-
Notifications
You must be signed in to change notification settings - Fork 1
Changes
| Version | Latest Release | Date | Features added |
|---|---|---|---|
| 1.0 | x | x | Dansguardian V1 |
| 2.0 | 2.12 | Jul 01 | Dansguardian V2 |
| 3.0 | 3.0.4 | May 14 | My name is E2guardian (Dansguardian fork) pre-release |
| 3.1 | 3.1.2 | Jun 14 | Global code review Man in the middle Check certificates |
| 3.2 | 3.2.0 | Aug 15 | Update SSLMITM |
| 3.4 | 3.4.0.3 | Jan 16 | Squid Log Format |
| 3.5 | 3.5.1 | Feb 17 | Bug fixes |
| 4.0 | 4.0.2 | Jan 17 | pre-release |
| 4.1.0 | 4.1.5 | Apr 17 | The parent children process model is replaced by a queue/threads based model Global code review Change lists with no interruption of service |
| 5.0 | 5.0 | Jan 18 | pre-release |
| 5.1 | 5.1.2 | Jun 18 | E2guardian can be used like a proxy (without identification) E2guardian can be used with Docker It can be an ICAP server Storyboard's logic added |
| 5.2 | 5.2.2 | Aug 18 | Global code review It can be an ICAP client |
Words in CAPITALS are the corresponding pre complier directives. Tuning settings introduced/changed:
-
mapauthtoports conf option added - when off scans all auth plugs on every listening addr/port, when on maps auth plugins to addr/ports, default on
-
Added, nonstandarddelimiter per filtergroupe By frederic Bourgeois
-
mapportstoips conf option added - when off listens on every filterports on every IP address,
-
when on maps filterports to filterip's, default on
-
maxlogitemlength now defaults to 2000. Unlimited option removed due to potential buffer overflow issues.
Logic Changes:
Rewrite of main process loop to reduce dependency on select() call which limited the number of child processes. Use of epoll() on Linux systems makes the engine faster, more efficient and scaleable.
Note that the logic for handling SSL is changed. In DG when either blanket block (or SSL blanket block) was active then an SSL site would not be blocked if site name matched either exceptionsitelist or greysitelist. In e2guardian with blanket block (or SSL blanket block) active an SSL site will only be allowed if it matches exceptionsitelist or greysslsitelist. This ensures that only trusted sites can be accessed via SSL. The greysslsitelist is used in order to allow a site to drop through so that it's domain can be mangled via urlregexplist, e.g. To use the Google mechanism for prevention of https Google search, or to allow an SSL site whilst blocking the corresponding http: site.
Maxlogitemlength code moved into ConnectionHandler.cpp so as to prevent very large URLs corrupting log messages and to lower load on inter-process communication.
-
URL cache - Cache is now only checked (or added to) if URL is less than 2000 bytes and method is GET.
-
Emtpy list set issue fixed - was causes failure of logging and URLcache processes when filtergroup was set to block all.
-
Authentication Plug-ins:
-
Port based auth plug-in - filtering group assigned by destination port. To use this feature mapauthtoports must be set to 'off'. Complied as standard.
-
DNS Authentication – PRT_DNSAUTH - DNS based auth plug-in for use with Protex authentication system. To enable this use configure option --enable-dnsauth
-
New Lists:
-
Total Block List – TOTAL_BLOCK_LIST - Ability to read total block lists from stdin on startup – List cannot be overridden. To enable this use configure option --enable-totblock
-
Local Presidence - Local versions of lists added (localsiteexceptionlist, localurlexceptionlist etc). LOCAL_LISTS. Logic flow changed so that all local lists are checked before main lists so that they have presidence over main lists. To enable this use configure option --enable-locallists
-
Search Word blocking – SEARCHWORDS – Specific search word blocking - bannedsearchlist, bannedsearchoveridelist, localbannedsearchlist added. Searchregexplist is used to extract search words from search engine url call. The existing weighted search word block is also retained, but note that searchregexplist is used instead of searchengineregexplist to determine a search url and extract the search terms. Compliled as standard.
-
Referer Exceptions – REFEREXCEPT – Exceptions based on URL in refering url. Refererexceptionsitelist and refererexceptionurllist added. Also embededreferersitelist and embededrefererurllist. Compliled as standard. To disable use configure option --enable-refererexception=no.
