Proxy+ user's guide

Proxy +
User's guide

Last revision: 2002, Mar25
Upgrade is accessible here

Program version: 3.00

1. Intro

1.1 General description of the program

Proxy+ is a program enabling easy and safe access to Internet using the local network (LAN).

There are several options how to connect your LAN PCs to Internet:

The typical method uses the routing of data packets from the PC connected to Internet to the client PC in LAN. This station is hence also a part of Internet with all safety risks. All these stations must have its own individual IP addresses within Internet. This method is being abandoned because of the outer data attack risks and because of the saving of the IP addresses.
The second method is based on a "alternative" (proxy) server on a PC connected to Internet. Proxy server receives requests from LAN PCs and sends them to Internet servers. Because these LAN stations are communicating only with proxy server, they may have an IP address independent on Internet. Also the station is completely separated from Internet and it is completely safe from possible outer data attacks.
This method requires only one Internet IP address and it provides storing the flowing data to a disk cache (cache), and therefore you can speed up the reaction when different stations request the same data. Another main advantage is that with the correct PC setting the LAN is completely safe from the possible outer data attacks.
The disadvantage is that the proxy server works on the basis of protocols. That means that the proxy server is able to send only those requests it is able to understand and whose protocols allow it by their structure. Because not all existing protocols and services are compatible with proxy servers (their definition has emerged before the idea of proxy servers) it means you may encounter a problem using some services behind proxy server or they may be used with restrictions.
These problems are partially solved with SOCKS4 and SOCKS5 protocols that are already implemented in some new client programs. It doesn't restrict a common proxy server user.

1.2 What can you find in this manual and what can you find in Proxy+ help file

In this manual you will find mainly the procedures how to set client applications, how to set Proxy+, to provide you with requested work. There are also procedures how to recover some problems.

The Proxy+ help file contains the description of each settings entry of the proxy server.

1.3 Comments on manual

If there are active hypertext links (hyperlinks) to admin. pages in the text bellow, they are accessible only if the manual is viewed using Proxy+. They are not accessible if you read the help file directly from disk or your WWW browser.

1.4 Other information sources

Proxy+'s help file (proxyhelp.htm)
Using Help button on a WWW Admin page you get description of the form fields. Each WWW Admin page has its own help page.
Knowledge Base
There is a database of articles and examples accessible through the Internet using browser. See there: http://www.proxyplus.net/faq/scripts/searchkb.php .
Proxy+'s public mailing list
There is a mailing list where you can send your Proxy+ related questions.You have to subscribe to the list before. More instructions you can find there: http://www.proxyplus.net/en/mailinglist.htm .
Proxy+ email support
You can send a question to our technical personnel via E-Mail. Use following email address: support@proxyplus.net .

Note: actual list of available sources you can find there: http://www.proxyplus.net/en/support.htm .

2. Installation

2.1 Program needs

Operating system requirements
Windows 95 (we recommend OSR2 version), Windows 98/ME or Windows NT/2000, the TCP/IP protocol support installed. We recommend to use FAT32 on systems Windows 95/98/ME which uses the capacity of large hard drives more effectively than former FAT16 taken from MS-DOS.
Proxy+ doesn't need the newer version of Winsock.DLL and it also doesn't need the installation of system corrections - it works in standard installation of operating system with TCP/IP protocol support.

Hardware requirements
There are no special requirements on hardware. The size of used operating memory depends on actual size of disk cache, on the character of data stored there and on the number of users - its size is usually few hundreds of kB. For basic approximation you can count with 100 bytes of RAM for each object in disk cache.
The installation requires approx. 1MB on the destination drive. Sufficient space is needed for users post boxes, log files and space for disk cache on the destination drive (you can place it on another drive as well).

The PC with Proxy+ is usually provided with one or more net adapters for LAN connection and there is one modem to connect to the ISP (Internet Service Provider).

2.2 Installation of the program

The actual version of the program
The newest version of installation files is always placed on WWW address http://www.proxyplus.net. We recommend to keep an eye on changes and to get the actual version, which always includes new options and innovations or possible corrections of errors.

Installation
The program installs by executing of the downloaded file. During the installation you are offered to choose the destination directory and the type of installation. You can install it as a service using Windows NT - Proxy+ executes itself on start-up and it runs even if no user is logged-in.

Windows95/98
On PCs running this operating systems Proxy+ is viewed as a visible window. The window can be minimized by checking the check box on page Administrator/Additional.

Installation as a Windows NT service
Proxy+ can run on Windows NT as a service. In this mode there is no window or an icon of the program. Proxy+ runs on background and starts even if no user is logged into the system.
The Installation provides you with the service option, if you want to change the type of this start-up, you can use the command prompt executing the executable file of Proxy+ proxyplus.exe:

proxyplus.exe /remove
removes Proxy+ from the services database.

proxyplus.exe /install
adds Proxy+ to the services database.

If you want to stop the service Proxy+ manually, run the program Services from the Control Panel and from the list shown choose Fortech Proxy+. You can stop the service using the Stop button and start it again using the Start button.

2.3 Uninstalling the program

Proxy+ can be uninstalled using the program uninstall.exe. You can find it in the start menu or in the directory with installation. Uninstall can be chosen also from the Control Panel using the program "Add or Remove Programs".

Notice: Proxy+ doesn't install any parts to a different directory than the destination directory chosen. All settings are stored in the Windows register.

3. Using the admin. interface of the program

Proxy+ is configured via WWW browser only. You can start it from a PC running Proxy+ or from any PC with TCP/IP protocol with access to the PC with Proxy+.

3.1 Essential conditions to access admin. interface:

PC running Proxy+ and the PC with WWW browser must use the TCP/IP protocol option.
TCP/IP must be functional and correctly configured (correctly allocated IP addresses and host masks).
both PCs must be able to contact themselves using the TCP/IP. It is enough if the command "ping x.x.x.x" executed from the command prompt of the DOS window returns correct replies (x.x.x.x is an IP address of the second PC).
There must be Proxy+ running on one those PCs.
Proxy+ must not have restricting rules that block the access to the PC with WWW browser. If you access the admin. interface from a PC running Proxy+ the connection is always allowed.

3.2 WWW browser needs:

the browser should support frames.
the browser should work in graphic mode and display pictures.

Netscape and Microsoft browsers from version 3.X are fully convenient.

3.3 Address (URL) of admin. interface

Administrator's interface has this address: http://x.x.x.x:port, where http:// informs the WWW browser to use HTTP protocol, x.x.x.x is the IP address or the domain name of the PC with Proxy+ and the port is the number of the port, where the server expects the requests. The default value the Proxy+ uses is 4400. You can change this value.

Examples:
1) IP address of the PC with Proxy+ is 192.168.1.1 port interface is standard (4400)
URL: http://192.168.1.1:4400

2) IP address of the PC with Proxy+ is 192.168.1.1 port interface is changed to (1234)
URL: http://192.168.1.1:1234

3) If you start the WWW browser on the PC running Proxy+ you can use both consequent entries
URL: http://127.0.0.1:4400
URL: http://localhost:4400

Address 127.0.0.1 or the name localhost exists on each PC with installed TCP/IP support. If you use it as a destination address during TCP/IP communication, it is always a connection ending in the PC where the command was executed (so called loopback).

3.4 Disabling the access to admin. interface to a trespasser

You can restrict the access with these options

Enabling the access from specified IP addresses
On pages Security/Interfaces and Security/Clients you can define the list of IP addresses of PCs that are allowed to access all options of the program. Other users have the access denied - it applies to the access to WWW interface too.

Enabling the control of the name and password when accessing WWW Admin. pages
Using Administrator/General you can define the name of the user that should be held as the administrator of the program. Select the name and press the Set button. Check the Authenticate admin button and press the Save button. Each attempt to access the WWW interface enabling the changes in configuration will execute a task asking for the name of the administrator and his password (the password is equal to the one defined on the page Accounts/Users). This change requires restart of the Proxy+.

3.5 Saving the settings

Changes made in the configuration are needed to be saved - otherwise they would be forgotten after leaving the WWW interface. Changes are stored using the Save button, which is always at the bottom of the form.

Some changes are stored automatically, when you are generating them. It applies for all changes made in the lists using the Add, Remove, etc. buttons.

3.6 Activation of changes - program restart

Almost all settings are read during the start or restart of the Proxy+ program. Therefore it is required to restart the program after changes made using Administrator/Restart.

During the restart Proxy+ closes all connections (all services are finished and restarted again) and it reads the new configuration.

We recommend to control the ErrorLog res. ProxyLog after restart, whether there were any errors encountered during the start up (collision with the settings of other programs) or not and whether all services were loaded according to the new configuration.

4. How do I set...?

4.1 Correct settings of WWW browser to work with Proxy+

Important:
If you access the WWW interface from a browser that is set to access to Internet using Proxy+, set it in a way so it doesn't use the proxy when accessing the WWW admin interface.
For this reason the browsers have an option of exception entries, that is a list of addresses that are connected without using proxy. Enter the IP address of the PC running Proxy+ here, or also its domain name if you use it to access the admin. interface. If you don't do it, an unwanted automatic dialing may occur on dial-up links, because the WWW browser would access the interface as an ordinary Internet page. So it connects to HTTP Proxy service of Proxy+ and it passes the command to read the admin. interface page instead to connect to it directly. Proxy+ is using a special algorithm that is trying to detect these accesses and to redirect the requests from HTTP Proxy, but it works fine only if Proxy+ is able to detect all names and IP addresses, that can be used to access WWW interface.

4.1.1 Microsoft Internet Explorer 5.x

Go to the menu Tools/Internet Options/Connection. If you have displayed any account name in Dial-Up settings select Never dial a connection. Press LAN Settings... button. Uncheck Automatically detect settings and Use automatic configuration script. Set the Use a proxy server and fill the IP address of PC with P+ into Address. Set the entry Port to 4480. If there is a WWW server in your LAN check the Bypass proxy server for local addresses.

Press the Advanced button and in the lower part of the form fill in the line Do not use proxy server for addresses beginning with the address of the PC running Proxy+. If you use to access the admin interface the name of the PC then enter it also here (the entries are separated by semicolon).

! If you are configuring the browser which is installed o the same PC as the Proxy+ is running and you have connection to the Internet through switched phone line (analog or ISDN modem) you have to configure browser proxy settings related with modem connection too (select the connection name from the list and then go to the proxy settings using Settings button). For more details see our knowledge base article: http://www.proxyplus.cz/faq/scripts/searchkb.php?KBQUERY=ie5

If you want to use MS IE through SOCKS server you must uncheck Use the same proxy server for all protocols and then fill desired SOCKS server IP address into Proxy settings dialog's Socks line.

4.1.2 Microsoft Internet Explorer 4.x

View/Internet Options/Connection. Set here the Access the Internet using a Proxy server. Set the entry Address to the IP address of the PC running Proxy+.Set the entry Port to 4480. If there is a WWW server in your LAN check the Bypass proxy server for local (intranet) addresses. Press the Advanced button and in the lower part of the form fill in the line Do not use proxy server for addresses beginning with the address of the PC running Proxy+. If you use to access the admin interface the name of the PC then enter it also here (the entries are separated by semicolon).

If you do not want to use MS IE using HTTP Proxy interface but using SOCKS, delete in the dialog Proxy settings the entry in line HTTP and replace it with entry in SOCKS line. As the port number use 1080 or another if you have also changed the default settings of Proxy+.

4.1.3 Microsoft Internet Explorer 3.0X

View/Options/Connection. Check Connect through a proxy server to enable the access using a proxy server. Set the entry Address of proxy to use in lines HTTP:, Secure:, FTP:, and SOCKS to the IP address of the PC running Proxy+. Set the entry Port to 4480 in all lines except for the line SOCKS, enter 1080 there. If you do not use SOCKS applications, you can fill in only the first line of the table and checking the Use the same proxy server for all protocols you enable the same settings for all other protocols.If there is a WWW server in your LAN check Do not use proxy server for local (intranet) addresses. Fill in the IP addresses or domain names of the LAN servers to the line Do not use proxy server for addresses beginning with:. Add also the IP address (or addresses) of the PC running Proxy+ , res. its names you use to call admin. interface.

4.1.4 Netscape Navigator 4.X

Edit/Preferences. In the Category window choose the entry Advanced/Proxies. Choose Manual proxy configuration and press the View button. In lines HTTP:, Security:, FTP: fill in the IP address of the proxy server and the port number 4480. In the line SOCKS: fill in the IP address of the proxy server and the port number 1080 (only if you run applications that support SOCKS protocols). In the line Exceptions enter the IP addresses or domain names of servers that should be accessed directly (without using Proxy server). Add also the IP address (or addresses) of the PC running Proxy+ , res. also its names you use to access the admin interface.

