Configuration of Apache HTTP Proxy

The Apache HTTP Proxy installer provided by ESET is pre-configured. However, additional custom configuration is needed for the service to work correctly.

Configuration of Apache HTTP Proxy for replication (Agent - Server)

1.Modify the Apache HTTP Proxy configuration file httpd.conf located in C:\Program Files\Apache HTTP Proxy\conf.

a.By default, port 2222 is used for communication with the ESET Management Agent. If you changed the port during installation, use the changed port number. Change 2222 in the line: AllowCONNECT 443 563 2222 8883 to your port number.

b.Add a separate ProxyMatch segment:

I.The address which your Agents use to connect to the ESMC Server.

II.All other possible addresses of your ESMC Server (IP, FQDN)
(add the whole below code; IP address 10.1.1.10 and hostname hostname.example are only examples to be substituted by your addresses. You can also generate the ProxyMatch expression in this Knowledgebase article.)

<ProxyMatch ^(hostname\.example(:[0-9]+)?(\/.*)?|10\.1\.1\.10(:[0-9]+)?(\/.*)?)$>

Allow from all

</ProxyMatch>

c.Restart the Apache HTTP Proxy service.

2.Set up a proper Agent policy to make sure your agents use the proxy for replication.

Configuration of Apache HTTP Proxy for caching

1.Stop the ApacheHttpProxy service using the following command:

sc stop ApacheHttpProxy

2.Open the file C:\Program Files\Apache HTTP Proxy\conf\httpd.conf in a simple text editor. Add the following lines to the bottom of the file:

ServerRoot "C:\Program Files\Apache HTTP Proxy"

DocumentRoot "C:\Program Files\Apache HTTP Proxy\htdocs"

<Directory "C:\Program Files\Apache HTTP Proxy\htdocs">

Options Indexes FollowSymLinks

AllowOverride None

Require all granted

</Directory>

CacheRoot "C:\Program Files\Apache HTTP Proxy\cache"

3.Save the file and start the Apache service.

sc start ApacheHttpProxy

note

Note

If you prefer to have the cache directory located somewhere else, for example, on another disk drive such as D:\Apache HTTP Proxy\cache, then in the last line of the code above, change "C:\Program Files\Apache HTTP Proxy\cache" to "D:\Apache HTTP Proxy\cache".

Configuration of Apache HTTP Proxy for username and password

The username and password setting can only be used for caching. Authentication is not supported in the replication protocol used in Agent - Server communication.

1.Stop the ApacheHttpProxy service by opening an elevated command prompt and executing the following command:

sc stop ApacheHttpProxy

2.Verify the presence of the following modules in C:\Program Files\Apache HTTP Proxy\conf\httpd.conf:

LoadModule authn_core_module modules\mod_authn_core.dll

LoadModule authn_file_module modules\mod_authn_file.dll

LoadModule authz_groupfile_module modules\mod_authz_groupfile.dll

LoadModule auth_basic_module modules\mod_auth_basic.dll

3.Add the following lines to C:\Program Files\Apache HTTP Proxy\conf\httpd.conf under <Proxy *>:

AuthType Basic

AuthName "Password Required"

AuthUserFile password.file

AuthGroupFile group.file

Require group usergroup

4.Use the htpasswd command to create a file named password.file in the folder Apache HTTP Proxy\bin\ (you will be prompted for password):

htpasswd.exe -c ..\password.file username

5.Manually create the file group.file in the folder Apache HTTP Proxy\ with the following content:

usergroup:username

6.Start the ApacheHttpProxy service by executing the following command in an elevated command prompt:

sc start ApacheHttpProxy

7.Test the connection to HTTP Proxy by accessing the following URL in your browser:

http://[IP address]:3128/index.html

note

Note

Once you have successfully completed installation of Apache HTTP Proxy, you have the option to only allow ESET communication (blocking all other traffic - by default) or to allow all traffic. Perform the necessary configuration changes described here:

Forwarding for ESET communication only

Proxy chaining (all traffic)

Display a list of content which is currently cached

"C:\Program Files\Apache HTTP Proxy\bin\htcacheclean.exe" -a -p "C:\ProgramData\Apache HTTP Proxy\cache"

Use the htcacheclean tool to clean up the disk cache. See the recommended command below (setting cache size to 20 GB and cached files limit to ~128000):

"C:\Program Files\Apache HTTP Proxy\bin\htcacheclean.exe" -n -t^
-p"C:\ProgramData\Apache HTTP Proxy\cache" -l20000M -L128000

To schedule cache clean up every hour run:

schtasks /Create /F /RU "SYSTEM" /SC HOURLY /TN ESETApacheHttpProxyCleanTask^
/TR "\"C:\Program Files\Apache HTTP Proxy\bin\htcacheclean.exe\"^
-n -t -p \"C:\ProgramData\Apache HTTP Proxy\cache\" -l20000M -L128000"

If you choose to allow all traffic, the recommended commands are:

"C:\Program Files\Apache HTTP Proxy\bin\htcacheclean.exe" -n -t^
-p"C:\ProgramData\Apache HTTP Proxy\cache" -l20000M

schtasks /Create /F /RU "SYSTEM" /SC HOURLY /TN ESETApacheHttpProxyCleanTask^
/TR "\"C:\Program Files\Apache HTTP Proxy\bin\htcacheclean.exe\"^
-n -t -p \"C:\ProgramData\Apache HTTP Proxy\cache\" -l20000M"

note

Note

The ^ character right after the end of line in the commands above is essential and if it is not included the command will not execute correctly.

For more information, visit our Knowledgebase article or the Apache Authentication and Authorization documentation.