Difference between revisions of "SafeSquid for Linux SWG safesquid-2019.0925.2004.3-swg-standard released"
From Secure Web Gateway
(Created page with " '''Enhancement''' #Improved handling of half-closed connections.<br/> We noticed a rise in web-applications that use half-closed connections. This can be dangerous for...")
Latest revision as of 15:22, 10 October 2019
- Improved handling of half-closed connections.
We noticed a rise in web-applications that use half-closed connections. This can be dangerous for Web-Proxy servers that support persistent connections.
An advanced low-level socket manager has now been implemented to handle half-closed connections. This also improves reliability in delivering response to half-closed client connections. The new low level socket manager intelligently optimizes I/O operations for better CPU performance.
- Support for Web-Sites that use Bearer Authentication to validate users, without 401 Status Code.
Users reported incompatibility of SafeSquid with web-sites that used Authorization: Bearer XXXX in the HTTP response headers to validate users.
This incompatibility resulted from SafeSquid's intervention of these headers and handling it as required for HTTP status code 401 Authenticate.
This intervention has been modified to permit exchange of Authorization Headers irrespective of HTTP Status Code.
- Automatic reduction of MaxThreads if set to beyond host capability.
Use of half-closed connections is harder to detect and easier to exploit Web-Proxy servers in HTTPS connections. This caused SafeSquid to create threads leading to application saturation. A new logic has now been introduced to limit use of System Memory to 33% for thread stacks.
Thus on a host with 8GB RAM, SafeSquid will limit itself to use of only (8 / 3) = 2.7GB RAM for allocating Thread Stacks.
Thus if SafeSquid is set to a stack size of 21 (i.e. 2^21 = 2MB), it will not create more than 1365 concurrent threads.
While this limits the number of concurrent active connections, it does not directly limit the idle connections. This enables SafeSquid to drop connections instead of causing application saturation. It is proposed to offer SafeSquid users a better control over this feature, in future releases.
- CPU Optimization.
You will get better user experience and surfing speed due to optimization in CPU.
- Logging optimized for debugging and trouble-shooting.
Eliminated overlapped logging of various events for easier understanding. Logs now depict ephermal socket IP:PORT activity.
New Users? Getting_Started
Download SafeSquid ISO to create your appliance.
Download safesquid-2019.0925.2004.3-swg-standard.tar.gz tarball for up-gradation or If you already have Linux 14.04 machine.