Version History

9.1 built on February 4, 2024 (Develop)

  • No changes from 9.0 only build number is now 9.1.

Warning

Please note this build is in the development stage and may contain not-yet-implemented or wrongly working parts. Please do submit issues on GitHub for anything that does not work right, see https://github.com/diladele/websafety/milestones.

9.0 built on January 4, 2024 (Stable)

  • Added support for Ubuntu 22.04 LTS. This version is used in virtual appliance and is recommended for production use.

  • Added support for Squid 6.6.

  • Discontinued support for Ubuntu 20.04 LTS, RHEL and Docker.

  • Rewritten definition files updater module.

  • Traffic Reporting module is completely rewritten in C#. Daily database storage is moved from CSV files to SQLite databases. Several custom reporters are removed.

  • Removed most broken functionality for YouTube channel and video filtering. YouTube header restriction module is still working as expected.

  • Small changes in ICAP web filtering module.

  • Optimization in squid logging daemon, access log storage scheme is moved to ‘YYYY-MM-DD.access.log’ custom storage format instead of default flat access log file (required for new Traffic Monitoring module).

8.7 built on November 10, 2023 (Old Stable)

  • Added support for management of SNMP configuration, it is now quite easy to monitor the Squid SNMP values using, for example, Zabbix.

  • Added Advanced ACLs filtering rule, it is now possible to use various acls to create complex combined web filtering expressions.

  • Added support for enforcing Microsoft Tenant Restrictions V1 and V2.

  • Improved matching of Active Directory security groups as members of web filtering policies. It is now possible to select groups by primaryGroupID user attribute, thus selecting, for example, Domain Users in the web filtering policies will now work as expected.

  • Performance improvements in Web Filtering and Traffic Reporting modules.

8.6 built on August 16, 2023

  • Added support for Debian 12

  • Dropped support for Debian 11

  • Dropped support for network management in Debian 12, you now have to use usual manual commands to setup IP address configuration on that platform. Network management in Ubuntu 20.04 continues to work as usual.

  • Internal deployment scheme of the application is switched to venv in preparation of switching to Ubuntu 22.04 LTS in the next version.

  • Fixed errors in reporting module which led to rarely failing generation of a daily report.

  • Added ability to exclude domain names from filtering using regular expressions.

  • It is now possible to configure the max size of reporting CSV files to render in the Admin UI.

  • Django framework switched to version 4.2.4, Python pandas to 2.0.3, some reports are re-implemented on the new Pandas version.

  • Fixed rendering issues in Advanced Exclusion Lists.

  • SSLDB is now stored in /var/spool/squid/ssldb (needed for later use in Kubernetes in Cloud Proxy)

  • Cache folder for Squid proxy is moved to /var/spool/squid/cache (also needed for later use in Kubernetes in Cloud Proxy)

8.5 built on April 23, 2023

  • Captive Portal module is redesigned and reimplemented.

  • Added ability to authenticate by Google OAuth in Captive Portal.

  • Improved handling of authenticated users in Captive Portal with Azure Active Directory backend.

8.4 built on February 10, 2023

  • Added the notion of Exclusion Lists. It is now possible to enable pre-configured and automatically updated exclusion lists for Microsoft Office sites, Python development sites and Apple related sites. The list of exclusions will be expanded as required.

  • Administrator can also configure custom exclusion lists.

  • Application is now able to notify administrator of the upcoming expiration of Trusted Root CA certificate.

8.3 built on November 30, 2022

  • Fixed small issue in custom report generation module of the Traffic Reporter.

  • Active Directory Inspector pseudo proxy authentication is now completely discontinued. It is recommended to use Captive Portal Authentication instead.

  • Added Microsoft Azure Tenant Restrictions, proxy is now able to ensure that only tenants of your Azure Active Directory can sign in into Microsoft Office apps.

  • Added module to send license expiry notifications 10, 5 and 3 days prior to actual license expiration to minimize downtime.

  • HTTPS decryption can now contain admin specified list of Always Decrypted Targets.

  • Added ability to configure Upstream Proxy in Admin UI.

  • Added ability to configure the list of domains which will be skipped from the Traffic Reports.

  • Added support for Squid 5.7 in latest virtual appliance.

  • Virtual Appliance for VMware vSphere/ESXi is now created on ESXi 7.

8.2 built on September 22, 2022

  • C++ core moved to boost 1.80, added support for OpenSSL 3.0

  • Added ability to override various api keys and port settings to ease deployments in Docker and Kubernetes.

  • Added GEO IP blocking module to limit connections to IP addresses by country name.

