Subscribe to our mailing list now to be in the know about all the updates of our software!
We just tried to make our firewall software easy, powerful, compact and reliable. We hope we did it.
Irbis Development team
Irbis Firewall HTTP proxy server overview
Common Information
Client interaction via HTTP protocol version 0.99, 1.0 and 1.1
Support of document requests via HTTP and FTP protocols
Access control based on the following criteria:
Client IP-address
Server name
Document name
Server name substring
Document name substring
Request type
Arbitrary combinations of all criteria realized
Irbis Firewall embedded proxy server uses access control
lists and access control expressions.
Access control lists are
virtually named conditions. This means that any access control
list is a condition, and it should have a unique name. Each
request may satisfy or not satisfy to a single access control
list. E.g. if an access list is based on a client IP address,
then a request from the computer with this IP-address is accepted
by this access control list, and all other requests are not.
Access control expression is a set of one or more
access control lists and an action to perform on request if
it is accepted by each of these lists. Each access control list
in the expression may have an inversion flag. The expression
becomes true if the request is accepted by all the lists, which
have no inversion flags set, or if the request is not accepted
by all the lists, which have the inversion flags set.
Take a look at the example:
Accounting Department access control list is a
client IP address-based list, and client IP address
in this list is set to 192.168.0.0/255.255.255.0
GIF Files access control list is a document name
substring-based, and a substring document name searched
is set to .gif
Access control expression contains
ACL Accounting department without inverse flag set
ACL GIF-files with inverse flag set
The action defined for this access control expression takes
place if a request comes from the computer with IP-address from
the subnet 192.168.0.0/255.255.255.0 and requested document name
does not contain a .gif substring
Irbis Firewall proxy server supports three kinds of actions:
Allow access (Irbis Firewall executes request
and sends server reply to the client)
Deny access (Irbis Firewall notify client that request was cancelled)
Access through parent (Irbis Firewall sends request to the parent proxy server)