| |
| A proxy server acts as an intermediate/bridge between the internet and the user's computer. The socket on which SafeSquid should bind, and then serve is LISTEN_IP. LISTEN_IP is the IP address that listens for incoming TCP connections. The default value for LISTEN_IP is "*" which allows SafeSquid to bind the instance to more than one IP address. |
| LISTEN_PORT is an HTTP port that will listen for all incoming requests in the SafeSquid proxy. SafeSquid instance binds on LISTEN_IP: LISTEN_PORT and serves the request. The default value for LISTEN_PORT is 8080. |
| MASTER_IP is an IP address of a Master server in a Master-Slave settings/configuration. Master-Slave settings/configuration is generally used to ensure automatic synchronization of policies among various clustered services, or even remote proxy servers. SafeSquid can be invoked as a Slave and can be configured to synchronize and fetch configuration parameters and policies from a remote-based SafeSquid Master server. Safesquid can be invoked as a Slave and can be configured to fetch configuration parameters from a remote SafeSquid server. This mode of operation becomes automatically effective if the MASTER_IP and MASTER_PORT of the Master service are specified. SafeSquid MASTER_IP can be FQDN/IP_ADDRESS, on which Master SafeSquid Server is listening, to synchronize configuration from the Master Server. The default value for MASTER_IP is "" which is for standalone proxy service. |
| MASTER_PORT is an HTTP port that along with MASTER_IP is used for Master-Slave settings/configuration. The default value for MASTER_PORT is "". For standalone proxy service always keep MASTER_IP and MASTER_PORT blank. |
| The SafeSquid throughput can be boosted by TCP tuning of the socket buffers. Each network socket is allocated a send buffer for outbound packets and a receive socket for inbound packets. SEND_SOCKET_BUFFERS is used for tuning the outbound data buffer. The outbound data buffer is for client->SafeSquid->Webserver. The default value for SEND_SOCKET_BUFFERS is 131072. |
| The SafeSquid throughput can be boosted by TCP tuning of the socket buffers. Each network socket is allocated a send buffer for outbound packets and a receive socket for inbound packets. RECEIVE_SOCKET_BUFFERS is used for tuning the inbound data buffer. The inbound data buffer is for Webserver->SafeSquid->client. The default value for RECEIVE_SOCKET_BUFFERS is 131072. |
| TCP_KEEPIDLE_TIME is the time (in seconds) to keep an idle TCP connection active. This parameter is used and can be modified to tune the overall stability and system resource utilisation of SafeSquid. The default value for TCP_KEEPIDLE_TIME is 900. |
| TCP_KEEPINTVL_TIME is the interval between packets sent to validate the TCP connection. This parameter is used and can be modified to tune the overall stability and system resource utilisation of SafeSquid. Default value for TCP_KEEPINTVL_TIME is 75. |
| TCP_KEEPCNT_COUNTS is the number of keepalive probes to be sent before terminating the connection. This parameter is used and can be modified to tune the overall stability and system resource utilisation of SafeSquid. The default value for TCP_KEEPCNT_COUNTS is 9. |
| SafeSquid provides an excellent Password Caching feature which is used to reduce the latency when authentication is desired from a remote authentication system. Password Caching also tremendously reduces communication overheads. PASSWORD_CACHE_SIZE is the maximum number of password cache entries stored in memory. The default value for PASSWORD_CACHE_SIZE is 8111. |
PASSWORD_CACHE_EXPIRE_TIME | PASSWORD_CACHE_EXPIRE_TIME is the time (in seconds) to keep the password cache entries in memory and clean the entry after the expiry time. The default value for PASSWORD_CACHE_EXPIRE_TIME is 3600 seconds. |
| The SafeSquid service when invoked as SLAVE fetches policies from a remote Linux / Windows-based SafeSquid server acknowledged as MASTER. These policies are configured in various sections of SafeSquid. You can specify the section's name in a comma-separated format that need not be fetched from the Master instance for synchronization. The default value for NEVER_SYNC is "cache" which indicates that the caching section should never be synchronized. Each SafeSquid service instance has its own set of cached objects which are strictly encoded and decoded with individual activation keys.