  • Updated Kerberos integration guide, it is now recommended to use the AES256-SHA1 crypto settings when generating keytab for proxy authentication.

  • Fixed errors in reporting module that sometimes resulted into the high CPU usage on large proxy deployments.

  • Added protection from parallel runs on reporting module on large proxy deployments where next day instance of reporting was started before the previous was fully completed.

  • Admin UI now requires at least Django 4.

  • Admin UI upgraded to run on latest version of jQuery.

  • Fixed error with wpad/proxy pac file not available via plain HTTP.

  • Missing certificates for HTTPS intermediates are now downloaded automatically.

  • Breaking change - added support for RHEL 9.

8.1 built on May 22, 2022

  • Breaking Change - by default Admin UI is now running on HTTPS. Default certificate is self-signed so you might need to click through the Self Signed Warning at the first connection. On HTTP port there is now a placeholder that explains this change and also contains the automatic redirect script and button to switch to continue through HTTPS.

  • Added new proxy authentication scheme - Captive Portal. It can be used to authenticate users to modern Microsoft Azure Active Directory (cloud directory) as well as normal on-premises Active Directory and Local Users Database.

  • Added support for Squid 5.5 on Ubuntu 20. The virtual appliance and Microsoft Azure and Amazon AWS images are now based on this version too.

8.0 built on February 27, 2022

  • Added support for Squid 5.2 on Ubuntu 20. The virtual appliance and Microsoft Azure and Amazon AWS images are now based on this version too.

  • Updates of definition files are performed using new updates.diladele.com server. Updates should be faster now.

  • Technical Change - internal ICAP web filtering modules are moved to boost 1.77. More standard C++ libraries are used now.

  • Removed some decommissioned and non-working functionality in YouTube guard module.

  • Removed some old settings from Admin UI that are not supported by Squid 5 (for example, no more dns_v4_first setting present).

  • Breaking Change - default user in the Admin UI is now named admin instead of root as before. This is to strictly separate the operating system level users and application users.

  • Breaking Change in virtual appliance - default operating system user root is now only able to login using console; remote login using ssh is disabled. This is to prevent security issues in default deployments when administrator forgets to change the default credentials.

  • Improved drill downs in custom reports; reports module is faster (rewritten in golang); Admin UI of Traffic Manager is improved.

  • Dropped Raspberry PI complation/support; the system is too underpowered for a full scale web filtering solution.

7.6 built on June 15, 2021 (Very Stable)

  • The base OS for the virtual appliance is now Ubuntu Linux 20.04 LTS. A lot of small fixes in the Admin UI because of base OS upgrade.

  • Admin UI is based on Django 3.1.7 now.

  • The application runs using Python 3.8 now (standard on Ubuntu 20.04 LTS).

  • Due to CentOS operating system shutdown we have moved to RedHat RHEL 8.

  • Required Debian OS version is now Debian 11.

  • Fixed YouTube filtering errors in Google Chrome and Microsoft Edge.

7.5 built on October 8, 2020

  • Added support for Squid 4.13 on Ubuntu 18/Debian 10.

  • Added upload size monitoring to all reports (top uploaders, top uploaded domains, URLs, etc).

  • Better YouTube periodic report with drill down per user.

  • Other small improvements in Traffic Monitoring and Reporting.

  • Added UI setting to dump Squid’s access log records to syslog.

  • Fixed error with hidden reporting for designated policies.

  • Built on Django version 3.1.2 and C++ boost 1.73.

7.4 built on May 10, 2020

  • Fixed an issue with cluster traffic log uploads from more than two cluster nodes.

  • Statistics storage optimized, the CSV files are packed as GZ files, reducing the storage requirements up to 10 times.

  • Added ability to limit bandwidth usage per policy (bandwidth throttling is implemented using delay pools).

  • Fixed issues with rotating of Web Safety logs.

  • Added support for Squid 4.11 on Ubuntu 18/Debian 10.

  • Virtual appliance generation infrastructure moved to VMware ESXi 6.7 so some unknown issues might occur on older VMware vSphere/ESXi deployments.

7.3 built on March 3, 2020

  • Optimized all parts of the report generation module - the application now requires less time to build the reports and is able to handle reporting of more users than before.

  • Added a setting to allow automatic download of missing intermediate HTTPS certificates. Disabled by default.

  • Fixed some minor issues in report generation, added more debug output to the report log allowing for better understanding how much time was spent during reporting.

  • Added support for Squid 4.10 on Ubuntu 18/Debian 10.

  • Improved cluster configuration sync. The client nodes are able to upload the Squid’s access logs to the server node. The report building process at server node can now create integrated traffic history for the whole cluster.

