Anda di halaman 1dari 150
Total Access Control Total Content Control Granular Scalable Manageable © 2008 Office Efficiencies (India) Pvt.

Total Access Control

Total Content Control

Granular

Scalable

Manageable

© 2008 Office Efficiencies (India) Pvt. Ltd.

I Table of Contents Part I User Manual   1 1 Who should use this

I

I

Table of Contents

Part I

User Manual

 

1

1

Who should

use

this guide

1

Part II

Implementation

2

Part III

System Requirements

4

Part IV

Installing SafeSquid

8

Part V

Test Your Installation

10

Part VI

SafeSquid Logs

12

Part VII

SafeSquid Interface

16

1

Active Connections

18

2

Statistics

20

3

DNS Cache

24

4

Show Headers

26

5

View Cache

Entries

28

6

Connection

Pool

31

7

Prefetch Queue

32

8

URL Blacklist

34

9

View Log

Entries

35

10

Save Settings

36

11

Load Settings

37

12

Config Section

39

Basic Behaviour

40

URL Blacklist

45

Access Control

48

Profiles

54

cProfiles

59

Define user limits

64

FTP proxy

67

Templates

69

DNS Blacklists

75

URL Filtering

77

URL redirect

81

Mime Filtering

84

© 2008 Office Efficiencies (India) Pvt. Ltd.

Contents II Header Filtering 87 Cookie Control 90 Word Filtering 94 Content Re-Write 96

Contents

II

Header Filtering

87

Cookie Control

90

Word Filtering

94

Content Re-Write

96

Content Caching

100

Request Forwarding

105

Internet Content Adaptation

Protocol

(ICAP)

109

External Parser

114

Prefetching Embedded

Objects

117

Pornographic Image

Filter

120

Part VIII

URL commands

122

Part IX

Multiple Proxy Configuration

125

Part X

Reverse Proxying

128

Part XI

Chain Squid with SafeSquid

130

Part XII

Multi-ISP networks

132

Part XIII

Using Profiles for granular Access Policies

133

Part XIV Using Authentication for Security and Creating User Profiles

139

Part XV

Configuring PAM

142

Index

0

© 2008 Office Efficiencies (India) Pvt. Ltd.

II

1 1 User Manual SafeSquid® Administrator's Guide Version: 2.0 Produced on: Tuesday, October 14, 2008

1

1

1 User Manual

SafeSquid® Administrator's Guide Version: 2.0 Produced on: Tuesday, October 14, 2008 :: 5:08:32 PM

SafeSquid®: Content Filtering Internet Proxy, helps you to distribute Internet Access across your enterprise network. It's vast array of features, when used wisely by a system administrator, can deliver Total Content Control and Total Access control.

SafeSquid®'s features have been built, to serve maximum benefits when the key demands are - scalability, security, and granularity.

SafeSquid® is offered in various Commercial editions, besides the Free Edition. This manual is not limited to users of any specific edition of SafeSquid®. This manual should help you to use the feature on your installed edition, provided your edition supports the said feature.

1.1 Who should use this guide

This Guide is intended, for the users who have already installed, or would like to install, SafeSquid

®

. It will help the users - to set-up the Proxy Server with the desired Edition, and to configure the features of SafeSquid® to make its optimum use.

This guide takes you onto the journey of knowledge, of setting up a secure Internet Proxy. This guide intends to reduce your efforts, and helps to optimize the use of Internet Facility.

This guide illustrates all the features of SafeSquid® and their behavioral basics. This guide should improve your understanding of - the underlying problems, your requirements, and to construct your corporate policies in order to avail the optimum out of the available resources. To mention a few of these: Multi Proxy Setup, Profile Management, User Access Restrictions, URL Blacklists, URL Filter, DNS blacklists, Document Rewrite, Header Filtering, Caching, Cookie Filtering, Virus Scanning, Image Filtering, Mime Filtering, Log analyzers, Keyword Filtering etc.

This guide will acquaint you with the Browser based User Interface. You will use it to configure and administer the features of SafeSquid®.

Hopefully, this guide is simple & understandable, and serves the purpose of those, wishing to gain knowledge for the optimum use of SafeSquid®. It intends to be useful, to naïve as well as experienced technicians.

The readers of this guide are requested to report any errors and suggestions for improvement. The readers can post their views, on the SafeSquid® forum available on the SafeSquid® website – http://www.safesquid.com/

© 2008 Office Efficiencies (India) Pvt. Ltd.

User Manual 2 2 Implementation The key to successful implementation of any software lies in

User Manual

2

2

Implementation

The key to successful implementation of any software lies in pre-defining its use, and anticipating the results. With Software like SafeSquid® that has so many possibilities, it is just too easy to get lost in the myriad of options.

Ideally the implementation should begin on a piece of paper where we should decide our expectations and (if possible) how we intend to verify the effectiveness of the configuration settings in meeting our REAL objectives.

As they say well-planned is half accomplished!

Sample Plan

How many proxies will be implemented in the enterprise?

Number

The Corporate Internet Use Policy needs to be defined / modified only on the Master, all the slave installations will automatically synchronize their configuration from the Master. Which will be the Master Proxy?

The I.P. & hostname of the Master Proxy to be used for Browser-based administrative access administrative access. Is the proxy server multi homed? Should the Proxy listen for requests on multiple IPs & Ports?

Web-Sites require an application layer security, therefore reverse proxying is used to ensure the Application Layer Security. Should SafeSquid act as a Reverse Proxy for our web-server?

What are the web-sites it should reverse-proxy? Shall we change the DNS records of the web-sites? Shall we just change the IP / Port configuration of the web Port configuration of the web-server?

The enterprise uses a variety of Internet Connection Service Providers, and each connection is judiciously used for a specific set of users or application. Shall we use the same Internet Connection for all kinds of Internet Access?

Or shall we configure SafeSquid to use different Internet Connections based on user, or nature of access? Will SafeSquid forward the requests to another proxy, web-cache or firewall? Does the request forwarding require any Authentication?

Virus Defence begins at the Internet Gateway. What Virus Scanner should we use? What Anti-Virus Software will be used to scan all the Internet Traffic?

F-ProtAV / KasperskyAV / McAfee AV offer SafeSquid compatible Daemons that can be connected ONLY via Unix Sockets. So if we use any of these AV, they must Necessarily co-habit the Proxy Server.

© 2008 Office Efficiencies (India) Pvt. Ltd.

3 Sophos AV / ClamAV / Avast AV offer SafeSquid compatible Daemons that can be

3

3

Sophos AV / ClamAV / Avast AV offer SafeSquid compatible Daemons that can be connected via Unix Sockets OR TCP/IP Sockets. So if we use any of these AV, we have the option of installing them on a separate box on a LAN Server OR co-habit them with the Proxy Server. To negate the latency effects in case of heavy traffic, it may be useful to set the LAN connection on a 100 Mbps or higher speed.

Symantec ICAP / Trend Micro ICAP / Dr. Web ICAP offer ICAP based Scan Engines, that are fully compatible to SafeSquid's ICAP client. These Engines however require, good System Resources and are designed to deliver optimum performance if located on a remote server. So if we use any of these AV, we must PREFERABLY install them on the a separate server.

Since SafeSquid can be configured to use one or more of the Anti Virus Software simultaneously, we may explore the option of scanning the entire Internet traffic via more than one Anti Virus Software.

Alternatively should we do this multi-AV scanning only for a few chosen Applications, or people? Or shall we just do the "battle-ready implementation" that allows us to switch to any of the above Anti-Virus software, in times of emergency.

Policy settings to prevent Financial & Productivity Losses due to indiscriminate use of Internet

Shall we allow people to visit only a "white-list" of trusted web-sites & URLs?

Shall we allow people to visit any web-site that is not explicitly "black-listed"? How are we going to review / modify our "white-lists" / "black-lists" What are our high priority business-application web-sites? What are the security relaxations that we may permit when our users acess these web-sites?

o

Pop-ups, KeyWords, Banners, Activex Controls, Cookies, Header Content.

What will be our bandwidth conservation policy to access these sites?

o

MiMe / File types that will be permitted to be uploaded / downloaded.

o

Speed / Volume of Uploads, Downloads.

o

Browsers or other web-clients that will be allowed to access the Internet.

What will be our bandwidth conservation policy to access non-business-application web sites? Do we have to make any granular policy modification to accommodate Profiles of some VIP users / Applications / Time of Access?

o

Should we enable pre-fetching fetching of certain or all objects for one or

more profiles? What kinds of Log Reports need to be generated?

o

How frequently should the log reports be generated?

o

How should the log reports be viewed and accessed?

How are we going to bench-mark the performance of the hardware / software and

the Internet Connection?

o

What will be the maximum bandwith we will utilise to accomplish each test.

© 2008 Office Efficiencies (India) Pvt. Ltd.

Implementation 4 3 System Requirements SafeSquid - System Requirements! Windows : SafeSquid for Windows depends

Implementation

4

3 System Requirements

SafeSquid - System Requirements!

Windows: SafeSquid for Windows depends upon library based functions provided by Native Windows ports of the technologies that SafeSquid for Linux uses. These are fulfilled by a few dll files, detailed below, that are included in the installation package.

Linux: SafeSquid (version 4.1.1 and higher) for Linux requires an Intel Architecture Hardware with Linux Kernel 2.6 or higher, based operating system, properly installed with preferably latest updates and patches.

The Minimum required hardware to get SafeSquid up and running, would be an i386 based computer with Pentium III CPU and at least 128 MB of RAM and about 40G Hard Disk. But that would really serve only academic interests!

For reliable production class environments, it would be advisable to use a server class hardware. SafeSquid now has NPTL compatible design, to generate thousands of threads, to meet as many concurrent requests. In event of un-forecasted bursts of concurrent requests, SafeSquid would have to open enough number of threads, and that may require a fast CPU. To successfully accomplish the various content filtering, caching and communication related activities, it must have enough Memory. It is ideally recommended to provide about 7 to 10 Mb of RAM per user for small networks. But for environments having more than 100 users, even 5 to 7 Mb per user should be sufficient, if we can compensate by using a faster CPU.

A

PIII / PIV based computer with 512Mb RAM this should be adequate for a typical 20 User

network, increasing the RAM to about 1G should make it serve upto 100 users. But if you are planning to use URL Blacklists, Antivirus Software, Log Analyzers also, very naturally you must compensate with adequate RAM.

SafeSquid by itself has a very small memory foot-print, but you will always want to use one or more of add-ons, compatible software, etc. So it will be much better, to use systems with 1G RAM or more.

