This appendix provides a reference to the property sheets and dialog boxes displayed in Internet Service Manager for the WinSock Proxy service of Microsoft Proxy Server.
Opening the Administrative Interface for the WinSock Proxy Service
WinSock Proxy Service Properties
WinSock Proxy Protocols Properties
WinSock Proxy Permissions Properties
WinSock Proxy Logging Properties
WinSock Proxy Filters Properties
Opening the Administrative Interface for
the WinSock Proxy ServiceFrom the server’s desktop, click Start, select Programs, and then select the Microsoft Proxy Server program group.
Click Internet Service Manager.
The Microsoft Internet Service Manager window is displayed
If necessary, connect to the server to be administered. From the Properties menu click Connect to Server and complete the dialog box that appears.
This step is unnecessary if you are administering the local server.
In the Microsoft Internet Service Manager window, click the server name next to the WinSock Proxy service.
The WinSock Proxy Service Properties window appears. It contains tabs labeled Service, Protocols, Permissions, Logging, and Filters.
The following table summarizes each WinSock Proxy service property tab.
| Property | Description |
|---|---|
| Service | Use the WinSock Proxy Service property sheet to display the product ID, to add a comment about the server or the WinSock Proxy service, and to edit the Local Address Table (LAT). |
| Protocols | Use the WinSock Proxy Protocols property sheet to determine which Windows Sockets applications can be used to access the Internet through the WinSock Proxy service on this server, and for each protocol configuration, which ports can be used for outbound and inbound connections. |
| Permissions | Use the WinSock Proxy Permissions property sheet to determine which users or groups of users can access the Internet by using a particular protocol configuration through the WinSock Proxy service on this server. Permissions are granted separately for each protocol configuration. |
| Logging | Use the WinSock Proxy Logging property sheet to set the logging options for the WinSock Proxy service. Microsoft Proxy Server can log information about all Internet requests made by clients. It can log to a text file or to a table in an ODBC-compliant database (such as Microsoft Access or Microsoft SQL Server). |
| Filters | Use the WinSock Proxy Filters property sheet to grant or deny client access to Internet sites. The filtering set here is common to both services. It applies to all users who access the Internet using the Web Proxy or WinSock Proxy services on a server. |
WinSock Proxy Service PropertiesWinSock Proxy Service Property Sheet
Local Address Table Configuration Dialog Box
Construct Local Address Table Dialog Box
WinSock Proxy Service Property SheetUse the WinSock Proxy Service property sheet to display the product ID, to add a comment about the server or the WinSock Proxy service, and to edit the Local Address Table (LAT).
By default, the Service tab should be selected.
The WinSock Proxy Service property sheet has the following elements:
Product ID This is the product identification number (product ID) for this copy of Microsoft Proxy Server.
The product identification number is provided on the Certificate of Authenticity included with each copy of Microsoft Proxy Server. During installation it must be typed into a dialog box of the Setup program.
Comment To add or change a comment, in the Comment box type a remark about the server or the WinSock Proxy service. When Internet Service Manager is set to display Report view, the text entered here will appear in the Comments column, next to the WinSock Proxy service for this server.
Edit
Local Address Table (LAT) Click the Edit
Local Address Table (LAT) button to modify the
Local Address Table on the server. This table defines the
IP addresses of your network, and is used by WinSock
Proxy clients to determine whether Windows Sockets
connections should be established directly with a server
on the private network, or should be redirected to the
Internet through the WinSock Proxy service on the server.
Local Address Table Configuration Dialog
BoxUse the Local Address Table Configuration dialog box to create a list of the IP addresses that constitute your private network. The information you provide is used to create a table, called the Local Address Table (LAT), that defines your private network.
Each time a Windows Sockets application on a client attempts to establish a connection to an IP address, the LAT is used to determine whether the IP address is on the private network, or is external. If the address is internal, the connection is made directly. If the address is external, the connection is made remotely, through the WinSock Proxy service of Microsoft Proxy Server.
The Local Address Table Configuration dialog box has the following elements:
Edit Use the boxes under Edit to enter a pair of IP addresses to be added to the Internal IP Ranges list. You can add a single IP address by typing the same address in both boxes, or a range of IP addresses by typing the first IP address of the range in the From box, and the last IP address of the range in the To box.
From Use the From box to enter the first address of a pair of IP addresses to be added to the Internal IP Ranges list.
If you are adding a single IP address, enter it here.
