Never Ending Security

It starts all here

Fastest proxy for home situation

Testing proxy servers that filter content based on a patter or malware database.

I tried several solutions and did some performance tests.

Test scenario:
– Banana pi with bananian linux with all updates
– 1 gbit for LAN and 415 MB for WAN (120 MB UPC internet connection)
– Privoxy (packages from Debian) and Polipo (latest stable) + havp from source (latest stable)
– Squid from source (latest stable) + squidclamav (latest stable) clamav-daemon + c-icap from Debian
– dnsmasq caching dns on and caching dns on synology and options rotate in resolv.conf
– polipo uses its own dnsresolver library
– crontabs that run every 5-15 minutes are disabled (to ensure they don’t intervene)
– clamav-freshclam that runs every 30 mins is disabled (to ensure they don’t intervene)
Load test:

1) services are cleanly restarted and test below runs 5 second later
2) rm -rf index.html* 1>/dev/null 2>&1 && time wget -p x 5

Proxyserver setup Test 1 Test 2 Test 3 Test 4 Test 5
Privoxy + HAVP + Libclamav 0m16.526s 0m15.970s 0m16.711s 0m16.774s 0m15.883s
Squid + c-icap _ squidclamav + clamdscanner (clamav-daemon running + cache deny all) 0m6.004s 0m5.552s 0m6.007s 0m6.090s 0m8.702s
Squid + c-icap _ squidclamav + clamdscanner (clamav-daemon running + TCP_CACHE_HIT enabled -default enabled) 0m3.250s 0m2.190s 0m2.745s 0m2.240s 0m2.475s
Polipo + HAVP + Libclamav 0m29.978s 0m31.428s 0m29.443s 0m29.417s 0m29.496s

– Squid is by far the fastest with C-ICAP and Squidclamav, enabling or disabling caching makes it still the fastest solution. Its even 10 seconds or more faster then the other solutions (Privoxy and Polipo).
– No special tweaking involved (yes Polipo can cache too and you can let it cache on a tmpfs partition)
– I am not sure if HAVP is the bottleneck in this case or the proxyserver the website is served too – HAVP should be optimized for the fastest CLAMAV usage – using libclamav but it seems HAVP + lightweight proxy is slow => a good test would be to use HAVP + Squid and see if it is still slow (HAVP is the reason) or it is fast (HAVP is optimized).

My advise would be to use Squid latest source and C-ICAP and SquidClamav to get the fastest browsing results.
Besided that, squidclamav can use the Google Safe Browsing DB encorporated in the Clamav which (IMHO) is more up2date then the daily malware browse lists I use in privoxy (actionsfile malware.txt) and polipo (/etc/forbidden).

One response to “Fastest proxy for home situation

  1. clash of clans hack no survey or password 11 May 2015 at 04:37

    Filled with powerful troops and buildings to expand, Clash
    of Clans is made better once you unlock the power to rule the lands.

Leave a Reply

Please log in using one of these methods to post your comment: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s