FAQ
- A: First of all, you should realize that most of the features in IQ Proxy have sound default values. So unless your needs are specific, all you need to do is create the web server entries from "Web Servers" and assign them to "URL Rules". Make sure the port 80 or whatever port you want (you can configure that from "Options" tab sheet as well), is not blocked by any network firewall. To test your server, enter its IP into your browser such as http://localhost.
- A: In order for IQProxy to work in transparent proxy mode, make sure you install the software on the network gateway computer and select "transparent mode" from Content Proxy->Options. You should also make sure the listening port of the forward proxy (8080 by default) is not allocated by any other program and CProxy->Status shows as running.
- A: You should realize that most of the features in IQ Proxy has sound default values. So unless your needs are specific, all you need to do is configure your browser to use the proxy IP/port. If you do want to limit the access to the proxy, you can simply use the "Firewall" (we would suggest the country filter, permit->LAN Subnet) or "Authentication" features. Make sure the port 8080 or whatever port you want (you can configure that from "Options" tab sheet as well), is not blocked by any firewall. The content proxy module listens on one IP--in your case it is the LAN IP at the bottom of the GUI and by default on port 8080 which you can configure from CProxy->Options->Listening Port. You will most probably do not need to touch the listening IP though as 0.0.0.0 means all unassigned IPs which should be just fine. Next step is to configure your browser: We will explain Internet Explorer 8 as that seems to be the most common one as of March 2011. Please open the drop-down menu Tools->Internet Options->Connections->LAN Settings and check "Use a proxy server for your LAN" and enter the LAN IP of the IQP and the port (remember, it was by default 8080).
- A: All you need to do is to backup *.ini from IQP engine's program files folder. Also, you should print and backup your registration email.
- A: The default password in IQ Proxy is blank space.
- A: Please shut down the service then browse to the program files folder of the IQ Proxy Engine and edit the IQ.ini file ("AdminSettings" section) by deleting the "password" line.
- A: Establishing an HTTP Server in the above situation is not challenging. If you configure your router and firewall to pass TCP port 80 or whatever port you are configured for listening in from Options tabsheet, it would forward connections to your computer. You should also do the same for the administration server's IP address and port number if you are willing to administer remotely. Also, IQ Proxy accesses www.fastream.com and some other site for determining the WAN IP of the machine in the absence of a real IP address.
- A: When a web server does not respond at all or simply timeouts or returns 500, then the failure counter is incremented. When it reaches Max. Failure Times (see Options), then it is suspended until Fail. Times suspend period. If there is no other web servers assigned to the URL Rule, then a 503 is returned from IQProxy. If the "Accept 500 as web servere error" is checked in Options, then 500 status code responses such as those returned by ASP are counted as server failure so uncheck if you are running ASP/ASP.NET.
- A: If you want a radical-solution without any no-cache validation or whatsoever (which is the case with no "Override web server cache expiration policy" for 2 secs and when "Override web server cache expiration policy" is set, it is the defined period), just set a dummy cookie if there is no Set-Cookie in the header.
- A: The default account for IQ Proxy's Engine service is the Local System account. This account is limited by Windows™ as having no access to Microsoft network drives. To enable it, you need to go to Control Panel -> Administrative Tools -> Services and select the "Fastream IQ Reverse/ Content Proxy Engine" service. Then right click and click on Properties-> Go to Log On Tab. From here you need to select either a network account or an administrative account.
- A: There are a few items you need to do in order SSL to work: You need to assign a certificate: This could be either a self-signed one (see the "self-sign certificate" button) or you should purchase a certificate from a company (CA) such as Verisign, Thawte, etc. The purchased certificate must be in PEM format. If it comes as a single pem file, you need to edit not with notepad but with another text editor and copy the private key to another pem file. When you buy a certificate from a CA, basically they will give you three files:
1. Root certificate
2. Intermediate certificates
3. Server certificate
Plus you should have the private key file created during CSR creation. With a text editor such as TextPad or CrimsonEditor, you must merge the Intermediate certificate with root certificate by leaving a blank line in between. The intermediate certificates must be at the end and the newly formed file should be assigned to CAFile in the SSL tabsheet.
You should also type the domains that you want to serve encrypted with the SSL layer into the "Accepted Hosts" section such as "localhost;www.fastream-test.com" (without the quotes; notice the semicolon delimiting).
You must forward the TCP port 443 (defined in Options) for serving outside your LAN from your firewall/router (or whichever TCP port you configured for listening from Options tab sheet).
