7.2 built on November 12, 2019 (Develop Release)
The following changes and improvements are included into this release.
- Breaking change: all filtering daemons of Web Safety (ICAP, Google Safe Browsing, YouTube Guard, Traffic Monitor) are run as proxy user (Debian, Ubuntu) or squid user (CentOS, FreeBSD). Admin UI continues to run as websafety user.
- Breaking change: single Web Safety package was split into two packages - websafety-core and websafety-ui. This allows to have an alternative (third party) UI for other UI integrated distributives like pfSense. It also allows for faster development cycle in UI with more frequent releases for websafety-ui package.
- Breaking change: fully redesigned/simplified reporting subsystem. Web Safety ICAP server now returns scan information to Squid proxy that dumps it into access log. Special report generation scripts are responsible for processing Squid logs and generating daily/monthly/yearly proxy usage reports much like ligthsquid/sarg do. Report module is also capable of parsing normal Squid access log without additional information from Web Safety filter thus making it appropriate for usual access log reporting tasks. There is also no more need for MySQL database greatly improving overall virtual appliance performance.
- Application can now be installed on CentOS 8. Installation on CentOS 7 is not supported any more.
- Dropped support for FreeBSD/pfSense installation. We might come with a new product for these platforms but for now it is just too much efforts for our small team.
- Added support for Squid 4.9 on Ubuntu 18/Debian 10.
- virtual appliance - http://packages.diladele.com/websafety-va/7.2/websafety.zip
Please note this build is in the development stage and may contain not-yet-implemented or wrongly working parts. Please do submit issues on GitHub for anything that does not work right, see https://github.com/diladele/websafety/milestones.
184.108.40.206DB9 built on July 30, 2019 (Stable Release)
The following changes and improvements are included into this release.
- Squid 4.8 for better stability and performance.
- Added support for Debian 10.
- Removed support for Debian 9.
- A lot of smaller changes in Admin UI and Traffic Reporting.
220.127.116.11A5E built on December 21, 2018 (Old Stable Release)
A lot of breaking changes in the development stack.
- Base platform moved to Ubuntu 18 LTS.
- Required Python version is now 3 instead of 2.
- Required Django version is now 2.1.2 instead of 1.11.
- Squid proxy is now version 4.4.
- FreeBSD 11, pfSense 2.4 and Raspbian 9 builds are available (status is still experimental)
18.104.22.1687 built on July 5, 2018
- YouTube Guard filtering daemon now runs as a separate process. This allows to filter traffic by both Google Safe Browsing and YouTube modules.
- UI of YouTube filtering rules is completely rewritten, it is now possible to selectively filter YouTube videos by policies (enable for students, disable for staff).
- Fixed error in policy filtering exclusions by remote domain IP address.
- Added initial support for Ubuntu 18 LTS and Squid 4.
- Added advanced field to manually add to NIC management file /etc/network/interfaces on Ubuntu 16 and Debian 9.
- Builds for FreeBSD(pfSense) are not produced any more, please use version 6.3 if you require running Web Safety on FreeBSD(pfSense). We are now trying to build a separate product for pfSense platform.
22.214.171.1246A built on May 30, 2018
- Added experimental YouTube guard module. The module allows administrator to limit the watched videos on YouTube by video category, channel ID and video ID. The module is implemented as Squid’s URL redirector hence it cannot work together with Google Safe Browsing URL redirector. The status of the module is experimental thus user feedback is needed to decide it this module is worth including into production build.
- Completely redesigned and reimplemented the Surfing Now module. It is now easier to see what sites are browsed most and what sites are blocked most currently.
- Added CTIRU list of prohibited URLs. Schools in the UK are required to block access to contents from the CTIRU list.
- Fixed error when squidclient was not able to get the runtime information from squid in cluster deployments utilizing PROXY protocol.
- Added Dynamic categorizers for Dating, Weapons, Alcohol, Games.
- Various smaller fixes and improvements.
6.2.0.FD48 built on April 13, 2018
- Added new dynamic site categorization module. This module works on both requests and response. When categorizing requests URL, Referer and Host headers are scanned. When categorizing responses - textual contents of pages are scanned. Currently there are dynamic categorizer for Nudity Pornography, Adult Themes Sexuality, Drugs and Gambling categories, but more and more categorizers will be added with each release. We target to finally have all available categories covered.
- Redesigned and reimplemented deep content inspection engine. The speed of content inspection is a little improved. Detection is now done faster. The amount of used RAM when performing adult language detection is greatly decreased (approx 10 times).
- Builds for Raspberry PI are not produced any more, please use version 6.1 if you require running Web Safety on Raspberry PI.
- Web Safety is now being published on Microsoft Azure Marketplace.
126.96.36.1995 built on January 15, 2018
- Added URL rewriter for Google Safe Browsing (Update API v4). It is now possible to check each URL for malware and malicious links. You would need to register on Google Cloud Platform and obtain your own API key. More information is at https://developers.google.com/safe-browsing/v4/get-started.
- Redesigned exclusions in UI. There is only one list of exclusions now. It is possible to further specify what exclusions are needed for each list entry. Supported exclusions are “Skip HTTPS decryption (SSL Bump)”, “Bypass proxy authentication”, “Bypass web filter and antivirus scan”, “Do not cache HTML pages” and “Bypass Google Safe Browsing”.
- The only recommended platform for production deployment is now Ubuntu 16. We have decomissioned the CentOS 7 as recommended for production use. CentOS 7 support regains experimental status. Experimental means we are not using it in everyday “eat-your-own-dogfood” deployments, but it is being normally tested though and can be used in most non mission critical deployments, labs and experiments.
188.8.131.52A63 December 18, 2017
- Added ability to block comments and related videos on YouTube.
- (breaking change!) Admin UI updated from Django 1.8.17 to Django 1.11.7
- The backup/restore functionality was completely redesigned. It is now possible to directly import configuration backup from older version of the product.
- Added special community build of the product. This build is based on FOSS components and does not cost a cent to run. Squid proxy, Admin UI to manage it, Traffic Monitor and ClamAV eCAP antivirus are included.
- (breaking change!) Due to the community version added we had to change the license scheme, license keys from versions <= 5.2 are not applicable for version 6.0+ and need to be regenerated. Please contact email@example.com to regenerate your license key free of charge.
- Added support for haproxy’s PROXY protocol, now it is possible to know the user’s IP in cluster deployments. Policies can be applied by the IP address/range/subnet and not by only Active Directory.
- Kerberos REALM field is moved to UI/Squid/Auth/Kerberos. Now is possible to use NTLM or LDAP authentication without configuring any Kerberos setting at all.
- Changes for the older versions of the product are removed for clarity.