Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

Monitoring and Filtering on Proxy Server Side

4 views
Skip to first unread message

Fred

unread,
Jun 10, 2010, 1:45:36 AM6/10/10
to
Dear ALL:

I’m sorry if my subject is off-topic, I have no idea where to post it.

I want to implement a software running on proxy server side,
performing as a monitoring and filtering tool.

There are two aims, one is to block and log the access attempt to
certain domains/URLs, and the other is to raise alert and log when
there is access attempt to certain domains/URLs.

I’ve got two plans, plan A would be demonstrated as:

request ------> App ------> proxy server

The application would analyze the request, block some directly or
raise alert, afterwards transferring the request to proxy server.

The other plan, plan B, would be demonstrated as:

-------------------------------------
request ------> | proxy server |
| ↕ |
| black list/access log |
--------------------------------------

APP

By accessing black list and access log of the proxy server, the
application would not handle the request directly but make use of
proxy server itself. In order to block access, the application
modifies black list, meanwhile, analyze access log to raise alert.

I have made a conclusion on the advantages and disadvantages of both
solutions.

Plan A’s Advantages:
(1) Real-time filtering and alerting.
Plan A’s Disadvantages:
(1) Difficult to implement (different strategy should be applied to
different proxy server software, for example, squid and wingate?)

Plan B’s Advantages:
(1) Easy to implement.
Plan B’s Disadvantages:
(1) Some proxy server software have no such “blacklist.txt” file (is
that true? I didn’t check all proxy server software).
(2) There is possibility that proxy server should restart so that the
modified “blacklist.txt” would loaded.
(3) The alert reporting is not real-time (because of disk/data cache,
there would be some delay in logging).

Would experts give me some comments? Thanks a lot.

0 new messages