- A: In a typical case, first you need to decide on the listening IP/port in Options. You will probably want the port to be the standard 80 (for HTTP) and 443 (for HTTPS/SSL). The tricky part is the IP. If you have only one proxy port listening (only one tab sheet for proxy), then it is suggested that you leave this at 0.0.0.0 which means "answer incoming requests from all the IPs assigned on all adapters of the server computer such as 127.0.0.1 (localhost), 192.168.xxx.xxx, 10.xxx.xxx.xxx, other LAN IPs and WAN IPs forwarded from router and/or real IPs. If you assign a real IP here such as 144.122.1.100, then to access the site from the same host computer, you cannot use localhost (127.0.0.1) as the IP. You must use 144.122.1.100 directly. What is useful in assigning a real IP is that you can listen on other IPs with different proxy tabs- each one in its own thread/listening socket. For example, let?s assume that 144.122.1.100-103 is assigned to the same computer via two NICs. Here is how you may want to distribute them: 144.122.1.100:80 listens for proxy A 144.122.1.101:80 listens for proxy B 0.0.0.0:80 (which means the rest of the IPs assigned-102-103 here) listens for proxy C This gets even more useful when thought with SSL/SSL certificates: There can be only one certificate assigned for each IP/port even though many virtual domains could co-exist in one IP/port. So for each domain to be certified on port 443, you need a listener proxy: 144.122.1.100:443 listens for proxy A which SSL certifies www.domainA.com 144.122.1.101:443 listens for proxy B which SSL certifies www.domainB.com Now that we explained the IP setting in Options, let's see how the Servers tab works: In servers, the important parts are IP, port and path. IP can be the real IP of the web server or if the LAN is behind NAT, it should be the LAN IP of the web server such as 192.168.1.200 or 10.1.1.20. Port is the listening port of the web server. Now what is "path"? Path is for relative URL rewriting. For example, let's say you do not want the clients to access the root of the web server but the redirected root needs to start from "IQPRoot/"of the web server. To clarify, let's talk in the context of the file system of the web server. Suppose that it has a structure like: C:\InetPub\wwwroot\ C:\InetPub\wwwroot\IQ ProxyRoot\ Now the first one is the "/" (root) of the web server. If you want this path to be inaccessible for one URL Rule this server entry is assigned to, then enter /IQ ProxyRoot/ in the Servers? path. Let's now understand how URL Rules work. In order for a URL Rule to work, it needs to have a Rule entry such as, Default (which cannot be removed-to catch all requests uncatched by other rules) */images (catches all domains? /images folder) www.domainxyz.com/ (catches the domain domainxyz.com) Also, for this case and similar ones, you must not check "preserve path" from URL Rules screen for the URL rule and also do check "content translation" from Options.
- A: In a typical case, first you need to decide on whether you want to keep the host name of the incoming browser request in the connection from IQ Proxy to web servers or replace with the host name of the web server. If you want to have, www.xyz.com to be passed to the web server at 144.122.1.10 as it is, then define the web server in "Servers" as 144.122.1.10 (numeric IP). If you want to have it replaced, then use the host name of 144.122.1.10 (i.e. webserver1.xyz.com). In both cases, if you enable "Link Translation", redirections to self of web server will be rewritten. If you want the HTML to be rewritten as well, enable "Content Translation" as well. These are in "Options".
- A: You need to create a URL rule like http://* and assign a redirected web server as, https://www.domain.com.
- A: There are a few things you need to be aware of: 1) You must disable "preserve path" for the url rules for Exchange 2) You must enable "link and content translation" from Options 3) If your OWA mandates an SSL connection to itself from IQ Proxy, then you must create two url rules and two web servers. For example: URL Rule #1: ssl://* assigned the web server #1: https://1.2.3.4:443/ URL Rule #2: http://* assigned the web server #2: http://1.2.3.4:80/ 4) You must disable NTLM authentication from the MS web server product and enable Basic authentication instead. Also, disable authentication on IQP URL Rule(s). 5) You need to point the domain used by OWA to IQP server, and then use the numeric IPs of the OWA (see 3.) to route in URL Rules.
- A: First of all, from v2.6.4R on, all pages can be cached except there is Set-Cookie in response header. To make sure cache is in place, if you have any exceptions in RProxy->Options->Extensions to Exclude from Cache, please clear that. Secondly, you may want to override server "no-cache" response header directive by clicking "override..." from Cache tabsheet. This way, unless a set-cookie is in header, pages will be cached for the duration specified in Cache tabsheet according to their extensions. If there is no file extension such as www.domain.com/path/ then you should use "folder" as extension. From v2.6.3R on, content translated pages are also cached for 1000% speed! You need to do nothing for this. Of course, let me remind what "link translation" and "content translation" do: Link translation is for 301/302/307 responses; translates domain and path -when self-directing to web server itself- to point to IQP. Content translation is for text/html mime type (most .php, .pl, .rb, .asp, .aspx, .htm, .html,...) to be parsed and then URLs to be translated.
- A: If your sessions are working with Firefox and IE but not with Chrome, it is due to Google Chrome bug of handling cookie name as delimiter. Try to avoid using semicolon in your name and values. See reference.
Download Latest Version
