Connecting Dr.Web Proxy Server to Dr.Web Server

Starting from version 11, Dr.Web Proxy Server can be connected to Dr.Web Server to configure settings remotely and to support the traffic encryption.

Connection Settings

Connection of the Proxy Server to Dr.Web Server requires the following:

The Dr.Web Server certificate drwcsd-certificate.pem.

The Proxy Server must have all certificates of all Dr.Web Servers to which the Proxy Server connects and to which the client traffic is forwarded.

The Dr.Web Server certificate is required to connect to Dr.Web Server for remote settings configuration and to support the traffic encryption between Dr.Web Server and the Proxy Server.

The Proxy Server certificate is signed by the Dr.Web Server certificate and private key (the procedure is performed automatically on Dr.Web Server after connection, and no administrator interception is required) and is required to connect Agents and to support the traffic encryption between the Agents and the Proxy Server.

All the Dr.Web Server certificates are stored on the Proxy Server in the drwcsd-proxy-trusted.list configuration file in the following format (the certificates records are separated by one or more empty lines):

[<certificate_1>]

 

[<certificate_2>]

 

[<certificate_3>]

...

The Dr.Web Server address.

The Proxy Server connects to all Dr.Web Servers that are specified in its configuration file for the client traffic forwarding. But accepting settings are allowed only from a specific set of connected Dr.Web Servers that are marked as managing. If several Dr.Web Servers are marked as managing, then Proxy Server connects to all the Dr.Web Servers by rotation until it gets the first valid (not empty) configuration.

Identifier and password to access Dr.Web Server.

Credentials are available after creation of the Proxy Server account via the Control Center (see Creating Dr.Web Proxy Server Account).

warning

Proxy Server identifier and password are used in a single copy. You must create the Proxy Server accounts with the same credentials on all Dr.Web Servers to which the Proxy Server connects.

Credentials are stored on the Proxy Server in the drwcsd-proxy.auth configuration file in the following format:

[<Proxy_server_ID>]

[<Proxy_server_password>]

Connecting the Proxy Server to Dr.Web Server

warning

To be able to connect Dr.Web Proxy Server, you must enable corresponding protocol at Dr.Web Server. To do this, in the Control Center in the Administration → Dr.Web Server configuration → Modules section, set the Dr.Web Proxy Server protocol flag, save the settings and restart Dr.Web Server.

Automatic connection within installation under Windows OS

If the Proxy Server is installing within the Agent installation or on the station with the Agent installed, when connection to Dr.Web Server is established automatically.

If the Proxy Server is installed via the graphical installer under Windows OS, when connection to Dr.Web Server is established automatically using the credentials specified by administrator in the installer settings.

After the Proxy Server installation, the files for the connection to Dr.Web Server are located by default in the following folder: C:\Program Files\Doctor Web\drwcs\etc.

Manual connection for the installation under UNIX system-based OS

1.Install the Proxy Server for UNIX system-based OS according to the procedure described in the Installing Dr.Web Proxy Server via the Installer section.

2.Create the Proxy Server account using the Control Center as described in the Creating Dr.Web Proxy Server Account section.

3.Copy the Dr.Web Server certificate on the computer with the Proxy Server installed.

4.In the drwcsd-proxy-trusted.list configuration file, specify the certificate copied on the computer at step 3: copy the contents of the certificate file and paste it into the configuration file according to the format above.

5.In the drwcsd-proxy.auth configuration file, specify the Dr.Web Server connection settings for the account created at step 2 according to the format above.

The drwcsd-proxy-trusted.list and drwcsd-proxy.auth files must be located in the following directories:

for Linux OS: /var/opt/drwcs/etc

for FreeBSD OS: /var/drwcs/etc

For the files, set the following permissions:

drwcsd-proxy-trusted.list 0644 drwcs:drwcs

drwcsd-proxy.auth 0600 drwcs:drwcs