Before you begin

If you already have ESET Security Management Center (ESMC) Server installed, follow the instructions below, and then create a policy for clients.

Install Apache HTTP Proxy using All-in-one installer

  1. Visit the ESET Security Management Center Download Page and download the appropriate all-in-one installer for your system architecture and save it in your preferred location.
     
  2. Double-click the installer file to run the All-in-one installer.
     
  3. Select Install/Upgrade Apache HTTP Proxy and click Next.
    1. Click Next if you agree to the terms of the license agreement.
    2. Click Install. The message "Apache HTTP Proxy installation was successful" will be displayed. Click Finish to close the installer.

 

  1. Configure policy settings for client computers

Additional documentation available

Before you install Apache HTTP Proxy, we recommend that you review the text documentation (INSTALL.txt) that is included when you download Apache HTTP Proxy. You can find this documentation in the ApacheHttp folder after you have extracted it.


  1. On the server where you want to install Apache HTTP Proxy, click the link below to download the Apache HTTP Proxy installer file:

    Download Apache HTTP Proxy

  2. Use a tool such as WinZip or 7Zip to extract the .zip file that you downloaded in step 1 to the directory C:\Program Files\Apache HTTP Proxy.
  3. Open an administrative command prompt and type the following commands in the order shown below to install Apache HTTP Proxy:

CD C:\Program Files\Apache HTTP Proxy\bin
httpd.exe -k install -n ApacheHttpProxy

  1. Navigate to C:\Program Files\Apache HTTP Proxy\conf, locate the httpd.conf file and open it using a text editor such as Notepad.

    When upgrading, the original httpd.conf configuration cannot be applied because of the presence of new settings. To apply custom changes (if any), open your original, backed-up httpd.conf file and append the custom changes to the new httpd.conf manually.
  2. At the bottom of the .conf file, add the following lines:

ServerRoot "C:\Program Files\Apache HTTP Proxy"
DocumentRoot "C:\Program Files\Apache HTTP Proxy\htdocs"
<Directory "C:\Program Files\Apache HTTP Proxy\htdocs">
Options Indexes FollowSymLinks
AllowOverride None
Require all granted
</Directory>
CacheRoot "C:\Program Files\
Apache HTTP Proxy\cache"

  1. Open an administrative command prompt and type the following command to start the Apache HTTP Proxy service.

sc start ApacheHttpProxy

  1. To verify that the Apache HTTP Proxy service is running, press the Windows key  + R, type Services.msc and make sure that the ApacheHttpProxy service is started. Select the service and click Stop before you continue to the next step.
  2. If you want to configure a username and password, navigate back to C:\Program Files\Apache HTTP Proxy\conf, open httpd.conf using a text editor such as Notepad, and then follow the steps below to configure a username and password for Apache HTTP Proxy. 
    1. Verify the presence of the following modules loaded in httpd.conf:

      LoadModule authn_core_module modules/mod_authn_core.dll
      LoadModule authn_file_module modules/mod_authn_file.dll
      LoadModule authz_groupfile_module modules/mod_authz_groupfile.dll
      LoadModule auth_basic_module modules/mod_auth_basic.dll
    2. Add the following lines to httpd.conf under <Proxy *>:

      AuthType Basic
      AuthName "Password Required"
      AuthUserFile password.file
      AuthGroupFile group.file
      Require group usergroup
    3. Open an administrative command prompt and type the following commands to define your password for Apache HTTP Proxy:

      CD C:\Program Files\Apache HTTP Proxy\bin
      htpasswd.exe -c ..\password.file username

      You will be prompted to define the password that you want to use for Apache HTTP Proxy. Type your new password into the command prompt and press Enter.
    4. In the folder C:\Program Files\Apache HTTP Proxy, create a new text file named group.file with the following contents:

      usergroup:username

    1. Press the Windows key  + R, type Services.msc select the ApacheHttpProxy service and click Start.
       
    2. Test the connection to HTTP Proxy by accessing the following URL in your browser:

      http://localhost:3128/index.html

      When troubleshooting, see the following file to find errors:

      C:\Program Files\Apache HTTP Proxy\logs\error.log
  3. Create a policy that will configure client computers and ESET Management Agent to download updates and other files from Apache HTTP Proxy.
  4. Manual upgrade of Apache HTTP Proxy

    1. Back up the following files: 
      •  C:\Program Files\Apache HTTP Proxy\conf\httpd.conf
      •  C:\Program Files\Apache HTTP Proxy\password.file
      •  C:\Program Files\Apache HTTP Proxy\group.file
    2. Stop the ApacheHttpProxy service by opening an administrative command prompt and executing the following command:

      sc stop ApacheHttpProxy

    3. Download the Apache HTTP Proxy installer file and extract its content to the directory of C:\Program Files\Apache HTTP Proxy\ overwriting the existing files.

