Release Notes of ufdbGuard v1.31

Version v1.31 of ufdbGuard was released to introduce a new feature: reports.  ufdbGuard also became easier to install and configure, and is now also available as a RPM package for Redhat/CentOS.  Furthermore, 4 minor issues have been resolved, support for dynamic URL tables is added, more statistics are logged, the documentation was updated and the URL database has a new URL category.

New Functionality

  • a new toolset is available to analyse the ufdbguardd log files. The new commands are ufdb_analyse_urls, ufdb_analyse_users, ufdb_top_users and ufdb_top_urls,
  • a new keyword execdomainlist enables the use of a URL table that changes often without the need to reload the whole database,
  • a new keyword refreshdomainlist defines how many minutes are in between successive updates of URL tables which have an execdomainlist property,
  • the configure script has new options to independantly define the installation directories for binaries, pid files and man pages,
  • is added to the list of SafeSearch search engines,
  • the ufdbUpdate script now uses parameters from /etc/sysconfig/ufdbguard,
  • the log file contains new statistics about blocked categories and blocked sources,
  • generate statistics every 48 hours when then administrator does not use ufdbUpdate every day.

Fixes for Issues

  • blocked HTTPS sites are redirected to "" or to the value of the parameter "redirect-https" to resolve an issue with Squid running out of file descriptors,
  • sometimes ufdbguardd hangs when a very long uncategorised URL is used,
  • a parallel build can be done (based on a patch from the Gentoo package maintainer),
  • domains specified with the domain keyword were not matched.
  • The Reference Manual was updated to include a section about the use of the iplist keyword.
  • Version 1.31 patch 15 (ufdbGuard-1.31-15.tar.gz) was released on February 15, 2016 to fix the following issues:
    a problem with "make install"
    a problem with "ufdbUpdate"
    ufdbGuard crashed when more than 10,000 expressions are used
    improve detection of Tor proxies
    ufdbGuard crashed when very verbose debugging was used.
    ufdbguardd crashed when check-proxy-tunnels was set to "aggressive" and the URL database was reloaded.
    Fix for a new bug that was introduced in v1.31: always print IP address of client in the log file.
    Prevent crash when a user-defined URL category is used where the last domain is a TLD.
    Youtube edufilter did not work when the sslBump feature of Squid is used.
    The Squid redirector interface changed with Squid version 3.4 and patch9 introduces the keyword squid-version to support Squid 3.4.x.
    The Youtube edufilter did not work when Squid sslBump is used.
    Fix a configuration file issue with ufdbUpdate on Ubuntu Linux.
    Remove a message about SSL connection setup from the logfile unless debugging is enabled.
    Make sure that ufdbUpdate has the correct exit code when wget fails.
    Prevent crash when using debug level 2.
    Use a hostname hint (TLS SNI) when probing HTTPS connections. This sometimes prevents incorrect blocking of HTTPS-based URLs.
    Enforce the correct directory permissions when the directory for the pid file is created. For all Linux systems where the /run file system has type tmpfs.
    Resolve compiler warnings of gcc 4.8.
    Explicitly allowed categories could sometimes be blocked.
    On FreeBSD 10 and Solaris 10 ufdbGuard did not compile.
    An acl with a 'pass' without a list of sources may cause a crash when a database is reloaded.
    Allow an empty pass list in an else part of an ACL with a source that has continued search blocked URLs.
    Once an old database was loaded the database status remained 'old database', even after a current database was loaded.
    Redirection of URLs with HTTPS on Squid 3.4+ failed.
    Added warning about missing any/none in ACLs.
    New installation procedure for Solaris 10 and 11 - with help from Yuri Voinov.
    Suppress warning about control characters by ufdbGenTable when -q option is used.
    On a crash, a stack dump is also written to /tmp/urlfilterdb.crashreport.ID
    Regular expression matching has increased performance.
    A fatal error and crash could occur when HTTPS URLs are probed. Depending on the version of the pthread library, a crash happens.
    After a fatal error "connection queue is full", ufdbguardd must be restarted to accept new connections.
    On some Redhat and CentOS systems the installation of the RPM package may fail due to incorrect dependencies.
    Enhancement: ufdb-pstack prints more information about the system.
    Enhancement: sources can be matched when they have ip and user definitions.

    Latest fixes which are included in patch 15:
    Fix an issue where uncategorised URLs are not uploaded when an ACL has "any" or "none".

New URL redirector protocol of Squid 3.4

Squid 3.4.1 introduces a new URL redirector protocol and is backwards compatible with the URL redirector protocol of Squid 3.0 - 3.3 but does not support any more the older redirector protocol of Squid 2.x.  Since ufdbGuard was using the URL redirector 2.6 protocol, a patch was released (ufdbGuard v1.31-9) to support all known redirector interfaces of Squid.  The administrator can configure the choice of protocol with the new keyword squid-version.  Since squidGuard uses the URL redirector 2.6 protocol and has no updates since September 2010, it is suggested that users of squidGuard switch to ufdbGuard. 

New URL categories

The URL database has a new URL category called mozilla with IP adresses that the Mozilla Firefox browser uses to find extensions and updates.  This category is normally used to whitelist access.  The URL category proxies has a new subcategory called silk.  The URL category external applications has new subcategories called icloud and telegram.


Click here to go to the download section for packages, sources and documentation.