Web Safety RC 6.0 for Squid Proxy

We are happy to announce the next version of Web Safety ICAP web filter for Squid proxy (version 6.0.0.EF8F, built on December 12, 2017) as Release Candidate.

This version contains the following fixes and improvements:

  • Added ability to block comments and related videos on YouTube.
  • Admin UI updated from Django 1.8.17 to Django 1.11.7 (breaking change!)
  • The backup/restore functionality was completely redesigned. It is now possible to directly import configuration backup from older version of the product.
  • Added special community build of the product. This build is based on FOSS components and does not cost a cent to run. Squid proxy, Admin UI to manage it, Traffic Monitor and ClamAV eCAP antivirus are included.
  • Due to the community version added we had to change the license scheme, license keys from versions <= 5.2 are not applicable for version 6.0+ and need to be regenerated. Please contact support@diladele.com to regenerate your license key free of charge.
  • Added support for haproxy’s PROXY protocol, now it is possible to know the user’s IP in cluster deployments. Policies can be applied by the IP address/range/subnet and not by only Active Directory.
  • Kerberos REALM field is moved to UI/Squid/Auth/Kerberos. Now is possible to use NTLM or LDAP authentication without configuring any Kerberos setting at all.

The version is available from https://www.diladele.com/download_next_version.html. It is recommended to use Ubuntu 16 and CentOS 7 based virtual appliances in production. Direct links to virtual appliances are:

The final release is expected to take place at the end of January 2018. We are now slowly updating our docs site and all integration tutorials and continue acceptance tests on all platforms.

Please use this build in non critical production deployments. Your questions/issues/bugs are welcome at support@diladele.com. Thanks to all of you for making this possible!

Next version will include Google Safe Browsing protection as URL rewriter. Join our community to get early access to next development builds (see https://www.diladele.com/community.html).

 

 

Posted in Linux | Leave a comment

Shalla block list in Web Safety

It is possible to use Shalla block list from http://www.shallalist.de with Web Safety. You would need to run the following commands.


# set current working dir
cd /opt/websafety/var/spool/categories_custom
# download block list
wget http://www.shallalist.de/Downloads/shallalist.tar.gz
# unpack block list
tar -xvf shallalist.tar.gz
# move one dir up to match the folder structure needed for web safety
mv BL/* .
# and reset the owner
chown –R websafety:websafety ./*

Now, open UI / Safety / Settings / Third Party Lists and ensure the folders from Shalla lists were correctly imported into Web Safety UI. To adjust what Shalla category is to be blocked in a given policy, navigate to UI / Safety / Policy / Rule / Custom Categories and select those categories that needs to be blocked.

Click Save and Restart afterwards.

Posted in Linux | Leave a comment

Web Safety 5.2 Release Candidate

Update: Web Safety 5.2.0.210A is released today (Nov 14, 2017). Get virtual appliance at  https://www.diladele.com/virtual_appliance.html

The version 5.2.0.210A of Web Safety ICAP web filter for Squid proxy is announced as Release Candidate. It is now ready for broad deployment to production systems. The code is complete and anything new will only be added to the upcoming 5.3.

This version contains the following fixes and improvements:

  • Added management sections for Squid cache (refresh patterns) and logging submodules to Admin UI. It is now very easy to enable different log level for a separate Squid module to make troubleshooting simpler.
  • New version of definition files database. Some categories were combined to make the usage more straightforward, several new categories added.
  • Added support for “brotli” transfer encoding, greatly improving filtering on YouTube and other Google services.
  • Improved correctness of traffic monitoring reports built over the Squid access logs.
  • Added support for recently released pfSense 2.4. Also dropped support for FreeBSD 10 and added FreeBSD 11.

The version is available from https://www.diladele.com/download_next_version.html. It is recommended to use Ubuntu 16 and CentOS 7 based virtual appliances in production. Direct links to virtual appliances are:

Final release is expected in two weeks (approx. 15 of November, 2017).

Next version 5.3 will contain eCAP based ClamAV adapter antivirus from Measurement Factory (except for FreeBSD 11), support for haproxy’s PROXY protocol and proxy pseudo authentication based on IP to Active Directory open source project Active Directory Inspector (see https://github.com/diladele/active-directory-inspector). Builds of 5.3 for now is in beta stage and thus freely available to Early Adopters community.

Thanks to all of you for making this possible!

 

Posted in Linux | Leave a comment