This appendix provides a reference to the property sheets and dialog boxes displayed in Internet Service Manager for the Web Proxy service of Microsoft Proxy Server.
Opening the Administrative Interface for the Web Proxy Service
Web Proxy Service Properties
Web Proxy Permissions Properties
Web Proxy Caching Properties
Web Proxy Logging Properties
Web Proxy Filters Properties
From the servers desktop, click Start, select Programs, and then select the Microsoft Proxy Server program group.
Click Internet Service Manager.
The Microsoft Internet Service Manager window is displayed.
If necessary, connect to the server to be administered. From the Properties menu click Connect to Server and complete the dialog box that appears.
This step is unnecessary if you are administering the local server.
In the Microsoft Internet Service Manager window, click the server name next to the Web Proxy service.
The Web Proxy Service Properties window appears. It contains tabs labeled Service, Permissions, Caching, Logging, and Filters.
The following table summarizes each Web Proxy service property sheet.
Property | Description |
---|---|
Service | Use the Web Proxy Service property sheet to display the product ID, to add a comment about the server or the Web Proxy service, to edit the Local Address Table (LAT), and to view information about current connections. |
Permissions | Use the Web Proxy Permissions property sheet to determine which users or groups of users are allowed to access the Internet through the Web Proxy service on a server. Permissions are granted separately for each supported protocol. |
Caching | Use the Web Proxy Caching property sheet to enable or disable caching of Internet objects, and to configure cache parameters. |
Logging | Use the Web Proxy Logging property sheet to set the logging options for the Web Proxy service. Microsoft Proxy Server can log information about all Internet requests made by clients. It can log to a text file or to a table in an ODBC-compliant database (such as Microsoft Access or Microsoft SQL Server). |
Filters | Use the Web Proxy Filters property sheet to allow or prevent client access to specific Internet sites. The filtering set here is common to both services. It applies to all users who access the Internet using the Web Proxy or WinSock Proxy services on the server. |
Web Proxy service Property Sheet
User Sessions Dialog Box
Local Address Table Configuration Dialog Box
Construct Local Address Table Dialog Box
Use the Web Proxy Service property sheet to display the product ID, to add a comment about the server or the Web Proxy service, and to view information about current connections.
By default, the Service tab should be selected.
The Web Proxy Service property sheet has the following elements:
The product identification number is provided on the Certificate of Authenticity included with each copy of Microsoft Proxy Server. During installation it must be typed into a dialog box of the Setup program.
Comment To add or change a comment, in the Comment box type a remark about the server or the Web Proxy service. When Internet Service Manager is set to display Report view, the text entered here will appear in the Comment column, next to the Web Proxy service for this server.
Select the Enable Internet Publishing check box to allow this server to use Microsoft Internet Information Server to publish to computers on the Internet.
Note Select this check box only if you understand the security implications. For information see Appendix G, IIS Considerations.
Current Sessions Click this button to display the Web Proxy Service User Sessions dialog box, which displays the user name of all users who have recently sent Internet requests to the Microsoft Proxy Server, the time at which each connection was established, and the elapsed time since each connection was established.
Edit
Local Address Table (LAT) Click the Edit
Local Address Table (LAT) button to modify the
Local Address Table on the server. This table defines the
IP addresses of your network, and excludes external
(Internet) addresses.
Use the User Sessions dialog box to view the user name of all users who have recently sent Internet requests to the server, the time at which each connection was established, and the elapsed time since each connection was established.
Use the Local Address Table Configuration dialog box to create a list of the IP addresses that constitute your private network. The information you provide is used to create a table, called the Local Address Table (LAT), that defines your private network.
It is used to determine whether an IP address is on the private network, or is external. If the address is internal, the client connection is made directly. If the address is external, the connection is made remotely, through Microsoft Proxy Server.
The Local Address Table Configuration dialog box has the following elements:
Edit Use the boxes under Edit to enter a pair of IP addresses to be added to the Internal IP Ranges list. You can add a single IP address by typing the same address in both boxes, or a range of IP addresses by typing the first IP address of the range in the From box, and the last IP address of the range in the To box.
If you are adding a single IP address, enter it here.
