Cost Effective High Availability Transparent Web Caching with Content Filtering for University of Kelaniya, Sri Lanka

Abstract

The rapid growth of Internet usage at University of Kelaniya with the concept of “Bring Your Own Device” have increased issues with traditional proxy systems. The key problem is to introduce a suitable web caching system with content filtering which will enable end users to access internet without setting up proxy server details on their devices. On this study it is intended to analyse the network flow of University of Kelaniya and introduce a transparent system which will cache and filter the content according to university’s existing policies. The implementation should be a cost effective and a high availability caching mechanism which will allow users to browse internet without changing their browser settings. This will introduce a free and open source proxy system “Squid” and a content filtering system, “DansGuardian” on two dual NIC Linux boxes based on Ubuntu operating system and will be placed between Local Area Network and the firewall. Squid is a FOSS proxy widely used in the community as a traditional proxy provider. In this scenario squid will be configured as a transparent proxy which will listen on port 3128, using Linux IP tables all http traffic coming to LAN side interface will be redirected to port 8080. Default gateway for the servers will be the firewall while all internal subnets will be routed to LAN L3 devices by the servers. Between L3 device and servers, load balancing will be done based on port grouping. Before forwarding cached traffic according to squid rules, they will be checked against the content filtering policies of DansGuardian which listens on port 8080. Once content filtering is done it will be sent to the requester. End users are configured with DHCP and with No-Proxy browser settings and therefore they may not notice any traditional proxy as all caching and filtering will be transparent to the users. After testing and fine tuning wireless users for 2 months, the system was integrated for the whole network. As an influencer for BYOD, removing existing proxy settings enabled any authorized user to access the Internet through the local network. Number of detected end computers were drastically rising and therefore high bandwidth necessity was also going up. Analysing loading times and bandwidth peaks, it was confirmed that the system was stable. This made the subscribed Internet use rise up to 100% on peak times and more than 50% on off peak compared to 80% and 10% record for the traditional proxy. User comments were also positive than for the previous system as now they can bring their devices and do the browsing without consulting IT helpdesk for the proxy settings. Implementation of the transparent proxy in University of Kelaniya was the first long term transparent proxy installations in a Sri Lankan University which influenced other institutes to adopt the concept. Only downfall was this implemented system cannot detect or cache https traffic which were encrypted. Web caching and content filtering is crucial when it comes to network bandwidth considerations. In a university it has to be done with saving advantages for Education. The implemented system is a cost effective and reliable solution to address the problem on government and educational background. This will allow any authorized user to access network with their own device without any major changes.