forked from e2guardian/e2guardian
-
Notifications
You must be signed in to change notification settings - Fork 0
/
e2guardian.release
112 lines (71 loc) · 5.01 KB
/
e2guardian.release
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
Tuning settings introduced/changed in v3.5.0:-
--------------------------------------------
Bug fixes and general improvements
e2guardian.conf
- logheadervalue - Log a specific value from header
- authplugin - Identification by header
- logformat - 7 = Squid Log File Format Secure extension
Tuning settings introduced/changed in v3.4.0:-
--------------------------------------------
- weightedphrasemode moved from e2guardian.conf to e2guardianfn.conf
- weightedphrasemode now defaults to 1 (was previously 0)
- naughtynesslimit now defaults to 50 (was previously undefined)
- originalip now off by default
- createlistcachefiles now defaults to off as is now depreciated
- new allowemptyhostcert option added (optional)
- new sslsiteregexplist added (optional)
- new logsslerrors option - gives more detail on openssl errors
- new textmimetypes option - allows content scan on non-text mime types
- new namesuffix option added - one log file by instance (syslog) -
Logic Changes in v3.4.0:-
-----------------------
- search term logic changed so banned_search_override works with both
search block list and with weighted search term.
- list_flags checked on lookups to avoid segv when lists not present
- Fix certificate generation with hostnames longer than 64 bytes (bug #96)
- SSLMITM Fix bug #96 Certificate Issues - requires X509_V_FLAG_TRUSTED_FIRST support in openssl
note requires openssl v1.0.2 or higher
- Add SNI support to MITM - note only works with openssh 1.0.1e or higher
- SSLMITM Reports error on ssl_connect failure - extra message (160) added
- SSLMITM Upgrade sha1 to sha256
Tuning settings introduced/changed in v3.2.0:-
--------------------------------------------
e2guardian.conf
- xforwardedforfilterip option added - restricts xforwardedfor to specified ip(s)
- gentlechunk option added - specifies number of children to spawn/kill every 5 seconds on gentle restart
- generatedlinkpath option removed as no longer used
- generatedcertstart option added - date/time in unix time of start of generated certificates
- generatedcertend option added - date/time in unix time of end of generated certificates
- monitorhelper option added - path of monitor helper script - allows feedback when system available and when cache not working
- monitorflagprefix option added - prefix path for status flag files - alternative method for feedback when system available and when cache not working
- monitorstart option added - monitorhelper start will be called and/or monintorflagprefix running flag file set when monitorstart children are available.
- dstatlocation option added - If non-blank 'sar like' stats will written to this file every 5 minutes, giving number of children, in use and free, munber of
connections and connections per second
- dstatinterval option added
- Maxuploadsize option removed as no longer used with e2guardian.conf
e2guardianfn.conf
- enablelocallists option added - replaces --enablelocallists configure option
- ssllegacylogic option added - default is off
- onlymitmsslgrey option added - allows mitm filtering on specified sites only
- mitmcheckcert option added - enables certificate checking of target hosts - default in 'on' - only switch 'off' for test purposes.
- nocheckcertsitelist option added - can be used to allow sites with self-signed certificates - only valid with mitmcheckcert = 'on'
Logic Changes in v3.2.0:-
-----------------------
Many configure options and their corresponding defines have been removed and replaced, where needed, by option flags.
This results in cleaner, more readable code
.
MITM code for explict proxy now working - see notes/ssl_mitm for details.
Rooms feature extended to white listing of sites for ip ranges - see notes/extended_rooms for details
Gentle reload logic changed so that reload is spread out over a period to minimise service interuption on large systems - see gentlechunk option.
Most user messages can now be translated - note new entries in messages file(s) - may need translation from English
Child spawning and removal code tidied up with much duplicate code removed to reduce undue stress on o/s when under heavy load, including
keeping children at minchildren level.
Cache failure is now reported back by child to main controler process, and while cache is not responding, no connections will be assigned to
children for processing. If monitorhelper and/or monitorflagprefix is defined then these will be called/written so that a monitoring
program can take appropriate action. - See configs/e2guardian.conf.in
A dummy test url 'internal.test.e2guardian.org' can now be used to test that e2g is functioning - with return OK if cache (and e2g) is working,
Will fail if cache is unreachable or e2g is not responding.
A long-standing content marking bug is now fixed. This will result in many
web pages being given a higher 'naughtyness' mark. As a result you may wish
to increase your users 'naughtyness' limits to avoid overblocking.
For changed/added features in e2guardian 3.0 not found in Dansguardian 2.12.0.3 see notes/e2guardian.release.v3.0