6.6.1.2. Procedure – Customizing proxy attributes

What attribute-level configuration is needed depends on the exact requirements: if you simply need an FTP proxy that denies upload (write) requests, use the FtpProxyRO without modifications in your policy definitions – deriving a new class is unnecessary in this case.

However, if you would like to hide the browser type and operating system version information of your clients you can do it with a derived proxy class, by customizing some of its attributes. To hide browser type and operating system version information for instance, the creation of a custom User-Agent header is required. Although this may be accomplished on the client side (modifying all client web browsers), it is much easier to do with PNS.

The attributes configuration screen is divided into two main parts.

Customizing proxy attributes

Figure 6.52. Customizing proxy attributes

The upper textbox shows the list of custom, derived proxies along with the classes they were derived from (the Parent column). For the previous screenshot a simple HttpProxy, called MyHttpProxy was derived from the generic HttpProxy class.

  1. Navigate to Application-level Gateway > Proxies and select the proxy to customize.

  2. Click New under the lower table. The list of configurable attributes are displayed.

    Listing of proxy class attributes

    Figure 6.53. Listing of proxy class attributes

    Note

    A short description for each attribute is also displayed. For a complete description of proxy classes and attributes see the Proxedo Network Security Suite 2 Reference Guide.

    There are syntax rules for setting attributes properly. For more information on these rules, see the Proxedo Network Security Suite 2 Reference Guide or, to a limited extent, read all the available descriptions on the class selection screen.

    Tip

    AbstractProxy template descriptions are especially useful, since they contain the most information on syntax. For example, to set HTTP request headers in the traffic, see Section 4.6.2.2, Configuring policies for HTTP requests and responses in Proxedo Network Security Suite 2 Reference Guide.

  3. Select self.request_header attribute.

    The attribute appears in the Changed proxy attributes listing of the Application-level Gateway class configuration screen.

    The newly added self-request_header attribute

    Figure 6.54. The newly added self-request_header attribute

  4. Set the value of the attribute by clicking Edit. (The attribute Type is less relevant now.) A new window opens which is, by default, empty.

    Editing an attribute

    Figure 6.55. Editing an attribute

  5. Click the New button to define the name of the parameter you want to change.

    Modifying an attribute

    Figure 6.56. Modifying an attribute

    In this example HTTP request headers are configured. These are standardized in the corresponding RFC documentation or in any studies or literature on web server administration/programming.

    One of the request headers is called User-Agent which is the place to specify the browser type, version and operating system information. Popular statistics, such as the market share of web browsers, are based on this request header.

    By default, Application-level Gateway takes the original User-Agent header information it receives from clients and uses the same value in HTTP requests it generates.

  6. Enter User-Agent into the small dialog box to change the default behavior.

    You can see the name of the header changing (Key column), but the Type and Value columns still need to be changed.

  7. Left-click on the Type column of the row containing the previously entered User-Agent string, a drop-down list appears. In order to change the value of an existing attribute, select the type_http_hdr_change_value here, which changes the given header values.

    Selecting action type for the attribute

    Figure 6.57. Selecting action type for the attribute

  8. Click Edit to modify the Value column.

    Set the actual value of the User-Agent request header. The following window opens.

    Editing the value of the User-Agent header

    Figure 6.58. Editing the value of the User-Agent header

    This window presents another view of the attribute you are modifying now. The Type column of Figure Selecting action type for the attribute is now the first row in this window, while the Value column became the second row here; it is currently empty.

  9. Click Edit to set the Value column and enter a string.

    Editing the User-Agent header

    Figure 6.59. Editing the User-Agent header

    A string can be for example, My Browser.

    Note

    The web servers you visit from now on will see this information as the User-Agent header they receive, and may act strangely if they, or the content they serve (Java Servlets, for instance) are not prepared to handle unexpected values in User-Agent headers.

  10. The process of changing the desired proxy class attribute is complete, you can see the result in the Application-level Gateway class configuration window.

    The User-Agent request header attribute is changed

    Figure 6.60. The User-Agent request header attribute is changed