SafeSquid for Linux SWG safesquid-2018.0921.1903.3-swg-standard released
From Secure Web Gateway
- Policy based blocking of HTTPS web-sites was discovered to be over-ridden if HTTPS Inspection was disabled.
This was caused due to SSL inspection bypass, also bypassing the sending of blocking template instead of the actual content.
Now in event of blocking an HTTPS web-site:
a) If HTTPS section is enabled, but matching entry is set to bypass SSL inspection, then SSL encryption is inititaed on the client connection, and template is sent.
b) If HTTPS section is disabled, unencrypted template is sent to the users.
- Some web-servers prefer brotli compression, this mechanism is not handled by SafeSquid.
This caused bypassing of the real-time security scanners. SafeSquid now hides the acceptability of brotli compression in the the request headers sent to the web-server.
This forces the web-servers to serve only gzip / deflate based compression, which can be elegantly handled by SafeSquid and the content can be screened by real-time scanners.
- The HTML code of the template rendered in event of blocking due to policies was discovered to be flawed.
This caused incorrect rendering of the template, in event of request being blocked due to a policy that had multi-line comments containing CR/LF.
The flawed rendering suggested the users that they have the privilege to bypass and continue accessing the blocked website.
The user is however prevented from proceeding by a subsequent template.
This has now been fixed.
New Users? Getting_Started
Download SafeSquid ISO to create your appliance.
Download safesquid-2018.0921.1903.3-swg-standard.tar.gz tarball for up-gradation or If you already have Linux 14.04 machine.