About proxy server security

Any server accessible from the Internet is at risk for attracting unwanted attention to the system on which it runs. Unauthorized people might try to guess passwords, update files, execute files, or read confidential data. Part of the attraction of the World Wide Web is its openness. However, the Web is open to both positive use and abuse.

The following sections describe how to control who has access to the files on your Caching Proxy server.

Caching Proxy supports Secure Sockets Layer (SSL) connections, in which secure transmissions involving encryption and decryption are established between the client browser and the destination server (either a content server or a surrogate server).

When Caching Proxy is configured as a surrogate, it can establish secure connections with clients, with content servers, or both. To enable SSL connections, in the Configuration and Administration forms, select Proxy Configuration -> SSL Settings. On this form select the Enable SSL check box and specify a key ring database and a key ring database password file.

When Caching Proxy is configured as a forward proxy server, it follows a pass-through protocol called SSL tunneling to pass encrypted requests between the client and the content server. Encrypted information is not cached because the proxy server does not decrypt the tunneled requests. In a forward proxy installation, SSL tunneling is enabled. To disable it, in the Configuration and Administration forms, select Proxy Configuration -> Proxy Settings, and clear the SSL Tunneling check box on this form.

You can take several basic precautions to protect your system:

Note:
If the Configuration Wizard is used to configure the proxy server, then to enable SSL, a mapping rule must be created to proxy requests received through port 443. For more information, refer to Define mapping rules.

Examples:

Proxy /* http://content server :443

or

Proxy /* https://content server :443