Manualshelf

Installation manual

ManualsBrandsESET ManualsPrint & ScanGATEWAY SECURITY - FOR LINUX BSD AND SOLARIS
11121314151617181920
12
6.2 Manual HTTP/FTP proxy configuration
The manual proxy configuration (see Figure 5-2) is characterized by explicitly configuring the proxied user agent to listen on a
specific port and address of the parent proxy.
Figure 5-2. Scheme of ESET Gateway Security as a manual proxy
With this configuration, the proxy server usually modifies transferred requests and/or responses, i.e., non-transparent mode.
The manual proxying functionality of esets_http has been tested with a wide range of common user agents (i.e., proxy caches)
such as Squid Proxy Cache and SafeSquid, as well as web browsers such as Mozilla Firefox, Opera, Netscape, and Konqueror. In
general, any HTTP user agent which supports manual parent proxy settings will cooperate with the esets_http module. In the next
section, we describe the manual proxy configuration setting of esets_http with Mozilla Firefox and Squid Web Proxy Cache, as
these are the most common HTTP user agent applications.
6.2.1 Manual proxy configuration of Mozilla Firefox
The manual HTTP/FTP proxy configuration of esets_http with Mozilla Firefox is illustrated in Figure 5-2.
This configuration allows ESET Gateway Security to be installed anywhere within the local network, including the gateway server
and the user agent’s computer.
In the example below, esets_http is configured to listen on port 8080 of a computer with local network IP address 192.168.1.10,
by specifying the following parameters in the [http] section of the ESETS configuration file:
agent_enabled = yes
listen_addr = "192.168.1.10"
listen_port = 8080
The parameter ‘listen_addr can also be the host name which is visible from the local network.
To configure Firefox to use esets_http, click Tools > Options from the main menu, and click Advanced. Click the Network tab and
then click the Settings... button. In the Connection Settings window, select the Manual Proxy Configuration option. Finally, enter
the host name or IP address in the HTTP Proxy (or FTP Proxy) field, and enter the Port values which esets_http listens on (in this
example, IP address 192.168.1.10 and port 8080 shall be specified). To reread the newly created configuration, reload the ESETS
daemon.
It should be noted that the configuration described here is not optimal for networks with a large number of client computers.
This is because the HTTP cache (if any) is present only in the user agent - thus, the same source object is scanned multiple times
when requested from different user agents.
6.2.2 Manual proxy configuration of Squid
The manual HTTP proxy configuration of esets_http with Squid is illustrated in the right hand side of Figure 5-2.
The significant difference from the previously described configuration is that ESET Gateway Security is installed on the HTTP/FTP
Gateway between the proxy cache (Squid in this example) and the Internet. All inbound HTTP/FTP communications are first
scanned for infiltrations and then stored in the dedicated network cache. In other words, all previously requested source objects
present within the proxy cache are already checked for viruses and no additional checking is necessary when requested again.