Proxy Server

This web page has been accessed

times since 3/7/98.

Proxy Server

A server, that is typical located in the firewall, relays the requests from intranet to Internet.

It is a security mechanism to control external access from within.

It can also be used to cache and share data retrieve from the Web.
The use of proxy cache reduces the number of requests to Internet and speeds up the response time when it is a cache hit.
There is additional communication overhead when it is a cache miss.
The browser needs to be configured to send requests to the proxy server.
The uri in the http request need to replace with the whole url.
Certain mime.types are not cached, e.g., cgi scripts.

Proxy Cache

Design Considerations:

Cache Performance

Cache Size/Document Size
Cache Directory Structure
Garbage Collection

Ensure Consistency with Original data

Proxy Cache Configuration

CacheSize

Syntax: CacheSize <size>
Default: CacheSize 5
Context: server config, virtual host
Override: Not applicable
Status: Base
Module: mod_proxy
Compatibility: CacheSize is only available in Apache 1.1 and later.

Sets the desired space usage of the cache, in KB (1024-byte units). Although usage may grow above this setting, the garbage collection will delete files until the usage is at or below this setting.

CacheGcInterval

Syntax: CacheGcInterval <time>
Default: None
Context: server config, virtual host
Override: Not applicable
Status: Base
Module: mod_proxy
Compatibility: CacheGcinterval is only available in Apache 1.1 and later.

Check the cache every <time> hours, and delete files if the space usage is greater than that set by CacheSize.

CacheMaxExpire

Syntax: CacheMaxExpire <time>
Default: CacheMaxExpire 24
Context: server config, virtual host
Override: Not applicable
Status: Base
Module: mod_proxy
Compatibility: CacheMaxExpire is only available in Apache 1.1 and later.

Cachable HTTP documents will be retained for at most <time> hours without checking the origin server. Thus documents can be at most <time> hours out of date. This restriction is enforced even if an expiry date was supplied with the document.

CacheLastModifiedFactor

Syntax: CacheLastModifiedFactor <factor>
Default: CacheLastModifiedFactor 0.1
Context: server config, virtual host
Override: Not applicable
Status: Base
Module: mod_proxy
Compatibility: CacheLastModifiedFactor is only available in Apache 1.1 and later.

If the origin HTTP server did not supply an expiry date for the document, then estimate one using the formula

expiry-period = time-since-last-modification * <factor>

For example, if the document was last modified 10 hours ago, and <factor> is 0.1, then the expiry period will be set to 10*0.1 = 1 hour. If the expiry-period would be longer than that set by CacheMaxExpire, then the latter takes precedence.

CacheDirLevels

Syntax: CacheDirLevels <levels>
Default: CacheDirLevels 3
Context: server config, virtual host
Override: Not applicable
Status: Base
Module: mod_proxy
Compatibility: CacheDirLevels is only available in Apache 1.1 and later.

CacheDirLevels sets the number of levels of subdirectories in the cache. Cached data will be saved this many directory levels below CacheRoot.

CacheDirLength

Syntax: CacheDirLength <length>
Default: CacheDirLength 1
Context: server config, virtual host
Override: Not applicable
Status: Base
Module: mod_proxy
Compatibility: CacheDirLength is only available in Apache 1.1 and later.

CacheDirLength sets the number of characters in proxy cache subdirectory names.

CacheDefaultExpire

Syntax: CacheDefaultExpire <time>
Default: CacheDefaultExpire 1
Context: server config, virtual host
Override: Not applicable
Status: Base
Module: mod_proxy
Compatibility: CacheDefaultExpire is only available in Apache 1.1 and later.

If the document is fetched via a protocol that does not support expiry times, then use <time> hours as the expiry time. CacheMaxExpire does not override this setting.

NoCache

Syntax: NoCache <word/host/domain list>
Default: None
Context: server config, virtual host
Override: Not applicable
Status: Base
Module: mod_proxy
Compatibility: NoCache is only available in Apache 1.1 and later.

The NoCache directive specifies a list of words, hosts and/or domains, separated by spaces. HTTP and non-passworded FTP documents from matched words, hosts or domains are not cached by the proxy server. The proxy module will also attempt to determine IP addresses of list items which may be hostnames during startup, and cache them for match test as well. Example:

NoCache joes_garage.com some_host.co.uk bullwinkle.wotsamattau.edu

'bullwinkle.wotsamattau.edu' would also be matched if referenced by IP address.
Note that 'wotsamattau' would also be sufficient to match 'wotsamattau.edu'. Note also that

NoCache *

disables caching completely.

Browser Setup

On netscape navigator, select Edit/Preference, double click on Advanced, select proxy. The following dialog box should appear.

