See how Muse® Proxy can help you, depending on the license. The existence and capabilities of the Muse Proxy® features are controlled by the category of your license – Small Organization Edition, Medium Organization Edition, Large Organization Edition or Trial. Note that the Trial license is 30 days limited from the moment of request.
Features Matrix – Muse® Proxy
Edition Limit | Trial Edition | Small Organization Edition | Medium Organization Edition | Large Organization Edition | Software Integration Edition | Customer Specific Edition |
---|---|---|---|---|---|---|
Proxy Applications Number * | 4 | 4 | 8 | unlimited | ![]() | custom |
Sources Number per Proxy Application | 32 | 32 | 128 | unlimited | ![]() | custom |
Sources Groups Number per Proxy Application | 2 | 2 | 8 | unlimited | ![]() | custom |
Client Sessions Number | 256 | 256 | 1024 | unlimited | unlimited | custom |
Type 1 Rewritten Links, Tiny URL(s), Proxy Services | ![]() | ![]() | ![]() | ![]() | ![]() | custom |
* Applications number counts the predefined MuseProxyFoundation
and Anonymous
sample applications as well. The predefined sample applications should not be used in production as they will be rewritten by future Muse Proxy upgrades.
Below there are listed the most important Muse Proxy Features. All of them are available for Small Organization Edition, Medium Organization Edition and Large Organization Edition unless specified otherwise.
General Features
- Works as a regular HTTP proxy with HTTP and HTTPS (
CONNECT
tunnel) support; - Individual authentication per each Web Module (running inside a Web Context) in part;
- Supports
public
,authenticated
andprivate
resources in each Web Context; - The
static
resources are served using theLast-Modified
HTTP response header in order to be cached by the browsers; - Configurable patterns for defining the list of server IP(s) on which Muse Proxy listens. A request received on a specific server IP is forwarded to the target site from the same server IP on which the request came;
- Support for configuring different SSL certificate for each server IP;
- Cache support;
- Support for having a separate cache directory per each Server IP, based on the configuration;
- Compression (gzip) support both for pages that are served after being rewritten (remote rewritten content from vendors) and for content originating to Muse Proxy itself;
- For rewritten pages there is support for SSL termination to ensure Load Balancing
HTTPS traffic in a manner that avoids unnecessary encryption cycles. This is achieved
by Muse Proxy understanding
X-Forwarded-Proto
header field or the RFC 7239'sForwarded
header field containing "proto=https
" or "proto=http
"; the other pages are all using relative links; - Support for configuring the redirect of HTTP requests against Applications and Administrator Console to HTTPS;
-
Default
log in which there are written messages regarding Muse Proxy activity and the errors encountered in a human readable format; -
Access
log in which there are written the requests served/relayed by Muse Proxy. TheAccess
log can be analyzed using tools likeAWStats
(http://awstats.sourceforge.net/
); -
Statistics
log in which there are written detailed messages regarding Muse Proxy activity in a machine readable format. Automatic tools can be created to extract any information needed regarding the Muse Proxy activity from the Statistics log; - Support for tracking the user activity using data from the
Default
orStatistics
logs (byConnection ID
,Client Session ID
andNavigation Session ID
); - Supports global proxy chaining with a next proxy using
Proxy Host
andProxy Port
or usingProxy PAC
; - Supports configurable authentication using authentication login modules;
- Supports
Read Time Out
,Keep Alive
andKeep Alive Interval
with theClient
; - Supports
Connect Time Out
,Read Time Out
,Keep Alive
andKeep Alive Interval
with the target site; - Supports
IPv6
andIPv4
addresses; - No need for dynamically assigned ports when doing the rewriting. The port on which the rewriting started is used for all the subsequent navigation;
- If using only Rewrite by Path there is no need for dynamically assigned domains when doing the rewriting. The domain on which the rewriting started is used for all the subsequent navigation in case of Rewrite by Path; Rewrite by Host was introduced with Muse Proxy version 4.0 and is selectable on a source by source basis;
- All the configuration files are self documented. All the options that can be set in a configuration file are present in that configuration file. There are no hidden options that could be found only after using the product for a long period;
- The workflow used by Muse Proxy to assign a request to the component that handles
it is defined externally, in the configuration files. It is easy to understand how the
requests are mapped to the Proxy component or to the corresponding Web Context. In the
Statistics
log there are also written all the details needed to know how the requests are mapped to the corresponding component; - The information written in the configuration files is multi-level (the configuration files are in XML format). This allows to define an option exactly on the level where that option makes sense. In this way, complex settings are better understood by the Muse Proxy Administrator.