If you do not want to use NN using HTTP Proxy interface but using SOCKS, delete in the dialog Manual Proxy Configuration the entry in the line HTTP: and replace it with the entry in the line SOCKS. As the port number use 1080 or another if you have also changed the default settings of Proxy+.

If there is a configuration of proxy servers in the SOCKS settings, the program Messenger (post client) uses the protocol SOCKS to read and send mails and to read News. You can use it with advantage for the simpler access to News Servers - you do not have to use mapped links.

4.1.5 Netscape Navigator 3.0X

Options/Network Preferences. Choose the bookmark Proxies. Check the Manual proxy configuration and press the View button. In lines HTTP:, Security:, FTP: fill in the IP address of the proxy server and the number of the port 4480. In line SOCKS: fill in the IP address of proxy server and the port number 1080 (if you are going to use some applications that support SOCKS protocols). In the line No Proxy for: enter the IP addresses or domain names of the servers you want to access directly (not using the Proxy server).

4.1.6 Opera 3.5x

Preferences/Proxy Servers. Check the HTTP, HTTPS and FTP. In the lines aside the check boxes enter IP:4480, where IP is the IP address of the PC running Proxy+ and 4480 is the default port number where HTTP Proxy works. Check Do not use proxy on: and enter the IP address of the PC running Proxy+ res. its name if you use it to access the WWW admin. interface of the proxy server.

4.2 Dialing

Generally there are three options how to connect to Internet:

Dial-up
Asynchronous dedicated line
Synchronous dedicated line

4.2.1 Dial-up

The most common option. The connection is realized using modem and ordinary telephone line. It is mandatory to connect first (to dial a phone number). Proxy+ supports user defined (manual) and automatic dial-ups / hang-ups.

4.2.2 Asynchronous dedicated line

A connection realized via leased line with asynchronous modems on both sides. The connected PC is connected permanently to the Internet.
In Windows there is not a good support for this type of connection - if a connection is lost, it is not automatically reconnected or restored. Therefore Proxy+ has some features implemented to correct the imperfections of this kind of connection in Windows.

The connection via asynchronous dedicated line is generally realized with the installation of the driver NULL modem which is used for the formation and configuration of the dial-up. The modems are configured to connect automatically without manual interference. Herewith the condition to support the physical connection is complete but it is necessary to connect in the logic layer (PPP protocol). That is done only using the activation of the dial-up connection.

4.2.3 Synchronous dedicated line

A connection with synchronous modems (cable, radio or satellite connection ...) or with restricted segment of LAN.
It is a connection where no action to connect are necessary (no dial-up needed).

4.2.4 Configuration of a dial-up

First you have to create a new configuration of a telephone connection to your ISP. You can use the icon "My computer/Telephone connection/New connection" (in Windows NT only "My computer/Telephone connection"). You should get the parameters needed from your ISP.

In Dialing/General Proxy+ shows the list of all telephone dial-ups defined in your PC. Choose the required connection shown in the list and fill in the name and password given to you by your ISP.
The setting Async Leased Line must remain unchecked - otherwise Proxy+ will not automatically hang up the connection. Furthermore Proxy+ would automatically dial up the connection when started.

Setting the automatic hang-ups
If you want Proxy+ to hang up the connection after a while (after the last activity shown by the user), set in Dialing/General the entry Enable auto hang up and set the required time of tolerated inactivity before hang up in Hang up timeout. The inactivity is in minutes, minimal value is 0.

Notice: Proxy+ registers each access to its services (doesn't apply to admin. interface and postal services) and after the specified action is finished, it keeps the user as inactive in the list for one more minute. During this time it doesn't hang up automatically. If you set the automatic hang up after 0 minutes, then the hang up takes place one minute after the user has finished to read pages from WWW server. This delay is necessary because otherwise the Proxy+ would have to dial up too often.

If an automatic connection was established to process mails the hang up is executed with no delay after all outgoing mails are sent and all incoming mails are received. But if there would be another service running during the postal process Proxy+ hangs up after the set delay.

Automatic dial-up
Proxy+ supports the automatic dial up connection at the beginning of the request to read or send data. On the page Dialing/Auto Dial you can specify what services are enabled to use automatic dialing. The first line can enable/disable AutoDial-up in global.

Proxy+ supports two modes for automatic dial-ups. Either it can dial without any further controls when no active connection to Internet is available (AutoDial if disconnected) or it will first try whether the requested server is not available without establishing a dial-up connection (for local server, Intranet WWW server) and only if it cannot reach the requested data it will dial up a telephone connection. You may choose between those two modes on the page Dialing/Auto Dial Extended.

AutoDial if disconnected
Advantage of this mode is that the reaction of proxy server is immediate - instantly after the request proxy will dial up. But if the request would be directed into local server, the dial-up would be unnecessary.
This mode is implicit.

AutoDial if unreachable
This mode's advantage is that it dials only in the case that it really is impossible to contact the requested target server without the dial-up. The disadvantage is that sometimes the determination of inaccessibility of the server may last quite a long time - tens of seconds to few minutes.

Because the servers with interesting data are mostly in Internet (a dial-up is required) it is better to choose the automatic dial up (if disconnected). If there is an intranet WWW server in the local net, you can configure your browsers in LAN using the exceptions not to use proxy servers accessing this server.

It is also good to configure Proxy+ to ignore dial-up requests when you enter into URL with disabled AutoDial the IP addresses and the name of local servers. The addresses are entered in URL mode.

Examples of disabled dial-ups:

192.168.0.1	address is located on the server 192.168.0.1
192.168.0.*	address is located on various PC in LAN with the range of IP addresses 192.168.0.0-192.168.0.255
http://	the address is on any WWW server
cgi-bin	address contains the text cgi-bin
*.asp	address ends with text .asp

Using alternative phone numbers
If your ISP has more different phone numbers, you can take the advantage of Proxy+ feature to change the phone numbers when connecting. If there is a busy line on one connection, the second may be free. Because Proxy+ attempts to connect to Internet for many times, then when the line is busy, it automatically switches onto the other.

To use alternative numbers set on page Dialing/Extended the option Use alternate phone numbers and fill in the list of phone numbers to the edit line Alternate phone numbers. Numbers are separated with a colon or a semicolon.

If the use of alternative phone numbers is off (default value), Proxy+ doesn't specify the phone number and the Windows system uses the number filled in its telephone connection.

Using the non-standard delay for automatic hang-up
Sometimes it is useful to set a different delay for a specific period to hang up the connection than the value specified in general with Hang up timeout in Dialing/General. If you set a short delay in the period of higher usage of Internet senseless hang-ups may occur - when Proxy+ hangs up the line a new request may appear and proxy dials again. If this happens too often, higher costs of the telephone service are about to show up than in the case of a longer uninterrupted connection.

Proxy+ supports to define alternative delay (shorter or longer than the standard one) and also the time schedule when the alternative delay should be used.
On page Dialing/Extended check Use alternate Hang up timeout and fill in the requested delay in minutes. In the check box field Alternate Hang up timeout is enabled in these hours fill in the hours in specific days of the week when alternative delay should be used.

4.2.5 Configuration of a asynchronous dedicated line

Configuration of Proxy+ to work with asynchronous dedicated line (ADL)
The settings for ADL is similar to "common" dial-up. The only difference is that the option Async Leased Line must be checked.
In the ADL mode Proxy+ automatically connect on the program start-up and it doesn't hang up automatically. But you are able to hang up the line manually from the admin. interface.

If there is no authentication needed on your ADL (name and password) fill in the lines User name and User password any characters (it shouldn't remain empty).

Notice: The configuration of the automatic hang up is ignored in this mode.

Because Windows do not have a support for this type of connection, it is necessary to configure Proxy+ to connect immediately when the connection is lost. It is necessary to enable the automatic dial-up from all used services and protocols. Herewith you secure that any request of data reading from Internet will automatically re-establish the connection.
You can also use Proxy+ mail server to re-establish the lost connection. Configure it to check whether there is a mail on your ISP POP3 server every 10 minutes. Enable the automatic dial-up from all mail actions and enable all hours in all days during the week on page Mail/Valid time intervals.

4.2.6 Configuration of synchronous dedicated line

Configuration of Proxy+ to work with synchronous dedicated line
On page Dialing/General choose the from the menu Select connection the option None (Leased Line) and press the Save button.

4.3 Demonstration of a post system settings

4.3.1 Setting of the download a mailbox from ISP's POP3 server

Example: We want Proxy+ to read messages from the account mbox on server mail.server.com and to store them in the local account of the user smith. The password to this mbox is 123456. Email address of the account mbox is jsmith@server.com.

Settings on page Mail/POP3 Download:

* Mail for local user: - from the list of shown local accounts choose the account smith (if it doesn't exist you have to create it first with Accounts/Users).
* EMail: - fill in jsmith@server.com. This entry doesn't have any effect on reading the mail from the server mail.server.com. It applies only for the outgoing mail from LAN through Proxy+. If the outgoing mail sent through Proxy+ is addressed to an email address identical to some entry in the POP3 Users list then it is sent locally. That means it is not sent via Internet, as it would end in mbox Proxy+ would receive it later again and after then it would deliver it to the user smith. Herewith we have achieved that there is no connection to Internet needed and the process is without delays. So the internet addresses of users can be used safely for inner-company mail delivery.
* POP3 server: - enter the name of the server where the mail box is located: mail.server.com. If the part of the email address after the "@" character is equal to the name of POP3 server, you can leave this line empty. (in our case the address would be jsmith@mail.server.com).
* POP3 Account: - the account name: mbox. This is the name Proxy+ uses to connect to POP3 server.
* POP3 Password: - password for the POP3 box. Enter 123456.

You can leave other options in their default values unless you want to configure Proxy+ to leave messages on the server or to use POP3 restrictions for example.

And then press the Add button. A new entry is added to the POP3 users list.

Now during each post process Proxy+ reads all messages from all boxes defined in POP3 users list. The process can be started automatically or manually.

Notice: If you add an entry with EMail already existing in the list, the existing entry will be replaced.

4.3.2 Setting of the storing of the POP3 box to a group of users

Example: We want to set Proxy+ to read messages from account mbox on server mail.server.com and to store them in local accounts of all users that are members of the group administration. Password for mbox is 123456. Email address for the account mbox is company@server.com.

On the page Mail/POP3 Download set:

* Mail for local user: - from the list of local accounts choose the account [administration] . The groups are distinguished from other entries with brackets ([group_name]). If there is not the required group, you have to create it on page Accounts/Groups.
* EMail: - enter company@server.com.
* POP3 server: - enter the name of the server where the post is: mail.server.com.
* POP3 Account: - name of the account: mbox. This is the name Proxy+ uses to connect to POP3 server.
* POP3 Password: - password for the POP3 box. Enter 123456.
* After download: - if you want to remove messages from the POP3 server select 'remove message from server', if you want to leave messages on the server select 'leave message on the server'.

You can leave other options in their default values unless you want to configure Proxy+ to leave messages on the server or to use POP3 restrictions for example.

And then press the Add button. A new entry is added to the POP3 users list.

After this process all members of the group will receive the same copy of the incoming message sent to company@server.com.

4.3.3 Setting of the reading of messages from POP3 box using the sorting rulesets

Example: We want to configure Proxy+ to read messages from the account mbox on server mail.server.com and to sort those messages to local users using the sorting rulesets sorting. Password for mbox is 123456. Email address for mbox is company@server.com.

The sorting of the messages read from POP3 server is usually used if:
- it is a mail box of the "domain" mail - mail server stores messages for the whole domain into a single mailbox.
- messages directed to more email addresses is stored to a single mailbox (primary address has more aliases).

On the page Mail/POP3 Download set:

* Mail for local user: - from the list of local users choose <sorting> . The sorting rulesets are distinguished from other entries with angle brackets. If there is not the required ruleset then you have to create it with Mail/Sorting Rules.
* EMail: - enter company@server.com.
* POP3 server: - enter the name of the server where the post is: mail.server.com.
* POP3 Account: - name of the account: mbox. This is the name Proxy+ uses to connect to POP3 server.
* POP3 Password: - password for the POP3 box. Enter 123456.

You can leave other options in their default values unless you want to configure Proxy+ to leave messages on the server or to use POP3 restrictions for example.

And then press the Add button. A new entry is added to the POP3 users list.

When reading new messages, each message is going through the procedure, that delivers the message to the local users according to the sorting ruleset sorting.

