You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@trafficserver.apache.org by bu...@apache.org on 2011/02/13 22:38:51 UTC
svn commit: r785389 [6/7] - in
/websites/staging/trafficserver/trunk/content/docs/trunk: ./
admin/configuration-files/ admin/configuring-cache/
admin/configuring-traffic-server/ admin/event-logging-formats/
admin/explicit-proxy-caching/ admin/faqs/ adm...
Added: websites/staging/trafficserver/trunk/content/docs/trunk/admin/reverse-proxy-http-redirects/index.en.html
==============================================================================
--- websites/staging/trafficserver/trunk/content/docs/trunk/admin/reverse-proxy-http-redirects/index.en.html (added)
+++ websites/staging/trafficserver/trunk/content/docs/trunk/admin/reverse-proxy-http-redirects/index.en.html Sun Feb 13 21:38:50 2011
@@ -0,0 +1,311 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"
+ xml:lang="en" lang="en">
+ <head>
+
+ <link rel="stylesheet" href="/styles/pygments_style.css" />
+
+ <title></title>
+ <!-- Licensed to the Apache Software Foundation (ASF) under one or more contributor license agreements. See the NOTICE file distributed with this work for additional information regarding copyright ownership. The ASF licenses this file to you under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at . http://www.apache.org/licenses/LICENSE-2.0 . Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License. -->
+ </head>
+
+ <body>
+ <div id="header">
+ <span id="ts_logo">
+ <a href="http://trafficserver.apache.org/"><img alt="Apache Traffic Server" src="/images/ts75.png" /></a>
+ </span>
+ <h1></h1>
+ </div>
+
+ <div id="content">
+ <p><a href="/index.html"><img alt="" src="/images/ts75.png" /></a>â¢</p>
+<h1 id="AdministratorsGuide">Administrator's Guide</h1>
+<h1 id="ReverseProxyHTTPRedirects">Reverse Proxy and HTTP Redirects</h1>
+<p>As a reverse proxy cache, Traffic Server serves requests on behalf of origin
+servers. Traffic Server is configured in such a way that it appears to clients
+like a normal origin server.</p>
+<p>This chapter discusses the following topics: </p>
+<ul>
+<li><a href="#UnderstandingReverseProxyCaching">Understanding Reverse Proxy Caching</a></li>
+<li><a href="#HTTPReverseProxy">HTTP Reverse Proxy</a></li>
+<li><a href="#RedirectingHTTPRequests">Redirecting HTTP Requests</a></li>
+</ul>
+<h2 id="UnderstandingReverseProxyCaching">Understanding Reverse Proxy Caching</h2>
+<p>With <strong>forward proxy caching</strong>, Traffic Server handles web requests to distant
+origin servers on behalf of the clients requesting the content. <strong>Reverse proxy
+caching</strong> (also known as <strong>server acceleration </strong>or <strong>virtual web hosting</strong>)
+is different because Traffic Server acts as a proxy cache on behalf of the
+origin servers that store the content. Traffic Server is configured to be <em>the</em>
+origin server that the user is trying to connect to (in contrast to a typical
+scenario inwhich the advertised hostname of the origin server resolves to Traffic
+Server, which acts as the real origin server). </p>
+<h3 id="ReverseProxySolutions">Reverse Proxy Solutions</h3>
+<p>There are many ways to use Traffic Server as a reverse proxy. Below are a few
+example scenarios. </p>
+<p>You can use Traffic Server in reverse proxy mode to: </p>
+<ul>
+<li>Offload heavily-used origin servers</li>
+<li>Deliver content efficiently in geographically distant areas</li>
+<li>Provide security for origin servers that contain sensitive information </li>
+</ul>
+<h4 id="OffloadingHeavily-UsedOriginServers">Offloading Heavily-Used Origin Servers</h4>
+<p>Traffic Server can absorb requests to the main origin server and improve the
+speed & quality of web serving by reducing load and hot spots on backup origin
+servers. For example, a web hoster can maintain a scalable Traffic Server serving
+engine with a set of low-cost, low-performance, less-reliable PC origin servers
+as backup servers. In fact, a single Traffic Server can act as the virtual
+origin server for multiple backup origin servers, as shown in the figure below. </p>
+<p><img alt="" src="images/revproxy.jpg" /></p>
+<blockquote>
+<p><em><strong>Traffic Server as reverse proxy for a pair of origin servers </strong></em></p>
+</blockquote>
+<h4 id="DeliveringContentinGeographically-DispersedAreas">Delivering Content in Geographically-Dispersed Areas</h4>
+<p>Traffic Server can be used in reverse proxy mode to accelerate origin servers
+that provide content to areas not located within close geographical proximity.
+Caches are typically easier to manage and are more cost-effective than replicating
+data. For example, Traffic Server can be used as a mirror site on the far side
+of a trans-Atlantic link to serve users without having to fetch the request
+and content across expensive international connections. Unlike replication,
+for which hardware must be configured to replicate all data and to handle peak
+capacity, Traffic Server dynamically adjusts to best utilize the serving and
+storing capacity of the hardware. Traffic Server is also designed to keep content
+fresh automatically, thereby eliminating the complexity of updating remote
+origin servers. </p>
+<h4 id="ProvidingSecurityforanOriginServer">Providing Security for an Origin Server</h4>
+<p>Traffic Server can be used in reverse proxy mode to provide security for an
+origin server. If an origin server contains sensitive information that you
+want to keep secure inside your firewall, then you can use a Traffic Server
+outside the firewall as a reverse proxy for that origin server. When outside
+clients try to access the origin server, the requests instead go to Traffic
+Server. If the desired content is <em>not</em> sensitive, then it can be served from
+the cache. If the content is sensitive and not cacheable, then Traffic Server
+obtains the content from the origin server (the firewall allows only Traffic
+Server access to the origin server). The sensitive content resides on the origin
+server, safely inside the firewall. </p>
+<h3 id="how_does_reverse_proxy_work___howdoesreverseproxywork">How Does Reverse Proxy Work? ### {#HowDoesReverseProxyWork?}</h3>
+<p>When a browser makes a request, it normally sends that request directly to
+the origin server. When Traffic Server is in reverse proxy mode, it intercepts
+the request before it reaches the origin server. Typically, this is done by
+setting up the DNS entry for the origin server (ie, the origin serverâs 'advertised'
+hostname) so it resolves to the Traffic Server IP address. When Traffic Server
+is configured as the origin server, the browser connects to Traffic Server
+rather than the origin server. For additional information, see <a href="#HTTPReverseProxy">HTTP Reverse
+Proxy</a>.</p>
+<p><strong>Note:</strong> To avoid a DNS conflict, the origin serverâs hostname and its advertised
+hostname must not be the same. </p>
+<h2 id="HTTPReverseProxy">HTTP Reverse Proxy</h2>
+<p>In reverse proxy mode, Traffic Server serves HTTP requests on behalf of a web
+server. The figure below illustrates how Traffic Server in reverse proxy mode
+serves an HTTP request from a client browser. </p>
+<p><img alt="" src="images/httprvs.jpg" /></p>
+<blockquote>
+<p><em><strong>HTTP reverse proxy </strong></em></p>
+</blockquote>
+<p>The figure above demonstrates the following steps: </p>
+<ol>
+<li>A client browser sends an HTTP request addressed to a host called <code>www.host.com</code> on port 80. Traffic Server receives the request because it is acting as the origin server (the origin serverâs advertised hostname resolves to Traffic Server). </li>
+<li>Traffic Server locates a map rule in the <code>remap.config</code> file and remaps the request to the specified origin server (<code>realhost.com</code>). </li>
+<li>Traffic Server opens an HTTP connection to the origin server. </li>
+<li>If the request is a cache hit and the content is fresh, then Traffic Server sends the requested object to the client from the cache. Otherwise, Traffic Server obtains the requested object from the origin server, sends the object to the client, and saves a copy in its cache. </li>
+</ol>
+<p>To configure HTTP reverse proxy, you must perform the following tasks: </p>
+<ul>
+<li>Create mapping rules in the <code>remap.config</code> file (refer to <a href="#CreatingMappingRulesHTTPRequests">Creating Mapping Rules for HTTP Requests</a>). </li>
+<li>Enable the reverse proxy option (refer to <a href="#EnablingHTTPReverseProxy">Enabling HTTP Reverse Proxy</a>). </li>
+</ul>
+<p>In addition to the tasks above, you can also <a href="#SettingOptionalHTTPReverseProxyOptions">Set Optional HTTP Reverse Proxy
+Options</a>. </p>
+<h3 id="CreatingMappingRulesforHTTPRequests">Creating Mapping Rules for HTTP Requests</h3>
+<p>In forward proxy caching, Traffic Server acts as a proxy server and receives
+proxy requests. In reverse proxy caching, however, Traffic Server must act
+as an origin server rather than a proxy server - this means that it receives
+server requests and not proxy requests. Therefore, to satisfy proxy requests,
+Traffic Server must construct a proxy request from the server request. </p>
+<p>In HTTP, proxy requests specify the entire URL whereas server requests specify only the path. A server request might look like this:<br />
+<code>GET /index.html HTTP/1.0 Host: real.dianes_books.com</code><br />
+</p>
+<p>However, the corresponding proxy request would look like this: <br />
+<code>GET http://real.dianes_books.com/index.html HTTP/1.0 Host: real.dianes_books.com</code></p>
+<p>Traffic Server can construct a proxy request from a server request by using the server information in the host header. However, the correct proxy request must contain the hostname of the origin server, not the advertised hostname that name servers associate to Traffic Server. The advertised hostname is the name that appears in the host header; for the origin server <code>real.dianes_books.com</code>, the server request and host header would be:<br />
+<code>GET /index.html HTTP/1.0 Host: www.dianes_books.com</code></p>
+<p>And the correct proxy request should be <br />
+<code>GET http://real.dianes_books.com/index.html HTTP/1.0 Host: real.dianes_books.com</code> <br />
+</p>
+<p>To translate <code>www.dianes_books.com</code> to <code>real.dianes_books.com</code>, Traffic Server
+needs a set of URL rewriting rules (mapping rules). Mapping rules are described
+in <a href="#UsingMappingRulesHTTPRequests">Using Mapping Rules for HTTP Requests</a>. </p>
+<p>In general, use reverse proxy mode to support more than one origin server.