- Muse Proxy can create access log files in the same configurable format as those
created by standard web servers such as Apache HTTP Server, format which can be set
via a % style pattern (an extension of the Common Logging format). In order to do
this, the LOG_FORMAT element should have the type="apache" attribute set. To have a
good base for statistical information, especially in a multi-tenant environment, we
recommend using more items besides Common Logging, by adding the inbound server IP
address, Muse Proxy application, user session, content type:
<LOG_FORMAT type="apache">%h %A %w %W %u %S %t "%r" "%{Content-Type}o" %s %b</LOG_FORMAT>
- Support for specifying IP ranges in
ALLOW
andDENY
rules for both IPv4 and IPv6. All types of rules can be mixed if need be, for example one allow/deny rule can be a wildcard such as217.156.14.*
, another rule can be a CIDR rule such as217.156.0.0/16
and another one can be expressed using the range217.156.11.0-217.156.15.255
. - Supports redirection to remote Sources depending on the end-user IP (non-proxied
links). This is done via Sources.xml file via the new
REDIRECT
section containingIP_RULES
elements which are applied on a set of sources and, if the request is for a source that matches theAPPLY
pattern and the request's end-user IP satisfies theALLOW/DENY
sequences, then the response will be a native redirect to the source URL.
Muse Navigation Manager (Rewriting Component) Features
- Support for flexible URL patterns, using
include
andexclude
rules, matching all URL components (domain, port, path,CGI
parameters), to specify which URLs will be rewritten; - Rewrites automatically links from HTML attributes. Rewrites only the links from HTML attributes and not also texts from the page which represent URLs;
- Rewrites automatically most of the links constructed from JavaScript;
- Manages, at server side level,
Cookies
from theSet-Cookie
HTTP Headers received from the target rewritten sites; - Tries to intercept and rewrite automatically
Cookies
fromdocument.cookie
JavaScript object and passes them to be stored at server side; - Rewrites automatically links from CSS files;
- Rewrites automatically links written via JS
document.write
sequences; - Rewrites links from XML, using Muse Navigation Manager rewriting filters;
- Rewrites links from JSON, using Muse Navigation Manager rewriting filters;
- Rewrites automatically HTML
OBJECT
tag; - Rewrites automatically HTML
EMBED
tag; - Rewrites Flash Objects Parameters, using Muse Navigation Manager rewriting filters;
- Rewrites HTTP and HTTPS sites;
- Configurable Find and Replace filters acting on the HTTP body can be crafted in
the XML source profiles and will be interpreted at run-time, without the need to write
Java code. Two types of filters: regular expression based and Muse Proxy token rule
based similar to the token rules written in Muse Proxy Java filters. Simple (just
find/replace) and complex filter configurations involving conditions (such as
APPLY_IF_FIRST
) and variables are supported; - If configurable filters are not covering special complex cases, the administrators can create, using a Java API, their custom Muse Navigation Manager rewriting filters, that will be executed only for specific Muse Proxy Sources links. The mechanism allows to create a great number of Muse Navigation Manager custom rewriting filters without affecting the overall Muse Navigation Manager reliability, because each Muse Navigation Manager custom rewriting filter will be executed only for the Muse Proxy Source for which it was created;
- Supports automatic authentication for rewritten links using an authentication token generated by Muse Proxy and stored in the Navigation Session;
- Supports a custom charset in the
Content-Type
HTTP header returned by the rewritten pages; - Supports chaining, at server side level, with a next proxy, set using
Proxy Host
andProxy Port
or set usingProxy PAC
, for the rewritten links. Supports chaining with different proxies for different rewritten links; - Supports
Proxy-Authorization
usingBasic
andDigest
authorization schemes, at server side level, with a next proxy, for the rewritten links. Supports separate proxy authorization for different rewritten links; - Supports HTTP
Authorization
usingBasic
andDigest
authorization schemes, at server side level, with the target site, for the rewritten links. Supports separate HTTP authorization for different rewritten links; - Supports setting an initial set of
Cookie
HTTP headers, at server side level, when navigating on a rewritten link. Supports separate sets of cookies for separate rewritten links navigated for the same target site; - Supports setting an initial
Referer
, at server side level, when navigating on a rewritten link. Supports separateReferer