4.3.4 Basic demonstration of a ruleset (domain box)

Example: The company uses for incoming messages a domain box, that means it has a registered domain and the ISP's mail server stores all incoming messages into one single mailbox. We want to configure the sorting rulesets to sort the messages according to the content of the header field "To:".

user	email addresses	search strings
smith1	jsmith@company.com orders@company.com	jsmith, orders
smith2	ksmith@company.com	ksmith
marlowe	pmarlowe@company.com	pmarlowe
[administration]	company@company.com	company

Further, if no matching rule is found, we want user marlowe to receive the message.

Settings:

On page Mail/Sorting Rules create new sorting ruleset. Enter the name (e.g. sorting) to New ruleset name and press Add button. In Defined rules choose the new rule and press Edit.

On a new page we define the characteristics in this way:
Default user: - the implicit user is marlowe. So please choose his name from the list.
Carbon copy user: - you can choose a user who will get a copy of each message that goes through the sorting rules.
User defined head: - serves to define the sorting according to the non-standard header.
Append to rule: - because all processed email addresses end with the same text @company.com, we can enter this text into this line. Then the search string will not look for jsmith, but for jsmith@company.com.
Note: sometimes it would be fine if the content of the Append to: item is not appended to the rule keyword. In the case add '~' character to the end of the keyword. Example: jsmith@anothercompany.com.

After you have finished filling up the header of the ruleset press the Save button.

1) Settings for the user smith1:

User: - choose user smith1.
To: - enter the text: jsmith ; orders

Press Add button. In the list Defined rules the entry smith1 < OR;To:jsmith ; orders appears.

2) Settings for the user smith2 :

User: - choose the user smith2.
To: - enter the text: ksmith

Press Add button. In the list Defined rules the entry smith2 < OR;To:ksmith appears.

3) Settings for the user marlowe:

User: - choose the user marlowe.
To: - enter the text: pmarlowe

Press Add button. In the list Defined rules the entry marlowe < OR;To:pmarlowe appears.

4) settings for the group of users [administration]:

User: - choose the user [administration].
To: - enter the text: company

Press Add button. In the list Defined rules the entry [administration] < OR;To:company appears.

4.3.5 Demonstration of a ruleset ("aliases" for mailboxes)

Example: The company uses for incoming messages one mailbox that receives messages for different email addresses. We want to configure the sorting ruleset to sort them according to the content of the header "To:".

The sorting is similar as in the case 4.3.4 ..

4.3.6 Demonstration of a ruleset (name sorting)

Example: The company uses for incoming messages one mailbox only. There is no domain post nor aliases defined. The e-mail address of the box is company@server.com. We want to configure the sorting rules to sort the messages according to the content of the header "To:".

Theory: The mail client (which creates the message) enters the name and e-mail address of the recipient to the "To:" header field. The entry looks like this: name <email address>. The name is sometimes in quotation marks.

Example:
John Smith <jsmith@server.com>
"Joseph Smith" <jsmith@server.com>

We can sort the messages coming to a single email address if they differ in the text in the header (excluding the angled brackets) according to the content of this header.

Let's say we want to sort the post for Peter and John. User john is the default user of the sorting ruleset. We assume that John's messages will contain the search string "john" in the header "To:" and Peter's the string "peter".

user	name in the email address	search string
john	John Smith	john
peter	Peter Smith	peter

Create a new sorting ruleset on page Mail/Sorting Rules. Enter a new name (e.g. sorting) to New ruleset name and press Add. In Defined rules choose a new rule and press Edit.

On a new page we define the characteristics in this way:
Default user: - we have chosen as the default user the user john. So we choose his name from the list.
Carbon copy user: - if you choose a user he will get a copy of each message that goes through the sorting rules.
User defined head: - serves to define the sorting according to the non-standard header. We do not use it in our case
Append to rule: - We have to leave this line inactive because we do not sort according to the email address but according to the plain text in the entry "To:" only. Or we have to append '~' character to rule keyword.

Press Save button after entering the header of the sorting rules.

1) Settings for the user john:

User: - choose user john.
To: - enter the text: john. We can use john~ too (to disable the Append to feature for the keyword).

Press Add button. In the list Defined rules the entry john < OR;To:john appears.

2) Settings for the user peter:

User: - choose user peter.
To: - enter the text: peter. We can use peter~ too (to disable the Append to feature for the keyword).

Press Add button. In the list Defined rules the entry peter < OR;To:peter appears.

We can also define this ruleset easier. If we say that John should get all messages excluding those containing the search string "peter" , it is obvious that for a correct sorting it is enough to let john be the default user and to declare the sorting rule for user peter only. So we can pass the step 1) in the above text.

4.4 Demonstration of settings of client applications

All examples mentioned bellow take into account that Proxy+ runs all required services at default configuration. For example that HTTP Proxy is enabled and runs on port 4480.

4.4.1 FTP clients

Leech FTP
In the form accessible from the menu File/Options enable the option Firewall. Set these entries:

(*) USER@HOST

Host name and port of proxy server - fill in the name or IP address of the PC running Proxy+ and enter FTP Gateway port (4421) behind the colon, e.g. 192.168.0.1:4421

Then enable the option HTTP and set:

HTTP Proxy - fill in the name or IP address of the PC running Proxy+ and enter the HTTP Proxy port (4480) behind the colon, e.g. 192.168.0.1:4480

Leap FTP
In the form accessible from menu Options/Preferences/General enable option Proxy. Set there these options:

[X] Enable Proxy
Host - fill in the name or the IP address of the PC running Proxy+.
Port - enter the FTP Gateway port number (4421).

(*) USER user@host
[ ] Use PASV mode - must not be checked!!!

LeapFTP supports also work under SOCKS protocols:

[X] Enable Proxy
Host - fill in the name or the IP address of the PC running Proxy+.
Port - enter the port number of SOCKS interface (1080).

(*) SOCKS firewall

FTP Explorer
In the form accessible from menu View/Options enable the option Firewall. Set these entries:

(*) Use Firewall

Host - fill in the name or the IP address of the PC running Proxy+.
Port - enter the FTP Gateway port number (4421).

(*) USER user@hostname

[ ] Use PASV mode must remain empty

CuteFTP
In the form accessible from menu FTP/Settings/Options enable the option Firewall. Set up these entries:

Host - fill in the name or the IP address of the PC running Proxy+.
Port - enter the FTP Gateway port number (4421).

(*) USER user@site

[X] Enable firewall access

[ ] Use PASV mode must remain empty

4.4.2 Mail clients

The mail clients on the LAN stations where Internet is accessible through Proxy+ have in general these options for sending and receiving messages:

1) Using the mailing system of Proxy+
Proxy+ reads the content of POP3 box in Internet, saves it to local disk and the mailing programs collect the messages from Proxy+. The outgoing messages are sent first to Proxy+ and it sends them away according to defined specifications further to Internet. From the view of the mail client Proxy+ behaves as a complete SMTP and POP3 mail server.

User must have an account created on Proxy+ (Accounts/Users) and correctly configured the entry in Mail/POP3 Download to read mailbox from Internet server.

You can also sort with advantage the incoming messages, deliver the local messages (they do not go through Internet - no connection is needed), associate users to groups, automatically send and receive all messages at the same time, etc.

2) Direct access to SMTP and POP3 server through Mapped Links.
If you want the mail client to have a direct access to its mailbox, you can connect it via Proxy+ using the definition of mapped links. It will redirect all requests and data onto the target mail server.

There are two mapped links to be set in Proxy+ first to a SMTP server in Internet (for outgoing mail) and the second to a POP3 server (to receive incoming mail).

To configure the mapped links correctly, you need to know that the SMTP protocol (outgoing mail server) uses the port number 25 and POP3 (incoming mail server) port number 110.

Entry in Defined links: should look like this:

TCP 4425 mail.server.com:25
TCP 44110 mail.server:110

We have chosen the local port numbers 4425 for SMTP and 44110 for POP3 protocol.

You need to set the mailing client to use the PC running Proxy+ as the outgoing mail server on port 4425 and the same computer for the incoming mail but on the port 44110.

If you enable the automatic dial-up for Mapped Links the mail client has the possibility with a simple request (to send or to receive mails) to open up a connection.

POP3 Mapped Links
Proxy+ supports special mapped connection for POP3 protocol - POP3 Mapped link. Proxy+ is able to determine name of POP3 server from the request and then use only one mapped connection for reading mail from more than one POP3 servers. To make POP3 Mapped Links works correctly, mail client must be configured to send name of mailbox in following format: mailbox_name#POP3_server_name. So it's necessary to modify POP3 account setting, all other settings are the same as above.

3) Direct access to SMTP and POP3 server using SOCKS.
If the mail client supports SOCKS protocol and you want for any reason to let it access to mail servers in Internet directly this mode is simpler and lucid than Mapped Links.

It is necessary to set up the mailing program to use the PC with Proxy+ as a server with SOCKS protocols (version 4 or 5). The standard port number for SOCKS protocol is 1080. This protocol must be enabled in Proxy+ configuration of course (page Proxies/Mapped Links).

If you enable the automatic dial-up for SOCKS protocol the mail client has the possibility with a simple request (to send or to receive mails) to open up a connection.

Outlook Express - connecting to mailing system of Proxy+

Example: On the PC running Proxy+ we have defined an account of the user test with password 12345. Mailing system of Proxy+ is correctly configured and reads the mailbox from Internet and stores it into the box of the test user. We want Outlook Express on the local LAN station to receive the content of the box of this user.
Proxy+ runs on a PC with the IP address 192.168.0.1

Definition of a new account:
Through menu Tools/Accounts ask for the form Internet Accounts. Press Add button and choose the option Mail from the list given. A wizard guiding you through the new account creation will start. Fill in or check these entries:

Name that will be stored as a part of outgoing mails you send.
Your email address.
Type of incoming mail server: POP3
Incoming mail (POP3) server: 192.168.0.1
Outgoing mail (SMTP) server: 192.168.0.1
Logon using
POP account name: test
Password: 12345
Internet mail account name: enter the name under which the new account will be shown in the list of accounts.
Connect using my local area network. Important, otherwise Outlook Express will activate telephone connection.

Changing already existing account:
In Tools/Accounts ask for the Internet Accounts. Choose the required account from the list and press the button Properties. In the shown form change these entries:

in the marker Servers:

Incoming mail (POP3) server: 192.168.0.1
Outgoing mail (SMTP) server: 192.168.0.1
Logon using
Account name: test
Password: 12345

in the marker Connection:

Connect using my local area network (LAN)

Notice: If the account has been created with a different type of server for incoming mail than POP3 (IMAP) you have to delete this account and create a new one.

Netscape Messenger 4.5 - connecting to the mailing system of Proxy+

Example: On the PC running Proxy+ we have defined an account of the user test with password 12345. Mailing system of Proxy+ is correctly configured and reads the mailbox from Internet and stores it into the box of the test user. We want Netscape Messenger on the local station in LAN to receive the content of the box of this user.
Proxy+ runs on a PC with the IP address 192.168.0.1

Definition of the account in the program:
In menu Edit/Preferences choose Preferences. Then choose Mail & Newsgroups/Mail Servers. The entry Outgoing mail (SMTP) server set to 192.168.0.1

Definition of the incoming mail server:
If the requested server is already specified in Incoming mail servers, choose it and press Edit. If there are IMAP servers defined you have to delete them. If the list is empty, press Add button. In the new form set following entries:

Server name: 192.168.0.1
Server type: POP3 Server
User name: test
Remember password
finish with OK button

During the first upload of mail from POP3 server Messenger asks you for a password. Type in 12345.

4.4.3 Other applications

ICQ

ICQ must communicate via SOCKS5 through Proxy+ to work correctly . That means Proxy+ must have enabled the use of this protocol in Proxies/General and ICQ must use proxy with SOCKS5. Because ICQ doesn't use the ability of SOCK5 protocol to translate domain names of ICQ servers to IP addresses, all domain names of ICQ servers in the list of ICQ client must be translated to their IP addresses manually (it is enough to place the IP address of any server on the first position).

Description of ICQ configuration:
From the main menu activate the option "Preferences", choose the bookmark "Connection" and set these characteristics:

"I'm using a permanent connection to LAN" and "I'm behind a firewall or proxy"

Press the "Firewall Settings" button and set "I am using a SOCKS5 Proxy server"

Press "Next" button and enter the IP address of the PC running Proxy+ in the line "SOCKS5 host". To "SOCKS5 port" enter number 1080 (or other you set up in the settings of SOCKS protocol in Proxy+).
If you are using ICQ 99a or newer enable the option Resolve IP.
If you use Proxy+ version older than 2.10 make sure that the option "Use RFC1929 authentication for SOCKS" is disabled. Newer versions of Proxy+ already support the authentication of the user.

