Posts Tagged ‘transparent’

How Snapt Intercepts Data

Wednesday, February 10th, 2010

One of the features packaged in the Snapt Framework is the “Interception Manager”. This provides plugins to the framework such as Snapt Squid or Snapt HAProxy to transparently intercept traffic.

firewallType How Snapt Intercepts Data

In the Squid example, it makes it easy to pick up HTTP (port 80) traffic and cache it without interfering with user configuration, or with HAProxy you can roll out load balancing without changing IP addresses and the like. Typically, this can get confusing and complicated – so we introduced an interception manager.

Each plugin is assigned a “space” in which it can operate to intercept traffic. Each space can have subspaces. For example, each HAProxy group effectively has its own space which can have any number of ports or IP addresses to intercept traffic on and redirect it to HAProxy.

The interception manager automatically integrates with your firewall (currently it supports PF or IPTables) and intercepts the data. You can disable and enable interception spaces without losing their configuration – allowing maintenance without downtime, and you can disable the entire system without losing your setup.

You can see an example of some live HAProxy groups intercepting data below
interceptionStatus How Snapt Intercepts Data

Tags: , , , ,
Posted in Framework, HAProxy, Squid | No Comments »

FTP Caching with Frox

Thursday, October 22nd, 2009

Frox is a feature we’ve built in to our Squid cache front end, and we utilize it to transparently cache FTP file transfers. Depending on the type of network you use, and your usage of the FTP protocol (often large) you can utilize a Squid and Frox combination (with some clever firewall rules) to store that content locally and accelerate the file transfers.

Squid has the ability to proxy and cache FTP transactions, but only if you are pointing to the cache. You cannot simply intercept FTP connections with a firewall and a Squid server – this is where Frox steps in. Frox is a transparent FTP proxy with a key feature – the ability to send requests through Squid.

diagram FTP Caching with Frox

In the diagram above, “Users” are downloading content from internet (or any over-WAN) FTP servers, and would typically go through “Firewall” and straight out. This is where the “Firewall” redirects to “Frox”. Frox then accepts the client, gets any login details and passes them along and proxies the connection through “Squid”, which fetches the objects and caches them.

This can drastically improve the speed of FTP transactions that are repeated often – for example, documents stored on FTP at head office that users require on a daily basis, but infrequently change.

Frox is freely available under the GPL license, from here, and a front end for this configuration comes standard with Snapt Squid.

Tags: , , ,
Posted in Squid | No Comments »