WhatsNew Service Pack 739 for Artica 4.30.000000

FIX

  • ERROR: Can`t create temporary directory /var/lib/clamav/tmp during the Clamav databases update.
  • Compatibility issue for Active Directory DNS Cache with French Active Directory server.
  • Incompatibility with DNS Cache service and nis system configuration.
  • Could not handshake: An unexpected TLS packet was received for APT manager when using SSL with an Internet upstream Proxy.
  • Direct acls objects to deny using proxy parents are not applied to the proxy configuration.
  • Artica did not clean postgresql trace files.
  • Memcached was handled by systemd and was not started using correct parameters.
  • Unable to reset the Gold License.
  • Sometimes Artica generates error Helper: Generic [ArtCategories] issue! [action=emergency!]
  • Cannot display the Certificate signed Request content in the certificate center.
  • MySQL error for default values when using PowerDNS during new domain creation.
  • Increase performance and visibility on Security Reputation Network.
  • Masquerade interface are not applied when not using any proxy or firewall service.
  • Backup to NAS use the same parameters when using the cluster configuration.
  • Bad property warnings found in proxy events
  • statscom-error.log file was not cleaned and consume disk space.
  • PDF proxy reports stucks at 5% of progress.
  • Unable to upgrade system packages caused by clamav-freshclam and clamav-daemon
  • HotSpot template was not builded that cause guest clients was not redirected to the splash screen.
  • Artica is unable to stop and restart proxy service.
  • statistics Inconsistencies related to the MAC address which can be masked by the routers.
  • Artica did not checks Proxy ports after defines global parameters.
  • Unable to connect to VPN PPTP service using Artica as gateway ( see more information here )
  • Missing dependency of libbrotlicommon.so.1 for ICAP Scanner.
  • Too few processes for MacToUid proxy rule.
  • Import a certificat using a zip file did not import the certificat request and the private key.
  • Bad understanding between importing a specific Artica certificate backup file and importing the real certificate: change the buttons method to avoid this behavior
  • Upgrading the system did not upgrade the notification of softwares that must be upgraded.
  • Security hole discovered by Rheinmetall Cyber Solutions GmbH company. Using the Web-filtering page service allows to read any file on the system
  • Improve the progress task of install/uninstall in features section.
  • Unable to start NtopNG because new version 4.x require full installation paths.
  • nics_virtual table was not created.
  • exec.syslog-engine.php still try to connect to MySQL server.
  • Missing field AuthParentPort in proxy ports table
  • SPAN Interface is not visible as real ok STATUS and displayed as a specific interface.
  • TailScale Interface can be modified using the unix console.
  • TailScale network starts before the main network that break the network configfuration.
  • TailScale section is not protected by the VPN Manager privilege.
  • Certificate Center did not import CSR and Private Key in some cases.
  • Certificate Center did not parse CSR data (if provided ) in order to import correct certificate information.
  • Certificate center did not import RSA PRIVATE KEYs
  • Unable to Install DWAgent Service.
  • Artica did not clean /var/log/conntrackd-stats.log
  • Crash of SMTP events parser ( see more information here )
  • Too many events timeout on read select() in syslog according to Artica Category cloud.
  • Bungled in misstyped or missing outgoing interfaces in proxy acls.
  • Enforce syslog log file checking - remove if size exceed 1GB
  • Many logs : delay_pool 0 has no delay_access configured
  • ACLS checker notice the ALL object as empty that is expected.
  • Too much memory eating by exec.squidMins.php
  • Artica did not display memcached version.
  • Change Security Network feature to The Shields ( see more information here )
  • Issue in SMTP TLS while creating the private key - special thanks to Peter Sikkes ( see more information here )
  • Reload ICAP service will stop the service after few seconds, switch it to restart quickly.
  • Call to undefined function posix_getuid() in class.unix.inc
  • Unable to query correctly ICAP threats in the search engine.
  • Unable to search entry inside Proxy DNS cache table
  • Cache DNS Troubles when using the redis memory database. caused by records never removed, added a task that remove periodically the redis database
  • Reload command make the C-ICAP stop, now Artica use a quick stop/start for reload task
  • progress bar stuck when disabling SSL emergency
  • Cannot access to the Gold License section.
  • Web-filtering service consider as whitelist all sites if there an empy line in the whitelist database.
  • Rebuild the authenticator for RDS Proxy
  • A warning - outdated RDS proxy version - is displayed after upgrading to 9.x Proxy RDS Version.
  • Internal Error 379 on reverse RDS proxy service when using Active Directory.
  • Proxy bandwidth limiting was not correctly understood by administrators ( see more information here )
  • The Shields block some webistes categorized as Apple, Microsoft, Web plugins and Science Computing
  • Some website categories are not displayed in the realtime access events.
  • Maximum fildescriptors parameter is not always understood by the proxy service.
  • Artica did not check the Active Directory IP address parameter for an Active Directory connection
  • Several bugs for RDS Proxy service with Active Directory settings caused by python3 migration
  • Serveral customers forget to add networks in RDS Proxy rules. Add an explicit red text for this case
  • Possible bugs on top-right notifications icon about new available versions.
  • Upgrading RDS Proxy version did not compile again parameters that cause the authenticator not working.
  • minor bugs on RDS Proxy service authenticator
  • Cannot authenticate trough the RDS proxy login screen.
