Symantec™ Security Gateways Reference Guide - Sawmill

Understanding accessProxies55Secure sockets layerThe security gateway HTTP proxy passes secure HTTP traffic using secure sockets layer (SSL)transparently or by what Netscape refers to as SSL tunneling. Requests are authorized in the same way asstandard HTTP requests except that the proxy cannot see the full URL. This means that content filtering islimited to a ratings check based on the destination IP and host name, if available. User authenticationcannot be performed on transparent SSL connections because the entire session is encrypted and userinformation is not available to the HTTP proxy.Transparent SSL connections are normally received on port 443. Additional ports are defined in theproperties window for the HTTP proxy.Note: Entering an SSL port in the service group Parameters for HTTP dialog only will not open the desiredport on the security gateway. Ports defined there are for authorization purposes only. You must also definethe SSL port in HTTP proxy.Persistent HTTP connectionsA persistent HTTP connection uses a single connection between a Web client and a Web server to fulfillmultiple HTTP requests. It reduces network load by reducing the number of packets that need to passthrough the network for a number of HTTP requests. Most Web pages require additional HTTP objectsfrom the same site for inline image support. Also, more than one HTML page is usually downloaded from asingle site during a visit Netscape introduced in HTTP 1.1 the concept known as HTTP keep-alive toefficiently deal with this situation.Persistent HTTP connections and pipelining of requests are supported and used by default. Pipelining letsthe client send multiple requests as it would over a standard persistent connection without waiting forresponses. This enhances HTTP performance considerably, unless application data scanning has beendisabled.WebDAV supportThe HTTP proxy supports Web Distributed Authoring and Versioning (WebDAV). WebDAV is a set ofadditional methods that support version control for URLs, enabling distributed source control applicationsto be built using HTTP as the wire protocol.RFC 2518 defines the set of extensions to the HTTP protocol to support WebDAV. The HTTP proxy fullysupports the following three extensions:Overwrite preventionPropertiesName space managementProvides the ability to let only one person work on a document at a time. This prevents thelost update problem in which modifications are lost as first one author makes changes, andthen another author makes changes before merging in the first author’s changes.Also referred to as metadata, this extension provides the ability to create, remove, and queryinformation about a Web page, such as its author, or creation date. This feature also enablesthe user to link pages of any media type to related pages.Provides the ability to copy and move Web pages, and to receive a listing of pages at aparticular hierarchy level, much like a directory listing in a file system.WebDAV support is integrated into several authoring tools, such as Microsoft Word, Excel, and PowerPointfrom the Microsoft Office 2000 suite, Adobe Acrobat, Photoshop, Go Live, and Macromedia Dreamweaver.Microsoft Internet Explorer, Microsoft Outlook and Microsoft Windows 2000 use WebDAV extensions,called Web folders, to support viewing a Web server as a network disk.