Dr.Web Proxy Server

The anti-virus network may consist of one or several Dr.Web Proxy Servers.

The main function of a Proxy Server is to establish a connection between Dr.Web Server and Dr.Web Agents in cases when it is impossible to set up direct access (e.g. if Dr.Web Server and Dr.Web Agents are located in separate networks which do not have packet routing between them).

The Proxy server allows using any computer included in an anti-virus network for the following purposes:

As update relay center to reduce the network load on Dr.Web Server and on connection between Dr.Web Server and the Proxy server, as well as to reduce the time required for protected stations to get updates by using the caching function.

As a distribution center of virus events coming from protected stations to Dr.Web Server, which also reduces network load and allows keeping up with cases when, for example, a group of stations is located in a network segment, which is isolated from the segment Dr.Web Server is in.

General Functions

A proxy server performs the following functions:

1.Network listening and receipt of connections according to the specified protocol and port.

2.Protocol translation (supported protocols: TCP/IP).

3.Data transmission between Dr.Web Server and Dr.Web Agents according to the Proxy Server settings.

4.Caching of Agent and anti-virus package updates, which are translated by Dr.Web Server. In case of using cache of the Proxy Server to translate updates, following are provided:

reducing of network traffic,

reducing of Agent updates receiving time.

5.Supporting the traffic encryption between Dr.Web Servers and the Agents.

info

Proxy Servers can be composed to hierarchical structure.

The general diagram of the anti-virus network when a Proxy Server is used is illustrated in the figure below.

scheme-proxy

scheme-icon-server

Dr.Web Server

scheme-icon-lan

LAN

scheme-icon-proxy

Proxy Server

scheme-icon-www

Internet

scheme-icon-station-protected

Protected computer

scheme-icon-router

Router

Diagram of the anti-virus network when a proxy server is used

Principle of Operation

When a proxy server is used, the following operations are performed:

1.If the address of Dr.Web Server is not specified on the Agent, the Agent sends a multicast request according to the protocol of the network.

2.If the Proxy Server is set up to translate connections (the discovery="yes" parameter), a message about the availability of an operating Proxy Server is sent to the Agent.

3.The Agent sets the received Proxy Server parameters for Dr.Web Server. Further intercommunication is performed transparently for the Agent.

4.The Proxy Server listens specified ports for incoming connections via given protocols according to the configuration file.

5.For each incoming connection from the Agent (or Dr.Web Server) the Proxy Server establishes a connection with Dr.Web Server (or Agent).

The forwarding algorithm for the list of Dr.Web Servers

1.Proxy Server loads to RAM the list of Dr.Web Servers from the drwcsd-proxy.conf configuration file (see the Appendices document, p. Appendix G4).

2.Dr.Web Agent connects to the Proxy Server.

3.Proxy Server forwards Dr.Web Agent traffic to the first Dr.Web Server from Dr.Web Servers list loaded in the RAM.

4.Proxy Server rotate the list in the RAM and moves Dr.Web Server from the first position to the end of list.

info

Proxy Server does not save changed order of Dr.Web Servers to its configuration file. After restart of Proxy Server, the list of Dr.Web Servers is loaded to the RAM in original version, which is stored in the configuration file.

5.When the next Agent connects to the Proxy Server, procedure is repeated from the step 2.

6.If Dr.Web Server disconnects from the anti-virus network (e.g. it gets offline or due to denial of service), the Agent connects to the Proxy Server again, and the procedure is repeated from step 2.

warning

Network scanner which is launched from an external network (in respect to the Agents) is unable to locate the installed Agents.

info

If the Replace NetBIOS names flag is set in the Dr.Web Server configuration, and involved anti-virus network contains the Proxy Server, then names of all stations connected to Dr.Web Server via the Proxy Server will be displayed in Dr.Web Security Control Center as the name of a computer that is used as the Proxy Server.

Traffic Encryption and Compression

Proxy Server supports traffic compression. Transferred data is processed regardless of whether traffic is compressed or not.

Proxy Server supports traffic encryption. To support the encryption, the Proxy Server must connect to Dr.Web Server (see Installation Manual, p. Connecting the Proxy Server to the Dr.Web Server) and sign its certificate by certificate and private key of Dr.Web Server. The traffic encryption between Dr.Web Server and the Proxy Server is performed using the Dr.Web Server certificate; the traffic encryption between the Agents and the Proxy Server is performed using the Proxy Server certificate that is signed by the Dr.Web Server certificate and private key.

Caching

Proxy Server supports traffic caching.

Products are cached by revisions. Each revision stores in separate directory. Directories with all next revisions contain hard links on existing files from old revisions and originals for changed files. Thus, files for each version are stored on a hard drive in a single exemplar, all directories for next revisions contain only links on unchanged files.

According to the settings specified in the configuration file, the following actions are performed if the caching is enabled:

Outdated revisions are periodically deleted. By default—once per hour.

Only latest revisions are stored. All other, earlier revisions are considered outdated and are deleted. By default 3 last revisions are stored.

Unused memory mapped files are periodically unloaded. By default—each 10 minutes.

Settings

The Proxy Server does not have a GUI. You can configure it in one of the following ways:

1.Remotely via the Control Center if the Proxy Server is connected to Dr.Web Server (see Remote Configuration of the Proxy Server).

2.Locally via the configuration file. The format of the configuration file is described in the Appendices document, p. Appendix G4.

warning

Only user with administrative rights on the computer can manage settings (edit configuration file) of Proxy Server.

 

For proper operation of Proxy Server under Linux system-based OS after computer reboot, you must edit system network configuration without Network manager.

Starting and Stopping

To start and stop the Proxy Server under Windows OS, open Control Panel → Administration → Services, then double-click drwcsd-proxy and select a necessary action in the opened window.

To start and stop the Proxy Server under a UNIX-based OS, use the start and stop commands with scripts created during installation of the Proxy Server (see the Installation Manual, p. Installing Proxy Server).

To start the Proxy-server under both Windows OS and UNIX system-based OS, you can run the drwcsd-proxy executable file with corresponding switches (see the Appendices document, p. H5. Proxy Server).