  • Not all PostgreSQL events are sent to syslog
  • Consolidate ACLs objects interface gameplay
  • Unable to download Maxmind GeoIP databases ( see more information here )
  • Webfilter client crash when proxy did not send its local port
  • Web filter client crash evertytime after the SP739
  • Sometimes the logfile tail service is not running
  • Minor data table issue on failover service
  • Sometimes the proxy did not authenticate kerberos users caused by an upgrade from 3.x
  • Postpone crowdsec support
  • Down the level of FATAL: Proxy is unable to connect to xxxx on port xxxx
  • Issue on callback shutdown on Proxy Watchdog service.
  • The Shields deny requests when Artica put websites into cache
  • Some option in The Shields feature are not saved.
  • Unable to send test SMTP in Web filtering rules.
  • No backup watchdog for log viewer service.
  • In some cases the proxy refuse any connection because the final rule is deny by default.
  • Minor bug fixes in the failover feature.
  • Wrong regex pattern in The Shields categorization cache
  • multiple same rules in iptables when using Proxy in transparent mode
  • Time synchronizing is not perform when using the Active Directory as NTP server ( see more information here )
  • Sometimes it is unable to upgrade the system caused by clamav updating processing.
  • Rebuild the external_acl_first plugin for better peformances ( beta 1)
  • Display The Shields icon instead of text in the proxy realtime monitor.
  • Wrong display in the Cache management section.
  • Proxy issue on no_suid
  • Artica uninstall NetData service after Installing the service
  • Proxy Requests are denied for Office Network acl when using local LDAP authentication method
  • Artica status Daemon crash after Service Pack 327
  • Finishing NetDATA compliance
  • Unable to update clamav updates with 0.104 new clamav version.
  • Several bugs found by CybarWorks company ( see more information here )
  • SQLite error database schema has changed
  • The Shield was in debug mode by default that causing stressed CPU.
  • New "Centralized" The Shield beta 2
  • The Shields statistics are stopped since SP739
  • Graph of number of DNS queries was not working
  • The Shields icon set in red when there is no block by the Shields
  • Bandwidth icon is not correctly displayed on the realtime access log
  • The Use of basic Authentication on Local LDAP fature is not enabled on proxy side.
  • Whitelisted sites from The Shields detected threads did not working
  • Global Whitelisted sites are not correctly understood by The Shields when pattern start with a dot.
  • An Artica with a Gold Licence cannot unlock The Shields server parameters form.
  • Security hole on cyrus.events.php - special thanks to researcher357
  • Loop on a widget in the Dashboard
  • Log rotation issue when using HaCluster on access events ( see more information here )
  • The Shields save whitelisted sites as threats
  • The proxy ACL finally allow all did not working as expected
  • issue on category service section that loading and stress the proxy.
  • Increase The Shields performance
  • Troubles and CGuard categories queries
  • Whitelisting with Office365 macro make issues in the ACLs checker
  • Active Directory Authentication whitelist did not working as expected ( see more information here )
  • Local The Shields engine was not used that make unecessaries DNS queries.
  • Generate a support tool stuck if some logs files exceed 1GB
  • Uncaught ArithmeticError: Bit shift by negative number when calculating netbit of a network mask
  • Wrong support tool for DHCP server
  • Cannot add an inboud domain without relay address in SMTP service.
  • SMTP healthcheck in failover service.
  • Cannot enable TLS remote support on artica SMTP relay
  • Authentication Whitelist did not accept correcly defined patterns.
  • Artica turn to emergency if proxy claim of Cannot allocate memory, it is changed with a quick service restart
  • Change filedescriptors values settings to a multiple of 64
  • tweaks on The Shields performance.
  • Authentication using local LDAP did not allow whitelisted websites
  • Some Whitelisted websites are not totally applied.
  • sometimes, the shields lost DNS configuration that make periodically categories search to unknown mode.
  • Unable to understand the way to install The Shields as it is already installed
  • SMTP notifications did not work as expected
  • Unable to start The Shields service.
  • Unable to start The Shields service.
  • Unable to make The Shields binding an external network Interface
  • Too much long time for installing Synology backup client.
  • Administrative requests pass trough the parent proxy that causing broken TCP connections
  • Extend partition did not correctly perform a resize2fs
  • Some SQLite tables are not created because Artica did not detects missing tables.
  • Sometimes The Shields did not parse queries.
  • Tables creation in IDS service.
  • Proxy ACLs are not builded since Service Pack 401
  • Unable to modify ICAP antivirus template ( see more information here )
  • Updating IDS servide for 4.19.0-18 Debian Kernel.
  • The Shields categories compile crash when encounter standard PostreSQL error
  • Artica try several times to install php7.0-sqlite3 on Debian 9.0
  • Change trust password failed when using NTLM method with the proxy ( see more information here )
  • Active Directory NTLM status watchdog is not performed periodically.
  • Error in syntax or out of memory when tries add a new dns record in unbound
  • Possibility to return back to proxy version 4 ( see more information here )
  • local Port conflict between proxy watchdog and the winbindd process
  • Artica did not restore the correct value for filedescriptors of the system.
  • More tuning in order to avoid proxy filedescriptors issues.( see more information here )
  • Unable to install dstat local package.
  • Personal categories displays CGuard categories even the if Hide Officials Categories option is active
  • Whitelists from The Shields did not working when using the Web-filtering engine.
  • Remove the "Enabled" function in The Shields as The Shields is always enabled in all cases.