+In this case, all of the advertised hostnames resolve to the IP address or
+virtual IP address of Traffic Server. Using host headers, Traffic Server is
+able to translate server requests for any number of servers into proxy requests
+for those servers. If Traffic Server receives requests from older browsers
+that do not support host headers, then Traffic Server can either route these
+requests directly to a specific server or send the browser to a URL containing
+information about the problem (refer to <a href="#SettingOptionalHTTPReverseProxyOptions">Setting Optional HTTP Reverse Proxy
+Options</a>). </p>
+<h4 id="HandlingOriginServerRedirectResponses">Handling Origin Server Redirect Responses</h4>
+<p>Origin servers often send redirect responses back to browsers that redirecting
+them to different pages. For example, if an origin server is overloaded, then
+it might redirect browsers to a less loaded server. Origin servers also redirect
+when web pages have moved to different locations. When Traffic Server is configured
+as a reverse proxy, it must readdress redirects from origin servers so that
+browsers are redirected to Traffic Server and <em>not</em> to another origin server. </p>
+<p>To readdress redirects, Traffic Server uses reverse-map rules. In general,
+you should set up a reverse-map rule for each map rule. To create reverse-map
+rules, refer to <a href="#UsingMappingRulesHTTPRequests">Using Mapping Rules for HTTP Requests</a>. </p>
+<h4 id="UsingMappingRulesforHTTPRequests">Using Mapping Rules for HTTP Requests</h4>
+<p>Traffic Server uses two types of mapping rules for HTTP reverse proxy: </p>
+<ul>
+<li>A <strong>map rule</strong> translates the URL in client requests into the URL where the content is located. When Traffic Server is in reverse proxy mode and receives an HTTP client request, it first constructs a complete request URL from the relative URL and its headers. Traffic Server then looks for a match by comparing the complete request URL with its list of target URLs in the <code>remap.config</code>file. For the request URL to match a target URL, the following conditions must be true: </li>
+<li>The scheme of both URLs must be the same</li>
+<li>The host in both URLs must be the same. If the request URL contains an unqualified hostname, then it will never match a target URL with a fully-qualified hostname.</li>
+<li>The ports in both URLs must be the same. If no port is specified in a URL, then the default port for the scheme of the URL is used.</li>
+<li>The path portion of the target URL must match a prefix of the request URL path
+ If Traffic Server finds a match, then it translates the request URL into the replacement URL listed in the map rule: it sets the host and path of the request URL to match the replacement URL. If the URL contains path prefixes, then Traffic Server removes the prefix of the path that matches the target URL path and substitutes it with the path from the replacement URL. If two mappings match a request URL, then Traffic Server applies the first mapping listed in the <code>remap.config</code> file. </li>
+<li />
+<li>A <strong>reverse-map rule</strong> translates the URL in origin server redirect responses to point to Traffic Server so that clients are redirected to Traffic Server instead of accessing an origin server directly. For example, if there is a directory <code>/pub</code> on an origin server at <code>www.molasses.com</code> and a client sends a request to that origin server for <code>/pub</code>, then the origin server might reply with a redirect to <code>http://www.test.com/pub/</code> to let the client know that it was a directory it had requested, not a document (a common use of redirects is to normalize URLs so that clients can bookmark documents properly). <br />
+ Traffic Server uses reverse-map rules to prevent clients (that receive redirects from origin servers) from bypassing Traffic Server and directly accessing the origin servers. </li>
+</ul>
+<p>Both map and reverse-map rules consist of a <strong>target</strong> (origin) URL and a <strong>replacement</strong>
+(destination) URL. In a <strong>map rule</strong>, the target URL points to Traffic Server
+and the replacement URL specifies where the original content is located. In
+a <strong>reverse-map rule</strong>, the target URL specifies where the original content
+is located and the replacement URL points to Traffic Server. Traffic Server
+stores mapping rules in the <code>remap.config</code> file located in the Traffic Server
+<code>config</code> directory.</p>
+<h5 id="createmappingrules">To create mapping rules:</h5>
+<ol>
+<li>In a text editor, open the <code>remap.config</code> file located in the Traffic Server <code>config</code> directory. </li>
+<li>Enter your map and reverse-map rules (refer to <a href="files.htm#remap.config">remap.config</a>). </li>
+<li>Save and close the <code>remap.config</code> file. </li>
+<li>Navigate to the Traffic Server <code>bin</code> directory. </li>
+<li>Run the command <code>traffic_line -x</code> to apply the configuration changes.</li>
+</ol>
+<h3 id="EnablingHTTPReverseProxy">Enabling HTTP Reverse Proxy</h3>
+<p>To enable HTTP reverse proxy, follow the steps below.</p>
+<ol>
+<li>In a text editor, open the <code>records.config</code> file located in the <code>config</code> directory. </li>
+<li>Edit the following variable:</li>
+<li>
+<dl>
+<dt><strong>Variable</strong> <strong>Description</strong></dt>
+<dt><code>_proxy.config.reverse_proxy.enabled_</code></dt>
+<dd>Set this variable to 1 to enable HTTP reverse proxy mode. </dd>
+</dl>
+</li>
+<li>
+<p>Save and close the <code>records.config</code> file. </p>
+</li>
+<li>Navigate to the Traffic Server <code>bin</code> directory. </li>
+<li>Run the command <code>traffic_line -x</code> to apply the configuration changes. </li>
+</ol>
+<h3 id="SettingOptionalHTTPReverseProxyOptions">Setting Optional HTTP Reverse Proxy Options</h3>
+<p>Traffic Server provides several reverse proxy configuration options that enable
+you to: </p>
+<ul>
+<li>Configure Traffic Server to retain the client host header information in a request during translation</li>
+<li>Configure Traffic Server to serve requests only to the origin servers listed in the mapping rules. As a result, requests to origin servers not listed in the mapping rules are not served.</li>
+<li>Specify an alternate URL to which incoming requests from older clients (i.e., ones that do not provide <code>Host</code> headers) are directed</li>
+</ul>
+<h5 id="setoptionalHTTPreverseproxyoptions">To set optional HTTP reverse proxy options:</h5>
+<ol>
+<li>In a text editor, open the <code>records.config</code> file located in the <code>config</code> directory. </li>
+<li>Edit the following variables:</li>
+<li>
+<dl>
+<dt><strong>Variable</strong> <strong>Description</strong></dt>
+<dt><code>_proxy.config.url_remap.pristine_host_hdr_</code></dt>
+<dd>Set this variable to 1 to retain the client host header in the request. <br />
+ Set this variable to 0 (zero) if you want Traffic Server to translate the client host header.</dd>
+<dt><code>_proxy.config.url_remap.remap_required_</code></dt>
+<dd>Set this variable to 1 if you want Traffic Server to serve requests only to the origin servers listed in the mapping rules of the <code>remap.config</code> file. <br />
+ Set this variable to 0 (zero) if you want Traffic Server to serve requests to all origin servers.</dd>
+<dt><code>_proxy.config.header.parse.no_host_url_redirect_</code></dt>
+<dd>Enter the URL to which to redirect requests with no host headers.</dd>
+</dl>
+</li>
+<li>
+<p>Save and close the <code>records.config</code> file. </p>
+</li>
+<li>Navigate to the Traffic Server <code>bin</code> directory. </li>
+<li>Run the command <code>traffic_line -x</code> to apply the configuration changes. </li>
+</ol>
+<h2 id="RedirectingHTTPRequests">Redirecting HTTP Requests</h2>
+<p>You can configure Traffic Server to redirect HTTP requests without having to
+contact any origin servers. For example, if you redirect all requests for <code>http://www.ultraseek.com</code>
+to <code>http://www.server1.com/products/portal/search/</code>, then all HTTP requests
+for <code>www.ultraseek.com</code> go directly to <code>www.server1.com/products/portal/search</code>. </p>
+<p>You can configure Traffic Server to perform permanent or temporary redirects.
