![]() | |
Sun Java System Web Proxy Server User Interface |
The Preferences Tab
The Preferences tab is used to shut down the Administration Server, edit listen sockets, configure superuser access, allow multiple administrators, and customize and view access and error logs.
The tab contains the following pages:
The Shutdown Server PageThe Shutdown Server page is used to stop the Administration Server.
The following element is displayed:
Shutdown administration Server. Click OK to shut down the Administration Server.
To restart the Administration Server on UNIX and Linux, type ./start from the server_root/proxy-admserv directory. To restart the Administration Server on Windows, restart the service or use the icon in the Program Manager.
For more information about starting and stopping the Administration Server, see the "Administering Sun Java System Web Proxy Server" chapter in the Proxy Server Administration Guide.
The Edit Listen Sockets PageThe Edit Listen Sockets page is used to edit listen socket settings. For more information about listen sockets, see "Creating and Managing Listen Sockets" in the Proxy Server Administration Guide.
The following elements are displayed when you first click the Preferences tab, and then the Edit Listen Sockets link:
Create a new Listening Socket. Click the New button to create a new listen socket. The Add Listen Socket Page displays.
Configured Sockets. This table displays information about existing listen sockets.
If you are editing listen socket settings, after clicking the listen socket ID you will be presented with another Edit Listen Sockets page. The following elements are displayed:
- General
- Listen Socket ID. The internal name for the listen socket. You cannot change this name after a listen socket has been created.
- IP Address. The IP address of the listen socket. This can be in dotted-pair or IPv6 notation. This can also be 0.0.0.0, any, or ANY for INADDR_ANY (all IP addresses).
- Port. The port number on which to create the listen socket. Legal values are 1-65535. On UNIX, creating sockets that listen on ports 1-1024 requires superuser privileges. Configure an SSL listen socket to listen on port 443.
- Server Name. The default server for this listen socket.
- Security
If security is disabled, only the following parameter is displayed:
Security. Enables or disables security for the listen socket selected. This is disabled by default. If a server certificate has not been installed, your only choice will be Disabled.
If security is enabled, the following parameters are displayed:
- Security. Enables or disables security for the listen socket selected.
- Server Certificate Name. Select an installed certificate from the drop-down list to use for this listen socket.
- Client Authentication. Specifies whether client authentication is required on this listen socket. This is Optional by default.
- SSL Version 2. Enables or disables SSL Version 2. This is disabled by default.
- SSL Version 2 Ciphers. Lists all ciphers within this suite. Select the ciphers you want to enable for the listen socket you are editing by checking or unchecking the boxes. The default versions will be unchecked.
- SSL Version 3. Enables or disables SSL Version 3. This is enabled by default.
- TLS. Enables or disables TLS, the Transport Layer Security protocol for encrypted communication. This is enabled by default.
- TLS Rollback. Enables or disables TLS Rollback. Note that disabling TLS Rollback leaves connections vulnerable to version rollback attacks. This is enabled by default.
- SSL Version 3 and TLS Ciphers. Lists all ciphers within this suite. Select the ciphers you want to enable for the listen socket you are editing by checking or unchecking the boxes. The default versions will be checked.
- Advanced
- Number of Acceptor Threads. The number of acceptor threads for the listen socket. The recommended value is the number of processors in the machine. The default is 1, legal values are 1-1024.
- Protocol Family. The socket family type. Legal values are inet, inet6, and nca. Use the value inet6 for IPv6 listen sockets. Specify nca to make use of the Solaris Network Cache and Accelerator.
- OK. Saves your entries.
- Reset. Erases your changes and resets the elements in the page to the values that they contained before your changes.
The Add Listen Socket PageThe Add Listen Socket page is used to add listen sockets. The following elements are displayed:
Listen Socket ID. Specify the internal name for the listen socket. You cannot change this name after the listen socket has been created.
IP Address. Specify the IP address of the listen socket. This can be in dotted-pair or IPv6 notation. This can also be 0.0.0.0, any, or ANY for INADDR_ANY (all IP addresses).
