***************************************************************** NxFilter v2.7.0 Author : Jinhee Lee Homepage : http://www.nxfilter.org Contact : support@nxfilter.org ***************************************************************** NxFilter is a property of Jahastech. 2015/03/27, v2.7.0 - Custom category domain limit increased to 100,000. - daily_stats table added. - request_traffic_5m, request_traffic_1h, real_user_count removed. - 'syslog_only' flag added into cfg.properties. - Authentication error with LDAP username having space allowed. - Default data for empty trend chart added. - LibDate.strftime_arr bug fixed. - log_view, signal_view, netflow_view, hh24, category_count_5m removed. - Daily report and weekly report being generated based on start date. - Datetime picker added for log-view and report. - Report caching structure redesigned. - Delete old data on 02:00. - Generating report cache for daily, weekly report on 03:00. - 'stop_auto_report' option for cfg.properties added. - 'ldap_conn_timeout' option for cfg.properties added. - 'ldap_read_timeout' option for cfg.properties added. - Swimsuit/Underwear category on Komodia map merged into Fashion/Beauty. - h2-1.3.176.jar added. 2015/03/10, v2.6.5 - 'log_flush_limit' option for cfg.properties added. - Komodia query only for existing domain. - 'most_permissive' option for cfg.properties for multi-category permit. - MIN_TTL set to 5 seconds for a response cache. 2015/03/03, v2.6.4 - DB_CLOSE_ON_EXIT=FALSE added in JDBC URL. - cluster_monitor missing colummn bug fixed. - Phishing related option for cfg.properties removed. - report_server_ip option for cfg.properties for separating reporting DB added. - Komodia 'Misc' mapping bug fixed. 2015/02/27, v2.6.3 - Syslog format changed to have 'NXFILTER' prefix. - ShallalistUpdate to be using system DNS. - Downloading the backup file from 'Config > backup'. 2015/02/11, v2.6.2 - License share between cluster nodes added. - keystore_file, keystore_pass option added on cfg.properties for custom SSL certification. - Multi-level domain chopping with Shallalist bug fixed. 2015/02/06, v2.6.1 - alert_email.ftl removed. - Komodia dynamic classification not added into cache. - Most specific IP range comes first rule for user association added. - '/conf/komodia.map' updated to having 69 categories. 2015/02/01, v2.6.0 - Domain test protocol changed. - Komodia cloud blacklist option added. - URLBlacklist option on GUI removed. 2015/01/10, v2.5.3 - Quota reset not synchronized over cluster bug fixed. - localhost excluded from DNS ACL for WebSoket. - Chrome block-page not showing on HTTPS bug fixed. - Proxy level redirection added. - Bypass authentication doesn't apply on authenticated user. 2015/12/30, v2.5.2 - install_time added into config table. - New block-page and login-page set added. - Chrome agent support added. - Wildcard, '*' support for whitelist keyword added. - DNS level Youtube safe-search enforcing added. 2014/12/05, v2.5.1 - Only allows IP address for AD/LDAP host. - Embedded Tomcat updated to v7.0.57. - Proxy level domain redirection added. - Bypassing IP host from forwarding query. - Custom query parsing bug fixed. - Java mail API updated to v1.5.1. 2014/11/27, v2.5.0 - Group account concept introduced. - NxClient v4.0 support added. - Showing real username from NxClient. - no-usr, no-grp -> anon-user, anon-grp. - Proxy log not display correctly with IDN bug fixed. - zvelo_timeout option added into cfg.properties. - Proxy blocked reason not display bug fixed. - 'local_resolver_port' option added into cfg.properties. - real_user_cnt table added for counting distinct logged-in username. - Version check for agent added. 2014/11/12, v2.4.5 - Time format on 'Report > usage' changed. - Log filename changed to 'nxfilter.log'. - PTR record bypassed from 'Block unclassified' option. 2014/11/07, v2.4.4 - DNS level safe-search enforcing implemented. - Safe-search option became policy specific. - bypass_empty_domain option added into cfg.properties. 2014/10/30, v2.4.3 - Alert email showing detailed reason for proxy block. - Usage report for recent 30 days added. 