If you are adding a range of IP addresses, enter the first IP address of the range.
If you are adding a single IP address, enter the same address that was entered in the From box.
If you are adding a range of IP addresses, enter the last IP address of the range.
Add Use the Add button to move pairs of IP addresses from the From and To boxes to the Internal IP Ranges list. To add a range of IP addresses to the list, under Edit type a pair of addresses in the From and To boxes, and then click Add. To add a single IP address to the list, under Edit type the same address in both the From and To boxes, and then click Add.
Remove Use the Remove button to delete pairs of IP addresses from the Internal IP Ranges list. To remove an IP address or address pair from the list, select it from the Internal IP Ranges box, and then click Remove.
Internal IP Ranges Each IP address pair in the Internal IP Ranges list identifies a range of addresses that are part of your private network. Addresses can be added to the list by clicking the Construct Table button, or by entering IP address pairs in the From and To boxes and then clicking Add.
Note Each IP address pair identifies either a range of addresses, or a single IP address. The second entry is not a subnet mask.
Construct Table To generate the list of IP address pairs from internal routing tables used by Windows NT Server, click Construct Table and complete the Construct Local Address Table dialog box that appears.
Use the Construct Local Address Table dialog box to determine which IP addresses will be added to the Local Address Table (LAT).
The Construct Local Address Table dialog box has the following elements:
Add the private ranges To add to the LAT three ranges of IP addresses defined by IANA as private address ranges that can be used in a private IP network that is not connected to the Internet, select the Add the private ranges check box.
Load from NT Internal Routing Table Click this option to load IP addresses accessible through some or all of the servers network adapter cards.
Load known address ranges from all IP interface cards If you do not know which of the servers cards are connected to the private network and which are connected to the Internet, select this option. IP addresses accessible through any of the servers network adapter cards will be added to the LAT.
However, if you choose this option, after you complete the Construct Local Address Table dialog box and return to the Local Address Table Configuration dialog box you will need to review the generated list of IP ranges. Use the edit controls in the Local Address Table Configuration dialog box to remove any IP address pairs that define external (Internet) addresses. Also add any needed IP address pairs until all addresses of your internal network are defined.
Load known address ranges from the following IP interface cards If you know which of the servers network adapter cards are connected to the private network and which are connected to the Internet, select this option.
Then, in the list of network adapter cards, select the check box for each of the internally connected cards, and clear the check box for each of the externally connected cards.
Network Adapter Cards The servers network adapter cards are listed below the Load known address ranges from the following IP interface cards option.
If a network
adapter card is connected to the private network, select
its check box. The IP addresses accessible through that
card will be added to the Local Address Table (LAT). If a
network adapter card is connected to the Internet, clear
its check box. The IP addresses accessible through that
card will be excluded from the LAT.
Web Proxy Permissions Property Sheet
Web Proxy Add Users and Groups Dialog Box
Use the Web Proxy Permissions property sheet to determine which users or groups of users are allowed to access the Internet through the Web Proxy service on a server. Permissions are granted separately for each protocol.
The Permissions property sheet has the following elements:
Enable Access Control When the Enable Access Control check box is selected, Web Proxy service security is enabled. When this check box is cleared, the Web Proxy service will not attempt to validate connections from clients.
Note The authentication options used by the Web Proxy service (anonymous, basic, and Windows NT Challenge/Response) are set in the WWW service of Internet Information Server.
Protocol This drop-down list box lists the Internet protocols available to users of the Web Proxy service on this server. To permit a user to use a protocol, select that protocol from the Protocol box, click Add, and complete the dialog box that appears.
Grant Access To For the protocol selected in the Protocol box, the Grant Access To box lists the users and groups permitted to use that protocol on this server.
Add To assign a user or group the right to use a protocol on this server, select the protocol from the Protocol box, click Add, and complete the Add Users and Groups dialog box that appears.
Remove To remove a user or group from the list of those granted the right to use a protocol on this server, select the protocol from the Services box, select the user or group from the list under the Protocol box, and choose Remove.
The available protocols are:
FTP Read File Transfer Protocol. Use this protocol to download files through your browser.
