Other explicit web proxy options
You can change the following explicit web proxy options as required by your configuration.
HTTP port, HTTPS port, FTP port, PAC port
The TCP port that web browsers use to connect to the explicit proxy for HTTP, HTTPS, FTP and PAC services. The default port is 8080 for all services. By default HTTPS, FTP. and PAC use the same port as HTTP. You can change any of these ports as required. Users configuring their web browsers to use the explicit web proxy should add the same port numbers to their browser configurations.
Proxy FQDN Enter the fully qualified domain name (FQDN) for the proxy server. This is the domain name to enter into browsers to access the proxy server.
Max HTTP request length
Enter the maximum length of an HTTP request in Kbytes. Larger requests will be rejec- ted.
Max HTTP mes- sage length
Enter the maximum length of an HTTP message in Kbytes. Larger messages will be rejected.
Configuring an external IP address for the IPv4 explicit web proxy
You can use the following command to set an external IP address (or pool) that will be used by the explicit web proxy policy.
config web-proxy explicit set status enable
set outgoing-ip <ip1> <ip2> … <ipN>
end
Configuring an external IP address for the IPv6 explicit web proxy
You can use the following command to set an external IP address (or pool) that will be used by the explicit web proxy policy.
config web-proxy explicit set status enable
set outgoing-ipv6 <ip1> <ip2> … <ipN>
end
Restricting the IP address of the IPv4 explicit web proxy
You can use the following command to restrict access to the explicit web proxy using only one IP address. The IP address that you specify must be the IP address of an interface that the explicit HTTP proxy is enabled on. You might want to use this option if the explicit FTP proxy is enabled on an interface with multiple IP addresses.
For example, to require uses to connect to the IP address 10.31.101.100 to connect to the explicit HTTP proxy:
config web-proxy explicit
set incoming-ip 10.31.101.100 end
Restricting the outgoing source IP address of the IPv4 explicit web proxy
You can use the following command to restrict the source address of outgoing web proxy packets to a single IP address. The IP address that you specify must be the IP address of an interface that the explicit HTTP proxy is enabled on. You might want to use this option if the explicit HTTP proxy is enabled on an interface with multiple IP addresses.
For example, to restrict the outgoing packet source address to 172.20.120.100:
config http-proxy explicit
set outgoing-ip 172.20.120.100 end
Restricting the IP address of the explicit IPv6 web proxy
You can use the following command to restrict access to the IPv6 explicit web proxy to use only one IP6 IP address. The IPv6 address that you specify must be the IPv6 address of an interface that the explicit HTTP proxy is enabled on. You might want to use this option if the explicit web proxy is enabled on an interface with multiple IPv6 addresses.
For example, to require uses to connect to the IPv6 address 2001:db8:0:2::30 to connect to the explicit IPv6 HTTP proxy:
config web-proxy explicit
set incoming-ipv6 2001:db8:0:2::30 end
Restricting the outgoing source IP address of the IPv6 explicit web proxy
You can use the following command to restrict the source address of outgoing web proxy packets to a single IPv6 address. The IP address that you specify must be the IPv6 address of an interface that the explicit HTTP proxy is enabled on. You might want to use this option if the explicit HTTP proxy is enabled on an interface with multiple IPv6 addresses.
For example, to restrict the outgoing packet source address to 2001:db8:0:2::50:
config http-proxy explicit
set outgoing-ipv6 2001:db8:0:2::50 end