From the ground up we’ve built Snapt to be exactly what we’d want as HAProxy and Squid users ourselves – and now we’re asking you how much to charge for it!
If you have 2 minutes to fill in our <10 question survey it will help us to gauge what the community is willing to pay for Snapt as well as a few other questions.
One of the features packaged in the Snapt Framework is the “Interception Manager”. This provides plugins to the framework such as Snapt Squid or Snapt HAProxy to transparently intercept traffic.
In the Squid example, it makes it easy to pick up HTTP (port 80) traffic and cache it without interfering with user configuration, or with HAProxy you can roll out load balancing without changing IP addresses and the like. Typically, this can get confusing and complicated – so we introduced an interception manager.
Each plugin is assigned a “space” in which it can operate to intercept traffic. Each space can have subspaces. For example, each HAProxy group effectively has its own space which can have any number of ports or IP addresses to intercept traffic on and redirect it to HAProxy.
The interception manager automatically integrates with your firewall (currently it supports PF or IPTables) and intercepts the data. You can disable and enable interception spaces without losing their configuration – allowing maintenance without downtime, and you can disable the entire system without losing your setup.
You can see an example of some live HAProxy groups intercepting data below
With work on the Snapt Framework moving along, focus is being shifted toward the completion of our two launch modules; HAProxy and Squid.
Some of the features to look forward to in Snapt Squid have already been discussed and work on plugins has started. The plugins aim to bring functionality that might not be common to all installations without adding unnecessary bloat to the Snapt Squid Module. Examples include authentication, WCCP, advanced peering and more.
The Snapt HAProxy module is a feature packed front end to the HA Proxy Load Balancer. Among many other features, it includes advanced reporting, simple yet powerful control over the config file as well as status alerts. Scheduled for release with the launch of the Snapt Framework, this will give HA Proxy the frontend needed to position itself as a competitive Open Source load balancer.
We’re excited for 2010 and for the great feedback we have received so far. Remember, by subscribing to the release list you will be the first to know when Snapt is officially launched.
Frox is a feature we’ve built in to our Squid cache front end, and we utilize it to transparently cache FTP file transfers. Depending on the type of network you use, and your usage of the FTP protocol (often large) you can utilize a Squid and Frox combination (with some clever firewall rules) to store that content locally and accelerate the file transfers.
Squid has the ability to proxy and cache FTP transactions, but only if you are pointing to the cache. You cannot simply intercept FTP connections with a firewall and a Squid server – this is where Frox steps in. Frox is a transparent FTP proxy with a key feature – the ability to send requests through Squid.
In the diagram above, “Users” are downloading content from internet (or any over-WAN) FTP servers, and would typically go through “Firewall” and straight out. This is where the “Firewall” redirects to “Frox”. Frox then accepts the client, gets any login details and passes them along and proxies the connection through “Squid”, which fetches the objects and caches them.
This can drastically improve the speed of FTP transactions that are repeated often – for example, documents stored on FTP at head office that users require on a daily basis, but infrequently change.
Frox is freely available under the GPL license, from here, and a front end for this configuration comes standard with Snapt Squid.
Here’s a quick Squid tip from their wiki, if you’ve ever wanted to not require authentication for the Windows Update services you can just add the following before any other ACL’s in your config file –
acl windowsupdate dstdomain windowsupdate.microsoft.com acl windowsupdate dstdomain .update.microsoft.com acl windowsupdate dstdomain download.windowsupdate.com acl windowsupdate dstdomain redir.metaservices.microsoft.com acl windowsupdate dstdomain images.metaservices.microsoft.com acl windowsupdate dstdomain c.microsoft.com acl windowsupdate dstdomain www.download.windowsupdate.com acl windowsupdate dstdomain wustat.windows.com acl windowsupdate dstdomain crl.microsoft.com acl windowsupdate dstdomain sls.microsoft.com acl windowsupdate dstdomain productactivation.one.microsoft.com acl windowsupdate dstdomain ntservicepack.microsoft.com acl CONNECT method CONNECT acl wuCONNECT dstdomain www.update.microsoft.com acl wuCONNECT dstdomain sls.microsoft.com http_access allow CONNECT wuCONNECT localnet http_access allow windowsupdate localnet
This allows the HTTPS and HTTP connections to the suite of Microsoft update sites without authentication. This can be particularly useful if you want to ensure users can update at any time, without needing to enter their information into popup boxes (i.e. non single sign-on setups). There is a quick wizard included in Snapt if you want to automate this!
Snapt Squid comes with powerful tools for helping you diagnose any network, cache or even config errors. With many great open source products visibility and troubleshooting can be problems, which is why all Snapt products aim to improve both.
There are many features in Snapt Squid, but today we’ll touch on the Tools section. It enables to you check connectivity through the cache, see an objects status, force a refresh on a cached object, test URL’s, parse the config file and more.
A single request through a cache can often not be a good enough test. The connectivity tester can be configured to send as many requests as you want, and will diagnose any problems (e.g. drops, different page sizes etc). You can see an example of this below, each request is sent through Squid.
Another problem is when a specific user, from a specific IP address is complaining about something that you can’t reproduce – with Snapt you can! As you can see below, you can configure a URL to test, an IP to test from, and the username/password the user is supplying (if you use authentication).
The config parser doesn’t only pick up any errors – it also offers suggestions for fixing them using an advanced matching algorithm that can detect typing errors! No longer will you have to search for answers to configuration problems!
No one likes an ugly cache error message – it’s hard for the user to understand and it’s unprofessional! Snapt Squid comes with an advanced error page editor which allows you to quickly convert all your error pages to stylish, readable pages – or create any style of your own!
As you can see above, the default process is simple. You can choose what information to display and customize error messages about who to contact and even include a company logo. You can choose between a Modern style (which is shown in the screenshot below) or Simple which displays Apache-like error pages – masking the cache’s presence if you are an ISP etc.
Also included is an advanced editor where you can manually edit the HTML code, or use a WYSIWYG editor to customize it to fit your needs exactly. This is shown below, with a popup tip box of all the possible variables available.
You are currently browsing the archives for the Squid category.