Note: The synchronization process works only if MASTER_IP and MASTER_PORT are specified. |
| The SafeSquid service when invoked as SLAVE fetches policies from a remote Linux / Windows-based SafeSquid server acknowledged as MASTER. These policies are configured in various sections of SafeSquid. You can specify the section's name in a comma-separated format that should be fetched from the Master instance for synchronization. The default value for ALWAYS_SYNC is "".
Note: The synchronization process works only if MASTER_IP and MASTER_PORT are specified. |
| LOG_SIZE_LIMIT is the size (in bytes) that specifies the maximum size of any log file, after which the SafeSquid do the log-rotation activity. The default value for LOG_SIZE_LIMIT is 524288000 in bytes. |
| SYNCTIME is the time (in seconds) after which the slave server will get synchronized with the Master server by fetching policy configuration. The default value for SYNCTIME is 99 seconds.
Note: The synchronization process works only if MASTER_IP and MASTER_PORT are specified. Leave this blank if you are setting up a standalone Proxy Service. |
| LOG_LEVEL is the numerical value that determines the details that will be logged in the log file, like REQUESTS, SECURITY, REDIRECT etc. This parameter affects only the SafeSquid Native Log. You can control the verbosity of the Native log with this parameter. Selecting too many options could affect the size of the log file. The default value for LOG_LEVEL is 134217727.
Note: For debugging set 268435455. ADVICE-0; REQUEST-1; NETWORK-2; LDAP-4; HEADER-8; INTERFACE-16; COOKIE-32; REDIRECT-64; TEMPLATE-128; TEXT_ANALYZER-256; REWRITE-512; LIMITS-1024; CACHE-2048; PREFETCH-4096; ICP-8192; FORWARD-16384; SYNC-32768; ANTIVIRUS-65536; EXTERNAL-131072; ICAP-262144; SSL-524288; CATEGORY-1048576; URLCOMMAND-2097152; MODULE-4194304; SECURITY-8388608; WARN-16777216; ERROR-33554432; PROFILES-67108864; DEBUG-134217728; |
| PROCESS_OLD_LOGS is the numeric value that specifies the activity to be done during Log Rotation. When the log file exceeds the LOG_SIZE_LIMIT SafeSquid executes the Log Rotation process. If PROCESS_OLD_LOGS value is set to 0 then SafeSquid will just open a new log file and just delete the earlier file. If PROCESS_OLD_LOGS value is set to 1 then SafeSquid will just open a new log file and compress the earlier file with the current time-stamp. If PROCESS_OLD_LOGS value is set other than 0 and 1 then SafeSquid will just open a new log file and rename the earlier file with the current time-stamp. The default value for PROCESS_OLD_LOGS is 1. |
| STACKSIZE is the numeric value defined for the stack size of a thread created by a SafeSquid. If STACKSIZE is specified as 20 here, then the SafeSquid executable will set the thread stack size to 220 i.e. 1024Kb. For optimum use of memory, this value should be a multiple of page size. The default value for STACKSIZE is 21. |
| This feature is not yet described. |
| OVERLOAD_FACTOR is a numeric value used to dynamically control the number of connections held in the client pool. OVERLOAD_FACTOR along with MAXTHREADS strengthen SafeSquid's capability to deal with DDoS attacks, or even when such conditions get developed unintentionally. The default value for OVERLOAD_FACTOR is 10. |
| SOCKET_TIMEOUT is the minimum time (in seconds) a socket handle will monitored by safesquid, for a consecutive incoming request on an established connection. If the client-side application supports pipelining the subsequent request will be handled with nearly zero latency. SafeSquid will additionally check for a socket's availability for 10 times the socket_timeout, before considering it to be a dead socket. The default value for SOCKET_TIMEOUT is 6 seconds. |
| SafeSquid can use the same thread to handle consecutive connections. THREAD_TIMEOUT is the minimum time (in seconds) a thread is kept alive after serving a request, and can serve a new request immediately after serving the first request. Keeping a higher Thread_timeout reserves virtual memory for a longer period, but reduces the CPU overheads involved in the creation of a new thread. Keeping a lower Thread_Timeout releases virtual memory faster and may be beneficial if the environment requires a large number of concurrent threads while conserving virtual memory. The default value for THREAD_TIMEOUT is 10 seconds. |
| HOSTNAME is your SafeSquid server hostname, the name by which the proxy's host or service name is referred. HOSTNAME is also used as the [realm] parameter for the authentication process. HOSTNAME can be configured even in the General Section of SafeSquid's run-time configuration. HOSTNAME can be set to the IP address if you intend to manage SafeSquid without setting it as your browser's proxy server.