If you are adding a range of IP addresses, enter the first IP address of the range.
To Use the To box to enter the second address of a pair of IP addresses to be added to the Internal IP Ranges list.
If you are adding a single IP address, enter the same address that was entered in the From box.
If you are adding a range of IP addresses, enter the last IP address of the range.
Add Use the Add button to move pairs of IP addresses from the From and To boxes to the Internal IP Ranges list. To add a range of IP addresses to the list, under Edit type a pair of addresses in the From and To boxes, and then click Add. To add a single IP address to the list, under Edit type the same address in both the From and To boxes, and then click Add.
Remove Use the Remove button to delete pairs of IP addresses from the Internal IP Ranges list. To remove an IP address or address pair from the list, select it from the Internal IP Ranges box, and then click Remove.
Internal IP Ranges Each IP address pair in the Internal IP Ranges list identifies a range of addresses that are part of your private network. Addresses can be added to the list by clicking the Construct Table button, or by typing IP address pairs in the From and To boxes and then clicking Add.
Note Each IP address pair identifies either a range of addresses, or a single IP address. The second entry is not a subnet mask.
Construct
Table To generate the list of
IP address pairs from internal routing tables used by
Windows NT Server, click Construct Table
and complete the Construct Local Address Table
dialog box that appears.
Construct Local Address Table Dialog BoxUse the Construct Local Address Table dialog box to determine which IP addresses will be added to the Local Address Table (LAT).
The Construct Local Address Table dialog box has the following elements:
Add the private ranges To add to the LAT three ranges of IP addresses defined by IANA as private address ranges that can be used in a private IP network that is not connected to the Internet, select the Add the private ranges check box.
Load from NT Internal Routing Table Click this option to load IP addresses accessible through some or all of the server’s network adapter cards.
Load known address ranges from all IP interface cards If you do not know which of the server’s cards are connected to the private network and which are connected to the Internet, select this option. IP addresses accessible through any of the server’s network adapter cards will be added to the LAT.
However, if you choose this option, after you complete the Construct Local Address Table dialog box and return to the Local Address Table Configuration dialog box you will need to review the generated list of IP ranges. Use the edit controls in the Local Address Table Configuration dialog box to remove any IP address pairs that define external (Internet) addresses. Also add any needed IP address pairs until all addresses of your internal network are defined.
Load known address ranges from the following IP interface cards If you know which of the server’s network adapter cards are connected to the private network and which are connected to the Internet, select this option.
Then, in the list of network adapter cards, select the check box for each of the internally connected cards, and clear the check box for each of the externally connected cards.
Network Adapter Cards The server’s network adapter cards are listed below the Load known address ranges from the following IP interface cards option.
If a network adapter card is connected to the private network, select its check box. The IP addresses accessible through that card will be added to the Local Address Table (LAT). If a network adapter card is connected to the Internet, clear its check box. The IP addresses accessible through that card will be excluded from the LAT.
WinSock Proxy Protocols PropertiesWinSock Proxy Protocols Property Sheet
Protocol Definition Dialog Box
Port Range Definition Dialog Box
WinSock Proxy Protocols Property SheetUse the WinSock Proxy Protocols property sheet to determine which Windows Sockets applications can be used to access the Internet through the WinSock Proxy service on this server, and for each protocol configuration, which ports can be used for outbound and inbound connections.
The WinSock Proxy Protocols property sheet has the following elements:
When Microsoft Proxy Server is installed, a default set of protocol configurations are created and will appear in this list. Use the Add, Edit, and Remove buttons to modify the list.
Add To configure a protocol and add it to the list of protocols that can be used to access the Internet through the WinSock Proxy service on the server, click Add and complete the Protocol Definition dialog box that appears. The protocol is added to the Protocol Definitions list.
Edit To modify the settings for a configured protocol, select a protocol from the Protocol Definitions list, click Edit, and complete the Protocol Definition dialog box that appears.
Remove To
delete a protocol configuration, select it from the Protocol
Definitions list and click Remove.
Protocol Definition Dialog BoxUse the Protocol Definition dialog box to configure protocols for use with the WinSock Proxy service on this computer.
–Or–
Select an item from the Service Definitions list and click Edit.
The Protocol Definition dialog box has the following elements:
Protocol Name Type the name of a protocol definition to be added to the WinSock Proxy service for this server.
Initial Connection Use the Initial Connections options to define how each initial connection using this protocol definition will be handled.