Recommendations for Standard Installations

SafeSquid® has a very low Total Cost of Owner-ship, and a very good ROI. In the long term

most users prefer to extract more out of the fixed costs, by increasing the derived results. It

is therefore recommended to use Hardware that can be scaled for RAM / CPU / NICs. Choose H/W that can scale for RAM / CPU, so that you may accommodate more users, over a period of time. Use Hard Disks with good seek/read/write speed, to reduce latency in case you plan to use large content disk-caches. If you expect a large traffic to be handled, it would be a good idea to use a GigaBit NIC. To increase security, or to cater to multiple networks it would be advisable to use 2 NICs or more. System Configurations that have easily accessible Hardware drivers for Linux are absolutely preferable, and would be useful, if you plan to increase redundancy by using Clusters.

© 2008 Office Efficiencies (India) Pvt. Ltd.

5 Use Linux Distributions that have a good support for Web Servers, Perl, PHP, Caching

5

5

Use Linux Distributions that have a good support for Web Servers, Perl, PHP, Caching Name Servers, etc. because a variety of Log Analyzers are now available both as closed and open source, that you will surely want to use. SafeSquid servers shouldn't be requiring x-windows, so basic hardening should be enough. Sooner than later you would want to install Antivirus to scan content being transported via SafeSquid, ClamAV is free, so at least install it, unless you are sure you prefer to be secured by a commercial vendor. In such case, choose a vendor that offers ICAP based solution. If you have a Microsoft Network, then sooner or later you will want authentication to work from ADS, and in any case if you are a large network you'll alternatively want user authentication done from LDAP or RADIUS, or something else, that's available, so definitely install PAM libraries. And maybe also Winbind, that joins your SafeSquid server to Windows Network. RPMS are available for most of the software mentioned above, but quite a few are served as raw source codes, and must be compiled on your server. So it's always a good idea to install GCC & G++ on your SafeSquid Server.

© 2008 Office Efficiencies (India) Pvt. Ltd.

System Requirements 6 Software Dependencies (Windows) System Libraries Package Description libeay32.dll

System Requirements

6

Software Dependencies (Windows)

System Libraries

Package Description

libeay32.dll

libeay32.dll contains encryption functions which allow for coded communications over networks. This file is open source and is used in many open source programs to help with SSL communication.

libssl32.dll

libssl32.dll is a OpenSSL Shared Library belonging to The OpenSSL Toolkit from The OpenSSL Project, http://www.openssl.org/

nsldap32v50.dll

nsldap32v50.dll provides the LDAP connectivity to ADS / LDAP servers. It is used by many programs for LDAP authentication.

pthreadVC2.dll

pthreadVC2.dll is Posix Threads Implementation for Windows environment. Many software that have a multi-threaded architecture, and originally created for Linux, use this.

zlib.dll

zlib.dll provides the compression / decompression functions for safesquid. zlib was written by Jean- loup Gailly (compression) and Mark Adler (decompression).

Software Dependencies (Linux)

System Libraries

Provider Package

Package Description

libbz2.so.1

bzip2-libs

Libraries for applications using bzip2

bzlib

Description : Libraries for applications using the bzip2 compression format.

libcom_err.so.2

e2fsprogs

Utilities for managing the second extended (ext2) filesystem.

Description : The e2fsprogs package contains a number of utilities for creating, checking, modifying, and correcting any inconsistencies in second extended (ext2) filesystems. E2fsprogs contains e2fsck (used to repair filesystem inconsistencies after an unclean shutdown), mke2fs (used to initialize a partition to contain an empty ext2 filesystem), debugfs (used to examine the internal structure of a filesystem, to manually repair a corrupted filesystem, or to create test cases for e2fsck), tune2fs (used to modify filesystem parameters), and most of the other core ext2fs filesystem utilities.

libdl.so.2

glibc

The GNU libc libraries.

libc.so.6

libm.so.6

Description : The glibc package contains standard libraries which are used by multiple programs on the system. In order to save disk space and memory, as well as to make upgrading easier, common system code is kept in one place and shared between programs. This particular package contains the most important sets of shared libraries: the standard C library and the standard math library. Without these two libraries, a Linux system will not function.

libpthread.so.0

libresolv.so.1

libgssapi_krb5.so.2

krb5-libs

The shared libraries used by Kerberos 5.

libk5crypto.so.3

libkrb5.so.3

Description : Kerberos is a network authentication system. The krb5-libs package contains the shared libraries needed by Kerberos 5. If you are using Kerberos, you need to install this package.

libgcc_s.so.1

libgcc

GNU C library

Description : The libgcc1 package contains GCC shared libraries for gcc 3.4

© 2008 Office Efficiencies (India) Pvt. Ltd.

7 libgmp.so.3 libgmp3 A GNU arbitrary precision library. Description : The gmp package contains GNU

7

7

libgmp.so.3

libgmp3

A

GNU arbitrary precision library.

Description : The gmp package contains GNU MP, a library for arbitrary precision arithmetic, signed integers operations, rational numbers and floating point numbers. GNU MP is designed for speed, for both small and very large operands. GNU MP is fast because it uses fullwords as the basic arithmetic type, it uses fast algorithms, it carefully optimizes assembly code for many CPUs\' most common inner loops, and it generally emphasizes speed over simplicity/elegance in its operations.

libstdc++.so.6

libstdc++

GNU Standard C++ Library

Description : The libstdc++ package contains a rewritten standard compliant GCC Standard C++ Library

libcrypto.so.4

openssl097a

The OpenSSL toolkit

libssl.so.4

Description : The OpenSSL toolkit provides support for secure communications between machines. OpenSSL includes a certificate management tool and shared libraries which provide various cryptographic algorithms and protocols.

libpam.so.0

pam

A

security tool which provides authentication for applications

Description : PAM (Pluggable Authentication Modules) is a system security tool that allows system administrators to set authentication policy without having to recompile programs that handle authentication.

libz.so.1

zlib1

The zlib compression and decompression library

Description : Zlib is a general-purpose, patent-free, lossless data compression library which is used by many different programs.

© 2008 Office Efficiencies (India) Pvt. Ltd.

System Requirements 8 4 Installing SafeSquid Installation Procedure : Copy the downloaded safesquid.tar.gz into

System Requirements

8

4 Installing SafeSquid

Installation Procedure:

Copy the downloaded safesquid.tar.gz into /usr/local/src/

cp safesquid-4.2.0-com20-free.tar.gz /usr/local/src/safesquid.tar.gz

Decompress the tar file using command -

tar -xvzf safesquid-4.2.0-com20-free.tar.gz

Creates a directory safesquid in your current working directory Change directory to SafeSquid

cd safesquid/

The safesquid directory contains the installation script install. Run the script

./install

The install script asks you to select one of the following 3 options -

Press "F" if we are doing a Fresh install Press "U" if we want to Update an existing installation Press "A" if we want to Adjust an existing conf file

Press "F" for fresh installation The install script checks for dependencies and displays the status The output should be similar to -

"Checking Dependencies /lib/libsafe.so.2 (0xf6ffa000) libpam.so.0 => /lib/libpam.so.0 (0xf6fea000) libdl.so.2 => /lib/libdl.so.2 (0xf6fe5000) libpthread.so.0 => /lib/tls/i686/libpthread.so.0 (0xf6fd4000) libssl.so.4 => /lib/libssl.so.4 (0xf6fa0000) libstdc++.so.6 => /usr/lib/libstdc++.so.6 (0x00bbb000) libm.so.6 => /lib/tls/i686/libm.so.6 (0xf6f7d000) libc.so.6 => /lib/tls/i686/libc.so.6 (0xf6e69000) libgcc_s.so.1 => /lib/libgcc_s.so.1 (0x00974000) /lib/ld-linux.so.2 (0x00b97000) libgssapi_krb5.so.2 => /usr/lib/libgssapi_krb5.so.2 (0x009e7000) libkrb5.so.3 => /usr/lib/libkrb5.so.3 (0x00b1e000) libcom_err.so.2 => /lib/libcom_err.so.2 (0x009e2000) libk5crypto.so.3 => /usr/lib/libk5crypto.so.3 (0x00afb000) libresolv.so.2 => /lib/libresolv.so.2 (0xf6e55000) libcrypto.so.4 => /lib/libcrypto.so.4 (0x00a11000) libz.so.1 => /usr/lib/libz.so.1 (0x00962000)

looks okay Press any key to continue"

If a missing dependency is reported, you will have to install it before you can continue.

© 2008 Office Efficiencies (India) Pvt. Ltd.

9 If everything is fine, then press any key to continue The SafeSquid End-User License

9

9

If everything is fine, then press any key to continue

The SafeSquid End-User License Agreement is displayed. The options are as follows -

Press "B" / "F" to move Back / Forward Press "S" when you have finished reading

Read the License Agreement, or press "S" to skip and continue.

The following options are displayed -

Press Y if you find the End-User License Acceptable Press A To Read the End-User License Again Press N if you find the End-User License NOT Acceptable and immediately abort the Installation Process

Press "Y" to continue

Here onwards, the install script will ask for about 28 configuration option. All option pages are self explanatory, and should not require you to make any changes. To make changes in the default option, press "C" When you have made the necessary changes, press "S" to continue with the installation. You can also press "S" on the first option screen, to install with the default option. (The settings can later be changed by editing the startup.conf file, which you will find in /opt/ safesquid/safesquid/init.d directory. The changes will take effect the next time Safesquid is restarted.)

The installation starts when you press "S" The installation will pause a few times to display the status, and for confirmation. When the installation is complete, the following message is displayed -

Press "S" if you would like to start your safesquid now Press any other key to simply exit

Press "S" to start SafeSquid You should get the following message -

1. safesquid started with PID: 9659

2. safesquid started with PID: 9659

IS RUNNING

ssquid is NOT LISTENING on :8080 ssquid is LISTENING on 192.168.0.30:8080

Process

So, your SafeSquid is installed and running.

Now, to access the SafeSquid Interface, point the proxy setting in the browser to the SafeSquid Server's IP:PORT, e.g. 192.168.0.30:8080, and access the URL http://safesquid.cfg

© 2008 Office Efficiencies (India) Pvt. Ltd.

