Advanced Settings (for Proxies)
Settings for advanced proxy functions.
Option | Definition |
---|---|
Maximum number of client connections |
Limits the number of connections between a proxy on an appliance and its clients. Specifying 0 means that no limit is configured. Default: 50000 connections |
Handle responses from server (content-encoding) |
Provides options for handling the content in the body of a response from a web server that is forwarded to a client by Web Gateway. The content can be handled differently depending on whether it is compressed, for example, when GZIP encoding has been applied, or not. Compressed content can be extracted to allow access, inspection, and other treatment according to the rules that are configured on Web Gateway. Forwarding to the client is only performed if and to the extent that the rules allow it.
Not extracting compressed content reduces load in content forwarding. This option is therefore useful when content inspection or other treatment is not required. For example, if you only want to apply URL filtering to web traffic, content extraction is unnecessary. Compressed content is, however, extracted under this option if the Dynamic Content Classifier (DCC) is called in case a URL could not be rated using Trusted Source information. To call the DCC, the following setting within the URL settings must be selected: Enable the Dynamic Content Classifier if GTI web categorization yields no result. The extracted content is forwarded uncompressed to the client. |
Handle compressed requests from client |
Provides options for handling requests that were received in compressed format from a client of Web Gateway.
|
Number of working threads |
Specifies the number of threads used for filtering and transmitting web objects when a proxy is run on an appliance. |
Number of threads for AV scanning |
Specifies the number of threads used to scan web objects for infections by viruses and other malware when a proxy is run on an appliance. |
Use TCP no delay |
When selected, delays on a proxy connection are avoided by not using the Nagle algorithm to assemble data packets. This algorithm enforces that packets are not sent before a certain amount of data has been collected. |
Maximum TTL for DNS cache in seconds |
Limits the time (in seconds) that host name information is stored in the DNS cache. |
Timeout for errors for long running connections |
Sets the time (in hours) that a long-running connection to another network component is allowed to remain inactive before Web Gateway closes the connection. The default time is 24 hours. This setting prevents the performance of a Web Gateway appliance from being impacted by long-running connections that run extremely long. Time is measured as follows for the different connection protocols to determine whether the timeout has been reached.
When the connection is closed, an error is generated, which can be handled by the rules in an Error Handler rule set. |
Check interval for long running connections |
Sets the time (in minutes) that elapses between check messages sent over a long-running connection. |
Maximum amount of data per connection or request |
Sets the amount of data (in MB) that can be sent on a long-running connection to another network component before Web Gateway closes the connection. The default amount is 10,240 MB. This setting prevents the performance of a Web Gateway appliance from being impacted by long-running connections that carry a very high data load. Data load is measured as follows for the different connection protocols to determine whether the maximum amount has been reached.
When the connection is closed, an error is generated, which can be handled by the rules in an Error Handler rule set. The following properties are then set to the value of the measured data to be available for the error handling rules: Bytes.ToClient, Bytes.ToServer, Bytes.FromClient, Bytes.FromServer. |
Volume interval for connections |
Sets the volume interval for long-running connections. |
Internal path ID |
Identifies the path an appliance follows to forward internal requests (not requests received from clients), for example, requests for style sheets used to display error messages. |
Bypass RESPmod for responses that must not contain a body |
When selected, responses sent in communication under the ICAP protocol are not modified according to the RESPMOD mode if they do not include a body. |
Call log handler for progress page updates and objects embedded in error templates |
When selected, the rules in the log handler rule set that is implemented on the appliance are processed to deal with the specified updates and objects. |
Allow connections to use local ports using proxy |
When selected, local ports can be used for requests on an appliance that a proxy is run on. |
Use virtual IP as the Proxy.IP property value |
When selected, the value for the Proxy.IP property in High Availability mode is a virtual IP address for all nodes in a configuration. It is the virtual IP address that is used by clients to connect to the proxy. When the director node redirects a request sent from a client to a scanning node, this address is the value of the Proxy.IP property also on the scanning node (not the physical address of the scanning node). |
HTTP(S): Remove all hop-by-hop headers |
When selected, hop-by-hop headers are removed from requests received on an appliance that an HTTP or HTTPs proxy is run on. |
HTTP(S): Inspect via headers to detect proxy loops |
When selected, via headers in requests received on the appliance that an HTTP or HTTPS proxy is run on are inspected to detect loops. |
HTTP(S): Host from absolute URL has priority over host header |
When selected, the host names corresponding to absolute URLs in requests received on an appliance that an HTTP or HTTPS proxy is run on are preferred to the host names contained in the request headers. |
Encode own IP address in progress page ID to enable non-sticky load balancers |
When selected the own IP address is encoded in the progress page ID. |
HTTP(S): Maximum size of a header |
Sets a limit to the size (in MB) for the header of a request or response sent in HTTP(S) traffic. Default: 10 MB |
Listen backlog |
Specifies a value for the listen backlog. Default: 128 |
Limit for working threads doing IO in web cache |
Sets a limit to the number of working threads for the web cache. Default: 25 |
Progress page limit |
Sets a limit to the size (in KB) of the progress page. Default: 40,000 KB |
Enable TCP window scaling |
When selected, the initial size of the window for receiving TCP data packets can be increased up to a maximum value that depends on a scaling factor. This factor is configured under TCP window scale. With a larger window size, Web Gateway can receive more data from a web server or client on a given connection before an acknowledge (ACK) packet must be sent. Benefit: Improved network throughput, especially on high-latency connections Risk: If routers or firewalls do not accept a larger window size, window scaling might break up, leading to slow or no throughput. Recommended: Reduce the window to a size that results in an acceptable performance. Default: Enabled NOTE: When this option is disabled, no window scaling is performed. Disable the option with caution. |
TCP window scale |
Sets the scaling factor that determines the maximum size of the window for receiving TCP data packets. If window scaling is enabled, the initial window size can be increased using this scaling factor, which is calculated by taking base 2 to the power of the value that you specify here. For example, if you specify 1, the scaling factor is 2^1 = 2, so the maximum window size is doubled. If you specify 0 for a scaling factor 1, the initial window size is kept for Web Gateway. Window scaling can still be used then for the receive window of the communication partner. Range of values: 0–4 Default: 7 NOTE: With this default, the receive window can be increased to a maximum size of 8192 KB. |