WebMarshal 7.5 Release Notes

Last Revision: August 15, 2022

These notes are additional to the WebMarshal User Guide and supersede information supplied in that Guide.

The information in this document is current as of the date of publication. To check for any later information, please see Trustwave Knowledge Base article Q21182.

New Features
System Requirements
Upgrade Instructions
Uninstalling
Release History

New Features

For more information about additional minor features and bug fixes, see the release history.

Features New in 7.5.0

Office365 URL Retrieval: WebMarshal retrieves the URL listings for Office365 related sites from Microsoft. These listings are inserted to FileFilter categories. The "All URLs" list can be included in the Proxy Bypass list.

Features New in 7.4.5

Brotli compression support: WebMarshal supports decompression and compression of web requests using the Brotli compression format.
Header Matching: WebMarshal provides a rule condition to match or compare HTTP headers.

Features New in 7.4.1

Google Web Risk support: WebMarshal implements use of the Google Web Risk API as a scan engine.

Features and Changes in 7.4

Google Safe Browsing support disabled: The plug-in for Google Safe Browsing support is disabled due to a change in Google Terms of Service. For more information, see Trustwave Knowledge Base article Q21118. Trustwave plans to provide access to Google threat data through the Web Risk API in a future release.

Features New in 7.3.1

Improved Performance and Scalability: Default settings are updated to take advantage of the performance gains available with 64 bit systems. Enhanced threading also improves performance.

Features New in 7.3

Supports TLS 1.3: WebMarshal client and server connections and rules support TLS 1.3.

Earlier Feature Enhancements

To review earlier feature enhancement history, see the release notes for earlier WebMarshal versions, available through the Trustwave Knowledge Base.

System Requirements

Hardware required is dependent on the number of concurrent web users and the rules in use. Use of Filtering Lists improves performance. Heavy use of TextCensor decreases performance. Be prepared to adjust specification as required.

Typically a computer with the following specifications is adequate as a processing server for 250-500 concurrent users.

Dual core processor, 2GHz or better. Use of HTTPS Content Inspection significantly increases CPU usage (due to encryption and decryption load).
20 GB free disk space. 30 GB additional free space required for Proxy Caching with the default settings. (Additional disk required for Filtering Lists and text logging.)
3 GB RAM available for this application. If CRL Checking is enabled, up to 500MB may be consumed on each processing node for cached CRL information. See also Trustwave Knowledge Base article Q14152.

WebMarshal Array Manager, processing servers, and Console require the following software:

Windows Server 2022
Windows Server 2019
Windows Server 2016
Windows Server 2012 or 2012 R2
Windows 10
Windows 8.1

Note: Install Windows using the English language version.

Utility prerequisites:
- Microsoft Visual C++ 2015 runtime
- Microsoft .NET 4.6.2
  - Note: The above software will be installed as part of the WebMarshal installation if necessary. Installation of .NET 4.6.2 may require a restart. If your WebMarshal policy blocks download of executable files, the automatic installation of .NET 4.6.2 will fail on any server where Internet Explorer proxy settings point to WebMarshal. You must make a temporary exception or install .NET 4.6.2 in another way.
For database logging (optional), SQL Server 2019 or 2019 Express, SQL Server 2016 or 2016 Express, SQL Server 2014 or 2014 Express (SP1 or above), SQL Server 2012 or 2012 Express (SP3 or above)
- A WebMarshal installation package that includes SQL 2014 Express SP1 is available. If no local installation of SQL is found, this package will offer to install SQL Express locally with appropriate options (Named Pipes and TCP/IP enabled).
- SQL Server or SQL Express requires Windows Installer 4.5 and .NET 4.6.
For NDS integration, Novell NDS Client 2.

Upgrade Instructions

Upgrade from 7.X is a standard in-place upgrade. Upgrade/migration from 6.X uninstalls the 32-bit software and installs the 64-bit software.

To upgrade from a WebMarshal 6.11 or later release, run the product installer on each server where WebMarshal components are installed (including the Array Manager, and any additional processing node servers and Console installations).

To upgrade from versions prior to 6.11, you must first upgrade to at least 6.11.0.