Installing SafeSquid 10 5 Test Your Installation Testing on server side Command to check SafeSquid

Installing SafeSquid

10

5 Test Your Installation

Testing on server side

Command to check SafeSquid is running on server

Command:

ps waux | grep safesquid

output should be quite-like:

ssquid 11533 81.2 33.1 1750524 1372096 ? Sl Oct13 973:01 /opt/safesquid/safesquid/safesquid

root 29005 0.0 0.0 2852 704 pts/0 R+ 10:51 0:00 grep safesquid

Command to be sure that SafeSquid is listening on port 8080

Command:

netstat -anp | grep :8080

The output should be quite-like:

tcp 0 0 0.0.0.0:8080 0.0.0.0:* LISTEN 11533/safesquid tcp 0 0 10.0.0.5:8080 192.168.10.152:3238 SYN_RECV - tcp 0 0 10.0.0.5:8080 192.168.10.29:1167 SYN_RECV - tcp 0 0 10.0.0.5:8080 192.168.10.127:1677 SYN_RECV - tcp 0 0 10.0.0.5:8080 192.168.50.15:1864 SYN_RECV - tcp 0 0 10.0.0.5:8080 192.168.10.122:2496 TIME_WAIT - tcp 0 253 10.0.0.5:8080 192.168.10.18:1192 FIN_WAIT1 - tcp 0 0 10.0.0.5:8080 192.168.10.132:1342 ESTABLISHED11533/safesquid tcp 1 0 10.0.0.5:8080 192.168.50.4:4999 CLOSE_WAIT 11533/safesquid

Command to check how SafeSquid is handling requests

Command:

tail -f /opt/safesquid/safesquid/logs/native/safesquid.log

The output should be quite-like:

2008

10 14 10:54:17 [691984] request: GET http://www.ingentaconnect.com:80/css/size14.css

2008

10 14 10:54:17 [692021] network: allowed connect from 192.168.10.10 on port 8080

2008

10 14 10:54:17 [692021] security: PAM authentication succeeded for mlpbs

2008

10 14 10:54:17 [692021] network: binding outgoing connection to 10.0.0.11

2008

10 14 10:54:17 [690705] request: GET http://www.allbusiness.com:80/asset/image/icon/2984516.gif

2008

10 14 10:54:17 [691736] request: GET http://www.contentlinks.asiancerc.com:80/scwm/images/

© 2008 Office Efficiencies (India) Pvt. Ltd.

11   arrow_down.gif 2008 10 14 10:54:17 [692013] network: 192.168.10.122 disconnected after making 2 requests

11

11
 

arrow_down.gif

2008

10 14 10:54:17 [692013] network: 192.168.10.122 disconnected after making 2 requests

2008

10 14 10:54:17 [691763] network: binding outgoing connection to 10.0.0.21

2008

10 14 10:54:17 [692022] network: allowed connect from 192.168.10.29 on port 8080

2008

10 14 10:54:17 [692021] request: CONNECT login.yahoo.com:443

2008

10 14 10:54:17 [692005] request: GET http://www3.interscience.wiley.com:80/journal/104086741/abstract?

CRETRY=1

2008

10 14 10:54:17 [692005] network: 192.168.50.12 disconnected after making 1 requests

2008

10 14 10:54:17 [692023] network: allowed connect from 192.168.50.12 on port 8080

Command to check how SafeSquid is running on port 8080

Command:

 

lsof -i :8080

The output should be quite-like:

COMMAND PID USER

FD TYPE DEVICE SIZE NODE NAME

safesquid 18934 ssquid 5u IPv4 1443628 safesquid 18934 ssquid 8u IPv4 1515549 safesquid 18934 ssquid 9u IPv4 1515550 safesquid 18936 ssquid 5u IPv4 1443628 safesquid 18936 ssquid 8u IPv4 1515549 safesquid 18936 ssquid 9u IPv4 1515550 safesquid 18937 ssquid 5u IPv4 1443628

TCP *:webcache (LISTEN) TCP linux:webcache->unreliable:2075 (ESTABLISHED) TCP linux:2535->nt5.oe2000.com:webcache (CLOSE_WAIT) TCP *:webcache (LISTEN) TCP linux:webcache->unreliable:2075 (ESTABLISHED) TCP linux:2535->nt5.oe2000.com:webcache (CLOSE_WAIT) TCP *:webcache (LISTEN)

© 2008 Office Efficiencies (India) Pvt. Ltd.

Test Your Installation 12 6 SafeSquid Logs SafeSquid Logs SafeSquid produces logs in three distinct

Test Your Installation

12

6 SafeSquid Logs

SafeSquid Logs

SafeSquid produces logs in three distinct formats. We traditionally name them as access.log (Access Log Format), extended.log (NCSA / Extended log format) and safesquid.log (Native Log Format). The path to the log files, and soft link that is created during installation, are as follows:

Log File

Path

Soft Link

access.log

/var/log/safesquid/safesquid/access/

/opt/safesquid/safesquid/logs/access/

safesquid.log

/var/log/safesquid/safesquid/native/

/opt/safesquid/safesquid/logs/native/

extended.log

/var/log/safesquid/safesquid/extended/

/opt/safesquid/safesquid/logs/extended/

Access Log The access.log has been traditional favorite, because it can be used by a

Access Log

The access.log has been traditional favorite, because it can be used by a variety of log analyzers like Calamaris, SARG, Squint, SquidTailD, etc. The reports produced by these log analyzers reveal useful details of the overall usage and the pattern of access of the application.

Access Log fields:

start_time_in_seconds.milliseconds elapsed_time client cachecode/status size method url username peercode/peer mime

Example:

1189403858.675 654 192.168.0.21 TCP_MISS/200 246 GET http://ds.ds3ps.co.uk:80/ refer/surebrowse/operator/chat-server.xml?time=1189404101675 sudipta DIRECT/ds. ds3ps.co.uk text/xml

The details of the fields in access.log are as follows:

Field

Explanation

Time

UNIX time stamp as Coordinated Universal Time (UTC) seconds with a millisecond resolution.

Elapsed

Length of time in milliseconds that the cache was busy with the transaction. The information is logged after the reply has been sent, not during the lifetime of the transaction.

Time

Client

IP address of the requesting host.

Cachecode/

Two entries separated by a slash. Code specifies the result of the transaction: the kind of request, how it was satisfied, or in what way it failed. The second entry contains the HTTP result codes.

Status

Bytes

Amount of data delivered to the client. This does not constitute the net object size,

© 2008 Office Efficiencies (India) Pvt. Ltd.

13   because headers are also counted. Also, failed requests may deliver an error page,

13

13
  because headers are also counted. Also, failed requests may deliver an error page, the
 

because headers are also counted. Also, failed requests may deliver an error page, the size of which is also logged here.

Method

Request method to obtain an object, e.g. GET, POST, CONNECT.

URL

URL requested.

Username

Authenticated username

Peerstatus/

Two entries separated by a slash. The first entry represents a code that explains how the request was handled, for example, by forwarding it to a peer, or returning the request to the source. The second entry contains the name of the host from which the object was requested. This host may be the origin site, a parent, or any other peer. Also note that the host name may be numerical.

Peerhost

Mime

Mime type of the object.

Extended Log

The extended.log (NCSA / Extended log format) records maximum details of each request handled by the proxy application. Log Analyzers like Sawmill can generate analysis reports using the extended log, and give lots more information, than the ones using access.log.

FORMAT :

"UNIQUE_RECORDID" ELAPSED_TIME_IN_MSEC CLIENT_IP "USER_NAME" "CLIENT_CONNECTION_ID" [DATE_TIME_OF_REQUEST] "METHOD URL" "HTTP_STATUS_CODE" BYTES_TRANSFERRED "REFERRER_URL" "USER_AGENT" MIME_TYPE "FILTER_NAME FILTERING_REASON" "COMMA_SEPARATED_LIST_OF_PROFILES_APPLIED" "INTERFACE_IP:INTERFACE_PORT"

Example:

"1191586598.504-7-192.168.0.221-8080" 929 192.168.0.150 "anonymous" "7" [05/ Oct/2007:17:46:39] "GET http://updates.f-prot.com:80/cgi-bin/check-updates? run_as=check_updates&protocol=1" 200 750 "-" "FPAV_Update_Monitor/3.16f (Windows; WINNT; 2000 Professional; SP4)" text/plain "- -" "-" "192.168.0.221:8080"

The details of the fields in extended.log are as follows:

Field

Explanation

Unique Record ID

A

unique record identifier, to prevent duplication of records when imported

into SQL databases.Here in e.g. 1215419711.460

Elapsed time in milliseconds

Elapsed time of the request, in milliseconds.

Client IP

The IP address of the requesting client.

User name

The username, (or user ID) used by the client for authentication. If no value

is

present, "anonymous" is substituted.

Client connection ID

The internal SafeSquid ID associated with this connection.

Date & time of request

The date and time stamp of the HTTP request.The fields in the date/time

© 2008 Office Efficiencies (India) Pvt. Ltd.

SafeSquid Logs 14   field are [dd/MMM/yyyy:hh:mm:ss +-hhmm], where the fields are defined as follows:

SafeSquid Logs

14

  field are [dd/MMM/yyyy:hh:mm:ss +-hhmm], where the fields are defined as follows: dd is the
 

field are [dd/MMM/yyyy:hh:mm:ss +-hhmm], where the fields are defined as follows:

dd is the day of the month, MMM is the month, yyyy is the year, hh is the hour, mm is the minute, ss is the seconds.

Method URL

The HTTP request. The request field contains three pieces of information. The main piece is the requested resource. The request field also contains the HTTP method.

HTTP Status Code

The status code is the numeric code indicating the success or failure of the HTTP request.

 

This field is a numeric field containing the number of bytes of data

Bytes Transferred

transferred as part of the HTTP request, not including the HTTP header. E.g.

750.

Referrer URL

The referrer is the URL of the HTTP resource that referred the user to the resource requested. "-" is substituted when there are no referrers.

User agent

An HTTP client that makes HTTP requests. It is customary for an HTTP client, such as a Web browser, to identify itself by name when making an HTTP request. It is not required, but most HTTP clients do identify themselves by name.

Mime type

MIME-type of the requested object. E.g. text/plain.

Filter name & Filtering reason

If the request get blocked, then this field contains the name of the filter, or the reason for which the request was blocked. "- -" is substituted when there are no blocks.

Comma separated list of profiles applied

Comma separated list of profiles that were applied to the request. "-" is substituted when no profiles are applied.

Interface IP:Interface

IP:PORT that received the request. This can be important when SafeSquid is listening on multiple IPs or Ports.

port

Native Log

This is SafeSquid's native log format. It records various functional aspects like REQUESTS, SECURITY, REDIRECT etc. that are effected by the various features and their configuration. You can control the verbosity of the Native log by specifying LOGLEVEL, as shown in the table below. The LOGLEVEL parameter affects only the SafeSquid's Native log.

Value

Process logged

Value

Process logged

1

Requests

16384

Forwarding

2

Network

32768

Config synchronization

4

URL filtering

65536

Antivirus

8

Header filtering

131072

External parsers

16

Mime filtering

262144

ICAP

32

Cookie filtering

524288

DNS blacklist

© 2008 Office Efficiencies (India) Pvt. Ltd.