+<strong>Permanent redirects</strong> notify the browser of the URL change (by returning
+the HTTP status code <code>**301**</code>) so that the browser can update bookmarks. <strong>Temporary
+redirects </strong>notify the browser of the URL change for the current request only
+(by returning the HTTP status code <strong><code>307</code></strong>).</p>
+<h5 id="setredirectrules">To set redirect rules:</h5>
+<ol>
+<li>In a text editor, open the <code>remap.config</code> file located in the Traffic Server <code>config</code> directory. </li>
+<li>The following permanently redirects all HTTP requests for <code>www.server1.com</code> to <code>www.server2.com</code> :<br />
+<code>redirect http://www.server1.com http://www.server2.com</code><br />
+<dl>
+<dt>Enter a mapping rule for each redirect you want to set. Each mapping rule must be on a separate line and must consist of three space-delimited fields: <code>type</code>, <code>target</code>, and <code>replacement</code>. The following table describes the format for each field.</dt>
+<dt><strong>Field</strong> <strong>Description</strong></dt>
+<dt><code>type</code></dt>
+<dd>Enter either one of the following: <br />
+<code>redirect</code>âredirects HTTP requests permanently without having to contact the origin server. <br />
+<code>redirect_temporary</code>âredirects HTTP requests temporarily without having to contact the origin server.</dd>
+<dt><code>target</code></dt>
+<dd>Enter the origin or from URL. You can enter up to four components: <br />
+<em><code>scheme://host:port/path_prefix</code></em></dd>
+<dt><code>replacement</code></dt>
+<dd>Enter the destination or to URL. You can enter up to four components: <br />
+<em><code>scheme://host:port/path_prefix</code></em></dd>
+</dl>
+</li>
+<li>
+<p>Save and close the <code>remap.config</code> file. </p>
+</li>
+<li>Navigate to the Traffic Server <code>bin</code> directory. </li>
+<li>
+<p>Run the command <code>traffic_line -x</code> to apply the configuration changes.</p>
+</li>
+<li>
+<p><a href="intro.htm">Overview</a></p>
+</li>
+<li><a href="getstart.htm">Getting Started</a></li>
+<li><a href="http.htm">HTTP Proxy Caching </a></li>
+<li><a href="explicit.htm">Explicit Proxy Caching</a></li>
+<li><a href="reverse.htm">Reverse Proxy and HTTP Redirects</a></li>
+<li><a href="hier.htm">Hierarchical Caching</a></li>
+<li><a href="cache.htm">Configuring the Cache</a></li>
+<li><a href="monitor.htm">Monitoring Traffic</a></li>
+<li><a href="configure.htm">Configuring Traffic Server</a></li>
+<li><a href="secure.htm">Security Options</a></li>
+<li><a href="log.htm">Working with Log Files</a></li>
+<li><a href="cli.htm">Traffic Line Commands</a></li>
+<li><a href="logfmts.htm">Event Logging Formats</a></li>
+<li><a href="files.htm">Configuration Files</a> </li>
+<li><a href="errors.htm">Traffic Server Error Messages</a></li>
+<li><a href="trouble.htm">FAQ and Troubleshooting Tips</a></li>
+<li><a href="ts_admin_chinese.pdf">Traffic Server 管çåæå</a> (PDF)</li>
+</ol>
+<p>Copyright © 2011 <a href="http://www.apache.org/">The Apache Software Foundation</a>.
+Licensed under the <a href="http://www.apache.org/licenses/">Apache License</a>, Version
+2.0. Apache Traffic Server, Apache, the Apache Traffic Server logo, and the
+Apache feather logo are trademarks of The Apache Software Foundation.</p>
+ </div>
+
+ <div id="footer">
+ Copyright © 2010
+ <a href="http://www.apache.org/">The Apache Software Foundation</a>.
+ Licensed under
+ the <a href="http://www.apache.org/licenses/">Apache License</a>,
+ Version 2.0. Apache Traffic Server, Apache,
+ the Apache Traffic Server logo, and the Apache feather logo are
+ trademarks of The Apache Software Foundation.
+ <span id="apache_logo">
+ <a href="http://www.apache.org/"><img alt="The Apache Software Foundation" src="http://www.apache.org/images/feather-small.gif" /></a>
+ </span>
+ </div>
+
+ </body>
+</html>
Added: websites/staging/trafficserver/trunk/content/docs/trunk/admin/security-options/index.en.html
==============================================================================
--- websites/staging/trafficserver/trunk/content/docs/trunk/admin/security-options/index.en.html (added)
+++ websites/staging/trafficserver/trunk/content/docs/trunk/admin/security-options/index.en.html Sun Feb 13 21:38:50 2011
@@ -0,0 +1,392 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"
+ xml:lang="en" lang="en">
+ <head>
+
+ <link rel="stylesheet" href="/styles/pygments_style.css" />
+
+ <title></title>
+ <!-- Licensed to the Apache Software Foundation (ASF) under one or more contributor license agreements. See the NOTICE file distributed with this work for additional information regarding copyright ownership. The ASF licenses this file to you under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at . http://www.apache.org/licenses/LICENSE-2.0 . Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License. -->
+ </head>
+
+ <body>
+ <div id="header">
+ <span id="ts_logo">
+ <a href="http://trafficserver.apache.org/"><img alt="Apache Traffic Server" src="/images/ts75.png" /></a>
+ </span>
+ <h1></h1>
+ </div>
+
+ <div id="content">
+ <p><a href="/index.html"><img alt="" src="/images/ts75.png" /></a>â¢</p>
+<h1 id="AdministratorsGuide">Administrator's Guide</h1>
+<h1 id="SecurityOptions">Security Options</h1>
+<p>Traffic Server provides a number of security features.</p>
+<p>This chapter discusses the following topics: </p>
+<ul>
+<li><a href="#ControllingClientAccessProxyCache">Controlling Client Access to the Proxy Cache</a></li>
+<li><a href="#ControllingAccessTrafficManager">Controlling Access: SSL</a></li>
+<li><a href="#ConfiguringDNSServerSelectionSplit">Configuring DNS Server Selection (Split DNS)</a></li>
+<li><a href="#ConfiguringProxyAuthentication">Configuring Proxy Authentication</a></li>
+<li><a href="#UsingSSLTermination">Using SSL Termination</a></li>
+</ul>
+<h2 id="ControllingClientAccessProxyCache">Controlling Client Access to the Proxy Cache</h2>
+<p>You can configure Traffic Server to allow only certain clients to use the proxy
+cache by editing a configuration file.</p>
+<h5 id="specifyclientsalloweduseproxycache">To specify the clients allowed to use the proxy cache:</h5>
+<ol>
+<li>In a text editor, open the <code>ip_allow.config</code> file located in the Traffic Server <code>config</code> directory. </li>
+<li>Add a line in the file for each IP address or range of IP addresses allowed to access Traffic Server (refer to <a href="files.htm#ip_allow.config">ip_allow.config</a>). </li>
+<li>Save and close the <code>ip_allow.config</code> file. </li>
+<li>Navigate to the Traffic Server <code>bin</code> directory.</li>
+<li>Run the command <code>traffic_line -x</code> to apply the configuration changes.</li>
+</ol>
+<h2 id="ControllingAccessviaSSL">Controlling Access via SSL</h2>
+<p>By restricting access to Traffic Server, you ensure that only authenticated
+users can change configuration options and view network traffic statistics. </p>
+<h3 id="UsingSSLforSecureAdministration">Using SSL for Secure Administration</h3>
+<p>Traffic Server supports the Secure Sockets Layer (<strong>SSL</strong>) protocol to provide
+protection for remote administrative monitoring and configuration. SSL security
+provides authentication for both ends of a network connection via certificates
+and provides privacy via encryption. </p>
+<p>To use SSL, you must do the following: </p>
+<ul>
+<li>Obtain an SSL certificate </li>
+<li>Enable SSL </li>
+</ul>
+<h4 id="ObtainanSSLCertificate">Obtain an SSL Certificate</h4>
+<p>The SSL certificate is a text file you must install in the Traffic Server <code>config</code>
+directory. Either rename the certificate to the default filename <code>private_key.pem</code>,
+or specify the name of the certificate in the configuration file (follow the
+procedure in <a href="#EnablingSSL">Enabling SSL</a>). </p>
+<h4 id="EnableSSL">Enable SSL</h4>
+<p>After you've obtained an SSL certificate, enable SSL by manually editing a
+configuration file. Follow the steps below:</p>
+<ol>
+<li>In a text editor, open the <code>records.config</code> file located in the Traffic Server <code>config</code> directory. </li>
+<li>Edit the following variables:</li>
+<li>
+<dl>
+<dt><strong>Variable</strong> <strong>Description</strong></dt>
+<dt><code>_proxy.config.admin.use_ssl_</code></dt>
+<dd>Set this variable to <code>1</code> to enable SSL.</dd>
+<dt><code>_proxy.config.admin.ssl_cert_file_</code></dt>
+<dd>Set this variable to specify the filename of the SSL certificate. You have
+ to change the filename only if the certificate file does not use the default
+ name <code>private_key.pem</code>.</dd>
+</dl>
+</li>
+<li>
+<p>Save and close the <code>records.config</code> file. </p>
+</li>
+<li>Navigate to the Traffic Server <code>bin</code> directory.</li>
+<li>Run the command <code>traffic_line -x</code> to apply the configuration changes.</li>
+</ol>
+<h2 id="configuring_dns_server_selection_split_dns__configuringdnsserverselectionsplitdns">Configuring DNS Server Selection (Split DNS) ## {#ConfiguringDNSServerSelection(SplitDNS)}</h2>