Note: If you intend this instance to be a part of a load-balanced clustered service, then ensure each instance participating in the cluster has a common HOSTNAME. The default value for HOSTNAME is "". |
| DOMAIN is the Domain Name for SafeSquid server. A domain name represents an Internet Protocol (IP) resource, such as a personal computer used to access the Internet, a server computer hosting a website, or the website itself or any other service communicated via the Internet. The default value for DOMAIN is "". |
| MAXTHREADS is a numeric value to define the maximum number of concurrent threads, SafeSquid will open. SafeSquid has a multi-threaded architecture. Each Request is served by a thread and handles are required to use resources. MAXTHREADS is specified as the maximum concurrent requests that may be handled in multi-threaded architecture. The default value for MAXTHREADS is 8192. |
| MAX_FDS is a numeric value to define the maximum number of handles that can be used to access file(s) or other input/output resources, such as a pipe or network socket. SafeSquid limits the maximum number of handles, to preserve system stability. The default value for MAX_FDS is 32768.
Note: MAX_FDS should be set to 4 times of MAXTHREADS. |
| EXTENDED_UDP_IP is the UDP IP to write extended logs on the UDP server. SafeSquid will write extended logs on the UDP server using UDP sockets when both EXTENDED_UDP_IP and EXTENDED_UDP_PORT are mentioned. The default value for EXTENDED_UDP_IP is "". |
| EXTENDED_UDP_PORT is a UDP port to write extended logs on a UDP server. SafeSquid will write extended logs on the UDP server using UDP sockets when both EXTENDED_UDP_IP and EXTENDED_UDP_PORT are mentioned. The default value for EXTENDED_UDP_PORT is "". |
| NATIVE_UDP_IP is the UDP IP to write native logs on the UDP server. SafeSquid will write native logs on the UDP server using UDP sockets when both NATIVE_UDP_IP and NATIVE_UDP_PORT are mentioned. The default value for NATIVE_UDP_IP is "". |
| NATIVE_UDP_PORT is a UDP port to write native logs on the UDP server. SafeSquid will write native logs on the UDP server using UDP sockets when both NATIVE_UDP_IP and NATIVE_UDP_PORT are mentioned. The default value for NATIVE_UDP_PORT is "". |
| CONFIG_UDP_IP is the UDP IP to write config logs on the UDP server. SafeSquid will write config logs on the UDP server using UDP sockets when both CONFIG_UDP_IP and CONFIG_UDP_PORT are mentioned. The default value for CONFIG_UDP_IP is "". |
| CONFIG_UDP_PORT is a UDP port to write config logs on the UDP server. SafeSquid will write config logs on the UDP server using UDP sockets when both CONFIG_UDP_IP and CONFIG_UDP_PORT are mentioned. The default value for CONFIG_UDP_PORT is "". |
| REAL_TIME_DB_WRITE is a numeric value to determine whether SafeSquid logs should be written in a database or not. If REAL_TIME_DB_WRITE is set to 1 then real time logs will be written in the SQLite database. If REAL_TIME_DB_WRITE is set to 0 then real-time logs will not be written in the SQLite database. The default value for REAL_TIME_DB_WRITE is 1. |
| SafeSquid uses the STATEMENT_COUNT parameter to optimize writing into the SQLite database. STATEMENT_COUNT is the maximum number of log lines written into the SQLite database in one transaction. The default value of STATEMENT_COUNT is 100. |
