Features of DeleGate
May 14, 1998, Yutaka Sato, Electrotechnical Laboratory
is not merely a caching proxy server dedicated to HTTP protocol but
a general purpose application protocol gateway for various protocols
with many notable original features.
Various users in various situations can use DeleGate to cope with
their own requirement.
- UNBOUND PROXY:
A user can select target servers arbitrarily in ad hoc way showing
destination in user level data specific to the protocol of the client.
- HTTP ( by protocol://host:port/ )
- FTP ( by USER user@host:port )
- POP ( by USER user@host:port )
- Telnet ( by Host: host port )
- Gopher ( by /-_-gopher://host:port/original-selector )
- LDAP ( by directory-name@host:port )
- Socks ( by SocksV4 protocol )
- BOUND PROXY:
An administrator of DeleGate can specify which destination server
is used depending on accessing client.
- X Window
- LPR (Line Printer Daemon Protocol)
- Tcprelay (which transparently relay arbitrary TCP based protocols)
- Udprelay (which transparently relay arbitrary UDP based protocols)
A message data transferred on a protocol is cached in its inherent format
and shared among DeleGate as gateway servers of different protocols.
- HTTP (GET) with ICPv2
- FTP (LIST and RETR)
- NNTP (HELP, LIST, ARTICLE(reused for HEAD,BODY,XHDR,XOVER) )
- CONNECTION SHARING:
An established connection to a server in anonymous user can be
reused and shared among multiple clients.
- POP (via POP/HTTP gateway)
- DATA CONVERSION:
DeleGate has several built-in data conversion filters which can be
applied to a specific part of data in a message on each protocol.
- Japanese character codes (JIS,SJIS,EUC) conversion for text data
- MIME encoding/decoding (NNTP,SMTP,POP)
- MIME/PGP encoding, decoding and verification (NNTP,SMTP,POP)
- use user developed conversion as External Filter or CFI
- PROTOCOL CONVERSION:
A client of a protocol can talk with servers of other protocols via DeleGate.
- HTTP client to FTP,NNTP,POP,WAIS,Gopher server
- NNTP client to POP server
- POP client to NNTP server
- SMTP client to SMTP,NNTP server with filtering by content
- FTP client to LPR server
- DNS client to NIS server or local hosts file
- AUTHENTICATION / SECURE PROTOCOL CONVERSION:
DeleGate can relay between a non-SSL client and a SSL server, or between
a SSL-client and a non-SSL server.
- SSLway -- SSL wrapper for arbitrary protocol
- non-HTTPS client to HTTPS server, HTTPS client to non-HTTPS server
- Tunneling for HTTPS/SSL (CONNECT/HTTP) between SSL-client and SSL-server
- USER+PASS client to APOP server of POP protocol
- conversion of PASV / PORT command for data connection of FTP protocol
- ACCESS CONTROL:
Accesses to be permitted to pass DeleGate are described by a set of
triples of destination protocol, destination server and source client.
- protocol name and port numbers of servers
- hostname or IP address of servers
- hostname or IP address of clients
- DNS cross checking of client's hostname to be used for authorization
- username of clients (Ident protocol)
- username / password (ex. HTTP Proxy-Authorization)
- username on target servers (ex. anonymous ftp only)
- validity of e-mail address (ex. FTP password)
- read-only access (FTP and NNTP)
- methods on application protocols (HTTP)
- LOGGING: Detailed logging of DeleGate actions and
protocol dependent logging in standard formats.
- HTTP: common logfile format of CERN httpd
- FTP: xferlog format of wu-ftpd
- AUTOMATIC INVOCATION: DeleGate can be
on demand or at the startup time of the host system.
- as a service on Unix
(invoked from inetd in wait or nowait)
- as a service on WindowsNT
(it registers itself as a service automatically)
- parameters are loadable from remote resources at specified URLs
- restarted by SIGHUP, reloading parameters on remote resources
- RESOLVER CONTROL:
You can control the combination and sequence of multiple resolution
mechanisms, independently of platforms.
- DNS (UDP only, DNS outside of firewall can be used with UDP/SocksV5)
- local file (in /etc/hosts format)
- standard resolver on each platform (gethostbyname/gethostbyaddr)
- cache (result of above resolvers can be cached for reuse)
- ROUTING CONTROL:
A route toward the server can be selected from alternatives
depending on protocol, server and client (host and user).
- direct connection
- via DeleGate
- via HTTP proxy (HTTP, or any-protocol on SSL tunnel)
- via Socks(V4,V5) server
- via VSAP server
- MOUNTING SERVERS:
Multiple target servers of multiple protocols can be merged into a single
server of a protocol, with resource name filtering and aliasing.
- HTTP client to HTTP,FTP,NNTP,POP,Gopher,WAIS servers
- FTP client to FTP servers
- NNTP client to NNTP,POP servers
- POP client to POP,NNTP servers
- PROXY ON DEMAND: Automatically invoked proxy just for the
- X window proxy from Telnet proxy
- X window proxy from HTTP proxy (display in POSTed form)
- ORIGIN SERVER:
You can use DeleGate as simple origin servers for several protocols.
- FTP (read only)
- EXTENSION BY USERS:
You can attach your own graphic images, messages, and programs to DeleGate
without modifiying the DeleGate program.
- Builtin icons and messages can be replaced and customizable by mounting
- External filter program can be inserted on the way of communication
- CFI: Common Filter Interface
- TCP WRAPPER:
You can use DeleGate like inetd + TCPwrapper which make
your own filter program work as a server with access control.
- usable by non-privileged users
- runnable on any platform
You can use DeleGate like crond which invokes specified commands
at specified timing.
- usable by non-privileged users
- runnable on any platform
DeleGate runs on multiple platforms and can be compiled from a common
source program without any platform dependent configuration.
- Unix (AIX, EWS4800, HP-UX, HI-UX, IRIX, NeXT, NEWS-OS, Digital-UNIX, Solaris, BSD/OS, FreeBSD, Linux, NetBSD, OpenBSD, etc.)
- Windows (Win32: Windows95 and WindowsNT, BOW)
- OS/2 (EMX)
- FREE AND OPEN:
Electrotechnical Laboratory (ETL),