CARP Compliant Proxy Enforcer Frame Work

摘要

One of the important aspects of network management is the proxy usage. Nowadays it is a common practice to force the user to connect to some network services via the proxy. The disadvantage of this method is that it requires from the user an additional network knowledge and manual client configuration. The problem can be solved by developing a system that will enforce proxy usage and should remain completely transparent to user. In addition to that, the enforcing should reduce network traffic, increase the speed and thus increase performance. In this research we present a frame work of a proxy system that is able to process the requests of a number of different application level protocols. The system deals with program redirection of HTTP protocol requests, but the same scheme can be applied to implement the enforcer for other protocols too. The system is implemented on Linux Red Hat platform and can run on new distribution of host operating systems that implements IP firewall (ipfw). This system also posses a different dimension of implementing and enforcing security policy among enterprises. This could be achieved by stopping any proxy bypass event processed by clients to browse for prohibited sites during the working hours according to certain companies' security policies. The system can be installed on host operating system to provide support to all clients independent of their platforms. The system is tested in a private network that simulates the real traffic environment with 10 proxy servers, 50 hosts that serve 250,000 clients connected via different network topologies, technologies and services. The system showed feasibility and efficiency for improving network performance between 17-23 % which is a fairly successful result.