Finish with pressing the "Next" button. In the next dialog window you are advised to test the connection through Proxy+. If your Proxy+ is already connected to Internet, use the button "Check My FIREWALL / Proxy Settings" to test, if the settings are correct.

Press "Done" button.

If the PC with ICQ uses the DNS server (that means the PC has configured a DNS server with the ability to translate the names of PCs in Internet to IP addresses or in Proxy+ there is the function DNS Forwarder enabled), you do not have to apply the next step.

ICQ (versions older than 99a only !) doesn't work correctly behind proxy server if it is unable to get the IP address of the ICQ communication servers (icq.mirabilis.com). You can solve the problem if you fill in the list of servers the ICQ is using also their IP addresses. First you have to detect the IP address of some server. You can do so easily using the ping.exe command from the DOS prompt window in Windows.
Run on the PC with active connection to Internet from Start menu program "Command prompt" and in the DOS window command ping icq.mirabilis.com. In the first line of the reply the program writes in crotchets the IP address of the server. The other lines are not interesting. Because the name icq.mirabilis.com is serving to more PCs repeating the ping command you get several different IP addresses.

Setting the IP addresses of servers:

In "Preferences" choose "Servers" and pressing "Remove" button you delete all servers in the list. Then with "Add" button add at least one server, fill in the IP address to "Address" and the number 4000 to the line "Port". It is better to add more than one IP address, because if one server doesn't work ICQ tries to contact another from the list.

Instructions to install ICQ:
If you are installing ICQ you must define the ICQ server after the installation and before the first start (specify its IP address, see above) in the guide through the registration of a new user using the "For Admin Use" button. Further you must define "Connection Type" as "LAN User/I am behind a firewall or proxy". After pressing "Next" you must fill in the configuration.

Yahoo Pager
In the form accessible from menu Edit/Preferences choose Connection. Set there these options:

(*) Use proxies

[x] Enable HTTP proxy
Server Name - fill in the name or the IP address of the PC running Proxy+.
Server Port - number of proxy server port. Enter 4480 (or other if you have changed the default value of HTTP Proxy in Proxy+).

[x] Enable SOCKS Proxy
Server Name - fill in the name or the IP address of the PC running Proxy+.
Server Port - number of SOCKS server port. Enter 1080 (or other if you have changed the default value of SOCKS server in Proxy+ settings).

Yahoo Pager supports the use of SOCKS protocol in version 4 and 5. Set version 5 (contains the support of domain names translation to IP address so you do not have to enable DNS Forwarder).

If you use Proxy+ version 2.10 or older you have to disable the authentication of the user in the settings of SOCKS protocol of Yahoo Pager.

4.5 Mapped Links

4.5.1 Setting the News

Protocol used to read News doesn't contain the proxy server protocol support. To read News behind proxy server the client has to support either SOCKS protocols or a mapped link must be used and the client software has to be configured to use proxy server as its News server.

Example:
There is a content of several News groups on server news.server.com. We want to read some of them.

Theory:
News protocol uses the port number 119 to communicate.

Configuration:
On page Proxies/Mapped Links set:

Type: - select the TCP type.

Proxy Port: - you have to choose a port number here. The only condition is that the number must be from the range 1-65535 and it must not be used on a PC running Proxy+ by any other program. If you use only one mapped link for News (or you define a first connection for News) you may with advantage use the number 119.

Target host: news.server.com:119

Press the Add button. In the list of mapped links Defined Links a new entry appears. Changes made in the settings are applied after restart of Proxy+.

Now you must set all News clients in LAN. When When creating the entry of a new News server you must set its IP address res. its name to the IP address of the PC running Proxy+ . As the port number of News server you must enter the number of the port you entered in the Proxy Port settings (shows in the list of defined connection at the beginning of the line).

4.5.2 Setting the IRC

Newer IRC communication programs supports SOCKS protocols and it is good to configure them to use these protocols. Programs that do not have the support of SOCKS can communicate with IRC through Mapped Links.

Example:
We want to communicate using IRC with users on PC irc.server.com.

Theory:
IRC servers are using the port number 6667 as a standard.

Settings:
On page Proxies/Mapped Links set:

Type: - select the TCP type.

Proxy Port: - you have to choose a port number here. The only condition is that the number must be from the range 1-65535 and it must not be used on a PC running Proxy+ by any other program. If you use only one mapped link for IRC (or you define a first connection for IRC you may with advantage use the number 6667.

Target host: irc.server.com:6667

Press the Add button. In the list of mapped links Defined Links a new entry appears. Changes made in the settings are applied after restart of Proxy+.

Now you must set the IRC clients in LAN to use the PC running Proxy+ as the target IRC server.

4.6 Access List

Proxy+ v 2.30 (build #99) and higher has a possibility to restrict any services. It's based on Access Lists. Evaluation of these Access Lists makes it possible to build complex rules.

Basic features of Access Lists:

two levels of Access Lists definition - first Access List Objects (ALO) are defined. Then Access List Rules (ALR) are build from them.
variability - Access List Objects can be arbitrary combined in Access List Rules.
The system is designed to be easily extendable with new ALOs in the future..

4.6.1 Access List Objects (ALO)

Access List Objects are elementary pieces of Access List Rules. Every ALO defines condition which is tested during ALR evaluation. Result of this ALO influences validity of whole ALR. Condition for the ALO is defined by its parameter which specifies allowed range of tested values (e.g. list of client computers IPs, list of destination URLs etc.).

Every ALO is defined by these elements:

object name - text string (max 20 characters). You can use these characters only: 0'..'9', 'a'..'z', 'A'..'Z', '.' '-' a '_' . Name is NOT case sensitive and it MUST be unique.
object type - one of predefined types: ClientIP, InterfaceIP, URL, AdminURL, ContentType, Time, ServiceName, Parameter, UserLogin, HTTPRequest, RewriteWith.
object parameter - defines ALO "value" which is used for evaluation of ALO validity. Every ALO MUST have one valid parameter at least.

General rules for ALO parameters specification:

Each object can have more than one parameter defined. All parameters are separated by coma (if the parameters are in a file on a disc, each parameter must be on a separate line).
The char ',' (coma) mustn't be a part of the parameter. In regular expressions there is a workaround for it. You can escape the coma using \xnn definition (see Regular expressions). The coma has value 44 (decimal representation) in the ASCII table. The hexadecimal value is x2C so we can use \x2C instead of ',' character in regular expressions. It secures the Proxy+ will not recognize the character as parameter separator.
In normal text parameters there is no way to escape the coma character. Each coma is treated as parameter separator everytime.

Each parameter can start with "!", that will cause the negation of the former parameter.

Parameters can be stored in the textual file. In the case following conditions have to be met:

the file is textual and it must use Windows native textual file format. It means every line must end with CRLF sequence (you can use Notepad to edit the file for example).
each parameter has to be on separate line. It means there must be no ',' (coma) in the line.
line starting with '##' characters is ignored - you can use the sign to write comments.
empty lines are ignored.
when the file contains a line with ',' (coma) or the line is longer than 1024 characters then Proxy+ aborts loading the file.
Proxy+ loads only first 1000 parameters from the file.

General rules of ALO evaluation:
ALO is evaluated as valid during ALR evaluation if at least one of its parameters meet the current request.

Predefined ALO types:
Proxy+ predefines these ALO types: ClientIP, InterfaceIP, URL, AdminURL, ContentType, Time, ServiceName, Parameter, UserLogin, HTTPRequest, RewriteWith. Following text describes them in detail:

ClientIP
Description:
ALO of this type specifies clients (computers which generate requests) based on their IP address. For example it can be used to restrict access to Proxy+ functions to specified computers on local network only.

Parameter:
IP address can be specified in several ways. The range of validity can be inverted by "!" character. For example: 192.168.0.1 means that condition is valid if the request comes from computer with IP 192.168.0.1, whereas !192.168.0.1 means that condition is valid if the request doesn't come from computer with IP 192.168.0.1.

a) single IP address
IP address of single computer is specified as parameter.

Example:
192.168.0.10 - computer with specified IP address
192.168.0.10, 192.168.0.25 - computers with specified IP addresses
!192.168.0.10 - all computers except the one with specified IP address

b) range of IP addresses
range of addresses specifies lower and upper values of range separated by "-" character.

Example:
192.168.0-192.168.0.32
192.168.100-192.168.0.150, 192.168.0.200-192.168.1.0
!192.168.0.0-192.168.0.32

c) range specified by network address and subnet mask
it's standard way of IP addresses range definition. Network address and mask are separated by "/" character.

Example:
192.168.0.0/255.255.255.0
192.168.0.0/255.255.255.240, 192.168.1.0/255.255.255.0
!192.168.0.0/255.255.255.0

d) range specified by network address and number of valid bits of address from the left
its another commonly used format. Network address and number of valid bits are separated by "/" character. Number of valid bits is from range 0..32.

Example:
192.168.0.0/24
192.168.0.0/30, 192.168.1.0/24
!192.168.0.0/24
InterfaceIP
Description:
ALO of this type allows/denies access according to an address of an interface through which the request comes to computer with the Proxy+ (analogy to Secure Interfaces). Its easy to deny access to the Proxy+ from the Internet by allowing access only through local network interface (Ethernet card).
Meaning and usage is the same as in the ClientIP object type.

Warning:
If you want to allow/deny access even from the computer on which the Proxy+ is running it's necessary to specify IP address 127.0.0.1 (localhost) too.
Time
Description:
Time specification influences validity or ALR according to time.

Parameter:
Parameter of this ALO specifies time range during which the ALO is valid. Format of this parameter is following:
D:H:M where D stands for name of weekday or its abbreviation, H stands for hour from range 0..23 and M stands for minute from range 0..59. Any part (D, H on M) can be omitted and then its value is any from its range.

Example:
Monday:14:05 - every Monday at 2:05 PM.
Mo:00:00 - every Midnight from Sunday to Monday
16:20 - every day at 4:20 PM.
Wed:: - every Wednesday, whole day
Friday:15: - every Friday, from 3:00 PM to 3:59 PM.

a) time range specified by the start time and the end time
Parameter is specified by the start time and the end time of the range separated by "-" character.

Example:
Mon:7:30-Fri:16:00 - from Monday 7:30 am to Friday 4:00 PM
13:00-17:00 - every day from 1:00 PM to 5:00 PM
!Wed:: - whole week except Wednesday

b) time range specified by the start time and the duration
The requested range is defined by the start time and the duration separated by "/" character. The duration is in format H:M, where H is the hour in the range 0..23 and M is the minute in the range 0..59. The longest range is then 23 hours 59 minutes.

Example:
Monday:16:20/4:00 - start time on Monday at 4:20 p.m., duration 4 hours
!10:00/35 - always true except for 35 minutes starting at 10:00 a.m. each day
URL
Description:
Its purpose is to allow/deny access either to specified URL (e.g. WWW page address) or to specified server.
Notice: This object type never applies to WWW Administrator interface - invalid setting doesn't temper the access to the administration of Proxy+.

Parameter:
Text string which is compared to name of document (for services which support requesting of concrete documents - www, HTTP Proxy, FTP Proxy, Gopher Proxy) or to name of destination computer (for services which support server specification only - Telnet Gateway, Mapped Links, ...).
The parameter can contain wildcards "*" which stand for any other characters. Or the parameter can contain more powerful regular expression.

Examples:
http://www.server.com - all URL addresses starting with http://www.server.com
http://www.server.com/directory - all URL addresses starting with http://www.server.com/directory
http://www.server.com/document.html - document with address: http://www.server.com/document.html
*.gif, *.jpg - all files with URL ending with *.gif or *.jpg
*/cgi-bin/* - all files with URL containing text /cgi-bin/
!*.gif - all files with extension different from .gif
AdminURL
Description:
Analogy to URL object type with the difference that AdminURL applies only to pages of administrator interface of Proxy+.
ContentType
Description:
This object allows to restrict access to data files on WWW servers according to their types. WWW server sends a header first which should contain definition of file type (in Content-Type field). Proxy+ allows comparison of the type of the file and the type defined in the ALO definition and thus allow/deny retrieving of the object.

Object type is defined as type/subtype by WWW server, where type specifies main type of object and subtype specifies kind of type. For example file containing ordinary WWW page has type text/html, text file (with TXT extension) as type text/plain.

List of mostly used types of files on WWW servers:
text/html, text/plain - text files
image/gif, image/jpg - image files
application/octet-stream, application/msword - data files (e.g. executable .EXE files, etc)

Parameter:
Text specifying mask which is compared to type obtained from Content-Type line of file header. It can contain wildcards "*" which stand for any characters. Or the parameter can contain more powerful regular expression.

