Dr.Web Proxy Server

The anti-virus network can consist of one or several Dr.Web Proxy Servers.

The main function of Dr.Web Proxy Server is to establish a connection between Dr.Web Server and Dr.Web Agents in cases when it is impossible to ensure direct access (for example, if Dr.Web Server and Dr.Web Agents are located in separate networks with no packet routing between them).

Dr.Web Proxy Server allows you to use any computer included in the anti-virus network for the following purposes:

As an update relay center to reduce the network load on Dr.Web Server and on the connection between Dr.Web Server and Dr.Web Proxy Server, as well as to reduce the time required for protected stations to receive updates using the caching function.

As a forwarder of virus events from protected stations to Dr.Web Server, which also reduces the network load and ensures trouble-free operation in cases when, for example, a group of stations is located in a network segment, that is isolated from the segment where Dr.Web Server is located.

General Functions

Dr.Web Proxy Server performs the following functions:

1.Listens to the network and manages connections according to the specified protocol and port.

2.Performs protocol translation (supported protocols: TCP/IP).

3.Transfers the data between Dr.Web Server and Dr.Web Agents according to Dr.Web Proxy Server settings.

4.Caches Dr.Web Agent and anti-virus package updates delivered by Dr.Web Server. Using Dr.Web Proxy Server cache for update delivery has the following advantages:

reduction of network traffic,

reduction of delivery time for Dr.Web Agent updates.

5.Encrypts the traffic between Dr.Web Servers and Dr.Web Agents.

info

It is possible to create a hierarchy of Dr.Web Proxy Servers.

The diagram of the anti-virus network when using Dr.Web Proxy Server is shown in the figure below.

scheme-proxy

scheme-icon-server

Dr.Web Server

scheme-icon-lan

LAN

scheme-icon-proxy

Dr.Web Proxy Server

scheme-icon-www

Internet

scheme-icon-station-protected

Protected computer

scheme-icon-router

Router

Diagram of the anti-virus network when using Dr.Web Proxy Server

Principle of Operation

When using Dr.Web Proxy Server, the following operations are performed:

1.If the Dr.Web Server address is not specified in Dr.Web Agent, Dr.Web Agent sends a multicast request according to the network protocol.

2.If Dr.Web Proxy Server is configured to translate connections (the discovery parameter is set to "yes"), a message about the availability of an operating Dr.Web Proxy Server is sent to Dr.Web Agent.

3.Dr.Web Agent applies the received Dr.Web Proxy Server parameters for Dr.Web Server. Further communication is transparent for Dr.Web Agent.

4.Dr.Web Proxy Server listens to the specified ports for incoming connections via the specified protocols according to the configuration file.

5.For each incoming connection from Dr.Web Agent (or Dr.Web Server) Dr.Web Proxy Server establishes a connection to Dr.Web Server (or Dr.Web Agent).

The forwarding algorithm for the list of Dr.Web Servers

1.Dr.Web Proxy Server loads the list of Dr.Web Servers from the drwcsd-proxy.conf configuration file into RAM (see the Appendices, F4. Dr.Web Proxy Server Configuration File).

2.Dr.Web Agent connects to Dr.Web Proxy Server.

3.Dr.Web Proxy Server forwards Dr.Web Agent traffic to the first Dr.Web Server from the list of Dr.Web Servers loaded to RAM.

4.Dr.Web Proxy Server rotates the list in RAM and moves Dr.Web Server from the first position to the end of list.

info

Dr.Web Proxy Server does not save the changed order of Dr.Web Servers in its configuration file. After Dr.Web Proxy Server is restarted, the list of Dr.Web Servers will be loaded into RAM in the original version, which is stored in the configuration file.

5.When the next Dr.Web Agent connects to Dr.Web Proxy Server, the process is repeated from step 2.

6.If Dr.Web Server is disconnected from the anti-virus network (for example, it goes offline or is unavailable due to denial of service), Dr.Web Agent connects to Dr.Web Proxy Server again, and the process is repeated from step 2.

warning

Network scanner launched from an external network (in relation to Dr.Web Agents) will not be able to detect the installed Dr.Web Agents.

info

If the Replace NetBIOS names flag is set in the Dr.Web Server configuration, and the anti-virus network contains Dr.Web Proxy Server, then the names of all stations connected to Dr.Web Server through Dr.Web Proxy Server will be displayed in Dr.Web Security Control Center as the name of a computer that is used as Dr.Web Proxy Server.

Traffic Encryption and Compression

Dr.Web Proxy Server supports traffic compression. Transferred data is processed regardless of whether the traffic is compressed or not.

Dr.Web Proxy Server supports traffic encryption. To support the encryption, Dr.Web Proxy Server must connect to Dr.Web Server (see the Installation Manual, section. Connecting Dr.Web Proxy Server to Dr.Web Server) and sign its certificate with the certificate and private key of Dr.Web Server. Traffic encryption between Dr.Web Server and Dr.Web Proxy Server is performed using the Dr.Web Server certificate; the traffic encryption between Dr.Web Agents and Dr.Web Proxy Server is performed using Dr.Web Proxy Server certificate signed with the Dr.Web Server certificate and private key.

Caching

Dr.Web Proxy Server supports traffic caching.

Products are cached according to their revisions. Each revision is stored in its own directory. A directory of a newer revision contains hard links to the unchanged files from previous revisions as well as the actual changed files. Thus, the files for each version are stored on a hard drive in a single copy, and all directories of newer revisions contain only links to unchanged files.

Depending on the settings specified in the configuration file, the following actions are performed if caching is enabled:

Outdated revisions are deleted periodically. By default—once an hour.

Only the latest revisions are stored. All other, earlier revisions are considered outdated and are deleted. By default, the last 3 revisions are stored.

Unused memory mapped files are periodically unloaded. By default—every 10 minutes.

Settings

Dr.Web Proxy Server does not have a GUI. You can configure it in one of the following ways:

1.Remotely using the Control Center if Dr.Web Proxy Server is connected to Dr.Web Server (see Remote Configuration of Proxy Server).

2.Locally using the configuration file. The format of Dr.Web Proxy Server configuration file is described in the Appendices, section F4. Dr.Web Proxy Server Configuration File.

warning

Only users with administrative privileges on the computer can manage Dr.Web Proxy Server settings (edit the configuration file).

 

For proper operation of Dr.Web Proxy Server on a Linux OS after a reboot, you must edit system network configuration without NetworkManager.

Starting and Stopping

To start and stop Dr.Web Proxy Server on Windows, open Control Panel → Administration → Services, then double-click drwcsd-proxy and select a necessary action in the window that opens.

To start and stop Dr.Web Proxy Server on a Unix-like OS, use the start and stop commands with scripts created during the installation of Dr.Web Proxy Server (see the Installation Manual, section Remote Configuration of Proxy Server).

To start Dr.Web Proxy-server on both Windows OS and Unix-like OS, you can run the drwcsd-proxy executable file with the appropriate switches (see the Appendices, section G5. Dr.Web Proxy Server).