QuintoLabs Content Security 1.4.2 for Squid Proxy Server

Build Number 1.4.2.32d12

Issued on November 21st, 2011

Description

QuintoLabs Content Security is an ICAP server and URL rewriter that integrates with existing Squid proxy server and provides rich web and content filtering platform to sanitize Internet traffic passing into internal home/enterprise network. It may be used to block illegal or potentially malicious file downloads, remove annoying advertisements, prevent access to various categories of the web sites and block resources with explicit content.

The application is easily deployed and managed, requires minimal external dependencies, very robust and runs with excellent performance. Supports all major Linux distributions (Ubuntu, RedHat, Debian, Fedora) and Microsoft Windows.

This is the next minor release of the application. Previous release number is 1.4.1.f7c1c. All users are advised to upgrade.

Hardware & Software requirements

• 150 MB free disk space to install the application files and minimum 250 MB free disk space for temporary storage of the objects being scanned.

One of the following operating systems:

• Ubuntu Linux 10.04, 10.10, 11.04, 11.10
• Debian Linux 6
• RedHat, CentOS Linux 5, 6
• Fedora Linux 14, 15, 16
• OpenSUSE 11.3+, SUSE 13 Enterprise Linux
• Microsoft Windows Home Server (2011), Windows XP, Vista, 7, 8 DP, Windows Server 2003, 2008

One of the following Squid Proxy Server versions:

• Squid 2.7+ Stable (integrates as URL rewriter)
• Squid 3+ Stable (integrates as ICAP server)

Important: In order to install the application root permissions are required.

Known issues and problems

1. FreeBSD/NetBSD/OpenBSD still are not supported.
2. ArchLinux build is not ready for public testing.
3. Integration with SQUID must be done manually after the installation as described in documentation.
4. Run a postinstallredhat.sh script if you install the program on CentOS/RedHat 5 (due to incompatibility with Python 2.6). See documentation for more information.

Support information

If you experience problems with QuintoLabs Content Security for Squid Proxy Server please consult these release notes to see if the problem is a well known issue. You can also use our Knowledge Base / FAQ located at Support section of QuintoLabs web site (http://issues.quintolabs.com/trac/quintolabs_qlicap/).

You may also consider asking a question at the discussion group http://groups.google.com/group/quintolabs-content-security-for-squid-proxy or Twitter http://www.twitter.com/quintolabs.

If none of these sources helps please contact QuintoLabs technical support using email at support@quintolabs.com. An online form for a support request is also provided at Support section of our website. Please describe your problem in greater details and be as specific as possible. If you think you have found a bug in the software by QuintoLabs, use "Submit a bug" online form.

Thank you for choosing QuintoLabs ;)

Bug Fixes and Improvements since release of version 1.4.1.f7c1c

1. Added support for installing the application of Fedora 16.
2. Report generation subsystem is rewritten to produce the reports faster and in real time (report conversion and upload from access logs are still done once a day)
3. Number of available usage reports is increased. All reports are grouped into four categories that allows for simple overview of what was blocked and for which user.

Bug Fixes and Improvements since release of version 1.4.0.4bd07

1. New and improved content inspection engine, aimed at detection of explicit language in HTML pages. Enabled by default.
2. New RTA (restricted to adults) detection engine that prevents access to web sites with explicitly restricted to adults content.
3. Added a weekly cron script to periodically check for a new version of the application on the QuintoLabs web site.

Bug Fixes and Improvements since release of version 1.4.0.72bbf

1. Fixed a crush in AdBlock filtering module that resulted in intermittent "ICAP Protocol Error" shown by Squid.

Bug Fixes and Improvements since release of version 1.3.418.0

1. Added "File Type Filtering Module" that could be used to easily identify executables or other types of files by looking at real file contents (up to 4096 Kb).
2. Implemented brute-force content inspection module used to search contents of downloaded web pages for adult or explicit contents. It allows the administrator to filter web pages based on their real contents often faster than URL and Domain block modules did before.
3. The application now supports sophisticated "trickled" inspection logic to be able to scan contents of huge files being downloaded through Squid.
4. Two phase scanner is implemented. It allows an inspection module to skip scanning large number of files that are known to be safe and that do not need filtering.
5. AdBlocking module is greatly improved. It now uses a transparent .gif file to imitate the blocked advertisement which in turn leads to better looking web pages without ads (most notably in Microsoft Internet Explorer).
6. Improved ICAP RFC compliance when qlproxy detects errors in ICAP transactions, unavailable resources or incorrect internal states.
7. Improved file name parsing algorithm for Microsoft IIS servers. The detect ratio for File Name Blocking Module is greatly improved.
8. ICAP mode of integration now supports 'redirect' action for a detected objects.
9. Objects with gzip transfer encoding are also inspected by all modules now.
10. Fixed a typo in the configuration parser module when disabling AdBlock also leads to disable Parental Controls module.
11. Tiny Proxy Virtual Appliance are now packed with README file.
12. Dropped support for Debian 5 and Fedora 13.
13. Added support for dumping inspected objects to temporary files in /var/opt/quintolabs/qlproxy/tmp to ease debugging scenarios.
14. Internal ICAP protocol tests are deployed with the application in /opt/quintolabs/qlproxy/bin/tests.

