manualshive.com logo in svg

HP P4535A - Web Cache Server Appliance, Administrator'S Manual, Page: 108 / 251

Share
Download
HP P4535A - Web Cache Server Appliance Administrator'S Manual Download Page 108

96

Chapter 11

Security Options

4. Save and close the

records.config

file.

5. Restart Traffic Server using the command

start_traffic_server

Traffic Server and origin server connections

Figure 11-2. illustrates communication between Traffic Server and an origin server when the SSL termination
option is enabled for Traffic Server /origin server connections.

Figure 11-3. Traffic Server and origin server communication using SSL termination

To configure Traffic Server to use the SSL termination option for Traffic Server and origin server connections:

Obtain and install an SSL client certificate from a recognized certificate authority (such as VeriSign). The
SSL client certificate contains information that allows Traffic Server to authenticate the origin server and
exchange secret encryption keys.

The client certificate is optional. If you do not install an SSL client certificate, you must use a certification
authority (CA).

Set configuration variables in the

records.config

file to:

o

Enable the SSL termination option

o

Set the port number used for SSL communication

o

Specify the filename and location of the SSL client certificate (if you choose to use a client certificate)

o

Specify the file name and location of the Traffic Server’s private key (if the private key is not located
in the client certificate file)

Traffic Server uses its private key during the SSL handshake to decrypt the session encryption keys.
The private key must be stored and protected against theft.

o

Configure the use of CAs. You must use a CA if you choose not to use a client certificate, otherwise,
security on your system may be compromised.

CAs allows the Traffic Server that is acting as a client to verify the identity of the server with which it
is communicating and to exchange secret encryption keys.

origin server

 If a client request is a cache miss or is stale, Traffic Server sends an HTTPS request for the content to the 
 origin server. The origin server receives the request and performs the SSL handshake to authenticate 
 Traffic Server and to determine the encryption method to be used.

If SSL termination is enabled for client /Traffic Server connections, Traffic Server re-encrypts the content and 
sends it to the client via HTTPS, where it is decrypted and displayed. 
If SSL termination is not enabled for client/Traffic Server connections, Traffic Server sends the plain text version 
of the content to the client via HTTP.

1

3

2

If Traffic Server is allowed access, the origin server encrypts the content and sends it to Traffic Server, 
where it is decrypted (using the method determined during the handshake) and the plain text version of 
the content saved in the cache.

HTTPS request

Encrypted secure connection

Traffic
Server

1

2

Client

3

Encrypted secure connection
            OR

HTTP connection (plain text)

Summary of Contents for P4535A - Web Cache Server Appliance

Page 1: ...HP Cache Server Appliance Administrator Guide HP Part Number 5971 3045 Printed in June 2001 ...

Page 2: ... by copyright All rights are reserved No part of this document may be photocopied reproduced or translated to another language without the prior written consent of Hewlett Packard Company UltraServer and SPARCstorage are trademarks of Sun Microsystems Inc Myrinet is a trade name of Myri com Inc UNIX is a registered trademark of AT T All other trademarks are the property of their respective owners ...

Page 3: ...2 Getting Started 7 Overview of Access Methods 7 Verifying that Traffic Server is up and running 8 Accessing Traffic Manager 8 Using the Monitor and Configure tabs 9 Using online help 9 Starting Traffic Line 10 Restarting Traffic Server 10 3 Web Proxy Caching 11 Understanding web proxy caching 11 A day in the life of a cache request 11 Ensuring cached object freshness 12 Revalidating HTTP objects ...

Page 4: ...ss rules 32 Viewing the current set of bypass rules 32 Configuring ARM security 32 5 Reverse Proxy and HTTP Redirects 33 Understanding reverse proxy caching 33 Reverse proxy solutions 33 How does reverse proxy caching work 34 HTTP Reverse Proxy 35 Handling origin server redirect responses 35 Using mapping rules 36 Setting HTTP reverse proxy options 38 FTP Reverse Proxy 39 Configuring FTP Reverse P...

Page 5: ... Resolving alarms 67 Configuring Traffic Server to E mail alarms 68 Viewing Statistics from Traffic Line 68 Viewing groups of statistics 68 Retrieving individual statistics 69 Using MRTG 70 Accessing MRTG 70 Navigating MRTG 70 Using SNMP 71 Enabling SNMP 71 Configuring SNMP trap destinations 72 10Configuring Traffic Server 73 Configuring Traffic Server using Traffic Manager 73 Starting Traffic Man...

Page 6: ... event log files 99 Choosing the logging directory 99 Controlling logging space 99 Setting log file management options 100 Choosing event log file formats 101 Using standard formats 101 Using custom formats 103 Choosing binary or ASCII 108 Using logcat to convert binary logs to ASCII 108 Rolling event log files 109 Rolled log file name format 109 Rolling intervals 110 Setting log file rolling opti...

Page 7: ...mands 145 Traffic Line batch mode commands 145 Traffic Line interactive mode commands 146 Traffic Line variables 147 Statistics 147 Configuration Options 151 D Configuration Files 159 arm_security config 160 Format 160 Example 160 bypass config 161 Format 162 Example 162 cache config 162 Format 163 Example 164 filter config 164 Format 164 Example 165 ftp_remap config 166 Format 166 Example 166 hos...

Page 8: ...at 176 nntp_servers config 177 Format 177 Example 179 parent config 179 Format 180 Example 181 partition config 181 Format 182 Example 182 records config 182 Format 182 Example 183 Configuration variables 183 remap config 212 Format 212 Example 213 snmpd cnf 214 Format 214 Configuring trap destinations 215 Access control 215 socks config 216 Format 216 Example 216 splitdns config 217 Format 217 Ex...

Page 9: ...rmats 224 Netscape Common logging formats 225 Netscape Extended logging formats 225 Netscape Extended 2 logging formats 225 F Traffic Server Error Messages 227 Traffic Server error messages 227 Traffic Server Notes 227 Traffic Server Process fatal 228 Traffic Server Warnings 228 Traffic Server alarm messages 229 HTML messages sent to clients 230 Standard HTTP response messages 232 Glossary 233 Ind...

Page 10: ...virtual IP addressing from Traffic Manager 48 To enable disable virtual IP addressing manually 49 To add or edit virtual IP addresses from Traffic Manager 49 To add or edit virtual IP addresses manually 50 To enable the HTTP parent caching option from Traffic Manager 52 To enable HTTP parent caching manually 53 To identify an HTTP parent cache from Traffic Manager 53 To set ICP options from Traffi...

Page 11: ...ctions 95 To set SSL termination configuration variables for Traffic Server origin server connections 97 To set log management options from Traffic Manager 100 To set log management options manually 100 To select a standard event log file format from Traffic Manager 101 To select a standard event log file format manually 102 To create traditional custom log formats 104 To generate XML based custom...

Page 12: ...mes that you have experience in UNIX or Windows and Web server administration and that you are comfortable performing complex system configuration tasks such as partitioning and formatting disks setting up TCP IP ports and establishing DNS round robin services Conventions used in this manual This manual uses the following typographic conventions Preface Convention Purpose italics Represent emphasi...

Page 13: ...e that improves network efficiency and performance by caching frequently accessed information at the edge of the network This brings content physically closer to end users for faster delivery and dramatically reduces bandwidth usage Traffic Server is designed to improve content delivery for enterprises Internet Service Providers ISPs backbone providers and large intranets by maximizing existing ba...

Page 14: ... hierarchies where Internet requests not fulfilled in one cache can be routed to other regional caches taking advantage of the contents and proximity of nearby caches In a hierarchy of proxy servers Traffic Server can act either as a parent or child cache either to other Traffic Servers or to other caching products Traffic Server supports the standard Internet Cache Protocol ICP to interoperate wi...

Page 15: ... to suit your needs The Adaptive Redirection Module ARM The Adaptive Redirection Module ARM is used in transparent proxy caching to redirect intercepted user requests destined for an origin server to the Traffic Server Before the traffic is redirected by the ARM it is intercepted by an L4 switch or router To redirect user requests to Traffic Server the ARM changes an incoming packet s address The ...

Page 16: ...c_server process The traffic_manager process is also responsible for Traffic Manager the proxy auto configuration port the statistics interface cluster administration and virtual IP failover If the traffic_manager process detects a traffic_server process failure it instantly restarts the process but also maintains a connection queue of all incoming requests All incoming connections that arrive in ...

Page 17: ...m Traffic Manager SNMP Network Management support lets you monitor and manage Traffic Server through SNMP network management facilities Traffic Server supports two management information bases MIBs MIB 2 a well known standard MIB and the HP proprietary Traffic Server MIB that provides more specific node and cluster information Traffic Manager alarms are presented in Traffic Manager Traffic Server ...

Page 18: ...henticated by the LDAP server Traffic Server uses a local database to improve the performance of LDAP authentication and upon completion logs successfully authenticated users Secure connections in reverse proxy mode between a client and Traffic Server and Traffic Server and the origin server using the SSL termination option Control access to Traffic Manager using o SSL Secure Sockets Layer protect...

Page 19: ...ss the appliance with the Telnet access user name and password entered during the appliance initial network configuration session you will be presented with a menu listing a number of configuration and maintenance tasks There are some Traffic Server configuration tasks that require shell access to the cache appliance file system and you will have to select shell access from the menu to complete th...

Page 20: ... browser based user interface consisting of a series of web pages Traffic Manager provides a rich set of graphs and statistical displays for monitoring Traffic Server performance and network traffic plus a set of options for configuring and fine tuning your system All common Traffic Server configuration tasks should be performed using this UI You access Traffic Manager through your web browser To ...

Page 21: ...nager starts by displaying the Monitor tab To display the Configure tab click the Configure tab to the right of the Monitor tab Using online help Both the Monitor and Configure tabs provide a Help button When you click the Help button the Traffic Server online help opens in another browser window The online help describes each page that opens when you click a button on the Monitor or Configure tab...

Page 22: ...and Configure tabs To start a Traffic Line session 1 Telnet into the HP web cache appliance and select Shell Access as described in Overview of Access Methods on page 7 You are now ready to enter Traffic Line commands Traffic Line commands take the following form traffic_line flag argument 2 For a list of traffic_line commands enter traffic_line h 3 To enter Traffic Line interactive mode enter the...

Page 23: ...t it is communicating with a proxy and explicit proxy caching where the user s client software must be configured to send requests directly to the traffic Server proxy A day in the life of a cache request Here is an overview of the steps that take place as a Traffic Server proxy cache serves a user request 1 Traffic Server receives a user request for a document image news article or other web obje...

Page 24: ... limit and serves the object A new copy of the object is available Traffic Server caches the new object replacing the stale copy and serves the object to the user simultaneously The object no longer exists on the origin server Traffic Server does not serve the cached copy The origin server does not respond to the revalidation query The Traffic Server serves the stale object along with a 111 Revali...