+<p>The <strong>Split DNS </strong>option enables you to configure Traffic Server to use multiple
+DNS servers, as dictated by your security requirements. For example, you might
+configure Traffic Server to use one set of DNS servers to resolve hostnames
+on your internal network, while allowing DNS servers outside the firewall to
+resolve hosts on the Internet. This maintains the security of your intranet,
+while continuing to provide direct access to sites outside your organization. </p>
+<p>To configure Split DNS, you must do the following: </p>
+<ul>
+<li>Specify the rules for performing DNS server selection based on the destination domain, the destination host, or a URL regular expression. </li>
+<li>Enable the <strong>Split DNS</strong> option.</li>
+</ul>
+<h5 id="configureSplitDNS">To configure Split DNS:</h5>
+<ol>
+<li>In a text editor, open the <code>splitdns.config</code> file located in the Traffic Server <code>config</code> directory. </li>
+<li>Add rules to the <code>splitdns.config</code> file. For information about the format of the <code>splitdns.config</code> file, <a href="files.htm#splitdns.config">click here</a>. </li>
+<li>Save and close the <code>splitdns.config</code> file.</li>
+<li>In a text editor, open the <code>records.config</code> file located in the Traffic Server <code>config</code> directory. </li>
+<li>Edit the following variables:</li>
+<li>
+<dl>
+<dt><strong>Variable</strong> <strong>Description</strong></dt>
+<dt><code>_proxy.process.dns.splitDNS.enabled_</code></dt>
+<dd>Set this variable to <code>1</code> to enable split DNS.</dd>
+<dt><code>_proxy.config.dns.splitdns.def_domain_</code></dt>
+<dd>Set this variable to specify the default domain for split DNS requests. Traffic
+ Server appends this value automatically to a hostname that does not include
+ a domain before determining which DNS server to use.</dd>
+</dl>
+</li>
+<li>
+<p>Save and close the <code>records.config</code> file. </p>
+</li>
+<li>Navigate to the Traffic Server <code>bin</code> directory. </li>
+<li>Run the command <code>traffic_line -x</code> to apply the configuration changes. </li>
+</ol>
+<h2 id="UsingSSLTermination">Using SSL Termination</h2>
+<p>The Traffic Server <strong>SSL termination</strong> option enables you to secure connections
+in reverse proxy mode between a client and a Traffic Server and/or Traffic
+Server and an origin server. </p>
+<p>The following sections describe how to enable and configure the SSL termination
+option. </p>
+<ul>
+<li>Enable and configure SSL termination for client/Traffic Server connections: <a href="#ClientTrafficEdgeConnections">Client and Traffic Server Connections</a>. </li>
+<li>Enable and configure SSL termination for Traffic Server/origin server connections: <a href="#TrafficEdgeOriginServerConnections">Traffic Server and Origin Server Connections</a>. </li>
+<li>Enable and configure SSL termination for both client/Traffic Server and Traffic Server/origin server connections: <a href="#ClientTrafficEdgeConnections">Client and Traffic Server Connections</a> and <a href="#TrafficEdgeOriginServerConnections">Traffic Server and Origin Server Connections</a>, respectively.</li>
+</ul>
+<p>If you install an SSL accelerator card on your Traffic Server system, then
+you must perform additional configuration steps - refer to <a href="#ConfiguringTrafficEdgeSSLAcceleratorCard">Configuring Traffic
+Server to Use an SSL Accelerator Card</a>. </p>
+<h3 id="ClientTSConnections">Client and Traffic Server Connections</h3>
+<p>The figure below illustrates communication between a client and Traffic Server
+(and between Traffic Server and an origin server) when the SSL termination
+option is enabled & configured for<strong> client/Traffic Server connections only</strong>. </p>
+<p><img alt="" src="images/ssl_c.jpg" /></p>
+<blockquote>
+<p><em><strong>Client and Traffic Server communication using SSL termination</strong></em></p>
+</blockquote>
+<p>The figure above depicts the following: </p>
+<p><strong>Step 1:</strong> The client sends an HTTPS request for content. Traffic Server receives
+the request and performs the SSL 'handshake' to authenticate the client (depending
+on the authentication options configured) and determine the encryption method
+that will be used. If the client is allowed access, then Traffic Server checks
+its cache for the requested content. </p>
+<p><strong>Step 2:</strong> If the request is a cache hit and the content is fresh, thenTraffic
+Server encrypts the content and sends it to the client. The client decrypts
+the content (using the method determined during the handshake) and displays
+it. </p>
+<p><strong>Step 3:</strong> If the request is a cache miss or cached content is stale, then
+Traffic Server communicates with the origin server via HTTP and obtains a plain
+text version of the content. Traffic Server saves the plain text version of
+the content in its cache, encrypts the content, and sends it to the client.
+The client decrypts and displays the content. </p>
+<p>To configure Traffic Server to use the SSL termination option for client/Traffic
+Server connections, you must do the following: </p>
+<ul>
+<li>Obtain and install an SSL server certificate from a recognized certificate authority (such as VeriSign). The SSL server certificate contains information that enables the client to authenticate Traffic Server and exchange encryption keys. </li>
+<li>Configure SSL termination options: </li>
+<li>Enable the <strong>SSL termination</strong> option.
+ Set the port number used for SSL communication.
+ Specify the filename and location of the server certificate.
+ (Optional) Configure the use of client certificates. <br />
+ Client certificates are located on the client. If you configure Traffic Server to require client certificates, then Traffic Server verifies the client certificate during the SSL handshake that authenticates the client. If you configure Traffic Server to <em>not</em> require client certificates, then access to Traffic Server is managed through other Traffic Server options that have been set (such as rules in the <code>ip_allow.config</code> file).
+ Specify the filename and location of the Traffic Server private key (if the private key is not located in the server certificate file). <br />
+ Traffic Server uses its private key during the SSL handshake to decrypt the session encryption keys. The private key must be stored and protected against theft.
+ (Optional) Configure the use of Certification Authorities (CAs). <br />
+ CAs add security by verifying the identity of the person requesting a certificate.</li>
+</ul>
+<h5 id="to_configure_ssl_termination_for_clienttraffic_server_connections___configuresslterminationforclienttsconnections">To configure SSL termination for client/Traffic Server connections: ##### {#configureSSLterminationforclient/TSconnections}</h5>
+<ol>
+<li>In a text editor, open the <code>records.config</code> file located in the Traffic Server <code>config</code> directory. </li>
+<li>Edit the following variables in the <code>SSL Termination</code> section of the file: </li>
+<li>
+<dl>
+<dt><strong>Variable</strong> <strong>Description</strong></dt>
+<dt><code>_proxy.config.ssl.enabled_</code></dt>
+<dd>Set this variable to 1 to enable the SSL termination option.</dd>
+<dt><code>_proxy.config.ssl.server_port_</code></dt>
+<dd>Set this variable to specify the port used for SSL communication. The default
+ port is 443.</dd>
+<dt><code>_proxy.config.ssl.client.certification_level_</code></dt>
+<dd>Set this variable to one of the following values:<br />
+<code>0</code> - no client certificates are required. Traffic Server does not verify client certificates during the SSL handshake. Access to Traffic Server depends on Traffic Server configuration options (such as access control lists).<br />
+<code>1</code> - client certificates are optional. If a client has a certificate, then the certificate is validated. If the client does not have a certificate, then the client is still allowed access to Traffic Server unless access is denied through other Traffic Server configuration options.<br />
+<code>2</code> - client certificates are required. The client must be authenticated during the SSL handshake; Clients without a certificate are not allowed to access Traffic Server.</dd>
+<dt><code>_proxy.config.ssl.server.cert.filename_</code></dt>
+<dd>Set this variable to specify the filename of the Traffic Server SSL server certificate.<br />
+ Traffic Server provides a demo server certificate called <code>server.pem</code> - use this certificate to verify that the SSL feature is working.<br />
+ If you are using multiple server certificates, then set this variable to specify the default filename.</dd>
+<dt><code>_proxy.config.ssl.server.cert.path_</code></dt>
+<dd>Set this variable to specify the location of the Traffic Server SSL server
+ certificate. The default directory is the Traffic Server <code>config</code> directory. </dd>
+</dl>
+</li>
+</ol>
+<dl>
+<dt><code>_proxy.config.ssl.server.private_key.filename_</code></dt>
+<dd>Set this variable to specify the filename of the Traffic Server private key.