Port Type the port number that will be used for initial connections by this protocol definition.
Type Specify the protocol type that will be used for initial connections. Select TCP (for Transmission Control Protocol) or UDP (for User Datagram Protocol).
TCP Select TCP when Transmission Control Protocol should be used for initial connections.
UDP Select UDP when the User Datagram Protocol should be used for initial connections.
Direction Specify whether the initial connection port will be configured for Outbound or Inbound.
Inbound If you selected TCP, select Inbound to allow external sites to initiate connections to clients through the port.
If you selected UDP, select Inbound to allow the port to pass packets sent from an external site to a client.
Outbound If you selected TCP, select Outbound to allow clients to initiate connections to external sites through the port.
If you selected UDP, select Outbound to allow the port to pass packets sent from a client to an external site.
Port Ranges for Subsequent Connections Use the Port Ranges for Subsequent Connections options to define how to handle connections or packets that originate as a result of requests or packets sent on the initial connection’s port number.
The list under Port Ranges for Subsequent Connections displays the port, packet type, and direction for each existing subsequent connection configuration. (Note that a port range of 0 indicates Any, which permits connections to ports 1024-5000.)
Add To specify a port or port range that will be used for subsequent connections, click Add, and complete the Port Range Definition dialog box that appears.
Edit To modify the settings for a port range for a subsequent connection, select the port range from the Port Ranges for Subsequent Connections list, click Edit, and complete the Port Range Definition dialog box that appears.
Remove To
remove a port or port range from the list of those that
will be used for subsequent connections, select the port
range from the Port Ranges for Subsequent
Connections list and click Remove.
Port Range Definition Dialog BoxUse the Port Range Definition dialog box to set the parameters for subsequent connections. Subsequent connections are those that originate as a result of requests or packets sent on the initial connection’s port number. The subsequent connection parameters include the port number or range, the protocol type, and the direction.
–Or–
Select an item from the Port Ranges for Subsequent Connections list and click Edit.
The Port Range Definition dialog box has the following elements:
Port or Range In the Port or Range boxes, enter a single port or a range of port numbers to use for subsequent connections.
Note that you can enter 0 to indicate Any, which allows connections to ports 1024-5000.
Type Specify the protocol type that will be used for subsequent connections. Select TCP (for Transmission Control Protocol) or UDP (for User Datagram Protocol).
TCP Select TCP when the Transmission Control Protocol should be used for subsequent connections.
UDP Select UDP when the User Datagram Protocol should be used for subsequent connections.
Direction Specify whether subsequent connection ports will be configured for Inbound or Outbound.
Inbound If you selected TCP, select Inbound to allow external sites to initiate connections to clients through the port.
If you selected UDP, select Inbound to allow the ports to pass packets sent from an external site to a client.
Outbound If you selected TCP, select Outbound to allow clients to initiate connections to external sites through the port.
If you selected UDP, select Outbound to allow the ports to pass packets sent from a client to an external site.
WinSock Proxy Permissions PropertiesWinSock Proxy Permissions Property Sheet
WinSock Proxy Add Users and Groups Dialog Box
Protocol Selection Dialog Box
WinSock Proxy Permissions Property SheetUse the WinSock Proxy Permissions property sheet to determine which users or groups of users can access the Internet using a particular protocol configuration through the WinSock Proxy service on this server.
The WinSock Proxy Permissions property sheet has the following elements:
Enable Access Control Select this check box to enable access control. With access control, only users who are granted WinSock Proxy permissions can use WinSock Proxy protocols to access the Internet through the WinSock Proxy service. By default this check box is selected.
Clear this check box to disable access control. Without access control, any WinSock client can access the Internet through the WinSock Proxy service (the WinSock Proxy equivalent of Anonymous access).
Protocol This box lists the protocol configurations that have been created for this server and are available to users of the WinSock Proxy service.
A special selection in the this list, Unlimited Access, allows access to all protocols and all ports of this server. This includes ports not defined in any protocol configuration. Also, users granted Unlimited Access are not affected by WinSock Proxy domain filtering. Grant permission to Unlimited Access only to users who should have such access.
Note The protocol definitions that appear in the list are added, removed, and modified by using the Protocols property sheet.
Add To grant a user or group permission to use a WinSock Proxy protocol to access the Internet, select the protocol from the list in the Protocol box, choose Add, and complete the Add Users and Groups dialog box that appears.
