PageViews: 115,146 hits / 431 nets |
home | updates | download | manual | documents | feedback | search | ITS more |
|
DeleGate works as an application level proxy which interprets relayed protocol (control sequence and data structure) between a client and a server; various value added services are realized for recognized protocol. Also DeleGate works as a circuit level proxy which literally conveys transmission between a client and a server of arbitrary protocols on TCP or UDP.
DeleGate can be used to enforce access control
restricting remittable protocols,
reachable servers, and acceptable clients.
DeleGate forces delay for penalty on repetition of forbidden access,
or make defense
shutting down service and sending automatic reports to administrator
on suspicion of attack.
A basic logging on circuit level
common to arbitrary protocol
and protocol dependent logging in some common formats
are supported for some protocols.
DeleGate can act as a kind of
application level router,
controlling direct or indirect routes toward a destination server
by selecting upstream proxy or Socks server.
One of exploitable routes toward a server will be selected or tried in order
depending on application protocol, destination host and source client.
As an application level proxy, DeleGate interpretively relays
various application protocols, providing various value added services
including caching
or conversion
for relayed data, of which structure depends on each application protocol.
Based on interpretation of application protocols,
DeleGate can be used as a protocol gateway
which translates between client-side protocol and server-side protocol.
As a circuit level proxy, a DeleGate server literally conveys transmission
bound to a specified server of a specified application protocol on TCP or UDP,
or toward arbitrary servers based on Socks protocol.
As an application level proxy, DeleGate provides virtual view for resources
in other servers, by aliasing, merging, and hiding real names
(like URL which identifies a resource or a service) in real servers.
It is like a generalized mechanism of NFS file mount,
but unlikely it is realized by rewriting content of data.
In other words, this is a mapping (rewriting)
of virtual names in client
to/from real names in server,
where names are embedded in a protocol dependent data structure
on request/response messages between a client and a server.
With this function named mounting,
for example, a resource
http://hostiN/ is shown to client as if it is http://hostx/iN/.
MOUNT can be used to
customize
built-in icons and messages of DeleGate too.
Communication between client and DeleGate or between DeleGate and server
can be filtered or translated by user defined
filter
programs attached to DeleGate using a simple scheme named
CFI (Common Filter Interface).
Existing filter programs, from standard input to standard output,
can be used as a CFI program without modification.
Besides filtering by external programs,
some of frequently used filtering operations are built-in to DeleGate,
including HTTP header removal
and generation.
All of local files
of DeleGate, including log files and cache files,
are placed under an individual root directory (DGROOT)
as private files belong to the owner of the DeleGate by default.
But to share them among different users,
the path name, owner, and access permission of each file can be customized.
Also log file name can be parameterized with date value for
aging,
and cache file name can be parameterized with hash value to distribute
cache disks.
Although DeleGate can be controlled by a lot of options,
only -Pport option and
SERVER=protocol parameter
are mandatory to operate in most case.
The -P option specifies on which port DeleGate receives
requests from clients. SERVER
parameter specifies in which protocol
DeleGate communicates with clients, and optionally to which destination server
it will relay the communication.
Options can be loaded from local or remote resources
with "+=URL" notation,
typically from a local file like "+=/path/of/parameters"
(see Parameter Substitution)
(see DGCONF also)