+ Change this variable only if the private key is not located in the Traffic
+ Server SSL server certificate file.</dd>
+<dt><code>_proxy.config.ssl.server.private_key.path_</code></dt>
+<dd>Set this variable to specify the location of the Traffic Server private key.
+ Change this variable only if the private key is not located in the Traffic
+ Server SSL server certificate file.</dd>
+<dt><code>_proxy.config.ssl.CA.cert.filename_</code></dt>
+<dd>Specify the filename of the certificate authority that client certificates
+ will be verified against. The default value is <code>NULL</code>.</dd>
+<dt><code>_proxy.config.ssl.CA.cert.path_</code></dt>
+<dd>Specify the location of the certificate authority file that client certificates
+ will be verified against. The default value is <code>NULL</code>.</dd>
+</dl>
+<ol>
+<li>Save and close the <code>records.config</code> file. </li>
+<li>Navigate to the Traffic Server <code>bin</code> directory. </li>
+<li>Run the command <code>traffic_line -L</code> to restart Traffic Server on the local node or <code>traffic_line -M</code> to restart Traffic Server on all the nodes in a cluster. </li>
+</ol>
+<h3 id="TSOriginServerConnections">Traffic Server and Origin Server Connections</h3>
+<p>The figure below illustrates communication between Traffic Server and an origin
+server when the SSL termination option is enabled for <strong>Traffic Server/origin
+server connections</strong>.</p>
+<p><img alt="" src="images/ssl_os.jpg" /></p>
+<blockquote>
+<p><em><strong>Traffic Server and origin server communication using SSL termination</strong></em> </p>
+</blockquote>
+<p>The figure above depicts the following: </p>
+<p><strong>Step 1:</strong> If a client request is a cache miss or is stale, then Traffic Server
+sends an HTTPS request for the content to the origin server. The origin server
+receives the request and performs the SSL handshake to authenticate Traffic
+Server and determine the encryption method to be used. </p>
+<p><strong>Step 2:</strong> If Traffic Server is allowed access, then the origin server encrypts
+the content and sends it to Traffic Server, where it is decrypted (using the
+method determined during the handshake). A plain text version of the content
+is saved in the cache. </p>
+<p><strong>Step 3:</strong> If SSL termination is enabled for client /Traffic Server connections,
+then Traffic Server re-encrypts the content and sends it to the client via
+HTTPS, where it is decrypted and displayed. If SSL termination is not enabled
+for client/Traffic Server connections, then Traffic Server sends the plain
+text version of the content to the client via HTTP. </p>
+<p>To configure Traffic Server to use the SSL termination option for Traffic Server
+and origin server connections, you must do the following: </p>
+<ul>
+<li>Obtain and install an SSL client certificate from a recognized certificate authority (such as VeriSign). The SSL client certificate contains information that allows the origin server to authenticate Traffic Server (the client certificate is optional). </li>
+<li>Configure SSL termination options: </li>
+<li>Enable the SSL termination option.
+ Set the port number used for SSL communication.
+ Specify the filename and location of the SSL client certificate (if you choose
+to use a client certificate).
+ Specify the filename and location of the Traffic Server private key (if the private key is not located in the client certificate file). <br />
+ Traffic Server uses its private key during the SSL handshake to decrypt the session encryption keys. The private key must be stored and protected against theft.
+ Configure the use of CAs. <br />
+ CAs allow the Traffic Server that's acting as a client to verify the identity of the server with which it is communicating, thereby enabling exchange of encryption keys.</li>
+</ul>
+<h5 id="to_configure_ssl_termination_for_traffic_serverorigin_server_connections___configuresslterminationfortsoriginserverconnections">To configure SSL termination for Traffic Server/origin server connections: ##### {#configureSSLterminationforTS/originserverconnections}</h5>
+<ol>
+<li>In a text editor, open the <code>records.config</code> file located in the Traffic Server <code>config</code> directory. </li>
+<li>Edit the following variables in the <code>SSL Termination</code>section of the file: </li>
+<li>
+<dl>
+<dt><strong>Variable</strong> <strong>Description</strong></dt>
+<dt><code>_proxy.config.ssl.auth.enabled_</code></dt>
+<dd>Set this variable to <code>1</code> to enable the SSL termination option.</dd>
+<dt><code>_proxy.config.ssl.server_port_</code></dt>
+<dd>Set this variable to specify the port used for SSL communication. The default
+ port is <code>443</code>.</dd>
+<dt><code>_proxy.config.ssl.client.verify.server_</code></dt>
+<dd>Set this option to <code>1</code> to require Traffic Server to verify the origin server
+ certificate with the Certificate Authority.</dd>
+<dt><code>_proxy.config.ssl.client.cert.filename_</code></dt>
+<dd>If you have installed an SSL client certificate on Traffic Server, then set
+ this variable to specify the client certificate filename.</dd>
+<dt><code>_proxy.config.ssl.client.cert.path_</code></dt>
+<dd>If you have installed an SSL client certificate on Traffic Server, then set
+ this variable to the location of the client certificate. The default location
+ is the Traffic Server <code>config</code> directory.</dd>
+<dt><code>_proxy.config.ssl.client.private_key.filename_</code></dt>
+<dd>Set this variable to specify the filename of the Traffic Server private key.
+ Change this variable only if the private key is not located in the Traffic
+ Server SSL client certificate file.</dd>
+<dt><code>_proxy.config.ssl.client.private_key.path_</code></dt>
+<dd>Set this variable to specify the location of the Traffic Server private key.