15 64 Redirections 1048576 URL blacklist 128 Templates 2097152 URL commands 256 Keyword

15

15
64 Redirections 1048576 URL blacklist 128 Templates 2097152 URL commands 256 Keyword
64 Redirections 1048576 URL blacklist 128 Templates 2097152 URL commands 256 Keyword
64 Redirections 1048576 URL blacklist 128 Templates 2097152 URL commands 256 Keyword

64

Redirections

1048576

URL blacklist

128

Templates

2097152

URL commands

256

Keyword filtering

4194304

Modules

512

Rewriting

8388608

Security

1024

Limits

16777216

Warnings

2048

Caching

33554432

Errors

4096

Prefetching

67108864

Profiles

8192

ICP

134217728

Debug

So, if you wish to record only the requests set LOGLEVEL to 1, if you wish to record only caching related activities set LOGLEVEL to 2048. If you wish to record all the three activities of rewriting, limits and forwarding, you would simply set LOGLEVEL to 512 + 1024 + 16384 i.e. 17920. Similarly, if you wished to view absolutely everything (and run the risk of generating a very huge log file in a very short time!), you could set LOGLEVEL to a total of all the values in the table, i.e. 134217727 which is also the default LOGLEVEL if you simply comment the LOGLEVEL specification!. If you wished to produce just debug logs you should set the LOGLEVEL to 134217728. If you wished to record all activities and debug information, you should set the LOGLEVEL to

268435455.

NOTE: Adjusting this value requires a restart of SafeSquid service.

Log rotation

There obviously needs to be a control on log file size. SafeSquid executable cannot start if the size of any of the log files exceeds 2147483648 bytes (2GB).The parameter sets the maximum size in bytes for a log file, exceeding which, the logrotate (/etc/init.d/safesquid logrotate) will automatically truncate and compress all the three types of log files. The same command can be also run manually to rotate your logs in case any situation demands.

the three types of log files. The same command can be also run manually to rotate

© 2008 Office Efficiencies (India) Pvt. Ltd.

SafeSquid Logs 16 7 SafeSquid Interface SafeSquid® has a Browser based User Interface, that allows

SafeSquid Logs

16

7 SafeSquid Interface

SafeSquid® has a Browser based User Interface, that allows users to configure various features in accordance with their respective Corporate Internet Usage Policies.

To configure or change configuration, you must have access to the SafeSquid® Management Interface. To access the Interface, you must configure your web-browser to use the SafeSquid® proxy server.

For example - if you have set-up SafeSquid to listen on IP 192.168.0.130 on port 8080, then you should configure your web-browser to use proxy at 192.168.0.130 on port 8080

Now you should be able to access the User management Interface with the URL- http://safesquid.cfg

Note:

To set IP and Port, you should open (Internet Explorer) Web Browser, go to Tools Menu --> Internet Options --> Connections --> LAN Settings --> select Use Proxy server option in the dialogue box then Specify your proxy server’s I.P. in Address option and Port (Default 8080).

You should now be able to access the URL http://safesquid.cfg to configure various Features as well as monitor them from the same window.

Mozilla users should open Web Browser, go to Tools Menu--> Options--> Connection settings--> Select Manual Proxy Configuration--> Specify your Proxy server’s I.P. in HTTP Proxy option and Port (Default 8080). You should now be able to access the URL http://safesquid.cfg to configure various Features as well as monitor them from the same window.

Most features of SafeSquid® can be set, using this SafeSquid® Management Interface. The Top Menu gives you the links, and access to various features & functions as shown on the image below. This image displays the main page of Browser based SafeSquid® Management Interface available with SafeSquid®.

© 2008 Office Efficiencies (India) Pvt. Ltd.

17 © 2008 Office Efficiencies (India) Pvt. Ltd.

17

17
17 © 2008 Office Efficiencies (India) Pvt. Ltd.

© 2008 Office Efficiencies (India) Pvt. Ltd.

SafeSquid Interface 18 7.1 Active Connections 'Active connections' displays all the active connections being

SafeSquid Interface

18

7.1 Active Connections

'Active connections' displays all the active connections being handled by SafeSquid® proxy server at a particular instance. The image below shows the page that is displayed when user clicks on Active Connections link.

is displayed when user clicks on Active Connections link. The 'Active connections' has two sub-sections -

The 'Active connections' has two sub-sections - Transferring and Client Pool.

Transferring subsection illustrates the requests being fulfilled, at a particular instance, and the Client Pool subsection shows all the requests, that are waiting in queue, at the very same instance i.e. these are the requests which are waiting to acquire the physical connection.

'Transferring' & 'Client Pool' sub-section Transferring subsection illustrates the requests being
'Transferring' & 'Client Pool' sub-section Transferring subsection illustrates the requests being

'Transferring' & 'Client Pool' sub-section

Transferring subsection illustrates the requests being fulfilled, at a particular instance

© 2008 Office Efficiencies (India) Pvt. Ltd.

19 Client ID Client ID is an auto generated identification number,which is generated for every

19

19

Client ID

Client ID is an auto generated identification number,which is generated for every request made by client.

IP

IP is the IP address of the machine in the network, that made the request, to fetch the desired web page.

Requests

Requests illustrate the total number of requests made by clients, which can be helpful to identify the load per requested URL/Domain.

Method

Method field exhibit HTTP Methods like GET, POST and CONNECT etc.

Details

GET: It is basically for just getting (retrieving) data. POST: Post involves things like storing or updating data, or ordering a product, or sending E-mail. CONNECT: CONNECT method is often used with a proxy that can change to being an Secure Sockets Layer tunnel. CONNECT is used for https requests.

URL

URL field displays the current URLs, that are requested, as well as served.

Idle

Idle is the field that exhibits the time, for which a request has been lying idle in the queue, waiting to get served.

© 2008 Office Efficiencies (India) Pvt. Ltd.

SafeSquid Interface 20 7.2 Statistics This displays Statistics on the base of the real time

SafeSquid Interface

20

7.2

Statistics

This displays Statistics on the base of the real time data, with reference to various parameters, like System, Requests, Network, DNS cache, Cache, Cache refresh, Connection- pool, Hosts, Mimes, User and IP addresses.

Connection- pool, Hosts, Mimes, User and IP addresses. Statistics System System subsection display information,

Statistics

System

pool, Hosts, Mimes, User and IP addresses. Statistics System System subsection display information, with respect to

System subsection display information, with respect to usage of system resources.

User time: Displays the total amount of

used. User time is CPU time spent executing the user program, rather than in kernel

CPU time, in seconds, that SafeSquid® has

© 2008 Office Efficiencies (India) Pvt. Ltd.

21 system calls.User time is displayed in HH:MM:SS:ms. System Time: Total CPU time, in seconds,

21

21

system calls.User time is displayed in HH:MM:SS:ms.

System Time: Total CPU time, in seconds, that is used in making the kernel / system calls to service SafeSquid®. Unit are in HH:MM:SS:ms format.

Note: The resource usage statistics depend on a 1:1 thread model. Due to the limitations of the API's used to gather this information, using other thread libraries, may result in inaccurate statistics.

Memory resident: The amount of the memory used by memory resident processes of SafeSquid®. These are TSRs i.e. Terminate and stay resident processes. For example, URL Blacklist loads URL Blacklists in the memory and remains in the memory till we shut down SafeSquid®. Details: Memory resident means Permanently in memory. Normally, a computer does not have enough memory, to hold all the programs you use, when you want to run a program. Therefore, the operating system is obliged to free some memory by copying data or programs from main memory to a disk. This process is known as swapping. Certain programs, however, can be marked as being memory resident, which means that the operating system is not permitted to swap them out to a storage device; they will always remain in memory.

Memory Shared: The amount of the memory that is occupied by the shared libraries like libstdc++, so3, libpam. This may increase or decrease depending upon Add-on modules or other software that we use in conjunction with SafeSquid®. Details: Shared memory refers to a (typically) large block of Random access memory, that can be accessed by several different central processing units (CPUs) in a multiple-processor computer system.

Minor Page fault: Gives the total number of minor page faults, since the startup of the SafeSquid® Processes.

Major Page faults: Represents the total number of the Major page faults, since the startup of the SafeSquid® processes. Details: SafeSquid® is a caching proxy. It may have to look inside the cache to serve contents and also some time to serve templates. Similarly, SafeSquid® generates logs. SafeSquid® also could be invoking other applications.So SafeSquid® performs a lot of memory swapping and disk i/o. The Statistics page displays the various aspects of this activity as minor and major page faults, besides any errors if they occur. An interrupt occurs when a program requests data that is not currently in real memory. The interrupt triggers the operating system to fetch the data from a virtual memory and load it into RAM. An invalid page fault or page fault error occurs when the operating system cannot find the data in virtual memory. This usually happens when the virtual memory area, or the table that maps virtual addresses to real addresses, becomes corrupt. Minor Page faults are number of hard page faults (i.e. those required i/o). Major Page Faults are the number of times a process was swapped out of physical memory.

Requests

Requests subsection gives information on total number of HTTP, FTP and CONNECT requests fulfilled, since the last startup of the SafeSquid® processes.This quickly tells you about the different protocols being serviced through your proxy server.

© 2008 Office Efficiencies (India) Pvt. Ltd.

SafeSquid Interface 22 Network For administrators it is very important to know what is the

SafeSquid Interface

22

Network

For administrators it is very important to know what is the amount of data that has been throughput. Network subsection gives information on Total Successful connections, Failed connections, DNS failures and Total Bytes transferred in/out of the network, since the latest startup of the SafeSquid® Processes. This helps you to set various parameters in SafeSquid® and System's Network settings to have improved performance. For example if you see too many DNS failures, you may need a better connectivity to your DNS servers. Similarly if you see too many failed connections and your logs say that they were genuine requests then it means that either your network is saturated or you need better ISP.

DNS Cache

When a request is made, its web server address is resolved from DNS Servers. SafeSquid® has a DNS cache to store these resolved addresses for future use. This can dramatically reduce the latency. This section gives total number of Hit Ratio and Miss Ratio. A HIT means that the document was found in the DNS cache. A MISS, that it was not found in the DNS cache.

Cache, Cache Refresh & Connection Pool

This section gives total number of Hit Ratio and Miss Ratio of the Cache. A HIT means that the requested content was found in the cache. A MISS, that it was not found in the cache.

Cache Refresh

You can configure SafeSquid® to revalidate the cached content after defined interval. If need be, SafeSquid® refreshes the content and serves the relevant content to the clients, depending on the various parameters you set in the 'Cache' section. Quite a few times, SafeSquid® could discover that the validity of the cached content was obsolete. This is recorded as miss in the Cache Refresh subsection.

Connection Pool

Connection Pool shows the number of times a connection was available to the request and the number of times it had to create a new connection for a particular request. The number of times it found the connection in the connection pool it is a hit and the number of times proxy had to establish a new connection it is considered as a miss

Hosts

This section shows the sites that are most frequently accessed by users, and the number of requests for a particular host along with its usage percentage.