  • The Shield did not allows whitelisting if it is not enabled as the enabled function did not exists
  • Sometimes, the logger engine is not correctly initialized in The Shields Daemon
  • many "NONE/000 0 NONE - -" events in HaCluster requests.
  • IndexError: tuple index out of range in The Shields
  • SQL error while creating DNS Firewall example rules.
  • Fatal system Exception while compiling categories when there is no parameter in command line
  • Unable to download Clamav Database because target directory is a file.
  • Segmentation fault when stopping, restarting, starting proxy service.
  • Artica Web interface console is restarted each 5 minutes when Web service as been installed and uninstalled.
  • Artica did not check availability of python-redis for manual installation
  • Artica did not check availability of lighttpd for manual installation
  • Artica did not check availability of php-mysql for manual installation
  • Artica did not check availability of php-sqlite3 for manual installation
  • Infinite loop when booting the server if the final wizard did not perform properly the installation. ( during manual installation )
  • Artica is unable to build network caused by missing MySQL php library that is not necessary
  • Failover feature installation stuck at 5%
  • Failed over feature installation
  • Rebuild totally the Statistics daemon service and add more debug information ( see more information here )
  • Automatically disable unecessary Mosquitto service.
  • Uncaught TypeError: Return value of duplicated_tokens() when configuring the Web service.
  • Error: Call to undefined function posix_getuid() on the framework when upgrading PHP engine.
  • Urls too loog that expand the web page design on the proxy active connections monitor
  • The Shields crashes when calculating users
  • Increase net.core.somaxconn to 2048 as default To avoid Error 11 Resource Temporarly unavailable on The Shields
  • Proxy stare all sites when enable SSL decrypt on proxy.
  • The ACL categories load an external plugin that is no longer used with The Shields daemon.
  • Memcached status screen design.
  • DNS Firewall must connect to 127.0.0.1 to the Shields instead of Unix socket
  • The Shields query tool must connect to 127.0.0.1 to the Shields instead of Unix socket
  • The Watchdog must check 127.0.0.1 Shields socket instead of Unix socket
  • The upgrade Artica procedure must restart theshields service and reload the proxy service
  • The Shields Crash #1
  • Old token block The Shields to not query the Artica cloud service.
  • Add timeout on sQLite I/O operations
  • The Shield crash #2.
  • Rules inj proxy parents did not reflect expected order
  • The Thields when using categories only new features.
  • Remove the Shield class did not remove all items.
  • Bungled caused by acl KeepSSL ssl::server_name
  • Add possibility to save SSL certificates generated by the proxy in memory.
  • DNS Firewall did not want to query The Shields for categorization.
  • Disable a group in ACLs will disable the group on all acls.
  • Unable to access to Artica Web console when using a strict parent proxy.
  • The Shield issue when enabling "Only fro queries" and "Logs queries" in The Shields client
  • The Shield issue when no MAC or no IP address is sent from the proxy service.
  • SMTP service crash to non integer SSL switch defined.
  • Artica is unable to perform Artica Statistics Migration.
  • Fatal error when compiling categories.
  • cicap_sandbox is not created before access to the status table.
  • Issue on Artica Stats migration
  • Some update errors when using the system update
  • Minors bugs and reviewed DNSSEC methods in PowerDNS ( see more information here )
  • Remove depreciated configuration token local-ipv6 that make the PowerDNS service unavailable on 4.5.2 version
  • Unable to start new PowerDNS version 4.5x with the following error One of the backends does not support zone caching
  • Strict-Transport-Security header is added twice in reverse-proxy configuration
  • Sometimes the reverse-proxy claim that modsecurity_rules_file does not exists when enabling WAF engine
  • notification to update The Shields client cannot be removed.
  • crash on some URLs in The Shields
  • The Shields did not block any detection from Artica Engine.
  • Saving global options in reverse-proxy will remove rules generated in this section.
  • Unable to enable HTTP/2 on the reverse Proxy.
  • Searchs in DHCP events, leases, requests is not correcly understood, the search engine as been simplified.
  • Unable to connect to the Active Directory using Kerberos in HaCluster mode - since Service Pack 500
  • The Shields logs are not added to the support tool.
  • The Shields Client is enabled in both method - Web filtering and ACL method
  • Web-filtering crashes when parsing a default None rule.
  • If WAF is not installed, the listed server did not display WAF sticker
  • Crashes of proxy plugin categorization and The Shields client engine.
  • TheShields client use the proxy to connect to TheShields server
  • Web-filtering did not care about the login user
  • Client continue to analyze the Web-filtering without username
  • Web-filtering did not send the correct protocol to the proxy.
  • Web-filtering is disconnected from the proxy service by the Service Pack 597.
  • HaCluster incompatible with Cisco Webex meeting
  • Artica did not perform the log rotation of the Load-balancer service.
  • Unable to add a record on DNS Cache caused by the prio field.
  • Modify settings in PostreSQL database did not restart the local service.
  • Reverse-Proxy crashes on the Cluster client due to the bind network interface issue.
  • Compiling websites take too long time when building all websites
  • Reverse-Proxy WAF events are replicated when using reverse-proxy in cluster mode.
  • Unable to search by ruleid or domains in WAF threats section.
  • Enable to export the whole certificate database in Certficates Center.
  • Recover the database when encounter "file is not a database" issue when importing a PFX certificate
  • Remove serve-expired-client-timeout in DNS Cache service
  • Crash on Web-filtering when receive connection error from Web-filtering error.
