Portsmith is an application-based firewall that is designed to interact with authorized users, and offers an easy-to-use browser driven interface. Portsmith's unique features include its core logic and its interface. Its logic specifies that ports are kept in a closed position until an authorized user logs into the Portsmith interface and triggers them open. When opened, the ports are only accessible from the authorized user's current IP address.
Proto Balance is a load balancing and traffic management system that can handle up to 10,000 concurrent connections and 20,000 downloads per second. Proto Balance is a load balancer and TCP traffic port forwarder for high availability. It features an easy-to-use Web interface that requires minimal knowledge of networking and no command-line experience. Its target audience includes enterprise cluster providers, Internet service providers, and network administrators.
BinarySEC is an intelligent Web application firewall designed to suppress malicious traffic on Web sites and applications. Its artificial intelligence engine learns normal traffic and blocks malicious requests with very high accuracy. BinarySEC secures against a wide range of attacks, including cross-site scripting (XSS), SQL injection, command injection, PHP includes, parameter tampering, buffer overflow, directory traversal, attack obfuscation, and more. BinarySEC for Apache includes a graphical installer and a Web-based administration interface.
SafeSquid is a content filtering proxy server. It supports 'profiled' Internet access, a browser based interface, very fast throughput, DNS caching, content caching, pre-fetching, bandwidth control, virus scanning, ICP, CARP, and ICAP clients, source, target, and time-based granular firewall style rules to allow or deny content like music, videos, Flash and Java applets, messengers, chats, cookies, ActiveX, scripts, etc., remote authentication, real-time text and image analysis for blocking pornography, and an URL filter.
mod_auth_nufw is a Single Sign On Apache module which performs secure user identification and authentication, based on the Nufw firewalling suite. Nufw marks all connections of a network with a unique UserID. This module takes advantage of that mark and uses it to transparently identify and authenticate users requiring access to an Apache server.
NatACL is a Linux firewall group policy controller for intranets and Internet. Using a internal DHCP server, it can force users to use a DHCP client, and you can block static IPs. It will bind an IP to a MAC address and enforce this usage. You can control groups that can see each other with intranet policies, or control who has access to the Internet. It also has an option to force users to authenticate themselves over the Web before accessing the Internet.
ffproxy is a filtering HTTP/HTTPS proxy server. It is able to filter by host, URL, and header. Custom header entries can be filtered and added. It can even drop its privileges and optionally chroot() to some directory. Logging to syslog() is supported, as is using another auxiliary proxy server. An HTTP accelerator feature (acting as a front-end to an HTTP server) is included. Contacting IPv6 servers as well as binding to IPv6 is supported and allows transparent IPv6 over IPv4 browsing (and vice versa).
Pound is a reverse HTTP proxy, load balancer, and SSL wrapper. It proxies client HTTPS requests to HTTP backend servers, distributes the requests among several servers while keeping sessions, supports HTTP/1.1 requests even if the backend server(s) are HTTP/1.0, and sanitizes requests.
TrustWall HTTP Proxy protects your internal Web server by acting as an inbound proxy (like a reserve Squid proxy). It can also work as a secure outbound proxy to protect your browser client. It allows you to inspect almost every detail of the HTTP protocol headers, including the URL request line, the server version, user-agent, referrer, cookie, query, etc., in a easy-to-use script-like configuration file. This program is generally considered an "Expert Tool"; you will need knowledge of the HTTP protocol to configure the proxy properly.