HP Cache Server Appliance Administrator Guide

ManualsBrandsHP ManualsServerHP Web Cache Server Appliance sa2100

101

102

103

104

105

106

107

108

109

110

Chapter 11 Security Options

To set SOCKS options manually:

1. Telnet into the HP web cache appliance and select Shell Access as described in Overview of Access

Methods‚ on page 7.

2. Open the

records.config file located in Traffic Server’s config directory with Vi.

3. Edit the following variables:

4. Save and close the

records.config file.

5. Open the

socks.config file located in Traffic Server’s config directory with Vi.

6. Enter a line in the file specifying the IP addresses or IP address range of the origin servers that you want

Traffic Server to access directly. Use the following format

no_socks IPaddresses or IPaddress range

where IPaddresses or IPaddress range is a comma separated list of the IP addresses or IP address

ranges associated with the origin servers you want Traffic Server to access directly.

7. Save and close the

socks.config file.

8. Run the command

traffic_line -x to apply the configuration changes.

Configuring DNS server selection (split DNS)

You can configure Traffic Server to use multiple DNS servers depending on your security requirements. For

example, you can configure Traffic Server to look to one set of DNS servers to resolve hostnames on your

internal network, while allowing DNS servers outside of the firewall to resolve hosts on the internet. This

maintains the security of your intranet, while continuing to provide direct access to sites outside your

organization.

You specify the rules for performing DNS server selection (also called split DNS)inthe

splitdns.config

file. Traffic Server enables you to specify this selection based on the destination domain, the destination host,

or a URL regular expression.

To configure DNS server selection:

1. Telnet into the HP web cache appliance and select Shell Access as described in Overview of Access

Methods‚ on page 7.

2. Open the

records.config file located in Traffic Server’s config directory with Vi.

3. Edit the following variable:

4. Save and close the

records.config file.

5. Open the

splitdns.config file located in Traffic Server’s config directory with Vi.

Variable Description

proxy.config.socks.socks_needed Set this variable to 1 to enable SOCKS.

proxy.config.socks.socks_server_ip_str Specify the IP address of the SOCKS server.

proxy.config.socks.socks_server_port Specify the port used to communicate with the SOCKS

server.

proxy.config.socks.socks_timeout Specify the number of seconds the Traffic Server must wait

for the SOCKS server to respond before dropping the

connection.

Variable Description

proxy.process.dns.splitDNS.enabled Set this variable to 1 to enable split DNS.