Page 25: ...affic Manager Minimum freshness information for a document to be cacheable is one of the configuration options under Freshness Default test For documents that do not have Expires headers or do not have both Last Modified and Date headers you can specify an absolute freshness limit in the Freshness section of the Configure Cache page Revalidate rules in the cache config file Revalidate rules apply ...

Page 26: ...cts without Expires headers Evaluate the freshness of objects with Expires headers by first checking the Expires header and then checking Cache Control headers Evaluate freshness as follows 1 Use the Expires header test if applicable otherwise go to step 2 If the object is stale revalidate If it is fresh check the Cache Control headers 2 Use the Last Modified Date header test if applicable otherwi...

Page 27: ... servers as well as configurable options in Traffic Manager and the cache config file Directive source Caching directives administration options Traffic Server has the following administration options for caching Configure Traffic Server not to cache objects with URLs containing the following cgi end in asp Configure Traffic Server not to cache objects served in response to the Cookie header Use n...

Page 28: ... for HTTP concurrency at any given time The system logs the completion of all HTTP GET operations enabling you to monitor the performance of this feature News article caching Traffic Server can function as a news server or a caching news server This section provides background information about Traffic Server news server and the Network News Transfer Protocol NNTP caching features News also known ...

Page 29: ...s subscription files Sends user postings to the parent news server When clients issue news requests Traffic Server intercepts these requests and serves them from its cache reducing traffic to parent news servers If a particular overview or article is not in the cache Traffic Server forwards requests to the parent server Supporting several parent news servers Traffic Server can cache articles for s...

Page 30: ...d ports and network interfaces You can configure the interface from which to connect to a parent news server port You can also configure the port on the parent server to which Traffic Server connects Blocking particular groups You can block particular groups on specified news servers Clients do not see blocked groups in news server group lists You list all blocked groups in the nntp_servers config...

Page 31: ...the Traffic Server s caching behavior for specific news groups see page 177 for more information You configure update frequencies in the Configure Protocols page of Traffic Manager Here are the available options Pull the overview information for specified groups For all groups designated as pullover the server will retrieve the overview database information using the OVER XOVER commands automatica...

Page 32: ...se including PERL and C among others You can position them anywhere on the network connected by a secure tunnel if required Each time a user needs to be authenticated Traffic Server connects to the authentication server which is part of Traffic Server and runs the plugin CAUTION Taking a full feed is not recommended as the server will have no way to retrieve an article if it is lost for any reason...

Page 33: ...able Traffic Server to obey cancel addgroup and rmgroup messages in the Configure Protocols page of Traffic Manager For example if you select Obey cancel control messages Traffic Server pulls cancel messages automatically in order to obey them Client bandwidth throttling You can limit the amount of bandwidth allotted to clients for downloading articles Clients that attempt to exceed the bandwidth ...

Page 34: ...s these problem clients and servers dynamically and the ARM adaptively disables interception for these clients and servers passing their traffic unimpeded to the origin server Additionally clients and servers can be manually exempted from caching by configuring ARM See Interception bypass on page 28 for more information 4 Traffic Server receives and begins processing the intercepted client request...

Page 35: ...ology In a complex network you must decide which clients are to be served transparently and make sure that Traffic Server is positioned to intercept their requests Traffic Server or routers or switches feeding Traffic Server are often deployed at a major artery or aggregation pipe to the Internet ARM is installed by default and must be activated to use transparency The section ARM redirection on p...

Page 36: ...ing a WCCP enabled router for transparency Traffic Server supports WCCP 1 0 and WCCP 2 0 A WCCP 1 0 enabled router can send all port 80 HTTP traffic to Traffic Server as shown in Figure 4 2 below The Traffic Server ARM readdresses port 80 to Traffic Server s proxy port by default port 8080 Traffic Server processes the request as usual retrieving the requested document from the cache if it is a hit...

Page 37: ...Telnet into the HP web cache appliance and select Shell Access as described in Overview of Access Methods on page 7 2 Open the records config file located in the Traffic Server s config directory with Vi 3 Set the following variable to 1 proxy config wccp enabled INT 1 4 Edit the following variable to specify the IP address of the WCCP router that is sending traffic proxy config wccp router_ip STR...

Page 38: ... STRING IPaddress proxy config wccp2 router1_ip STRING IPaddress 9 Save and close the records config file 10 Run the command traffic_line x to apply the configuration changes ARM bypass and WCCP If Traffic Server has an ARM bypass rule discussed in Interception bypass on page 28 Traffic Server forwards particular client requests directly to the origin server bypassing the cache Bypassed requests a...

Page 39: ...ures that all requests to a specific page on that origin server no matter which IP address is used are cached on the same node With full clustering objects are distributed among nodes according to their URLs WCCP distributes objects according to destination IP address If a particular IP address is receiving many requests WCCP load balancing may lead to a hot spot where all of that site s traffic i...

Page 40: ... because many ISPs dynamically allocate client IP dial up addresses and more secure cryptographic protocols are now more often used Web proxies are common in corporate and Internet use so interoperability problems are extremely rare However in those rare cases Traffic Server contains an adaptive learning module that recognizes interoperability problems caused by transparent proxying and automatica...

Page 41: ...er clients are not bypassed Bypass rules that are generated dynamically are purged after a Traffic Server restart If you want to preserve dynamically generated rules you can save a snapshot of Traffic Server s current set of bypass rules See Viewing the current set of bypass rules on page 32 Setting dynamic bypass rules By default Traffic Server is not configured to bypass the cache when it encoun...

Page 42: ...able to 1 to enable dynamic source destination bypass when an origin server returns a 408 error proxy config arm bypass_use_and_rules_500 Set this variable to 1 to enable dynamic source destination bypass when an origin server returns a 500 error proxy config arm bypass_on_bad_client_request Set this variable to 1 to enable dynamic destination bypass in the event of non HTTP traffic on port 80 pro...

Page 43: ...he variable proxy config arm bypass_on_403 to 1 Variable Description proxy process arm num_bypass_on_bad_client_request Displays the number of times Traffic Server bypassed the cache because it detected non HTTP traffic on port 80 proxy process arm num_bypass_on_400 Displays the number of times Traffic Server bypassed the cache because it detected an HTTP 400 error proxy process arm num_bypass_on_...

Page 44: ...example you could route around specific client server pairs that experience broken IP authentication or out of band HTTP traffic problems when cached Source destination bypass rules might be preferable to destination rules because they block a destination server only for those particular users that experience problems To configure static bypass rules edit the bypass config file refer to bypass con...

Page 45: ...ed to be the origin server the user is trying to connect to the origin server s advertised hostname resolves to Traffic Server which is acting as the real origin server Reverse proxy solutions There are many ways in which Traffic Server can be used as a reverse proxy Here are a few example scenarios You can use Traffic Server in reverse proxy mode to Off load heavily used origin servers Deliver co...

Page 46: ...content is sensitive and not cacheable Traffic Server obtains the content from the origin server the firewall allows only Traffic Server access to the origin server The sensitive content resides on the origin server safely inside the firewall How does reverse proxy caching work When a browser makes a request it normally sends that request directly to the origin server When Traffic Server is in rev...

Page 47: ...equest should be GET http real janes_books com index html HTTP 1 0 HOST real janes_books com To translate www janes_books com to real janes_books com Traffic Server needs a set of URL rewriting rules mapping rules Mapping rules are described in Using mapping rules on page 36 Generally you use reverse proxy mode to support more than one origin server In this case all of the advertised hostnames res...

Page 48: ...ust be the same if no port is specified in a URL the default port for the scheme of the URL is used The path portion of the target URL must match a prefix of the request URL If Traffic Server finds a match it translates the request URL into the replacement URL listed in the map rule It sets the host and path of the request URL to match the replacement URL If the URL contains path prefixes Traffic ...

Page 49: ...ct Shell Access as described in Overview of Access Methods on page 7 2 Open the remap config file located in the Traffic Server s config directory with Vi 3 Enter the mapping rules Each mapping rule must be on a separate line and must consist of three space delimited fields in the following format type target replacement The following table describes the format for each field Field Description typ...

Page 50: ...ration file manually Both procedures are provided below To set reverse proxy options from Traffic Manager 1 Access Traffic Manager from your browser refer to Accessing Traffic Manager on page 8 2 On the Configure tab click the Routing button 3 Scroll to the Reverse Proxy section of the Routing page 4 Select the Reverse Proxy On button to enable HTTP reverse proxy mode Select the Reverse Proxy Off ...

Page 51: ...want Traffic Server to translate the client host header proxy config url_remap remap_required Set this variable to 1 if you want Traffic Server to serve requests only from the origin servers listed in the mapping rules of the remap config file Set this variable to 0 zero if you want Traffic Server to serve requests from all origin servers proxy config header parse no_host_url_redirect Enter the UR...

Page 52: ...le located in the Traffic Server s config directory with Vi 3 Enter one mapping rule per line in the following format Traffic_Server_ipaddress port ftp_Server_ipaddress port where Traffic_Server_ipaddress is the IP address assigned to Traffic Server and ftp_Server_ipaddress is the IP address assigned to the FTP server to which you want to redirect the FTP requests 4 Save and close the ftp_remap co...

Page 53: ...raffic Server to process FTP requests proxy config ftp reverse_ftp_enabled Set this variable to 1 to enable the FTP reverse proxy option Set this variable to 0 zero to disable the FTP reverse proxy option NOTE If this variable is set to 0 but the proxy config ftp ftp_enabled variable described above is set to 1 Traffic Server will serve FTP requests in forward proxy mode Variable Description proxy...

Page 54: ...istening port when sending a PORT to the FTP server proxy config ftp try_server_ctrl_connect_times Set this variable to specify the maximum number of times Traffic Server can try to connect to the FTP server s control listening port proxy config ftp try_server_data_connect_times Set this variable to specify the maximum number of times Traffic Server can try to connect to the FTP server s data list...

Page 55: ...rol connections among multiple anonymous FTP clients Set this variable to 0 zero to disable sharing of server control connections among multiple anonymous FTP clients proxy config ftp server_ctrl_keep_alive_no_ activity_timeout Set this variable to specify the timeout value when the FTP server control connection is not used by any FTP clients proxy config ftp login_info_fresh_in_cache_time Set thi...

Page 56: ...llowing example permanently redirects all HTTP requests for www hp to www hp2 com redirect http www hp com http www hp2 com 4 Save and close the remap config file 5 Run the following command to apply the configuration changes traffic_line x Field Description type Enter either one of the following redirect redirects HTTP requests permanently without having to contact the origin server redirect_temp...

Page 57: ...s a multicast management protocol to provide a single system image of your Traffic Server cluster Information about cluster membership configuration and exceptions is shared across all nodes and the traffic_manager process automatically propagates configuration changes to all the nodes Full clustering In full clustering mode as well as sharing configuration information a Traffic Server cluster dis...