Gopher Access through your browser to links and files on Gopher servers.
WWW HTTP and HTTPS protocols for the World Wide Web. Use WWW for browser access to the Web.
Secure Allows
various Secure Socket Layer (SSL) connections. By default
this includes SNEWS, but other protocols can be
configured by editing the Windows NT registry.
Use the Add Users and Groups dialog box to grant access to the selected protocol to a user or to a group. You can grant access to users and groups from this server, from the local domain, and from trusted domains.
Tip It is a good idea to use User Manager for Domains to create a user group containing the user accounts of all users who need access to WWW, FTP, or Gopher. Then, for each protocol, you only have to apply permissions once for the entire group, rather than for each individual member. For more information about user groups and about User Manager for Domains, see your documentation for Windows NT.
The Add Users and Groups dialog box has the following elements:
List Names From Select a computer or domain. The groups of that domain will be listed in the Names box.
Names Lists the groups of the selected computer or domain. If Show Users has been clicked, also lists user accounts.
Local groups (as distinct from global groups) are a special case. When an asterisk (*) appears next to a domain or computer name in the List Names From box, it indicates that the local groups of that domain or computer can be listed in Names. When the asterisk is absent, it indicates that local groups cannot be listed.
Add After selecting users or groups in Names, click Add to move the names to the Add Names list.
Show Users By default, only groups are listed in Names. Select Show Users to also display user accounts in Names.
Members To view the members of a listed group, select the group in Names and then click Members. The Group Membership dialog box will appear.
Search To search for a particular user or group, click Search and complete the Find Account dialog box that appears.
Add Names When you click OK, the list of users and groups in Add Names is added to the list in the Permissions property sheet. You choose which users or groups to add to this list. You add users and groups to the Add Names list by typing the account names (separated by colons); by selecting the names from the Names list and clicking Add; by clicking Search and completing the Find Account dialog box; or by selecting a group from Names, clicking Members, and completing the Group Membership dialog box.
Web Proxy Caching Property Sheet
Microsoft Proxy Server Cache Drives Dialog Box
Advanced Cache Policy Dialog Box
Cache Filter Properties Dialog Box
Use the Web Proxy Caching property sheet to enable or disable caching of Internet objects, and to configure cache parameters.
In this property sheet you can set the location and size of the disk cache. The disk cache stores a copy of each object that a client requests from the Internet in an area of the hard disk called the cache. When a second request is made for the same object, Microsoft Proxy Server fulfills the request with the copy of the object in the cache.
The cache can operate in either a passive or an active mode. In the passive mode, it copies each object requested from the Internet to the hard disk of the computer running Microsoft Proxy Server. In the active mode, it updates objects in the cache periodically. You can specify how often to update the cache.
Using an object from the cache:
The Web Proxy Caching property sheet has the following elements:
Enable Caching Select this option to cache Internet objects to disk. Clear this option to disable caching.
Cache Expiration Policy Use this slider to set the freshness of objects in the cache. Freshness is a measure of how long a local copy of an object in the cache is used in place of the remote object from the original Web site.
Move the slider bar toward Always Request Updates to maintain the freshest cache data and increase the amount of Internet traffic that the server generates. Move the slider toward Fewest Internet Requests to allow objects in the cache to be used for the maximum Time-To-Live (TTL), which reduces Internet traffic. TTL is the time in seconds that an object remains in the cache before reaches its expiration date. At that time, the object will no longer be used in place of the original object on an Internet site (in the case of passive caching) or be updated by Microsoft Proxy Server (in the case of active caching). To generate the least number of Internet requests, move the slider all the way to the right (to Fewest Internet Requests).
Enable Active Caching If this check box is selected, active caching is enabled. If it is cleared, active caching is disabled and only passive caching is performed.
Active caching uses the cache to proactively ensure the freshness and availability of certain HTTP data. The cache manager creates its own request for an object, without client prompting, when the TTL has expired or is near expiration. Web objects are subject to active caching on the basis of their popularity relative to their rate of change. Additionally, the active caching algorithm incorporates calculations of current server load in order to process requests to the Internet during periods of low usage.
