Files And Folders

From Secure Web Gateway


Directory/etc/init.d  contains scripts for controlling(initialization and termination) the system and various services. These scripts can be invoked directly.
SafeSquid script is also stored in  /etc/init.d  directory which provide the user to control with various commands  {start|stop|restart|status|foreground}.
SafeSquid will start automatically when system gets rebooted. It provide the user to control over the SafeSquid to start, stop or restart the service. And also it sets all required dependencies to SafeSquid start like setting up all environmental variables.
SafeSquid uses /etc/init.d/safesquid to startstop, restart SafeSquid Service more frequently.


SafeSquid stores script in the directory /etc/init.d/ for TCP Tunning. This script will optimize/set some of the values of the TCP parameters like
-maximum number of packets to put in the queue before delivery to the upper layer.
-the default and maximum write (receiving) and read (sending) buffer size allocated to any type of connection.
-the maximum number of pending requests to put in queue before processing one connection.
-the port ranges available for a new connection.
-whether to reset new connections if the system is currently overflowed with new connection attempts that the daemon(s) can not handle.
-how long to keep sockets in wait state after connections are closed.
-Keep-alive parameters for overall stability and system resource utilization.
-maximum number of remembered connection requests, which have not received an acknowledgment from connecting client.
-TCP receive memory and transmit buffer size.
-whether to allow to reuse TIME-WAIT sockets for new connections.
SafeSquid stores the modified TCP parameters into /tmp/sysctl_.conf file for debugging purpose.


Logs are useful when you want to track usage or troubleshoot an application. As more information gets logged, however, log files use more disk space. Running out of disk space because of a large log file is a problem. Logrotate provides an ability for a system administrator to systematically rotate and archive any log files produced by the system and thus reducing an operating system's disk space requirement. By default, logrotate is invoked once a day using a cron scheduler from location. The SafeSquid logrotate script  is responsible to rotate all logs related to the SafeSquid if any log file having size more than 1GB. And convert them into gzip format for every 1GB logs generated by SafeSquid.


<a href="Monit">Monit</a> is a great utility that monitors your daemons. If a daemon fails, Monit will start the daemon it will automatically restart the process. We are using a generic configuration file for monit to monitor the SafeSquid service. So we created the configuration file SafeSquid.monit and place that in conf.d folder. So that no need to change the original configuration file. This will monitor SafeSquid service. When SafeSquid stops for any reason it will check and it will start the SafeSquid without user interaction.


This file contains the PAM configuration file for SafeSquid. PAM (Pluggable Authentication Modules) is a framework that assists applications in performing "authentication-related activities". The core pieces of PAM are a library (libpam) and a collection of PAM modules, which are dynamically linked libraries(.so) files. Each module performs one specific task, and a "PAM-aware" application typically uses a stack of several modules to get the job done. PAM can be used to authenticate users, control logins, allocate resources to users, or update login credentials.
  SafeSquid uses and files.
pam_unix : This is the standard Unix authentication module. It performs authentication against hashed passwords stored in /etc/shadow file and /etc/passwd file.
pam_permit : This module always permit access and returns success. It does nothing else.  


This file contains the system tuning parameters, to increase the performance. SafeSquid modifies and save this file for setting system variables. This file is preload /configuration file which is used to modify kernel parameters at runtime. These parameters are listed under /proc/sys directory.
SafeSquid optimizes various Linux networking and system settings such as:
- Improves memory-intensive workloads.
- Limits the number of discrete mapped memory areas.
- Maximum number of packets to put in the queue before delivery to the upper layer.
- Increase the maximum connections.
- Define the port range available for a new connection.
- The maximum amount of option memory buffers.
- The default and maximum amount for the receive and send socket memory.
- Minimum, average and maximum size of the TCP read and send buffers.


SafeSquid has a library of add-on modules that can be easily added or removed, to enhance or modify existing features. SafeSquid modules are independently developed and compiled unit from a source file. Each module encapsulates share object(.so) and xml files to implement a particular functionality. SafeSquid loads all add-on modules from the directory /opt/safesquid/bin/modules when the process is started.


SafeSquid has DLP feature as an add-on module. This folder contains shared object (.so) and xml files of the DLP module. Data loss prevention(DLP) feature detects potential data breaches/data ex-filtration transmissions and prevents end users to send sensitive or critical information outside the corporate network. For example, if an employee tried to upload a corporate file via email, then file will not be uploaded and template will be displayed.