Mimes

Mimes subsection display Mime types being accessed, and the usage percentage of the same.

Users

Users subsection displays users and their respective usage percentage, of the Proxy Services. If authentication is enabled, the users section would display usernames and the number of requests they have made, otherwise it will display anonymous.

© 2008 Office Efficiencies (India) Pvt. Ltd.

23 IP Addresses IP Address of the machines that have made requests, along with their

23

23
IP Addresses IP Address of the machines that have made requests, along with their respective
IP Addresses IP Address of the machines that have made requests, along with their respective
IP Addresses IP Address of the machines that have made requests, along with their respective

IP Addresses

IP Address of the machines that have made requests, along with their respective usage percentage.

IP Addresses IP Address of the machines that have made requests, along with their respective usage

© 2008 Office Efficiencies (India) Pvt. Ltd.

SafeSquid Interface 24 7.3 DNS Cache DNS resolution is a very important part in Internet

SafeSquid Interface

24

7.3 DNS Cache

DNS resolution is a very important part in Internet surfing. Whenever a request is made the proxy has to resolve the address of the web server. This incurs latency. Hence to reduce this latency, SafeSquid® maintains DNS cache, wherein it stores all resolved DNS addresses. When another request is made for the same web site, SafeSquid® can easily get the address from the DNS cache. These entries remain in the DNS Cache for 360 seconds, and then it is refreshed, i.e. after 360 seconds, Proxy has to resolve DNS again.

i.e. after 360 seconds, Proxy has to resolve DNS again. DNS Cache Hostname The host name

DNS Cache

Hostname

seconds, Proxy has to resolve DNS again. DNS Cache Hostname The host name of the requested

The host name of the requested page

IP Address

© 2008 Office Efficiencies (India) Pvt. Ltd.

25 The IP Address of that host. Age The Age of respective entries in the

25

25

The IP Address of that host.

Age

The Age of respective entries in the DNS cache, i.e. how long the entry has been residing in the DNS Cache.

© 2008 Office Efficiencies (India) Pvt. Ltd.

SafeSquid Interface 26 7.4 Show Headers This section has two subsections viz. Unfiltered and Filtered.

SafeSquid Interface

26

7.4 Show Headers

This section has two subsections viz. Unfiltered and Filtered. It describes the details of the client (browser) headers. Unfiltered subsection display Type and Value of the unfiltered Headers; similarly, Filtered section display Type and Value of Filtered headers.

Filtered section display Type and Value of Filtered headers. Show Headers Host Shows the Host Name.

Show Headers

Host

Type and Value of Filtered headers. Show Headers Host Shows the Host Name. User-Agent The Browser

Shows the Host Name.

User-Agent

The Browser that is being used.

Accept

© 2008 Office Efficiencies (India) Pvt. Ltd.

27 Shows the accepted value of the headers that are unfiltered / filtered. Accept-Language Specifies

27

27

Shows the accepted value of the headers that are unfiltered / filtered.

Accept-Language

Specifies the language that is acceptable, i.e. content on pages should be displayed in specified Accept-Language. For example “en-us” specifies that all the pages should be specified in US English.

Accept –Encoding

The Value of header types for which encoding should be accepted / allowed. For example: safesquid.cfg

Proxy-Connection

The type of connection for the Proxy Server. For example, Keep alive value, keeps the connection alive till it is exclusively switched off.

Referer

This is the address or URI (Unique Resource Identifier) of the document (or element within the document) from which, the URI in the request, was obtained. Referrer allows a server to generate lists of back-links to documents, for interest, logging, etc. It allows bad links to be traced for maintenance.

© 2008 Office Efficiencies (India) Pvt. Ltd.

SafeSquid Interface 28 7.5 View Cache Entries SafeSquid has a multi-tier cache. This section gives

SafeSquid Interface

28

7.5 View Cache Entries

SafeSquid has a multi-tier cache. This section gives Information related to the Cache volumes. It displays the list of Cache files, and give users the option to search through, and if required, selectively delete them using "Delete Matches" option.

The Cache Information section gives information for Memory Cache and Disk Cache Volumes. It shows the total number of objects, the total size of those objects in Bytes, and the percentage of total Cache used. It also displays the path of the various Disk Cache Volume(s).

It also displays the path of the various Disk Cache Volume(s). © 2008 Office Efficiencies (India)

© 2008 Office Efficiencies (India) Pvt. Ltd.

Figure 1

29 The Regular Expression Match section has a text box, where you can enter a

29

29

The Regular Expression Match section has a text box, where you can enter a regular expression or any word, using which, the corresponding matches are found from Memory Cache, as well as Disk Cache, and displayed. Figure 2 displays the result of the search for 'yimg'. The result displays the URL, size in bytes and whether the content exists in the Memory and / or Disk Cache.

the content exists in the Memory and / or Disk Cache. Figure 2 You can also

Figure 2

You can also filter content on the basis of content modification date, accessed date and file size. On the basis of these filter criterion, all the urls that meet the specified criteria, are displayed below the regular expression match section.

The "Delete-matches" option allows you to delete the resulting matches.

Note: If you want to delete all the cache entries, leave the text box blank, select the "Delete matches" option, and click on the submit button.

The details of the content can be seen by clicking on the URL of a content, as shown in Figure 3.

© 2008 Office Efficiencies (India) Pvt. Ltd.

SafeSquid Interface 30 Details : Figure 3 MD5 Sums are 32 byte character strings that

SafeSquid Interface

30

SafeSquid Interface 30 Details : Figure 3 MD5 Sums are 32 byte character strings that are

Details:

Figure 3

MD5 Sums are 32 byte character strings that are the result of running the MD5 sum program against a particular file. Since any difference between two files results in two different strings, MD5's can be used to determine that the file or iso you downloaded is a bit-for-bit copy of the remote file or iso. If you are running one of the GNU/Linux distributions, you should already have the MD5 program installed.

Epoch is an instant of time selected as a point of reference. In Linux, this time is considered as 1st January 1970. Epoch Time is the time represented in the total number of seconds from an instant of time selected as a point of reference i.e. Epoch. Hence termed as Epoch time.

© 2008 Office Efficiencies (India) Pvt. Ltd.

31 7.6 Connection Pool This link displays information of the current connection(s) that are being

31

31

7.6 Connection Pool

This link displays information of the current connection(s) that are being held open, in the connection pool and / or awaiting reuse.

The details that are displayed are - Protocol, Host, Port, Username (if authentication is enabled) and the Age in seconds since the connection was opened.

is enabled) and the Age in seconds since the connection was opened. © 2008 Office Efficiencies

© 2008 Office Efficiencies (India) Pvt. Ltd.

SafeSquid Interface 32 7.7 Prefetch Queue The Prefetching feature can be used as an 'internet

SafeSquid Interface

32

7.7 Prefetch Queue

The Prefetching feature can be used as an 'internet accelerator'. It allows virtually any file referenced in HTML to be pre-fetched (not just images) and cached. Prefetching is a good way to improve retrieval time. It reduces resource retrievals and improves retrieval time.

This link allows you to add the webpage URLs, that you would like to prefetch and cache.

the webpage URLs, that you would like to prefetch and cache. These entries are reflected in

These entries are reflected in active connections under the IP as 0.0.0.0 and the method as “PREFETCH”.

© 2008 Office Efficiencies (India) Pvt. Ltd.

33 © 2008 Office Efficiencies (India) Pvt. Ltd.

33

33
33 © 2008 Office Efficiencies (India) Pvt. Ltd.

© 2008 Office Efficiencies (India) Pvt. Ltd.

SafeSquid Interface 34 7.8 URL Blacklist URL Blacklist consists of a list of thousands of

SafeSquid Interface

34

7.8 URL Blacklist

URL Blacklist consists of a list of thousands of domains and URLs, bifurcated in various categories, and stored in flat files. This section allows you to search these categories, to find out whether a specific Domain, URL or File is present in the URL Blacklist, and if it is, then in what category.

You can search for a domain or a file, by entering your query (supports regular expression) in the corresponding text box, and clicking on the 'Submit' button. The result lists the category in which a match was found, Domains that matched the query and the paths to the matched Domains.

Note: See URL Blacklist under the Config Section, for installing and configuring URL Blacklist.

under the Config Section, for installing and configuring URL Blacklist. © 2008 Office Efficiencies (India) Pvt.

© 2008 Office Efficiencies (India) Pvt. Ltd.

35 7.9 View Log Entries 'View log entries' displays a blow-by-blow account of recent activities.

35

35

7.9 View Log Entries

'View log entries' displays a blow-by-blow account of recent activities. It can be used to monitor all transactions, track specific transactions, check events for trouble shooting, and check for errors, warnings and advices.

The 'Regular Expression match' field allows you to search for specific events, using regular expressions.

'Log Buffer size' allows you to specify the number of entries from the log, that you would want to see at a time.

The Clear option lets you clear the whole buffer, or the entries filtered with the 'Regular Expression match' option.

filtered with the 'Regular Expression match' option. Image 11.0. © 2008 Office Efficiencies (India) Pvt. Ltd.

Image 11.0.

© 2008 Office Efficiencies (India) Pvt. Ltd.

SafeSquid Interface 36 7.10 Save Settings When SafeSquid starts, it load the configuration file (config.xml)

SafeSquid Interface

36

7.10 Save Settings

When SafeSquid starts, it load the configuration file (config.xml) into the systems memory. When you make any changes to the rules / policies from the SafeSquid interface, these changes are made in the configuration file stored in the memory, and would get lost if SafeSquid service, or the server, is stopped or restarted. Use the 'Save settings' link to make the changes permanent. It copies / saves the configuration files in the memory, to the location specified in the 'Filename' field. The default path to the configuration file is /opt/safesquid/safesquid/config.xml.

On successfully coping the file to the specified location, you should get a “File saved “ message.

location, you should get a “File saved “ message. Image 12.0 This option can also be

Image 12.0

This option can also be used to take a backup of the existing config file, before you make any changes to the original file.

For example, before attempting any changes to the existing configuration, you could click on 'Save settings', and backup the original file, by specifying the 'Filename' as /opt/safesquid/safesquid/config_org.xml.

© 2008 Office Efficiencies (India) Pvt. Ltd.

37 7.11 Load Settings The 'Load settings' option is used, either to load and completely

37

37

7.11 Load Settings

The 'Load settings' option is used, either to load and completely overwrite the existing configuration file with another, or to import rule snippets into to current configuration file.

Overwrite configuration For example, suppose you make changes to the existing configuration from the interface, do not save the recent changes with the 'Save settings' option, and would want to revert back to the original configuration. To do this, just click on the 'Load settings' option. The default path is displayed in the 'Filename' field. Click on 'Submit' while leaving the 'Overwrite' option to 'Yes'.

