Rss
Реклама
{links}
Календарь
«    Октябрь 2021    »
ПнВтСрЧтПтСбВс
 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
Реклама
Друзья сайта
nu6 » Безопасность » Программа, которая контролирует появление новых или смену старых IP-адресов в локальной сети Fastream IQ Proxy Server v3.4.2R
  • Опуликовал: Admin
  • |
  • Коментариев: 0
  • |
  • Просмотров: 7899
**********************************************************************

Fastream IQRP is a secure web reverse proxy solution for Windows NT, that secures web sites and protects them from hackers, overload and server failure.

IQRP can satisfy 800 HTTP connections/s and 140 SSL connections/s on a standard 32-bit single core Pentium 4 CPU!

IQRP features a state-of-the-art 32-connections/thread asynchronous architecture, providing the fittest architectural design for Windows by utilizing multiple CPUs/CPU-cores.

Fastream IQRP supports all RFC-compliant web servers including Apache, IIS, NETFile Server and Zeus. IQRP is supplied with full 30-day money back guarantee with payment methods such as eSellerate 128-bit SSL Visa/MasterCard/AMEX/Discover, PayPal, international bank transfer and bank check.Fastream IQ Proxy Server Detailed Features



Caches static and dynamic content for ultra-hi-speed later on serving



IQP features a 3 Giga bits per second memory cache and unlimited disk cache as well. This performance level could be achieved with only a 32/64-bit single core P4/Athlon CPU! You can limit the maximum cache object size and the total capacity for both caches. Cache contents can be viewed using the remote GUI and emptied.



256-bit SSL/TLS accelerator with support for self-signed certificate creation



Secure Sockets Layer and its version 3.1 incarnation called Transport Layer Security (TLS) is the industry standard for secure transmission on the web. With the ultimate latest open source OpenSSL library that IQP utilizes, it is capable of supporting the highest grade of security level possible for commercial use: 256-bits! This is so high that it used to be impossible to imagine on the web in the '90s. Now as of version 3.3+, IQP supports the new SNI (Server Name Indication) protocol for serving multiple certificates on single IP/port--also with intermediate certificates.



One important aspect of SSL that makes it better than SSH (Secure Shell) is the capability of signing with certificates. With this feature, Alice and Bob can really be sure that they are in fact talking with each other and no "man-in-the-middle" attack is taking place. Since certificates sometimes could be expensive to acquire from certificate authorities (CA) such as Verisign and Thawte, IQP provides the facility of generating itself. However these "self-signed" certificates cannot be verified by parties for integrity.



Load balancing with failover in URL-aware fashion: point each domain/path to different target LAN server/port



In IQP, rule-based load balancing supports load balance among web servers on a LAN server farm. Each domain, sub domain and path (including wildcards) can be routed to a different physical IP. For example:



*.fastream-test.com/images

*.fastream-test.com/videos

*.fastream-test.com/sounds

*.fastream-test.*/catalog



can all be forwarded different IP/ports with a scanner algorithm that scans from top to bottom to seek the matching rule.



Anti Hot-Linking



With IQP's built-in anit hot-linking function, you can now control which file extensions could be linked from sites other than yours and even can whitelist sites such as Google images. This way you will be saving bandwidth and a customizable error page will be shown instead of blocked pages.



URL Rewrite



Using standard regular expressions, you are now in total power to have links such as



/path/index/1/test



to work and be rewritten as



/path/index.aspx?id=1&user=test



using standard regular expressions, with the same format as in Apache mod_rewrite, yet without the hassle.



Bandwidth limiting per URL rule per IP/port



Similar to load balancing, each URL rule can also be assigned a bandwidth rule (in terms of kilo bytes per second) to be applied for the entire rule domain instead of per socket connection! This enables an admin to limit the total site bandwidth usage or sub parts of the site. This feature is, of course, optional.



GZip compression accelerator with configurable compression rates for each object extension



HTTP protocol as defined in RFC2616 -which IQP fully complies to- defines a mechanism for compression support negotiation between client and server. Compression saves bandwidth and speeds up web object load times. GZip is the most prevalent format and it is implicitly supported by IQP. You can configure IQP to get content directly w/o compression from the web server (which would not hurt the LAN as bandwidth is plenty there) and compress on the fly. This could even be done at a configurable ratio with respect to object MIME type! This way the proxy does not get exhausted trying to compress MP3s and AVIs which was already compressed.



Another usage would be to let the web server compress and use the proxy just for tunneling. This would be ok if the load on web servers are not too high and on proxy is indeed high. There is a maximum object size to compress setting which prevents the proxy to bog its RAM with big objects such as videos in case they are configured to be compressed. Now as of v2.5+ you can also specify the minimum object size to compress!



Able to listen on multiple IP/ports and scalable up to tens of thousands of simultaneous connections



If IQP supported only one listener IP/port in a single process, then there would be no way to listen on another IQP proxy port as in Windows only one instance of a service can run at a moment. Therefore IQP supports multiple proxies each in its own thread to support multiple listeners. We chose to listen each port in a distinct high priority thread for maximum performance and robustness. For each configurable number of async-connections, a worker thread is assigned. While choosing the to-be-assigned worker thread, IQP uses load balancing. This approach provided the best performance in our benchmarks despite its high complexity. If IQP was designed to open a thread for each connection, it would get stuck in 1,000 concurrent sync connections/threads but now it is estimated to support more than ten thousand of them!



Failover protection with both ICMP and HTTP server validation



IQP continuously polls the servers in the LAN with two protocols: ICMP pings and HTTP. This way problematic hosts are automatically suspended for a definable period of time so that the clients are not shown error pages. After that period ends, the servers are taken into service automatically once again without an admin command! This enables if the proxy admin is different than web server admin and a web server in the farm is taken offline for maintenance, then the proxy admin needs to do absolutely nothing to take the server online once it is fixed. One other interesting feature is the dynamic discovery: if a request was unable to be answered by a specific target server then other servers are automatically polled for THAT request--no need to upset clients for a server being down!



Ping times are also used for determining which server is tired and which ones are to be given priority in assignment of client requests.



Cookies created make session persistence possible among client-to-target-server matching



For each URL, in the first time a client is assigned a web server, it is best to keep that assignment. This is because the server and client could be conducting a transaction such as an e-commerce one and if during the transaction we redirect to another server in the farm, it might fail. To assure session persistence, IQP optionally creates cookies in browser end to "tie" the client to a specific server for that URL. This is the best way for session persistence compared to hashing.



Again, if the server for some reason goes offline, then another server is replaced.



TCP firewall: Filter with respect to IP, reverse DNS and even client IP country



IQP features a firewall that can filter and pass with respect to IP addresses, DNS records of clients and even client countries! If you are getting an attack from a specific country, why not just block them all?! Or you can say you only want to accept incoming requests from your home country and nowhere else. Reverse DNS enables you to block with respect to client ISPs. For example you can forward all of comcast.net and block the rest.



High performance on-the-fly HTML absolute link transformer



If your web pages contain hyperlinks such as,


Информация
Посетители, находящиеся в группе Гости, не могут оставлять комментарии к данной публикации.