Example:
application/* - all files marked as applications by the WWW server.
!image/* - all files non marked as images.
text/html - files with WWW pages only.

ServiceName

Description:
Allows/denies access to Proxy+ service by internal service name.

List of Proxy+ services:

ADMIN	WWW interface for administrator to change Proxy+ settings.
FTP	FTP Proxy - accepts requests on the same port as HTTP proxy does (4480). WWW browsers use this service.
FTPG	FTP Gateway - gateway for communication between FTP clients and FTP servers
GOPHER	Gopher Proxy - accepts requests on the same port as HTTP proxy does (4480). WWW browsers use this service.
HTTP	HTTP Proxy - accepts requests from WWW browsers for getting data from WWW servers over the Internet.
HTTPS	Analogy to HTTP Proxy, it works with encrypted (secured) data transmission.
ICP	ICP (Inter Cache Protocol) Server which increases effectivity of cooperating proxy servers.
MAPPED	Mapped Links.
SOCKS4	SOCKS4 protocol which enables access to the Internet to applications whose own communication protocol is not supported by proxy servers (IRC, Telnet, ...)
SOCKS5	SOCKS5 enhances service of SOCKS4 protocol by UDP support.
RAUDIO	Real Audio Proxy (PNA Proxy) - serves for transfer of audio and/or video.
TELNET	Telnet Gateway.
WWW	Internal WWW server of Proxy+.

Parameter:
Name of service (or comma separated names). Its possible to use wildcards "*" in the name of service. Or the parameter can contain more powerful regular expression.

Example:
HTTP allow access over HTTP proxy interface
HTTP* allow access over HTTP and HTTPS proxy interface
!HTT*,FTP,Gopher deny access to HTTP Proxy, HTTPS Proxy,FTP Proxy and Gopher Proxy services

Parameter
Description:
This ALO is special. It defines parameter to be passed to Proxy+ service in case that Pass action is result of ALR evaluation (hidden completing of request for username and password).
ALR line describing Pass action is valid if Parameter ALO is specified on the line.

Parameter:
Text which will be passed to running Proxy+ service in case the line with ALR containing this object type is evaluated as valid (true).

Setting username and password for automatic access authentication on WWW server:
Syntax:
username : password ( ! without blanks ! )

Example:
user:passwd1 - example of parameter for Pass action - the request will be completed as if the user sets name user and password passwd1.
UserLogin

Description:
This access list object allows to restrict user access according to specified name and password.
If the UserLogin object is used in Access List rules, Proxy+ automatically sends a request for name and password to the browser in case that the UserLogin object is evaluated as invalid. A browser should display a dialog where the users can specify the login credentials. If the line with a UserLogin object is not reached during the Access List Rules processing, the browser does not have to send credentials. It's possible to turn on sending of the request by changing the HTTP Proxy authentication setting on the Proxy Settings\Proxies\HTTP Proxy page of the WWW Admin interface.

Parameter:
A text defining a list of allowed names and passwords. Credential pair is a colon ":" separated value of name:password and these pairs are coma "," separated. A name and a password can be empty (alone colon) or checking against local accounts can be used.

Syntax:
name:password

Following applies:
- there must not be an extra space between the name and the colon and between the colon and the password.
- the name and the password must not contain a colon character.

Special values:
:local: - perform check against the local accounts.
:: - (two colons without spaces) same as previous.

Example:
john:secret - the object is evaluated as valid only if the user uses john as a name and secret as a password.
john:secret,john:,:: - the object is evaluated as valid only if the user uses john as a name and secret as a password or uses john as a name and an empty password or the user is defined in the local accounts.
!john:secret,:local: - the object is evaluated as valid only if the user uses a name other than john/secret or the user is defined in the local accounts (the example only demonstrates usage of '!' in the object. In the real world the example is not usable. But maybe..).

HTTPRequest

Description:
This object allows (in conjunction with RewriteWith object) to rewrite a URL address (or a whole browser request line) which a browser requests from Proxy+ and redirect this to some other address (other WWW server).
This object type defines the part of a URL which will be replaced. The RewriteWith object defines the replacement.

The HTTPRequest object can be used instead of URL object too. Because it gets all the first line of browser request as the input (including HTTP method definition) it can depend on method name or HTTP protocol version (you can create an accesslist which allows only GET requests for example).

Whole first line of the browser request is on the input. This line contains three parts: an HTTP method definition (GET, POST, PUT, HEAD, ...), an document address definition (including parameters) and a version of used protocol. This line usually looks like this:

GET http://www.server.com/directory/document.htm HTTP/1.1

(note: the document part contains servername and protocol definition everytime. It is because the browser is sending the request through proxy. URLs which doesn't contain protocol or server definition aren't valid and Proxy+ generates an error message in the case).

The HTTPRequest object can specify any part of the line to be rewritten, mostly first two. If the object parameter value is not found (or the request head doesn't match a regular expression definition) the object is evaluated as invalid and a rewriting rule is not applied.

Note: if you are using HTTPRequest object to rewrite the request it's good to mix it with an URL object (or another HTTPRequest which is declared in the rule line before the object defining the part of request which should be rewritten) - and thus limit the URLs which could be rewritten.

Parameter:
A text defining what will be replaced by a RewriteWith object parameter value or the text which has to be found in the input.
You can use plain text (usable in limited number of cases) or likely more complex and powerful regular expressions.

The object became valid if the keyword in its parameter field is found in the input or the input matched a regular expression.

For plain text following applies:
- it's not possible to use wildcards (the '*' doesn't mean a wild-card, it is a regular character). E.g. 'www.server.com/*' will try to find a text containing an asterisk.
- search is NOT case sensitive (if you are using regular expression you can use (?-i) modifier to interpret the expression case sensitively).

Common conditions apply to regular expressions (see regular expressions). We advise to use built-in RegExp helper to test regular expressions.

Syntax:
plain text or regular expression

Examples:

Description	HTTPRequest	RewriteWith
Denying of the EXE files (replace all HTTP requests for getting EXE file by link to an HTML page on different WWW server)	~.\shttp://./.\.exe(\s.)	GET http://192.168.0.1/accessdenied.htm$1
Redirect accesses to www.server.com to other address (www.myserver.com)	~(.\s.://)www\.server\.com(/.\s.)	$1www.myserver.com$2
Denying of using IP addresses of WWW servers in requests (replace all links using IP addresses by an error message)	~.\s.://(\d{1,3}\.){3}\d{1,3}.(\s.)	GET http://myserver.com/accessdenied.htm$2

Note: all reqular expressions must be started with '~' or '/r' or '/R'. In other case the expression are evaluated as as usuall wildcard string.

RewriteWith

Description:
This access object defines the text which will be used as a replacement of a text defined in a HTTPRequest Object used within Rewr ACL rule.
It's nonsense to use a RewriteWith object alone or within other than Rewr rule (the object is always evaluated as valid).
Note: if more than one HTTPRequest object is used on the same line with RewriteWith object, all HTTPRequest objects must be evaluated as valid and only the last one will be used as a template for rewriting.

Parameter:
Definition of a text which will be used as a replacement of the text specified by an HTTPRequest object. It's possible to use back references to subexpressions by $n, where n is 1,2,3,4, ... (note: 0 means whole regular expression).

Examples:
See examples above in the HTTPRequest object

Notice
Proxy+ checks definition of ALOs when reading their definitions. ALOs with errors are ignored and are reported into ErrLog.txt file. For example, wrong parameter specification is an error.

List of active ALOs can be displayed using Administrator WWW interface.

4.6.2 Access List Rules (ALRs)

ALRs define actions using appropriate ALOs. These actions will be performed on basis of comparison of client request parameters (e.g. to allow/deny access).

Rules for writing ALRs:

ALRs are written on separate lines to text field in Administrator Interface (Access List/Rules). Keep in mind that:

on one line only one rule can be defined
each rule starts with action type declaration which will be performed if conditions in all named ALOs are met. It means that each rule must start with one of the following: Allow, Deny, Pass, Rewrite.
each rule must use one ALO at least - rule with action type declaration only is invalid.
number of ALOs for one rule is limited to 20.
keywords and names of ALOs are space separated

Format of one ALR line:
action_type ALO1 ALO ALO3 ... ALON

where action_type tells Proxy+ what to do in case that the line is evaluated as valid (true), and ALO1,...ALON are names of ALOs.

Action_type can be:

Allow - to allow an access.
You can use these synonyms too: Grant, Accept.
Deny - to deny an access.
You can use these synonyms too: Disallow, Reject.
Pass - to allow an access and complete the request with username and password if the request goes to WWW server in the Internet or to the Administrator Interface of Proxy+. This enables transparent access to WWW pages which require password. User doesn't have to know the password, he/she doesn't even know that WWW server requires password for this page. If the client's request already contains information with username and password Proxy+ doesn't rewrite this information (the request will be send with user defined username and password).
Pass type action requires Parameter ALO on the line defining this ALR. Username and password are read from this ALO.

Rewrite - rewriting rule. This action allows to modify client's HTTP request using HTTPRequest and RewriteWith objects. This action can be used only on a WWW server and an HTTP Proxy services (including FTP and Gopher Proxy).
It's possible to use synonym: Rewr

The name of ALO can start with exclamation mark "!" optionally. Such an ALO is valid if none of its conditions is valid (result is negated after evaluation of ALO validity).

Rules for ALR evaluation:

Proxy+ consider the ALR as valid if all conditions defined by its ALOs are valid.
result of ALO evaluation is negated if its name start with "!" character in the ALR definition.
Proxy+ supposes by default that the result of access check after applying all ALRs will be Allow action, which means allow access. It means that empty list of rules allows any access to any data. Similarly, if there is no rule which is met, the access is allowed. So if you want to deny all unallowed actions you have to specify it by the last rule which denies all actions.
ALRs are evaluated is the order they are defined in list.
rules processing is over when first rule is evaluated as valid, following rules are ignored.

Notice
Proxy+ check syntax of ALRs when reading their definitions. Lines with errors are ignored and are reported into ErrLog.txt file. Specification of name of non existing ALO is considered as error.

List of active ALRs can be displayed with Administrator WWW interface.

4.6.3 Examples of Access List Rights

In all following examples we'll suppose that:

Proxy+ runs on computer with IP address 192.168.0.1. We'll call this computer the server.
computers on local network use IP addresses in range from 192.168.0.0 to 192.168.0.255, subnet is then 192.168.0.0/255.255.255.0.
we'll call the computer with IP address 192.168.0.10 as PC1.
lists of Access List Objects and Access List Rules are empty.
using of Access List Rules is enabled (Access List/General in Proxy+ settings).

Example 1

Description:
We want to deny access to all Proxy+ services for PC1.

Definition of ALOs:
We'll create ALO and we'll name it PC1. ClientIP will be type of this ALO and IP address of PC1 will be its parameter, which is 192.168.0.10.

Following line will appear in the list of ALOs (Defined objects) if defined correctly:
PC1=ClientIP;192.168.0.10

Definition of ALRs:
We'll type following line into Access List Rules on page Access List/Rules:
deny PC1

Finally we'll save new list of ALRs by pressing Save button and then we'll restart Proxy+.

Example 2

Description:
We want to deny access to all Proxy+ services for all computers except PC1.

Definition of ALOs:
We'll create ALO and we'll name it PC1. ClientIP will be type of this ALO and IP address of PC1 will be its parameter, which is 192.168.0.10.

Following line will appear in the list of ALOs (Defined objects) if defined correctly:
PC1=ClientIP;192.168.0.10

Definition of ALRs:
We'll type following line into Access List Rules on page Access List/Rules:
deny !PC1

The "!" character at the beginning of ALO name makes the rule valid everytime when the access comes from computer with IP address different from 192.168.0.10.

Finally we'll save new list of ALRs by pressing Save button and then we'll restart Proxy+.

Alternate solution:
This example can be solved by redefinition of the ALO which is used in the ALR then.

Definition of ALOs:
We'll create ALO and we'll name it NPC1. ClientIP will be type if this ALO and negation of IP address of PC1 will be its parameter, which is !192.168.0.10.
The "!" character makes the ALO valid only if it's compared to an IP address different from 192.168.0.10.

Following line will appear in the list of ALOs (Defined objects) if defined correctly:
NPC1=ClientIP;!192.168.0.10

Definition of ALRs:
We'll type following line into Access List Rules on page Access List/Rules:
deny NPC1

Finally we'll save new list of ALRs by pressing Save button and then we'll restart Proxy+.

Example 3

Description:
We want to deny access to all Proxy+ services for PC1 in time between 7:30 am and 5:00 PM.