This folder contains shared object (.so) and xml files of the Elevated Privacy module. You can use Elevated Privacy to protect privacy activity across different websites. Otherwise, third-party cookies will be tracking your activities. Example: When you are surfing the internet by logging into any of your accounts like Hotmail, Yahoo, Gmail, Online Banking… etc. Your activities will be tracked by third party and referral domains. Set 'Privacy Level' as per your requirement to block Third-Party Cookies, hide the HTTP & HTTPS referer and User Agents.


This folder contains shared object (.so) and xml files of the ICAP module. The ICAP feature enables the proxy server to use an ICAP server to perform request modification, request satisfaction, or response modification to any request or response.
When an ICAP server is installed with a caching system, every transaction is piped through the ICAP server, allowing the server to modify or redirect Web requests or responses.
When an ICAP server is installed in an FTP system, every transaction is piped through the ICAP server, allowing virus and content filtering software to operate on the content.


SafeSquid has Image Analyzer(also known as Imgfilter) feature as an add-on module. This folder contains shared object (.so) and xml files of the Image Analyzer module.
This module allows you to block pornographic images from websites and webmails, by analyzing the graphical content of an image, in real time, and block all suspicious images, so that a blank or checkered box, is displayed in place of the blocked image. Although it is only about 80%-90% accurate (configurable), it acts as a good deterrent.


This is a subfolder in the Image Analyzer(Imgfilter) module. This folder contains* and* files which are dependency/ library files. These are Engine and Reader library files which should be loaded after Image Analyzer module is initialized. This folder also contains imgfilter.tune file to fine tune the filter by defining the threshold score limit.


SafeSquid has content modifier(Content Re-Write) feature as an add-on module. This folder contains shared object (.so) and xml files of the content modifier module. Content modifier is a very powerful feature that must be used with extreme care. This feature allows you to use regular expressions to modify the contents of web pages, files, the client header, and server header in real time. It can be used to remove content like AcitveX, JavaScript, cookies, etc., from non-trusted websites, before serving the page to users.


This folder contains shared object (.so) and xml files of the SScore module. SScore allows you to categorize the websites, depending upon the potential nature of the content served by the web-site. SScore queries SafeSquid's Content Categorisation Service (CCS), to determine if a web-site belongs to one or more categories.


This folder contains shared object (.so) and xml files of the SvScan module. SvScan is a high-speed in-memory virus scanner built in module that protects the users against malware. SvScan uses an anti-Malware signature database which is constantly updated to ensure application of the latest anti-malware definitions. SvScan uses proactive protection, such as: generic detection routines, heuristic engine, and a behavior based engine to proactively prevent unknown or previously unseen malware.


This folder contains shared object (.so) and xml files of the WCCP module.
Web Cache Communication Protocol (WCCP) is a Cisco-developed content-routing protocol that provides a mechanism to redirect traffic flows in real-time. It has built-in load balancing, scaling, fault tolerance, and service-assurance (failsafe) mechanisms. SafeSquid WCCP module is configured to interact with WCCP enabled routers. WCCP enabled routers are used as gateway for End users. All the clients traffic will be transparently redirected to SafeSquid proxy by router.


This is the SafeSquid total configuration file. It is soft linked with running version of SafeSquid. If you delete this file SafeSquid will not work.


This folder contains the necessary XMLs of SafeSquid. You can find XML of every feature in this folder except add-on modules. These XMLs are used for rendering SafeSquid User Interface.


This folder contains default startup.ini and setup.ini files. These files should not be altered.
SafeSquid loads default configuration/startup parameters from startup.ini file. You can modify the startup parameters values from SafeSquid User interface. Modified values of startup parameters are stored in /opt/safesquid/startup.ini file.
SafeSquid loads default setup parameters from setup.ini file. To modify setup parameters you should take copy of setup.ini file and store it as /opt/safesquid/setup.ini before editing it manually.


This folder contains the temporary files created by SafeSquid while process is running or upgrading to the latest version.


This directory contains security, ui_root, sqlite and bin sub-directories. These sub-directories contains the various files related to
-activation of the product
-User Interface rendering
-Sqlite Database
-SSL certificates etc.


This directory contains the scripts which can be executed/run with external applications section. User created scripts should be stored in /usr/local/safesquid/bin directory for execution.


This directory contains policies, ssl and dns sub-directories. This directory contains activation_key.updates.backup, activation_key.updates and activation_key files which are product activation related files. These files should never be deleted otherwise SafeSquid service will be stopped.


