General Information on HTTP Proxy Configuration
Allows you to efficiently handle browser requests thru the Firewall that eliminates the need for a socks server environment. Users can use the Internet, without compromising the security of the internal network, and without altering their client environment to implement it.
Note: If you change any of these settings, you must restart the
phttpd process.
Example of HTTP Proxy Configuration
Suppose that your firewall is set up to mediate traffic
between a secure network and the outside Internet. Let's also suppose that
you want to allow users from the secure network
to access the World Wide Web on the non-secure Internet. For a basic
configuration, you could complete the following steps.
- Click "HTTP" in the navigation tree and
ensure that the HTTP Proxy
Configuration settings are suitable for your purposes. Note that
port 8080 is the default here. If you change this, the port number must
also be changed in the Services that get set up for this configuration (see
below). If you change any of these settings, you must restart the
phttpd process.
- Ensure that the phttpd process is running. If it's not, you can
type "phttpd" at the AIX command line to start it. To have it start
automatically each time the Firewall is rebooted, uncomment
the phttpd line in the /etc/rc.tcpip file so that it looks
as follows:
## If you want the HTTP proxy daemon to always #FW#
## start at boot time, uncomment the following line. #FW#
/usr/sbin/phttpd
- Add two connections (or supplement existing connections):
- Allow HTTP traffic to flow between the secure users and the
secure interface on the firewall:
Name: |
HTTP Proxy 1 |
Description: |
HTTP to the firewall |
Source: |
Secure Network |
Destination: |
Secure Interface |
Service: |
HTTP proxy outbound 1/2 |
- Allow HTTP traffic to flow between the non-secure interface
of the Firewall and the Internet:
Name: |
HTTP Proxy 2 |
Description: |
HTTP from Firewall to WWW |
Source: |
Non-secure Interface |
Destination: |
The World |
Services: |
Select from...
- HTTP proxy out 2/2
- FTP proxy out 2/2
- Gopher proxy out 2/2
- WAIS proxy out 2/2
- HTTPS proxy out 2/2
|
- Allow DNS Queries. An easy way to do this is to click on
Security Policy (from inside the System Administration folder in
the navigation tree) and click on "Permit DNS Queries".
- Regenerate and activate the Connection Rules.
- Tell your secure network users to configure their browsers so that
they are accessing the HTTP Proxy at the Firewall's secure interface
address and that they should use port 8080.
Further Information