2014/10/20, v2.4.2 - is_valid_domain, is_valid_email moved into lib.jsp. - Group specific free-time not updated bug fixed. - Redirection domain timeout error fixed. - Zvelo license alert email bug fixed. 2014/10/13, v2.4.0-p1 - Admin domain and DDNS domain bypassed from filtering. - Reverse lookup domain added into DDNS domain lookup table. - 'max_slave_num' variable added into cfg.properties. - traffic_trend_5m -> request_trend_5m. - Report cache file extension changed from 'xml' to 'txt'. - Zvelo cloud option for blacklist added. - Minimum length for name adjusted to 1. - Phishing DB removed. - 'www_dir' param introduced for easier customization of GUI. - Default HTTPS port changed to 443. - Temp direcotry under webapps moved into tmp/www. - TCP port checking added into Windows setup. - Checking blacklist_type disparity among cluster nodes. 2014/09/24, v2.3.0 - Faster startup time by reducing local port checking timeout. - Performance increased by introducing thread safe map. - Domain cache and unclassified cache introduced. - Fusion chart compatibility removed. - Locking algorithm redesigned for PhishiDic. - ResponseCache redesigned using thread safe map. - Default response cache size increased to 200,000. - err_list removed from DAO. - OpenLDAP import supports 'memberOf' attribute. 2014/09/02, v2.2.8 - STOP signal added for NxClient and NxUpdate. - SWITCH signal removed. - Default block page not showing bug with IE fixed. 2014/08/25, v2.2.7-p1 - IP session synchronize for login_policy only. - StatsMaker thread bypassed for a slave node. - Bypass cache if there's an authority or additional record. - Slave node request count added into 'Config > cluster'. - Javascript added for hiding embedded block-page. - upstream_dns option added into cfg.properties. - Sending rf_block_ip to local user bug fixed. - Duplicated custom category name check added. - Custom query support added. - Single IP association comes before IP session. 2014/08/15, v2.2.6 - Slash relaced to back-slash on NxPath. - Checking AD DNS server availability. - use_local_dns param not used bug fixed. - IPUPDATE signal ingnored if it comes from a static IP. - Proxy, application error count added into report. - tomcat.ks -> nxfilter.jks. - dump_domain option for cfg.properties added. - bypass_cache_domain option for cfg.properties added. 2014/07/22, v2.2.5 - Local DB initial copy routine at startup added. - block_redi_ip, rf_block_redi_ip length adjusted to 100. - Logout signal added. 2014/07/14, v2.2.4 - 'Request' -> 'User' on header of 'Logging > request' list. - Array index overflow bug on logging across clustering nodes fixed. - Load balancing for block reason added. - Admin domain redirection rule added for clustering. - top_nomenu.jsp, bottom_nocopy.jsp, action_info_nomenu.jsp removed. - FusionCharts.js link removed from top.jsp. - Program icon changed. 2014/07/01, v2.2.3 - Windows installer preserves previous config files with the introduction of default config files. - Back-slash in NxPath replaced to slash. - Regex removed from whitelist map. - True bypass concept introduced. - Login through NxLogon to slave node synchronized with master node. - Adjust resolving order to prevent socket connection error on NxLogon. - Bulk insert for custom category bug fixed. - Load balancing for login, block redirection. - Local cache DB added for load balancing. - '/extra' directory and 'nxlogon.exe' removed for preventing false positives from some virus detection program. 