This option can also be used if you have more that one configuration files, and would like to change over to another file, in real-time, from the one that you are currently using.

Note: When SafeSquid is started, it by default uses the configuration file specified in the CONFIG_FILE parameter in the startup.conf. The default value of this parameter is set as /opt/safesquid/safesquid/config.xml If you have multiple configuration files, the configuration file that you would want to be loaded on startup, should always be the one that is specified in the CONFIG_FILE parameter in the startup.conf file. The value of CONFIG_FILE can be changed by running /etc/init.d/safesquid adjust.

Import rule snippet Rule snippets are short, specific rules that are created to perform specific tasks. For example, safesearch.xml, which is available from the SafeSquid Download page, can be imported into your existing configuration file (config.xml), to enforce Google Safe Search. Similarly, porn_keypwords.xml and anonproxy.xml, are rule snippets for Keyword Filtering rules, to block porn and anonymous proxy websites.

To import rule snippets, download the rule snippet file to the SafeSquid server, click on 'Load settings', specify the path of the snippet file in the 'Filename' field, change 'Overwrite' to 'No', and click on 'Submit'. If the file is successfully loaded, you should get a message 'File loaded'. Changing 'Overwrite' to 'No' adds the file being loaded into your current configuration file.

Instead of downloading and copying the snippet file to the server, you can also specify the URL of the file in the 'Filename' field. For example, the URL of the safesearch.xml file is http://downloads.safesquid.net/free/general/sample_rules/safesearch.xml But since access to this file requires you to authenticate with your SafeSquid Forum ID, you can type this URL in the 'Filename' field -

http://username:password@downloads.safesquid.net/free/general/sample_rules/safesearch.xml

Replace the username:password in the URL with your forum username and password.

Note: The rule snippet get imported into the configuration file loaded in the Server's memory, and gets activated in real-time. To make the changes permanent, you need to click on 'Save settings' and save the config.xml file. The changes will be lost when SafeSquid service is restarted, if you don't save the file.

© 2008 Office Efficiencies (India) Pvt. Ltd.

SafeSquid Interface 38 © 2008 Office Efficiencies (India) Pvt. Ltd. Image 13.0

SafeSquid Interface

38

SafeSquid Interface 38 © 2008 Office Efficiencies (India) Pvt. Ltd. Image 13.0

© 2008 Office Efficiencies (India) Pvt. Ltd.

Image 13.0

39 7.12 Config Section Config opens a drop down dialog which contains all configurable features

39

39

7.12 Config Section

Config opens a drop down dialog which contains all configurable features of SafeSquid®. Select any feature you want to view, configure or modify and click the submit button. When you select a feature, the page displayed, exhibits entire list of rules and current settings of that feature, which can be modified as per your requirements. Intuitive tool tips are provided for every option available on the page, to guide you through each and every option.

on the page, to guide you through each and every option. All the features exhibit various

All the features exhibit various Options and their corresponding Values. 'Search Entries' allows you to search through all the sections for a specific option or value.

© 2008 Office Efficiencies (India) Pvt. Ltd.

SafeSquid Interface 40 7.12.1 Basic Behaviour The "General" section in the SafeSquid Interface allows you

SafeSquid Interface

40

7.12.1 Basic Behaviour

The "General" section in the SafeSquid Interface allows you to configure options that affect the overall operation of the proxy server. These options mainly depend on your network infrastructure, like availability of Internet resources, network resources, network traffic, etc.

'Profiles' allow you to very granularly configure the way various content is processed, depending on the content type, like text, application, embedded, etc.

The options in this section must be very carefully set, as they most comprehensively affect your implementations of SafeSquid.

general section

The global section gives access to configuration options that affect the overall operation of the proxy server.

Option

Proxy hostname

localhost

Temporary directory

/tmp

Web interface line length

150

Connection pool size

20

Connection pool timeout

60

 
Submit
Submit

General

Add

Option

Value

Enabled

true

Profiles

embedded

Connection timeout

30

Header timeout

120

Keepalive timeout

120

Maximum download buffer size

1M

Maximum upload buffer size

500K

Buffer wait time

0

CONNECT ports

80,443

Compress outgoing

true

Compress incoming

true

Add X-Forwarded-For header

true

Add Via header

true

Edit Delete Clone

Up Down

Top Bottom

© 2008 Office Efficiencies (India) Pvt. Ltd.

41 'Add' in General Section Option Value Enabled Yes: ¤ No: ¢ Comment   Profiles

41

41

'Add' in General Section

Option

Value

Enabled

Yes: ¤ No: ¢

Comment

 

Profiles

 

Connection timeout

10

Header timeout

60

Keepalive timeout

120

Maximum download buffer size

10M

Maximum upload buffer size

500K

Buffer wait time

 

CONNECT ports

 

Always compress mimetype

 

Compress outgoing

Yes: ¢ No: ¤

Compress incoming

Yes: ¢ No: ¤

Add X-Forwarded-For header

Yes: ¢ No: ¤

Add Via header

Yes: ¢ No: ¤

 
Submit
Submit

General section

Proxy hostname

The hostname of this proxy, if not defined in startup.conf. The Proxy Hostname defined during SafeSquid installation, and stored in the startup.conf, precedes this value. This needs to be configured properly for CARP (Cache Array Routing Protocol) and Web interface requests through HTTP to work. You have to give here the hostname of the proxy by which you will be accessing Web interface. If you want to access proxy by using IP address you can put the IP address of the safesquid proxy server. Give the hostname which should be defined on DNS, so that you can access it from any machine in your intranet or internet.

Temporary directory

The directory in which temporary files are stored. The default path is /tmp. If you want to change this, create a directory with 777 permissions, and specify the path here.

Web interface line length

The maximum length of a string with no spaces, until an explicit break is placed in it. This is required since lines without spaces won't wrap in a table, which may cause Web interface table formatting problem. Normally, this parameter does not require any changes.

© 2008 Office Efficiencies (India) Pvt. Ltd.

SafeSquid Interface 42 Connection pool size The number of keep-alive connections, made to HTTP and

SafeSquid Interface

42

Connection pool size

The number of keep-alive connections, made to HTTP and FTP servers, to be kept in the connection pool. These connections are shared between threads.

Connection pool timeout

The time in seconds a connection may remain in the connection pool before being closed. This value should be increased, if Internet connection is slow.

Add subsection

You can granularly define a specific set of values to various content types, by creating a different Profile for each content type, in the 'Profiles' section. These profiles can then be used in this section, to allot them different values.

Enabled

This option allows you to enable or disable a specific rule.

Value:

Yes - Enable this rule No - Disable this rule

Comment

A comment for future reference explaining what this rule does

Profiles

A

comma separated list of Profiles on which this rule should apply. The rule applies to everything

if

this field is left blank

Connection timeout

The timeout in seconds to wait for a connection to be established before giving up. SafeSquid will wait for the specified time duration for the target server to respond. If it exceeds the specified value, SafeSquid closes the connection and sends a template to the requesting user, saying that the Connection failed. This value can be increased if the Internet connection is slow.

Header timeout

The timeout in seconds to wait for a client, to make the initial HTTP request by sending request headers. SafeSquid tries to get the initial headers during this time. If it fails, SafeSquid sends 'Connection failed' template to user. You can increase the time if the network connection is slow.

Keepalive timeout

© 2008 Office Efficiencies (India) Pvt. Ltd.

43 After an HTTP session is established , data must be exchanged periodically to ensure

43

43

After an HTTP session is established , data must be exchanged periodically to ensure that session is still alive. The keepalive timeout defines the time in seconds that SafeSquid server should wait before closing the session. This is the timeout value for persistent connections. SafeSquid closes keepalive connections if they are idle for this amount of time. The default is 120 seconds and does not need to be changed. SafeSquid, being multi-threaded, allows the use of the same connection for multiple requests. The advantage is that less number of connections are required to be opened, for individual users, to the same server.

Maximum download buffer size

The maximum size in bytes of content that are buffered, for process by the Rewrite document, Keyword Filter and external programs like Anti Virus. You can define the value depending on the type of content . If you want to handle large size of data files then you can increase the value.

Maximum upload buffer size

The maximum size of upload content that is stored in memory for processing. Content larger that the specified value will be sent directly without processing. Having an upload buffer that is too large will cause the browser to timeout since all the data is received by SafeSquid immediately, but may take more time to process and transfer to the website.

Buffer wait time

The maximum time a file can be buffered before a message is sent to the client indicating it's being downloaded and for them to retry.

CONNECT ports

The ports on which outgoing CONNECT requests are allowed to be made. You can disable connection through proxy to certain ports , by not specifying their port numbers here. Each port

or port range should be separated by a comma.

Always compress mimetype

A regular expression matching the MIME-Types which should always be buffered and

compressed even if they wouldn't be buffered otherwise. Specify here the regular expression for

MIME Type's. This will speed up the proxy process. Regular expression for MIME Type of Binary File (i.e. application/octet-stream) is ^application/octet-stream.

Compress outgoing

Toggle gzip or deflate encoding of outgoing processed content if the client supports it. If the proxy server is running locally, it is recommended to disable this feature.

Compress incoming

This option will make Safesquid attach an Accept-Encoding header that lets the Web server know that it can accept gzip and deflate content encoding, regardless of whether or not the

© 2008 Office Efficiencies (India) Pvt. Ltd.

SafeSquid Interface 44 browser making the request supports it; if the browser doesn't support it,

SafeSquid Interface

44

browser making the request supports it; if the browser doesn't support it, it will be buffered and decompressed before sending.

Add X-Forwarded-For header

This option will add a header allowing an upstream proxy or Web server know the IP address where the original request came from.

Add Via header

This option will add a header allowing an upstream proxy or Web server know which proxy server the request passed through.

proxy or Web server know which proxy server the request passed through. © 2008 Office Efficiencies

© 2008 Office Efficiencies (India) Pvt. Ltd.

45 7.12.2 URL Blacklist This section allows you to use a URL blacklist obtained from

45

45

7.12.2 URL Blacklist

This section allows you to use a URL blacklist obtained from www.urlblacklist.com to restrict access to websites based on content category like porn, adult, webmail, jobsearch, entertainment, etc. The site www.urlblacklist.com maintains a well categorized list of various web- sites and pages. This is an excellent resource for an administrator seeking to granularly enforce a corporate policy that allows or disallows only certain kinds of web-sites to be accessible by specific users, groups or networks.

The Commercial Edition of SafeSquid ® and all Composite Editions, including the Free Composite Edition 20 allows the administrators to use urlblacklist very easily and with a desired level of sophistication. You can use this feature by downloading the trial urlblacklist database from urlblacklist.com.

urlblacklist section

This section allows you to use a URL blacklist to restrict access to Websites based on content category.

