Irbis Firewall: Your personal firewall software for Windows XP/2000

Download the Firewall:
Blacklist updates:
Subscribe:
  • We just tried to make our software easy, powerful, compact and reliable. We hope we did it.
  • Irbis Development team
Irbis Firewall HTTP Proxy Server Overview
Previous  Top  Next
Irbis Firewall embedded HTTP-proxy server can be used to control access to WWW. Configuration wizard will help you to configure this Irbis Firewall subsystem easy. Current version of Irbis Firewall supports following features:

HTTP protocol version 0.99, 1.0 and 1.1  
Document requests via HTTP and FTP protocols  
Access control based on the following criteria:  
Client IP-address  
Server name  
Document name  
Server name pattern  
Document name pattern  
Request method  
Arbitrary combinations of all criteria realized  
Cascading (connect through parent proxy server)  

When properly configured browser sends request, Irbis Firewall embedded proxy server takes it and checks it for the conditions to determine is requester allowed to get this document. If requester is allowed to get the document, Irbis Firewall creates new request and gets document from server, and delivers document to requester. While working Irbis Firewall uses access control lists and access control expressions.

Access control lists are virtually named conditions. This means that any access control list is a condition, and it should have a unique name. Each request may satisfy or not satisfy to a single access control list. E.g. if an access list is based on a client IP address, then a request from the computer with this IP-address is accepted by this access control list, and all other requests are not.

Access control expression is a set of one or more access control lists and an action to perform on request if it is accepted by each of these lists. Each access control list in the expression may have an inversion flag. The expression becomes true if the request is accepted by all the lists, which have no inversion flags set, or if the request is not accepted by all the lists, which have the inversion flags set.

Take a look at the example:

Access control list Accounting Department is a client IP address-based ACL, and client IP address in this list is set to 192.168.0.0/255.255.255.0  

Access control list GIF Files is a document name substring-based ACL, and a substring document name searched is set to .gif  

Access control expression contains  

ACL Accounting department without inverse flag set  
ACL GIF-files with inverse flag set  

The action defined for this access control expression takes place if a request comes from the computer with IP-address from the subnet 192.168.0.0/255.255.255.0 and requested document name does not contain a .gif substring

Irbis Firewall proxy server supports three kinds of actions:

Allow access (Irbis Firewall executes request and sends server reply to the client)  
Deny access (Irbis Firewall notify client that request was cancelled)  
Access through parent (Irbis Firewall sends request to the parent proxy server)  

See also:

Irbis Firewall Overview