Content Filtering Proxy SafeSquid 4.2.2.RC9.3

Content Filtering Proxy SafeSquid 4.2.2.RC9.3 offers an effective tool which includes a BROWSER BASED INTERFACE. SafeSquid offers arguably, worlds biggest set of Content Filtering features.

SafeSquids multi-threaded architecture, delivers industrys FASTEST THROUGHPUT, even while providing extreme content analysis and security. SafeSquid has an intelligent DNS cache, an extremely manageable content CACHING system, and configurable content pre-fetching that allows fast browsing of often viewed web-sites.

SafeSquid lets you create unlimited and extremely granular Internet Policies to define and deal with unlimited number of unique factors depending upon user / network / web-site / mime-type / size / time etc. SafeSquid allows you to create unlimited number of policies for allowing or BLOCKING SPECIFIC CONTENT, like music, ActiveX, JavaScripts, advertisement banners, etc., and even any part of the protocol header to ensure graded exchange of private information, from each web-site. Real-time text analysis and Image analysis besides categorized web-site databases ensure complete blocking of PORNOGRAPHY or replacing specific parts.

Users can be authenticated from a remote WINDOWS ADS / OpenLDAP servers. SafeSquid lets you, to THROTTLE SPEED for low priority users or applications. You can use a variety of ANTIVIRUS Software like ClamAV and any other ICAP based antivirus to stop viruses before they reach the client systems. SafeSquid allows you to customize the various templates, that are displayed when access or content is denied to the user. SafeSquids logs can be analyse to create a exhaustive USER ACTIVITY REPORTS.

It takes less than 3 minutes to install SafeSquid on a Linux based server. SafeSquid is backed by a very responsive and committed customer support. SUPPORT INCLUDES REMOTE LIVE-HAND-HOLDING. Various SafeSquid editions are available to serve small 20 user networks or thousands of concurrent users. SafeSquid has special features for use in CLUSTERS.

Content Filtering Technology: SafeSquid® has more than just a database of web-sites

1. Modular and Fully Re-Programmable Logic, to provide the benefits of a customised application, with minimal TCO.
2. A unique filter to analyse / modify each of the elements of an HTTP transaction.
3. Parallel content processing, ensures near-zero latency.
4. WebGUI to re-program the PCRE-based filtering logic in Real Time.
   

User Environments: SafeSquid® is now serving a variety of environments.

1. Large Multi-Location Enterprises
2. Value Added ISP
3. Educational Institutions
4. Software and Technology Companies
5. ITES / Business Processing Enterprises
6. Public Access Internet Distributions
7. Research and Design Businesses
8. Manufacturing and Logistic Businesses
9. Financial Services
   

Major Benefits:

1. Content Security & Control
2. Access Security & Control
3. Scalablity
4. Granular Policies

Major Features:

1. Easy to use: SafeSquid® is very easy to use and administer.
   • Simple text based installation script, that can be modified as per individual requirements.
   • Browser based interface - that, requires no additional download of applets or any other browser specific components.
   • Convenient Tool-Tips on the browser-based interface that describe, the functions of every feature.
   • Multi-format Log reports, FireWall format - to describing the SafeSquid Transactions, Squid Access Log format - detailing the users and their applications. Extended log format - detailing the users, applications and security breaches.
   • Ready to use templates for Access / Content control.
   • Ready to use config files for compatible log analysers and reporting tools like SARG, Calamaris, Squint, and many others.
   • Easy attaching of any third-party software executables to process requests and responses.
2. Advanced Management: SafeSquid® can be easily managed even in most remote and complex environment.
   • Password protected browser-based interface for managing the system, viewing transactions in real-time, and reviewing system performance.
   • Multiple administrators can be assigned the task of managing the rules.
   • Unlimited unique department profiles based on I.P. addresses and/or username.
   • Time-based global or departmental rules for access to content.
   • Time based application profiles to define unique allow / deny actions depending upon departments, web-sites, nature of content, etc.
   • Unlimited rules to set limits for speed / data transfer, for each department or application.
   • XML based data-file to store and back-up configuration.
   • Enterprise-wide enforcement of rules on multiple proxy servers by using a unique Master-Slave installation.
   • Fully PCRE compatible system for creation of easily editable default rules.
   • Unique browser based URL Commands to analyse the application of profiles and nature of request and response.
   • Easily customisable templates that replace denied or inaccessible content.
   • Automatically produces appropriate WPAD compatible proxy.pac
3. Enhanced Surfing: SafeSquid® can make Internet access, a better experience.
   • Pre-fetching accelerates loading of web-content.
   • Selectively apply filter bypassing for any application.
   • Use applications that supports use of HTTP 1.1 proxy.
   • DNS Cache to reduce latency when you visit popular web-sites.
4. Access Security: SafeSquid® challenges all applications that seek to access the Internet, to be authenticated.
   • Only users with a user / password, will be able to access the Internet.
   • The administrators can very easily identify and analyse the Internet usage of each individual user.
   • Spy-ware & Trojans will not be able to access the Internet.
   • Intrinsic PAM client ensures natural compatibility for using different mechanisms of authentication like Windows Domain, SQL Databases, POP3 email servers, Flat files etc.
5. Content Security: SafeSquid® ensures that all the content fetched from the Internet is security checked before it reaches the users.
   • A two-tier, fully-manageable, MD5 encrypted, content cache to serve the more popular content very quickly.
   • Readily connects to one or more virus scanners like ClamAV, F-Prot, Kaspersky, Sophos, Avast, etc
   • Built-in ICAP client to quickly connect to any existing - ICAP based content security software like Symantec, Trend-Micro, Dr. Web, etc.
   • Built-in Document Re-write sanitises the web-sites to remove pop-ups, ActiveX controls and stops spyware.
   • Fully configurable document analyser, to block web-sites or pages, based on the nature of content.
   • Fully configurable image analyser, to block pornographic images.
   • Time-based global or departmental rules for access to specified content
6. Chains with other Proxy or Security Gateway: SafeSquid® can easily complement your existing Internet Gateway.
   • Has advanced features like ICP / CARP to connect to external web-caches.
   • Forwarding with Authentication allows you to optionally place SafeSquid behind any authenticating Firewall that requires username / domain / password based authentication
   • Selectively Bind outgoing requests to different I.P addresses.
   • Programmable Headers allow you to protect your privacy.
   • Value-for-Money
   • SafeSquid® has a very low Total Cost of Owner-ship, and a very good investment .
   • Perpetual Server based licenses with no user-limits / time based expiration.
   • Trained technicians to evaluate your enterprise requirements.
   • Total support for system optimisation.
   • Low-cost of management
   • Compatible with a variety of third-party / open-source software.
   • Freely distributed SafeSquid SDK allows everybody to create feature enhancements.

