Introduction
  Installing
  Handling
  Virtual servers
  Modules
  Filesystems
  RXML tags
  Graphics
  Proxy
    HTTP proxy
    SSL proxy
    FTP gateway
    Disk cache
  Miscellaneous modules
  Security considerations
  Scripting
  Databases
  LDAP
  FrontPage
  Upgrading
  Third party extensions
  Portability
  Reporting bugs
  Appendix
 
Proxy

A proxy server is used to give access to network services indirectly. All accesses are handled through the proxy server. There are two main reasons for using proxy servers; to enhance security and to reduce network bandwidth.

The rationale for enhancing security through use of a proxy server is that only the computer running the proxy server will access the Internet directly. Therefore it is only that computer that is vulnerable to attacks from the Internet. And since securing one computer is much simpler than securing all computers, security is enhanced.

Network bandwidth can be reduced by the proxy caching requests. If several users request the same page it will only need to be fetched once over the network. Unfortunately not many pages are cacheable, since there are so much dynamic pages out there. But it is usually possible to cache images.

Challenger's proxy capabilities are handled by the HTTP-Proxy, SSL Proxy and FTP gateway module. The simplest way to set up a Challenger proxy server is to create a new virtual server and choose the configuration type Proxy.

A proxy server must bind to its own port, it is not possible to run it IP-less. Nor is it possible to have an IP-less virtual hosting module enabled in the proxy server. Strange things will happen.

Since the proxy functionality is implemented as modules it is possible use them in other ways too. For example, it is possible to fetch www-pages through ftp by enabling the HTTP-Proxy on a virtual server with an ftp port.

It is important not to enable any dangerous modules in a virtual server with proxy modules. It is perfectly possible to get a *.pike file fetched through the FTP Proxy module to run through the Pike script support module.

It might be necessary to enter a security pattern for each proxy module, so that it can only be accessed from within your network. Otherwise your proxy server may give outsiders access to servers within your network. This is especially important for the SSL Proxy module.