|
|||||||||||||||
|
IQ Reverse Proxy (IQRP) Features |
||||||||||||||
|
IQ Reverse Proxy Main Page | Features | Screenshots | Testimonials
256-bit SSL/TLS accelerator with support for OpenSSL hardware
cards and self-signed certificate creation OpenSSL has an open API for hardware manufacturers to support encryption performances so high that it could not be achieved with a general purpose computer CPUs. Since IQRP supports OpenSSL, it implicitly also supports these "engines". One important aspect of SSL that makes it better than SSH (Secure Shell) is the capability of signing with certificates. With this feature, Alice and Bob can really be sure that they are in fact talking with each other and no "man-in-the-middle" attack is taking place. Since certificates sometimes could be expensive to acquire from certificate authorities (CA) such as Verisign and Thawte, IQRP provides the facility of generating itself. However these "self-signed" certificates cannot be verified by Bob for integrity. Load balancing in URL-aware fashion: point each domain/path to different target LAN server/port In IQRP, rule-based load balancing supports load balance among web servers on a LAN server farm. Each domain, sub domain and path (including wildcards) can be routed to a different physical IP. For example: *.fastream-test.com/images Anti Hot-Linking With IQRP's built-in anit hot-linking function, you can now control which file extensions could be linked from sites other than yours and even can whitelist sites such as Google images. This way you will be saving bandwidth and a customizable error page will be shown instead of blocked pages. URL Rewrite Using standard regular expressions, you are now in total power to have links such as Bandwidth limiting per URL rule per IP/port Similar to load balancing, each URL rule can also be assigned a bandwidth rule (in terms of kilo bytes per second) to be applied for the entire rule domain instead of per socket connection! This enables an admin to limit the total site bandwidth usage or sub parts of the site. This feature is, of course, optional. GZip compression accelerator with configurable compression rates for each object extension HTTP protocol as defined in RFC2616 -which IQRP fully complies to- defines a mechanism for compression support negotiation between client and server. Compression saves bandwidth and speeds up web object load times. GZip is the most prevalent format and it is implicitly supported by IQRP. You can configure IQRP to get content directly w/o compression from the web server (which would not hurt the LAN as bandwidth is plenty there) and compress on the fly. This could even be done at a configurable ratio with respect to object MIME type! This way the proxy does not get exhausted trying to compress MP3s and AVIs which was already compressed. Another usage would be to let the web server compress and use the proxy just for tunneling. This would be ok if the load on web servers are not too high and on proxy is indeed high. There is a maximum object size to compress setting which prevents the proxy to bog its RAM with big objects such as videos in case they are configured to be compressed. Able to listen on multiple IP/ports and scalable up to tens of thousands of simultaneous connections If IQRP supported only one listener IP/port in a single process, then there would be no way to listen on another IQRP proxy port as in Windows only one instance of a service can run at a moment. Therefore IQRP supports multiple proxies each in its own thread to support multiple listeners. We chose to listen each port in a distinct high priority thread for maximum performance and robustness. For each 32-async-connections, a worker thread is assigned. While choosing the to-be-assigned worker thread, IQRP uses load balancing. This approach provided the best performance in our benchmarks despite its high complexity. If IQRP was designed to open a thread for each connection, it would get stuck in 1,000 concurrent sync connections/threads but now it is estimated to support more than ten thousand of them! Failover protection with both ICMP and HTTP server validation IQRP continuously polls the servers in the LAN with two protocols: ICMP pings and HTTP. This way problematic hosts are automatically suspended for a definable period of time so that the clients are not shown error pages. After that period ends, the servers are taken into service automatically once again without an admin command! This enables if the proxy admin is different than web server admin and a web server in the farm is taken offline for maintenance, then the proxy admin needs to do absolutely nothing to take the server online once it is fixed. One other interesting feature is the dynamic discovery: if a request was unable to be answered by a specific target server then other servers are automatically polled for THAT request--no need to upset clients for a server being down! Ping times are also used for determining which server is tired and which ones are to be given priority in assignment of client requests. Cookies created make session persistence possible among client-to-target-server matching For each URL, in the first time a client is assigned a web server, it is best to keep that assignment. This is because the server and client could be conducting a transaction such as an e-commerce one and if