Active Caching Policy Use this slider bar to specify how frequently objects in the cache are updated. Set the slider bar toward Most client cache hits to update the cache frequently. Set the slider bar toward Fewest Internet Requests to minimize the number of times Microsoft Proxy Server makes requests to Internet sites to update objects in the cache.
Total Cache Displays the total space allocated for the cache in the Total Available Cache field. To change this allocation, click Change Cache Size and complete the dialog box that appears.
Change Cache Size To change the disk drives and the amount of disk space allocated to the cache, click Change Cache Size and complete the Microsoft Proxy Server Cache Drives dialog box that appears.
Reset Defaults Returns the Cache Expiration Policy and Active Caching Policy to their default (centered) settings.
Note If the Cache Expiration Policy and Active Caching Policy sliders are grayed, choosing Reset Defaults will reset them to active and will also reapply the default settings. (These sliders are grayed if the parameters have been set by editing the Windows NT registry.)
Advanced Click Advanced to display the Advanced Cache Options dialog box and:
Use the Microsoft Proxy Server Cache Drives dialog box to specify the disk drives that will be used for caching, and the amount of space on each drive that will be allocated to caching.
The disk cache should always be located on one or more hard drives installed on the computer running Microsoft Proxy Server. (You cannot use network drives to store cached data.) You should choose hard disks of sufficient size, and make the cache as large as possible. Using multiple drives is a good idea, because breaking a very large cache into several smaller caches can sometimes speed access to objects. To help prevent a from disk filling up, it is a good idea to store the logs and the cache on different volumes.
When configuring the cache drives you must, at a minimum, allocate at least one drive and 5 MB for caching. However, the recommended minimum allocation is higher. It is suggested you allocate at least 100 MB plus 0.5 MB for each Web Proxy service client (and round up to the nearest full megabyte). For example, if a server will be servicing 79 Web Proxy service clients, it is recommended you allocate 140 MB or more to the cache. For each server the optimal cache allocation will vary depending on load and configuration, but in general, increasing the disk space allocation benefits the cache.
Allocate space from a drive to the cache in increments of 5 MB. If you assign a number to the cache that cannot be evenly divided by 5, the allocation is rounded down to the next lowest 5-MB increment. For example, if you assign 194 MB to the drive C:, 190 MB is actually allocated from that drive to the cache.
The Microsoft Proxy Server Cache Drives dialog box has the following elements:
Drive column This column displays all the local drives installed on the server, identified by drive letter.
File System column This column displays the file system (such as NTFS or FAT) of each drive. It is strongly recommended that you use only NTFS volumes for caching. Also, do not assign a read-only drive (for example, a CD-ROM drive) to the cache.
Maximum Size (MB) column If a drive is configured to cache, the amount of allocated space is shown in this column. If a drive is not configured to cache, this column is empty.
To change this setting, select the drive from the list, enter the new value in the Maximum Size (MB) box, and click Set.
Drive The drive letter and file system type of the selected drive. The cache setting for this drive can be changed by using the Maximum Size (MB) box and the Set button.
Space Available (MB) The total amount of free space on the selected drive.
Maximum Size (MB) box Specify the maximum amount of disk space, in megabytes, that will be allocated from the selected drive to the cache.
To set a drive to cache, select it from the Drive list, enter a value in this box, and click Set. To remove a drive from the list of those that cache, select it from the list, enter 0 in this box, and click Set.
When you modify an existing cache drive:
Set Click Set to save the value entered in the Maximum Size (MB) box. The saved value will be displayed in the Drive list, in the Maximum Size (MB) column.
Total
Maximum Size for All Drives (MB) Displays
the total disk space, in megabytes, allocated to the
cache. This is the sum of all entries in the Maximum
Size (MB) column.
Use the Advanced Cache Policy dialog box to:
The Advanced Cache Policy dialog box has the following elements:
Limit Size of Cached Objects to If this check box is cleared, there is no limit to the size of a cached object. If this check box is selected, objects larger than the size specified in the adjacent box will not be cached.
By default, this box is cleared and there is no limit to the size of a cached object.
KB Specifies the maximum allowed size of a cached object. To limit the size of cached objects, select the Limit Size of Cached Objects to check box and type a value (in kilobytes) in this box. Objects larger than the entered size will not be cached.