authorization for different rewritten links; - Control of the resulting protocol which could totally decouple server end and source end or could replicate source behaviour;
- Supports, by configuration, for a
Type 2
rewritten link obtained by a Client, to be passed to another Client, who will be allowed to navigate on it; this option should be used with care; - The Muse Navigation Manager component (
mnm.jar
file) can be updated at run-time, without restarting Muse Proxy; - Supports
Type 1
rewritten links - entry point links coming from a Muse Search Application;TheType 1
rewritten links are entry links having the rewriting information stored in them asCGI
parameters. Example ofType 1
rewritten URL:http://navigationManagerHost:navigationManagerPort/com/site/ ?MuseProtocol=ProtocolValue &MuseHost=some.site.com &targetSiteParameter1=targetSiteParameterValue1... &targetSiteParameterN=targetSiteParameterValueN &MuseCookie=CookieValue &MuseReferer=RefererValue &MuseAuthorization=AuthorizationValue &MuseAuthorizationScheme=AuthorizationSchemeValue &MuseProxyHost=ProxyHostValue &MuseProxyPort=ProxyPortValue &MuseProxyPac=ProxyPacValue &MuseProxyAuthorization=ProxyAuthorizationValue &MuseProxyAuthorizationScheme=ProxyAuthorizationSchemeValue &MuseCharset=CharsetValue &MuseUID=UIDValue &MuseProxyAuthenticationToken=ProxyAuthenticationTokenValue &MuseSourceID=SourceIDValue &MuseNavigationManagerMode=NavigationManagerModeValue &MusePath=PathValue
This feature is available only forSoftware Integration Edition
; - Supports
Tiny URL(s)
;ATiny URL
is a wrapper for aType 1
link which has either very large GET parameters (such as exceeding 2048 bytes) or needs to perform a POST action. Hence it is another entry point used from Muse Search into the Muse Proxy for navigation purposes. The URL may not really seem visually tiny, but it can reduce the size of the initial URL even to 1% and resolve impossible situations.http://proxy.museglobal.ro/com/edulib/?MuseTinyURLID=5746a08c3142d74cadecf6a8b84d78bc&MuseHost=www.edulib.com&MuseProxyAuthenticationToken=f4dd4e1125ef591ec8678921f0a9634c&MusePath=/
This feature is available only forSoftware Integration Edition
. - Supports Source Type URLs - entry point links which are associated with a Muse
Proxy Application, authentication group and source identifier. For example:
http(s)://${navigationManagerHost}:${navigationManagerPort}/${MuseProxyAppID}?groupID=${groupIDValue}[&${applicationAuthenticationParameters}]&action=source&sourceID=${sourceIDValue}
http://proxy.museglobal.ro/MuseProxyFoundation?groupID=1&action=source&sourceID=PUBMED
- Supports Extended Source Type URLs;Extended Source Type URLs are entry point links which are associated with a Muse Proxy Application, authentication group, source identifier and an exact URL from that source. For example:
http(s)://${navigationManagerHost}:${navigationManagerPort}/${MuseProxyAppID}?groupID=${groupIDValue}&action=source&sourceID=${sourceIDValue}[&$applicationAuthenticationParameters]&qurl=${encodedURL}
http://proxy.museglobal.ro/MuseProxyFoundation?groupID=1&action=source&sourceID=PUBMED&qurl=http%3A%2F%2Fwww.ncbi.nlm.nih.gov%2Fpccompound
These types of links are also used for Search Widgets and Form Integration. - Supports Shortcut Source Type URLs - entry point links for source navigation where
one does not need to provide the
sourceID
parameter, but just an URL parameter. ThesourceID
is automatically discovered based on Muse Proxy configuration. This ensures an easier integration as the other parties do not have to maintain sourceIDs mappings on their side thus a permanent link of a certain target could be proxied much easier as long as the URL host is bound to a source defined in Muse Proxy. For example:http(s)://${navigationManagerHost}:${navigationManagerPort}/${MuseProxyAppID}?[groupID=${groupIDValue}&][$applicationAuthenticationParameters&]url=${nonEncodedRemoteURL}
http(s)://${navigationManagerHost}:${navigationManagerPort}/${MuseProxyAppID}?[groupID=${groupIDValue}&][$applicationAuthenticationParameters&]qurl=${encodedRemoteURL}
http://proxy.museglobal.ro/MuseProxyFoundation?url=http://www.ncbi.nlm.nih.gov/assembly
http://proxy.museglobal.ro/MuseProxyFoundation?qurl=http%3A%2F%2Fwww.ncbi.nlm.nih.gov%2Fassembly
The encoded form of the remote URL is recommended. - Supports Rewrite by Path (
Type 2
) rewritten links;Type 2
rewritten links are internal, follow-up URLs after an entry point link (either Type1, Tiny URL or Source type) was successfully processed; they are dynamical links containing in them aNavigation Session ID
, as value for theMuseSessionID
field (marker), in the path part of the URL. TheType 2
rewritten URLs are valid only for a small period of time (by default30