  • It is now possible to completely disable traffic monitoring and reporting from the Admin UI.

7.2 built on December 18, 2019

  • Breaking change: all filtering daemons of Web Safety (ICAP, Google Safe Browsing, YouTube Guard, Traffic Monitor) are run as proxy user (Debian, Ubuntu) or squid user (CentOS). Admin UI continues to run as websafety user.

  • Breaking change: single Web Safety package was split into two packages - websafety-core and websafety-ui. This allows to have an alternative (third party) UI for other UI integrated distributives like pfSense. It also allows for faster development cycle in UI with more frequent releases for websafety-ui package.

  • Breaking change: fully redesigned/simplified reporting subsystem. Web Safety ICAP server now returns scan information to Squid proxy that dumps it into access log. Special report generation scripts are responsible for processing Squid logs and generating daily/monthly/yearly proxy usage reports much like ligthsquid/sarg do. Report module is also capable of parsing normal Squid access log without additional information from Web Safety filter thus making it appropriate for usual access log reporting tasks. There is also no more need for MySQL database greatly improving overall virtual appliance performance.

  • Application can now be installed on CentOS 8. Installation on CentOS 7 is not supported any more.

  • Dropped support for FreeBSD/pfSense installation. We might come with a new product for these platforms but for now it is just too much efforts for our small team.

  • Added support for Squid 4.9 on Ubuntu 18/Debian 10.

  • Completely rewritten implementation of cluster configuration sync.

  • Product is now based on Django version 3.0.0.

7.1.0.2DB9 built on July 30, 2019

  • Squid 4.8 for better stability and performance.

  • Added support for Debian 10.

  • Removed support for Debian 9.

  • A lot of smaller changes in Admin UI and Traffic Reporting.

7.0.0.7A5E built on December 21, 2018

A lot of breaking changes in the development stack.

  • Base platform moved to Ubuntu 18 LTS.

  • Required Python version is now 3 instead of 2.

  • Required Django version is now 2.1.2 instead of 1.11.

  • Squid proxy is now version 4.4.

  • FreeBSD 11, pfSense 2.4 and Raspbian 9 builds are available (status is still experimental)

6.4.0.2517 built on July 5, 2018

  • YouTube Guard filtering daemon now runs as a separate process. This allows to filter traffic by both Google Safe Browsing and YouTube modules.

  • UI of YouTube filtering rules is completely rewritten, it is now possible to selectively filter YouTube videos by policies (enable for students, disable for staff).

  • Fixed error in policy filtering exclusions by remote domain IP address.

  • Added initial support for Ubuntu 18 LTS and Squid 4.

  • Added advanced field to manually add to NIC management file /etc/network/interfaces on Ubuntu 16 and Debian 9.

  • Builds for FreeBSD(pfSense) are not produced any more, please use version 6.3 if you require running Web Safety on FreeBSD(pfSense). We are now trying to build a separate product for pfSense platform.

  • Added experimental YouTube guard module. The module allows administrator to limit the watched videos on YouTube by video category, channel ID and video ID. The module is implemented as Squid’s URL redirector hence it cannot work together with Google Safe Browsing URL redirector. The status of the module is experimental thus user feedback is needed to decide it this module is worth including into production build.

  • Completely redesigned and reimplemented the Surfing Now module. It is now easier to see what sites are browsed most and what sites are blocked most currently.

  • Added CTIRU list of prohibited URLs. Schools in the UK are required to block access to contents from the CTIRU list.

  • Fixed error when squidclient was not able to get the runtime information from squid in cluster deployments utilizing PROXY protocol.

  • Added Dynamic categorizers for Dating, Weapons, Alcohol, Games.

  • Various smaller fixes and improvements.

  • Added new dynamic site categorization module. This module works on both requests and response. When categorizing requests URL, Referer and Host headers are scanned. When categorizing responses - textual contents of pages are scanned. Currently there are dynamic categorizer for Nudity Pornography, Adult Themes Sexuality, Drugs and Gambling categories, but more and more categorizers will be added with each release. We target to finally have all available categories covered.

  • Redesigned and reimplemented deep content inspection engine. The speed of content inspection is a little improved. Detection is now done faster. The amount of used RAM when performing adult language detection is greatly decreased (approx 10 times).

  • Builds for Raspberry PI are not produced any more, please use version 6.1 if you require running Web Safety on Raspberry PI.

  • Web Safety is now being published on Microsoft Azure Marketplace.

Older Versions

  • Changes for the older versions of the product are removed for clarity.