Controlling Client Access To The Traffic Server Proxy Cache; Controlling Host Access To The Traffic Server Machine (Arm Security); To Specify The Clients Allowed To Use Traffic Server As A Proxy Cache - HP P4535A - Web Cache Server Appliance Administrator's Manual

Chapter 11

Controlling client access to the Traffic Server proxy cache

You can configure Traffic Server to allow only certain clients to use the proxy cache.

To specify the clients allowed to use Traffic Server as a proxy cache:

1. Telnet into the HP web cache appliance and select Shell Access as described in
Methods‚ on page
2. Open the
ip_allow.config
By default, the file contains the following line that allows all clients to access the Traffic Server proxy
cache:
src_ip=0.0.0.0-255.255.555.255
3. Comment out the default line, as shown below.
#src_ip=0.0.0.0-255.255.555.255
4. Using the following format, add a line for each IP address or range of IP addresses allowed to access
Traffic Server:
src_ip=IP address or range of IP addressses
where
IP address or range of IP addresses
clients that are allowed to access the Traffic Server proxy cache.
For example, to allow client access from a host with the IP address 11.11.11.1 and from a host with the IP
address 1.1.1.1, enter the following lines in the file:
src_ip=11.11.11.1
src_ip=1.1.1.1
5. Save and close the
6. Run the command
NOTE
Controlling host access to the Traffic Server machine (ARM
security)
For security reasons, you might want to restrict the type of communication possible with machines running
Traffic Server. Using Traffic Server's ARM security option, you can create an access control list that is used
to either allow or deny other hosts from communicating with the Traffic Server machine on specific ports. This
firewall prevents potentially malicious packets from disrupting the operation of the machine.
When the ARM security option is enabled, the Traffic Server ARM examines UDP and TCP packets as they
arrive at the Traffic Server machine and matches them against the access control list that you specify in a
configuration file. The ARM checks all UDP packets (since UDP communication is, by definition,
connectionless) and looks at the first TCP packet initiating the session against the configuration file access
control list. Acceptable packets using either protocol are then passed up the network stack. Only incoming
UDP and TCP packets are affected. This means that it is always possible to initiate TCP and UDP connections
from Traffic Server regardless of the access control list configured.
7.
file located in Traffic Server's
file.
ip_allow.config
to apply the configuration changes.
traffic_line -x
If an unauthorized client tries to access Traffic Server, a message displays in their
browser indicating that the requested content cannot be obtained. For example, in
Netscape Version 4.7, the message The document contained no data appears in the
browser window. In Internet Explorer Version 5.0, the message The page cannot be
displayed appears in the browser window.
Overview of Access
directory with Vi.
config
action=ip_allow
action=ip_allow
action=ip_allow
is the IP address or range of IP addresses of the
action=ip_allow
action=ip_allow
Security Options
81