minutes after they are last accessed), while the Navigation Session associated with them is still valid. This type of URL should not be used as an entry point. Example ofType 2
rewritten URL:http(s)://navigationManagerHost:navigationManagerPort /MuseSessionID=SessionIDValue /MuseProtocol=ProtocolValue /MuseHost=some.site.com /MusePath /targetSitePathPart1/... /targetSitePathPartN/ ?targetSiteParameter1=targetSiteParameterValue1... &targetSiteParameterN=targetSiteParameterValueN
- Supports Rewrite by Host (
Type 3
) rewritten links.Rewrite by Host (Proxy by Host) is the second type of internal, follow-up URL where the Muse Proxy markers for navigation session, protocol, ID (if needed for load balancing) and native host and port are added as part of the proxy sub-domain, while the path remains untouched. This type of URL should not be used as an entry point. Example of a Rewrite by Host URL:http://01105002q.p0.y.http.www.ncbi.nlm.nih.gov.proxy.museglobal.ro:9797/pccompound
Muse Proxy Applications Features
- A Muse Proxy Application can be configured to respond only on certain server IP(s) (domains) on which Muse Proxy listens;
- A Muse Proxy Application supports expiry after a certain date;
- Muse Proxy Applications users can be authenticated using configurable
Authentication Groups
; - An
Authentication Group
used in a Muse Proxy Application performs the authentication using a list of configurableLogin Modules
. The current list ofLogin Modules
that can be used by Muse Proxy Applications is: IP, User/Password, LDAP, IMAP, SQL, FTP, Referer, HMAC based validation, SAML 2.0, External HTTP service, OAuth, OAuth2, OpenID Connect, CAS SSO based authentication, SIP and Barcode; - An
Authentication Group
has a dedicated login page, corresponding with the list of logon parameters required by theLogin Modules
configured in thatAuthentication Group
; - An
Authentication Group
used in a Muse Proxy Application allows access to theSources
from aSources Group
; - SAML 2.0
Authentication as a Service Provider is supported for a Muse Proxy
Application. Being based on Spring Security SAML
Extension , theoretically all products supporting SAML 2.0 in Identity
Provider mode (e.g. ADFS, Okta, Shibboleth, OpenAM, Efecte EIM or Ping Federate)
should be compatible; some of the SAML 2.0 related features are:
- Includes a local Discovery service;
- Supports external Discovery;
- Metadata management supporting adding IDP metadata and generating of SP metadata, pre-validation of IDP metadata to detect the need of certificates, tests for authentication, seeing SAML attributes, guidelines and more;
- Supports specifying the IDP metadata either by uploading the IDP metadata file or by specifying the IDP metadata URL with a local file backup with periodically refreshes;
- Supports specifying IDP metadata as a file/URL containing one EntityDescriptor or as multiple EntityDescriptor wrapped in EntitiesDescriptor (e.g. a federation) with filters eliminating conflicts if the SP metadata is also present in the same file;
- Post-SAML authentication decisions via server side JavaScript on letting the
user in the application, choosing a source group, choosing an attribute to be
logged into the statistics. These, as well as other settings are grouped in the
ProxyLoginModuleSAML.xml
configuration file of the SAML login module.
- Other Single sign-on (SSO) Authentication protocols (distinct than SAML) are
supported: a wide range of OAuth, OAuth2, OpenID Connect, CAS SSO based
authentication.
- The out of the box OAuth specific support is for: BitBucket, DropBox, Facebook, Foursquare, Github, Google, LinkedIn, Odnoklassniki, ORCiD, Paypal, Strava, Twitter, Vk, Windows Live, Word Press, Yahoo. Note that Google ensures authentication with both the public gmail.com domain as well as Google hosted institutions via Google Apps for Education, for example;
- Besides the above out of the box support, a generic OAuth client
implementation can be configured for authentication to the providers that are not
diverging from the usual practices in OAuth requests and responses (e.g. return
the access token in JSON as
"access_token" : "{value}"
, return profile in JSON and not XML, use "code" and "state" parameter names, no additional hashes with the access token); - There's also a general configuration for any CAS server using OAuth protocol and a general support for the providers that are following the usual practices as described above;
- Post-SSO authentication decisions on letting the user in the application, choosing a source group, choosing an attribute to be logged into the statistics can be configured via server side JavaScript;
- OAuth Guidelines and JSON profile inspection are available in Muse Proxy Administrator Console.