Page 58: ...ation information to the newcomer This provides a convenient way to bootstrap new machines If you have an existing web cache appliance installed and you want to add that appliance to the cluster you do not have to re install the Traffic Server software on the node Instead you can edit certain configuration variables on the existing Traffic Server Follow the procedure below To add a cache appliance...

Page 59: ... the Traffic Server cluster Variable Description proxy config cluster type Set this variable to 1 for full clustering mode 2 for management only mode Clustering modes are described in Understanding Traffic Server clusters on page 45 proxy config proxy_name Set this variable to the name of Traffic Server cluster All nodes in a cluster must use the same name proxy config cluster mc_group_addr Set th...

Page 60: ...p your user base to use a DNS round robin pointing at virtual IP addresses as opposed to using the real IP addresses of the traffic server machines Because virtual IP addresses are not bound to machines a Traffic Server cluster can steal addresses from inactive traffic server nodes and distribute those addresses among the remaining live nodes Using a proprietary management protocol Traffic Server ...

Page 61: ...g virtual IP addresses from Traffic Manager or by editing a configuration file manually Virtual IP addresses must be reserved like all IP addresses before they can be assigned to Traffic Server To add or edit virtual IP addresses from Traffic Manager 1 Access Traffic Manager from your browser refer to Accessing Traffic Manager on page 8 2 On the Configure tab click the Server button 3 Scroll to th...

Page 62: ...select Shell Access as described in Overview of Access Methods on page 7 2 Open the vaddrs config file located in the Traffic Server s config directory with Vi 3 To delete or modify existing virtual IP addresses delete or edit the line that contains the IP address 4 To add new virtual IP addresses Enter one virtual IP address per line using the following format IP address device sub interface wher...

Page 63: ...che which itself can search other caches before resorting to retrieving the object from the origin server You can configure a Traffic Server node to use one or more HTTP parent caches You use more than one HTTP parent cache so that if one parent is unavailable another parent can service requests This is called parent failover and is described in Chapter Parent failover below Figure 7 1 illustrates...

Page 64: ...ble the HTTP parent caching option described in Chapter Enabling the HTTP parent caching option below Identify the HTTP parent cache s you want to use to service missed requests described in Identifying HTTP parent caches on page 53 Enabling the HTTP parent caching option You can enable the HTTP parent caching option by using Traffic Manager or by editing a configuration file manually Both procedu...

Page 65: ... a parent cache is unavailable requests are sent to another parent cache You can identify parent caches by using Traffic Manager or by setting proxy rules in the parent configuration file parent config To set parent proxy rules refer to parent config on page 179 To identify an HTTP parent cache from Traffic Manager 1 Access Traffic Manager from your browser refer to Accessing Traffic Manager on pa...

Page 66: ... Server can receive ICP messages only or both send and receive ICP messages o Determine if Traffic Server can send messages directly to each ICP peer or send a single message on a specified multicast channel o Specify the port used for ICP messages o Set the ICP query timeout Identify the ICP peers with which Traffic Server can communicate You can set ICP options and identify ICP peers by using Tr...

Page 67: ... The default is 3130 6 Select ICP Multicast enabled On to send ICP messages through multicast if your Traffic Server has a multicast channel connection to its ICP peers 7 In the ICP Query Timeout field enter the timeout for ICP queries The default is 2 seconds 8 Click the Make These Changes button To set ICP options manually 1 Telnet into the HP web cache appliance and select Shell Access as descr...

Page 68: ...the ICP section of the Routing page 4 Click the ICP Peers link The Configure ICP Peers page opens shown below 5 In the Hostname field enter the host name of the ICP peer The host name is required only if you do not specify the IP address in the Host IP field described below 6 In the Host IP field enter the IP address of the ICP peer proxy config icp multicast_enabled Set this variable to 0 to disa...

Page 69: ...e first hop subnet 13 Click the Add button 14 Click the Make These Changes button To identify an ICP peer manually 1 Telnet into the HP web cache appliance and select Shell Access as described in Overview of Access Methods on page 7 2 Open the icp config file located in Traffic Server s config directory with Vi 3 For each ICP peer you want to identify enter a separate line in the configuration fil...

Page 70: ...line x MC_IP Specifies the multicast IP address MC_TTL Specifies one of the following options 1 if you do not want IP multicast datagrams to be forwarded beyond a single subnetwork 2 to allow delivery of IP multicast datagrams to more than one subnet if there are one or more multicast routers attached to the first hop subnet Field Description ...

Page 71: ...ilures on any of the cache disks If the disk fails completely Traffic Server marks the entire disk as corrupt and continues using the remaining disks An alarm is sent to Traffic Manager indicating which disk failed If all of the cache disks fail Traffic Server goes into proxy only mode You can perform the following cache configuration tasks Change the total amount of disk space allocated to the ca...

Page 72: ...st multiple of 128 MB Each partition is striped across several disks to achieve parallel I O For example if there are 4 disks a 1 GB partition will have 256 MB on each disk assuming each disk has enough free space available 5 Save and close the partition config file 6 Restart Traffic Server with the start_traffic_server command Making changes to partition sizes and protocols After you have configu...

Page 73: ...ve separate partitions One HTTP based partition for each origin server one streaming media based partition for each origin server and a generic partition for all other origin servers not listed the partitions do not have to be the same size 2 Telnet into the HP web cache appliance and select Shell Access as described in Overview of Access Methods on page 7 3 Open the hosting config file located in...

Page 74: ... apply the configuration changes traffic_line x 8 Restart the traffic server with the command start_traffic_server Clearing the cache When you clear the cache you remove all data from the entire cache You should clear the cache before performing certain cache configuration tasks such as partitioning To clear the cache 1 Stop the Traffic Server using the command stop_traffic_server 2 Enter the foll...

Page 75: ...ethod of viewing Traffic Server performance and network traffic information The statistics are the same as those you see from Traffic Manager Refer to Viewing Statistics from Traffic Line on page 68 The MRTG Multi Router Traffic Grapher tool provides a variety of graphs that show Traffic Server performance and network traffic information Refer to Using MRTG on page 70 SNMP Simple Network Managemen...

Page 76: ...ver system displaying all cluster nodes by name and tracking essential statistics for each node If you want to display detailed information about a particular node you can click the node s name on the Dashboard and then click on one of the other buttons on the Monitor tab NOTE Use the SSL https command to reach Traffic Manager only if you have restricted access to Traffic Manager via SSL connectio...

Page 77: ...nformation such as the document hit rate the bandwidth savings and what percentage of the cache is currently free The number of client and server connections currently open and the number of transfers currently in progress Network information such as the client throughput in Mbits per second and the number of transactions being processed per second Name resolution information such as the host data...

Page 78: ...rsion 1 0 or 2 0 statistics that include information about the routers being used the number of active nodes the leader s IP address and whether WCCP is currently enabled on the Traffic Server node The Cache button Click the Cache button to view the following statistics about the Traffic Server s cache The amount of space in the cache currently being used and the maximum cache size in GB The total...

Page 79: ...on the Dashboard in Traffic Manager Click the red alarm button to view alarm messages Figure 9 2 shows the red alarm button on the Dashboard Figure 9 2 Alarms on the Dashboard Resolving alarms After you have read an alarm message you can click the Resolve button in the alarm message window to tell Traffic Server that you have been informed of the problem and to dismiss the alarm Traffic Server ala...

Page 80: ...istics related to the cache A single statistic about a node or a cluster for example the number of objects served from the cache In addition to viewing statistics you can also configure a Traffic Server from Traffic Line and use batch mode commands to stop and restart a Traffic Server system Refer to Configuring Traffic Server using Traffic Line on page 76 and Appendix C Traffic Line Commands View...

Page 81: ... session enter exit at the prompt and press Return Retrieving individual statistics You can view specific information about a Traffic Server node or cluster by specifying the variable that corresponds to the statistic you want to see Using this method you see only the information you want to obtain instead of seeing a group of related statistics To retrieve a single statistic 1 Telnet into the HP ...

Page 82: ...nager on page 8 2 If your Traffic Server node is in a cluster choose the Traffic Server node whose statistics you want to view from the Dashboard on the Monitor tab 3 On the Monitor tab click the MRTG button The MRTG index page opens The figure below shows the MRTG Index page Navigating MRTG The MRTG index page shows a subset of the graphs available for display Click on a graph to see daily weekly...

Page 83: ...fic hosts Enabling SNMP Traffic Server s SNMP agent must be enabled so that SNMP managers can access the MIBs and gather information You can enable the SNMP agent by using Traffic Manager or by editing a configuration file manually Both procedures are provided below To enable the SNMP agent from Traffic Manager 1 Access Traffic Manager from your browser refer to Accessing Traffic Manager on page 8...

Page 84: ... config file 5 Run the following command to apply the configuration changes traffic_line x Configuring SNMP trap destinations To configure SNMP trap destinations edit the snmpd cnf file located in Traffic Server s config directory Refer to snmpd cnf on page 214 ...

Page 85: ...pe one of the following locations in your browser Standard http nodename adminport SSL https nodename adminport where nodename is the name of the web cache appliance and adminport is the number assigned to Traffic Manager port which is port 8081 by default Traffic Manager starts by default in Monitor mode 3 Click the Configure tab to display the Configure mode buttons shown below 10 Configuring Tr...

Page 86: ...Traffic Manager port and edit the refresh rate for the statistics displayed in Monitor mode Configure the use of virtual IP addresses Auto configure browsers to connect to Traffic Server as a proxy server Restrict the number of network connections Traffic Server will accept this is called throttling Configure the way Traffic Server handles overload conditions in transparency mode load shedding Ena...

Page 87: ...sk partitions allotted to cache storage and their sizes Configure HTTP and FTP object freshness options Configure variable content options The Security button Click the Security button to view or change Traffic Server s security options You can Configure access to Traffic Manager by setting an administrator ID and password and creating administrator accounts Configure Traffic Server integration in...

Page 88: ...g web content filtering user authentication and data transformation The Content button Click the Content button to view or change the list of objects that Traffic Server is scheduled to update automatically in the local cache You can instruct Traffic Server to explicitly preload objects in to the cache thereby increasing Traffic Server performance Configuring Traffic Server using Traffic Line You ...

Page 89: ... prompt enter the number that corresponds to the type of configuration you want to change then press Return For example to change protocol configuration enter 2 at the prompt Each command displays a sub level of commands that group specific configuration variables together For example the Protocols command 2 displays the following sub level of commands display http ftp and nntp 3 To view a group o...

Page 90: ...vity timeout option to 200 seconds enter the following command at the prompt and press Return traffic_line s proxy config ftp control_connection_timeout v 200 Configuring Traffic Server using configuration files As an alternative to using Traffic Manager or Traffic Line you can change Traffic Server configuration options by manually editing specific variables in the records config file The records...

Page 91: ... file In addition to the records config file Traffic Server provides other configuration files that are used to configure specific features All the configuration files are described in Appendix D Configuration Files The variable value that you can edit The variable type an integer INT a string or a floating point FLOAT The variable name ...