during the transaction we redirect to another server in the farm, it might fail. To assure session persistence, IQRP optionally creates cookies in browser end to "tie" the client to a specific server for that URL. This is the best way for session persistence compared to hashing. Again, if the server for some reason goes offline, then another server is replaced. TCP firewall: Filter with respect to IP, reverse DNS and even client IP country IQRP features a firewall that can filter and pass with respect to IP addresses, DNS records of clients and even client countries! If you are getting an attack from a specific country, why not just block them all?! Or you can say you only want to accept incoming requests from your home country and nowhere else. Reverse DNS enables you to block with respect to client ISPs. For example you can forward all of comcast.net and block the rest. High performance on-the-fly HTML absolute link transformer If your web pages contain hyperlinks such as, <a href="http://www.mysite.com/images/logo.gif>Click for logo</a> instead of, <a href="/images/logo.gif>Click for logo</a> then you might be in trouble with reverse proxies as some of our competition does not support absolute URL translation. Here is why: when you replace the URL with www.myproxysite.com or for example in terms of numeric IPs, then the URL would get broken and the user experience would suffer. To overcome this, IQRP optionally replaces all the hyper links including the image tags with the URL of the proxy. This feature can slow down page delivery but luckily with IQRP you can define which object extensions you wish to replace hyperlinks. For example, by default you only replace extensions of types like asp, php, html and pl. This way the server does not get bogged down with and corrupt files such as mpegs and jpgs. DynDNS.org and No-IP.com dynamic DNS auto updater client built-in If you are running your site on dynamic IP instead of a static one, and if you desire a domain name, then you are out-of-luck with static DNS servers as it takes days to update a record with them. To overcome this problem, Fastream partnered with two great dynamic DNS providers and we even integrated our custom dynamic DNS client that runs in the same service (even when you are not logged in) and detects and updates your IP address every 5 mins. So even if you disconnect and reconnect again, you need to no worry. User-friendly HTTP/XML controller interface for remote admin access One cool feature of NETFile Server is the ability to remotely control the server with a GUI controller. This enables you to control servers on the other side of the globe fast and securely. The protocol is XML over HTTP so no firewalls complain at all! And it even detects your browser proxy settings so it does not give boring connection errors and saves you from headache with your network admins. HTTP/1.1 basic and digest as well as Windows/NTLM and HTML authentication with users definable per URL rule So you want to pass-protect a part of your site and also want to do it in the gate of the servers? This is very easy with IQRP. All you need to do is to select the URL-rule, click a button, and enter user information! IQRP now (1.2+) supports basic, digest, NTLM and HTML in a selectable fashion. You can configure your IQRP setup to connect to NTLM-domain controllers so that you can use your existing ActiveDirectory database. Even HTML-auth can connect to NTLM database! Supports W3C Extended Log Format with selectable fields and NFServer v2 screen and file logging--configurations setable in URL granularity By supporting the W3C Extended Log format, which is by far the most flexible log format on the entire Internet, IQRP lets you log every aspect of client communication and the matched server. These include but not limited to client referrer and cookie as well as IP address and server IP/port. Customizable pages for "target server not found" and "requires authorization" errors With IQRP two kinds of errors could occur: a 401 for authentication failure and a 404 a target server not found. For these, wouldn't you want to be able to assign custom pages with your company logo in it? What about a custom "sorry" message for 404? All is possible so why not?! Client connections pooled with dynamic load determination algorithm In your setup, the first request went to
server 192.168.1.10 and the next one needs to do the same? Why
disconnect and reconnect? Instead we offer a HTTP/1.1
"keep-alive" based solution that pools the client
connections (hundreds of them!) in single thread for fast
access. If you have many servers and want to use the load balancing feature, you may want to install IQRP on a separate computer in your LAN. Unless you expect to get millions of hits daily, Professional versions of Windows 2000 or XP might be enough. For serious usage, we recommend a server version of Windows 2000 or 2003. IQRP does not utilize Microsoft servers such as DNS or IIS so Windows 2003 Web Services Edition could be favored instead of Enterprise Edition to reduce cost. Since IQRP runs as a service, it runs even though no login takes place--in the background. So if a server restart takes place for some maintenance reason by another) admin, you would not need to manually restart.
|
|||||||||||||||
Caches
static and dynamic content for ultra-hi-speed later on serving