I’m sorry if my subject is off-topic, I have no idea where to post it.
I want to implement a software running on proxy server side,
performing as a monitoring and filtering tool.
There are two aims, one is to block and log the access attempt to
certain domains/URLs, and the other is to raise alert and log when
there is access attempt to certain domains/URLs.
I’ve got two plans, plan A would be demonstrated as:
request ------> App ------> proxy server
The application would analyze the request, block some directly or
raise alert, afterwards transferring the request to proxy server.
The other plan, plan B, would be demonstrated as:
-------------------------------------
request ------> | proxy server |
| ↕ |
| black list/access log |
--------------------------------------
↑
APP
By accessing black list and access log of the proxy server, the
application would not handle the request directly but make use of
proxy server itself. In order to block access, the application
modifies black list, meanwhile, analyze access log to raise alert.
I have made a conclusion on the advantages and disadvantages of both
solutions.
Plan A’s Advantages:
(1) Real-time filtering and alerting.
Plan A’s Disadvantages:
(1) Difficult to implement (different strategy should be applied to
different proxy server software, for example, squid and wingate?)
Plan B’s Advantages:
(1) Easy to implement.
Plan B’s Disadvantages:
(1) Some proxy server software have no such “blacklist.txt” file (is
that true? I didn’t check all proxy server software).
(2) There is possibility that proxy server should restart so that the
modified “blacklist.txt” would loaded.
(3) The alert reporting is not real-time (because of disk/data cache,
there would be some delay in logging).
Would experts give me some comments? Thanks a lot.