| 9,7 → 9,7 |
|---|
| - The WhiteList architecture is enabled |
| - All the documentation has been translated in english |
| - The security certificate is now signed in sha256 |
| Core improuvments |
| Core improvements |
| - HAVP doesn't scan youtube flows (too heavy load / no risk) |
| |
| ---------------------- 2.6.1 ----------------- |
| 31,12 → 31,12 |
|---|
| - "activity.php" : don't print "private_ip_address". Update with new "chilli_query" output |
| - re-activation of COA between radius and coova (radius disconnect the users directly). |
| - the "url-redirect" attribute now works fine (coovachilli V.1.2.9-1) |
| Core improuvments |
| Core improvements |
| - all "alcasar.info" becomes "alcasar.net" in code |
| - change the order of http chain (DG --> squid --> HAVP --> Internet) more réactivity and less charge of CPU |
| - Dansguardian deny domains when requested via proxy http |
| - The database is checked (and repair) every week |
| Improve security |
| security improvements |
| - The blacklist is now verified before activating (ANSSI need) |
| - The school/parental control can now filter search engines (google, bing, yahoo, matacrowler, etc.) and Youtube |
| News |
| 66,13 → 66,13 |
|---|
| - allow FTP in output |
| - eth1 is no more configured. Tun0 works better (only one arp cache) |
| - modoarchive is deleted (too many bugs and too hard to debug) |
| Improve Core |
| Core improvements |
| - new alcasar-iptables.sh script (more logically strutured) |
| - update phpsysinfo page ("Internet access flag" nom show the right status) |
| - Authenticate user on Mysql when LDAP server is down |
| - import users via text file with or without password |
| - last version of coova-chilli |
| Improve security |
| security improvements |
| - The 8080 (TCP) and 53 (UDP) ports are now hidden on Lan side |
| - ANSSI code review (sql escape string in PHP) |
| - remove the apache unused modules |
| 79,7 → 79,7 |
|---|
| - the blacklist is no more update automaticly |
| - postfix banner is more secure |
| - anonymisation of squid (+ remove of 'x_forwarded' rule) |
| Improve installation |
| installation improvements |
| - control eth0 config on startup (no dhcp) |
| - don't download the last BL version |
| - remove unused RPM before update the system |
| 104,10 → 104,10 |
|---|
| Bugs |
| - group properties are now written on the voucher |
| - hold the state of network filter when update |
| Core improuvments |
| Core improvements |
| - simplify official certificate import process |
| - update with the last version of Coova (1.2.8) |
| Improve security |
| security improvements |
| - end of implementation of ANSSI rules for netfilter |
| News |
| - allow exception of IP addresses (or network addresses) in the authentication process |
| 118,14 → 118,14 |
|---|
| - A bug with "sudo" is bypassed |
| - improve the script which display and close users open sessions |
| - some minor bugs |
| Core improuvments |
| Core improvements |
| - add a central conf file (/usr/local/etc/alcasar.conf) |
| - IP parameters can be change in central conf file. Apply with the script "alcasar-conf.sh -apply" |
| - 'alcasar-nf.sh' and 'alcasar-bl.sh' scripts now use the global parameters file (alcasar.conf) |
| - improve the script which managed the trusted sites and urls |
| Improve security |
| security improvements |
| - close all accounting session when the system goes down or up |
| Improve install process |
| installation process improvements |
| - allow change of alcasar IP private address during install stage |
| - no more question, when upgrating |
| News |