-
Add an http header based on url regex – ADDHEADER – addheaderregexplist – needed for YouTube for schools. Compliled as standard. To disable use configure option --enable-addheader=no.
-
Regular Expression Redirects – RXREDIRECTS – urlredirectregexplist – allows browser redirection to different site. Compliled as standard. To disable use configure option --enable-rxredirects=no.
-
Specific SSL lists added – SSL_EXTRA_LISTS – bannedsslsitelist , greysslsitelist + local versions. Complied as standard. To disable use configure option --enable-sslextralists=no. New Log Format:
Logging – two new logfileformats have been added which are easier to parse than the standard DG format. 5 – Protex format type 1 – Tab delimited, squid style format with extra fields for filter block/result codes, reasons, filter group, and system name – used in arrays so that combined logs show originating server. 6 – Protex format type 2 – Same format as above but system name field is blank – used in stand-alone systems. Messages file amended:
Amendments to messages file – user and log messages have been made more meaningful for the user and new messages added for the new list types introduced. A version of the messages file with legacy worded messages is provided as messages.alt (UKenglish only). Translations are required into other languages, please submit these to maintainer@e2guardian.org and these will be included in a future release. Other changes:
- URLs with # no longer truncated when reading lists
- Warning message about reporting level by Frederic Bourgeois
- Added, full banned URL, including parameters, for sslaccesdenied By frederic Bourgeois
- Fix Libpcre crash by Russell coker from Debian
- Fix BSD crash (process forking out of control) By Philip Pearce and Martin Coco
Unofficial DansGuardian release code incorporated into e2guardian:-
June 2013 - DansGuardian 2.12.0.7
-
Added, DansGuardian now supports epoll (partial and Linux only), bringing large increases in performance and scalability to Linux System - By Philip Pearce (e2bn.org) This feature must be used with --with-filedescriptors=N compile option.
-
Fixed security bug, Dansguardian uses -USER- and -REASONGIVEN- that are replaced with what is necessary. In the authentication if we input html code or javascript it will include it on the error page, Thanks to Alfredo Sylva for report. - by frederic Bourgeois
May 2013 - DansGuardian 2.12.0.6
- Fixed Reportinglevel per filtegroup By frederic Bourgeois
- Added sslaccessdeniedaddress (fix HTTPS denied blanck page with reporting level 3 - only with firefox -) By frederic Bourgeois
- Added ssldeniedrewrite (fix HTTPS denied blanck page with reporting level 3, need an HTTPS website - By frederic Bourgeois
- Added zero value (optional) for some options, like maxcontentramcachescansize - By frederic Bourgeois
- Some minor efficiency improvements (remove GCC warning, etc) - By Frederic Bourgeois
April 2013 - DansGuardian 2.12.0.5 - alpha
- Increase max children to support large networks by Frederic Bourgeois This new option is used to define the number of file descriptors for DansGuardian on large system Need to recompile DansGuardian with the --with-filedescriptors=N compile option configure option --with-filedescriptors=N N=MaxChildren Max
January 2013 - Dansguardian 2.12.0.4 - alpha
- Set persistent cnx timeout in e2guardian.conf by Frederic Bourgeois
- Multiple auth fixed - checked only with one port - (crash fixed before patch #9) - by Frédéric Bourgeois
- French translation update (accents problem) - by Frédéric Bourgeois
- Added allow regex header filtering with greylist - Frédéric Bourgeois
- MITM issues null ceriticate end date value (fixed) - by Marcelloc
- Concat values resulting in /// on cert path (fixed) - by Marcelloc
- Mitm_magic check code does not work, even if you do not set any mitm key (disabled in code)(ConnectionHandler.cpp) - by Marcelloc
- Re-include general max_upload_size general option - use max_upload_size general value if not set in filtergrouplist - by Marcelloc
- Fixed maxuploadsize silently ignored - all posts blocked - (patch #12) by Frederic Bourgeois
- Applied patch 1 (allow regex filtering with greylist) - by Frederic Bourgeois
- Fixed minor compilation error - by Frederic Bourgeois
- Applied patch 13 (CONNECT broken due to attempted persistency) - by Nils Goroll