2014/06/26, v2.2.2 - Forcing safe-search option through NxClient, NxLogon V2 added. - URL keyword filtering through NxClient, NxLogon V2 added. - Application control through NxClient, NxLogon V2 added. - CharacterSet encoding removed from NxParam as a redundancy. - Request object removed from AdminLoginDao. - javax.naming.PartialResultException ignored by LdapAgent. - '+' in application control rule changed to '*'. - Minimum length(4) introduced for application control keyword. - Empty record check for finding response cache added. - application -> policy_application. - Domain to domain redirection added. - block_domain introduced. - Fash-flux detection removed. - IP based ACL for login redirection added. - err_detail -> reason_detail. - System domain concept removed. - Log only applied to proxy policy. - Whitelist domain, keyword for bypass filtering applied to proxy policy. - Block IP host added to proxy policy. - Using DynUpdate for AD domain resolving. - Block other browser option added for proxy policy. - Default number of request handler became 4. - Default value for 'Log retention days' changed to 30. - Timeout applied to TCP port checking at startup. - Application block execution interval introduced. - Included NxLogon updated to v1.5 having application blocking removed. - Agent policy update period added on 'Config > config'. - SMTP port reset bug on GUI fixed. - Google chart not displaying for IE bug fixed. - 'overflow: hidden' on 'div.hr' added into block-page template. 2014/05/18, v2.1.0 - Application control added. - New NxLogon for killing UltraSurf and Tor processes. - NxMapper for AD single sign-on support added. - Per-user basis sum view added for 'Log > bandwidth'. - '#{user}' variable supported on welcome page. - Bordering spaces allowed in exclude keyword for LDAP import. - Make a temporary copy for the request parameter map. - Empty password for LDAP import allowed. - '0:0:0:0:0:0:0:1' check for GUI restriction restored. - Block, login, welcome page removed from GUI IP restriction. - FusionChart library removed. 2014/04/28, v2.0.6 - Login redirection bug fixed. 2014/04/27, v2.0.5 - Login API through HTTP added for custom login script. - Top 5 chart by client-ip added into daily and weekly report. - Group or user exclusion by keyword for LDAP import added. - Request, Response, Wonfig for GUI removed. - Group specific free-time added. - Free-time policy added on user, group list GUI view. - User, group, policy, category variables added into block-page. - Phishing host converted to lower case. - Not selecting 'Same as work-time policy' for user-edit bug fixed. - Free-time flag added in user-test view. - 24:00 added for free-time setup. 2014/04/14, v2.0.4 - Logout-domain not working bug fixed. - Correct cluster node downtime added into alert email. - Slave node monitor added on 'Config > cluster'. - Connection check from slave node startup readded. - Action info missing on user,ldap_edit.jsp fixed. - 'overflow: hidden' added for IE compatibility. - Blocked IP for DNS added on 'Config > allowed-ip'. - Concurrency bug with NxParam fixed. 2014/04/08, v2.0.3 - Report statistics cache added for faster report generation. - NxClient signals removed from DNS packet. 2014/04/02, v2.0.2 - Netflow size format changed to human readable format. - OpenLDAP support restored by user request. - Cluster mode warning message added. - Custom category not showing on policy bug fixed. - Custom category domain limit bug fixed. - Quota time not reset on midnight bug fixed. - 'Duplicate headers returned by the server' on Chrome bug fixed. 2014/04/01, v2.0.1 - Whitelist keyword not realoading bug fixed. - Null pointer exception from version check fixed. - Bandwith synch bug when a cluster node died fixed. - Block redirection not working on SSL bug fixed. 2014/03/30, v2.0.0 - New GUI component layer for easy customization applied. - Google chart introduced for dashboard and report. - Weekly report added. - Block-page edit, preview on GUI supported. - 'Config > alert' menu separated. - Alert period introduced. - Detailed statstics with request-count, request-sum and ip-count. - no-user, no-grp introduced for default user and group name. - Login redirection using login domain. - Admin name introduced. - 'Config > admin-pw' -> 'Config > admin'. - user_ip index added. - history_retention_period -> log_retention_period - history -> log. - OpenLDAP, eDirectory support removed. - Variable names in access_violation.ftl changed. - Use update button to change login-token. - LDAP period caculation algorithm changed. - div.hr class replacing hr tag for IE compatibility. - Row highlight for list introduced. 