Port. Specify the port number on which to create the listen socket. Legal values are 1-65535. On UNIX, creating sockets that listen on ports 1-1024 requires superuser privileges. Configure an SSL listen socket to listen on port 443.
Server Name. Specify the default server for this listen socket.
Security. From the drop-down list, specify whether security should be enabled or disabled for the listen socket. If a server certificate has not been installed, your only choice will be Disabled.
OK. Saves your entries.
Reset. Erases your changes and resets the elements in the page to the values that they contained before your changes.
The Control Superuser Access PageThe Control Superuser Access page is used to configure superuser access for the Administration Server. These settings affect only the superuser account. If the Administration Server uses distributed administration, you must set access control for administrators using the Administer Access Control link under the Global Settings tab.
For more information, see "Changing Superuser Settings" in the Proxy Server Administration Guide.
The following elements are displayed:
Hostnames to allow. Specify the host name allowed to access the Administration Server. You can use wildcard patterns to match multiple systems in a domain. For example, *example.com matches a.example.com and a.corp.example.com. You can list multiple hosts by separating them with commas. Using host names is flexible. If a system’s IP address changes, you do not need to update the server.
IP addresses to allow. Specify the IP address to match any host not explicitly defined. The access control for the most complete match will be used. You can also use wildcard patterns. For example, 198.95.* matches 198.95.11.6 and 198.95.11.2. You can separate IP addresses by using commas. Using IP addresses is reliable. If a DNS lookup fails for the connected client, host name restriction cannot be used.
Authentication user name. Specify the user name of the superuser server administrator (this is the user name entered during installation). Only this user name can be used to log in to the Administration Server. This information is stored in the admpw file in the server-root/proxy-admserv/config directory. For more information, see "Changing Superuser Settings" in the Proxy Server Administration Guide.
Authentication Password. Specify the administrator password. If you leave the password field blank, the password remains unchanged.
Authentication Password (again). Confirm the password specified in the Authentication Password field. If what you enter is different from what you previously entered, you will be prompted to try again.
OK. Saves your entries.
Reset. Erases your changes and resets the elements in the page to the values that they contained before your changes.
The Configure Distributed Administration PageThe Configure Distributed Administration page is used to allow multiple administrators to configure specific parts of the server. For distributed administration to work, the default directory service should be LDAP. For more information, see "Allowing Multiple Administrators" in the Proxy Server Administration Guide.
The following elements are displayed:
Activate distributed administration. Select Yes or No to enable or disable distributed administration.
Administrator group. Specify the group of administrators allowed to bypass the Administration Server and go directly to the Server Manager for a specific server (this group should already exist in the directory server). Users in the administrator group have full access to the Administration Server, but this access can be limited using access control. A user in the administrator group can make changes that affect other users, such as adding users or changing access control.
OK. Saves your entries.
Reset. Erases your changes and resets the elements in the page to the values that they contained before your changes.
The Set Access Log Preferences PageThe Set Access Log Preferences page is used to specify information you want recorded in your server’s logs. Server log files are helpful for monitoring server activity and troubleshooting problems.
For more information, see "Setting Access Log Preferences" in the Proxy Server Administration Guide.
The following elements are displayed:
From the drop-down list, specify a resource to which custom logging should be applied.
Select. Click this button to load data for the selected resource.
Regular Expression. Click this button to specify a regular expression wildcard pattern to be used to identify resources. For more information about regular expressions, see "Understanding Regular Expressions" in the Proxy Server Administration Guide.
Log Client Accesses. Specify whether to include client accesses in your log files.
Log File. Specify the absolute path for the access log file. As a default, the log files are kept in the logs directory in the server root. If you specify a partial path, the server assumes the path is relative to the logs directory in the server root.
Record. Specify whether domain names or IP addresses of the systems accessing the server should be recorded in the access log.
Format. Specify which type of log file format to use in the access log. The following options are available:
- Use Common LogFile Format. Includes client’s host name, authenticated user name, date and time of request, HTTP header, status code returned to the client, and content length of the document sent to the client.
- Only Log. Choose which information will be logged. The following options are available:
- Client Hostname. The host name (or IP address if DNS is disabled) of the client requesting access.
