Dear squid users, we are developing a Java-based tool to analyse content filtering rules (acl, http_access,...) for squid. The objective is to provide administrators with a tool able to help them in identifying potential mistakes in the squid configuration. More in detail, the aims are: - identifying conflicts and anomalies in squid configuration file - presenting anomalies to the administrators for further decisions (e.g., mistakenly empty rules, acl intersection areas, hidden rules) - optimising rules by removing redundant or shadowed rules The conflict model is the geometric/algebraic one presented in this paper: http://security.polito.it/doc/pub_r/policy2008.pdf The tool fully supports basic set operations for all the acl types in squid v3.0 (IP addresses, ports, proto and all the ones based on regular expressions, ...). The workflow of the tool is briefly: - read and parse squid.conf for content filtering rules (internal geometric rule representation) - analyse rules for potential conflicts and anomalies - interact with the administrators - export the optimised and anomaly-free squid.conf We finished the conflict detector and resolver engine, the parser and we are improving the GUI for reporting the anomalies to administrators. We guess we will have the beta version in a couple of week. We will be glad if you can give your opinion about the tool (especially about improvement and integrations) in order to make it as effective as possible. For this, if there is some developer/administrator that is interested in using/testing it (or at least providing us with a few real configuration files) it will be very useful. Regards, Cataldo Basile Alberto Cappadonia
<<attachment: smime.p7s>>