Option

Value

Enabled

Yes: ¤

No: ¢

Policy

Allow: ¤ Deny: ¢

 

Blacklist path

/opt/safesquid/urlbl/

   

Default template

   
 
Submit
Submit
 

Allow

 

Add

 

Deny

 

Add

Option

Value

Enabled

true

Comment

Globally block access to the URL Blacklist categories 'adult' and 'porn'

Categories

adult,porn

 

Edit Delete Clone

Up Down

Top Bottom

Option

Value

Enabled

true

Comment

Block access to the URL Blacklist categories 'jobsearch' for everyone except HRD Profile

Profiles

!HRD

Categories

jobsearch

 

Edit Delete Clone

Up Down

Top Bottom

© 2008 Office Efficiencies (India) Pvt. Ltd.

SafeSquid Interface 46 urlblacklist section Enabled This option allows you to enable, or completely disable

SafeSquid Interface

46

urlblacklist section

Enabled

This option allows you to enable, or completely disable the URL Blacklist Section irrespective of the rules defined in the section

Value:

Yes - Enable URL Blacklist Section No - Disable URL Blacklist Section

Policy

Defines the Global Policy for the URL Blacklist Section

Value:

Allow - Allow everything, and deny ONLY the rules under the 'Deny' subsection Deny - Deny everything, and allow ONLY the rules under the 'Allow' subsection

Blacklist path

The path to urlblacklist database. The default path is /opt/safesquid/urlbl. Untar (unzip) the downloaded urlblacklist database here. Please note that the complete database is loaded into the system memory, when SafeSquid service starts. If you plan to use only specific categories, then copy only those category directories in this location. This will help save memory resources, which would otherwise be unnecessarily used up by unwanted categories.

Default template

The template to display for blocked sites. If left blank, default template is used. You can design and display custom templates. For details, check Customisable Templates

Allow / Deny subsection

You can define rules either under the Allow or Deny subsection, depending on the selected Policy. If Policy is Allow, you should define rules under the Deny subsection, and If Policy is Deny, you should define rules under the Allow subsection. In the above example, the Policy is Allow. Hence, rules are defined in the Deny subsection to deny access to adult, porn and jobsearch categories.

Enabled

This option allows you to enable or disable a rule.

Value:

Yes - Enable this rule No - Disable this rule

Comment

A comment for future reference explaining what this rule does

© 2008 Office Efficiencies (India) Pvt. Ltd.

47   Profiles A comma separated list of Profiles on which this rule should apply.

47

47
 

Profiles

A

comma separated list of Profiles on which this rule should apply. The rule applies to

every one if this field is left blank

Categories

A

comma separated list of URL Blacklist Categories, existing in the Blacklist Path, that you

want to allow / deny.

 

Template

Template to display, when this specific rule matches. If left blank, Default Template is used.

© 2008 Office Efficiencies (India) Pvt. Ltd.

SafeSquid Interface 48 7.12.3 Access Control 'Access Restrictions' section allows you to control who can

SafeSquid Interface

48

7.12.3 Access Control

'Access Restrictions' section allows you to control who can access the proxy server, and to what extent. This is where you define who is allowed to access SafeSquid, from where, whether the user should be authenticated, by what method, etc. You also define the profile of a user here, which will then be used in other sections to control his access.

Access Restrictions

access section

The access feature is used to control who can access the proxy server, and to what extent.

Option

Value

Policy

Allow: ¢ Deny: ¤

Submit
Submit

Allow

Add

Option

Value

Enabled

true

Comment

This default rule allows access to every users of the network with IP address and username field left blank.

PAM authentication

false

Access

config,proxy,http,transparent,connect,bypass,urlcommand

Deny

Add

© 2008 Office Efficiencies (India) Pvt. Ltd.

49 'Add' Sub-Section Option Value Enabled Yes: ¤ No: ¢ Comment   Profiles  

49

49

'Add' Sub-Section

Option

Value

Enabled

Yes: ¤ No: ¢

Comment

 

Profiles

 

IP Address

 

PAM authentication

 

User name

 

Password

 

Access

Web interface

þ

Proxy requests

þ

HTTP requests

þ

Transparent proxying

þ

CONNECT requests

þ

Allow bypassing

þ

URL commands

þ

Bypass

URL filtering

p

Header filtering

p

Mime filtering

p

URL redirecting

p

Cookie filtering

p

Document rewriting

p

External parsers

p

Forwarding

p

Keyword filtering

p

DNS blacklist

p

Limits

p

Antivirus

p

ICAP

p

URL blacklist

p

Interface username

 

Interface password

 

Added profiles

 
 
Submit
Submit

© 2008 Office Efficiencies (India) Pvt. Ltd.

SafeSquid Interface 50   Access Section   Policy Default action to take when no matching

SafeSquid Interface

50

 

Access Section

 

Policy

Default action to take when no matching entry is found. Defines the Global Policy for the URL Blacklist Section

 

Value:

Allow - Allow everyone, and deny ONLY the rules under the 'Deny' subsection Deny - Deny everyone, and allow ONLY the rules under the 'Allow' subsection

 

'Add' subsection

When Policy is 'Deny', You can add rules under Allow that would explicitly result in allowing all or Specific set of conditions. This effectively allows you set a variety of intelligently and creatively defined Access Control Whitelist(s). When Policy is 'Allow', you can add rules under Deny that would explicitly result in blocking or denial of access to all or Specific set of conditions. This effectively allows you set a variety of intelligently and creatively defined Access Control Blacklist(s).

 

Enabled

This option allows you to enable or disable a specific rule.

 

Value:

Yes - Enable this rule No - Disable this rule

Comment

A

comment for future reference explaining what this rule does

 

Profiles

Profiles cannot be used under the Access Restrictions section. This is a dummy field.

IP Address

A

regular expression matching the IP addresses this entry applies to. Leaving this field

blank will cause the entry to match all IP addresses. You can enter a single IP (e.g. 192.168.0.25), a comma separated list of IPs (e.g. 192.168.0.25,192.168.0.29) and / or IP ranges (e.g. 192.168.0.25,192.168.0.29,192.168.0.36-192.168.0.46). When used in conjunction with username & password, it binds the user to the specified IP (s), i.e. the user is allowed access only from the specified IP(s).

PAM authentication

PAM is An acronym for Pluggable Authentication Modules. PAM is an authentication system that controls access to Linux System. It allows you to authenticate users from an external authenticating mechanisms like Samba, Active Directory, Radius, POP3, MySQL database, etc.

© 2008 Office Efficiencies (India) Pvt. Ltd.

51 If this option is selected, clients will be required to authenticate with the proxy

51

51

If this option is selected, clients will be required to authenticate with the proxy and PAM will be used to authenticate the username and password. This option will work only if the proxy is configured and compiled with PAM support. For details about configuring. Check Working with PAM for details.

User name

With PAM Selected:

If PAM is selected, this field is used to specify a username on the authenticating mechanism. If left blank, it allows any username that exists on the authenticating mechanism. Since this field option is a regular expression, you can also specify multiple usernames, separated with pipe, that exist on the authenticating mechanism. This is useful if you would like to allow only specific users to access SafeSquid or would like to create a group profile. For example, if you would like to allow only usernames john, ali & sean, you should enter (john|ali|sean) in this field.

Another thing to note is that if you specify any IP(s) in the 'IP Address' field, the user(s) will be allowed access only from the specified IP(s). If the IP Address field is blank, the user(s) will be allowed access from any IP.

Without PAM Selected:

Without PAM, this field can be used to create usernames. For creating a username, simply enter the username in this field, and password in the 'Password' field. Entering a username and password, will cause an authentication challenge when a user tries to access SafeSquid. Now, the user will be allowed access only if supplies the entered username and password.

Another thing to note is that if you specify any IP(s) in the 'IP Address' field, this user will be allowed access only from the specified IP(s). If the IP Address field is blank, the user will be allowed access from any IP. Leaving this field blank will allow access with authentication.

Password

With PAM Selected:

If PAM is selected, this field should be left blank, since the password for the specified user (s) is verified from the authentication mechanism.

Without PAM Selected:

Without PAM selected, this is where you specify the password for the user specified in the 'Username' field.

Access

The Access field allows you to select the types of request a user is allowed to make:

Web interface:

Allowed access to the SafeSquid Management Interface (http:// safesquid.cfg)

Proxy requests:

Allowed to make regular proxy requests.

© 2008 Office Efficiencies (India) Pvt. Ltd.

SafeSquid Interface 52 HTTP requests: Allowed to make regular HTTP requests to proxy (for Web

SafeSquid Interface

52

HTTP requests:

Allowed to make regular HTTP requests to proxy (for Web interface and other redirect requests set in the SafeSquid proxy).

Transparent

Allowed to make transparent proxy requests (must be allowed to make HTTP requests as well).

proxying:

CONNECT

Allowed to make CONNECT requests.

requests:

Allow bypassing:

Allowed to use the special xx--bypass URL command to bypass filters.

URL commands:

Allowed to use the special xx-- URL commands. Check Use URL Commands for details

Bypass

This section allows you to bypass VIP users from the effects of the listed filter sections. This can also be useful in diagnosing a denial event. The filter sections that can be bypassed are - URL Filter Header Filter Mime Filter URL Redirecting Cookie Filter Document Rewrite External Parsers Forwarding Keyword Filter DNS Blacklist Limits Antivirus ICAP URL blacklist

Interface username

This field, along with Interface password, can be used to secure access to the SafeSquid Interface (http://safesquid.cfg). Users will have to give the specified Interface username and password, to get access to the interface.

It can also be used to give different username and password to administrators, when there are more than one administrators managing the proxy

Interface password

Password for 'Interface username' field.

Added profiles

This is where you 'create' a profile for users, to identify or classify them and give further access rights.

For example, if you wanted to identify IP addresses 192.168.0.5-192.168.0.15 as

© 2008 Office Efficiencies (India) Pvt. Ltd.

53 'accounts' department, you specify the IP range in the 'IP address' field and in

53

53

'accounts' department, you specify the IP range in the 'IP address' field and in the 'Added profiles' you should mention 'Accounts'.

With PAM enabled, you can create a group of users, by specifying a pipe separated list of usernames existing on the authenticating mechanism, e.g. (john|ali|sean), and specifying the group name, e.g. Accounts, in the Added Profiles field.

Without PAM, you will have to create a separate rule for each user, with username and password, and specify the group each belongs to in the Added Profiles field.

The value of Added Profiles field is then used in the 'Profiles' and other filter sections, to collectively allow or deny access to various content, to the users.

Check Profiled Internet Access for details

© 2008 Office Efficiencies (India) Pvt. Ltd.