Page 92: ... the Traffic Server machine ARM security on page 81 Control and secure access to Traffic Manager using o Administrator accounts refer to Setting the administrator ID and password on page 83 and Creating a list of administrator accounts on page 85 o An access control list that defines which hosts are allowed to access Traffic Manager refer to Controlling host access to Traffic Manager on page 86 o ...

Page 93: ...guration changes Controlling host access to the Traffic Server machine ARM security For security reasons you might want to restrict the type of communication possible with machines running Traffic Server Using Traffic Server s ARM security option you can create an access control list that is used to either allow or deny other hosts from communicating with the Traffic Server machine on specific por...

Page 94: ... may also want to open the NFS and DNS ports if required The following example rules specify that ports 119 23 and 554 are to remain open for TCP communication and that hosts 1 1 1 1 through 1 1 1 7 are allowed access to destination port 80 However the host 11 11 11 11 is denied access to destination port 80 open tcp ports 119 23 554 allow tcp dport 80 src 1 1 1 1 1 1 1 7 deny tcp dport 80 11 11 1...

Page 95: ...g a list of administrator accounts on page 85 Create an access control list of IP addresses that defines which machines can access Traffic Manager See Controlling host access to Traffic Manager on page 86 Use SSL for secure administration see Using SSL for secure administration on page 87 Setting the administrator ID and password During the initial web cache appliance configuration an Administrato...

Page 96: ...new password in the boxes provided If you have forgotten the current administrator password refer to If you forget the administrator password below 6 Click the Make These Changes button to apply the configuration changes If you forget the administrator password If you forget the administrator password and cannot access Traffic Manager you can clear the current password in the records config file s...

Page 97: ... Creating a list of administrator accounts If a single administrator ID and password for Traffic Manager is not sufficient security for your needs you can create a list of administrator accounts that define who has access to Traffic Manager and which activities they can perform You can use administrator accounts in addition to using the administrator ID and password To create a list of administrat...

Page 98: ...ks user names and passwords only if this option is enabled 13 Click the Make These Changes button Controlling host access to Traffic Manager In addition to using an administrator ID and accounts you can control which hosts have access to Traffic Manager To control which hosts can access Traffic Manager 1 Telnet into the HP web cache appliance and select Shell Access as described in Overview of Acc...

Page 99: ...of the certificate Enabling SSL After you have obtained an SSL certificate you can enable SSL by using Traffic Manager or by editing a configuration file manually Both procedures are provided below To enable SSL from Traffic Manager 1 Access Traffic Manager from your browser refer to Accessing Traffic Manager on page 8 2 On the Configure tab click the Security button The Security page opens displa...

Page 100: ...o access Traffic Manager from your browser using SSL use the https command as shown below https nodename adminport where nodename is the hostname of the Traffic Server node and adminport is the port number assigned to Traffic Manager port the default port number is 8081 ...

Page 101: ...r then relays the data to the origin server The origin server then sends the content back to Traffic Server through the SOCKS server Traffic Server caches the content and sends it to the client Setting SOCKS configuration options To configure your Traffic Server to use a SOCKS firewall you must Enable the SOCKS option Specify the IP address of your SOCKS server and the communication port As an opt...

Page 102: ...8 Click the SOCKS List link to specify the IP address of any origin server that you want to access directly without going through the SOCKS server 9 On the Socks List page click the Add Entry button to open the Add Entry dialog box shown below Currently the only selection in the Directive drop down list box is no_socks This specifies that Traffic Server will access the origin server or group of se...

Page 103: ...nal network while allowing DNS servers outside of the firewall to resolve hosts on the internet This maintains the security of your intranet while continuing to provide direct access to sites outside your organization You specify the rules for performing DNS server selection also called split DNS in the splitdns config file Traffic Server enables you to specify this selection based on the destinat...

Page 104: ...ocated in Traffic Server s config directory with Vi 3 Edit the following variables 4 Save and close the records config file 5 Restart Traffic Server with the command start_traffic_server Configuring LDAP Authentication Bypass You can enable Traffic Server clients to access specific sites on the Internet without being authenticated by the LDAP server To enable clients to access specific sites witho...

Page 105: ... termination option To enable and configure SSL termination for client Traffic Server connections follow the procedures in Client and Traffic Server connections below To enable and configure SSL termination for Traffic Server origin server connections refer to Traffic Server and origin server connections on page 96 To enable and configure SSL termination for both client Traffic Server and Traffic ...

Page 106: ...nd other Traffic Server options that have been set for example rules in the ip_allow config file and LDAP based proxy authentication o Specify the file name and location of the Traffic Server s private key if the private key is not located in the server certificate file Traffic Server uses its private key during the SSL handshake to decrypt the session encryption keys The private key must be store...

Page 107: ...required The client must be authenticated during the SSL handshake Clients without a certificate are not allowed to access Traffic Server proxy config ssl server cert filename Set this variable to specify the file name of Traffic Server s SSL server certificate Traffic Server provides a demo server certificate called server pem You can use this certificate to verify that the SSL feature is working...

Page 108: ...lient certificate file Traffic Server uses its private key during the SSL handshake to decrypt the session encryption keys The private key must be stored and protected against theft o Configure the use of CAs You must use a CA if you choose not to use a client certificate otherwise security on your system may be compromised CAs allows the Traffic Server that is acting as a client to verify the ide...

Page 109: ...nstalled an SSL client certificate on Traffic Server set this variable to specify the file name of client certificate proxy config ssl client cert path If you have installed an SSL client certificate on Traffic Server set this variable to specify the location of the client certificate The default directory is Traffic Server s config directory proxy config ssl client private_key filename Set this v...

Page 110: ...d page on page 120 for details All system information messages are logged with the system wide logging facility message under the daemon facility The syslog conf configuration file stored in the etc directory specifies where these messages are logged A typical location is var log messages Since the messages process works on a system wide basis it serves as the single repository for messages from a...

Page 111: ...eparate log files for different protocols based on the host See Splitting event log files on page 112 Collate log files from different Traffic Server nodes You can designate one or more nodes on the network to serve as log collation servers These servers which may either be stand alone or part of Traffic Server enable you to keep all logged information in well defined locations See Collating event...

Page 112: ...ompress the logs and move them to an archive location or simply delete them Setting log file management options You can set log management options by using Traffic Manager or by editing a configuration file manually Both procedures are provided below To set log management options from Traffic Manager 1 Access Traffic Manager from your browser refer to Accessing Traffic Manager on page 8 2 On the C...

Page 113: ... optimizations in collecting and formatting the data since it knows what data will be needed and in what format It is faster to use the standard log file formats instead of the custom log file formats In addition the Squid format is faster to process than the Netscape formats By default Traffic Server is configured to use the Squid log file format only Setting standard log file format options You ...

Page 114: ...ile format manually 1 Telnet into the HP web cache appliance and select Shell Access as described in Overview of Access Methods on page 7 2 Open the records config file located in the Traffic Server s config directory with Vi 3 To use the Squid format edit the following variables Variable Description proxy config log2 squid_log_enabled Set this variable to 1 to enable the Squid log file format pro...

Page 115: ...e to 0 to enable binary mode proxy config log2 common_log_name Enter the name you want to use for Netscape Common event log files The default is common proxy config log2 common_log_header Enter the header text you want to display at the top of the Netscape Common log files Variable Description proxy config log2 extended_log_enabled Set this variable to 1 to enable the Netscape Extended log file fo...

Page 116: ...net into the HP web cache appliance and select Shell Access as described in Overview of Access Methods on page 7 8 Open the logs config file with Vi 9 To add a traditional custom log specification enter a line in the logs config file with the following format format enable_flag format_id format_name string file_name type header Specify values for the fields NOTE Each line in the logs config file p...

Page 117: ...es three types of objects to create custom log files The LogFormat object defines the content of the log file using printf style format strings The LogFilter object defines a filter so that you include or exclude certain information from the log file The LogObject object specifies all the information needed to produce a log file For example o The name of the log file required o The format to be us...

Page 118: ...y default this is logs_xml config located in the config directory 11 Save and close the records config file 12 Open the logs_xml config file with Vi 13 Add LogFormat LogFilter and LogObject specifications to the configuration file For detailed information about the logs_xml config file and associated object specifications see logs_xml config on page 171 14 Save and close the logs_xml config file 1...

Page 119: ...as follows LogFormat Name summary Format operator field operator field Interval n Format where operator is one of the five aggregate operators COUNT SUM AVERAGE FIRST LAST You can specify more than one operator in the format line field is the logging field that you want to aggregate n is the interval in seconds between summary log entries For more information see logs_xml config on page 171 For ex...

Page 120: ...ect Binary or ASCII in the Standard Event Log Formats section of the Logging page refer to Setting standard log file format options on page 101 For custom log formats refer to Using traditional custom formats on page 104 Before selecting ASCII versus binary for your log files consider the type of data that will be logged Try logging for one day using ASCII and then one day using binary Assuming th...

Page 121: ...and run log analysis programs You should roll log files several times a day Rolling every 6 hours is a good guideline to follow Rolled log file name format Traffic Server provides a consistent name format for rolled log files that allows you to easily identify log files When Traffic Server rolls a log file it saves and closes the old file and starts a new file The old file is renamed to include Th...

Page 122: ... a log file are always between the two time stamps Log files do not contain overlapping entries even if successive time stamps appear to overlap Rolling intervals Log files are rolled at specific intervals relative to a given hour of the day Two options control when log files are rolled The rolling interval The offset hour which is an hour between 0 midnight and 23 For example if the rolling inter...

Page 123: ... headroom specified in the Log Management section of the Logging page 8 Click the Make These Changes button To set log file rolling options manually 1 Telnet into the HP web cache appliance and select Shell Access as described in Overview of Access Methods on page 7 2 Open the records config file located in the Traffic Server s config directory with Vi 3 Edit the following variables 4 Save and clo...

Page 124: ...Traffic Server records all ICP transactions in the same log file as HTTP and FTP transactions HTTP host log splitting HTTP host log splitting enables you to record HTTP FTP transactions for different origin servers in separate log files When HTTP host log splitting is enabled Traffic Server creates a separate log file for each origin server listed in the log_hosts config file When NNTP ICP and hos...

Page 125: ...tting On button to record all NNTP transactions in a separate log file Click the NNTP Log Splitting Off button to record all NNTP transactions in the same log file as HTTP FTP transactions 5 Click the ICP Log Splitting On button to record all ICP transactions in a separate log file Click the ICP Log Splitting Off button to record all ICP transactions in the same log file as HTTP FTP transactions 6...

Page 126: ...lose the log_hosts config file 5 Run the command traffic_line x to apply the configuration changes records config Variable Description proxy config log2 separate_icp_logs Set this variable to 1 to record all ICP transactions in a separate log file Set this variable to 0 to record all ICP transactions in the same log file as HTTP FTP transactions proxy config log2 separate_nntp_logs Set this variab...

