g3proxy

g3proxy is an enterprise-oriented generic proxy built in Rust for forwarding and controlling network traffic. It supports multiple proxy modes and is designed for performance, flexible routing policies, and security-focused traffic processing.

Key Features

• HTTP/1 and SOCKS5 forward proxy support
• TCP stream proxying, SNI proxying, and transparent proxying (TPROXY)
• Basic HTTP reverse proxy capabilities
• Proxy chaining with dynamic upstream proxy selection
• Flexible egress routing and customizable selection strategies
• TLS features including interception (MITM), decrypted traffic dumping, and protocol interception (HTTP, IMAP, SMTP)
• ICAP adaptation for integrating with third-party security products
• User authentication, per-user site configuration, and rich ACL/limit rules (ingress/egress/user-level)
• Metrics and observability integrations with detailed per-dimension monitoring
• Graceful reload for configuration changes

Use Cases

• Centralized enterprise forward proxy with policy enforcement and per-user controls
• Security inspection gateway using TLS interception and ICAP-based malware/DLP tooling
• Network traffic routing and failover via proxy chaining and egress selection

Limitations and Considerations

• Reverse proxy and NAT traversal capabilities are described as work-in-progress in the broader G3 project context
• TLS MITM and protocol interception require careful certificate management and may have compliance implications

g3proxy is well suited for organizations that need a fast, configurable proxy with strong access controls and traffic inspection options. Its Rust-based implementation and rich policy/routing features make it a solid foundation for enterprise proxy and security gateway deployments.