Enhancements:

1. System dimensioning will be particularly simpler, for setting up a SafeSquid Server.
   • SafeSquid now allows complete tcp tuning.
   • • The performance of SafeSquid like any server-side web-application can be impacted by TCP parameters like Keepalive, Receive Buffers & Send Buffers.
     • The life of CLOSE_WAIT sockets depends upon the Keepalive parameters, whereas the Send / Receive Buffers can greatly impact the throughput and speed.
     • The prior releases of SafeSquid required these parameters to be very carefully set (for the performance conscious), via sysctl, and obviously required a system-wide impact.
     • With 4.2.2.RC9.3, these parameters can be set for SafeSquid uniquely, and particularly for it only.
     • These parameters can be specified as command-line parameters when invoking SafeSquid service.
     • For convenience, these parameters may be set like other parameters via the init script + startup.conf
     • Full explanation of using these enhancements has been incorporated in the startup.conf, and should be easily accessible via:
     • "/etc/init.d/safesquid adjust"
     • Of course, these shall be encountered by you when you perform the upgrade, too.
   • SafeSquid's content caching now takes preventive action when the caching parameters are ill configured.
   • • The prior releases required the caching section to be very carefully configured, and were very intolerant to under-dimensioned configurations.
   • SafeSquid could suddenly become sluggish in throughput, or exhbit similar such random behavior, if caching was ill-configured.
   • • With 4.2.2.RC9.3, SafeSquid should be much more tolerant to ill-configured caching sections, and should mostly be able to take automatic corrective actions.
   • Optimisations have been introduced to allow use of libhoard. The SafeSquid core now responds still better when libhoard is used. The init script has been modified to facilitate easy use of libhoard. Standard Installation creates Install directory as /opt/safesquid, and places the safesquid's executable binary in /opt/safesquid/bin/ Simply create a sub-folder "libs" in your SafeSquid Install directory i.e. create /opt/safesquid/bin/libs and copy libhoard.so so that /opt/safesquid/bin/libs/libhoard.so is accessible. The init script will detect libhoard's presence, and automatically preload it when invoking the SafeSquid executable.
   • • The init script has also been optimised for invoking libkeepalive. It has been found that in a few legacy libraries like pam_ldap, the fuctionality of keepalive is missing and could cause problems. libkeepalive could solve stability problems in such environments.
2. BugFixes:
   • The prior releases of SafeSquid did not record the data transferred in CONNECT requests, in the log files.
   • This has been fixed, data transferred in the CONNECT requests is now recorded in both Access & Extended Logs
   • Some of the libraries used by SafeSquid, could cause Stack Smashing and other random errors.
   • Some of the very observant SafeSquid users, collaborated to fix the issue for one of the libraries - libgmp.
   • The linking mechanism to this library has been modified. This may require the users to ensure that the libgmp is properly installed on the host system.
   • It is expected that a few more such problems could manifest, and will be soon discovered, with ever growing population of such sharp users.
   • Some users complained about SafeSquid not able to randomly serve the requests, over a period of time.
   • SafeSquid seemed to magically start serving requests, after a few minutes of silence.
   • This was recurringly observed at large sites where SOCKET_TIMEOUT was set to a value higher than 6.
   • SafeSquid's DDoS protection system was identified to be the cause for this.
   • The algorithm for detecting the DDoS attacks was found to be flawed.
   • A sudden burst of large number of fresh connections, were misinterpreted as DDoS attacks.
   • The algorithm seemed to be "too sensitive" and could cause suspension of services from getting rendered, until the rate of incoming requests dropped significantly.
   • This has now been fixed, and prevents complete suspension of services, and instead reduces the timeouts to counter a DDoS attack.
   • The OVERLOAD_FACTOR is now treated as the expected probability of touching MAXTHREADS.
   • Some users had also experienced problems when downloading large files. This has also been corrected.
   • It was found that SafeSquid could "disobey", the connection timeout directives in the General Section, specially when the number of incoming connections was large.
   • This caused SafeSquid to incorrectly interpret a slow data transfer speed as a broken connection.
   • This has been corrected, and SafeSquid should follow the timeout directives in the General Section, more precisely.
   • The init script has been further improved, and now provides better control over the creation of monit directives.
   • The install script has been fixed to ensure upgrades do not overwrite without approval.

 Requirements:

• Linux
• Kernel 2.6 or higher & glibc 2.4 or higher