Select Manual proxy configuration and click View. The following dialog box appears.

Enter the proxy server name and port number it runs on. Click OK.

Example of An Apache Proxy Configuration

User webuser
Group webgroup
ServerName viva.uccs.edu
AccessConfig /dev/null
ResourceConfig /dev/null

Port 8000
ProxyRequests on
ProxyRemote http://www.fujitsu.com http://gandalf.uccs.edu:8000
CacheRoot /home/chow/site.proxy/cache
CacheSize 2000
TransferLog /home/chow/site.proxy/proxy/logs/access_log

Directives

ProxyRemote

Syntax: ProxyRemote <match> <remote-server>
Default: None
Context: server config, virtual host
Override: Not applicable
Status: Base
Module: mod_proxy (version 1.1) or modules/proxy (version 1.2)
Compatibility: ProxyRemote is only available in Apache 1.1 and later.

This defines remote proxies to this proxy. <match> is either the name of a URL-scheme that the remote server supports, or a partial URL for which the remote server should be used, or '*' to indicate the server should be contacted for all requests. <remote-server> is a partial URL for the remote server.

Syntax:

<remote-server> = <protocol>://<hostname>[:port]

<protocol> is the protocol that should be used to communicate with the remote server; only "http" is supported by this module.

Example:

ProxyRemote http://goodguys.com/ http://mirrorguys.com:8000
ProxyRemote * http://cleversite.com
ProxyRemote ftp http://ftpproxy.mydomain.com:8080

In the last example, the proxy will forward FTP requests, encapsulated as yet another HTTP proxy request, to another proxy which can handle them.

Caching

Caching provided by the proxy server saves the outgoing bandwidth of the intranet and the bandwidth of Internet. It also improve the access time.
CacheRoot directive specifies the directory for caching web pages
Make sure webuser have access to this directory. Use chgrp webgroup <cacheroot>.
The url are hashed using MD5 into a cache file name (22 characters). See the code attached.
The first few characters of the cache file names are then grouped into a directory structure to speed up the access.
User can specify how many directory levels (Directive CacheDirLevels default 3) and how many characters for the directory name at each level (Directive CacheDirLength default 1 with 64 possible directory names).

Proxy_hash() in proxy_utility.c

static const char table[64]=
"ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789_@";

    MD5Init(&context);
    MD5Update(&context, (const unsigned char *)it, strlen(it));
    MD5Final(digest, &context);

/* encode 128 bits as 22 characters, using a modified uuencoding */
/* the encoding is 3 bytes -> 4 characters
* i.e. 128 bits is 5 x 3 bytes + 1 byte -> 5 * 4 characters + 2 characters
*/
    for (i=0, k=0; i < 15; i += 3)
    {
        x = (digest[i] << 16) | (digest[i+1] << 8) | digest[i+2];
        tmp[k++] = table[x >> 18];
        tmp[k++] = table[(x >> 12) & 0x3f];
        tmp[k++] = table[(x >> 6) & 0x3f];
        tmp[k++] = table[x & 0x3f];
    }
    /* one byte left */
    x = digest[15];
    tmp[k++] = table[x >> 2]; /* use up 6 bits */
    tmp[k++] = table[(x << 4) & 0x3f];
    /* now split into directory levels */

    for(i=k=d=0 ; d < ndepth ; ++d)
        {
        strncpy(&val[i],&tmp[k],nlength);
        k+=nlength;
        val[i+nlength]='/';
        i+=nlength+1;
        }

Cache file content

Here is the content of the cache file /home/chow/site.proxy/proxy/cache/0/v/R/xTsauJr@F8SmgnYNGHQ
The first line contains the hexdecimal values of

date of the request (since 1970)
date document last modified
expiration date
version
and content length

3501C618 34D684E9 350317C2 00000000 00000246
X-URL: http://www.insight.com/web/graphics/checkout_default.gif
HTTP/1.0 200 OK
Date: Sat, 07 Mar 1998 22:11:36 GMT
Server: Stronghold/2.1.1 Apache/1.2.4
Last-Modified: Tue, 03 Feb 1998 02:46:01 GMT
ETag: "6b7-246-34d684e9"
Content-Length: 582
Accept-Ranges: bytes
Content-Type: image/gif

GIF89a\^@^T^@Õÿ^@ÿÿÿÌÌ~YËÊ~X·°~D ...

The first hexadecmical string, 3501C618, is equivalent to 889308696 seconds since 1970, 1,1. You can use hex2dec() in MS Excell spreadsheet to compute this. It is 10292.92 days and 28.20 years from 1970. That matches with the 07 Mar 1998 date.

The expiration date string, 350317C2, is equivalent to 10293.93 days and it is 1day after the date of reqeust.