- Authenticate User Name. If authentication was necessary, you can list the authenticated user name in the access log.
- System Date. The date and time of the client request.
- Full Request. The exact request the client made.
- Status. The status code the server returned to the client.
- Content Length. The content length, in bytes, of the document sent to the client.
- HTTP Header, "referer." The referer specifies the page from which the client accessed the current page. For example, if a user was looking at results from a text search query, the referer would be the page from which the user accessed the text search engine. Referers allow the server to create a list of backtracked links.
- HTTP Header, "user-agent." The user-agent information (including the type of browser the client is using, its version, and the operating system on which it is running) comes from the User-agent field in the HTTP header information the client sends to the server.
- Method. The HTTP request method used (GET, PUT, POST, and so on).
- URI. (Universal Resource Identifier) The location of a resource on the server. For example, for http://www.a.com:8080/special/docs, the URI is special/docs.
- Query String Of The URI. Anything after the question mark in a URI. For example, for
http://www.a.com:8080/special/docs?find_this, the query string of the URI is find_this.- Protocol. The transport protocol and version used.
Custom Format. Creates a customized format for your access log. For more information about the parameters you should use for your custom format, see "Setting Access Log Preferences" in the Proxy Server Administration Guide.
OK. Saves your entries.
Reset. Erases your changes and resets the elements in the page to the values that they contained before your changes.
The Set Error Log Preferences PageThe Set Error Log Preferences page is used to configure the information you want recorded in your server’s error logs. Server log files are helpful for monitoring server activity and troubleshooting problems.
For more information, see "Setting Access Log Preferences" in the Proxy Server Administration Guide.
The following elements are displayed:
Error Log File Name. Specify the file that stores messages from the server.
Log Level. From the drop-down list, specify the amount of information that should be logged in the errors log. The following options are available:
- Finest - Highly detailed tracing messages
- Finer - Fairly detailed tracing messages
- Fine - Tracing information
- Info (default) - Informational messages
- Warning - Indicates a potential problem
- Failure - Indicates a failure
- Config - Static configuration messages
- Security - Information about security issues
- Catastrophe - Indicates a serious failure
Log Stdout. Redirects stdout output to the errors log.
Log Stderr. Redirects stderr output to the errors log.
Log To Console. (UNIX only) Redirects log messages to the console.
Use System Logging. Specifies that the UNIX syslog service or Windows Event Logging should be used to produce and manage logs.
OK. Saves your entries.
Reset. Erases your changes and resets the elements in the page to the values that they contained before your changes.
The View Access Log PageThe View Access Log page is used to configure a customized view of information about the requests and responses to and from the server.
For more information, see "About Log Files" and "Viewing Access Log Files" in the Proxy Server Administration Guide.
The following elements are displayed:
Number Of Entries. Specify the number of entries to retrieve (the list will start with the most recent). It is recommended that this number be set to less than 1000. The default is 25. The maximum number of entries is 2147483647.
Only Show Entries With. Specify a string or character to filter the log entries. Case is important. The case of the string or character specified in this field must match the case of the entry in the access log. For example, to see only access log entries that contain POST, type POST.
OK. Displays the log entries.
Reset. Erases your changes and resets the elements in the page to the values that they contained before your changes.
Last (number access logs). Displays the access log entries with the parameters specified in the upper section of this page.
The View Error Log PageThe View Error Log page is used to configure a customized view of the errors the server has encountered and informational messages about the server, such as when the server was started and who tried to log in.
For more information, see "About Log Files" and "Viewing Error Log Files" in the Proxy Server Administration Guide.
The following elements are displayed:
Number Of Errors To View. Specify the number of entries to retrieve (the list will start with the most recent). The default is 25.
Only Show Entries With. Specify a string or a character to filter the log entries. Case is important. The case of the string or character specified in this field must match the case of the entry in the error log. For example, to see only those error messages that contain warning, type warning.
OK. Displays the log entries in the lower section of this page
Reset. Erases your changes and resets the elements in the page to the values that they contained before your changes.
Last (number errors). Displays the error log entries with the parameters specified in the upper section of this page.