[KB3637] How do I set up a mirror server for ESET Remote Administrator using Apache HTTP Proxy? (6.x)

Issue

  • Use Apache HTTP Proxy to distribute virus signature database and program module updates to client workstations and reduce Internet traffic generated by your network.
     
  • Use Apache HTTP Proxy to distribute ESET product installation packages to the ESET Remote Administrator Agent (ERA Agent).

  • Apache HTTP Proxy replaces the mirror server functionality from ESET Remote Administrator 5.x.
     

Details

You can install Apache HTTP Proxy on your network to automatically distribute virus signature database updates and program component updates to client workstations. This arrangement allows for an additional layer of security—clients that are protected by a firewall and/or cannot download updates directly from ESET servers can download normal updates from a protected server configured to communicate securely with ESET servers. This arrangement limits exposure to threats for client workstations. For client computers on your network to receive updates from Apache HTTP Proxy, their update settings must be edited. 

Currently, setting up Apache HTTP Proxy is the primary method for caching virus signature database update files. Users who attempt to set up a local repository on the ESET Remote Administrator Server may receive the following error:

  • "Error: CRepositoryModule [Thread d4c]: GetFile: Object 'https://plgli2sm01/Repo//info.meta'not found".

Until this option is supported in a future version of ESET Remote Administrator, the instructions in this article are recommended.

Solution

Apache HTTP Proxy can be installed as part of the ESET Remote Administrator (ERA) Server installation process using the all-in-one installer.

If you already have ERA Server installed, follow the instructions in Part I below to install Apache HTTP Proxy and then continue to Part II to define a policy in ESET Remote Administrator that will direct client computers to download updates from Apache HTTP Proxy.

If you do want to configure a mirror on a client workstation

Perform these steps on an individual client workstation.

I. Install Apache HTTP Proxy manually

For instructions regarding manual upgrade of Apache HTTP Proxy scroll down.

Additional documentation available

Before you install Apache HTTP Proxy, we recommend that you review the text documentation (INSTALL.txt) that is included when you download Apache HTTP Proxy. You can find this documentation in the ApacheHttp folder after you have extracted it.

  1. On the server where you want to install Apache HTTP Proxy, click the link below to download the Apache HTTP Proxy installer file:

    Download Apache HTTP Proxy

  2. Use a tool such as WinZip or 7Zip to extract the .zip file that you downloaded in step 1 to the directory C:Program FilesApache HTTP Proxy.

  3. Open an administrative command prompt and type the following commands in the order shown below to install Apache HTTP Proxy:

CD C:Program FilesApache HTTP Proxyin
httpd.exe -k install -n ApacheHttpProxy

  1. Navigate to C:Program FilesApache HTTP Proxyconf, locate the httpd.conf file and open it using a text editor such as Notepad.

    When upgrading, original httpd.conf configuration cannot be applied because of presence of new settings. To apply custom changes (if any), open your original, backed-up httpd.conf file and append them to the new httpd.conf manually.
     
  2. At the bottom of the .conf file, add the following lines:

ServerRoot "C:Program FilesApache HTTP Proxy"
DocumentRoot "C:Program FilesApache HTTP Proxyhtdocs"

 Options Indexes FollowSymLinks
 AllowOverride None
 Require all granted

CacheRoot "C:Program FilesApache HTTP Proxycache"

  1. Open an administrative command prompt and type the following command to start the Apache HTTP Proxy service.

sc start ApacheHttpProxy

  1. To verify that the Apache HTTP Proxy service is running, press the Windows key + R, type Services.msc and make sure that the ApacheHttpProxy service is started. Select the service and click Stop before you continue to step

Figure 1-1
Click the image to view larger in new window

  1. If you wish to configure a username and password, navigate back to C:Program FilesApache HTTP Proxyconf, open httpd.conf using a text editor such as Notepad and then follow the steps below to configure a username and password for Apache HTTP Proxy.
    1. Verify the presence of the following modules loaded in httpd.conf:

      LoadModule authn_core_module modules/mod_authn_core.dll
      LoadModule authn_file_module modules/mod_authn_file.dll
      LoadModule authz_groupfile_module modules/mod_authz_groupfile.dll
      LoadModule auth_basic_module modules/mod_auth_basic.dll
       
    2. Add the following lines to httpd.conf under :

      AuthType Basic
      AuthName "Password Required"
      AuthUserFile password.file
      AuthGroupFile group.file
      Require group usergroup
       
    3. Open an administrative command prompt and type the following commands to define your password for Apache HTTP Proxy:

      CD C:Program FilesApache HTTP Proxyin
      htpasswd.exe -c ..password.file username
       
      You will be prompted to define the password that you want to use for Apache HTTP Proxy, type your new password into the command prompt and press Enter.

