ExaProxy
Upcoming SlideShare
Loading in...5
×
 

Like this? Share it with your network

Share

ExaProxy

on

  • 1,232 views

ExaProxy is an HTTP proxy allowing its users to modify requested page, like SQUID redirectors, with forked helpers, but provide the same level of control as ICAP. It supports HTTPS (through CONNECT) ...

ExaProxy is an HTTP proxy allowing its users to modify requested page, like SQUID redirectors, with forked helpers, but provide the same level of control as ICAP. It supports HTTPS (through CONNECT) and the HAPROXY protocol.

Statistics

Views

Total Views
1,232
Views on SlideShare
1,232
Embed Views
0

Actions

Likes
0
Downloads
2
Comments
0

0 Embeds 0

No embeds

Accessibility

Categories

Upload Details

Uploaded via as Adobe PDF

Usage Rights

CC Attribution License

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

ExaProxy Presentation Transcript

  • 1. ExaProxyopen source web proxyUKNOF - 3rd of May 2012YorkThomas ManginExa Networks
  • 2. Non-caching ProxyALERT !or transparent proxyreverseforwardHTTP/1.1
  • 3. epoll on linuxmulti-threadedNon-caching ProxyHigh Performancenon-blocking event based network loopuse of cheap co-routinesockets as message busor transparent proxyreverseforwardHTTP/1.1ALERT !own async DNS libraryconservative memory usage“pause” reader when writer is too slow
  • 4. Non-caching ProxyIPv6 INSIDEFull native IPv6 supportIPv6 to IPv4 gateway (and vice versa)or transparent proxyreverseforwardNO !It does NOT blendHTTP/1.1ALERT !
  • 5. SQUIDVARNISHHA PROXYTINYPROXYPOUNDPERLBALQUITE A FEW OPEN SOURCE WEB PROXIES
  • 6. FORWARD PROXIESFILTERING PROXIESWHAT PROXY ARE AVAILABLE FOR OUR USEOur Need !
  • 7. SQUID FILTERING ..
  • 8. A Filtering SQUID cluster ...WorksHoweverLinux ipvsadm for load balancing (MAC address rewrite)Farm of squid serversCan’t use L7 Load balancerCan not filter HTTPS (CONNECT)Load balancing must be sticky“cascade effect” on failureno load balancing backend monitoring
  • 9. And you need to maintaina TWO liner PATCHSQUID purposefully crasheson high loaddebug(84, 1) ("WARNING: All %s processes are busy.n", hlp->id_name);debug(84, 1) ("WARNING: up to %d pending requests queuedn", hlp->stats.max_queue_size);- if (hlp->stats.queue_size > hlp->n_running * 2)- fatalf("Too many queued %s requests (%d on %d)", hlp->id_name, hlp->stats.queue_size, hlp->n_running);
  • 10. SQUID compatible andICAP (REQMOD) like modeCookie modificationforce safe-search on youtubeHTTPS filtering / Interceptionwhen browser/other proxy explicitly configuredredirect the browser to a HTTP page ..HTTP/1.1 200 Connection EstablishedCONNECT www.hsbc.com:443 HTTP/1.1Host: www.hsbc.comHTTP/1.1 302 SurfprotectedCache-Control: no-storeLocation: http://www.surfprotect.co.uk/Connection: closeHTTP/1.1 403 SurfprotectedConnection: closeBrowsers just disabledthis “feature” followingsome work on HTTBisNo way to return amessage to thebrowser via 4xx/5xxURL Rewritedisplay a different URL
  • 11. 250+ commits since (and counting)
  • 12. HAVE FUN ...****** if you are brave, mad, desperate or any of the above! From: !David Farrar <david.farrar@exa-networks.co.uk>! Subject: !Doh!! Date: !27 April 2012 12:31:53 GMT+01:00! To: !Thomas Mangin <thomas.mangin@exa-networks.co.uk>I now know why it was such a pain tracking down the source of the memory leakIt requires that -- The client starts a new request over a socket thats already been used for at least one request- The send buffer to the remote web server was full when we first try sending the new request- The client is uploading a very large file (or this happens many times with smaller files)- The upload speed from the client to the proxy is greater than the upload speed from the proxy to theremote web serverhttp://code.google.com/p/exaproxy/We have !( It only took a week )
  • 13. 13QUESTIONS ?