ExaProxyopen source web proxyUKNOF - 3rd of May 2012YorkThomas ManginExa Networks
Non-caching ProxyALERT !or transparent proxyreverseforwardHTTP/1.1
epoll on linuxmulti-threadedNon-caching ProxyHigh Performancenon-blocking event based network loopuse of cheap co-routines...
Non-caching ProxyIPv6 INSIDEFull native IPv6 supportIPv6 to IPv4 gateway (and vice versa)or transparent proxyreverseforwar...
SQUIDVARNISHHA PROXYTINYPROXYPOUNDPERLBALQUITE A FEW OPEN SOURCE WEB PROXIES
FORWARD PROXIESFILTERING PROXIESWHAT PROXY ARE AVAILABLE FOR OUR USEOur Need !
SQUID FILTERING ..
A Filtering SQUID cluster ...WorksHoweverLinux ipvsadm for load balancing (MAC address rewrite)Farm of squid serversCan’t ...
And you need to maintaina TWO liner PATCHSQUID purposefully crasheson high loaddebug(84, 1) ("WARNING: All %s processes ar...
SQUID compatible andICAP (REQMOD) like modeCookie modificationforce safe-search on youtubeHTTPS filtering / Interceptionwhen...
250+ commits since (and counting)
HAVE FUN ...****** if you are brave, mad, desperate or any of the above! From: !David Farrar <david.farrar@exa-networks.co...
13QUESTIONS ?
Upcoming SlideShare
Loading in...5
×

ExaProxy

1,097

Published on

ExaProxy is an HTTP proxy allowing its users to modify requested page, like SQUID redirectors, with forked helpers, but provide the same level of control as ICAP. It supports HTTPS (through CONNECT) and the HAPROXY protocol.

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
1,097
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
3
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

ExaProxy

  1. 1. ExaProxyopen source web proxyUKNOF - 3rd of May 2012YorkThomas ManginExa Networks
  2. 2. Non-caching ProxyALERT !or transparent proxyreverseforwardHTTP/1.1
  3. 3. epoll on linuxmulti-threadedNon-caching ProxyHigh Performancenon-blocking event based network loopuse of cheap co-routinesockets as message busor transparent proxyreverseforwardHTTP/1.1ALERT !own async DNS libraryconservative memory usage“pause” reader when writer is too slow
  4. 4. Non-caching ProxyIPv6 INSIDEFull native IPv6 supportIPv6 to IPv4 gateway (and vice versa)or transparent proxyreverseforwardNO !It does NOT blendHTTP/1.1ALERT !
  5. 5. SQUIDVARNISHHA PROXYTINYPROXYPOUNDPERLBALQUITE A FEW OPEN SOURCE WEB PROXIES
  6. 6. FORWARD PROXIESFILTERING PROXIESWHAT PROXY ARE AVAILABLE FOR OUR USEOur Need !
  7. 7. SQUID FILTERING ..
  8. 8. A Filtering SQUID cluster ...WorksHoweverLinux ipvsadm for load balancing (MAC address rewrite)Farm of squid serversCan’t use L7 Load balancerCan not filter HTTPS (CONNECT)Load balancing must be sticky“cascade effect” on failureno load balancing backend monitoring
  9. 9. And you need to maintaina TWO liner PATCHSQUID purposefully crasheson high loaddebug(84, 1) ("WARNING: All %s processes are busy.n", hlp->id_name);debug(84, 1) ("WARNING: up to %d pending requests queuedn", hlp->stats.max_queue_size);- if (hlp->stats.queue_size > hlp->n_running * 2)- fatalf("Too many queued %s requests (%d on %d)", hlp->id_name, hlp->stats.queue_size, hlp->n_running);
  10. 10. SQUID compatible andICAP (REQMOD) like modeCookie modificationforce safe-search on youtubeHTTPS filtering / Interceptionwhen browser/other proxy explicitly configuredredirect the browser to a HTTP page ..HTTP/1.1 200 Connection EstablishedCONNECT www.hsbc.com:443 HTTP/1.1Host: www.hsbc.comHTTP/1.1 302 SurfprotectedCache-Control: no-storeLocation: http://www.surfprotect.co.uk/Connection: closeHTTP/1.1 403 SurfprotectedConnection: closeBrowsers just disabledthis “feature” followingsome work on HTTBisNo way to return amessage to thebrowser via 4xx/5xxURL Rewritedisplay a different URL
  11. 11. 250+ commits since (and counting)
  12. 12. HAVE FUN ...****** if you are brave, mad, desperate or any of the above! From: !David Farrar <david.farrar@exa-networks.co.uk>! Subject: !Doh!! Date: !27 April 2012 12:31:53 GMT+01:00! To: !Thomas Mangin <thomas.mangin@exa-networks.co.uk>I now know why it was such a pain tracking down the source of the memory leakIt requires that -- The client starts a new request over a socket thats already been used for at least one request- The send buffer to the remote web server was full when we first try sending the new request- The client is uploading a very large file (or this happens many times with smaller files)- The upload speed from the client to the proxy is greater than the upload speed from the proxy to theremote web serverhttp://code.google.com/p/exaproxy/We have !( It only took a week )
  13. 13. 13QUESTIONS ?
  1. A particular slide catching your eye?

    Clipping is a handy way to collect important slides you want to go back to later.

×