  • some Internal HTTP requests are not whitelisted by the web-filtering engine.
  • If there is no personal category to export, the cluster will replicate the whole PostgreSQL database.
  • White-listing to authentication did not working on Proxy service caused to reversed ACls.
  • Wrong checkbox in use Local Proxy on WebCopy
  • Unable to define protocol in Filebeat configuration
  • Missing SN.png,ERR_PROTOCOL_UNKNOWN, error-details.txt files when reloading proxy service.
  • Whitelist issue with Web-filter service
  • ressources/categorizeclass.so line 3478, in get_category_perso KeyError:
  • K5start did not start in HaCluster method.
  • Sometimes /etc/postfix/bad_recipients.db is not compiled in SMTP gateway
  • Authentication issue when using plain text on a remote peer in the SMTP gateway ( see more information here )
  • NameError: global name 'GET_INFO' is not defined when using categories cache on the proxy plugin.
  • Whitelists are applied in the wrong format
  • EOFError in ressources/categorizeclass.so when loading cache database
  • Firewall rules are not flushed when modify proxy transparent ports
  • The Shields did not deny detected threads.
  • Process#012UnboundLocalError: local variable 'VIRTUAL_USER' referenced before assignment on The Shields Client
  • Fix ThreddSrnObject instance have no attribute when using speed mode in The Shields
  • catogoryclass.so crashes when privileges is not correctly set for the local cache.
  • Artica did not resolv categories when host is not resolvable
  • The Shields clients are not killed from memory
  • The Shields Crashes when using "Speed Mode" in Connector.
  • Unable to compile ACLs with Active Directory enabled since SP739
  • False alarm on wrong configuration in Artica Statistics since SP739
  • Unable to access to events system since SP739
  • Unable to install Categories Cloud service.
  • Artica watchdog is unable to uninstall The Shields Daemon.
  • Fix: Security hole found by Jordan Miles
  • DNS Load-balancer is not monitored by Artica.
  • Artica did not understand OpenSSL version for Cipher configuration.
  • Load-Balancer crashes caused by no items set in cache configuration.
  • WCCP cannot be displayed in Community Edition
  • HaCluster is not compatible with new version 2.2x branchs or above.
  • Artica take care about the OpenSSL compiled with nginx for the Ciphers list on the reverse-proxy service.
  • Sometimes the unicode.mapping is corrupted during complete reverse-proxy reconfiguration
  • Warning during boot when enabling Bottleneck Bandwidth and RTT kernel feature.
  • Web interface going crazy when displaying the SandBox connector section.
  • False alarm on filedescriptors notifications.
  • SQL Error on debian_packages table
  • Missing jquery.peity.min.js from Service Pack 671
  • bad addr or host: None (Name or service not known) on OpenSSH server caused by a wrong IP format
  • Redirect HTTP connections to HTTPs connections did not take care about the listen interfaces defined in reverse-proxy.
  • Unable to access to HotSpot sessions management with HotSpot Manager rights
  • Bungled proxy configuration when using HotSpot service and Active Directory
  • SMTP engine error when ssl is not configured.
  • ACLs issues on the Universal Proxy service.
  • Proxy acls checker will not longer claim of empty acls objects.
  • Web-filtering connector - invalid literal for int() with base 10: none when using a none rule
  • Web-filtering connector - NameError: global name WEBFILTER_RULE_NAME is not defined when using a none rule
  • Filtering menu is displayed when only using SMTP service.
  • Web-filtering connector: NameError: global name filename is not defined when writing threats
  • Exception on the Web-filtering client if Web-filtering server return nothing.
  • Artica Status Daemon crashes since SP739 ( see more information here )
  • Preventing sometimes register a license cause loop in register processing.
  • Unable to restore backuped PowerDNS data
  • wrong characters added when insterting a new domain in PowerDNS.
  • Duplicate domain in host when adding a new NS record in PowerDNS.
  • Statistic collector of WAF events crashes and did not populate SQL tables.
  • Unable to Activate Kerberos authentication when using the single Kerberos method
  • Unable to start/restart OpenVPN service using the webconsole.
  • DNS Firewall cannot start if there more than 2 DNS servers in default configuration.
  • Wrong pattern in DNS Firewall listen address when using multiple network interfaces
  • Wrong configuration on Artica Web console service since SP739
  • Unable to save Proxy parents general parameters
  • Do not use the proxy and Always use direct acls rules are not applied when using parent proxies.
  • Some Web application Firewall whitelists make the reverse-proxy crashing.
  • Too many files *.conn.err generated that loading the server
  • Loop on SQL errors collector that perform a loop and turn to unstable server ( only if server encounter disk performances issues )
  • e2label process take a loop and long time to process ( only if server encounter disk performances issues )
  • Unable to change password of an LDAP member
  • Privileges Allow Add Group or Allow Add user only can access to the web console.
  • Unable to add rules in whitelist for Web Application firewall rule
  • Disconnect memcache daemon stop/start script from systemd.
  • Web Application firewall internal error did not deny accesses to web sites.
  • Web Application firewall XML parsing error did not deny accesses to web sites.
  • Unbound Array error in The Shields Client when using Web-filtering method.
  • bound error on array on proxyport in The Shields Client.
  • Wrong Status for StatsCom missing netcat-openbsd
  • Error Run Clamav Updates pattern missing each 3 minutes.
