Manualshelf

Installation guide

ManualsBrandsRed Hat ManualsComputer equipmentDIRECTORY SERVER 2.0 - GATEWAY
11121314151617181920
If the third-party proxy can send the X-Forwarded-For header but not the
X-Authenticated-User header, the following step is also required:
Deploy an XID agent to facilitate client identification by Websense Content
Gateway. For information about installing and deploying XID agents, see the
Websense Web Security/Websense Web Filter installation and deployment guides.
Websense Content Gateway can be configured to read authentication from the
following proxies in the downstream position:
For detailed configuration instructions for Blue Coat ProxySG and Microsoft ISA
server, see Appendix: Specific proxy chain configuration procedures.
Proxy cache hierarchy
Another form of proxy chain is a flexible proxy cache hierarchy, in which Internet
requests not fulfilled in one proxy can be routed to other regional proxies, taking
advantage of their contents and proximity. For example, a cache hierarchy can be
created as a small set of caches for a company department or a group of company
workers in a specific geographic area.
In a hierarchy of proxy servers, Websense Content Gateway can act either as a parent
or child cache, either to other Websense Content Gateway systems or to other caching
products. Having multiple parent caches in a cache hierarchy is an example of parent
failover, in which a parent cache can take over if another parent has stopped
communicating.
As mentioned earlier, the increasing prevalence of dynamic, user-generated Web
content reduces the need for Content Gateway caching capabilities.
See Websense Content Gateway Online Help (Hierarchical Caching) for more
information on this topic.
SSL chaining
Routing SSL traffic in a proxy chain involves the same parent proxy configuration
settings used with other proxy-chained traffic. You identify the ports on which HTTPS
requests should be decrypted and policy applied when SSL is enabled in the Protocols
> HTTP > HTTPS Ports option in the Configure tab. Parent proxy rules established
in parent.config for HTTPS traffic (destination port 443) determine the next proxy in
the chain for that traffic.
Enable the Configure tab Content Routing > Hierarchies > HTTPS Requests
Bypass Parent option to disable SSL traffic chaining when all other traffic is chained.
Blue Coat ProxySG 210 and larger
Microsoft Internet Security and
Acceleration (ISA) server
2004 and larger