+ Change this variable only if the private key is not located in the SSL client
+ certificate file.</dd>
+<dt><code>_proxy.config.ssl.client.CA.cert.filename_</code></dt>
+<dd>Specify the filename of the Certificate Authority against which the origin
+ server will be verified. The default value is <code>NULL</code>.</dd>
+<dt><code>_proxy.config.ssl.client.CA.cert.path_</code></dt>
+<dd>Specify the location of the Certificate Authority file against which the origin
+ server will be verified. The default value is <code>NULL</code>.</dd>
+</dl>
+</li>
+<li>
+<p>Save and close the <code>records.config</code> file. </p>
+</li>
+<li>Navigate to the Traffic Server <code>bin</code> directory. </li>
+<li>Run the command <code>traffic_line -L</code> to restart Traffic Server on the local node or <code>traffic_line -M</code> to restart Traffic Server on all the nodes in a cluster. </li>
+</ol>
+<h3 id="ConfiguringTSUseanSSLAcceleratorCard">Configuring Traffic Server to Use an SSL Accelerator Card</h3>
+<p>You can install an SSL accelerator card on your Traffic Server machine to accelerate
+the number of requests Traffic Server can process. Traffic Server supports
+the Cavium accelerator card. If you opt not to use an SSL accelerator card,
+then you'll use your normal SSL library; if you install the Cavium card, then
+you'll use the library supported & provided by the card manufacturer.</p>
+<h5 id="ConfigureTSuseanSSLacceleratorcard">Configure Traffic Server to use an SSL accelerator card:</h5>
+<ol>
+<li>In a text editor, open the <code>records.config</code> file located in the Traffic Server <code>config</code> directory. </li>
+<li>Edit the following variables in the <code>SSL Termination</code> section of the file: </li>
+<li>
+<dl>
+<dt><strong>Variable</strong> <strong>Description</strong></dt>
+<dt><code>_proxy.confg.ssl.accelerator_required_</code></dt>
+<dd>Set this specify if an accelerator card is required for operation. </dd>
+</dl>
+<div class="codehilite"><pre><span class="n">You</span> <span class="n">may</span> <span class="n">specify:</span>
+<span class="sb">`0`</span> <span class="o">-</span> <span class="ow">not</span> <span class="n">required</span>
+<span class="sb">`1`</span> <span class="o">-</span> <span class="n">accelerator</span> <span class="n">card</span> <span class="n">is</span> <span class="n">required</span> <span class="ow">and</span> <span class="n">Traffic</span> <span class="n">Server</span> <span class="n">will</span> <span class="ow">not</span> <span class="n">enable</span> <span class="n">SSL</span> <span class="k">unless</span> <span class="n">an</span> <span class="n">accelerator</span> <span class="n">card</span> <span class="n">is</span> <span class="n">present</span><span class="o">.</span>
+<span class="sb">`2`</span> <span class="o">-</span> <span class="n">accelerator</span> <span class="n">card</span> <span class="n">is</span> <span class="n">required</span> <span class="ow">and</span> <span class="n">Traffic</span> <span class="n">Server</span> <span class="n">will</span> <span class="ow">not</span> <span class="n">start</span> <span class="k">unless</span> <span class="n">an</span> <span class="n">accelerator</span> <span class="n">card</span> <span class="n">is</span> <span class="n">present</span><span class="o">.</span>
+
+<span class="n">You</span> <span class="n">can</span> <span class="n">verify</span> <span class="n">operation</span> <span class="n">by</span> <span class="n">running</span><span class="sb">` /home/y/bin/openssl_accelerated`</span> <span class="p">(</span><span class="n">this</span>
+<span class="n">comes</span> <span class="n">as</span> <span class="n">part</span> <span class="n">of</span> <span class="sb">`openssl_engines_init`</span><span class="p">)</span><span class="o">.</span>
+</pre></div>
+
+
+</li>
+</ol>
+<dl>
+<dt><code>_proxy.confg.ssl.accelerator.type_</code></dt>
+<dd>
+<div class="codehilite"><pre><span class="n">Specifies</span> <span class="k">if</span> <span class="n">the</span> <span class="n">Cavium</span> <span class="n">SSL</span> <span class="n">accelerator</span> <span class="n">card</span> <span class="n">is</span> <span class="n">installed</span> <span class="n">on</span> <span class="p">(</span><span class="ow">and</span> <span class="n">required</span>
+<span class="n">by</span><span class="p">)</span> <span class="n">your</span> <span class="n">Traffic</span> <span class="n">Server</span> <span class="n">machine:</span>
+
+<span class="sb">`0`</span> <span class="o">=</span> <span class="n">none</span><span class="o">.</span> <span class="n">No</span> <span class="n">SSL</span> <span class="n">accelerator</span> <span class="n">card</span> <span class="n">is</span> <span class="n">installed</span> <span class="n">on</span> <span class="n">the</span> <span class="n">Traffic</span> <span class="n">Server</span> <span class="n">machine</span><span class="p">,</span>
+<span class="n">so</span> <span class="n">the</span> <span class="n">CPU</span> <span class="n">on</span> <span class="n">the</span> <span class="n">Traffic</span> <span class="n">Server</span> <span class="n">machine</span> <span class="n">determines</span> <span class="n">the</span> <span class="n">number</span> <span class="n">of</span> <span class="n">requests</span>
+<span class="n">served</span> <span class="n">per</span> <span class="n">second</span><span class="o">.</span>
+
+<span class="sb">`1`</span> <span class="o">=</span> <span class="n">an</span> <span class="n">accelerator</span> <span class="n">card</span> <span class="n">is</span> <span class="n">present</span> <span class="ow">and</span> <span class="n">required</span> <span class="n">by</span> <span class="n">Traffic</span> <span class="n">Server</span><span class="o">.</span>
+</pre></div>
+
+
+</dd>
+</dl>
+<ol>
+<li>Save and close the <code>records.config</code> file. </li>
+<li>Navigate to the Traffic Server <code>bin</code> directory. </li>
+<li>
+<p>Run the command <code>traffic_line -L</code> to restart Traffic Server on the local node or <code>traffic_line -M</code> to restart Traffic Server on all the nodes in a cluster. </p>
+</li>
+<li>
+<p><a href="intro.htm">Overview</a></p>
+</li>
+<li><a href="getstart.htm">Getting Started</a></li>
+<li><a href="http.htm">HTTP Proxy Caching </a></li>
+<li><a href="explicit.htm">Explicit Proxy Caching</a></li>
+<li><a href="reverse.htm">Reverse Proxy and HTTP Redirects</a></li>
+<li><a href="hier.htm">Hierarchical Caching</a></li>
+<li><a href="cache.htm">Configuring the Cache</a></li>
+<li><a href="monitor.htm">Monitoring Traffic</a></li>
+<li><a href="configure.htm">Configuring Traffic Server</a></li>
+<li><a href="secure.htm">Security Options</a></li>
+<li><a href="log.htm">Working with Log Files</a></li>
+<li><a href="cli.htm">Traffic Line Commands</a></li>
+<li><a href="logfmts.htm">Event Logging Formats</a></li>
+<li><a href="files.htm">Configuration Files</a> </li>
+<li><a href="errors.htm">Traffic Server Error Messages</a></li>
+<li><a href="trouble.htm">FAQ and Troubleshooting Tips</a></li>
+<li><a href="ts_admin_chinese.pdf">Traffic Server 管çåæå</a> (PDF)</li>
+</ol>
+<p>Copyright © 2011 <a href="http://www.apache.org/">The Apache Software Foundation</a>.
+Licensed under the <a href="http://www.apache.org/licenses/">Apache License</a>, Version
+2.0. Apache Traffic Server, Apache, the Apache Traffic Server logo, and the
+Apache feather logo are trademarks of The Apache Software Foundation.</p>
+ </div>
+
+ <div id="footer">
+ Copyright © 2010
+ <a href="http://www.apache.org/">The Apache Software Foundation</a>.
+ Licensed under
+ the <a href="http://www.apache.org/licenses/">Apache License</a>,
+ Version 2.0. Apache Traffic Server, Apache,
+ the Apache Traffic Server logo, and the Apache feather logo are
+ trademarks of The Apache Software Foundation.
+ <span id="apache_logo">
+ <a href="http://www.apache.org/"><img alt="The Apache Software Foundation" src="http://www.apache.org/images/feather-small.gif" /></a>
+ </span>
+ </div>
+
+ </body>
+</html>
Added: websites/staging/trafficserver/trunk/content/docs/trunk/admin/traffic-line-commands/index.en.html
==============================================================================
--- websites/staging/trafficserver/trunk/content/docs/trunk/admin/traffic-line-commands/index.en.html (added)
+++ websites/staging/trafficserver/trunk/content/docs/trunk/admin/traffic-line-commands/index.en.html Sun Feb 13 21:38:50 2011
@@ -0,0 +1,487 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"
+ xml:lang="en" lang="en">
+ <head>
+
+ <link rel="stylesheet" href="/styles/pygments_style.css" />
+
+ <title></title>
+ <!-- Licensed to the Apache Software Foundation (ASF) under one or more contributor license agreements. See the NOTICE file distributed with this work for additional information regarding copyright ownership. The ASF licenses this file to you under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at . http://www.apache.org/licenses/LICENSE-2.0 . Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License. -->
+ </head>
+
+ <body>
+ <div id="header">
+ <span id="ts_logo">
+ <a href="http://trafficserver.apache.org/"><img alt="Apache Traffic Server" src="/images/ts75.png" /></a>
+ </span>
+ <h1></h1>
+ </div>
+
+ <div id="content">
+ <p><a href="/index.html"><img alt="" src="/images/ts75.png" /></a>â¢</p>
+<h1 id="AdministratorsGuide">Administrator's Guide</h1>
+<h1 id="AppendixC-TrafficLineCommands">Appendix C - Traffic Line Commands</h1>
+<p>This appendix contains the following sections: </p>
+<ul>
+<li><a href="#1053987">Traffic Line Commands</a></li>
+<li><a href="#1025718">Traffic Line Variables</a></li>
+</ul>
+<h2 id="TrafficLineCommands">Traffic Line Commands</h2>
+<p>Use Traffic Line to execute individual Traffic Server commands and to script
+multiple commands in a shell. Execute Traffic Line commands from the Traffic
+Server <code>bin</code> directory. If the Traffic Server <code>bin</code> directory is not in your
+path, then prepend the Traffic Line command with <code>./</code> (for example: <code>./traffic_line
+-p</code>). </p>
+<p>The following table describes all the commands available in Traffic Line. </p>
+<div class="codehilite"><pre> <span class="o">**</span>
+</pre></div>
+
+
+<p>Command</p>
+<hr />
+<p>Description</p>
+<p>** </p>
+<dl>
+<dt><code>traffic_line -b</code> </dt>
+<dd>
+<p>Bounces Traffic Server on the local node. Bouncing Traffic Server shuts down
+and immediately restarts the Traffic Server node.</p>
+</dd>
+<dt><code>traffic_line -c</code> </dt>
+<dd>
+<p>Clears accumulated statistics on the local node.</p>
+</dd>
+<dt><code>traffic_line -h</code> </dt>
+<dd>
+<p>Displays a list of Traffic Line commands.</p>
+</dd>
+<dt><code>traffic_line -p _socket_path_</code> </dt>
+<dd>
+<p>Specifies location (directory and path) of the socket used for Traffic Line communication.<br />
+ The default path is: <code>_install_dir_ /config/cli</code> </p>
+</dd>
+<dt><code>traffic_line -q</code> </dt>
+<dd>
+<p>Displays a list of the origin servers that are currently congested. </p>
+<p><strong>Note:</strong> To use this command, you must set the variable <code>_proxy.config.raf.enabled_</code>
+to 1 and set the variable <code>_proxy.config.raf.port_</code> to a different port _
+only_ if there is a conflict with the default port 9000.</p>
+</dd>
+<dt><code>traffic_line -r _variable_</code> </dt>
+<dd>
+<p>Displays specific performance statistics or a current configuration setting.