2014/03/10, v1.7.6 - Alert interval changed to 5 minutes. - Include SRV record for category lookup. - RecordSet not closing bug from config, report fixed. - Embedded Tomcat updated to v7.0.52. - max_domain_len adjusted to between 0 and 1000. 2014/02/10, v1.7.5 - Alert email sender changed to admin email. - Zone-transfer test button added. - reset_acl util script added. - table.view class added into common.css. - log_blocked_only option added into cfg.properties. - PTR record excluded from domain length checking. - DB connection not closing bug after bandwidth data loading fixed. 2014/01/06, v1.7.4 - IE, Chrome compatibility enhanced for HR tag color. - Stops on binding error for UDP 53 port. - Zone-transfer interval adjusted to 5 seconds. - Bypassing DDNS update message for Active Directory. - File not close bug fixed on Logging > request. - admin_pw removed from Config, Wonfig. 2013/12/20, v1.7.3-p1 - 'RF token' changed to 'Login token'. - 'RF block redirection IP' changed to 'External redirection IP'. - preferIPv4Stack option enabled for Tomcat. - Time difference between user report and global report fixed. - Policy specific ad-remove option added. - Top 5 category chart added into dashboard. - User specific top 5 category chart added into 24 hour report. - Active Directory connection timeout changed to 5 seconds. - Active Directory read timeout changed to 20 seconds. - delete_old applied to signal and netflow data. - Traffic column not updating for reducing update time. 2013/11/14, v1.7.2 - Changed several menu names, history -> logging or request. - Fast-flux detection not disabled bug fixed. - Domain lookup speed improved with new caching algorithm. - Firewall rule added for TCP 80 port on Windows installer. 2013/10/27, v1.7.1 - Tutorial link added into the top menu. - 'Response cache size' option moved into 'Config > config > DNS setup'. - Connection pool leak on 'Config > config' fixed. - SRV query excluded from domain name length filtering. - GUI design layout changed. 2013/10/14, v1.7.0 - GUI view layer changed to JSP. - Changing GUI template directory made to be possible. - 'ad-remove' category introduced for removing embedded adverts. - Initial password information added to admin login-page. - 'Config > config' not updating bug fixed. 2013/10/09, v1.6.2 - Uncaught exception handler added for worker threads. - Pagination HTML tag bug fixed. - Admin domain added for accessing GUI using domain. 2013/10/05, v1.6.1 - local_dns, local_domain options added for bypassing NxFilter. 2013/09/22, v1.6.0 - Shallalist support added. - Auto-backup retention period added. - User select box error with IE, Chrome on report page fixed. - Checking for URL insertion on whitelist by domain added. - DB Query timeout applied for GUI. - Script name changed, update-bl.bat to update_bl.bat. 2013/09/15, v1.5.4 - Bandwidth control added. - Duplicated TTL manipulating routine removed. - AD/LDAP login-page username changed to case-insensitive. - Policy update error with empty category bug fixed. - Username not found exception on per-user report fixed. 2013/08/29, v1.5.3 - User identification by ip-session comes before IP based user. - Communication for history in clustering works asynchronous way. - IP binding with local connection bug fixed. 2013/08/26 v1.5.2 - IP binding added. - One to many relationship applied for whitelist and policy. - Default list size of history, signal search changed to 200. - CSV file export added for history. - User, group relation not deleted on AD import bug fixed. 2013/08/19, v1.5.1 - OpenLDAP integration support added. - Novell eDirectory integration support added. - Client IP shown on user selection for per-user basis report. - Clear button added in 'History > history' and 'History > signal'. - Admin password reset util script added. 2013/08/10, v1.5.0 - Category top 5 chart added. - Setting 'Max domain length' in policy not to 0 fixed. - List order in GUI changed to ignore the case. - Concurrency issue with block-page fixed. 2013/07/27, v1.4.9 - 'Block unclassified' option added into policy. - DB connection not return bug on 'User > active-directory > import' fixed. - Empty group allowed from AD import. 