      Download Apache HTTP Proxy

    4. Navigate to C:\Program Files\Apache HTTP Proxy\conf\, right-click httpd.conf, from the context menu select Open with → Notepad.

    5. Add the following code at the bottom of that .conf file:

      ServerRoot "C:\Program Files\Apache HTTP Proxy"

      DocumentRoot "C:\Program Files\Apache HTTP Proxy\htdocs"

      <Directory "C:\Program Files\Apache HTTP Proxy\htdocs">

      Options Indexes FollowSymLinks

      AllowOverride None

      Require all granted

      </Directory>

      CacheRoot "C:\Program Files\Apache HTTP Proxy\cache"

    6. If you set username / password authentication to access your Apache HTTP Proxy earlier (step number 8 in the installation section above), then replace the following block of code:

      <Proxy *>
      Deny from all
      </Proxy>


      with the following (it can be found in your backed-up httpd.conf file):

      <Proxy *>
      AuthType Basic
      AuthName "Password Required"
      AuthUserFile password.file
      AuthGroupFile group.file
      Require group usergroup
      Order deny,allow
      Deny from all
      Allow from all
      </Proxy>

      • If you had any other custom modifications in the httpd.conf file of your previous installation of Apache HTTP Proxy, then you can copy over those modifications from the backed-up httpd.conf file to the new (upgraded) httpd.conf file.
    7. Save the changes and Start the the ApacheHttpProxy service by executing the following command in an administrative command prompt:

      sc start ApacheHttpProxy

    8. Test the connection to HTTP Proxy by accessing the following URL in your browser:

      http://localhost:3128/index.html

    9.  Configure policy settings for client computers
  5. Configure policy settings for client computers


    Policy settings can be applied in existing policies

    • These instructions demonstrate creating new policies that define the location of Apache HTTP Proxy for client computers and ESET Management Agents to ensure that settings are applied to all client computers.
    • If you have existing policies that apply to all agents and computers, you can make the changes in your existing policies rather than create new ones. For example, if you selected Apache HTTP Proxy using the ESMC Installation Wizard, you can apply the ESET Management Agent - HTTP Proxy Usage policy.
  6. ESET Security Management Center (ESMC) 7 User Permissions

    This article assumes that your ESMC user has the correct access rights and permissions to perform the tasks below.

    If you are still using the default Administrator user, or you are unable to perform the tasks below (the option is grayed out), see the following article to create a second administrator user with all access rights (you only need to do this once):

  7. A user must have the following permissions for their home group.


    FunctionalityReadUseWrite
    Policies


    A user must have the following permissions for the group that contains the modified object.


    FunctionalityReadUseWrite
    Computers & Groups


    Once these permissions are in place, follow the steps below.


    1.  Open ESET Security Management Center Web Console (ESMC Web Console) in your web browser and log in.

    2. Click PoliciesNew Policy.
    3. Type a Name and optional Description for your new policy in the appropriate fields. 
    4.  Click Settings and select ESET Management Agent from the drop-down menu.
    5. Expand Advanced Settings, under HTTP Proxy select one of the following options:
      • Global Proxy - If you want to use the proxy server for both the Agent replication and for caching of ESET services. Then click Edit next to Global Proxy (Figure 3-4 shows this option).
      • Different Proxy Per Service - If you want to use one proxy for Agent replication and another for caching of ESET services (for example, updates). Then click Edit next to Replication or ESET Services (depending on your intended use of HTTP Proxy).
    6. In the Global Proxy window, click the slider bar next to Use proxy server and then type the IP address or fully qualified domain name (FQDN) of the server where Apache HTTP proxy is installed in the Host field. Type the username and password that you created above (Method II. step 8) in the appropriate fields. Click the slider bar next to Use direct connection if HTTP proxy is not available to allow this fallback option. Click Save.
    7.  Click Finish.
    8.  Select the policy that you just created and click Assign Group(s).
    9.  Select the checkbox next to All (or next to each group that should receive updates from Apache HTTP Proxy) and click OK.


    10.  Repeat steps 1-3 and then expand Settings and select ESET Endpoint for Windows or ESET Endpoint for macOS (OS X) and Linux (depending on which products are installed on your client computers).

    11.  Click ToolsProxy Server and configure the proxy settings.

    12.  Click Finish.


    13.  After the policy is applied, the managed computers will start using the Apache HTTP Proxy.