Upgrade the Array Manager first and then upgrade any additional nodes. For more information, see Trustwave Knowledge Base article Q13031.
It is best practice to back up your WebMarshal configuration before upgrading.
If you are logging data to a SQL database, the database must be upgraded. If necessary, the installer will prompt for credentials of a database user with permission to upgrade the database (database owner privilege). If the database is not upgraded, database logging will be disabled until you upgrade the database and re-enable logging. For more information and instructions, see Trustwave Knowledge Base article Q12030.
Be sure to upgrade any WebMarshal Console installations on other workstations.

See the upgrade notes below for version-specific information. For upgrade notes relating to versions prior to 6.11, please see earlier Release Note documents available through the Trustwave Knowledge Base.

Upgrade Notes

Version 7.4.1 Google Web Risk API Key: On upgrade to 7.4.1 or above from 7.4.0 or below, Google Safe Browsing is replaced by Google Web Risk. Any Google API Key that had been entered for Google Safe Browsing will be removed. To enable Google Web Risk integration you must enter a Google API Key valid for this service.

For upgrade notes relating to versions prior to 7.4, please see earlier Release Note documents available on the Trustwave website.

Uninstalling

WebMarshal can be installed in a variety of scenarios. For full information on uninstalling WebMarshal from a production environment, see the WebMarshal User Guide.

To uninstall a trial installation on a single computer:

Close the WebMarshal applications including the Console and Reports on all workstations.
On the WebMarshal server(s), use the Windows Add/Remove Programs control panel to remove WebMarshal.
If you selected a location outside the WebMarshal install folder for files created by WebMarshal (such as Proxy Cache or Configuration Backup), the uninstallation will not remove the files. Delete these files manually if required.
On any other workstations where WebMarshal components were installed, use the Windows Add/Remove Programs control panel to remove them. These components can include WebMarshal console software and older versions of WebMarshal Reports.
You can drop the WebMarshal database from the SQL server by using the SQL Express administration tools.

Release History

The following additional items have been changed or updated in the specific build versions of WebMarshal listed.

7.5.0 (August 15, 2022)

WM-5727	The Microsoft Office 365 endpoints list is automatically retrieved by WebMarshal and available for use in FileFilter and the Proxy Bypass List.
WM-5734	Administrative notification emails now show the name of the node where the issue was reported.
WM-5735	A new advanced setting allows dynamic update of the IP Group membership of a computer. See Trustwave Knowledge Base article Q21186.
WM-5739	The default value for MaxRuleThreads (filter threads from Proxy to Engine) is reduced to 50. This setting enhances performance by reducing congestion in the Engine.
WM-5741	WebMarshal can now be configured to authenticate and log requests using the IP address presented in the X-Forwarded-For header.
WM-5743	For the avoidance of doubt, Windows authentication used by WebMarshal is no longer referred to as "NTLM". WebMarshal uses the "Negotiate" method and Kerberos is the preferred option. This is a wording change only. The functionality was already present.
WM-5748	Categories deprecated in the Web Filter Database are no longer inserted in new installations. On upgraded installations these categories are renamed, but must be removed manually. See Trustwave Knowledge Base article Q21089.
WM-5777	The Customer Feedback Module (anonymized browsing data) has been disabled.
WM-5784	Visual C++ 2010 is no longer required or installed.
WM-5786	The TextCensor2 DLL and dependencies now use the current version of Visual C++.
WM-5789	The Engine service could hang in certain circumstances due to a resource deadlock. Fixed.
WM-5791	In-memory caching of CRLs by the Proxy is more efficient.
WM-5793	The version of OpenSSL included in the install is updated.
WM-5794	The version of LibCurl included in the install is updated.
WM-5796	The version of 7zip included in the install is updated.
WM-5797	The version of Libtet (PDF unpacking) included in the install is updated.
WM-5798	The version of Visual C++ included in the install is updated.
WM-5799	The version of Brotli compression support is upgraded.