    4. In the folder C:Program FilesApache HTTP Proxy, create a new text file named group.file with the following contents:

      usergroup:username
       
  2. Press the Windows key + R, type Services.msc select the ApacheHttpProxy service and click Restart.

  3. Test the connection to HTTP Proxy by accessing the following URL in your browser:

    http://localhost:3128/index.html

    When troubleshooting, see the following file to find errors:

    C:Program FilesApache HTTP Proxylogserror.log
     
  1. Continue to Part II below to create a policy that will configure client computers and ESET Remote Administrator Agent to download updates and other files from Apache HTTP Proxy.
     

Manual upgrade of Apache HTTP Proxy

  1. Back up the following files:
    • c:Program FilesApache HTTP Proxyconfhttpd.conf
    • c:Program FilesApache HTTP Proxypassword.file
    • c:Program FilesApache HTTP Proxygroup.file

  2. Stop the ApacheHttpProxy service by opening an administrative command prompt and executing the following command:

    sc stop ApacheHttpProxy

  3. Download the Apache HTTP Proxy installer file and extract its content to the directory of c:Program FilesApache HTTP Proxy overwriting the existing files

    Download Apache HTTP Proxy

  4. Navigate to c:Program FilesApache HTTP Proxyconf, right-click httpd.conf, from the context menu select Open with > Notepad.

  5. Add the following code at the bottom of that .conf file:

    ServerRoot "C:Program FilesApache HTTP Proxy"
    DocumentRoot "C:Program FilesApache HTTP Proxyhtdocs"
     Options Indexes FollowSymLinks
     AllowOverride None
     Require all granted
    CacheRoot "C:Program FilesApache HTTP Proxycache"
     

  6. In case you set a username/password authentication to access your Apache HTTP Proxy earlier (step no. 8 in the installation section above), then replace the following block of code:


    Deny from all


    with this one (it is supposed to be found in your backed-up httpd.conf file):


    AuthType Basic
    AuthName "Password Required"
    AuthUserFile password.file
    AuthGroupFile group.file
    Require group usergroup
    Order deny,allow
    Deny from all
    Allow from all

    • In case you had any other custom modifications in the httpd.conf file of your previous installation of Apache HTTP Proxy, then you can copy over those modifications from the backed-up httpd.conf file to the new (upgraded) httpd.conf file.

  7. Save the changes and Start the the ApacheHttpProxy service  by executing the following command in an administrative command prompt:

    sc start ApacheHttpProxy

  8. Test the connection to HTTP Proxy by accessing the following URL in your browser:

    http://localhost:3128/index.html

 

II. Configure policy settings for client computers

Policy settings can be applied in existing policies

  • In these instructions, we create new policies that define the location of Apache HTTP Proxy to client computers and ESET Remote Administrator Agents to ensure that settings are applied to all client computers.
  • If you have existing policies that apply to all agents and computers, you can apply these changes in those policies rather than creating new ones. For example, if you selected Apache HTTP Proxy using the ERA Installation Wizard, you can apply the Remote Administrator Agent - HTTP Proxy Usage policy. 
  1. Open ESET Remote Administrator Web Console (ERA Web Console) in your web browser and log in.

  2. Click Admin  → PoliciesPolicies New.

Figure 2-1
Click the image to view larger in new window

  1. Type a name for your new policy into the Name field. Optionally, you can type a description into the appropriate field.

Figure 2-2
Click the image to view larger in new window

  1. Expand Settings and select ESET Remote Administrator Agent from the drop-down menu.

Figure 2-3
Click the image to view larger in new window

  1. Expand Advanced Settings, enable Use proxy server under HTTP Proxy and then type the IP address or fully qualified domain name (FQDN) of the server where Apache HTTP proxy is installed into the Host field. Type the username and password that you configured in part I into the appropriate fields (see figure 2-4).

  2. Click Finish.

Figure 2-4
Click the image to view larger in new window

  1. Select the policy that you just created and click Assign Group(s). Select All (or select the group(s) that you want to receive updates from Apache HTTP Proxy) and click OK.

Figure 2-5
Click the image to view larger in new window

  1. Repeat steps 1-7 and replace ESET Remote Administrator Agent in step 4 with ESET Security Product for Windows and/or ESET Security Product for OS X & Linux depending on which products are installed on your client computers. Replace Advanced settings in step 5 with ToolsProxy server.

Figure 2-6
Click the image to view larger in new window

 

Last Updated: Nov 18, 2024

Additional resources

User Guides

ESET Forum

YouTube videos
Support News Customer Advisories ESET Status Portal Contact ESET Technical Support

Existing customer?

Chat with ESET AI Advisor for support