  • Fix icap error in logs Unknown syslog facility/priority
  • parse_delay_pool_rates: Ignoring pool 0 not in 1 .. 2 in ACLs bandwidth
  • Wrong URL compiled on the new Web-Filtering feature.
  • Unable to display DNS events when DNS Cache service and the Proxy service are installed.
  • Modify watchdog on DNS services in order to prevent false alarms and multiples DNS restarts.
  • Default Firewall DNS redirectors are pointed with eDNS that has been refused by Public Google DNS.
  • False alarms on the PostgreSQL watchdog monitor.
  • Duplicate whitelisted unique id in Web Application Firewall
  • Trust an item inside My Network did not restart Fail2ban for whitelisting

ADD

  • Possibility to Add a Caching Active Directory records From an Active Directory Connection ( see more information here )
  • Dedicated menu console for SSH service.( see more information here )
  • Monitoring and compatibility of Microsoft Hyper-V virtualization.
  • Security Reputation Network beta 1 (see more information here )
  • Possibility to list all open ports on the Artica server ( see more information here )
  • Possibility to display Proxy statistics daily disk usage ( see more information here )
  • Dedicated section for the log files and statistics retentions ( see more information here )
  • Possibility to import or export Proxy statistics database ( see more information here )
  • Possibility to manually remove statistics data by retention. ( see more information here )
  • Possibility to display events about log files cleaning and retention data cleaning.
  • Possibility to exclude reverse PTR resolutions and queries to specific domains in DNS statistics.
  • Possibility to install/uninstall userspace ARP daemon
  • New wizard "Gateway mode" to allows installing Artica on limited hardware ( see more information here )
  • Watchdog on cgroups php limitation.
  • Possibility to created a simplified and quick DHCP service by Network interface ( see more information here )
  • Possibility to bridge network interfaces using Proxy ARP method ( see more information here )
  • Possibility to add multiple network addresses in SNMPv2 network limitation.
  • New feature Dynamic routing as OSPF protocol support ( see more information here )
  • move URLHaus and NoTrack feature to the SRN feature.
  • Possibility to global exclude domains from the use of any parent proxies. ( see more information here )
  • 2FA authentication for both SSH service and Artica Web console. ( see more information here )
  • Double verification for clone detection.
  • function that scan suspcious files for malwares scanning on the ArticaBox itself.
  • Possibility to send Proxy realtime events to several syslog servers ( see more information here )
  • Beta of TailScale VPN feature.
  • Beta of Synology backup client.
  • Support of Synology Active Backup for Business client ( see more information here )
  • New Proxy ACLs Checker ( see more information here )
  • Possibility to change the name of the certificate in the certificate center section.
  • Possibility to modify the TCP Keepalive Timeout on proxy port ( see more information here )
  • Possibility to link Artica Proxy to Kaspersky Web traffic Security ( see more information here )
  • Possibility to switch to Proxy version 5.x or 4.x branch
  • Display ACLs rule names in realtime proxy events ( see more information here )
  • Notification of new memcached version on the dashboard.
  • New memcached v1.6.10 available for both Debian 9 and Debian 10
  • New Squid Cache v5.1 available for both Debian 9 and Debian 10
  • Automatic install of new Debian package unrar and p7zip
  • More statistics for The Shields graphs section.
  • Possibility to perform fast stop,start,restart proxy service in proxy status section
  • Release of Kasperksy SandBox integration ( see more information here )
  • More description / Information on Host Forgery issue ( see more information here )
  • The Shields can be switched to be an object of ACLS rule ( see more information here )
  • Improve Proxy SSL initialize task
  • Ensure compatibility with the new version 9.x of the RDS Proxy, older versions will be not compatible.
  • Community Artica version on the RDS proxy service will limited to maximum simultaneous connections.
  • Possibility to quickly connect to the RDP target ( see more information here )
  • Possibility to turn the RDP service and the Authenticator in debug mode.
  • Possibility to disable the RDS Proxy login screen ( see more information here )
  • The Shields is upgraded to 10.0 version this new version stores more than 25 000 trackers sites in local cache.
  • Possibility to see more information here that passed trough the bandwith limitation ( see https://wiki.articatech.com/proxy-service/monitoring/monitor-bandwidth-rules )
  • Now RDS Proxy service is able to query directly Active Directory DNS in the case of the Artica server did not have the target Active Directory as primary DNS server
  • Possibility to create a bandwidth rule without any limitation in proxy bandwidth limitation acls
  • Top-right notification on new RDS Proxy service version.
  • Possibility to perosonalize RDS proxy error messages.
  • Status in RDS Proxy status page
  • DNS Firewall feature alpha 1
  • DNS Firewall Feature alpha 2
  • Possibility to launch installation of mandatories modules in status
  • Failover support.
  • DNS Firewall Feature Beta 1
  • DNS Monitoring tool for better help proxy performance DNS settings.
  • Support of use-caps-for-id in DNS Cache service. ( Feature called Increased DNS Forgery Resistance )
  • DNS Firewall feature RC1
  • Possibility to download the "The Shields" events logfile
  • Possibility to set a default page inside a reverse-proxy site ( see more information here )
  • Rebuild the ITCharter internal engine for better performances
  • ITCharter is now Cluster aware
  • Handle k5start error getting credentials: Preauthentication failed in syslog
  • ITCharter Active Directory Alpha1
  • ITCharter with Active Directory Filter feature release candidate 1
  • Whitelisted adservice.google.* in The Shields when allowing Google Advertising option.
