Table of Contents

I. OVERVIEW OF FIREWALLS AND PROXY SERVERS. 1. Firewall Overview. Terminology. Firewalls. Summary. 2. Overview of Proxy Servers. History of Web Proxy Servers. General Properties of Proxy Servers. Different Types of Proxy Servers. Generic Firewall Proxy Servers. Proxy Chaining. Departmental Proxy Servers. Personal Proxy Servers. Specialized Proxy Servers. Why Proxy Servers are Not Part of Web Servers? Dynamic Content. Summary. 3. Internal Server Architectures. Single-Process Serialized Server Architecture. Forking. Process Mob Architecture. Multithreaded, Single-Process Architecture. Multithreaded, Multiprocess Architecture. Single-Process, Asynchronous I/O Architecture. Mixed Asynchronous I/O with Threads Architecture. Summary. II. PROTOCOLS. 4. The HTTP Protocol. Overall Operation of HTTP. Design Goals of HTTP. HTTP/0.9. HTTP/1.0. The HTTP/1.1 Protocol. HTTP Persistent Connections (Keep-Alive). HTTP Authentication. Virtual Servers. META HTTP-EQUIV. Mime Media Types. HTTP Request Methods. HTTP Headers. HTTP Response Status Codes. Summary. 5. Cookies-The HTTP State Management Protocol. Overall Operation of Cookies. Common Uses of Cookies. Cookies vs. Proxy Cookies. Non-Static Route and Cookies with Encoded IP Address. Summary. 6. ICP-The Internet Cache Protocol. ICP Message Format. ICP Op Codes. ICP Option Flags. Multicast with ICP. Security Considerations. Summary. 7. Handling of Different Protocols by Proxies. Standard Port Numbers. HTTP. FTP. Gopher. News. SSL, HTTPS, and SNEWS. (SSL) Tunneling Protocol. WAIS. LDAP. IIOP. Telnet. Streaming Protocols Based on UDP. Summary. III. CACHING. 8. Caching. Advantages of Caching. Disadvantages of Caching. Conditional Requests. Guaranteeing Freshness of Cached Documents. Cache Hit Ratio. On-Demand Caching. On-Command Caching. Caching of Data Requiring Authentication. Caching Data from Local Hosts. Caching and SSL. Caching Queries. HTTP/1.1 Cache Control Terminology. HTTP/1.1 Cache Control. Summary. 9. Caching and Online Advertising. "Cache Busting". Alternatives for "Cache Busting". Copyright Violation by Cache. Summary. 10. Cache Architectures. Components of a Cache Architecture. Existing Cache Architectures. Summary. 11. Garbage Collection. The Idea of Garbage Collection. Cache Garbage Collection. Run-Time Cache Management. Summary. IV. FILTERING, MONITORING, AND ACCESS CONTROL. 12. Filtering. URL Filtering. Content Rating. Censorship on the Internet. Request Header Filtering. Request Content Filtering. Response Header Filtering. Response Content Filtering. Summary. 13. Access Control. Access Control By User Authentication. Access Control By Client Host Address. Summary. 14. Logging and Monitoring. Format of Access Log Files. Log Analyzers. Analyzing Proxy Logs. Determining the Peak Load. Monitoring. Summary. V. SECURITY. 15. Encryption and Authentication Security. Single Key Cryptography. Public Key Cryptography. Authentication with Public Key Cryptography. Message Digest (Hash) Algorithms. The MD5 Algorithm. Certificates. Summary. 16. Setup Security. Server User ID. File Ownerships and Permissions (UNIX). Common Security Holes in Server Software Itself. Access Control Based on Incoming IP Address. Reverse Proxy Security. Firewall Router Configuration. Information Revealed in HTTP Headers. Protocol Verification. Capturing Authentication Credentials. Securing the Logs. Passwords in FTP URLS. Java, JavaScript, and ActiveX Security. File Upload Security. Summary. VI. PERFORMANCE. 17. Performance. DNS Lookups. Protocol Performance. Cache Performance. Filtering. Summary. 18. Capacity Planning. Purposes Of The Proxy Server. Estimated Load. Average Transaction Time. Choosing the Proxy Hierarchy. Choosing the Hardware and Software. Disk Space. Cache Configuration. Summary. 19. Load Balancing. DNS Round-Robin-Based Load Balancing. Hash-Function-Based Proxy Selection. CARP-Cache Array Routing Protocol. ICP-Based Proxy Selection. Client Proxy Auto-Configuration in Load Balancing. Other Load Balancing Solutions. Summary. 20. Reverse Proxying. Uses of Reverse Proxy Servers. Components of a Reverse Proxy Setup. Secure Reverse Proxying. Dynamic Content and Reverse Proxying. Alternatives to Reverse Proxying. Summary. VII. DEPLOYMENT SCENARIOS. 21. Case Studies. Case Study 1: A Small Internet Software Company. Case Study 2: A Small Accounting Firm. Case Study 3: A Medium-sized Company. Case Study 4: A Large Corporation. Summary. 22. Trouble-Shooting. Debugging with Telnet. Packet Sniffing. Tracing System Calls. Tracing the Network Route. HTTP Tracing. Trouble-Shooting the Cache. Summary. VIII. APPENDICES. Appendix A. Proxy Auto-Configuration Support in Clients. Auto-Configuration File Mime Type. Setting Up an Auto-Configuration File. Predefined JavaScript Utility Functions for Proxy Auto-Configuration File. Example Proxy Auto-Configuration Scripts. Generating Proxy Auto-Configuration File from CGI. CARP In Proxy Auto-configuration. Summary. Appendix B. Wildcard Expressions. Regular Expression Syntax. Using Regular Expressions for URLS. Shell Expression Syntax. Summary. Appendix C. Terminology. References. Index.