SafeSquid for Linux SWG safesquid-2020.0102.1331.3-swg-standard released

From Secure Web Gateway

Introduction

  1. A new startup parameter SOCK_MEM has been introduced. This parameter will be the Upper limit Percentage of Memory for TCP Stack. Decrease this if system is memory starved. Default Value: 50.
  2. A new startup parameter HEAP_MEM has been introduced. This parameter will be the Percentage of Memory to reseve for Heap. SafeSquid will automatically reduce the MAXTHREADS to ensure sufficient memory is available for I/O and various data caches. Decrease this if system is memory starved. Default Value: 66.
    This gives users the contol over safety feature introduced in 2019.0925.2004.3 to limit the concurrent threads created below MAXTHREADS.
  3. Vital debugging information like application of profiling and filtering policies can be included in the HTTP protocol headers. Specify if this information should be sent to client, server, both or none.

Modification

  1. SEND_SOCKET_BUFFERS was used for setting a fixed wmem size for sockets. It shall now set the upper limit for socket wmem.
  2. RECEIVE_SOCKET_BUFFERS was unused. It shall now be used to set the upper limit for the socket rmem.
  3. The tcp_tune.sh script invoked by the safesquid init script, now uses startup parameters - SOCK-MEM, SEND_SOCKET_BUFFERS, RECEIVE_SOCKET_BUFFERS and MAX_CONCURRENT to calculate various sysctl parameters for TCP tuning.

Optimizations

  1. Optimization done to reduce the usage of stack memory.
  2. Improved adherence of SOCKET_TIMEOUT for defending against DoS.

BugFixes

  1. Fixed the problem for Detection of cookie expiry date.
  2. Fixed the problem for category names and profiles names with invalid charachter. SafeSquid will Strip the invaid characters from category names and access profiles entry comment.

 

New Users? Getting_Started

Download SafeSquid ISO to create your appliance.

Download safesquid-2020.0102.1331.3-swg-standard.tar.gz tarball for up-gradation or If you already have Linux 14.04 machine.