Settings for MS Proxy

Grant proxy permission to a new user group

Open the IIS Service Manager, and then open the Web Proxy property page. I'll discuss how to grant permissions to a group in Ms Proxy server. Open the Web Proxy Server property page and select Permissions page.

By default, MS Proxy server does not have permission permissions configured for any protocol. Therefore, no user can access the Internet via WebProxy (or Winsock Proxy), and to grant access to a new Proxy user group, you need to do the following:

1. In the Protocol Drop-down box, select a protocol that you want to specify access rights to.
2. Click the "Add" button and a dialog box will pop up to add the group or user to the access list for this protocol.

1. The list of names in the dropdown table allows you to select any domain, and the external domain can be trusted by a connection or a parallel account in another domain.
2. By default, only local groups and global groups are listed, you can also list all users, configure users individually, but this will be a nightmare for the management of large and medium sized networks. If possible, use a workgroup to configure users.

The Members button on the Add Users and Groups dialog box can display a list of currently selected groups

Control of inbound access from the Internet

After the proxy server is installed, NT has two changes to extend security. The first change is IP forwarding. IP forwarding is a setting in the TCP/IP properties, which is turned off. It controls whether NT forwards IP packets between network interfaces (for example, from the NIC to the RAS connection). When a permanent Internet connection is configured for a network, and each workstation on the Web site has its own Internet direct access configured, IP forwarding must be set to valid so that workstations can packages them to the Internet and vice versa. On the NT server connected to the Internet, it will lock all inbound traffic itself

Further restricting clients connected to NT Server from the Internet, MS Proxy server prohibits all listening for IP ports that have no permissions set, which means that any Internet Service application running on NT Server, such as an FTP server, Telnet Server, or POP3 server, cannot hear any external inbound traffic unless Winsock Proxy permissions are set for these protocols. Web Proxy listens only for traffic on port 80, and 80 ports can also listen for inbound traffic if you set permissions on any of the supported protocols in the Web Proxy.

Isolate it in the MS Proxy server's own domain

If you want to set a very high network security feature for your proxy access, one way is to set up the NT server running Proxy Server as the base domain controller in its own domain. A one-way trust relationship is then built between the proxy domain and the network domain. Proxy domain set? Trust the network domain, but the network domain does not trust the proxy domain, and this setting will better restrict access between the proxy server and all other systems in the network domain.

This method can work well when the network is not set to a domain. However, the NT server running Proxy server can be set to the base domain controller of its own domain relative to the work, which provides better security control and is easier for future extensions.

Monitoring Proxy Server Activity

Two basic methods: the first and most commonly used logging is a standard comma-separated text file or connected to SQL via an ODBC driver. The second approach is to monitor through SNMP. This requires the SNMP service to be installed on NT. The purpose of SNMP is to distribute and sometimes control data to a remote workstation so that services running on NT servers can be monitored and controlled from outside locations

Proxy server can record journal information to a text file, or log information to a data engine through an ODBC driver. The text log is a very simple process and gives the network administrator a quick way to view the events that occur with the Proxy server part (WEB Proxy and WinSock proxy). Logs can be used to generate reports for days, weeks, or months.

Text File records

By default, Proxy server logs all event information to a text file that exists in the following places:
n Web Proxy Logs:c:\winnt\system32\w3plogs
n WinSock Proxy Logs:c:\winnt\system32\wsplogs

New log files are usually automatically created daily, and can be changed to weekly or monthly. A new log file is built when the log file in use reaches the specified size

In the property settings of Web Proxy and WinSock proxy services, there is a log table. The two-service tables are the same.

When a log file is built, its name is based on the current date. For example, the log file was built on December 5, 1996 and the log file name is: w3961205. There are two types of log files: general and verbose, regular logs are short, not all data elements, and detailed logs contain a complete sample of the general log of the data.