Following lines will appear in the list of ALOs (Defined objects) if defined correctly:
PC1=ClientIP;192.168.0.10
TIME=Time;07:30-17:00

Definition of ALRs:
We'll type following line into Access List Rules on page Access List/Rules:
deny PC1 TIME

This combination of PC1 and TIME ALOs makes the rule valid only if the request comes from computer with IP 192.168.0.10 in time between 7:30 am and 5:00 PM.

Finally we'll save new list of ALRs by pressing Save button and then we'll restart Proxy+.

Example 4

Description:
We want to allow access to HTTP Proxy service only for all computers.

Definition of ALOs:
We'll create ALO and we'll name it HTTPProxy. ServiceName will be type of this ALO and text "HTTP" will be its parameter.

Following lines will appear in the list of ALOs (Defined objects) if defined correctly:
HTTPProxy=ServiceName;HTTP

Definition of ALRs:
We'll type following line into Access List Rules on page Access List/Rules:
deny !HTTPProxy

Finally we'll save new list of ALRs by pressing Save button and then we'll restart Proxy+.

Example 5

Description:
We want:

to deny access to all Proxy+ services for all non local IP addresses (especially for those on the Internet)
to allow access to HTTP Proxy, FTP Proxy and FTP Gateway services for all local computers during working hours (from 7:00 am to 3:30 PM). Access is denied on Saturday and Sunday too.
to allow reading ordinary WWW files (text pages and images) for all local computers.
to allow everything for PC1 which is used by company director and thus it's not restricted by previous rules.

Definition of ALOs:
We'll create ALO and we'll name it PC1. ClientIP will be type of this ALO and IP address of PC1 will be its parameter, which is 192.168.0.10.
Next we'll create ALO and we'll name it LocalIP. ClientIP will be type of this ALO and list of local IPs will be its parameter, which is 192.168.0.0/255.255.255.0.
Next we'll create ALO and we'll name it Proxy. ServiceName will be type of this ALO and list of allowed services will be its parameter, which is text "HTTP, FTP, FTPG".
Next we'll create ALO and we'll name it TIME. Time will be type of this ALO and time range will be its parameter, which is 7:30-15:30.
Next we'll create ALO and we'll name it SaSu. Time will be type of this ALO and specification of weekend days will be its parameter, which is text "Saturday, Sunday".
Finally we'll create ALO and we'll name it Content. ContentType will be type of this ALO and list of allowed file type will be its parameter, which is text "text/*, image/*".

Following lines will appear in the list of ALOs (Defined objects) if defined correctly:
LocalIP=ClientIP;192.168.0.0/255.255.255.0
PC1P=ClientIP;192.168.0.10
Proxy=ServiceName;HTTP,FTP,FTPG
TIME=Time;07:00-15:30
SaSu=Time;Saturday,Sunday
Content=ContentType;text/*,image/*

Definition of ALRs:
We'll type following line into Access List Rules on page Access List/Rules:
allow PC1
deny !LocalIP
deny LocalIP !TIME
deny LocalIP !Proxy
deny LocalIP SaSu
deny LocalIP !Content

ALRs can be specified as following too:
allow PC1
deny !LocalIP
deny !TIME
deny !Proxy
deny SaSu
deny !Content

It's possible because we filtered out IP addresses of computers with specific access rights on first two lines, so no computer with IP different from those defined in LocalIP can reach rules on line 3 and further and thus it's possible to skip LocalIP in definition of those ALRs.

Finally we'll save new list of ALRs by pressing Save button and then we'll restart Proxy+.

Example 6

Description:
We want:

to allow access to WWW server www.company.com during working hours (from 7:00 am to 3:30 PM). Everything is allowed for local computers out of this time.
to deny access to Proxy+ services for all non local computers.

Definition of ALOs:
We'll create ALO and we'll name it LocalInt. InterfaceIP will be type of this ALO and IP address of interface through which requests can come will be its parameter, which is 192.168.0.1.
Next we'll create ALO and we'll name it TIME. Time will be type of this ALO and time range will be its parameter, which is 7:30-15:30.
Next we'll create ALO and we'll name it Address. URL will be type of this ALO and text "www.company.com" will be its parameter.

Following lines will appear in the list of ALOs (Defined objects) if defined correctly:
LocalInt=InterfaceIP;192.168.0.1
TIME=Time;07:00-15:30
Address=URL;www.company.com

Definition of ALRs:
We'll type following line into Access List Rules on page Access List/Rules:
deny !LocalInt
deny LocalIP !Address TIME

Finally we'll save new list of ALRs by pressing Save button and then we'll restart Proxy+.

Example 7

Description:
We want to complete requests from computer PC1 with username and password when accessing documents on WWW server.

URL addresses of secret documents starts with: www.server.com/secret

Username is: user
Password is: passwd1

Following lines will appear in the list of ALOs (Defined objects) if defined correctly:
PC1=ClientIP;192.168.0.10
Secret=URL;http://www.server.com/secret
Password=Parameter;user:passwd1

Definition of ALRs:
We'll type following line into Access List Rules on page Access List/Rules:
pass PC1 Secret Password

Finally we'll save new list of ALRs by pressing Save button and then we'll restart Proxy+.

4.7 User defined error messages

Proxy+ generates an error WWW page anytime it encounters an error during the request processing (HTTP Proxy, FTP Proxy a Gopher Proxy). Templates built-in into the program are used as representative by default. User can use his/hers own templates (e.g. to translate error messages to some other language than English). User defined error messages are stored in HTML files.
These files have fixed filenames, which are created from error message types. These files should contain some keywords which will be replaced by real information (error description etc...) before sending it to the browser,

Rules for template creation:

all templates with htm suffix are stored in one directory. Proxy+ searches for these files in subdirectory ErrorPages by default (in the directory where Proxy+ was installed).
the filenames are defined (see below).
Proxy+ suppose that the pages contain valid HTML code.
maximal size of the template file is 10kB. Bigger files are ignored.
maximal number of lines in the template is 100. Other lines are ignored.
every template should contain appropriate keyword which will be replaced by accordant information (error code, description, ...) by Proxy+.
if there are images to be included in the HTML code the image definition must contain full path to the server where the image is stores. This server should be located in the LAN (on the same PC as Proxy+ is running on if possible - built-in WWW server can be used).

List of available keywords:

@_reason_@
Will be replaced by description of error message.
@_info_@
Will be replaced by additional status information.
@_info2_@
Used in Access Denied messages as line number referrer of access rules (in Access Lists).
@_ip_@
Will be replaced by IP address (Access Denied message due to a Security settings).
@_url_@
Will be replaced by document URL which caused the error.
@_errcode_@
Will be replaced by number of error code.
@_version_@
Will be replaced by program version information.
@_proxy_@
Will be replaced by text: <font color="#FF0000">Proxy</font><font color="#0000FF">+</font>, which is a HTML definition of text: Proxy+.
@_date_@
Will be replaced by the current date and time.
@_file_@
Will be replaced by the name of template file.
@_errorname_@
Will be replaced by the name of error message (name of the error type).
@_ie5padding_@
It generates approximately 512 bytes of garbage which is added into HTML page as a hidden text (as a comment). MS IE 5.X replaces original error messages by its own explanation of the problem if the error page is not long enough.

Usage of basic keyword @_reason_@ @_info_@ @_info2_@ @_ip_@ @_url_@ @_errcode_@ depends on the template type. Every type of error messages allows only some keyword to be used (if non valid keyword is used, it won't be replaced because the given type of error message doesn't generate appropriate text message or event).
Other keyword (@_version_@, @_proxy_@, @_date_@, @_file_@, @_errorname_@, @_ie5padding_@) don't depend on message type and can be used in any template.

Types (names) of error messages:

General
General type of error message.
Usable basic keywords: :@_reason_@ @_errcode_@
DeniedByACL
Usable basic keywords: @_reason_@ @_info_@ @_info2_@ @_url_@
AdminDeniedByPswd
Usable basic keywords: @_reason_@ @_url_@
DeniedByInterface
Usable basic keywords: @_reason_@ @_ip_@
DeniedByClientIP
Usable basic keywords: @_reason_@ @_ip_@
AdminNotFound
Usable basic keywords: @_reason_@ @_url_@
AdminBadURL
Usable basic keywords: @_reason_@ @_url_@
FTPProxy
Usable basic keywords: @_reason_@ @_info_@
GopherProxy
Usable basic keywords: @_reason_@
Connection
Usable basic keywords: @_reason_@ @_url_@ @_info_@
BadRequest
Usable basic keywords: @_reason_@
License
Usable basic keywords: @_reason_@ @_info_@
DisabledByCfg
Usable basic keywords: @_reason_@
WWWNotFound
Usable basic keywords: @_reason_@ @_info_@
WWWUnsupported
Usable basic keywords: @_reason_@ @_info_@

Template filenames:
Filenames are derived from error message names - error message name (see previous paragraph) is suffixed with .htm extension. E.g. errors caused during making connection to the WWW servers are described in Connection.htm template.

Steps performed by Proxy+ when looking for templates:
If it is enabled to use user defined error messages, Proxy+ looks for the accordant file in the directory with templates. If it cannot be found, Proxy+ looks for Generic.htm. If it cannot be found too (or used), Proxy+ uses internal description of error.

4.8 User defined AccessLog.txt file

Proxy+ stores statistics information about using its services by LAN clients into the AccessLog.txt file. This information is stored in internal format by default which contains all information about program services but is not compatible with any spread format used on the Internet. If you want to make statistics by some specialized log analyzer, you want to setup Proxy+ to store the information in the format which the analyzer understand. Such format won't allow storing of full statistics as most of analyzers expect the log file in some predefined format which contain information about some services only. Mostly it's about HTTP, HTTPS, FTP and GOPHER protocols. Proxy+ offers other services (SOCKS, Telnet, Mapped links, Real Audio, ...) which have different characteristics than the previous, so information in AccessLog.txt is different. Directives describing format of user defined records are designed to allow processing of amount of transferred bytes for such services (URL is replaced by "-" in this case).
Proxy+ supports user defined format of AccessLog.txt by wide set of directives, which specify where and which information should be used. There are several predefined wide spread formats.

The definition is composed from directives enclosed by '<>'. Every directive is then replaced by according information. Characters between directives are not modified or omitted and are placed to the AccessLog.txt file.

Note: natural format of AccessLog.txt file is not represented internally by formatting directives, but it's optimized part of program code.

Definition of the current time format

<h>	hour represented in two digit form (00-23)
<m>	minute represented in two digits form (00-59)
<s>	second represented in two digits form (00-59)

Definition of the current date format

<y>	year, short, two digit form (00-99)
<Y>	year, long, full, four digit form (..., 1999, 2000,...)
<d>	number of the day in the month (01-31)
<D>	full English name of the day in the week (Sunday,...Saturday)
<Ds>	short English name of the day in the week (Sun,.. Sat)
<m>	number of the month, two digits form (01-12)
<M>	full English name of the month (January,...December)
<Ms>	short English name of the month (Jan,..Dec)

Definition of AccessLog.txt line format

<ld>	current local date.
<lt>	current local time.
<d>	current local date represented in the UTC.
<t>	current local time represented in the UTC.

When using previous four definitions the resulting time format is defined by the time and date definitions according to the "Custom time field definition" and "Custom date field definition" on the Log Files/Access Log Format page of the Proxy+ admin interface.

<z>	shift of the local time from the UTC (hours).
<-z>	inverted shift of the local time from the UTC (hours).
<sqtime>	the time and the date in the Squid (proxy server) form (number of second from epoch, 01/01/1970, with 3 decimal numbers precision).