- A Muse Proxy Source can be profiled via
EXTRACTOR
s,URL
s, andPOST_PARAMETER
s to conduct an extract and navigation scenario in order to obtain tokens or navigate to the desired link before handing over control to the browser with the first rewritten link. Apache HTTP Client library can now be configured in Sources.xml for the first source request (extract and navigate scenario). Because the Oracle JDK URLConnection does not allow the control of the outbound IP address up to now we were forced to perform an extra request through Muse Proxy and this increases the complexity of troubleshouting and authentication configuration and adds an extra request. Also it supportsencodeURIComponent
anddecodeURIComponent
to be used for reference and parameter process for first source requests. The functions are compatible with the JavaScript ones. The existentencodeURL
anddecodeURL
are based on JDK URLEncoder/URLDecoder which are usingapplication/x-www-form-urlencoded
MIME format which is not entirely the same as the URI encoding which, for example transforms space into %20 instead of +, for example and some servers are sensitive to these differences. - The Muse Proxy Application web interface is completely configurable using
FreeMarker
template files (seehttp://freemarker.sourceforge.net/
). At server side level, for each action, only theFreeMarker
objects are created, and the way in which the information from the FreeMarker objects is written in the response page is completely defined by the template file used. In this way, using different template files, the same action, may generate responses in different formats:HTML
,JSON
,XML
etc. TheFreeMarker
objects also store information regarding theHTTP
headers andCGI
parameters of the request, etc; - The
FreeMarker
templates are read from disk usingUTF-8
encoding. The response pages generated usingFreeMarker
templates are returned usingUTF-8
encoding. This encoding is specified in theContent-Type
HTTP header using thecharset
attribute; - The
Content-Type
returned by a Muse Proxy Application request corresponds with theMIME
type associated with the extension of the template file. This assures support forJSON
andXML
AJAX
requests; - The values returned by the
FreeMarker
objects methods and properties can be escaped for including them inHTML
attributes,XML
content orJSON
content; - The
FreeMarker
template files defined aspublic
can be requested using thegetResource
action without needing authentication. In such case no persistent Client Session will be created. This mechanism allows the customers to include links, pointing to ApplicationFreeMarker
resources in their web pages. So the end-users can navigate through a number of public application pages, served using thegetResource
action and generated usingFreeMarker
templates, without needing to authenticate to that Application; - If a
FreeMarker
template file is defined asauthenticated
and if the end-user is not authenticated yet, when accessing it there will be displayed the logon page corresponding to the authentication group specified usinggroupID
CGI parameter. If thegroupID
CGI parameter is not present in the URL there will be displayed the logon page corresponding to the default authentication group. After the authentication succeeds, a persistent Client Session will be created and theFreeMarker
template file requested using thegetResource
action will be interpreted and served; - MuseProxyFoundation based application supports source icon configuration. If configured, the image will be displayed under the Source name, next to the source description;
- Sources can be hidden from the source listing but still usable via Entry Points either shortcuts, extended or normal;
- MuseProxyFoundation based application supports category based grouping for source
layer presentation by defining them in Sources.xml. Multiple
areas can be defined (Subjects, Vendor), including A-Z ones and these are displayed in
different tabs. Integration with MuseSearch passthrough is available if
dblist
source attributes are defined; - Custom source attributes can be defined in Sources.xml and these will be represented as data-name="this value" in the DOM element corresponding to the source;
- A Muse Proxy Application supports a configurable HTML index page to be displayed
when accessing the Muse Proxy Application's home URL. In that index page there can be
present links to the logon pages for a list of
Authentication Groups
defined. If the index page path is set to void, the logon page for the defaultAuthentication Group
is displayed when accessing the Muse Proxy Application's home URL. A single Muse Proxy Application may support separate logon pages (the links to these logon pages will be referred from the index page) for each group of users and also each group of users may have access to separate sets of sources; - A Muse Proxy Application supports a default
Authentication Group
that is used by default when no specificgroupID
CGI
parameter (which specifies theAuthentication Group ID
) is specified in the logon request; - Automatic logon in a Muse Proxy Application is supported using IP authentication
for the default
Authentication Group
; - A Muse Proxy Application supports a configurable logout page that is displayed when the user was logged out;
- A Muse Proxy Application supports saving information, through an
HTTP
request in a special format, in theApplication Session
, at server side level. That information can be written later in response pages generated usingFreeMarker
templates; - Multiple Muse Proxy Applications may run in the same Muse Proxy installation, there is no need to have separate Virtual Machines for each Muse Proxy Application. This saves Operating System resources;
- The resources used by a Muse Proxy Application (
*.css
,*.js
, images, etc) can be stored and referred from the Muse Proxy Application's level. Separate Muse Proxy Applications may use separate logon pages and separate skins; - A Muse Proxy Application may use
static
anddynamic
resources. Thestatic
resources will be cached in the user's browser, assuring a fast user access to the Muse Proxy Application's web interface even from mobile devices; - Complex web interfaces can be created easily using the Muse Proxy Applications environment. Passing parameters from one page to another, AJAX requests, saving data in Session for using it later, caching of static resources in browsers to reduce the loading time for the subsequent pages navigated, etc all are ready to be used for creating complex web pages. Integrating a Muse Proxy Application as a page inside an existing site is also possible;
- Muse Proxy Applications are ready for Load Balancing, including support for: SSL
Termination, detecting the end-user IP through HAProxy PROXY Protocol or
X-Forwarded-For
. Detailed documentation is available regarding how to setup a Load Balancing environment for Muse Proxy Applications; - Links to Muse Proxy Sources from Muse Proxy Applications can be embedded
dynamically in external portals. In this way, a customer may use the external portal
authentication, but still provide access to Muse Proxy Sources links. A documented
example
PHP
script, showing this dynamic integration, is provided in the product installation.