0 is not a valid value. If you enter 0 (or if you do not enter any value in this box), when you click OK to exit this dialog box the Limit Size of Cached Objects to check box will be cleared.
Return expired objects when site is unavailable To specify that cached objects will be sent to the client when the object is in the cache and the Internet server is unavailable, select this check box. Objects in the cache will be used even if they are expired. If you clear this option, when the Internet server is unavailable and the object in the cache is expired, the cached object will not be returned to the client. By default, this option is selected.
Cache Filters This list contains the currently configured cache filters.
URL The URL column displays the URL that will be filtered.
Status In the Status column an entry of Cached indicates that objects from that URL will always be cached (subject to other caching rules), and Not Cached indicates that objects from that URL will never be cached.
The Status property of a filter is useful, for example, if you want to specify a wildcard filter to deny caching of all Internet objects from a site, and then create another filter to re-enable caching of objects from a particular sub-tree of the site.
Add To add an item to the Cache Filters list, click Add and complete the Cache Filters Properties dialog box that appears.
Edit To alter a listed item, select it from the Cache Filters list, click Edit, and complete the Cache Filters Properties dialog box that appears.
Remove To
remove an item from the Cache Filters
list, select the item and click Remove.
Use the Cache Filter Properties dialog box to specify a URL whose objects will not be cached. Or, use this dialog to specify a URL whose objects will be cached regardless of other filters. (You will usually do this when you have already specified a wildcard filter to deny caching of all Internet objects from a site, and want to re-enable caching of objects from a particular sub-tree of the site.)
Or
From the Advanced Cache Policy dialog box, select an URL from the Cache Filters list and click Edit.
The Cache Filter Properties dialog box has the following elements:
URL In the URL box, type a URL whose objects will never be cached or will always be cached (subject to other caching rules). Type the URL using one of the following formats. Note the use of the asterisk (*) wildcard character.
For example, www.microsoft.com/intdev specifies only the intdev page.
For example, www.microsoft.com/indev* specifies the indev page and all pages below.
For example, *.mydomain.com/beta specifies www.mydomain.com/beta, ftp.mydomain.com/beta, gopher.mydomain.com/beta, and so on.
For example, *.mydomain.com/* specifies all pages in mydomain.com.
Always cache Select this option to always cache Internet objects returned from the URL entered in the URL box.
Use this option when you have already specified a wildcard filter to deny caching of all Internet objects from a site, and want to re-enable caching of objects from a particular sub-tree of the site.
Never cache Select this option to prevent caching of Internet objects returned from the URL entered in the URL box.
This is the default option for a URL entered in the URL box.
Use the Web Proxy Logging property sheet to set the logging options for the Web Proxy service. Microsoft Proxy Server can log information about all Internet requests made by clients. It can log to a text file or to a table in an ODBC-compliant database (such as Microsoft Access or Microsoft SQL Server).
The Web Proxy Logging property sheet has the following elements:
Enable Logging Select Enable Logging to log Internet accesses to a text file, or to a table in a SQL or ODBC-compliant database.
Regular Logging Records only a subset of all available information for each Internet access. This option reduces the disk space needed for a log file.
Verbose Logging Records all available information for each Internet access.
Log To File Saves log information to a text file. This text file can be viewed with a text editor, such as Notepad.
Automatically open new log file When selected, periodically begins a new Web Proxy log file, using the interval specified by the Daily, Weekly, Monthly, or When File Size Reaches options. When a new log file is started, the old log file is closed (and can optionally be archived on other storage media).
When cleared, the same Web Proxy log file is used continuously.
Daily, Weekly, or Monthly Selecting one of these options specifies that a new log file should be started at daily, weekly, or monthly intervals.
When file size reaches Starts a new file each time the log file reaches the specified size. The log file will be closed when it reaches this size. Closed log files can then be stored on disk or other media.
MB The value in this box determines the file size that, when reached in the current log files, causes a new log file to be started. To change this value, type a number or click the arrows.
