Go to the table of contents Go to the previous page Go to the next page View or print as PDF
HTTP
Help | Content Gateway | Version 8.1.x
Configure > Protocols > HTTP > General
 
For explicit proxy configurations only, specifies additional ports on which Content Gateway listens for HTTP traffic.
Enables or disables .com name expansion. When this option is enabled, Content Gateway attempts to resolve unqualified hostnames by redirecting them to the expanded address, prepended with www. and appended with .com. For example, if a client makes a request to company, Content Gateway redirects the request to www.company.com.
If local domain expansion is enabled (see DNS Resolver), Content Gateway attempts local domain expansion before .com domain expansion; Content Gateway tries .com domain expansion only if local domain expansion fails.
Enables reverse DNS lookup when the URL has an IP address (instead of a hostname) and there are rules in filter.config, cache.config, or parent.config. This is necessary when rules are based on destination hostname and domain name.
When SSL is enabled, traffic to any port that is also listed in the HTTPS ports field is not tunneled, but is decrypted and filtering policy is applied.
Select PASV then PORT for Content Gateway to attempt PASV connection mode first. If PASV mode fails, Content Gateway tries PORT mode and initiates the data connection. If successful, the FTP server accepts the data connection.
Select PASV only for Content Gateway to initiate the data connection to the FTP server. This mode is firewall friendly, but some FTP servers do not support it.
Select PORT only for the FTP server to initiate the data connection and for Content Gateway to accept the connection.
The default value is PASV then PORT.
Configure > Protocols > HTTP > Cacheability
 
Select An Explicit Lifetime Header to cache only HTTP objects with Expires or max-age headers.
Select A Last-Modified Header to cache only HTTP objects with lastmodified headers.
Select No Required Headers to cache HTTP objects that do not have Expires, max-age, or last-modified headers. This is the default option.
Caution: By default, Content Gateway caches all objects (including objects with no headers). It is recommended that you change the default setting only for specialized proxy situations. If you configure Content Gateway to cache only HTTP objects with Expires or max-age headers, the cache hit rate is reduced (very few objects have explicit expiration information).
Select Never Revalidate to never revalidate HTTP objects in the cache with the origin server (Content Gateway considers all HTTP objects in the cache to be fresh).
Select Always Revalidate to always revalidate HTTP objects in the cache with the origin server (Content Gateway considers all HTTP objects in the cache to be stale).
Select Revalidate if Heuristic Expiration to verify the freshness of an HTTP object with the origin server if the object contains no Expires or Cache-Control headers; Content Gateway considers all HTTP objects without Expires or Cache-Control headers to be stale.
Select Use Cache Directive or Heuristic to verify the freshness of an HTTP object with the origin server when Content Gateway considers the object in the cache to be stale according to object headers, absolute freshness limit, and/or rules in the cache.config file. This is the default option.
Specifies when Content Gateway adds no-cache headers to requests from Microsoft Internet Explorer.
Certain versions of Microsoft Internet Explorer do not request cache reloads from transparent caches when the user presses the browser Refresh button. This can prevent content from being loaded directly from the origin servers. You can configure Content Gateway to treat Microsoft Internet Explorer requests more conservatively, providing fresher content at the cost of serving fewer documents from cache.
Select To All MSIE Requests to always add no-cache headers to all requests from Microsoft Internet Explorer.
Select To IMS MSIE Requests to add no-cache headers to IMS (If Modified Since) Microsoft Internet Explorer requests.
Select Not to Any MSIE Requests to never add no-cache headers to requests from Microsoft Internet Explorer.
When this option is enabled, Content Gateway ignores no-cache headers in client requests and serves the requests from the cache.
When this option is disabled, Content Gateway does not serve requests with no-cache headers from the cache but forwards them to the origin server.
Caution: If you enter 0 (zero), there is no limit to the number of alternates cached. If a popular URL has thousands of alternates, you might observe increased cache hit latencies (transaction times) as Content Gateway searches over the thousands of alternates for each request. In particular, some URLs can have large numbers of alternates due to cookies. If Content Gateway is set to vary on cookies, you might encounter this problem.
Enables or disables caching of alternate versions of HTTP documents that do not contain the Vary header. If no Vary header is present, Content Gateway varies on the headers specified below, depending on the document's content type.
Caution: It is recommended that you configure Content Gateway to cache dynamic content for specialized proxy situations only.
Select Cache All but Text to cache cookies that contain any type of content except text. This is the default.
Select Cache Only Image Types to cache cookies that contain images only.
Select Cache Any Content-Type to cache cookies that contain any type of content.
Select No Cache on Cookies to not cache cookies at all.
Displays a table listing the rules in the cache.config file that specify how a particular group of URLs should be cached. This file also lets you force caching of certain URLs for a specific amount of time.
Updates the table to display the most up-to-date rules in the cache.config file. Click Refresh after you have added or modified rules with the configuration file editor.
Lists the cache.config file rules. Select a rule to edit it. The buttons on the left of the box allow you to delete or move the selected rule up or down in the list.
A never-cache rule configures Content Gateway to never cache specified objects.
An ignore-no-cache rule configures Content Gateway to ignore all Cache-Control: no-cache headers.
An ignore-client-no-cache rule configures Content Gateway to ignore Cache-Control: no-cache headers from client requests.
An ignore-server-no-cache rule configures Content Gateway to ignore Cache-Control: no-cache headers from origin server responses.
A pin-in-cache rule configures Content Gateway to keep objects in the cache for a specified time.
A revalidate rule configures Content Gateway to consider objects fresh in the cache for a specified time.
A ttl-in-cache rule configures Content Gateway to serve certain HTTP objects from the cache for the amount of time specified in the Time Period field regardless of certain caching directives in the HTTP request and response headers.
dest_domain is a requested domain name.
dest_host is a requested hostname.
dest_ip is a requested IP address.
url_regex is a regular expression to be found in a URL.
Specifies the amount of time that applies to the revalidate, pin-in-cache, and ttl-in-cache rule types. The following time formats are allowed:
d for days (for example 2d)
h for hours (for example, 10h)
m for minutes (for example, 5m)
s for seconds (for example, 20s)
Click Apply before you click Close; otherwise, all configuration changes will be lost.
Configure > Protocols > HTTP > Privacy
 