Administrator Console Features
- Modern and fully integrated AJAX console;
- Connections monitoring;
- Client Sessions monitoring;
- Log Files download;
-
Tiny URL(s)
monitoring;This feature is available only forSoftware Integration Edition
. - Customize the network traffic exported at run-time using JMX per each server IP, in order to prevent network traffic counting with remote IP(s) from the local network;
- Configure at run-time the patterns for the server IP(s) on which Muse Proxy must listen;
- Configure the Administrative Access Rules;
- Configure the Administrative Passwords;
- Configure the list of
Administrative Login Modules
executed to authenticate each Administrative Web Context and the regular Proxy requests; - Configure the
Java policy rules
; - Configure the SAML Authentication details, from metadata administration for both Service providers and Identity providers, to actions for restarting the SSO engine or refreshing the configuration;
- Configure the SSO Authentication details for the OAuth, OAuth2, OpenID Connect and CAS based SSO authentications.
- View the
Cache Status
global statistics; - View the
Cache Files
for each cache directory; - Configure the access details to
Global InfoBase
, used for downloading the Muse Navigation Manager (mnm.jar
) component; - Schedule the update to the latest version of Muse Navigation Manager
(
mnm.jar
) component; - Backup/Restore for the Muse Navigation Manager (
mnm.jar
) component; - Generate
Type 1
rewritten links andTiny URL(s)
;This feature is available only forSoftware Integration Edition
. - Un-Rewrite a Muse Proxy Rewritten URL in
Type 1
orType 2
format; - Encrypt a password using
SHA1
,MD5
orDES
algorithms; - Clean the
Proxy PAC
cache; - Refresh the
Muse Proxy Applications
on demand; - See information regarding the
Java Virtual Machine
; - Troubleshoot filter configurations via regular expression by Find and Replace sequences. The section is split in two tabs one for raw Java Regex testing ("By JDK Regex") and one that simulates the exact process of the filtering code ("By Running Filter");
- Generate test HMAC links used for transparent log-on from a portal so that the end-user is not requested an explicit authentication to Muse Proxy;
- Test which
sourceID
is detected for a certain application when receiving only theurl
/qurl
parameter without thesourceID
parameter; - Manage assigned keystores from
SSL_KEYSTORE_FILE
configuration element: add new entries, edit and delete. View all details about the certificates from keystore; - Complete management of the Muse Proxy Applications and their resources, from end-user authentication to sources.
- The access to the
/admin
context is secured, if not accessing from an authorized IP address a404 Not Found
error page is displayed.
JMX (Java Management Extension) Features
- See at run-time information regarding the memory and CPU used by Muse Proxy;
- See at run-time information regarding the Muse Proxy threads;
- Set at run-time the
Authentication Timeout
for Proxy Requests and save the configuration to disk; - Set at run-time the default
Authentication Timeout
andClient Session Timeout
for the Web Contexts and save the configuration to disk; - Set at run-time the
Authentication Timeout
for a specific Web Context and save the configuration to disk; - See the File Sets mappings (
public
,authenticated
andprivate
) for each Web Context; - See the
MIME
Mappings for each Web Context; - Set the configurable parameters for each Web Module and see the value for the read-only parameters;
- See the global proxy configuration fields and update the editable fields;
- See the Muse Proxy Statistics (traffic statistics and other server statistics) globally and per server IP;
- Set at run-time the patterns for the server IP(s) on which Muse Proxy must listen and save the configuration to disk;
- Schedule the update to the latest version of Muse Navigation Manager
(
mnm.jar
) component; - Refresh the
Muse Proxy Applications
on demand.