+For a list of the variables you can specify, see <a href="cli.htm#1025718">Traffic Line Variables</a>. </p>
+</dd>
+<dt><code>traffic_line -s _variable_ -v _value_</code> </dt>
+<dd>
+<p>Sets configuration variables, where <code>_variable_</code> is the configuration variable
+you want to change and <code>_value_</code> is the value you want to set. Refer to <a href="files.htm#records.config">records.config</a>
+for a list of the configuration variables you can specify.</p>
+</dd>
+<dt><code>traffic_line -x</code> </dt>
+<dd>
+<p>Initiates a Traffic Server configuration file reread. Use this command after
+every configuration file modification.</p>
+</dd>
+<dt><code>traffic_line -B</code> </dt>
+<dd>
+<p>Bounces all Traffic Server nodes in the cluster. Bouncing Traffic Server shuts
+down and immediately restarts Traffic Server, node-by-node.</p>
+</dd>
+<dt><code>traffic_line -C</code> </dt>
+<dd>
+<p>Clears accumulated statistics on all nodes in the cluster.</p>
+</dd>
+<dt><code>traffic_line -L</code> </dt>
+<dd>
+<p>Restarts the <code>traffic_manager</code> and <code>traffic_server</code> processes on the local
+node.</p>
+</dd>
+<dt><code>traffic_line -M</code> </dt>
+<dd>
+<p>Restarts the <code>traffic_manager</code> process and the <code>traffic_server</code> process
+on all the nodes in a cluster.</p>
+</dd>
+<dt><code>traffic_line -S</code> </dt>
+<dd>
+<p>Shuts down Traffic Server on the local node.</p>
+</dd>
+<dt><code>traffic_line -U</code> </dt>
+<dd>
+<p>Starts Traffic Server on the local node.</p>
+<div class="codehilite"><pre><span class="o">**</span><span class="n">Traffic</span> <span class="n">Line</span> <span class="n">Variables</span><span class="o">**</span>
+</pre></div>
+
+
+</dd>
+</dl>
+<p>You can view statistics and change configuration options in Traffic Line by
+using specific variables. The variables used for gathering statistics are described
+below. The variables used for viewing and changing configuration options are
+described in <a href="files.htm#records.config">records.config</a>. For procedures about
+specifying the variables, refer to <a href="monitor.htm">Viewing Statistics from Traffic Line</a>
+and <a href="configure.htm">Configuring Traffic Server Using Traffic Line</a>. </p>
+<p>The variables used for viewing individual statistics are described in the
+following table. To view a statistic in Traffic Line, enter the command <code>traffic_line
+-r _variable_</code>at the prompt. </p>
+<dl>
+<dt><strong> Statistic</strong></dt>
+<dd>
+<p><strong> Variable</strong></p>
+</dd>
+</dl>
+<p><strong> Summary</strong></p>
+<dl>
+<dt>Node name</dt>
+<dd>
+<p>_<code>proxy.node.hostname</code> _</p>
+</dd>
+<dt>Objects served</dt>
+<dd>
+<p>_<code>proxy.node.user_agents_total_documents_served</code> _</p>
+</dd>
+<dt>Transactions per second</dt>
+<dd>
+<p>_<code>proxy.node.user_agent_xacts_per_second</code> _</p>
+</dd>
+</dl>
+<p><strong> Node</strong></p>
+<dl>
+<dt>Document hit rate </dt>
+<dd>
+<p>_<code>proxy.node.cache_hit_ratio_avg_10s</code> _</p>
+<p>_<code>proxy.cluster.cache_hit_ratio_avg_10s</code> _</p>
+</dd>
+<dt>Bandwidth savings </dt>
+<dd>
+<p>_<code>proxy.node.bandwidth_hit_ratio_avg_10s</code> _</p>
+<p>_<code>proxy.cluster.bandwidth_hit_ratio_avg_10s</code> _</p>
+</dd>
+<dt>Cache percent free</dt>
+<dd>
+<p>_<code>proxy.node.cache.percent_free</code> _</p>
+<p>_<code>proxy.cluster.cache.percent_free</code> _</p>
+</dd>
+<dt>Open origin server connections</dt>
+<dd>
+<p>_<code>proxy.node.current_server_connections</code> _</p>
+<p>_<code>proxy.cluster.current_server_connections</code> _</p>
+</dd>
+<dt>Open client connections </dt>
+<dd>
+<p>_<code>proxy.node.current_client_connections</code> _</p>
+<p>_<code>proxy.cluster.current_client_connections</code> _</p>
+</dd>
+<dt>Cache transfers in progress </dt>
+<dd>
+<p>_<code>proxy.node.current_cache_connections</code> _</p>
+<p>_<code>proxy.cluster.current_cache_connections</code> _</p>
+</dd>
+<dt>Client throughput (Mbits/sec)</dt>
+<dd>
+<p>_<code>proxy.node.client_throughput_out</code> _</p>
+<p>_<code>proxy.cluster.client_throughput_out</code> _</p>
+</dd>
+<dt>Transactions per second </dt>
+<dd>
+<p>_<code>proxy.node.user_agent_xacts_per_second</code> _</p>
+<p>_<code>proxy.cluster.user_agent_xacts_per_second</code> _</p>
+</dd>
+<dt>DNS lookups per second </dt>
+<dd>
+<p>_<code>proxy.node.dns.lookups_per_second</code> _</p>
+<p>_<code>proxy.cluster.dns.lookups_per_second</code> _</p>
+</dd>
+<dt>Host database hit rate </dt>
+<dd>
+<p>_<code>proxy.node.hostdb.hit_ratio_avg_10s</code> _</p>
+<p>_<code>proxy.cluster.hostdb.hit_ratio_avg_10s</code> _</p>
+</dd>
+</dl>
+<p><strong> HTTP</strong></p>
+<dl>
+<dt>Total document bytes from client</dt>
+<dd>
+<p>_<code>proxy.process.http.user_agent_response_document_total_size</code> _</p>
+</dd>
+<dt>Total header bytes from client</dt>
+<dd>
+<p>_<code>proxy.process.http.user_agent_response_header_total_size</code> _</p>
+</dd>
+<dt>Total connections to client</dt>
+<dd>
+<p>_<code>proxy.process.http.total_client_connections</code> _</p>
+</dd>
+<dt>Client transactions in progress</dt>
+<dd>
+<p>_<code>proxy.process.http.current_client_transactions</code> _</p>
+</dd>
+<dt>Total document bytes from origin server</dt>
+<dd>
+<p>_<code>proxy.process.http.origin_server_response_document_total_size</code> _</p>
+</dd>
+<dt>Total header bytes from origin server</dt>
+<dd>
+<p>_<code>proxy.process.http.origin_server_response_header_total_size</code> _</p>
+</dd>
+<dt>Total connections to origin server</dt>
+<dd>
+<p>_<code>proxy.process.http.total_server_connections</code> _</p>
+</dd>
+<dt>Origin server transactions in progress </dt>
+<dd>
+<p>_<code>proxy.process.http.current_server_transactions</code> _</p>
+</dd>
+</dl>
+<p><strong> ICP</strong></p>
+<dl>
+<dt>ICP query requests originating from this node</dt>
+<dd>
+<p>_<code>proxy.process.icp.icp_query_requests</code> _</p>
+</dd>
+<dt>ICP query messages sent from this node</dt>
+<dd>
+<p>_<code>proxy.process.icp.total_udp_send_queries</code> _</p>
+</dd>
+<dt>ICP peer hit messages received from this node</dt>
+<dd>
+<p>_<code>proxy.process.icp.icp_query_hits</code> _</p>
+</dd>
+<dt>ICP peer miss messages received from this node </dt>
+<dd>
+<p>_<code>proxy.process.icp.icp_query_misses</code> _</p>
+</dd>
+<dt>Total ICP responses received from this node</dt>
+<dd>
+<p>_<code>proxy.process.icp.icp_remote_responses</code> _</p>
+</dd>
+<dt>Average ICP message response time (ms) from this node</dt>
+<dd>
+<p>_<code>proxy.process.icp.total_icp_response_time</code> _</p>
+</dd>
