This setting controls whether you want people who connect from open proxy servers to be able to connect and use the server. Note, that most often, open proxy servers are a source of abuse.
Example:
/as security proxycheck disable
/as security proxycheck enable
The proxy scanning engine will maintain a cache, based on the IP, for machines that have recently been scanned, to avoid unnecessary re-scanning. This option limits for how long a previous scan will remain active.
Example:
/as security proxycheck set cache-timeout 30
When the proxy scanner is enabled, the server will not allow connections to the server to complete before the proxy scan completes. This option allows you to set a ceiling on the amount of time the user will wait. If the proxy scan does not complete within the allocated time, the connection is resumed.
Example:
/as security proxycheck set check-timeout 30
This will allow java clients to immediately get on the server regardless of the check-timeout setting. This allows java clients to immediately access the server and the other clients will have to wait the specified period prior to getting on the server.
This setting defaults to off.
Example:
/as security proxycheck set javahold on
/as security proxycheck set javahold off
The proxy scanner engine will, by default, allow the operating system to decide from what interface to send a query from. However, it may be desirable, to limit the queries from one specific IP, which may perhaps have a descriptive DNS hostname. (e.g. proxycheck.webmaster.com) When you specify an IP, the scanning engine, will ignore the interface that the user connected from, and force the operating system to send the query from the IP that you specify.
You may use the keyword "*" to indicate that the system should decide what IP to send the query from.
Example:
/as security proxycheck set query-from 216.152.64.133
/as security proxycheck set query-from *
The proxy scanning subsystem attempts to connect a server, in order to determine if a proxy server is open or not. By default, it attempts to connect to itself. However, there are situations when using a different server might be advisable. You can use this command to change the IP of the server to connect to.
Example:
/as security proxycheck set query-target 127.0.0.1
In most circumstances, the default setting is the best. However, if you are running a highly loaded server, and want to partially offload the cost of proxy-scanning, you can setup a server, that only accepts proxy connections. This is an advanced option, and usually should not be changed.