Configuration of Apache HTTP Proxy

The Apache HTTP Proxy installer provided by ESET is pre-configured, however, you will need to make additional configuration changes for the service to work correctly.

Configuration of Apache HTTP Proxy for replication (Agent - Server)

1.Modify Apache HTTP Proxy configuration file httpd.conf located in C:\Program Files\Apache HTTP Proxy\conf.

a.By default, port 2222 is used for communication with the ESET Management Agent. If you changed the port during installation, use the actual port number used. Change 2222 in the line: AllowCONNECT 443 563 2222 to your port number.

b.Add a separate ProxyMatch segment:

I.The address that your Agents use to connect to the ESMC Server.

II.All other possible addresses of your ESMC Server (IP, FQDN)
(add all of the code shown below; IP address 10.1.1.10 and hostname hostname.example are only examples to be replaced with your actual addresses. You can also generate the ProxyMatch expression in this Knowledgebase article.)

<ProxyMatch ^(hostname\.example(:[0-9]+)?(\/.*)?|10\.1\.1\.10(:[0-9]+)?(\/.*)?)$>

Allow from all

</ProxyMatch>

c.Restart the Apache HTTP Proxy service.

2.Set up a proper Agent policy to make sure your agents use the proxy for replication.

Configuration of Apache HTTP Proxy for caching

1.Stop the ApacheHttpProxy service using the following command:

sc stop ApacheHttpProxy

2.Open the file C:\Program Files\Apache HTTP Proxy\conf\httpd.conf in a simple text editor. Add the following lines at the bottom of the file:

ServerRoot "C:\Program Files\Apache HTTP Proxy"

DocumentRoot "C:\Program Files\Apache HTTP Proxy\htdocs"

<Directory "C:\Program Files\Apache HTTP Proxy\htdocs">

Options Indexes FollowSymLinks

AllowOverride None

Require all granted

</Directory>

CacheRoot "C:\Program Files\Apache HTTP Proxy\cache"

3.Save the file and start the Apache service.

sc start ApacheHttpProxy

 

details_hoverNOTE

If you prefer to have the cache directory located somewhere else, for example on another disk drive, such as D:\Apache HTTP Proxy\cache, then in the last line of the code above, change "C:\Program Files\Apache HTTP Proxy\cache" to "D:\Apache HTTP Proxy\cache".

 

Configuration of Apache HTTP Proxy for username and password

The username and password setting can only be used for caching. Authentication is not supported in the replication protocol used in Agent - Server communication.

1.Stop the ApacheHttpProxy service by opening an elevated command prompt and executing the following command:

sc stop ApacheHttpProxy

2.Verify the presence of the following modules in C:\Program Files\Apache HTTP Proxy\conf\httpd.conf:

LoadModule authn_core_module modules\mod_authn_core.dll

LoadModule authn_file_module modules\mod_authn_file.dll

LoadModule authz_groupfile_module modules\mod_authz_groupfile.dll

LoadModule auth_basic_module modules\mod_auth_basic.dll

3.Add the following lines to C:\Program Files\Apache HTTP Proxy\conf\httpd.conf under <Proxy *>:

AuthType Basic

AuthName "Password Required"

AuthUserFile password.file

AuthGroupFile group.file

Require group usergroup

4.Use the htpasswd command to create a file named password.file in the folder Apache HTTP Proxy\bin\ (you will be prompted for password):

htpasswd.exe -c ..\password.file username

5.Manually create the file group.file in the folder Apache HTTP Proxy\ with the following content:

usergroup:username

6.Start the ApacheHttpProxy service by executing the following command in an elevated command prompt:

sc start ApacheHttpProxy

7.Test the connection to HTTP Proxy by accessing the following URL in your browser:

http://[IP address]:3128/index.html

details_hoverNOTE

Once you have successfully completed installation of Apache HTTP Proxy, you have the option to allow ESET communication only (blocking all other traffic - default) or to allow all traffic. Perform the necessary configuration changes as described here:

Forwarding for ESET communication only

Proxy chaining (all traffic)

Display a list of content which is currently cached

"C:\Program Files\Apache HTTP Proxy\bin\htcacheclean.exe" -a -p "C:\ProgramData\Apache HTTP Proxy\cache"

Use the htcacheclean tool to clean up the disk cache. The recommended command (setting cache size to 10 GB and cached files limit to ~12000) is shown here:

"C:\Program Files\Apache HTTP Proxy\bin\htcacheclean.exe" -n -t^
-p"C:\ProgramData\Apache HTTP Proxy\cache" -l10000M -L12000

To schedule cache clean-up every hour, run:

schtasks /Create /F /RU "SYSTEM" /SC HOURLY /TN ESETApacheHttpProxyCleanTask^
/TR "\"C:\Program Files\Apache HTTP Proxy\bin\htcacheclean.exe\"^
-n -t -p \"C:\ProgramData\Apache HTTP Proxy\cache\" -l10000M -L12000"

If you choose to allow all traffic, the recommended commands are:

"C:\Program Files\Apache HTTP Proxy\bin\htcacheclean.exe" -n -t^
-p"C:\ProgramData\Apache HTTP Proxy\cache" -l10000M

schtasks /Create /F /RU "SYSTEM" /SC HOURLY /TN ESETApacheHttpProxyCleanTask^
/TR "\"C:\Program Files\Apache HTTP Proxy\bin\htcacheclean.exe\"^
-n -t -p \"C:\ProgramData\Apache HTTP Proxy\cache\" -l10000M"

details_hoverNOTE

The ^ character right after end of line in the commands above is essential, if it is not included the command will not execute correctly.

For more information, visit our Knowledgebase article or the Apache Authentication and Authorization documentation.