  • Specials checks on DNS Quality servers when using Artica Categories or The Shields features.
  • Possibility to disable the Artica resolve operation when using Kerberos authentication ( see more information here )
  • Turn Kerberos method into emergency mode if "Local hostname could not be determined. Please specify the service principal" is discovered
  • New Reputation service engine "CGuard" inside The Shields and Categories service.
  • New testing procedure for Kerberos Authentication method
  • Increase performances of whitelisting and The Shields plugins
  • Automatic updates of Artica proxy plugin especially for MacToUid
  • Possibility to send syslog daemon events to remote syslog server.
  • Merge The Shields with external_acl_first for better performances.
  • Possibility to define Authentication methods preferences ( see more information here )
  • Possibility to stress any proxy server in order to see more information here and evaluate the pre production ( see https://wiki.articatech.com/en/proxy-service/tuning/stress-your-proxy-server )
  • Performances settings for proxy external modules.
  • New "Centralized" The Shield beta 1
  • New "Centralized" The Shield Release candidate 1
  • The Shields use it's own memory cache management for better performances.
  • Support of proxy version 5.2
  • Possibility to dynamically flush the shield cache.
  • Possibility to find requests in the legals logs section. ( see more information here )
  • Status of cached items in The Shields.
  • Improve cache reset action in the Shields.
  • New kerberos ticket renewal procedure that running at 04:45 each day
  • Performances charts for the proxy memory usage ( see more information here )
  • Monitoring function for the proxy filedescriptors value
  • Possibility to generate a support-tool for the DHCP service ( see more information here )
  • Possibility to export the generated DHCP configuration file that cause issue on DHCP service
  • Central SMTP notifications beta 1
  • Possibility to send all syslog events to a remote syslog server.
  • Central SMTP notifications beta 2
  • Central SMTP notification Release Candidate 1
  • New watchdog on expired certificate issue.
  • Possibility to set a VLAN Interface for the DHCP server listen address.
  • Watchdog on proxy service memory usage ( see more information here )
  • Possibility to create a real load-balancing with parents proxies. ( see more information here )
  • Possibility to manually query the Shields server ( see more information here )
  • Possibility to enable Proxy service to debug level 5
  • More verifications when installing ClamAV SecuriteInfo databases.
  • Disable Proxy update notification if the available major proxy version is different than the installed proxy version.
  • Extract cron daemon events from syslog to /var/log/cron.log
  • Artica is now able to categorize remote public IP addresses especially when running artica as transparent proxy.
  • Performance statistics such as CPU use in percent, memory usage, Load, file descriptors and connections Tracking.
  • Auto-installation of performances statistics.
  • Local Virus detection of BV:Miner-GZ [Drp]
  • Possibility to set a personal category act as a global whitelist ( see more information here )
  • Number of proxy members and statistics of the proxy number of members.
  • Watchdog on specials characters when inserting proxy requests and PostreSQL database
  • Possibility to connect the HaCluster to the Active Directory using a wizard.
  • If the Load-balancer renew kerberos certificate, the nodes will be updated automatically.
  • Possibility to enable a DHCP service for a VLAN interface ( see more information here )
  • DNS Firewall using the same proxy method to query The Shields server.
  • DNS Firewall events by default.
  • DNS Firewall write all events inside PostgreSQL database
  • Possibility to query DNS Firewall events saved in PostreSQL database ( see more information here )
  • Possibility to perform apply operation in DNS firewall rules section.
  • Statistics of the DNS Firewall about the number of queries and the number of users.
  • Possibility to filter google authentication by domain ( see more information here )
  • Monitor proxy behavior with an external URL ( see more information here )
  • Possibility to import a PKCS7 certificate ( see more information here )
  • Memory cache for the Shields Client.
  • Possibility to define the value of net.core.somaxconn in the Shields Client.
  • Internal Cache in the Shields.
  • The Shield Emergency mode remove completly The Shields in proxy service.
  • Possibility to use only the Shield Client as categorization.
  • Count the number of cached items.
  • Status of Proxy Parent rules in order to see more information here there are really applied to the system.
  • multi-process and multi-threads engines for The Shields Client and Daemon.
  • More errors explains in proxy requests events ( added to SP206 in HotFix )
  • Possibility to remove an header with the reverse-proxy ( see more information here )
  • Possibility do duplicate headers rules in the reverse-proxy service ( see more information here )
  • Possibility to upgrade TailScale Service using the system update package manager ( see more information here )
  • Possibility to duplicate gzip compression rules in reverse-proxy.
  • Possibility to install the WAF for the reverse-proxy in the features section.
  • Possibility to quick add computers items in events, leases and requests tables.
  • New section that allows creating rules to remove HTTP headers in the reverse-proxy service
  • Possibility to set TheSields cache database removal task.
  • Beta 1 merging The Shields and Web-filtering service.
  • Possibility to remove the Kibana and ElasticSearch softwares from the disk ( see more information here )
  • New "Expert mode" feature for PowerDNS system ( see more information here )
  • The Shields with "Only categorization" use dirdectly cloud DNS servers
  • K5Start daemon is detached from syslog for better troubleshooting.
  • Possibility to use local officials categories and increase speed for categories ACLs. ( see more information here )
  • Possibility to tune timeouts for HaCluster service ( see more information here )
  • 10% of Portuguese translation.
