Application operation depending on the distribution kit

Operation of Kaspersky Web Traffic Security (Standalone)

When Kaspersky Web Traffic Security (Standalone) is installed from an RPM or DEB package, an external proxy server is used. It can be installed on the same physical server as the application or on a separate physical server. Administration and configuration of an external proxy server is carried out by using the resources of the operating system.

The operating scheme of Kaspersky Web Traffic Security (Standalone) is presented in the figure below.

standalone

Operation of Kaspersky Web Traffic Security (Standalone)

The numbering in the figure corresponds to the following steps of traffic processing:

  1. A user requests access to a web resource. This request is relayed to the proxy server.
  2. The proxy server relays the request to the cluster node that processes traffic. The application scans the request according to the traffic processing rules received from the node with role Control. The result is then relayed to the proxy server.
  3. If access to a web resource is allowed, the proxy server sends the request to a web server for access to the requested web resource.
  4. The web server hosting the requested web resource sends a response to the proxy server.
  5. The response is also sent to the cluster node so that it can be scanned according to the traffic processing rules.
  6. After the scan, the proxy server sends the response to the user's computer. Depending on the actions defined in the application, the user may see the following pages:
    • If access to the web resource is allowed, the requested web page is displayed.
    • If access to the web resource is prohibited, the block page is displayed.
    • If the Redirect action was applied, the user sees the web page to which the redirect was configured.

It is recommended to also configure processing of HTTPS traffic on an external proxy server.

Operation of Kaspersky Web Traffic Security (Appliance)

When the application ISO image is deployed, a built-in proxy server is installed on each cluster node. Data between the built-in proxy server and Kaspersky Web Traffic Security (ICAP server of the application) is exchanged locally over the ICAP protocol on the server that has the application installed.

The operating scheme of Kaspersky Web Traffic Security (Appliance) is presented in the figure below.

appliance

Operation of Kaspersky Web Traffic Security (Appliance)

The numbering in the figure corresponds to the following steps of traffic processing:

  1. A user requests access to a web resource. This request is relayed to the server that has the application installed.
  2. The built-in proxy server accepts the request and relays it to the application's ICAP server so that it can be scanned according to the traffic processing rules.
  3. If access to the web resource is allowed according to the scan results, the built-in proxy server sends the request to this web server on the Internet.
  4. The web server hosting the requested web resource sends a response to the built-in proxy server.
  5. The built-in proxy server sends the web server response to the application's ICAP server so that the response can be scanned according to the traffic processing rules. The scan result is returned to the built-in proxy server.
  6. The built-in proxy server sends the response to the user's computer. Depending on the actions defined in the application, the user may see the following pages:
    • If access to the web resource is allowed, the requested web page is displayed.
    • If access to the web resource is prohibited, the block page is displayed.
    • If the Redirect action was applied, the user sees the web page to which the redirect was configured.
Page top