CacheGuard is an Enterprise Grade Web Security Gateway providing firewall, web antivirus, caching, web compression, URL filtering, forward/reverse proxy, web load balancing, WAF, antivirus, bandwidth shaping and more.
The High Availability function is the the heart of CacheGuard using RAID, link bounding, VRRP, cache sharing. An SNMP agent is integrated into the appliance and the appliance can send traps if something goes wrong.
CacheGuard is available as an OS appliance to install on a hardware or virtual machine of your choice. You can implement it transparently in any existing architecture as your main central point where all the Web traffic passes through.
CacheGuard is based on a hardened Linux system built from scratch (with LFS) and integrates netfilter and iproute2, squid, squidGuard, apache, modSecurity, clamAV and multiple other open source products interfaced together as a whole to allow an easy and straightforward configuration using the CLI or the Web GUI.
- OS Appliance: LFS Linux based
- Proxy and Reverse Proxy: Squid, Apache
- URL filtering with blacklists and white lists: SquidGuard
- Antivirus at the Gateway: ClamAV, c-icap
- Firewalling, NAT/PAT: Linux netfilter/iptables
- QoS Traffic Shaping: Linux iproute2/tc
- Web server load balancing: Squid, Apache
- WAF (Web Application Firewall): modSecurity
- SSL Terminator: OpenSSL
- SSL Mediation (inspection, caching)
- Web Caching: Squid, Apache
- HTTP compression; Apache, ecap
- Traffic Logging: Squid, Apache
- LDAP Autentication: OpenLDAP
- Web based configuration: Apache
- Online commands configuration: bash, SSH
- Integrated SNMP agent: Net-SNMP
- RAID support: Linux/mdadm
- VRRP support: keepaliaved
- Link Bonding: Linux bonding
- Backup/Restore applicance: bash script
Reliable, robust and mature project with lots of high availability features to ensure service continuity.
Cacheguard is the best and easy to use transparent proxy I have ever used! Even if there are some constraints in the installation process (requires its own machine), once installed and some basic network configuration is done, it is straightforward to configure. We use it in our company especially to filter malware and also for web caching. The traffic shaping is basic but serves its purpose. Nice integrated solution!
CacheGuard is different from other web security solutions by being bi-directional: it secures web traffic initiated from applications/machines/users placed in trusted zones to Internet (untrusted by default) AND web requests incoming from untrusted zones to your web applications. It offers many security features in the same box such as: firewall (Linux netfilter/iptables), proxy cache (I assume squid), WAF (based on apache/mod_security), traffic shaping (Linux)... CacheGuard is interesting because it has a real CLI (Command Line Interface). You can configure it using an SSH client and/or you can configure it using a navigator (tested Firefox and works fine with it). What I really appreciated in CacheGuard is the notion of “apply” a whole configuration at one time. With this method the integrity of the configuration and compatibility between different saved parameters are verified when you finish configuring the appliance and want to activate them. The disadvantage with CacheGuard is that even though the administration/configuration is straightforward for network/security experts it is not a plug and play solution for the non specialized audience. Very nice project! I recommend it if you are a system/network/security expert and need a unique access point to exchange web traffic from/to Internet to/from your infrastructure.