<ip>	the IP address of computer from which the request came.
<auth>	the username if it was authenticated request.
<url>	the URL of the requested document (e.g. http://www.proxyplus.cz/aaa/ccc/ddd.html). Spaces and other special characters are converted according to the HTTP definition to hex representation (%xx). Valid data are returned if it is the HTTP request only (HTTP, HTTPS, GOPHER). Otherwise the "-" character is returned.
<action>	first line of the HTTP request from the client (e.g. GET http://www.proxyplus.cz/ HTTP/1.1). Must be used in the "<action>" form (text enclosed by quotes or other similar characters), because the resulting text contains the spaces, which are used as column delimiters on the line. The text is identical with the text sent by the client - spaces or other characters are not converted to valid characters. If the request wasn't served by HTTP Proxy service then the <action> represents description of requested action (news.czech.net:119 (119) , UDP Associate 0.0.0.0:1034 (Relay:1.1.1.10:4794)).
<request>	similar to the <action> but valid data are returned only if the requests passes HTTP service (HTTP, HTTPS, GOPHER and FTP), otherwise "-" character is returned.
<code>	the state code of the HTTP which was sent to the client during request processing.
<bytes>	the number of bytes transferred during request processing.
<bout>	the number of bytes send to the server
<bin>	the number of bytes received from the server
<dur>	the time (in ms) needed for request processing
<method>	the HTTP method used for the request (e.g.: GET)
<ctype>	the definition of the type of the transferred data (Content-Type). Valid only for HTTP Proxy.
<service>	the name of the used service (HTTP, HTTPS, Mapped, Telnet, SOCKS,....).
<dhost>	the name of the destination server (server where the request was sent). It can be the destination WWW server or the parent or neighbor proxy server.
<dip>	the IP address of the destination server
<dport>	the number of the destination TCP/IP port
<proto>	the name of the protocol in the Proxy+ form (HTTP,..., SOCKS, Telnet)
<sqcode>	the resulting code of the request in the Squid format (Squid result code, e.g.: TCP_REFRESH_HIT/304).
<sqhcode>	the information about the path via which the request was processed (Squid hierarchy code, e.g.: NONE/-, PARENT_HIT/cache.server.com).
<msproto>	the name of the protocol in the MS Proxy form (http, https, ftp, gopher).
<mssrc>	the source in the MS Proxy form (Object Source in the MS Proxy log definition). Describes from where and how the data were obtained (directly from the WWW server, from other cooperating proxy server etc...)

Examples:

Format of the Squid proxy server:

Custom logfile definition

Format of the W3C definitions:

Custom logfile definition	<ip> - <auth> [<ld>:<lt> <z>] "<request>" <code> <bytes>
Custom time field definition	<h>:<m>:<s>
Custom date field definition	<Ms>/<d>/<Y>

Format of the Microsoft Proxy 2.0 server:

Custom logfile definition	<ip>, -, -, N, <ld>, <lt>, 1, -, -, <dhost>, <dip>, <dport>, <dur>, <bout>, <bin>, <msproto>, -, <method>, <url>, <ctype>, <mssrc>, <code>
Custom time field definition	<m>/<d>/<y>
Custom date field definition	<h>:<m>:<s>

4.9 Regular expressions

Since 2.50 version Proxy+ supports regular expressions in near all options which allowed use of wildcard characters only in previous versions of Proxy+ (URL filters, ACL Objects...). Regular expressions are powerful instrument which allow to search text strings or to change the text (replace some parts of the text by new ones).

Regular expression you can imagine itself as a string of characters you want to find in the another text string. For example the ''proxy' is an regular expression which tries to find text 'proxy' (in the case if the input text will be 'application level proxy server' the regular expression will match - it finds out the 'proxy' substring in the source text). It is the easiest example of the regular expression. To be more complex and powerful the regular expression allows to use some special constructs and control characters like '*' or '^' or subexpressions. For more continue reading...

Basic rules:

Any single character matches itself, unless it is a metacharacter with a special meaning described below. It means 'a' will match 'a' first a character in the input text.
A series of characters matches that series of characters in the target string, so the pattern "proxy" would match "proxy''.
there are some special characters (metacharacters) which have special meaning. For example '$' matches the end of input string so regular expressions 'a$' will find out the 'a' character at the end of input string. Complete list of special characters you can find in the table below:
You can cause characters that normally function as metacharacters to be interpreted literally by prefixing them with a "\''. For example, "^" match beginning of string, but "\^" match character "^", "\\" match "\" and so on.
Characters may be specified using a metacharacter syntax : "\n'' matches a new line, "\t'' a tab, "\r'' a carriage return, "\f'' a form feed, etc. More generally, \xnn, where nn is a string of hexadecimal digits, matches the character whose ASCII value is nn.
You can specify a character class, by enclosing a list of characters in [], which will match any one character from the list. If the first character after the "['' is "^'', the class matches any character not in the list.
Within a list, the "-'' character is used to specify a range, so that 'a-z' represents all characters between "a'' and "z'', inclusive. If you want "-'' itself to be a member of a class, put it at the start or end of the list, or escape it with a backslash.
The following all specify the same class of three characters: [-az], [az-], and [a\-z]. All are different from [a-z], which specifies a class containing twenty-six characters.
If you want ']' you may place it at the start of list or escape it with a backslash.
Finally, the ".'' (period) metacharacter matches any character.
You can specify a series of alternatives for a pattern using "|'' to separate them, so that fee|fie|foe will match any of "fee'', "fie'', or "foe'' in the target string (as would f(e|i|o)e). The first alternative includes everything from the last pattern delimiter ("('', "['', or the beginning of the pattern) up to the first "|'', and the last alternative contains everything from the last "|'' to the next pattern delimiter. For this reason, it's common practice to include alternatives in parentheses, to minimize confusion about where they start and end.
Alternatives are tried from left to right, so the first alternative found for which the entire expression matches, is the one that is chosen. This means that alternatives are not necessarily greedy. For example: when matching foo|foot against "barefoot'', only the "foo'' part will match, as that is the first alternative tried, and it successfully matches the target string. (This might not seem important, but it is important when you are capturing matched text using parentheses.)
Also remember that "|'' is interpreted as a literal within square brackets, so if you write [fee|fie|foe] you're really only matching [feio|].
The bracketing construct ( ... ) may also be used to define subexpressions. Subexpressions are numbered based on the left to right order of their opening parenthesis. First subexpression has number '1' (whole regular expression match has number '0' - you may substitute it as '$0' or '$&').
a subexpression can be referenced using $n where n is 1,2,3,4,.... It is useful in RewriteWith Access List Object for example.
Any item of a regular expression may be followed with digits in curly brackets.
The syntax is: {n,m}, where n gives the minimum number of times to match the item and m gives the maximum. The form {n} is equivalent to {n,n} and matches exactly n times. The form {n,} matches n or more times. (If a curly bracket occurs in any other context, it is treated as a regular character.)
Note: The "*" modifier is equivalent to {0,}, the "+" modifier to {1,} and the "?" modifier to {0,1}. There is no limit to the size of n or m, but large numbers will chew up more memory and slow down regular expression execution.

Proxy+ specific rules

Near all options which serves to filter something allow to use both an old patterns (using wild character strings) and regular expression. To be compatible with older versions of Proxy+ wild-card pattern is used by default. If you want to instruct Proxy+ to evaluate a pattern as regular expression you must put an regular expression identification at the beginning of the pattern (first character) the '~' character or '/r' or '/R' sequence. The identification isn't a part of the expression - it is deleted from the pattern before expression is evaluated.

Examples:

*.exe	is an old style pattern which searches for '.exe' at the end of input text
~\.exe$	is a regular expression which does the same thing

By default all regular expressions used in Proxy+ evaluate the input text case insensitively. If you want to make a regular expression (or a subexpression) case sensitive use (?-i) modifier.

List of metacharacters allowed in expressions:

^		A circumflex at the start of the string matches the start of a line
$		A dollar sign at the end of the expression matches the end of a line
.		A period matches any character
\		quote next character. Example: \* causes the * will be treated as a normal character.
*		An asterisk after an item matches any number of occurrences of that item. Examples: bo* matches : bot, bo, bobo, booooooo, b, ab, aba. It doesn't match : Bo, aa (bo)* matches: b, bxx, bos, bobos. It doesn't match : a, axx Note: Similar to {0,}
+		A plus sign after an item matches any non-zero number of occurrences of that item. Examples: bo+ matches : bo, boa, abo, bobo. It doesn't match : b, ba,aba (bo)+ matches: bo, boa, bobo, abo. It doesn't match: b, ba, aba Note: Similar to {1,}
?		A question mark after an item matches one or none occurrence of that item. Example: bo? matches : b, bo, boo, ba, aba. It doesn't match : a, caaa Note: Similar to {0,1}
*{n}*		Matches exactly n times. Example: ab{1} matches : ab, abaa, abab, cccabaa. It doesn't match : a , aaa, baa
*{n,}*		Match at least n times. Examples: ab{1,} matches : ab, abaaa, ababb. It doesn't match : aaa, baaa
*{n,m}*		Matches at least n but not more than m times. Example: ab{1,2} matches : ab, abab, abbbb. It doesn't match : aaa, baaa
*[aeiou0-9]*		matches a, e, i, o, u, and 0 thru 9. Examples: [abc] matches: a, best, abc. It doesn't match : d, def. [a-d] matches: a, best, cdef, 12d. It doesn't match : A, ABCDEF, 34.
*[^aeiou0-9]*		matches anything but a, e, i, o, u, and 0 thru 9. Examples: [^ab] matches : test, AB, abcd. It doesn't match : a, b, ab, ba. [^0-9abcde] matches : test, AB, 145aBcef. It doesn;t match : a, b, 358. ab[^A-Z] matches : abcd, Aab987. It doesn't match : a, ab, abA, abG.
\w		matches any single character of the alphabet (including "_"). Examples: \w matches : a, A, :abcd, 10a . It doesn't match : 10, :{}111. [0-9]\w matches : 5A, 8ooo, 254m . It doesn't match : 5%
\W		inverse operation to \w. (matches any non-alphabetical character, excluding '_') Example: \W matches : 10, mp3.com . It doesn't match : alpha .
\d		matches a numeric character. Example: \d matches : mp3.com, 213 . It doesn't match : www
\D		matches a non-numeric character: Example: \D matches : www, 123m . It doesn't match : 123, 1
\s		matches any space character (same as [ \t\n\r\f]). Example: \s matches: there is a space. It doesn't match : nospace .
\S		matches a non-space character. Example: \S matches : any . It doesn't match : \t
*\1 .. \9*		defines a backreference to previous subexpression. Example: (abc)\1 matches :1abcabcaaa, abcabcabc . It doesn't match : abc, abcab . ((abc)\2)\1 matches : aaabcabcabcabcaa . It doesn't match : abcabcabca .
\b		word boundary Example: \bexpression matches :expression and subexpression . It doesn't match : subexpression .
\B		Opposite to \b (matches if there is no word boundary). Example: \Bexpression matches :expression and subexpression . It doesn't match : expression .

Note: in the examples above characters which matched the expression are underlined. It means you can see where the match occured.

Greedy and Non-greedy modes:
By default all regular expressions are greedy. It means they match as many characters as possible. For example the "a*" or "a+" will match the entire string "aaaaaaaa".
An expression in the non-greedy mode matches as few as possible characters. For example the "a*?" will match empty string, "a+?" will match one (first) character "a" and "a{2,10}?" will return "aa" string.

Most of metacharacters can be used in non-greedy mode - just add '?' to the metacharacter: '*?', '+?', '??', '{x,y}?' .
You can use the 'g' modifier top switch off the greedy mode globally: start reguar expression with ' (?-g)'

List of modifiers you can use in expressions:
(?i) switches on case insensitive evaluation (used by default)
(?-i) case sensitive evaluation
(?-g) switches greedy mode off
(?g) switches greedy mode on

Note: if the modifier is used before a subexpression it affects only the subexpression:
(?i)(proxy) server - will match 'proxy Server' but will not match 'Proxy server' nor 'Proxy server' string

You can place multiple modifiers between parenthesis:
(?i-g) to use case insensitive evaluation and non-greedy mode
(?-ig) case sensitive evaluation and non-greedy mode

How to use regular expressions in Proxy+
Because Proxy+ supports wild-card definition of searched text too we have to tell the Proxy+ what type of searching pattern we are using. If the first character of the pattern is '~' or the first characters are '/r' or '/R' the pattern is evaluated as a regular expression. In old cases it is treated as a wild-card pattern.

An example of wild-card pattern:
*.exe

An example of regular expression:
~\.exe$

RegExp helper
Proxy+ includes an utility which allows to test your regular expressions. It is called 'RegExp helper' and you can access it using Proxy+'s WWW Admin interface (Proxy Settings\Utilities\RegExp helper)

Examples of regular expressions:
Note: you have to prepend the expression with '~' or '/r' or '/R' if you will use the expression in Proxy+ options.

\.gif$ - matches all URLs which ends with '.gif'. Note - the '.' (period) is quoted using backslash.
.*\.gif$ - does the same thing.
\.(gif|jpg|png)$ - matches all URLs which ends with '.gif' or '.jpg' or '.png' - i.e. it selects most of images the browser tries to download
\.(mp3|exe)$ - matches all URLs which ends with '.EXE' or '.MP3' extensions (case insensitive).
.*://www\.server\.com.* - matches all URLs which contain ://www.server.com - i.e. any protocol (http://, ftp://,..) and www.server.com server.

4.10 Plugins

Since 3.00 version the Proxy+ supports external expansion modules - so-called plugins. A third party company can write a module which will add new functions to the Proxy+. Plugins can be used to allow to use another application in the Proxy+ (for example a plugin can be used to check messages for viruses using your favorite virus scanner).

