Pound is a reverse HTTP proxy, load balancer, and SSL wrapper. It proxies client HTTPS requests to HTTP backend servers, distributes the requests among several servers while keeping sessions, supports HTTP/1.1 requests even if the backend server(s) are HTTP/1.0, and sanitizes requests.
DeleGate is a multi-purpose application level gateway or proxy server that mediates communication of various protocols, applying cache and conversion for mediated data, controlling access from clients, and routing toward servers. It translates protocols between clients and servers, converting between IPv4 and IPv6, applying SSL (TLS) to arbitrary protocols, merging several servers into a single server view with aliasing and filtering. It can be used as a simple origin server for some protocols (HTTP, FTP, and NNTP).
'NTLM Authorization Proxy Server' (APS) is a proxy software that allows you to authenticate via an MS Proxy Server using the proprietary NTLM protocol. APS has the ability to behave as a standalone proxy server and authenticate HTTP clients at Web servers using the NTLM protocol. It can change arbitrary values in your client's request headers so that those requests will look like they were created by MS IE. It is written in Python 1.5.2.
SafeSquid is a content filtering proxy server. It supports 'profiled' Internet access, a browser based interface, very fast throughput, DNS caching, content caching, pre-fetching, bandwidth control, virus scanning, ICP, CARP, and ICAP clients, source, target, and time-based granular firewall style rules to allow or deny content like music, videos, Flash and Java applets, messengers, chats, cookies, ActiveX, scripts, etc., remote authentication, real-time text and image analysis for blocking pornography, and an URL filter.
ffproxy is a filtering HTTP/HTTPS proxy server. It is able to filter by host, URL, and header. Custom header entries can be filtered and added. It can even drop its privileges and optionally chroot() to some directory. Logging to syslog() is supported, as is using another auxiliary proxy server. An HTTP accelerator feature (acting as a front-end to an HTTP server) is included. Contacting IPv6 servers as well as binding to IPv6 is supported and allows transparent IPv6 over IPv4 browsing (and vice versa).
NatACL is a Linux firewall group policy controller for intranets and Internet. Using a internal DHCP server, it can force users to use a DHCP client, and you can block static IPs. It will bind an IP to a MAC address and enforce this usage. You can control groups that can see each other with intranet policies, or control who has access to the Internet. It also has an option to force users to authenticate themselves over the Web before accessing the Internet.
TrustWall HTTP Proxy protects your internal Web server by acting as an inbound proxy (like a reserve Squid proxy). It can also work as a secure outbound proxy to protect your browser client. It allows you to inspect almost every detail of the HTTP protocol headers, including the URL request line, the server version, user-agent, referrer, cookie, query, etc., in a easy-to-use script-like configuration file. This program is generally considered an "Expert Tool"; you will need knowledge of the HTTP protocol to configure the proxy properly.
BinarySEC is an intelligent Web application firewall designed to suppress malicious traffic on Web sites and applications. Its artificial intelligence engine learns normal traffic and blocks malicious requests with very high accuracy. BinarySEC secures against a wide range of attacks, including cross-site scripting (XSS), SQL injection, command injection, PHP includes, parameter tampering, buffer overflow, directory traversal, attack obfuscation, and more. BinarySEC for Apache includes a graphical installer and a Web-based administration interface.
mod_auth_nufw is a Single Sign On Apache module which performs secure user identification and authentication, based on the Nufw firewalling suite. Nufw marks all connections of a network with a unique UserID. This module takes advantage of that mark and uses it to transparently identify and authenticate users requiring access to an Apache server.