Page 127: ...erver When the log collation server receives a log buffer from a client it writes it to its own log file as if it were generated locally See Figure 12 1 Figure 12 1 Log collation If log clients cannot contact their log collation server they write their log buffers to their local disks into orphan log files Orphan log files require manual collation See Figure 12 2 Figure 12 2 Orphan log files hold ...

Page 128: ...ssing Traffic Manager on page 8 2 On the Configure tab click the Logging button 3 Scroll to the Log Collation section of the Logging page shown below 4 Click the Be a collation host button 5 In the Log Collation port field enter the port number that all nodes in a cluster must use to exchange event log entries The default port number is 8085 6 In the Log Collation secret field enter the password u...

Page 129: ...log entries The default port number is 8085 7 In the Log Collation secret field enter the password used to validate logging data and prevent the exchange of arbitrary information This must be the same secret you set on the collation server 8 In the Log collation host tagged field select Yes if you want to preserve the origin of log entries in the collated log files 9 In the Log space limit for orp...

Page 130: ... config file from a Traffic Server installation to a directory on the stand alone collator records config Variable Description proxy config log2 collation_host Specify the collation server s hostname proxy config log2 collation_host_tagged Set this variable to 1 if you want the hostname of the collation client that generated the log entry to be included in each entry Set this variable to 0 if you ...

Page 131: ... line logclean m filename This command collates records from the orphan file into your central log files 3 Delete orphan log files from your local disks Viewing logging statistics Traffic Server generates the following statistics about the logging system that help you see How many log files formats are currently being written The current amount of space being used by the logging directory which co...

Page 132: ... cluster problem Objects Served The total number of objects served by the node Transactions per second The number of transactions per second processed by the node More Detail Cache Hit Rate The percentage of HTTP requests served from the cache averaged over the past 10 seconds This value is refreshed every 10 seconds Cache Hit Rate Fresh The percentage of HTTP requests for fresh objects in the cac...

Page 133: ... a cluster display at the bottom of the More Detail page Statistic Description Cache Document Hit Rate The ratio of cache hits to total cache requests averaged over 10 seconds This value is refreshed every 10 seconds Bandwidth Savings The ratio of bytes served from the cache to total requested bytes averaged over 10 seconds This value is refreshed every 10 seconds Cache Percent Free The ratio of c...

Page 134: ...client aborted transactions and their average transaction times Questionable Client Aborts The percentage of transactions that could possibly be client aborted and their average transaction times Partial Request Hangups The percentage of early hangups after partial requests and their average transaction times Pre Request Hangups The percentage of pre request hangups and their average transaction t...

Page 135: ...on demand as opposed to an overview pull Group Hits The number of group hits since installation Group Refreshes The number of group refreshes since installation Posts The number of article posts since installation Post Bytes The amount of news data posted since installation Pull Bytes The amount of article and overview data pulled since installation Feed Bytes The amount of NNTP data received thro...

Page 136: ...rtbeats received from the router WCCP 1 0 Protocol Statistics Enabled Indicates if WCCP is enabled on this node Leader s IP address The IP address of the leader node Number of active nodes The number of active nodes in the WCCP cache farm WCCP 2 0 Configuration Information Security Enabled Indicates if WCCP security is enabled Multicast Enabled Indicates if multicast mode is enabled Multicast Addr...

Page 137: ...d 1 is used for NNTP Leader s IP The IP address of the leader node in the WCCP cache farm Number of Caches The number of nodes in the WCCP cache farm Number of Routers The number of WCCP routers sending traffic to the Traffic Server Router 0 IP address Router 1 IP address The IP address of the router sending traffic to the Traffic Server If there is more than one router sending traffic the IP addr...

Page 138: ...ic Server revalidates a document finds it to be deleted on the origin server and deletes it from the cache includes NNTP HTTP and FTP removes Successes The number of successful cache removes completed since installation includes NNTP HTTP and FTP removes Failures The number of cache remove failures since installation includes NNTP HTTP and FTP removes Statistic Description Host DataBase Total Look...

Page 139: ... SOCKS server since installation Connections in progress The number of SOCKS connections in progress Logging Currently Open Log Files The number of event log files formats that are currently being written Space Used For Log Files The current amount of space being used by the logging directory which contains all of the event and error logs Number of Access Events Logged The current number of access...

Page 140: ...lly the traffic_server process should remain on However you must turn the Traffic Server off before performing certain maintenance tasks Traffic Server Name Displays the hostname of your Traffic Server or the hostnames of all the nodes in a cluster Traffic Server Port Specifies the port number by which all browsers can connect to the proxy process that runs on the Traffic Server system The port mu...

Page 141: ...rate in Monitor mode Select a refresh rate for the statistics displayed on Traffic Manager s Monitor tab Virtual IP Addressing Virtual IP on off Set virtual IP addressing on or off CAUTION If virtual IP addressing is disabled Traffic Server nodes cannot cover each other s failures Edit virtual IP addresses Click this link to edit your list of virtual IP addresses first assigned when you installed ...

Page 142: ... mibs directory The Traffic Server MIB contains both node specific and cluster wide information You should configure your system so that only certain hosts can access these MIBs Configure access control and SNMP trap destinations in the snmpd cnf file in Traffic Server s config directory See snmpd cnf on page 214 Customizable Response Pages Traffic Server should suppress generated response pages I...

Page 143: ...ut period you specify If the client does not make another request before the timeout expires the Traffic Server closes the connection If the client does make another request the timeout period starts over NOTE The client can close the connection at any time Keep Alive Timeout Outbound Specifies how long the Traffic Server should keep connections to origin servers open for a subsequent transfer of ...

Page 144: ...move Client ip Select Remove Client ip to remove client IP addresses from headers for more privacy NNTP NNTP Server on off Enables the Traffic Server to cache and serve news articles NOTE After turning NNTP on or off you must restart the Traffic Server cluster to effect the change NNTP Server Port Specifies the port that the Traffic Server uses for serving NNTP requests The default port is 119 NOT...

Page 145: ...all non feed news groups the Traffic Server actively polls parent NNTP servers for cancelled articles See the Check for Cancelled Articles option below NNTP option Obey Newgroups Control Messages Configures Traffic Server to obey newgroup control messages NOTE Traffic Server actively polls parent NNTP servers for new groups see the Check for New Groups option below NNTP option Obey Rmgroups Contro...

Page 146: ...ed HTTPS Restrict SSL connections to ports Configures Traffic server to restrict SSL connections to certain ports thereby containing attacks to designated ports FTP FTP connection mode An FTP transfer requires two connections a control connection to inform the FTP server of a request for data and a data connection to send the data The Traffic Server always initiates the control connection FTP mode...

Page 147: ...ch request In particular some URLs can have large numbers of alternates due to cookies If Traffic Server is set to vary on cookies you might encounter this problem View cache storage configuration Click this link to see a list of the files or hard disk partitions allotted to cache storage and their sizes NOTE Raw partitions may not have an associated size Freshness Verify freshness by checking Con...

Page 148: ...ain a question mark a semi colon cgi or end in asp Enable Alternates Configures Traffic Server to cache alternate versions of HTTP documents Vary on these HTTP header fields Using document header information Traffic Server can compare cached document specifications against requested specifications to determine if the correct alternate version of the document is in the cache For example a document ...

Page 149: ... config file and then enter a new password in this field Setting the password variable to NULL in the configuration file means that a password is not needed to access Traffic Manager You cannot set passwords in the records config file because the password variables can only contain password encryptions or NULL Additional Users Click this link to create a list of administrator accounts that defines...

Page 150: ... Traffic Server at a parent network cache either another Traffic Server or a different caching product to form a cache hierarchy where a child cache relies upon a parent cache in fulfilling client requests Parent Cache Specifies the identify a parent cache and parent cache port using the following format parent_name port_number The port must be dedicated If the Traffic Server cannot find a request...

Page 151: ...rules Redirect requests without Host header to URL Specifies an alternate URL to which to direct incoming requests from older clients that do not provide a Host header The best solution is to set this option to a page that explains the situation to the user and advises a browser upgrade or provides a link directly to the origin server bypassing the Traffic Server Alternatively you can specify a ma...

Page 152: ...lve hostnames whenever clients reload pages DNS Configuration Resolve attempt timeout Specifies how long the Traffic Server must wait for the DNS server to respond with an IP address even if the client request has been cancelled NOTE If the client abandons the request before this timeout expires the Traffic Server can still obtain the host s IP address in order to cache it The next time a client m...

Page 153: ...Server to be a log collation client Selecting this option instructs Traffic Server to send traditional custom formats to the specified host You must enter the name of this collation server for your cluster in the to collation host field Traditional custom formats are specified using the logs config file For more information see Using custom formats on page 103 Send standard and custom non xml form...

Page 154: ...ng the Traditional option instructs Traffic Server to look to the logs config file in the config directory for custom log formats For more information see Using custom formats on page 103 Selecting XML instructs Traffic Server to look to the logs_xml config file for highly configurable custom log formats For more information see Using custom formats on page 103 Log File Rolling Rolling enabled On ...

Page 155: ...pshot button The name cannot contain a forward slash NOTE It is a good idea to take a snapshot before performing system maintenance or attempting to tune system performance Taking a snapshot only takes a few seconds and it can save you hours of correcting configuration mistakes Restore Snapshot Restores a previously created snapshot so that you can return to a set of configuration values you saved...

Page 156: ...tly you must manually stop and restart the Traffic Server process The Add Entry page contains the following options URL HTTP and FTP based URLs The system validates the syntax of the URL but does not confirm its existence Request Headers Optional A semicolon separated list of headers passed in each GET request You can define any request header that conforms to the HTTP specification The default is...

Page 157: ...or Traffic Line and Traffic Manager communication The default path is install_dir config cli traffic_line r variable Displays specific performance statistics or a current configuration setting For a list of the variables you can specify refer to Traffic Line variables on page 147 traffic_line s variable v value Sets configuration variables variable is the configuration variable you want to change ...

Page 158: ...ic Server performance and network traffic statistics Refer to Chapter 9 Monitoring Traffic 2 configure Displays the Configure mode commands so that you can configure the Traffic Server system Refer to Chapter 10 Configuring Traffic Server 3 reread Re reads the configuration files NOTE Some configuration changes require that you initiate a configuration re read for the changes to take effect 4 shut...

Page 159: ...e Objects Served proxy node user_agents_total_documents_served Transactions per second proxy node user_agent__exacts_per_second Node Cache Document Hit Rate proxy node cache_hit_ratio_avg_10s proxy cluster cache_hit_ratio_avg_10s Bandwidth Savings proxy node bandwidth_hit_ratio_avg_10s proxy cluster bandwidth_hit_ratio_avg_10s Cache percent free proxy node cache percent_free proxy cluster cache pe...