+<dt>Average ICP request time (ms) from this node</dt>
+<dd>
+<p>_<code>proxy.process.icp.total_icp_request_time</code> _</p>
+</dd>
+<dt>Query messages received from ICP peers</dt>
+<dd>
+<p>_<code>proxy.process.icp.icp_remote_query_requests</code> _</p>
+</dd>
+<dt>Remote query hits from ICP peers</dt>
+<dd>
+<p>_<code>proxy.process.icp.cache_lookup_success</code> _</p>
+</dd>
+<dt>Remote query misses from ICP peers</dt>
+<dd>
+<p>_<code>proxy.process.icp.cache_lookup_fail</code> _</p>
+</dd>
+<dt>Successful response messages sent to peers</dt>
+<dd>
+<p>_<code>proxy.process.icp.query_response_write</code> _</p>
+</dd>
+</dl>
+<p><strong> Cache </strong></p>
+<dl>
+<dt>Bytes used</dt>
+<dd>
+<p>_<code>proxy.process.cache.bytes_used</code> _</p>
+</dd>
+<dt>Cache size</dt>
+<dd>
+<p>_<code>proxy.process.cache.bytes_total</code> _</p>
+</dd>
+<dt>Lookups in progress</dt>
+<dd>
+<p>_<code>proxy.process.cache.lookup.active</code> _</p>
+</dd>
+<dt>Lookups completed</dt>
+<dd>
+<p>_<code>proxy.process.cache.lookup.success</code> _</p>
+</dd>
+<dt>Lookup misses</dt>
+<dd>
+<p>_<code>proxy.process.cache.lookup.failure</code> _</p>
+</dd>
+<dt>Reads in progress</dt>
+<dd>
+<p>_<code>proxy.process.cache.read.active</code> _</p>
+</dd>
+<dt>Reads completed</dt>
+<dd>
+<p>_<code>proxy.process.cache.read.success</code> _</p>
+</dd>
+<dt>Read misses</dt>
+<dd>
+<p>_<code>proxy.process.cache.read.failure</code> _</p>
+</dd>
+<dt>Writes in progress</dt>
+<dd>
+<p>_<code>proxy.process.cache.write.active</code> _</p>
+</dd>
+<dt>Writes completed</dt>
+<dd>
+<p>_<code>proxy.process.cache.write.success</code> _</p>
+</dd>
+<dt>Write failures</dt>
+<dd>
+<p>_<code>proxy.process.cache.write.failure</code> _</p>
+</dd>
+<dt>Updates in progress</dt>
+<dd>
+<p>_<code>proxy.process.cache.update.active</code> _</p>
+</dd>
+<dt>Updates completed</dt>
+<dd>
+<p>_<code>proxy.process.cache.update.success</code> _</p>
+</dd>
+<dt>Update failures</dt>
+<dd>
+<p>_<code>proxy.process.cache.update.failure</code> _</p>
+</dd>
+<dt>Removes in progress</dt>
+<dd>
+<p>_<code>proxy.process.cache.remove.active</code> _</p>
+</dd>
+<dt>Remove successes</dt>
+<dd>
+<p>_<code>proxy.process.cache.remove.success</code> _</p>
+</dd>
+<dt>Remove failures</dt>
+<dd>
+<p>_<code>proxy.process.cache.remove.failure</code> _</p>
+</dd>
+</dl>
+<p><strong> Host Database</strong> </p>
+<dl>
+<dt>Total lookups</dt>
+<dd>
+<p>_<code>proxy.process.hostdb.total_lookups</code> _</p>
+</dd>
+<dt>Total hits</dt>
+<dd>
+<p>_<code>proxy.process.hostdb.total_hits</code> _</p>
+</dd>
+<dt>Time TTL (min)</dt>
+<dd>
+<p>_<code>proxy.process.hostdb.ttl</code> _</p>
+</dd>
+</dl>
+<p><strong> DNS</strong> </p>
+<dl>
+<dt>DNS total lookups</dt>
+<dd>
+<p>_<code>proxy.process.dns.total_dns_lookups</code> _</p>
+</dd>
+<dt>Average lookup time (msec)</dt>
+<dd>
+<p>_<code>proxy.process.dns.lookup_avg_time</code> _</p>
+</dd>
+<dt>DNS successes</dt>
+<dd>
+<p>_<code>proxy.process.dns.lookup_successes</code> _</p>
+</dd>
+</dl>
+<p><strong> Cluster </strong></p>
+<dl>
+<dt>Bytes read</dt>
+<dd>
+<p>_<code>proxy.process.cluster.read_bytes</code> _</p>
+</dd>
+<dt>Bytes written</dt>
+<dd>
+<p>_<code>proxy.process.cluster.write_bytes</code> _</p>
+</dd>
+<dt>Connections open</dt>
+<dd>
+<p>_<code>proxy.process.cluster.connections_open</code> _</p>
+</dd>
+<dt>Total operations</dt>
+<dd>
+<p>_<code>proxy.process.cluster.connections_opened</code> _</p>
+</dd>
+<dt>Network backups</dt>
+<dd>
+<p>_<code>proxy.process.cluster.net_backup</code> _</p>
+</dd>
+<dt>Clustering nodes</dt>
+<dd>
+<p>_<code>proxy.process.cluster.nodes</code> _</p>
+</dd>
+</dl>
+<p><strong> Logging </strong></p>
+<dl>
+<dt>Log files currently open</dt>
+<dd>
+<p>_<code>proxy.process.log.log_files_open</code> _</p>
+</dd>
+<dt>Space used for log files</dt>
+<dd>
+<p>_<code>proxy.process.log.log_files_space_used</code> _</p>
+</dd>
+<dt>Number of access events logged</dt>
+<dd>
+<p>_<code>proxy.process.log.event_log_access</code> _</p>
+</dd>
+<dt>Number of access events skipped</dt>
+<dd>
+<p>_<code>proxy.process.log.event_log_access_skip</code> _</p>
+</dd>
+<dt>Number of error events logged</dt>
+<dd>
+<p>_<code>proxy.process.log.event_log_error</code> _</p>
+</dd>
+</dl>
+<p><strong> Congestion Control</strong></p>
+<dl>
+<dt>Number of congestions Traffic Server has observed because the maximum number </dt>
+<dt>of connections was exceeded.</dt>
+<dd>
+<p><em><code>proxy.process.congestion.congested_on_max_connection</code></em></p>
+</dd>
+<dt>Number of congestions Traffic Server has observed because of an OS response </dt>
+<dt>or timeout failure.</dt>
+<dd>
+<p><em><code>proxy.process.congestion.congested_on_conn_failures</code></em></p>
+</dd>
+</dl>
+<ul>
+<li><a href="intro.htm">Overview</a></li>
+<li><a href="getstart.htm">Getting Started</a></li>
+<li><a href="http.htm">HTTP Proxy Caching </a></li>
+<li><a href="explicit.htm">Explicit Proxy Caching</a></li>
+<li><a href="reverse.htm">Reverse Proxy and HTTP Redirects</a></li>
+<li><a href="hier.htm">Hierarchical Caching</a></li>
+<li><a href="cache.htm">Configuring the Cache</a></li>
+<li><a href="monitor.htm">Monitoring Traffic</a></li>
+<li><a href="configure.htm">Configuring Traffic Server</a></li>
+<li><a href="secure.htm">Security Options</a></li>
+<li><a href="log.htm">Working with Log Files</a></li>
+<li><a href="cli.htm">Traffic Line Commands</a></li>
+<li><a href="logfmts.htm">Event Logging Formats</a></li>
+<li><a href="files.htm">Configuration Files</a> </li>
+<li><a href="errors.htm">Traffic Server Error Messages</a></li>
+<li><a href="trouble.htm">FAQ and Troubleshooting Tips</a></li>
+<li><a href="ts_admin_chinese.pdf">Traffic Server 管çåæå</a> (PDF)</li>
+</ul>
+<p>Copyright © 2011 <a href="http://www.apache.org/">The Apache Software Foundation</a>.
+Licensed under the <a href="http://www.apache.org/licenses/">Apache License</a>, Version
+2.0. Apache Traffic Server, Apache, the Apache Traffic Server logo, and the
+Apache feather logo are trademarks of The Apache Software Foundation.</p>
+ </div>
+
+ <div id="footer">
+ Copyright © 2010
+ <a href="http://www.apache.org/">The Apache Software Foundation</a>.
+ Licensed under
+ the <a href="http://www.apache.org/licenses/">Apache License</a>,
+ Version 2.0. Apache Traffic Server, Apache,
+ the Apache Traffic Server logo, and the Apache feather logo are
+ trademarks of The Apache Software Foundation.
+ <span id="apache_logo">
+ <a href="http://www.apache.org/"><img alt="The Apache Software Foundation" src="http://www.apache.org/images/feather-small.gif" /></a>
+ </span>
+ </div>
+
+ </body>
+</html>