Bug Fixes and Improvements since release of version 1.2.276.0

1. Added alpha support for installing Content Security on Microsoft Windows Platforms. It is now possible to integrate Content Security as URL rewriter for Squid 2.7+ running on the same Windows box or deploy Content Security as standalone ICAP server for Squid 3+ running on separate boxes. The filtering functionality works fully but additional functionality remains to be implemented (automatic updates of definition files and reports generation).
2. Reports web page was redesigned, it now displays in read only mode the current configuration of the qlproxy, latest results of log rotation, cron daily jobs and URLs blocked.
3. Installation folders have been reorganized, the application is now installed in /opt and /var/opt according to Linux File System Standard.
4. Fixed SIGPIPE and daemon termination error under stress conditions.
5. Advertisement Blocking Engine is rewritten, it now supports more filters from AdBlock Plus based subscriptions and correctly processes domain exclusions and white lists.
6. File Name Blocking is improved as it parses more file names out of HTTP responses and thus quality of file name blocking is greatly increased.
7. Install package naming convention changed, it now contains the name of the Linux distribution (e.g. ubuntu, debian, suse).
8. QuintoLabs Virtual Appliance updated and is now based on Debian 6. The root is explicitly granted a P@ssw0rd that makes it easier for administrators to adjust the appliance to their needs.
9. Some minor changes in logrotate and cron scripts
10. The 'URL is blocked' page now contains the actual filter that blocked the URL in advertisement module. It greatly increases the efforts needed to understand the reasons of possible false positives.
11. The intercepted HTTP requests and responses could now be dumped into a temporary directory.
12. Created initial SELinux policy that confines qlproxyd daemon. It is installed in /opt/quintolabs/qlproxy/usr/share/selinux and must be compiled by the administrator manually.

Bug Fixes and Improvements since release of version 1.2.232.0

1. Possible bug with incorrect URI scheme parsing is fixed. The bug occurred only under specific conditions and did not influence all installations. Only those affected by the bug are advised to upgrade.

Bug Fixes and Improvements since release of version 1.2.217.0

1. The serious bug of incorrect classification of URL as advertisement was fixed. The reason of the bug is incorrect parsing of one of the "easy list" filters that starts with http:// and should have been applied to one web site only and NOT to all web sites as did AdBlock module of Content Security.

Bug Fixes and Improvements since release of version 1.1.110.0

1. Debian Linux 5 and 6 are now supported.
2. OpenSUSE 11.3 and SUSE Enterprise Linux are supported (as binary TGZ package).
3. Added support for ICAP RESPMOD (response modification).
4. Adjusted naming scheme for *.deb and *.rpm packages. The previous versions of the program are now correctly detected as obsolete.
5. Updated installation instructions for RedHat 5+, CentOS 5+ with SELinux enabled
6. AdBlock module performance and accuracy are greatly improved.
7. Fixed possible endless loop in AdBlock module.
8. Fixed incorrect handling of * (star) filter in Easy Privacy module.
9. Content Blocking module is now active, allows blocking of downloads by Content-Type, Charset, Encoding and File Name.
10. Parental Control (Adult Block) Filter is now a separate module.
11. Configuration files for modules have been renamed to make it easy to find the configuration file for a given module.
12. Heuristics used in Parental Control module is enhanced to allow easy blocking of inappropriate Google Images.
13. Introduced a new module (HTTP method filtering) that lets administrator block the inappropriate HTTP methods (like DAV over HTTP).
14. Reports HTML are redesigned, allowing for easy incidents filtering.
15. Detection of reason for blocking is improved (incident id is displayed in the Blocked Page Template).
16. Access log statistics are now kept for the last 30 days only.
17. Pthread stack size is now 1Mb instead of 8Mb thus virtual memory requirements of the qlproxyd daemon is decreased.