Page 160: ...ul_pasv Unsuccessful PASV Connections proxy process ftp connections_failed_pasv Successful PORT Connections proxy process ftp connections_successful_port Unsuccessful PORT Connections proxy process ftp connections_failed_port ICP Queries originating from this node Query requests proxy process icp icp_query_requests Query messages sent proxy process icp total_udp_send_queries Peer hit messages rece...

Page 161: ...y process nntp pull_bytes Feed Bytes proxy process nntp feed_bytes WCCP Router statistics Router s IP address proxy node wccp router_ip Router status proxy node wccp router_status WCCP Node statistics Node IP address proxy node wccp my ip Percentage of traffic received proxy node wccp my_share Number of heartbeats proxy node wccp hbeats_received WCCP Protocol statistics Enabled proxy node wccp ena...

Page 162: ...rocess dns lookup_successes Cluster Bytes Read proxy process cluster read_bytes Bytes Written proxy process cluster write_bytes Connections Open proxy process cluster connections_open Total Operations proxy process cluster connections_opened Network Backups proxy process cluster net_backup Clustering Nodes proxy process cluster nodes SOCKS Connections Unsuccessful proxy process socks connections_u...

Page 163: ... Monitor mode proxy config admin ui_refresh_rate Virtual IP Addressing Virtual IP proxy config vmap enabled 1 Enable 0 Disable Auto Configuration Auto configuration Port proxy config admin autoconf_port Throttling of Network Connections Maximum Number of Connections proxy config net connections_throttle SNMP SNMP Master Agent proxy config snmp master_agent_enabled 1 Enable 0 Disable Customizable R...

Page 164: ...proxy config http anonymize_remove_referer proxy config http anonymize_remove_user_agent proxy config http anonymize_remove_cookie 1 Yes 0 No Comma separated list of headers to remove proxy config http anonymize_other_header_list Insert Client IP headers proxy config http anonymize_insert_client_ip 1 Yes 0 No Remove Client IP headers proxy config http anonymize_remove_client_ip 1 Yes 0 No HTTPS Re...

Page 165: ...l_cancel Obey NewGroups Control Messages proxy config nntp obey_control_newgroup Obey RmGroups Control Messages proxy config nntp obey_control_rmgroup Inactivity Timeout secs proxy config nntp inactivity_timeout Check for New Groups Every secs proxy config nntp check_newgroups_every Check for Cancelled Articles Every secs proxy config nntp check_cancels_every Check Parent NNTP Server Every secs pr...

Page 166: ... when the object has expired or has no expiration date 2 always 3 never Minimum information needed to cache document proxy config http cache required_headers 0 nothing 1 a last modified time 2 an explicit lifetime minimum life time secs proxy config http cache heuristic_min_lifetime maximum life time secs proxy config http cache heuristic_max_lifetime FTP cached objects expire after secs proxy con...

Page 167: ...cks socks_server_port SOCKS timeout seconds proxy config socks socks_timeout Logging Event Logging Event Logging proxy config log2 logging_enabled 0 no logging at all 1 log errors only 2 full logging Log Management Log directory proxy config log2 logfile_dir Log space limit MB proxy config log2 max_space_mb_for_logs Log space Headroom MB proxy config log2 max_space_mb_headroom Log Collation Log co...

Page 168: ...binary Netscape Extended Log file name proxy config log2 extended_log_name Netscape Extended Log file header proxy config log2 extended_log_header Netscape Extended2 Format Netscape Extended2 Enabled proxy config log2 extended2_log_enabled 1 Enable 0 Disable Netscape Extended2 Log file type proxy config log2 extended2_log_is_ascii 1 ASCII 0 binary Netscape Extended2 Log file name proxy config log2...

Page 169: ... icp icp_port ICP multicast enabled proxy config icp multicast_enabled 1 Enable 0 Disable ICP Query Timeout proxy config icp query_timeout Reverse Proxy Server Acceleration proxy config reverse_proxy enabled 1 Enable 0 Disable Require Document Route Rewriting proxy config url_remap remap_required 1 Yes 0 No URL to redirect requests without Host header proxy config url_remap pristine_host_hdr HostD...

Page 170: ...158 Appendix C Traffic Line Commands DNS Configuration Resolve attempt timeout secs proxy config dns lookup_timeout Number of retries proxy config dns retries Configuration Option Variable ...

Page 171: ...nfig on page 169 log_hosts config on page 171 logs_xml config on page 171 mgmt_allow config on page 176 nntp_access config on page 176 nntp_servers config on page 177 parent config on page 179 partition config on page 181 records config on page 182 remap config on page 212 snmpd cnf on page 214 socks config on page 216 splitdns config on page 217 storage config on page 218 update config on page 21...

Page 172: ... TCP and UDP Define the hosts that are to be allowed access to specific destination ports for either TCP or UDP Format Each line in the arm_security config file uses one of the following formats open tcp udp ports o_ports deny tcp udp dport d_ports src src_IPaddresses allow tcp udp src src_IPaddresses dst dst_IPaddresses dport d_ports sport s_ports The following table describes each field Example ...

Page 173: ... Server to generate destination or source destination bypass rules in the following instances If there is a non HTTP request on port 80 If an HTTP request returns the following errors o 400 Bad Request error o 401 Unauthorized error o 403 Forbidden error o 405 Method not allowed error o 406 Not Acceptable access error o 408 Request timeout error o 500 Internal server error Rule Description Source ...

Page 174: ...ddress can be a simple IP address such as 1 1 1 1 in CIDR Classless Inter Domain Routing format such as 1 1 1 0 24 a range separated by a dash such as 1 1 1 1 2 2 2 2 any combination of the above separated by commas such as 1 1 1 0 24 25 25 25 25 123 1 23 1 123 1 23 123 destination IP bypass bypass dst IPaddress Where IPaddress has the same format as src IPaddress source destination IP bypass bypa...

Page 175: ...Allowed dest_domain Requested domain name dest_host Requested hostname dest_ip Requested IP address url_regex Regular expression to be found in a URL Secondary Specifier Allowed Value time A time range such as 08 00 14 00 src_ip The IP address of the client prefix A prefix in the path part of a URL suffix A file suffix in the URL port A requested URL port method A request URL method one of the fol...

Page 176: ...the requested document When a request is denied the client receives an access denied message Format Each line in the filter config file contains a filtering rule Traffic Server recognizes three space delimited tags primary destination value secondary specifier value action value The following table lists the possible primary destinations and their allowed values The secondary specifiers are option...

Page 177: ...ecifiers Allowed Value time A time range such as 08 00 14 00 src_ip The IP address of the client prefix A prefix in the path part of a URL suffix A file suffix in the URL port A requested URL port method A request URL method one of the following get post put trace scheme A request URL protocol one of the following HTTP FTP Action Value action allow deny PUSH If the PUSH option is enabled the PUSH ...

Page 178: ...er s IP address of 111 111 11 1 are directed to the FTP server s IP address 11 11 11 1 when a request is a cache miss or is stale 111 111 11 1 7999 11 11 11 1 21 hosting config The hosting config file lets you assign cache partitions to specific origin servers and or domains so that you can manage your cache space more efficiently and restrict disk usage For step by step instructions on partitioni...

Page 179: ...oes not belong to any of the origin servers or domains listed If all partitions for a particular origin server become corrupt Traffic Server will also use the generic partition to store content for that origin server The generic partition must have the following format hostname partition list_of_partition_numbers where list_of_partition_numbers is a comma separated list of generic partitions Examp...

Page 180: ...he hostname of the ICP peer The name localhost is reserved for the Traffic Server host _IP The IP address of the ICP peer cache _type Use the following options 1 to indicate an ICP parent cache 2 to indicate an ICP sibling cache Option 3 is reserved for the local host the Traffic Server itself proxy _port The port number of the TCP port used by the ICP peer for proxy communication icp_port The por...

Page 181: ...he available server directives Example The following line exempts URLs to the domain xyz com from having to authenticate using the LDAP server dest_domain xyz com server auth_bypass logs config The logs config file establishes and formats custom transaction log files For Traffic Server to create the custom log files you define you must enable the custom logging option by setting the proxy config l...

Page 182: ...oxy response header psh format enabled 1 test User Agent cqh Retry After psh test ASCII none IMPORTANT After you modify the logs config file Traffic Manager has to reread the configuration files Run the traffic_line x command If you are running a cluster you need only run the command for one node the changes will propagate Field Allowed Inputs format All lines must begin with the word format activ...

Page 183: ...file configure Traffic Server to create a separate log files containing all HTTP FTP transactions for the origin servers webserver1 webserver2 and webserver3 if the HTTP host log splitting option is enabled webserver1 webserver2 webserver3 For information about enabling the HTTP host log splitting option refer to HTTP host log splitting on page 112 logs_xml config This is the configuration file fo...

Page 184: ...name filters and potentially multiple collation servers LogFormat LogFormat specifications can consist of the following tags NOTE The logs_xml config file ignores extra white space blank lines and all comments Field Allowed Inputs Name valid_format_name Required Valid format names include any name except squid common extended or extended2 which are pre defined formats There is no default for this ...

Page 185: ...of the field CASE_INSENSITIVE_CONTAIN is a case insensitive version of CONTAIN valid_comparison_value Any string or integer matching the field type For integer values all of the operators are equivalent and mean that the field must be equal to the specified value NOTE There are no negative comparison operators If you want to specify a negative condition use the Action field to REJECT the record Fi...

Page 186: ...hat you can see the pipe right after Traffic Server starts However pipes on a collation server are created when Traffic Server starts CollationHosts list_of_valid_hostnames A comma separated list of collation servers to which all log entries for this object are forwarded Collation servers can be specified by name or IP address Specify the collation port with a colon after the name for example host...

Page 187: ...ect specification that includes only HTTP requests served by hosts in the domain company com or by the specific server server somewhere com Log entries are sent to port 4000 of the collation host logs company com and to port 5000 of the collation host 209 131 52 129 LogObject Format minimal Filename minimal ServerHosts company com server somewhere com Protocols http CollationHosts logs company com...

Page 188: ...action ip_allow The following line allows a range of IP addresses to access Traffic Manager src_ip 123 12 3 000 123 12 3 123 action ip_allow nntp_access config The nntp_access config file controls user access to news articles cached by the Traffic Server Each line in the nntp_access config file describes the access privileges for a particular group of clients Format Each line begins with a specifi...

Page 189: ...ews articles receiving news feeds The network interface the Traffic Server uses to contact the parent NNTP server Format Each line in the nntp_servers config file must have the following format hostname group wildmat priority interface The hostname and group wildmat tags are required priority and interface are optional The following table describes allowed values If access is authenticator is user...

Page 190: ...or changes in the group list feed The Traffic Server will receive news feeds for the specified groups as the parent NNTP server receives news feeds The Traffic Server will not cache articles on demand since it will simply have them CAUTION If Traffic Server is clustered make sure that your news server sends feeds to one of the nodes in the cluster to avoid possible article numbering conflicts NOTE...