Log file directory
Displays the path where Web Proxy log files are written and stored. To change this location, type a new path. Although it is possible to write a log file to another computer on your network, it is recommended that you write your Web Proxy log file to the local hard disk of the computer running Microsoft Proxy Server. To help prevent the disk filling up, it is a good idea to store the logs and the cache on different volumes.
The default is to place Web Proxy service text file logs under the following path:
C:\Winnt\System32\W3plogs
Browse If you want to change the Log file directory but are not sure of the new path, you can click Browse and complete the Select Directory dialog box.
Log file name Microsoft Proxy Server generates the Web Proxy log file name for you. When a new Web Proxy log file is opened daily the file name takes the format W3yymmdd.log, where yy is a number representing the year, mm is a number representing the month, and dd is a number representing the day of the month. For weekly logs the format is W3Wyymmw.log, where w is a number between 1 and 5. For monthly logs, the format is W3Myymm.log.
When the Automatically open new log option is selected and a new Web Proxy log file is opened each time the log file reaches a specified size, the file name takes the format W3Bnnnn.log, where nnnn is a number that increments with each new log. For example, W3B0007.log.
Log to SQL/ODBC Database Choose this option to write all Internet accesses to a table in an SQL or ODBC-compliant database. Writing log data to a database is slower than writing to a text file, but data querying and reporting are enhanced by using an SQL or ODBC-compliant database (such as Microsoft SQL Server or Microsoft Access).
Log files are stored in one table. Each Internet transaction generates one record in the table. The database can exist on the computer running Microsoft Proxy Server or on another computer on your private network.
ODBC data source name (DSN) Type the ODBC Data Source Name (DSN) for the database that the Web Proxy service will be logging to.
Table Type the name of a table in the database. Microsoft Proxy Server will log Web Proxy service information to this table.
User Name Type a valid user name for the database table.
Password If the table is password protected, type the password.
Web Proxy Filters Property Sheet
Web Proxy Deny or Grant Access To Dialog Box
Use the Web Proxy Filters property sheet to allow or prevent client access to specific Internet sites. The filtering set here is common to both services. It applies to all users who access the Internet by using the Web Proxy or WinSock Proxy services on this server.
The Web Proxy Filters property sheet has the following elements:
Enable Filtering Select this option to implement access filtering, which controls client access to Internet sites. You can use access filtering to prohibit access to specified sites or to allow access to only the sites specified. The filtering applies to all users who access the Internet through this server.
Granted When this option is selected, users who access the Internet through this server are granted access to all Internet sites, except for those that are listed. (Access is denied only for the listed sites.)
Denied When this option is selected, users who access the Internet through the this server are denied access to all Internet sites, except for those that are listed. (Access is granted only for the listed sites.)
Except to those listed below The list displays the exceptions to the selected option (Granted or Denied). To change the list, use the Add, Edit, or Remove buttons.
Add To add an item to the list of exceptions, choose Add and complete the dialog box that appears.
Edit To alter a listed item, select it, choose Edit, and complete the dialog box that appears.
Remove To
remove an item from the list of exceptions, select the
item and click Remove.
If the Granted option in the Filters property sheet is selected, use the Deny Access To dialog box to specify an Internet site that all users of this server will not be allowed to access. If the Denied option in the Filters property sheet is selected, use the Grant Access To dialog box to specify an Internet site that all users of this server will be allowed to access.
Or
From the Web Proxy Filters property sheet, select an item from the Except to those listed below list and click Edit.
The Web Proxy Deny Access To or Grant Access To dialog box has the following elements:
Single Computer Select this option to grant or deny access to a single computer. If you select this option, you must also enter the computers IP address.
Group of Computers Select this option to grant or deny access to a group of computers. If you select this option you must enter an IP address and a subnet mask.
Domain Select this option to grant or deny access to a domain or to multiple sites with similar domain names. If you select this option, you must enter a domain name in the Domain Name box.
IP Address If you have selected Single Computer or Group of Computers, enter the appropriate IP address in this box.
Subnet Mask If you selected the Group of Computers option, enter the appropriate subnet mask in this box.
Domain If you selected the Domain option, enter the domain name in this box. You can include a path within the domain.
© 1996 by Microsoft Corporation. All rights reserved.