NxFilter v2.0.5-beta is ready for testing.

[Jinhee]

NxFilter v2.0.5 was supposed to be a minor update version. But I decided
to implement some of the feature requests from users. As a result it became
not so much minor version. So we need to do some beta testing before
we release it.

There were these changes with v2.0.5.

  - Login API through HTTP added for custom login script.

  - Top 5 chart by client-ip added into daily and weekly report.

  - Group or user exclusion by keyword for LDAP import added.

  - Request, Response, Wonfig for GUI removed.

  - Group specific free-time added.

  - Free-time policy added on user, group list GUI view.

  - User, group, policy, category variables added into block-page.

Once Paul Flere wanted to have single sign-on against AD from his Linux box.
At the time I wrote a Java version of login program running on Linux box and
Paul wrote a script to run it from Linux box. After that Paul gave me
his script to share with the other users but the problem is it's bit complicated
for most people. So now I simplified it by making API through HTTP.

Rob Asher wanted to exclude some of his groups and users from LDAP importing.
I understand this one because I also see several not so much useful groups
and users from my AD importing so I came up with keyword based exclusion.

David Johnson, Dm Ms, Victor Fisher wanted to have policy specific free-time.
But I guess for us it's not that useful so I came up with group specific
free-time. Currently it's only daily basis but I think being combined with
global free-time and multiple groups it will be satisfying to most users.

Mark Page wants to have group, policy, category variables in block-page.
At first I didn't like the idea but in the long run it might be needed for
the other people.

Download link is here.

  http://www.nxfilter.org/download/nxfilter-2.0.5-beta.zip

Jinhee

[Giorgio Catena]

Great work Jinhee.
as far as i can see one great new feature could be the specific approval to access to quotaed pages. This to avoid fals positive in quotaed categories given by sites' cross referenced domains.
happy easter.
Giorgio

[Jinhee]

If we have a way of telling which page is embedded on DNS level that'd be easy.
But we can't tell it so you might need to go with some workaround.

These false positive case is mostly coming embedded sites like facebook.
So you need to make a custom category to include these sites.
And then you exclude this category from quota-block.

Although you can't use quota-time on these site this way but you don't get false positives or lesser.

Jinhee

[Giorgio Catena]

Jinhee, you're perfectly right but also working as you suggest the false positives are not excluded. If there coud be a way to propose a block page for custom categories it would exclude these problems.
This is obviously a suggestion and take it as it is....Nothing more....
Giorgio

[Jinhee]

Does it not work?
Were you not talking about the link from facebook.com?
And what the block page for custome categories?
You want to have a different block page for each category?

Jinhee

[Giorgio Catena]

No Jinhee, what i mean is: i do have custon categories with enabled quotes but several newspaper, assigned to permitted categories, does points also to www.facebok.com or twitter.com using in fact quota time of the user even in he did not go directly to the site by his own decision. From a user point of view it's not correct to count those 'hidden visits' and it's not totally wrong...with an intermediate page with an access approval button the slot won't be consumed by hidden links on pages.
Regards

[Jinhee]

Hi Giorgio,

Follow these steps.

  1. Create a custom category named 'quota_excluded'.

  2. Put facebook and twitter into 'quota_excluded'.

  3. Don't check 'quota_excluded' in you quota-block.

On NxFilter the custom categories come first.
So even if you quota-block 'socialnet' on Shallalist these domains will not consume your quota.

But it's not perfect coz you can't use quota for these embedded domains.
Just block it.
Or you can use group specific free-time to allow those sites for some time in a day.

Currently this is the best.

Jinhee

[Giorgio Catena]

Thanks Jinhee,

this is exactly what I'm doing but due to the false positive I did consider to be useful for you to have this "usage perception" (from a user point of view I mean).
Regards

[mark page]

Everything looks great, my test machine handled about 800K requests today without issue. The templating on the blocked pages is fantastic, but I was wondering why you chose to use replaceFirst rather than replaceAll on the index.jsp for the blocked page template? If you're creating a page with a form and want to show the codes *and* include them as hidden form elements, you have to write the template vars into javascript first.

Thanks,

Mark

[Jinhee]

Hi Mark,

You are 100% right.
We will use replaceAll.

Jinhee

[mark page]

Jinhee,

While I like the ability to do substring matches from the log search, especially for domains, it becomes an issue when resolving problems based on an IP address. A search for "127.0.0.1" becomes "127.0.0.1*" and will return matches for 127.0.0.1 through 127.0.0.199. This is only an issue when troubleshooting and reporting, but an exact search option would be nice -- In your spare time ;-)

BTW, it looks like the "prev" link on the pager at the bottom of the log view is not getting hyperlinked.

Thanks,

Mark

[Jinhee]

Last year some guy asked me about that 'exact matching'.
So I added it already.

  http://nxfilter.org/tutorial.php#gui_logging

Only it's not easy to find it.
I will add it to FAQ.

And that 'prev' like is working.
But I think your expectation is a bit different.
When you click 'next' it jumps up to next 10 pages.
And then you can click 'prev' for jumping to previous 10 pages.

Jinhee

[mark page]

Ha! My bad, RTFM =)

Mark

[Rob Asher]

Had a chance to do some testing with 2.0.5 beta and the exclusion based on keyword seems to be working well.  I only had one issue where it imported groups that should have matched against the keyword but both had users in the group so I wasn't sure if the exclusion was only for empty groups or not?  

I also did some quick tests with my login script against the new API.  It worked very well other than some differences with my script running on OS X and linux.  I'll post the first version of it to the list so others can test/modify it.  Impressive stuff Jinhee.  Good job and thanks! :-)

Rob

[Jinhee]

@Rob

Was it from AD?
I think there's a missing part to deal with primary groups in AD.

Test this one.
Just replace your nxd.jar.

Jinhee

[Rob Asher]

It was samba4 and only a couple of groups. I believe they were something like "Domain Guests" and "Domain Users". I used Domain as a keyword to exclude. I'll test the jar file at work in the morning and let you know.

Regards,
Rob

[Rob Asher]

Replacement nxd.jar worked as expected.  Import exclusions matched perfectly.  Removed both previous groups that were missed by keyword match.  

Rob

[Jinhee]

Thanks for all the testing.
I will release it next week.

Jinhee