Page 191: ...ne The Traffic Server needs to be aware of the news server and its groups before it can pull overviews from a specific group See the examples following this table dynamic The Traffic Server automatically decides based on usage patterns whether a group should be pull pullover or demand retrieval based Enter a positive integer The Traffic Server retrieves articles on demand from the specified server...

Page 192: ...llowed values IMPORTANT After you modify the parent config file Traffic Manager has to reread the configuration files Run the traffic_line x command If you are running a cluster you need only run the command for one node the changes will propagate Primary Destination Allowed Value dest_domain Requested domain name dest_host Requested hostname dest_ip Requested IP address url_regex Regular expressi...

Page 193: ...s entered at the bottom of the parent config file dest_domain parent parent1 8080 partition config The partition config file lets you manage your cache space more efficiently and restrict disk usage by creating cache partitions of different sizes for specific protocols You can further configure these partitions to store data from certain origin servers and or domains in the hosting config file ref...

Page 194: ... The records config file is a list of configurable variables that Traffic Server software uses This section lists and describes these variables Many of the variables in the records config file are set automatically when you set configuration options in Traffic Manager or Traffic Line Certain configuration options can be set only by editing variables manually in the records config file Format Each ...

Page 195: ...r Specifies the name of the executable that runs the traffic_server process proxy config proxy_binary_opts STRING M Specifies the command line options for starting Traffic Server proxy config manager_binary STRING traffic_ manager Specifies the name of the executable that runs the traffic_manager process proxy config cli_binary STRING traffic_line Specifies the name of the executable that runs the...

Page 196: ...fig cluster mc_ttl INT 1 Specifies the multicast Time to Live for cluster communications proxy config cluster log_bogus_mc_ msgs INT 1 Enables 1 or disables 0 logging of bogus multicast messages proxy config admin html_doc_root STRING ui Specifies the document root for Traffic Manager proxy config admin web_interface_port INT 8081 Specifies Traffic Manager port proxy config admin autoconf_port INT...

Page 197: ...min log_mgmt_access INT 0 Enables 1 or disables 0 logging of all Traffic Manager transactions to the lm log file proxy config admin log_resolve_ hostname INT 1 When enabled 1 the hostname of the client connecting to Traffic Manager is recorded in the lm log file When disabled 0 the IP address of the client connecting to Traffic Manager is not recorded in the lm log file Process Manager proxy confi...

Page 198: ...s cause problems proxy config arm bypass_use_and_rules _bad_client_request INT 0 Enables 1 or disables 0 dynamic source destination bypass in the event of non HTTP traffic on port 80 NOTE The variable proxy config arm bypass_on_bad_ client_request must also be enabled for this option to work proxy config arm bypass_use_and_rules _400 INT 0 Enables 1 or disables 0 dynamic generation of source desti...

Page 199: ... option to work proxy config arm bypass_on_bad_client _request INT 0 Enables 1 or disables 0 dynamic destination bypass in the event of non HTTP traffic on port 80 proxy config arm bypass_on_400 INT 0 Enables 1 or disables 0 dynamic generation of destination bypass rules when an origin server returns a 400 error proxy config arm bypass_on_401 INT 0 Enables 1 or disables 0 dynamic generation of des...

Page 200: ...d load shedding takes effect LDAP proxy config ldap auth enabled INT 0 Enables 1 or disables 0 LDAP based basic proxy authentication proxy config ldap cache size INT 5000 Specifies the maximum number of entries allowed in the LDAP cache When modifying this value update the value of proxy config ldap cache storage_s ize proportionally For example if you double the cache size also double the cache s...

Page 201: ...r LDAP administrator HTTP Engine proxy config http server_port INT 8080 Specifies the port that Traffic Server uses when acting as a web proxy server for web traffic or when serving web traffic transparently proxy config http server_port_attr STRING X Specifies the server port options You can specify one of the following C SERVER_PORT_COMPRESSED X SERVER_PORT_DEFAULT T SERVER_PORT_BLIND_TUNNEL pro...

Page 202: ... 1 Enables 1 or disables 0 the use of keep alive connections to either origin servers or clients proxy config http send_http11_requests INT 3 Configures Traffic Server to use HTTP version 1 1 when communicating with origin servers You can specify one of the following values 1 Traffic Server always uses HTTP 1 1 when communicating with origin servers 2 Traffic Server uses HTTP 1 1 if the origin ser...

Page 203: ...isables 0 the re use of server sessions proxy config http ftp_enabled INT 1 Enables 1 or disables 0 Traffic Server from serving FTP requests sent via HTTP proxy config http record_heartbeat INT 0 Enables 1 or disables 0 traffic_cop heartbeat logging parent proxy configuration proxy config http parent_proxy_routing_ enable INT 0 Enables 1 or disables 0 the HTTP parent caching option Refer to Chapte...

Page 204: ...ic Server keeps connections to origin servers open if the transaction stalls proxy config http transaction_active_ timeout_in INT 7200 Specifies the maximum amount of time Traffic Server can remain connected to a client If the transfer to the client is not complete before this timeout expires Traffic Server closes the connection proxy config http transaction_active_ timeout_out INT 7200 Specifies ...

Page 205: ...because the origin server was too slow in sending the response header proxy users variables proxy config http anonymize_remove_ from INT 0 When enabled 1 Traffic Server removes the From header that accompanies transactions to protect the privacy of your users proxy config http anonymize_remove_ referer INT 0 When enabled 1 Traffic Server removes the Referer header that accompanies transactions to ...

Page 206: ...ol proxy config http cache http INT 1 Enables 1 or disables 0 caching of HTTP requests proxy config http cache ftp INT 1 Enables 1 or disables 0 caching of FTP requests sent via HTTP proxy config http cache ignore_client_ no_cache INT 0 When enabled 1 Traffic Server ignores client requests to bypass the cache proxy config http cache ims_on_client_ no_cache INT 0 When enabled 1 Traffic Server issue...

Page 207: ...ocument cacheable 1 at least Last Modified header required 2 explicit lifetime required Expires or Cache Control proxy config http cache max_stale_age INT 604800 Specifies the maximum age allowed for a stale response before it cannot be cached proxy config http cache add_content_ length INT 0 When enabled 1 Traffic Server adds the content length header in a request if it is absent proxy config htt...

Page 208: ...che document_ lifetime INT 259200 Specifies the maximum amount of time that an FTP document can stay in the Traffic Server cache Customizable User Response Pages proxy config body_factory enable_ customizations INT 0 Specifies whether customizable response pages are enabled or disabled and which response pages are used 0 disable customizable user response pages 1 enable customizable user response ...

Page 209: ...nfig nntp logging_enabled INT 1 Enables 1 or disables 0 logging of NNTP transactions in the event logs roxy config nntp background_posting_ enabled INT 0 Enables 1 or disables 0 background posting When enabled Traffic Server posts NNTP articles to parent NNTP servers in the background proxy config nntp insert_posting_trace_ header INT 1 When enabled 1 Traffic Server inserts posting trace headers p...

Page 210: ...ew news on the NNTP servers proxy config nntp check_cancels_every INT 3600 Specifies how often in seconds Traffic Server polls parent NNTP servers for canceled articles proxy config nntp maintain_every INT 120 Specifies how often Traffic Server checks NNTP activities proxy config nntp check_pull_every INT 600 Specifies how often Traffic Server caches news articles form pull groups proxy config nnt...

Page 211: ...rward_backlog INT 1000 Specifies the number of forwarded articles to buffer proxy config nntp add_to_path INT 0 When enabled 1 Traffic Server is added to the path header in articles proxy config nntp forward_feed_only INT 0 When enabled 1 Traffic Server does not store feed articles locally but forwards them proxy config nntp auth_on_connect INT 0 When enabled 1 configures Traffic Server to signal ...

Page 212: ...ion_ timeout INT 300 Specifies how long Traffic Server waits for a response from the FTP server proxy config ftp ftp_enabled INT 0 Enables 1 or disables 0 processing of FTP requests from FTP clients proxy config ftp cache_enabled INT 1 Enables 1 or disables 0 FTP documents to be put in the cache If this option is disabled Traffic Server always serves FTP documents from the FTP server proxy config ...

Page 213: ...g port when it sends a PASV to the FTP server and gets the IP listening port information proxy config ftp try_client_data_connect _times INT 3 Specifies the maximum number of times Traffic Server can try to connect to the FTP client s data listening port when the FTP client sends a PORT with the IP listening port information proxy config ftp client_ctrl_no_activity_ timeout INT 900 Specifies the n...

Page 214: ...e_ time INT 259200 Specifies how long FTP files can stay fresh in the cache proxy config ftp simple_directory_ listing_cache_enabled INT 1 Enables 1 or disables 0 caching of directory listings without arguments for example dir ls proxy config ftp full_directory_listing_ cache_enabled INT 1 Enables 1 or disables 0 caching of directory listings with arguments for example ls al ls txt SOCKS Processor...

Page 215: ... HTTP alternates that Traffic Server can cache proxy config cache max_doc_size INT 0 Specifies the maximum size of documents in the cache 0 there is no size limit DNS proxy config dns search_default_ domains INT 1 Enables 1 or disables 0 local domain expansion so that Traffic Server can attempt to resolve unqualified hostnames by expanding to the local domain For example if a client makes a reques...

Page 216: ... 0 obey 1 ignore 2 min X ttl 3 max X ttl proxy config hostdb timeout INT 1440 Specifies the foreground timeout in seconds proxy config hostdb strict_round_robin INT 0 When disabled 0 Traffic Server always uses the same origin server for the same client as long as the origin server is available Logging Config proxy config log2 logging_enabled INT 3 Enables and disables event logging 0 logging disab...

Page 217: ... umask setting of 002 will not allow write permission for others even if specified in the configuration file Permissions for existing log files are not changed when the configuration is changed proxy config log2 custom_logs_enabled INT 0 Enables 1 or disables 0 custom logging proxy config log2 xml_logs_config INT 0 Enables 1 or disables 0 extended custom logging using an XLM based configuration fi...

Page 218: ...cape extended 2 log file format proxy config log2 extended2_log_is_ ascii INT 1 Specifies the Netscape extended 2 log file type 1 ASCII 0 binary proxy config log2 extended2_log_name STRING extended2 Specifies the Netscape extended 2 log file name proxy config log2 extended2_log_ header STRING NULL Specifies the Netscape extended 2 log file header text proxy config log2 separate_icp_logs INT 0 When...

Page 219: ... a collation server is being used proxy config log2 collation_host_tagged INT 0 When enabled 1 configures Traffic Server to include the hostname of the collation client that generated the log entry in each entry proxy config log2 collation_retry_sec INT 5 Specifies the number of seconds between collation server connection retries proxy config log2 rolling_enabled INT 1 Enables 1 or disables 0 log ...