  • Possibility to disable WAF rules globally ( see more information here )
  • TheShields Client us fully multi-threads
  • Possibility to use the Artica Cloud categories Service - same Artica 4.30 SP206 method ( see more information here )
  • WebCopy feature on Reverse-Proxy beta 1
  • Possibility to whitelist rules from the Web Application Firewall
  • 20% of the Portuguese translation.
  • Possibility to schedule the WebCopy task for each website.
  • Notification on the top-right that claim if the Web-Filtering is disconnected from the proxy service.
  • Webfilter policies can bypass all the web-filtering policies including The Shields too.
  • Possibility to use a remote PostgreSQL server
  • Possibility to import Web-Filtering databases and settings from an old Artica 3.x snapshot container.
  • WebCopy general section.
  • Quick links in routing tables rules
  • Possibility to view and send to kernel events to remote syslog.
  • Possibility to synchronize Web Application Firewall default rules
  • Possibility to delete Web Application Firewall threats by rule ID
  • PostgreSQL database Maintenance operation ( vacccum and reindex ) is now only executed in non-production time.
  • Watchdog to ensure that Web-filtering client is correcly enabled on proxy.
  • Possibility to return back to the Official Artica version - without any service pack
  • Whitelisted Web Application Firewall rules are no longer parsed for statistics.
  • Possibility to purge Web application Firewall database with its own parameters - default 7 days.
  • Possibility to compile Web application firewall rules inside the detected threads section.
  • New Macro to whitelist Windows Updates sites.
  • Possibility to use a remote Categories Cache server.
  • Improve performance of the categorization plugin
  • Possibility to balance network on different proxies on the proxy.pac service. ( see more information here )
  • new tests functions to ensure that the Web API rest service is still alive
  • watchdog function that ensure monit startup script is not corrupted.
  • Possbility to reset the uuid inside the system information section and license section.
  • Improve performance on Web-filtering connector
  • Improve The Shields performance.
  • The Shields take care of the availability of queried domain before query the Artica cloud service.
  • function that eliminates bad patterns "*." used in personal categories.
  • Compatibilities of the new php-fpm versions.
  • Possibilities to add mandatrories tokens in Web-filtering error pages.
  • Possibilities to send Webfiltering threats to a remote syslog server
  • New daemon and increase performance when using filtering service as a central server.
  • Increase threads performances on the Web-filtering client / ACL module
  • Integrating ITCharter into the new The Shields engine.
  • Automatic affect to "reaffected" category for not resolvable hosts and not categorized hosts
  • The Shields modules are only loaded if needed in order to reduce memory usage
  • Client-Side Certificate Authentication in reverse proxy ( see more information here )
  • New widget for DNS Cache service in dashboard.
  • DNS Firewall is now New The Shields architecture aware.
  • All proxy error pages are now embeeded in the same page.
  • Explanation when no data can generates graph in the DNS Firewall status.
  • Version of the DNS Firewall.
  • PowerDNS 4.6.0, DNS Load-balancer 1.7.0
  • Possibility to send by remote syslog DNS Load-balancer events. ( see more information here )
  • Possibility to setup cache in DNS Load-balancer ACLS ( see more information here )
  • Possibility to enforce host resolution in the DNS Load-balancer service ( see more information here )
  • Possibility to force using a specific backend accordind to clients network in HaCluster ( see more information here )
  • Possibility to display DNS Load-balancer events in real-time. ( see more information here )
  • WebSockets support in reverse-proxy edition. ( see more information here )
  • HTTP Proxy DNS load-balancing mode beta 1
  • HTTP Proxy DNS load-balancing release ( see more information here )
  • Starting Dashboard for the DNS Load-balancer service.
  • Help about inactive label in Proxy parent acl rule.
  • Possibility to upgrade the DNS Load-balancer software ( see more information here )
  • Possibility to display Load-balanced backends status ( see more information here )
  • Spanish language translated to 20%.
  • Watchdog when proxy claim connection timed out with clients.
  • Tiny design Graphs on dashboard and for some services status
  • EDNS support on the DNS load-balancing service.
  • Detail error when WAF threats did not display any information.
  • Watchdog on ERROR: Collapsed forwarding queue overflow for kid1 at 1024 items proxy cache service.
  • Watchdog on error assertion failed: store_client.cc:214: "entry->hasDisk() && !entry->swapoutFailed() on proxy cache service
  • Possibility to forge multiple IP addresses in DNS Load-balancer ( see more information here )
  • Possibility to masquerade VLAN interfaces ( see more information here )
  • Posibility to balance DNS-Over-HTTPs downstream servers on the DNS Load-balancing service. ( see more information here )
  • Dedicated section for Proxy multiple CPUs configuration.
  • Beta version of ACL categories for the DNS Load-balancing service.
  • Possibility to add categories checking in DNS Load-balancer ACLs ( see more information here )
  • Possibility to authenticate senders via Active Directory in Artica SMTP edition ( see more information here )
  • Possibility to create an ACL based on Web-filtering service. ( see more information here )
  • Possibility to create an ACL based on DNS Query type ( see more information here )
  • Possibility to use The Shields in load-balancing acls ( see more information here )
  • Possibility to check countries of Client IP address in load-balancing ( see more information here )
  • More information in DNS Cache service events
  • New tack that clean bad records in PowerDNS database
  • O-Day patterns for blocking most malicious sites ( see more information here )
  • Compatibility with OpenVPN in PFSense ( see more information here )
  • PHP 7.4 upgrade support. ( see more information here )
  • Dedicated section for Proxy filedescriptors parameter
  • First Beta version of the "Go Shields Service"
  • DDOS Protection on selected interfaces ( see more information here )
  • Displays how many times the network cable was unplugged ( see more information here )
  • Possibility to remove ClamAV from the system ( see more information here )
  • New design interface for the logon page.