4.10.1 Plugin installation and registration

Proxy+ is able to use only these plugins which were registered and enabled before. If you have got a new plugin you have to register it using Proxy+ WWW Admin page (Plugins\Plugin settings\Register a new plugin). If the plugin was successfully registered you have to enable it - the related option you can find on the WWW Admin page which displays all registered plugins (Plugins\Plugin settings\Registered plugins). Check the appropriate checkbox in Enabled column. Then press the Save button to save your changes.

Note: the standard plugins (which are included in the installation of Proxy+) are registered by setup utility automatically. But you have to enable plugins you want to use.

4.11 Checking of messages for viruses

Since 3.00 version the Proxy+ includes support for checking of messages for viruses. The Proxy+ uses an antivirus scanner installed on the PC (it is not able to find viruses itself). There must be a plugin installed which allows to Proxy+ to use the scanner.

There are two ways how to check messages for viruses:

The first method takes advantage of a new subsystem in Proxy+ which is able to split messages into its basic parts. This message parser extracts attachments and other parts from a message. These parts are sent to a plugin which checks them for viruses. Infected messages can be rejected or disinfected (it depends on the Proxy+ settings). The advantage of this method is that plugin can be relatively simple (it is enough if it is able to check disc files for viruses). The plugin doesn't need to know nothing about internet mail messages - the Proxy+ finds dangerous parts in messages and it removes infected parts.

Note: the most of antiviral plugin uses this method.

The second method relays fully on the plugin code. The plugin itself parses the message (of course it can use some useful routines exported by Proxy+), it must decide what parts of the message to scan and what parts are infected. The plugin itself has to remove infected parts from the message (or to reject the message). This method requires much more complex plugin but it allows to implement some completely new actions that are not built in the Proxy+.

The checking of messages for viruses works only when these conditions are met:

there must be installed supported (plugin for it must be available) antivirus scanner on the PC with Proxy+
Proxy+ must be configured to use plugins
appropriate plugin must be installed and enabled
checking of messages for viruses must be enabled

Note: plugins, which don't use Proxy+ antiviral support (they work as described in the second method) are not dependent on the last condition.

4.12 Message filters

Since 3.00 version the Proxy+ supports checking of messages for dangerous (or unwanted) parts by filters. Filter is a plugin, which implements a set of rules used to decide whether the message (or file) should be rejected. For example the filter can detect dangerous attachments (the ones with executable or hidden (doubled) extensions), it can reject too large attachments and so on. If there is a new virus the filter can guard your mail clients by filtering dangerous attachments till the scanner's antiviral database is updated.

The filtering of messages is similar to checking of messages for viruses. A filter (like an antiviral plugin) may works in two different way (Proxy+ itself parses the message to find message parts or the plugin does this itself). Proxy+ implements configuration interface (WWW Admin pages) for filters which use the first method.

Note: If the checking of messages for viruses is enabled the virus checking occurs before the filtering - i.e. messages are checked for viruses and then they are filtered.

5. Secure program settings

Secure setting of Proxy+ is such which will disallow using and abusing of Proxy+ services by unauthorized users. The possibility of an attack should not be underestimated. Especially if you are connected frequently, for long time, or if you have permanent connection (leased line, wireless connection, cable modem,..) to the Internet it's better to allow access to the local company network users only. In these days, when there are special programs freely available able to find weakly secured computer, you cannot hope that hacker will miss your computer.
If you neglect the security settings it can happen that your computer will be a target of an attack (hacker can change Proxy+ settings, get some setting information etc.) or your computer can be used as an intermediate for other attacks (hacker can use your computer to attack another server and to increase his anonymity as he leaves information about your computer on the attacked one).

There are changes in the default settings of Proxy+ from version 2.40 - most of services are disabled by default. Lot of Proxy+ users never use these services and in case of improper security configuration they can be abused by hacker to attack another computer (typically by Telnet Gateway or SOCKS server).
There is one new security feature from version 2.40 - list of insecure interfaces. In contrast to the Secure Interfaces and Secure Clients lists (known from previous versions) this one is enabled by default and its content is composed automatically. Most of Proxy+ installations should be secured from attacks from the Internet automatically.

The file SecLog.TXT is important part of the security system. All attempts to connect from insecure addresses or interfaces are logged there.

5.1 Possibilities of securing Proxy+

Proxy+ supports two ways to avoid using its services by unwelcome user.

Security (Proxy Settings/Security)
primary designed for securing from objectionable using. Every new request accepted by Proxy+ is evaluated by these settings.
Access List (Proxy Settings/Access List)
primary designed to limit access of local users. It's not possible to apply this to all services (mail server ignores Access List settings for SMTP and POP3 connections). It's possible to use it only as an extension to Security settings.

It's possible to protect admin interface of Proxy+ by username and password too. It means that user who can connect to the admin interface can make changes only if he knows username and password.

5.1.1 Security

Proxy Settings/Security settings are based on several lists of interfaces and clients IP addresses. Every request coming to Proxy+ is carrying two IP addresses: source IP address (client computer) and destination IP address (IP address of an interface on the Proxy+ computer). These two addresses are compared with following three lists:

Insecure interfaces
The request is denied if it goes through listed interface.
Secure interfaces
The request is denied if it didn't come through any listed interface.
Secure clients
The request is denied if the source IP address is not listed here.

Following applies:

if the list is empty, the request is accepted by this list evaluation. It means the security evaluation works with non empty lists only.
if the source interface of the request is some interface of the computer running Proxy+ (the request originates on the same computer), the access is allowed. In other words: it's not possible to deny Proxy+ services to a user working on Proxy+ computer by security configuration.
if settings of Insecure interfaces collides with other lists (e.g. the same interface is listed on secure and insecure interfaces lists), the Secure Interfaces a Secure clients lists have higher priority. It means, the connection will be allowed.

Insecure interfaces is the list of potentially dangerous interfaces (modem, network card). Insecure interface is the one via which an insecure request can come. Typically it's an interface connected to the Internet. The request will be denied if it come via an interface listed here (if the same interface is not listed in the list of Secure Interfaces or the source address is not listed in the list of Secure Clients).

The advantage of the insecure interfaces list is that in most cases it can be composed automatically and can be used as default protection from attack from the Internet.

By default Proxy+ is preset to use list of Insecure interfaces and this list is composed automatically. Autodetection composes the list of insecure interfaces by following:

if Proxy+ uses modem and phone line for accessing the Internet, the modem is marked as an insecure interface (the interface created after modem connection respectively).
if Proxy+ is configured to work on synchronous leased line the list of interfaces is obtained from the routing table of TCP/IP subsystem.

Autodetection on leased line installations works only for these systems: Windows 98, Windows NT 4.0 with SP4 (or newer) or Windows 2000. Windows 95 lacks this functionality and it's necessary to create the list of insecure interfaces manually.
On dial-up lines, when Proxy+ initiates the connection, autodetection of insecure interfaces works properly on all Windows versions.
Settings and state of Insecure interfaces lists is written to the ProxyLog.TXT file during Proxy+ start/restart. If some error or some situation when it's not possible to compose the list occurs (e.g. you use Windows 95 and leased line connection), the error message is written to the ErrLog.TXT too.

If you compose the list of insecure interfaces manually, specify the IP address of the interface connected to the Internet every time. You can specify an IP address of any other interface (e.g. segment of your network with denied access to the Internet).

Secure interfaces
A list of secure interfaces. If using of Secure interfaces is enabled, the request is accepted if it came via one of the listed interface.
An interface of your LAN (via which all local users are connected) can be specified by this way.

Secure clients
A list of secure clients. If using of Secure clients is enabled, the request is accepted if it was sent by a computer whose IP address is listed here (or is from any listed range)

5.1.2 Access List Rules

The Proxy Settings/Access List settings allow more flexible access control to Proxy+ services but it's not intended to provide real protection. Always use Proxy Settings/Security to define allowed/denied accesses and use Access Lists only for limiting clients.

Detailed description of Access List is in chapter 4.6 Access List

5.2 Specialties of some Internet connection types

A. Connection via NAT router (Network Address Translation)

If the Internet connection is realized by some other device (router) which do so called Network Address Translation (translation of IP addresses) the connection from the Proxy+ to the Internet (router) is going via the same interface as the to the LAN. It means that defining this interface as insecure denies Proxy+ services to LAN clients. In this case it's necessary to disable using Insecure interfaces (Security/General/Use insecure interfaces) and enable using Secure clients (Security/General/Use secure IP addresses) and define range of IP addresses used on your LAN.

If the NAT is configured to not create links from the Internet to any computer on the LAN, the fact you use NAT means increasing security of your LAN. All computer behind such router are hidden and inaccessible.

Autodetection of insecure interfaces will choose your LAN interface as insecure (as it's used for accessing the Internet router).

B. Connection using non-public IP addresses with NAT on the provider side

Client of such ISP uses non-public IP address (assigned by ISP) which is translated to public on the provider's router. As this non-public address is not accessible from the Internet (not routable) the connection itself increases security of the client from the attack from the Internet. There is still possibility of abusing Proxy+ by some other client of the same ISP (or by the ISP itself).

If dedicated network card or card with another IP address assigned to it (on WinNT/Win2000) is used for connection to the ISP the autodetection of insecure interfaces will work properly.

C. Connection using non-public IP addresses and proxy server of ISP

Client of such ISP uses non-public IP address (assigned by ISP mostly). Access to the Internet is possible via provider's proxy server only. As non-public IP address is not accessible from the Internet (non routable) the connection itself increases security of the client from the attack from the Internet. There is still possibility of abusing Proxy+ by some other client of the same ISP (or by the ISP itself).

In this case the autodetection mostly won't find any interface as the default gateway is not defined (it's not required). It's necessary to create the list of secure clients or the list of secure interfaces (if the connection to the Internet is realized via dedicated interface).

6. Solving the problems

6.1 Problems accessing the admin. interface

First make sure all conditions for the function of admin. interface are met.
Check that the file ProxyLog.TXT in subdirectory Logs of the Proxy+ directory contains information that WWW admin. interface has been started. Search for "WWW Admin: accepting admin requests on port: xxxx", where xxxx is the actual communication port. If you do not find a line with this text the admin. interface hasn't been started and it is impossible to configure Proxy+. Check the content of the file ErrLog.TXT - there should emerge the error message that would comment why the interface hasn't been started.

6.1.1 Checking functions of TCP/IP system

On a station in LAN (other PC than the PC running Proxy+) start from the Start menu the DOS window with the Prompt command. In the window execute the command ping x.x.x.x , where x.x.x.x is the address with the PC running Proxy+. In case the remote PC replies to the command, there would be 4 lines starting with Reply from... If no reply is coming the wiring is not alright or the settings of TCP/IP on this PC or on the remote PC are not correct.

PCs must have TCP/IP installed and unique IP addresses assigned (we recommend the non-Internet range 192.168.0.0 - 192.168.255.255)

7. Index of used terms

Disk cache
Proxy+ supports storing of the data transferred via HTTP and FTP protocols on hard drive. In some cases it makes the process really faster. If a user is reading a WWW page that is already stored on hard drive there is no need to connect to WWW server in Internet - the data are read immediately from the drive and sent to the user. It is really faster than the transfer of data from Internet and furthermore it helps to relieves the line leading to Internet.

You can disable the disk cache or set a range from 1MB to a size you like (the size of your hard drive is the only limit). If there is less than 10 MB on drive, no new files are stored to disk cache.

IP address, port, protocol
TCP/IP family protocols use these three parts to determine their destination:
IP address defines the address of network interface that will receive the packets (it defines the destination PC)
port defines program (service) running on the target PC which will accept the packets received by the network interface
protocol defines the transfer protocol e.g. TCP or UDP

TCP protocol supports easy duplex transfer of data between two users. The transfer is reliable and TCP secures data delivery without loss. It is used to read WWW pages, to communicate with FTP server...
UDP protocol serves to send short messages (datagrams), it doesn't secure the delivery of data. It offers higher performance then TCP, it is used to transfer data where reliability is not important - video (VDOLive) and sound (RealAudio)

URL
Identifier of documents in Internet (Uniform resource locator). It consists of three parts: name of the protocol, name of the PC and the name of the document. E.g. http://www.fortech.cz/index.html describes document index.html placed on server www.fortech.cz using the HTTP protocol.

* Proxy+ in some parts uses the algorithm MD5 (Message Digest Algorithm) created by RSA Data Security, Inc.
* Proxy+'s regular expression evaluator is based on code which was created by Andrey V. Sorokin ( http://anso.virtualave.net).
* The names used in the text may be trademarks or registered marks of their owners.