Apache HTTP Proxy

Apache HTTP Proxy is a proxy service that can be used to distribute updates to client computers. Apache HTTP Proxy performs a similar role to the mirror server feature popular in ERA 5 and earlier.

Apache HTTP Proxy functions

Function

Proxy solution that provides this function

Caching of downloads and updates

Apache HTTP Proxy or other proxy solution

Caching of ESET Dynamic Threat Defense results

Only configured Apache HTTP Proxy

Replication ESET Management Agents' communication with ESMC Server

Apache HTTP Proxy or other proxy solution

Caching function

Apache HTTP Proxy downloads and caches:

Detection engine updates

Activation tasks - communication with activation servers and caching of license requests

ESMC repository data

Product component updates

Cached data is distributed to endpoint clients on your network. Caching can significantly decrease internet traffic on your network

In contrast to the Mirror Tool, which downloads all available data on the ESET update servers, Apache HTTP Proxy reduces the network load by only downloading the data requested by ESMC components or ESET endpoint products. If an endpoint client requests an update, Apache HTTP Proxy downloads it from the ESET update servers, saves the update to its cache directory and then serves it to the individual endpoint client. If another endpoint client requests the same update, Apache HTTP Proxy serves the download to the client directly from its cache, so there is no additional download from ESET update servers.

Caching for ESET Endpoint product

Caching settings of ESET Management Agent and Endpoint are not identical. ESET Management Agent can manage settings for ESET security products at client devices. You can set up proxy for ESET Endpoint Security:

locally from GUI

from ESMC Web Console, using a policy (the recommended way to manage client devices settings)

Caching results from ESET Dynamic Threat Defense

Apache HTTP Proxy can also cache results provided by ESET Dynamic Threat Defense. Caching requires specific configuration which is included in the Apache HTTP Proxy distributed by ESET. It is recommended to use caching with ESET Dynamic Threat Defense if possible. See the service's documentation for more details.

Using Apache as HTTP Proxy for Agent - Server communication

When correctly configured, Apache HTTP Proxy can be used to collect and forward data from ESMC components in a remote location - similarly to the function of ERA 6.x Proxy component. One proxy solution can be used for caching updates (Apache HTTP Proxy is recommended) and another proxy for Agent - Server communication. It is possible to use Apache HTTP Proxy  for both functions at the same time, but it is not recommended for networks with more than 1000 client machines per proxy machine.

ERA 6.x Proxy component is not compatible with the ESET Management Agents. Read more about the Proxy function.

How to set up the HTTP Proxy

To use the proxy, HTTP Proxy hostname must be set up in the Agent policy (Advanced settings > HTTP Proxy). You can use different proxies for caching and forwarding; see the policy settings below:

Global Proxy - you will use a single proxy solution for both caching downloads and for forwarding Agent communication.

Different Proxy Per Service -you will use separate proxy solutions for caching and for forwarding communication.

Apache HTTP Proxy in the infrastructure

The following diagram illustrates a proxy server (Apache HTTP Proxy) that is being used to distribute ESET cloud traffic to all ESMC components and ESET endpoint products.

scheme_http_proxy_noRemoteLocation

details_hoverNOTE

What are the differences between various Proxies?

scheme_http_proxy

validation-status-icon-warning IMPORTANT

You can use a proxy chain to add another proxy service to a remote location. Note that ESMC does not support proxy chaining when the proxies require authentication. You can use your own transparent web proxy solution, however that may require additional configuration beyond what is mentioned here.

scheme_http_proxy_chaining

details_hoverNOTE

For offline detection engine updates, use the Mirror Tool instead of Apache HTTP Proxy. This tool is available for both platforms (Windows and Linux).