  • Size Limitation on Web Application firewall events.
  • Web application firewall reports storage can be defined by threat level.
  • Improve design of error generated when attempting to a wrong record in PowerDNS system.
  • Fake php compatibility between php 7.3 and php 7.4
  • Possibility to display all Web Application Firewall whitelisted rules.
  • Possibility to add a description on Artica snapshots
  • Realtime monitor for the Web Application Firewall requests. ( see more information here )
  • Possibility to display all Web Application Firewall whitelisted rules ( see more information here )
  • Possibility to remove or rotate Web application Firewall real-time accesses log ( see more information here )
  • Possibility to schedule an HaCluster service reload task ( defined to each 3h by default )
  • Possibility to create whitelist Web Application Firewall rules based on User-Agent header ( see more information here )
  • Possibility to download stored reports from the Web Application Firewall realtime threads.
  • Possibility to disable or enable Web application firewall in one click from the Web sites list.
  • Possibility to directly forge multiple records and multiple domains inside a rule without need to create objects ( see more information here )
  • Possibility to bond network interfaces ( see more information here )
  • Multipart request body failed strict validation in Web Application firewall is now disabled.
  • Phase 1 and 2 in Web Application Firewall rules
  • AdminTrack feature ( see more information here )
  • New Watchdog that testing the connectivity with backends proxy from the HaCluster service.
  • Possibility to turn the Proxy in Emergency Mode in Proxy service Status
  • PostGreSQL logs in the support tool.
  • Possibility to force restarting proxy service after log rotation.

MOVE

  • Proxy SSL cache directory to /etc/squid3 for more stability
  • PDF Statistics reports are now sent via Central SMTP notifications
  • Change the support creation tool to the new support system. ( see more information here )
  • ITCharters are moved into The Shields service.

UPDATE

  • Updating repositories for C-ICAP 5.0.9, Haproxy 2.4.4, Clamav 0.104.0
  • Updating repositories for ntopng 5.1, monit 5.29, netdata 1.31
  • Create a cloud ArticaTech dedicated ClamAV repository. ( see more information here )
  • Debian apt-get error APT repository changes its Suite value from X to Y: This must be accepted explicitly before updates for this repository can be applied
  • Proxy version 4.17 available on repository.
  • New version of memcached 1.6.12 for Debian 10 in repository
  • Available PowerDNS 4.5.2 in Cloud repository
  • Notification when a new PowerDNS version is available in the Artica cloud repository
  • Memcached 1.6.13 to updates repositories.
  • Netdata 1.32.1 to updates repositories.
  • ClamAV 0.104.2 to updates repositories.
  • Proxy cache version 5.4 in repository
  • Load-balancer version 2.5.2 in repository
  • Haproxy v2.5.4 in Artica repository
  • Update SSH reverse-proxy bastion to 2.0.2 to repository for Debian 10
  • MemCached 1.6.14 to repository for Debian 10.
  • Monit 5.31.0 to repository for Debian 10.
  • NetData 1.33.1 to repository for Debian 10.
  • DNS Cache service (unbound) version 1.15.0 in repositories for Debian 9 and Debian 10
  • PowerDNS 4.6.1 in repositories for Debian 10
  • Load-balancing service 2.5.5 in repositories for Debian 10
  • PowerDNS service 4.6.2 in repositories for Debian 10
  • Proxy Service 5.5 in repositories for Debian 10
  • Memcached service 1.6.15 in repositories for Debian 10
  • Netdata service 1.34.0 in repositories for Debian 10

REMOVE

  • Feature that testing the kerberos connection - too many false alarms
  • The use of DNSBL reputation service is removed, detection rate of The Shields is enough
  • Categories Services section is now removed ( unecessary )
  • filedescriptors issue frontend notification

CHANGE

  • THe Category service is removed and replaced by The Shields, any Artica version can use Personal Categories using the Shields.
  • Proxy store type and caches in aufs is definitively not supported in SMP configuration ( change to rock type )
  • Caches directories for each CPU is no longer used.
  • The Shield will listen 127.0.0.1 instead of unix socket in order to avoid issue Err 95 Operation not supported.
  • The use of ACL categories no longer requires a valid license.
  • The Shields service as been improved by using HTTP protocol and is now fully multithreads
  • The Shields section in left menus as been modified for better understanding features options.
  • If The Shields is not enabled as remote, id doesn't use the local service for query reputation.
  • The Shields service is now only an option only used for centralize Filtering services.
  • WebCopy feature did not longer use the local proxy if configured - it must be enabled in configuration
  • Redirect to Web-filtering error pages can be fully defined using rules method.
  • Deny cache feature is added even the Proxy Cache feature is not enabled in order to avoid caching in memory
  • : Not blocking if Web Application firewall cannot handle max body response size.
  • Switch the Web-filtering connector to original connector if only web-filtering is defined.

IMPROVE

  • Proxy Outgoing addresses rules.