Page 220: ...st_ hdr INT 0 Set this variable to 1 if you want to retain the client host header in a request during remapping SSL Termination proxy config ssl enabled INT 0 Enables 1 or disables 0 the SSL termination option Refer to Using SSL Termination on page 93 proxy config ssl server_port INT 4443 Specifies the port used for SSL communication proxy config ssl client certification_ level INT 0 Sets the clie...

Page 221: ...d against proxy config ssl client verify server INT 0 Configures Traffic Server to verify the origin server certificate with the Certificate Authority CA proxy config ssl client cert filename STRING NULL Specifies the file name of SSL client certificate installed on Traffic Server proxy config ssl client cert path STRING config Specifies the location of the SSL client certificate installed on Traf...

Page 222: ...iate update When enabled Traffic Server overrides the scheduling expiration time for all scheduled update entries and initiates updates until this option is disabled proxy config update retry_count INT 10 Specifies the number of times Traffic Server can retry the scheduled update of a URL in the event of failure proxy config update retry_interval INT 2 Specifies the delay in seconds between each s...

Page 223: ...es 1 or disables 2 multicast mode proxy config wccp2 multicast_address STRING NULL Specifies the IP multicast address proxy config wccp2 number_of_routers INT 0 If multicast is not enabled the routers on your network are not automatically discovered You must specify the number of routers that direct traffic to Traffic Server WCCP 2 0 supports a maximum of 32 routers proxy config wccp2 router0_ip S...

Page 224: ...to the Traffic Server machine ARM security on page 81 IMPORTANT After you modify the remap config file Traffic Manager has to reread the configuration files Run the traffic_line x command If you are running a cluster you need only run the command for one node the changes will propagate Field Description type Enter either one of the following map translates an incoming request URL to the appropriat...

Page 225: ...at match the second rule also match the first rule The first rule takes precedence because it appears earlier in the remap config file The following example shows a mapping with a path prefix specified in the target and replacement map http www h com a b http server h com customers x y This rule results in the following translation Client Request Translated Request http www x com Widgets index htm...

Page 226: ...ng variables as in the following example Entry type snmpNotifyEntry Format snmpNotifyName text snmpNotifyTag text keyed on snmpTargetAddr table snmpNotifyType trap 1 inform 2 snmpNotifyStorageType nonVolatile permanent readOnly snmpNotifyEntry 31 Console trap nonVolatile snmpNotifyEntry 32 TrapSink trap nonVolatile Client Request Translated Request http www x com Widgets http server hoster com x W...

Page 227: ... requests using the community string public To restrict access you need to remove access related default entries in the snmpd cnf file and add entries specifying the hosts you want to allow You must Define the hosts or host groups for your system use the snmpTargetAddrEntry lines to define the IP addresses associated to each host or host group Define access communities a community can consist of a...

Page 228: ...range where IPaddresses_or_IPaddress_range is a comma separated list of the IP addresses or IP address ranges associated with the origin servers you want Traffic Server to access directly Example The following example configures Traffic Server to access the origin server associated with the IP address 11 11 11 1 directly without going through the SOCKS server no_socks 11 11 11 1 The following exam...

Page 229: ...ain hp com search_list hp com hp1 com dest_domain internal hp com named 255 255 255 253 Field Allowed inputs dest_domain A valid domain name This specifies that the DNS server selection be based on the destination domain You can prefix the domain with the symbol to indicate the NOT logical operator dest_host A valid hostname This specifies that the DNS server selection be based on the destination ...

Page 230: ...cification is optional You can use any partition of any size For best performance HP recommends the following Use raw disk partitions For each disk make all partitions the same size For each node use the same number of partitions on all disks Specify pathnames according to your operating system requirements See the following examples Example The following basic example shows 64 MB of cache storage...

Page 231: ...expanded to thousands when recursive URLs are included it is not intended to operate on massively large URL sets such as those used by Internet crawlers for example Format Each line in the update config file uses the following format URL Request_headers Offset_hour Interval Recursion_depth NOTE Always use the Content Management page to modify settings in the update config file instead of modifying...

Page 232: ...g table offers examples to illustrate how to create a valid url_regex Field Allowed inputs URL HTTP and FTP based URLs Request_headers Optional A CR LF separated list of headers passed in each GET request You can define any request header that conforms to the HTTP specification The default is no request header Offset_hour Base hour used to derive the update periods The range is 00 23 hours Interva...

Page 233: ...rwise a literal X This us used to escape operators such as 0 A NULL character 123 The character with octal value 123 x2a The character with hexadecimal value 2a r Matches an r where r is any regular expression You can use parentheses d to override precedence rs The regular expression r followed by the regular expression s r s Either an r or an s n Inserts an end node causing regular expression mat...

Page 234: ... header for example Age ssh logs the Age field in server response headers caun The client authenticated user name result of the RFC931 ident lookup of the client user name cfsc The client finish status code specifies whether the client request to the proxy was successfully completed FIN or interrupted INTR chi The client host IP the IP address of the client s host machine cqbl The client request t...

Page 235: ...ve the document pqbl The proxy request transfer length request body length bytes from proxy to server pqhl The proxy request header length request header length bytes from proxy to server pqsi The proxy request server IP 0 on cache hits parent ip for requests to parent proxies pqsn The proxy request server name pscl The proxy response transfer length response length bytes from proxy to client psct...

Page 236: ... response header length bytes from server to proxy sshv The server response HTTP version 1 0 1 1 sssc The server response status code the HTTP response status code from server to proxy ttms The transfer time total transfer time in milliseconds ttmsf transfer time in milliseconds as a fractional number of seconds specifies the transfer time of the document in millisecond resolution but instead of f...

Page 237: ...gging field symbols Netscape Extended 2 logging formats The following table lists the Netscape Extended 2 logging fields and the corresponding HP logging field symbols Netscape Common HP field symbols host chi usr caun time cqtn req cqtx s1 pssc c1 pscl Netscape Extended HP field symbols host chi usr caun time cqtn req cqtx s1 pssc c1 pscl s2 sssc c2 sscl b1 cqbl b2 pqbl h1 cqhl h2 pshl h3 pqhl h4...

Page 238: ...226 Appendix E Event Logging Formats s2 sssc c2 sscl b1 cqbl b2 pqbl h1 cqhl h2 pshl h3 pqhl h4 sshl xt tts route phr pfs cfsc ss pfsc crc crc Netscape Extended 2 HP field symbols ...

Page 239: ...ages Message Description machine down IP address Machine with given IP address is down machine up IP address protocol version X Y Machine with given IP address and protocol version is up Cluster notes Cluster IP address not in config declaring down Cluster bbwrite to IP address failed declaring down Cluster network connection to IP address backing up Cluster read from IP address failed declaring d...

Page 240: ...unable to read cache segment marking segment corrupt or unable to write pool header there is a disk problem You may have to replace your disk can t open config file config file name for reading custom formats Custom logging was enabled but Traffic Server cannot find the logs config file connect by disallowed client IP address closing The specified client is not allowed to connect to the Traffic Se...

Page 241: ...oxy conn closed This is an informational message informing you that the traffic_server process was down For example you would see this message if there was a restart Access logging suspended configured space allocation exhausted The space allocated to the event log files is full You must either increase the space or delete some log files to enable access logging to continue To prevent this from ha...

Page 242: ...d root for the vip_config file in the bin directory Title HTTP code Description Customizable file name Access Denied 403 You are not allowed to access the document at location URL access denied Bad HTTP request for FTP Object 400 Bad HTTP request for FTP object ftp bad_request Cache Read Error 500 Error reading from cache Please retry request cache read_error Connection Timed Out 504 Server has no...

Page 243: ...TTP Response 502 The host server_name did not return the document URL correctly response bad_response Malformed Server Response 502 The host server_name did not return the document URL correctly response bad_response Malformed Server Response Status 502 The host server_name did not return the document URL correctly response bad_response Maximum Transaction Time exceeded 504 Too much time has passe...

Page 244: ... not return the document URL correctly response bad_response Unknown Host 500 Unable to locate the server named hostname The server does not have a DNS entry Perhaps there is a misspelling in the server name or the server no longer exists Double check the name and try again connect dns_failed Unsupported URL Scheme 400 Cannot perform your request for the document URL because the protocol scheme is...

Page 245: ...apter Parent cache Cluster A group of Traffic Server nodes that share configuration information and can act as a single large virtual cache Configure mode One of two modes in Chapter Traffic Manager and Chapter Traffic Line Configure mode lets you configure the Traffic Server system See also Chapter Monitor mode Cookie A piece of information sent by an origin server to a web browser The browser so...

Page 246: ...can be connected often with dial up phone lines 2 2 Post Office Protocol The basic protocols for addressing e mail Proxy server See Chapter Web proxy server Reverse proxy A option that allows Traffic Server to be configured as an origin server for convenient geographical distribution of server content Reverse proxy also offloads static content service from servers building dynamic content and prov...

Page 247: ...rs to reconfigure their browser settings It does this by intercepting traffic destined for an origin server and redirecting that traffic through the Traffic Server cache URL Uniform Resource Locator The address that defines the route to a file on the web or other Internet facility Virtual IP failover An option available to clustered Traffic Servers where Traffic Server maintains a pool of virtual ...

Page 248: ...ache 51 clearing the cache 62 client access control 29 81 168 clustering adding and deleting nodes 46 changing modes 46 full 2 management only 2 modes 2 45 collating event log files 115 configuration files 5 78 159 configuration options Traffic Manager 128 configuration variables records config 183 Configure mode Traffic Line 76 Traffic Manager 9 73 configuring Traffic Server 73 Content button Tra...

Page 249: ...response messages 232 I ICP about 54 log file name 112 peer 54 separate logs 112 ICP cache hierarchies 54 icp config file 167 interactive mode Traffic Line 10 interactive mode commands Traffic Line 146 interception strategies 23 ip_allow config file 81 168 L LDAP based proxy authentication 92 about 6 80 authentication bypass 92 configuring 92 ldapsrvr config file 169 log collation 115 log collatio...

Page 250: ...Traffic Manager Configure 76 print_bypass utility 32 processes Traffic Server 4 Protocols button Traffic Manager Configure 75 Traffic Manager Monitor 66 proxy caching explicit and transparent 11 HTTP alternates 14 whether to cache 15 pull group 19 pullover group 19 PUSH 194 push group 19 R RAM cache about 3 59 records config file 182 recovering log files 119 redirects 35 resolving alarms 67 revali...

Page 251: ...ss 83 controlling host access 86 creating administrator accounts 85 Dashboard Monitor 64 Graphs button Monitor 66 121 Host Database button Configure 75 Logging button Configure 76 Monitor mode 9 MRTG button Monitor 67 Node button Monitor 65 Other button Monitor 66 Plugins button Configure 76 Protocols button Configure 75 Protocols button Monitor 66 Routing button Configure 75 Security button Confi...

Reviews:

No comments