Remove To revoke permission to use a protocol, select the protocol from the Protocol list, select one or more users and groups from the list in the box below, and choose Remove.
Copy To This button allows you to grant permissions for more than one protocol at a time.
To grant users access permission for several protocols, select a protocol from the Protocol list, select one or more users and groups from the Grant Access To list, click Copy To, and complete the Protocol Selection dialog box that appears.
Remove From This button allows you to revoke permissions for more than one protocol at a time.
To deny users
permission for several protocols, select a protocol from
the Protocol list, select one or more
users and groups from Grant Access To
list, click Remove From, and complete
the Protocol Selection dialog box that
appears.
WinSock Proxy Add Users and Groups Dialog
BoxUse the Add Users and Groups dialog box to grant a user or to a group permission to use the selected protocol configuration to access the Internet through the WinSock Proxy service on the server. You can grant access to users and groups from this server, from the local Windows NT domain, and from trusted Windows NT domains.
Tip It is a good idea to use User Manager for Domains to create a user group containing the user accounts of all users who need access to WWW, FTP, or Gopher. Then, for each protocol, you only have to apply permissions once for the entire group, rather than for each individual member. For more information about user groups and about User Manager for Domains, see your documentation for Windows NT.
Click Add.
The Add Users and Groups dialog box has the following elements:
List Names From Select a computer or domain. The groups of that domain will be listed in the Names box.
Names Lists the groups of the selected computer or domain. If Show Users has been clicked, also lists user accounts.
Local groups (as distinct from global groups) are a special case. When an asterisk (*) appears next to a domain or computer name in the List Names From box, it indicates that the local groups of that domain or computer can be listed in Names. When the asterisk is absent, it indicates that local groups cannot be listed.
Add After selecting users or groups in Names, click Add to move the names to the Add Names list.
Show Users By default, only groups are listed in Names. Select Show Users to also display user accounts in Names.
Members To view the members of a listed group, select the group in Names and then click Members. The Group Membership dialog box will appear.
Search To search for a particular user or group, click Search and complete the Find Account dialog box that appears.
Add
Names When you click OK, the
list of users and groups in Add Names is added to
the list in the Permissions property sheet. You
choose which users or groups to add to this list. You can
add users and groups to the Add Names list by
typing the account names (separated by colons); by
selecting the names from the Names list and
clicking Add; by clicking Search and
completing the Find Account dialog box; or by
selecting a group from Names, clicking Members,
and completing the Group Membership dialog box.
Protocol Selection Dialog BoxUse the Protocol Selection dialog box to grant or remove user access permissions for several WinSock Proxy protocols.
In the Permissions property sheet (the window described in the preceding section) you selected one or more users and groups. Now, in the Protocol Selection dialog box:
If you clicked Copy To in Permissions, then the protocols you select in this dialog box are the protocols for which those users will have access permissions added.
WinSock Proxy Logging PropertiesUse the WinSock Proxy Logging property sheet to set the logging options for the WinSock Proxy service. Microsoft Proxy Server can log information about all Internet requests made by clients. It can log to a text file or to a table in an ODBC-compliant database (such as Microsoft Access or Microsoft SQL Server).
The WinSock Proxy Logging property sheet has the following elements:
Enable Logging Select Enable Logging to log Internet accesses to a text file, or to a table in a SQL or ODBC-compliant database.
Regular Logging Records only a subset of all available information for each Internet access. This option reduces the disk space needed for a log file.
Verbose Logging Records all available information for each Internet access.
Saves log information to a text file. This text file can be viewed with a text editor, such as Notepad.
Automatically open new log file When selected, periodically begins a new log file, using the interval specified by the Daily, Weekly, Monthly, or When File Size Reaches options. When a new log file is started, the old log file is closed (and can optionally be archived on other storage media).
When cleared, the same WinSock Proxy log file is used continuously.
Daily, Weekly, or Monthly Selecting one of these options specifies that a new log file should be started at daily, weekly, or monthly intervals.
When file size reaches Starts a new file each time the log file reaches the specified size. The log file will be closed when it reaches this size. Closed log files can then be stored on disk or other media.
MB The value in this box determines the file size that, when reached in the current log files, causes a new log file to be started. To change this value, type a number or click the arrows.
Log file directory Displays the path where WinSock Proxy log files are written and stored. To change this location, type a new path. Although it is possible to write a log file to another computer on your network, it is recommended that you write your WinSock Proxy log file to the local hard disk of the computer running Microsoft Proxy Server. To help prevent the disk filling up, it is a good idea to store the logs and the Web Proxy cache on different volumes.