Muse Proxy Services Features
- Support for
http://${Muse Proxy Host}:${Muse Proxy Port}/ProxyInformation
request;This feature is available only forSoftware Integration Edition
. - Support for
http://${Muse Proxy Host}:${Muse Proxy Port}/TinyURLGenerator
request.This feature is available only forSoftware Integration Edition
.
General Features
- Works as a regular HTTP proxy with HTTP and HTTPS (
CONNECT
tunnel) support; - Individual authentication per each Web Module (running inside a Web Context) in part;
- Supports
public
,authenticated
andprivate
resources in each Web Context; - The
static
resources are served using theLast-Modified
HTTP response header in order to be cached by the browsers; - Configurable patterns for defining the list of server IP(s) on which Muse Proxy listens. A request received on a specific server IP is forwarded to the target site from the same server IP on which the request came;
- Support for configuring different SSL certificate for each server IP;
- Cache support;
- Support for having a separate cache directory per each Server IP, based on the configuration;
- Compression (gzip) support both for pages that are served after being rewritten (remote rewritten content from vendors) and for content originating to Muse Proxy itself;
- For rewritten pages there is support for SSL termination to ensure Load Balancing HTTPS traffic in a manner that avoids unnecessary encryption cycles. This is achieved by Muse Proxy understanding
X-Forwarded-Proto
header field or the RFC 7239'sForwarded
header field containing "proto=https
" or "proto=http
"; the other pages are all using relative links; - Support for configuring the redirect of HTTP requests against Applications and Administrator Console to HTTPS;
Default
log in which there are written messages regarding Muse Proxy activity and the errors encountered in a human readable format;Access
log in which there are written the requests served/relayed by Muse Proxy. TheAccess
log can be analyzed using tools likeAWStats
(http://awstats.sourceforge.net/
);Statistics
log in which there are written detailed messages regarding Muse Proxy activity in a machine readable format. Automatic tools can be created to extract any information needed regarding the Muse Proxy activity from the Statistics log;- Support for tracking the user activity using data from the
Default
orStatistics
logs (byConnection ID
,Client Session
and
IDNavigation Session ID
); - Supports global proxy chaining with a next proxy using
Proxy Host
andProxy Port
or usingProxy PAC
; - Supports configurable authentication using authentication login modules;
- Supports
Read Time Out
,Keep Alive
andKeep Alive
with the
IntervalClient
; - Supports
Connect Time Out
,Read Time Out
,Keep
and
AliveKeep Alive Interval
with the target site; - Supports
IPv6
andIPv4
addresses; - No need for dynamically assigned ports when doing the rewriting. The port on which the rewriting started is used for all the subsequent navigation;
- If using only Rewrite by Path there is no need for dynamically assigned domains when doing the rewriting. The domain on which the rewriting started is used for all the subsequent navigation in case of Rewrite by Path; Rewrite by Host was introduced with Muse Proxy version 4.0 and is selectable on a source by source basis;
- All the configuration files are self documented. All the options that can be set in a configuration file are present in that configuration file. There are no hidden options that could be found only after using the product for a long period;
- The workflow used by Muse Proxy to assign a request to the component that handles it is defined externally, in the configuration files. It is easy to understand how the requests are mapped to the Proxy component or to the corresponding Web Context. In the
Statistics
log there are also written all the details needed to know how the requests are mapped to the corresponding component; - The information written in the configuration files is multi-level (the configuration files are in XML format). This allows to define an option exactly on the level where that option makes sense. In this way, complex settings are better understood by the Muse Proxy Administrator.
- Muse Proxy can create access log files in the same configurable format as those created by standard web servers such as Apache HTTP Server, format which can be set via a % style pattern (an extension of the Common Logging format). In order to do this, the LOG_FORMAT element should have the type="apache" attribute set. To have a good base for statistical information, especially in a multi-tenant environment, we recommend using more items besides Common Logging, by adding the inbound server IP address, Muse Proxy application, user session, content type:
<LOG_FORMAT type="apache">%h %A %w %W %u %S %t "%r" "%{Content-Type}o" %s %b</LOG_FORMAT> - Support for specifying IP ranges in
ALLOW
andDENY
rules for both IPv4 and IPv6. All types of rules can be mixed if need be, for example one allow/deny rule can be a wildcard such as217.156.14.*
, another rule can be a CIDR rule such as217.156.0.0/16
and another one can be expressed using the range217.156.11.0-217.156.15.255
. - Supports redirection to remote Sources depending on the end-user IP (non-proxied links). This is done via Sources.xml file via the new
REDIRECT
section containingIP_RULES
elements which are applied on a set of sources and, if the request is for a source that matches theAPPLY
pattern and the request's end-user IP satisfies theALLOW/DENY
sequences, then the response will be a native redirect to the source URL.