2013/07/21, v1.4.8 - User specific report added. - User, Client IP linked in 'History > signal'. - Exact matching keyword introduced into history search. 2013/07/14, v1.4.7 - Auto-backup for config DB added. - Typo on 'Response cache size' removed. - User, group, policy search option link on 'History > history'. - Initial DB connection will be tried for 1 minute until it gets connected. - http_port, https_port parameter added into cfg.properties. - Group filter missing after navigation in history search fixed. 2013/07/07, v1.4.6 - IP based ACL for cluster node applied to database connection. - Sending success message to NxUpdate. - Bypassing AD update when it gets an empty data set. 2013/06/29, v1.4.5 - Dynamic IP update for client added. - bypass_filter on per-policy whitelist enabled. - Duplicated domain, keyword on whitelist allowed. - Expiration-date display bug fixed. - Quota reset bug fixed. 2013/06/25, v1.4.4 - Zone-transfer on AD import bug fixed. 2013/06/23, v1.4.3 - Per-policy whitelist/blacklist added. - Response cache size option added. - AD importation of computer account bug fixed. - Default value for 'Max domain length' changed to 64. 2013/06/13, v1.4.2 - Zone transfer function added. - Admin password reloading bug fixed. 2013/06/08, v1.4.1 - SPF record detection moved into 'covert channel'. - Covert channel detection on CNAME, SRV response record added. 2013/06/01, v1.4.0 - Malware/Botnet detection added. - Inspection on response packet added. - DNS record type added in history, syslog exportation. - Domain property added to active directory data. - User move bug in group edit fixed. 2013/05/17, v1.3.1 - Alert mailing system revised. - Time format changed in access violation email. - Clustering node down alert email added. - Whitelist overrides phishing protection. - Simpler management for phishing protection. 2013/05/06, v1.3.0 - Load-balancing and fail-safe with clustering added. - Login to multiple server function for nxlogon added. - Opening Windows firewall port from the installer. - prunsrv.exe for AMD64, IA64 removed from the package. - NxClient separated from the package. 2013/04/22, v1.2.0 - Remote filtering client added. - Auto-detection for 'NX_HOME' added. 2013/04/07, v1.1.5 - Expiration date for user account added. - Checking JRE version from the Windows installer. - Installing service option from the Windows installer. - Bug fixed, user password update bug fixed. - Bug fixed, ignore the DNS resolvers not responding. - Bug fixed, logout not closing socket connection fixed. 2013/03/19, v1.1.4 - SRV record excluded from local DNS cache. - Logoff script added for Active Directory. - IP based ACL replaced to simpler one. - IP based ACL for admin GUI added. - Bug fixed, apply custom categories against IDN. 2013/03/12, v1.1.3 - Phishing protection overrides 'log_only' option in policy. - 'admin_block' in whitelist overrides 'log_only' option in policy. - Using '*' for including subdomains in whitelist and custom category. - Summary statistics added in dashboard and report. 2013/03/07, v1.1.2 - System categories will not be appeared in policy-edit before populated. - Bug fixed, Multi-category bug fixed. - Bug fixed, default data for lunch-time bug fixed. 2013/03/01, v1.1.1 - Phishing DB update bug fixed. - History search bug fixed. 2013/02/25, v1.1 - Phishing protection added. - link to domain in history added. - Bug fixed, free-time bug fixed. - Bug fixed, group member assignment bug fixed. 2013/02/12, v1.0 - Single sign-on with Active Directory added. - Dual policy setup, You can have work-time policy and free-time policy for user and group. - Template for new policy creation added. - 'Quota all' option for applying quota to all domain added. - Javascript confirm message added for deleting data. - IE compatibility improved. 2013/01/30, v0.91 - Mass toggle for blocked categories added. - Syslog exportation added. - Quota time added. - Bug fixed, history, report custom date bug fixed. - Bug fixed, possible deadlock in internal socket fixed.