Cisco Cisco Web Security Appliance S170 Guia Do Utilizador
6-5
Cisco IronPort AsyncOS 7.5.7 for Web User Guide
Chapter 6 Web Proxy Services
Configuring the Web Proxy
Step 5
Submit and commit your changes.
In-Use Connection
Timeout
Timeout
Enter how long the Web Proxy waits for more data from an idle client or
server when the current transaction has not been completed.
server when the current transaction has not been completed.
For example, if a client opens a connection and sends only half of the
request, the Web Proxy waits for the amount of time specified for the client
side reserve timeout for the rest of the request before closing the open
connection.
request, the Web Proxy waits for the amount of time specified for the client
side reserve timeout for the rest of the request before closing the open
connection.
•
Client side. The maximum number of seconds the Web Proxy keeps a
connection open with an idle client.
connection open with an idle client.
•
Server side. The maximum number of seconds the Web Proxy keeps
a connection open with an idle destination server.
a connection open with an idle destination server.
Default is 300 seconds for both client and server side reserve timeouts.
Simultaneous Persistent
Connections (Server
Maximum Number)
Connections (Server
Maximum Number)
Enter the maximum number of connections (sockets) the Web Proxy keeps
open with servers.
open with servers.
Generate Headers
•
X-Forwarded-For. Choose whether or not to forward HTTP
“X-Forwarded-For” headers. Default is Do Not Send.
Note: If the network contains an explicit forward upstream proxy that
manages user authentication or access control using proxy
authentication, you must enable the X-Forwarded-For header to send
the client host header to the upstream proxy.
“X-Forwarded-For” headers. Default is Do Not Send.
Note: If the network contains an explicit forward upstream proxy that
manages user authentication or access control using proxy
authentication, you must enable the X-Forwarded-For header to send
the client host header to the upstream proxy.
•
VIA. Choose whether or not to forward HTTP “VIA” headers in
HTTP requests from clients and HTTP responses from servers.
Default is Send.
HTTP requests from clients and HTTP responses from servers.
Default is Send.
Use Received Headers
Check the Enable Identification of Client IP Addresses using
X-Forwarded-For check box if the appliance has been deployed as an
upstream proxy and you want it to identify clients using the IP address
specified in the X-Forwarded-For header instead of the IP address from the
downstream proxy. You should only enable this option when the appliance
receives client requests from a trustworthy downstream proxy or load
balancer.
X-Forwarded-For check box if the appliance has been deployed as an
upstream proxy and you want it to identify clients using the IP address
specified in the X-Forwarded-For header instead of the IP address from the
downstream proxy. You should only enable this option when the appliance
receives client requests from a trustworthy downstream proxy or load
balancer.
When you enable this option, enter the IP address of a downstream proxy
or load balancer. You cannot enter subnets or hostnames. Click Add Row
to add more than one IP address. The Web Proxy will not accept the IP
address in a X-Forwarded-For header from a machine that is not included
in the list.
or load balancer. You cannot enter subnets or hostnames. Click Add Row
to add more than one IP address. The Web Proxy will not accept the IP
address in a X-Forwarded-For header from a machine that is not included
in the list.
Note
You can display the downstream IP address in the access logs using
the %XV custom format specifier, and in the W3C access logs
using the x-request-source-ip variable.
the %XV custom format specifier, and in the W3C access logs
using the x-request-source-ip variable.
Table 6-1
Web Proxy Settings (continued)
Property
Description