Muse Navigation Manager (Rewriting Component) Features
- Support for flexible URL patterns, using
include
andexclude
rules, matching all URL components (domain, port, path,CGI
parameters), to specify which URLs will be rewritten; - Rewrites automatically links from HTML attributes. Rewrites only the links from HTML attributes and not also texts from the page which represent URLs;
- Rewrites automatically most of the links constructed from JavaScript;
- Manages, at server side level,
Cookies
from theSet-Cookie
HTTP Headers received from the target rewritten sites; - Tries to intercept and rewrite automatically
Cookies
fromdocument.cookie
JavaScript object and passes them to be stored at server side; - Rewrites automatically links from CSS files;
- Rewrites automatically links written via JS
document.write
sequences; - Rewrites links from XML, using Muse Navigation Manager rewriting filters;
- Rewrites links from JSON, using Muse Navigation Manager rewriting filters;
- Rewrites automatically HTML
OBJECT
tag; - Rewrites automatically HTML
EMBED
tag; - Rewrites Flash Objects Parameters, using Muse Navigation Manager rewriting filters;
- Rewrites HTTP and HTTPS sites;
- Configurable Find and Replace filters acting on the HTTP body can be crafted in the XML source profiles and will be interpreted at run-time, without the need to write Java code. Two types of filters: regular expression based and Muse Proxy token rule based similar to the token rules written in Muse Proxy Java filters. Simple (just find/replace) and complex filter configurations involving conditions (such as
APPLY_IF_FIRST
) and variables are supported; - If configurable filters are not covering special complex cases, the administrators can create, using a Java API, their custom Muse Navigation Manager rewriting filters, that will be executed only for specific Muse Proxy Sources links. The mechanism allows to create a great number of Muse Navigation Manager custom rewriting filters without affecting the overall Muse Navigation Manager reliability, because each Muse Navigation Manager custom rewriting filter will be executed only for the Muse Proxy Source for which it was created;
- Supports automatic authentication for rewritten links using an authentication token generated by Muse Proxy and stored in the Navigation Session;
- Supports a custom charset in the
Content-Type
HTTP header returned by the rewritten pages; - Supports chaining, at server side level, with a next proxy, set using
Proxy
and
HostProxy Port
or set usingProxy PAC
, for the rewritten links. Supports chaining with different proxies for different rewritten links; - Supports
Proxy-Authorization
usingBasic
andDigest
authorization schemes, at server side level, with a next proxy, for the rewritten links. Supports separate proxy authorization for different rewritten links; - Supports HTTP
Authorization
usingBasic
andDigest
authorization schemes, at server side level, with the target site, for the rewritten links. Supports separate HTTP authorization for different rewritten links; - Supports setting an initial set of
Cookie
HTTP headers, at server side level, when navigating on a rewritten link. Supports separate sets of cookies for separate rewritten links navigated for the same target site; - Supports setting an initial
Referer
, at server side level, when navigating on a rewritten link. Supports separateReferer
authorization for different rewritten links; - Control of the resulting protocol which could totally decouple server end and source end or could replicate source behaviour;
- Supports, by configuration, for a
Type 2
rewritten link obtained by a Client, to be passed to another Client, who will be allowed to navigate on it; this option should be used with care; - The Muse Navigation Manager component (
mnm.jar
file) can be updated at run-time, without restarting Muse Proxy; - Supports
Type 1
rewritten links - entry point links coming from a Muse Search Application;TheType 1
rewritten links are entry links having the rewriting information stored in them asCGI
parameters. Example ofType
rewritten URL:
1http://navigationManagerHost:navigationManagerPort/com/site/ ?MuseProtocol=ProtocolValue &MuseHost=some.site.com &targetSiteParameter1=targetSiteParameterValue1... &targetSiteParameterN=targetSiteParameterValueN &MuseCookie=CookieValue &MuseReferer=RefererValue &MuseAuthorization=AuthorizationValue &MuseAuthorizationScheme=AuthorizationSchemeValue &MuseProxyHost=ProxyHostValue &MuseProxyPort=ProxyPortValue &MuseProxyPac=ProxyPacValue &MuseProxyAuthorization=ProxyAuthorizationValue &MuseProxyAuthorizationScheme=ProxyAuthorizationSchemeValue &MuseCharset=CharsetValue &MuseUID=UIDValue &MuseProxyAuthenticationToken=ProxyAuthenticationTokenValue &MuseSourceID=SourceIDValue &MuseNavigationManagerMode=NavigationManagerModeValue &MusePath=PathValue