Enable Apache HTTP Proxy on the ESET PROTECT Virtual Appliance
Apache HTTP Proxy users Starting with ESET PROTECT 10.0, ESET Bridge replaces Apache HTTP Proxy. Apache HTTP Proxy has reached Limited Support. If you use Apache HTTP Proxy, we recommend migrating to ESET Bridge. |
Apache HTTP Proxy is primarily used for caching detection engine update files and caching information from ESET LiveGrid®. Open terminal and according to your OS version run the following commands as root to enable Apache HTTP Proxy:
•The location of apachectl and htcacheclean will vary based on your system, check it before running the script. •The parameter /var/cache/httpd/proxy determines the location of the caching folder, this location is set in /etc/httpd/conf.d/proxy.conf under CacheRoot. |
For CentOS 7
1.systemctl enable httpd
2. sudo mkdir -p /etc/systemd/system/httpd.service.requires
3. sudo ln -s /usr/lib/systemd/system/htcacheclean.service /etc/systemd/system/httpd.service.requires
4. systemctl start httpd
5. htcacheclean -d60 -t -i -p/var/cache/httpd/proxy -l10000M
You can adjust parameters for Apache HTTP Proxy cache cleaning: -d defines cleaning interval in minutes, -p specifies path as the root directory of the disk cache, -t deletes all empty directories, -i intelligently deletes cache only when there was a modification of the disk cache, -l defines total disk cache size limit. |
6. Enable port 3128 in a firewall:
a)iptables -A INPUT -p tcp --dport 3128 -j ACCEPT
b)ip6tables -A INPUT -p tcp --dport 3128 -j ACCEPT
c)service iptables save
d)service ip6tables save
7.Modify the SELinux policy:
/usr/sbin/setsebool -P httpd_can_network_connect 1
sudo semanage port -a -t http_port_t -p tcp 2222
8.You will need to create policies for all ESET products / ESET PROTECT components to communicate via Apache HTTP Proxy and allow the caching of installation files / update files for ESET products. Ensure the Apache configuration contains the ProxyMatch segment for your server host. For more information, see our Knowledgebase article part II. Configure policy settings for client computers.
Troubleshooting
If you get the EPNS service servers are not accessible alert, follow these steps to disable the connection timeout limits:
1.Create a configuration file reqtimeout.conf:
sudo touch /etc/httpd/conf.d/reqtimeout.conf
2.Open the file in a text editor:
nano /etc/httpd/conf.d/reqtimeout.conf
3.Type this setting into the file:
RequestReadTimeout header=0 body=0
4.Save the changes and close the file:
CTRL+X > type Y > press Enter
5.Open the httpd.conf file:
nano /etc/httpd/conf/httpd.conf
6.Add the following line at the end:
IncludeOptional conf.d/reqtimeout.conf
7.Save the changes a close the file:
CTRL+X > type Y > press Enter
8.Restart the Apache HTTP Proxy service:
systemctl restart httpd