This directory contains the default.config.xml which is the default configuration file of SafeSquid. You can modify configuration, i.e. Any of the section or policies from SafeSquid interface. Whenever a user modifies the configuration 1st time and do save config, two files will be created. One of the file created is config.xml which will be now latest configuration file. Other file created will be config_XXXX@YYYY_ZZZZ.xml which will be the last backup file of your saved configuration. Here XXXX is Username who modified/Accessed the configuration, YYYY is IP Address from which file is modified and ZZZZ is the Time at which file modified. Every modification of configuration afterwards will create one new config_XXXX@YYYY_ZZZZ.xml file. All these files can be used for restoring last known good configuration of the user.


This folder contains the SSL ROOT certificates and and trusted bundle file. It also contains the subca used in openvpn configuration.


This directory contains the users.db.conf, reporting_db.conf and bypass_db.conf files. These are configuration files for Sqlite database in SafeSquid.


This directory contains further sub-directories which contains files used for rendering SafeSquid Web User Interface.


This directory contains the additional scripts which are used for execution of well defined functionality of SafeSquid. Some of the functionalities are generation of support tarball, generation of performance plot, Kerberos setup etc.


This directory contains all the CSS (Cascading Style Sheets) files. These files helps to describe how HTML elements of SafeSquid to be displayed on screen. Modification in these files without proper knowledge may disarrange the SafeSquid interface display.


This directory contains web font files used in SafeSquid. You will get  glyphicons-halflings-regular.*fontawesome-webfont.* and hinted-SegoeUI.* files. Font Awesome is a font and icon toolkit based on CSS and LESS. Segoe is a typeface, or family of fonts, that is best known for its use by Microsoft. Glyphis used for variety of designs of a certain character. You can add more web font files as per your need.


This directory contains the image files which are shown on SafeSquid interface. Some of these files are PNG and GIF format used to show simple animations or small icons on the interface. You can add your preferred image files in this folder to modify the interface display. Modify CSS/JavaScript files and edit your preferred image file names to modify SafeSquid interface display.


This directory contains all the javascript files used in SafeSquid to perform various functionality.


This directory contains, success.html, landing.html and block_bypass.html files. SafeSquid uses file to check and upgrade the latest package. Other HTML files are templates to display on the browser. Some of these templates are used for displaying successful logging,  captive portal and when access is denied/ blocked. You can add your own custom template files here and create the entry in the templates section.


This is the default directory to store all caching objects. You can configure SafeSquid'’s cache and its storage area, for optimum performance. SafeSquid will create cache store for all cacheable objects if cache section is enabled.


This folder contains the Sqlite database files of SafeSquid. SafeSquid retrieves the user information from the database to display on reports tab. You will get files like main.db, main.db-shm, main.db-wal, safesquid2.db, safesquid2.db-shm, safesquid2.db-wal and YYYYMMDDhhmmss-main.db in this folder. Where main.db and safesquid2.db are database files. A new time-stamped file YYYYMMDDhhmmss-main.db is created after every 1000 transactions. Files with extension DB-WAL are SQLite write-ahead log files. Database modifications are written to the DB-WAL file before being committed to the database. Files with extension DB-SHM are SQLite shared memory storage files.


Contains the temporary SSL certificates created by safesquid for webservers, while doing https inspection.




This directory stores the applications3 file in updates folder which is an application signature file. SafeSquid service checks and downloads the latest application signature file from cloud on an hourly basis.


This folder contains category.db file which is the local database for custom categories.


This directory contains magic.mgc and files which are shared library files. This directory also has updates folder to store content4 file which is an content signature file. SafeSquid service checks and downloads the latest content signature file from cloud on an hourly basis.


This folder contains and files which are dependency/library files. These are Engine and Reader library files which are loaded after Image Analyzer module is initialized. This folder also contains imgfilter.tune file to fine tune the filter by defining the threshold score limit. SafeSquid service checks and downloads the latest library files from cloud on an hourly basis.


This folder contains essential library files for proper execution of SScore module. All the SScore signatures are stored into parental_sig subfolder. SafeSquid service checks and downloads the latest file and stores into update subfolder on an hourly basis.


This folder contains essential library files for proper execution of SvScan module. All the SvScan anti-Malware signature database are stored into Plugins subfolder. SafeSquid service checks and downloads the latest file and stores into update subfolder on an hourly basis.