SafeSquid Interface 54 7.12.4 Profiles SafeSquid's Profiles feature allows you to accommodate the demands of

SafeSquid Interface

54

7.12.4

Profiles

SafeSquid's Profiles feature allows you to accommodate the demands of extremely granular rules for Internet Access privileges and restrictions. The 'Profiles' section allows you to very precisely define situations. Each situation, thus defined is referred to as a Profile. Each Profile can be defined (or bound) by a programmable set of conditional parameters. Profiles are used as a conditional parameter in almost all of the various filtering sections in SafeSquid. You can thus ensure that filtering action happens exactly, as required.

Check Profiled Internet Access that explains the use of Profiles for granular Internet access

The parameters that are available for defining a profile are explained below.

Profiles 'Add' subsection

Option

Value

 

Enabled

Yes: ¤

No: ¢

 

Comment

 

Profiles

 

Protocol

 

Host

 

File

 

Mime type

 

Port range list

 

URL Command

 

Proxy host

 

Request header pattern

 

Response header pattern

 

Month range

p

active

January

to

January

Day range

p

active

0

to

0

Weekday range

p

active

Sunday

to

Sunday

Hour range

p

active

0

to

0

Minute range

p

active

0

to

0

Time match mode

Absolute: ¤ All ranges: ¢

 

Added profiles

 

Removed profiles

 
 
Submit
Submit

© 2008 Office Efficiencies (India) Pvt. Ltd.

55   'Add' Subsection The following parameters can be used to define a profile:  

55

55
 

'Add' Subsection

The following parameters can be used to define a profile:

 

Enabled

This option allows you to enable or disable a specific profile.

 

Value:

Yes - Enable this profile No - Disable this profile

Comment

A

comment for future reference explaining what this rule does

 

Profiles

A

comma separated list of previously created profile(s) (either in Access Restriction or in

Profiles section), to which this rule should apply. Applies globally if left blank.

 

Protocol

A

regular expression matching the protocol this entry applies to, e.g. ^ftp$, ^http$, etc.

Applies to all protocols if left blank.

 

Host

A

regular expression matching the host's this entry applies to, e.g. (example.com|mysite.

com|yousite.com). Applies to all hosts if left blank.

 

File

A

regular expression matching the file (the part of a URL that succeeds the hostname) this

entry applies to, e.g. (cgi-bin|\?) will apply to queries in a URL. Applies to everything if left blank.

Mime type

A regular expression matching the MIME-type this entry applies to, e.g. "^image/" will match will match all image files. Applies to all MIME-types if left blank. MIME-type matching is done after receiving the server header, so it may only be used for certain features; header filtering, cache refresh policy, and cache store selection are done before the server header is received.

Port range list

A

comma seperated list of ports or port ranges this entry applies to, e.g. a value "80,21-

25" means port 80 and port rgae from 21 to 25. Applies to all ports if left blank.

URL Command

A

comma seperated list of URL commands which will activate this entry. Applies to all

© 2008 Office Efficiencies (India) Pvt. Ltd.

SafeSquid Interface 56 commands if left blank. Check Use URL Commands for details Proxy host

SafeSquid Interface

56

commands if left blank. Check Use URL Commands for details

Proxy host

A

regular expression matching the proxy hosts this entry applies to. This is useful when

sharing a configuration file between several SafeSquid proxy servers or instances in Multi- Proxy or Multi-Instance scenario. Applies to all hosts if left blank.

Request header pattern

A

regular expression pattern matching the request header's this entry applies to, e.g.

Mozilla/4.0.* MSIE.* matches a request from Internet Explorer. Applies to all patterns if left

 

blank.

Response header pattern.

A

regular expression pattern matching the response headers this entry applies to. Applies

to

all patterns if left blank.

Month range

The range of months within which this entry is active, e.g. January to March will keep this profile active from January through March. Applies to all months if left blank.

 

Day range

The range of days within which this entry is active, e.g. 5 to 15 will keep this profile active from 5th through 15th. Applies to all days if left blank.

Weekday range

The range of weekdays within which this entry is active, e.g. Monday to Thursday will keep this profile active from Monday through Thursday. Applies to all weekdays if left blank.

Hour range

The range of hours within which this entry is active, e.g. 9 to 12 will keep this profile active from 9 hrs through 12 hrs. Applies to all hours if left blank.

Minute range

The range of minutes within which this entry is active. This can be used in conjunction with Hour Range, e.g. if the hour range is 9 to 12 and minute range is 15 to 30, then the profile will remain active from 9:15 through 12:30. Applies to every minute if left blank.

Time match mode

The time match mode option allows you to specify how a time is matched, if you specify multiple ranges.

 

Value:

Absolute - If the Weekday range specified is Monday to Friday and Hour Range 9 to 17, then selecting 'Absolute' Time Match Mode, will match any time starting Monday, 9AM and

ending Friday, 5PM.

© 2008 Office Efficiencies (India) Pvt. Ltd.

57 All ranges - If the Weekday range specified is Monday to Friday and Hour

57

57

All ranges - If the Weekday range specified is Monday to Friday and Hour Range 9 to 17, then selecting 'All ranges' Time Match Mode, will match any time between 9AM to 5PM, on all weekdays from Monday to Friday.

Added profiles

This is where you specify (or create) what profile should be applied if the specified situation matches. See examples below.

Removed profiles

This field can be used to remove a profile from a situation, or exclude a situation from being applied a profile. See example below.

Example #1

Suppose you wanted to allow access only to a few sites to the 'Accounts' profile (which is created in Access Restriction Section - see Access Control), while allowing any / all sites sites to the 'VIP' profile. To match these situations, you will need to add 2 profiles in the Profiles section, like this -

Profile 1

Option

Value

Enabled

true

Comment

This profile specifies the sites allowed to 'Accounts' group

Profiles

Accounts

Host

(firstsite.com|secondsite.net|thirdsite.org)

Time match mode

absolutetime

Added profiles

allowed_sites

 

Profile 2

Option

Value

Enabled

true

Comment

This profile specifies the sites allowed to 'VIP' group

Profiles

Accounts

Time match mode

absolutetime

Added profiles

allowed_sites

Please note that the fields that are not mentioned above are blank. So, the first rule says that, if the request already carries the profile 'Accounts', and the request is for either abc.com, def.com or ghi.com, then give is another profile 'allowed_sites'.

Similarly, the second rule says that, if the request already carries the profile 'VIP', and the

© 2008 Office Efficiencies (India) Pvt. Ltd.

SafeSquid Interface 58 request is for any site (Host field is blank), then give it

SafeSquid Interface

58

request is for any site (Host field is blank), then give it another profile 'allowed_site'.

Next, you will go to the 'URL filter' section. Select Policy as 'Allow'. Now, since the policy is allow, you should add a rule under the Deny subsection, like this -

Option

Value

Enabled

true

Comment

Block everything, except 'allowed_site' profile

Profiles

!allowed_site

The above rule says that deny everything, EXCEPT / but NOT (!) the request that carry 'allowed_sites' profile. Now, all the requests from VIP will carry the profile 'allowed_sites', while requests from 'Accounts', ONLY for abc.com, def.com or ghi.com, will carry 'allowed_sites' profile. Effectivly, 'VIP' will be able to access any site, while 'Accounts', only the specified sites.

Example #2

Now suppose you wanted to allow 'Accounts' to access xyz.com, but only during lunch hours from 13 hrs to 14 hrs. To define this situation, you can add another rule under the Profiles section, like this -

Option

Value

Enabled

true

Comment

Time restricted access

Profiles

Accounts

Host

xyz.com

Hour range

13,14

Time match mode

absolutetime

Added profiles

allowed_sites

The above rule says that, if the request already carries the profile 'Accounts', AND the request is for xyz.com, AND the time of the day is between 13 hrs to 14 hrs, then give the request 'allowed_sites' profile.

You can similarly define situations, or create profiles, by using one or multiple parameters like Protocol, File, Mime type, Port range list, URL Command, Proxy host, Request header pattern & Response header pattern.

© 2008 Office Efficiencies (India) Pvt. Ltd.

59 7.12.5 cProfiles cProfiles allows you to ADD/Remove Profiles, depending upon the potential nature of

59

59

7.12.5

cProfiles

cProfiles allows you to ADD/Remove Profiles, depending upon the potential nature of the content served, by the web-site. cProfiles queries SafeSquid's Content Categorization Service (CCS) *, to determine if a web-site belongs to one or more categories. The determination is actually a score of probability: for example:

a score of 1 ==> the site definitely does not belong to the queried category, a score of 100 ==> the site most definitely belongs to this category.

Now based on the determination, you can ADD / Remove Profiles, and thus take necessary actions, via the various filters like URL Filter, Mime-Filter, etc. cProfiles stores the results, in a high-speed memory based (volatile) cache, to ensure quick response for often accessed web- sites.

* CCS maintains a categorized database of web-sites. The categorization has been done on the basis of availability of content of certain category, at the web-site. cProfiles uses the standard DNS protocol to communicate with CCS, thus the query results will be stored (non-volatile) in all the en-route caching nameservers. Thus query results should be quickly accessible to you even across restarts.

cProfiles section

cProfiles section

Option

Value

Enabled

Yes: ¤

No: ¢

Cache Size

1000

Enterprise Identity

0101-1408-1b0b-123f-1711-05@ircmpvef

Submit
Submit

Entries for processing cProfiles

Add

Option

Value

Enabled

true

Comment

Identify websites belonging to porn category

Categories list

porn

Score Range

2-100

Added profiles

category-porn

Edit Delete Clone

Up Down

Top Bottom

© 2008 Office Efficiencies (India) Pvt. Ltd.

SafeSquid Interface 60 'Add' under 'Entries for processing cProfiles' Option Value Enabled

SafeSquid Interface

60

'Add' under 'Entries for processing cProfiles'

Option

Value

Enabled

Yes: ¤ No: ¢

Comment

 

Profiles

 

Category List

ads content

p

adult content

p

adult_education content

p

arts content

p

chat content

p

drugs content

p

education content

p

fileshare content

p

finance content

p

gambling content

p

games content

p

government content

p

hacking content

p

hate content

p

highrisk content

p

housekeeping content

p

instantmessaging content

p

jobs content

p

leisure content

p

mail content

p

multimedia content

p

Score Range

2-100

Added profiles

 

Removed profiles

 
 
Submit
Submit

cProfiles section

Enabled

profiles     Submit cProfiles section Enabled This option allows you to enable, or completely disable

This option allows you to enable, or completely disable the URL Blacklist Section irrespective of the rules defined in the section

© 2008 Office Efficiencies (India) Pvt. Ltd.

61   Value: Yes - Enable cProfiles Section No - Disable cProfiles Section Cache Size

61

61
 

Value: