not responding properly to
If-Modified-Since queries, and caching objects when no cache lifetime is specified is causing
incorrect cache hits.
–
Optimized mode. This mode uses moderate caching. This is the default mode. Compared to
safe mode, in optimized mode the Web Proxy caches objects when no caching time is specified
when a Last-Modified header is present. The Web Proxy caches negative responses.
safe mode, in optimized mode the Web Proxy caches objects when no caching time is specified
when a Last-Modified header is present. The Web Proxy caches negative responses.
–
Aggressive mode. This mode uses aggressive caching. Compared to optimized mode, in
aggressive mode the Web Proxy caches authenticated content, ETag mismatches, and content
without a Last-Modified header. The Web Proxy ignores the no-cache parameter.
aggressive mode the Web Proxy caches authenticated content, ETag mismatches, and content
without a Last-Modified header. The Web Proxy ignores the no-cache parameter.
–
Customized mode. This mode allows you to configure each parameter individually.
Safe mode provides more strict adherence to the RFC with respect to caching. Optimized and
aggressive modes take some liberties with respect to RFC compliance in exchange for more caching
of data (where aggressive modes takes more liberties than optimized mode).
aggressive modes take some liberties with respect to RFC compliance in exchange for more caching
of data (where aggressive modes takes more liberties than optimized mode).
For more information, see
•
DNS. Configure DNS-related options, such as the time to cache results of DNS errors and whether
or not the Web Proxy should issue an HTTP 302 redirection on DNS lookup failure.
or not the Web Proxy should issue an HTTP 302 redirection on DNS lookup failure.
For more information, see
.
•
EUN. Configure the end-user notification page settings, such as whether to use the standard IronPort
end-user notification pages or use pages you customize. For more information on configuring the
end-user notification pages, see
end-user notification pages or use pages you customize. For more information on configuring the
end-user notification pages, see
.
For more information, see
•
NATIVEFTP. Configure the FTP Proxy settings, such as the port ranges to use for active and
passive mode and the type of authentication to use for explicit forward connections. Applies to
native FTP transactions only. For more information on configuring the FTP Proxy, see
passive mode and the type of authentication to use for explicit forward connections. Applies to
native FTP transactions only. For more information on configuring the FTP Proxy, see