This folder contains the config.log file which stores the details about modification in the SafeSquid configuration via SafeSquid UI. This log file will help the administrator to trace any rule is added/modified/deleted in SafeSquid configuration. The administrator can easily roll back the faulty changes from SafeSquid configuration.  Log rotation will change config.log into XXXX-config.log file, where XXXX is the time of log rotation.
Below is the heading/legend for Config Log file-


Log Rotation: Log Rotation is the process in SafeSquid to control large log files. Some Log Analyzers and Text Editor cannot process bigger log files (2GB earlier). To handle this SafeSquid sets the parameter <LOG_SIZE_LIMIT> for the maximum file size in bytes for a log file. Exceeding the maximum file size SafeSquid will automatically truncate and compress the log file, further this file will be renamed and saved on the disk.


This folder contains the extended.log file detailing the users, applications and security breaches. This log file will help the administrator to trace each request and response processed by the SafeSquid. Log rotation will change extended.log into XXXX-extended.log file, where XXXX is the time of log rotation.
Below is the heading/legend for Extended Log file-

"record_id"     "client_id"     "request_id"    "date_time"     "elapsed_time"  "status"        "size"  "upload"        "download"      "bypassed"      "client_ip"     "username"      "method"        "url"   "http_referer"  "useragent"     "mime"  "filter_name"   "filtering_reason"      "interface"     "cachecode"     "peercode"      "peer"  "request_host"  "request_tld"   "referer_host"  "referer_tld"   "range" "time_profiles" "user_groups"   "request_profiles"      "application_signatures"        "categories"    "response_profiles"     "upload_content_types"  "download_content_types"        "profiles"


This folder contains the native.log file detailing the various functional aspects like REQUESTS, SECURITY, REDIRECT etc. that are affected by the various features and their configuration. This file stored all data related to every request and response processed by the SafeSquid which will be helpful to administrator for debugging purpose. You can control the verbosity of the Native Log by specifying LOGLEVEL. Log rotation will change native.log into XXXX-native.log file, where XXXX is the time of log rotation.
LOG_LEVEL: Set to 16777216 (for only warnings) 33554432 (only errors) 67108864 (only profiles) 134217728 (only debug) 268435455 (all activities and debug information). Default is 33554435(errors requests network).


This folder contains the performance.log file which provides performance metrics to identify any outage due to resource shortfall, or failure in Internet Connectivity, or surge in web-traffic, etc. This log file will help the administrator to analyze the performance of SafeSquid. SafeSquid performance log has been extended to make it easier for analysis with third-party software such as GNU Plot that analyses records on a progressive per line basis. Log rotation will change performance.log into XXXX-performance.log file, where XXXX is the time of log rotation.
Below is the heading/legend for Performance Log file-

Time Stamp (YYYYMMDDhhmmss) , Elapsed Time , Client Connections Handled , Client Connections Closed , Client Transactions Handled , Client Connections in Pool , Spare Client Threads , Client Threads in Use , Client Threads in Waiting , Threads Starting up , Threads Reserved for Prefetching , Threading Errors , Outbound Connections created , Outbound Connections Failed , Outbound Connection Pool Reused , Outbound Connections in Pool , Bytes in (KBytes) , Bytes Out (KBytes) , Caching Objects Created in Memory , Caching Objects Removed from Memory , DNS Queries Reused , New DNS Queries , DNS Query failures , Total System Memory (KBytes) , Free System Memory (KBytes) , SafeSquid Virtual Memory (KBytes) , SafeSquid Resident Memory (KBytes) , SafeSquid Shared Memory (KBytes) , SafeSquid Code Memory (KBytes) , SafeSquid Data Memory (KBytes) , SafeSquid Library Memory (KBytes) , Connections Handled Delta , Connections Closed Delta , Transactions Handled Delta , Client Pool Delta , Spare Threads Delta , Active Threads Delta , Threads Waiting Delta , Threads Starting up Delta , Threads Prefetching Delta , Threading Errors Delta , Outbound Connections created Delta , Outbound Connections Failed Delta , Outbound Connection Pool Reused Delta , Outbound Connections in Pool Delta , Bytes in (KBytes) Delta , Bytes Out (KBytes) Delta , Caching Objects Created in Memory Delta , Caching Objects Removed from Memory Delta , DNS Queries Reused Delta , New DNS Queries Delta , DNS Query failures Delta, load avg.(1 min), load avg.(5 min), load avg.(15 min), Running Processes, Waiting Processes, User Time, System Time, Total (user + system) Time , User Time Delta , System Time Delta , Total Time Delta




This folder contains the file which stores process ID of SafeSquid. For every restart of SafeSquid this file is modified with new process ID. 

Application Eco-system