7.4.5 (February 18, 2021)

WM-5344	The Remote Console (ClickOnce) did not work on client systems with UAC enabled. Fixed.
WM-5510	In release 7.2.0 and above, IP authentication did not work under HTTPS for entries manually created by computer name. Fixed.
WM-5542	Blocked Upload requests were not logged. Fixed.
WM-5676	Brotli compression is supported.
WM-5677	Header Matching and comparison are supported as rule conditions.
WM-5683	Configuration was committed each time the WebMarshal Console was opened. Fixed.
WM-5685	WebMarshal did not correctly validate a HTTPS certificate chain when the original root certificate was expired but another valid chain existed. Fixed.
WM-5686	The policy tester did not work for uploads. Fixed.
WM-5703	A possible memory leak related to certificate handling was identified. Fixed.
WM-5704	When no trusted certificate chain was available, the WebMarshal block page was not served. Fixed.
WM-5705	Ajax requests with very large content in response headers failed. This issue is addressed with an increase in default permitted header size and ability to set allowed header size over all components.
WM-5715	Validation of certificate chains is improved using additional OpenSSL functionality.

7.4.1 (February 4, 2020)

WM-5602	The version of Libtet (PDF unpacking) included in the install is updated.
WM-5635	The Google Safe Browsing Scan Engine plug-in is removed. The Google Web Risk Scan-Engine plug-in is added.

7.4.0 (November 19, 2019)

WM-5499	In earlier 7.X releases, console connections required the permission "Modify Policy". Fixed: the minimum permissions required are "Console Connect" and "View Policy"
WM-5522	In earlier 7.X releases, adding many URLs to a category concurrently could cause the Controller service to stop. Fixed.
WM-5538	Where no virus scanners were present, the Engine could fail to start due to an uninitialized value. Fixed.

7.3.2 (July 4, 2019)

WM-5511	In release 7.3.1 when upgraded from a previous version, the Engine could encounter failures in the Scan Engine plugins. Fixed.
WM-5518	Traffic Logging now includes the IP address of the remote server or chained proxy (in WELF format, "dst="; in W3C format, "r-ip").
WM-5519	On a very busy processing system, random file generation for temporary files could fail. Fixed: more attempts and a longer file name format are used.

7.3.1 (May 14, 2019)

WM-5500

Filtering performance and scalability is significantly improved with an update to the Controller and new default settings.

7.3.0 (January 29, 2019)

WM-5477

WebMarshal supports TLS 1.3.

Note: To review change history for earlier versions, please see the Release Notes for the specific version of WebMarshal. All Release Notes are available through the Trustwave Knowledge Base.

Legal Notice

All rights reserved. This document is protected by copyright and any distribution, reproduction, copying, or decompilation is strictly prohibited without the prior written consent of Trustwave. No part of this document may be reproduced in any form or by any means without the prior written authorization of Trustwave. While every precaution has been taken in the preparation of this document, Trustwave assumes no responsibility for errors or omissions. This publication and features described herein are subject to change without notice.

While the authors have used their best efforts in preparing this document, they make no representation or warranties with respect to the accuracy or completeness of the contents of this document and specifically disclaim any implied warranties of merchantability or fitness for a particular purpose. No warranty may be created or extended by sales representatives or written sales materials. The advice and strategies contained herein may not be suitable for your situation. You should consult with a professional where appropriate. Neither the author nor Trustwave shall be liable for any loss of profit or any commercial damages, including but not limited to direct, indirect, special, incidental, consequential, or other damages.

Trademarks

Trustwave and the Trustwave logo are trademarks of Trustwave. Such trademarks shall not be used, copied, or disseminated in any manner without the prior written permission of Trustwave.

About Trustwave®

Trustwave helps businesses fight cybercrime, protect data and reduce security risk. With cloud and managed security services, integrated technologies and a team of security experts, ethical hackers and researchers, Trustwave enables businesses to transform the way they manage their information security and compliance programs. More than three million businesses are enrolled in the Trustwave TrustKeeper® cloud platform, through which Trustwave delivers automated, efficient and cost-effective threat, vulnerability and compliance management. Trustwave is headquartered in Chicago, with customers in 96 countries. For more information about Trustwave, visit https://www.trustwave.com.