When enabled, Content Gateway inserts the Client-IP header into outgoing requests to retain the client's IP address.
This option is mutually exclusive with the Remove Headers: Client-IP option. When Insert Headers: Client-IP is enabled the Remove Headers: Client-IP option is automatically disabled.
When enabled, Content Gateway inserts a Via header into the outgoing request. The Via header informs the destination server of proxies through which the request was sent.
When enabled, Content Gateway inserts an X-Forwarded-For header into the outgoing request. The X-Forwarded-For value contains the originating IP address.
When this option is enabled, Content Gateway removes the Client-IP header from outgoing requests to protect the privacy of your users.
This option is mutually exclusive with the Insert Headers: Client-IP option. When Remove Headers: Client-IP is enabled the Insert Headers: Client-IP option is automatically disabled.
When this option is enabled, Content Gateway removes the Cookie header from outgoing requests to protect the privacy of your users. The Cookie header often identifies the user that makes a request.
When this option is enabled, Content Gateway removes the From header from outgoing requests to protect the privacy of your users. The From header identifies the client's email address.
When this option is enabled, Content Gateway removes the Referer header from outgoing requests to protect the privacy of your users. The Referer header identifies the Web link that the client selects.
When this option is enabled, Content Gateway removes the User-Agent header from outgoing requests to protect the privacy of your users. The User-Agent header identifies the agent that is making the request, usually a browser.
Specifies headers other than From, Referer, User-Agent, and Cookie, that you want to remove from outgoing requests to protect the privacy of your users.
Configure > Protocols > HTTP > Timeouts
See this knowledge base article for a discussion of HTTP timeout options.
 

Go to the table of contents Go to the previous page Go to the next page View or print as PDF
Copyright 2016 Forcepoint LLC. All rights reserved.