The default is to place WinSock Proxy service text file logs under this path:
C:\Winnt\System32\Wsplogs.
Browse If you want to change the Log file directory but are not sure of the new path, you can click Browse and complete the Select Directory dialog box.
Log file name Microsoft Proxy Server generates the WinSock Proxy log file name for you. When WinSock Proxy logs files are opened daily the file name takes the format WSyymmdd.log, where yy is a number representing the year, mm is a number representing the month, and dd is a number representing the day of the month. For weekly logs the format is WSWyymmw.log, where w is a number between 1 and 5. For monthly logs, the format is WSMyymm.log.
When the Automatically open new log option is selected and a new WinSock Proxy log file is opened each time the log file reaches a specified size, the file name takes the format WSBnnnn.log, where nnnn is a number that increments with each new log. For example, WSB0007.log.
Log to SQL/ODBC Database Choose this option to write all Internet accesses to a table in an SQL or ODBC-compliant database. Writing log data to a database is slower than writing to a text file, but data querying and reporting are enhanced by using an SQL or ODBC-compliant database (such as Microsoft SQL Server or Microsoft Access).
Log files are stored in one table. Each Internet transaction generates one record in the table. The database can exist on the computer running Microsoft Proxy Server or on another computer on your private network.
ODBC data source name (DSN) Type the ODBC Data Source Name (DSN) for the database that the WinSock Proxy service will be logging to.
Table Type the name of a table in the database. Microsoft Proxy Server will log WinSock Proxy service information to this table.
User Name Type a valid user name for the database table.
Password If the table is password protected, type the password.
WinSock Proxy Filters PropertiesWinSock Proxy Filters Property Sheet
WinSock Proxy Deny or Grant Access To Dialog Box
WinSock Proxy Filters Property SheetUse the WinSock Proxy Filters property sheet to grant or deny client access to Internet sites. The filtering set here is common to both services. It applies to all users who access the Internet using the Web Proxy or WinSock Proxy services on a server.
The WinSock Proxy Filters property sheet has the following elements:
Enable Filtering Select this option to implement access filtering, which controls client access to Internet sites. You can use access filtering to prohibit access to specified sites or to allow access to only the sites specified. The filtering applies to all users who access the Internet through this server.
Granted When this option is selected, users who access the Internet through this server are granted access to all Internet sites, except for those that are listed. (Access is denied only for the listed sites.)
Denied When this option is selected, users who access the Internet through this server are denied access to all Internet sites, except for those that are listed. (Access is granted only for the listed sites.)
Except to those listed below The list displays the exceptions to the selected option (Granted or Denied). To change the list, use the Add, Edit, or Remove buttons.
Add To add an item to the list of exceptions, choose Add and complete the dialog box that appears.
Edit To alter a listed item, select it, choose Edit, and complete the dialog box that appears.
Remove To
remove an item from the list of exceptions, select the
item and click Remove.
WinSock Proxy Deny or Grant Access To
Dialog BoxIf the Granted option in the Filters property sheet is selected, use the Deny Access To dialog box to specify an Internet site that all users of a server will not be allowed to access. If the Denied option in the Filters property sheet is selected, use the Grant Access To dialog box to specify an Internet site that all users of a server will be allowed to access.
Note that for the WinSock Proxy service, filtering by domain name does not affect Internet requests where the client application accesses a site using an IP address. To effectively filter a site you may find it useful to create filters both on the domain name and the IP address.
–Or–
From the WinSock Proxy Filters property sheet, select an item from the Except to those listed below list and click Edit.
The WinSock Proxy Deny Access To or Grant Access To dialog box has the following elements:
Single Computer Select this option to grant or deny access to a single computer. If you select this option, you must also enter the computer’s IP address.
Group of Computers Select this option to grant or deny access to a group of computers. If you select this option you must enter an IP address and a subnet mask.
Domain Select this option to grant or deny access to a domain or to multiple sites with similar domain names. If you select this option, you must enter a domain name in the Domain Name box.
IP Address If you have selected Single Computer or Group of Computers, enter the appropriate IP address in this box.
Subnet Mask If you selected the Group of Computers option, enter the appropriate subnet mask in this box.
Domain If you selected the Domain option, enter the domain name in this box. You can include a path within the domain.
© 1996 by Microsoft Corporation. All rights reserved.