Hierarchies
| Parent Proxy |
Enables or disables the HTTP parent caching option. When this option is enabled, Content Gateway can participate in an HTTP cache hierarchy. You can point your Content Gateway server at a parent network cache to form a cache hierarchy where a child cache relies upon a parent cache in fulfilling client requests. See HTTP cache hierarchies. This setting must be enabled when Protected Cloud Apps is enabled and configured in the Forcepoint Security Manager. |
| No DNS and Just Forward to Parent |
When enabled, and if HTTP parent caching is enabled, Content Gateway does no DNS lookups on requested hostnames. If rules in the parent.config file are set so that only selected requests are sent to a parent proxy, Content Gateway skips name resolution only for requests that are going to the parent proxy. Name resolution is performed as usual for requests that are not sent to a parent proxy. If the parent proxy is down and the child proxy can go directly to origin servers, the child performs DNS resolution. |
| Uncacheable Requests Bypass Parent | When enabled, and if parent caching is enabled, Content Gateway bypasses the parent proxy for uncacheable requests. |
| HTTPS Requests Bypass Parent | When enabled, Content Gateway bypasses the parent proxy for HTTPS requests. |
| Tunnel Requests Bypass Parent | When enabled, Content Gateway bypasses parent proxy for non-HTTPS tunnel requests. |
| Parent Proxy Cache Rules |
Displays a table listing the rules in the parent.config file that identify the HTTP parent proxies used in an HTTP cache hierarchy and configure selected URL requests to bypass parent proxies. Rules are applied from the list top-down; the first match is applied. |
| Refresh | Updates the table to display the most up-to-date rules in the parent.config file. |
| Edit File | Opens the configuration file editor so that you can edit and add rules to the parent.config file. |
| parent.config Configuration File Editor | |
| rule display box | Lists the parent.config file rules. Select a rule to edit it. The buttons on the left of the box allow you to delete or move the selected rule up or down in the list. |
| Add | Adds a new rule to the rule display box at the top of the configuration file editor page. |
| Set | Updates the rule display box at the top of the configuration file editor page. |
| Primary Destination Type |
Lists the primary destination types: dest_domain is a requested domain name. dest_host is a requested hostname. dest_ip is a requested IP address. url_regex is a regular expression to be found in a URL. |
| Primary Destination Value |
Specifies the value of the primary destination type. For example: If the primary destination is dest_domain, a value for this field can be yahoo.com If the primary destination type is dest_ip, the value for this field can be 123.456.78.9. If the primary destination is url_regex, a value for this field can be politics. |
| Parent Proxies | Specifies the IP addresses or hostnames of the parent proxies and the port numbers used for communication. Parent proxies are queried in the order specified in the list. If the request cannot be handled by the last parent server in the list, it is routed to the origin server. Separate each entry with a semicolon; for example: parent1:8080; parent2:8080 |
| Round Robin |
Select true for the proxy to go through the parent cache list in a round-robin based on client IP address. Select strict for the proxy to serve requests strictly in turn. For example, machine proxy1 serves the first request, proxy2 serves the second request, and so on. Select false if you do not want round-robin selection to occur. |
| Go direct |
Select true for requests to bypass parent hierarchies and go directly to the origin server. Select false if you do not want requests to bypass parent hierarchies. |
| Secondary Specifiers: Time |
Specifies a time range, using a 24-hour clock, such as 08:00-14:00. If the range crosses midnight, enter this as two comma-separated ranges. For example, if a range extends from 6:00 in the evening until 8:00 in the morning, enter the following: 18:00 - 23:59, 0:00 - 8:00 |
| Secondary Specifiers: Prefix | Specifies a prefix in the path part of a URL. |
| Secondary Specifiers: Suffix | Specifies a file suffix in the URL, such as .htm or .gif. |
| Secondary Specifiers: Source IP | Specifies the IP address or range of IP addresses of the clients. |
| Secondary Specifiers: Port | Specifies the port in a requested URL. |
| Secondary Specifiers: Method |
Specifies a request URL method. For example: get post put trace |
| Secondary Specifiers: Scheme | Specifies the protocol of a requested URL. This must be either HTTP or FTP. |
| Secondary Specifiers: User-Agent | Specifies a request header User-Agent value. |