Article delegate-en <_A3403@delegate-en.ML_>
  upper oldest olders older1 this newer1 newers latest
[Top/Up] [oldest] - [Older+chunk] - [Newer+chunk] - [newest + Check]
[delegate-en/3403] [Reference:<_A3303@delegate-en.ML_>]
Newsgroups: mail-lists.delegate-en

[DeleGate-En] DeleGate/9.2.3 (BETA) -- Man-In-The-Middle proxy, syslog support, faster CFI, fixes for FTP and Windows
16 Jul 2006 00:17:47 GMT (Yutaka Sato)
The DeleGate Project

Dear DeleGate users,

I inform you of the new release of DeleGate available as follows:
 DeleGate/9.2.3 (BETA) -- Man-In-The-Middle proxy, syslog support, faster CFI, fixes for FTP and Windows

- sending syslog to multiple syslog servers (with SYSLOG="syslog//host:port")
- relaying HTTPS/SSL in Man-In-The-Midle mode (with STLS="mitm")
- passing through without checking HTTPS/SSL to Windows Update by default
- faster CFI removing delay around process creation, especially on Windows
- fixed file-handle jamming which can cause "abort" or empty data on Windows

+ sending syslog to multiple syslog servers (with SYSLOG="syslog//host:port")

  Basic functionality for syslog control were built-into DeleGate/9.2.3.
  The simplest way to enable syslog is:


  It enables sending LOGFILE (the detailed logfile of the activity of
  DeleGate) and PROTOLOG (access log as common-logfile for HTTP or xferlog
  for FTP) to the local logger on the host. 

+ relaying HTTPS/SSL in Man-In-The-Midle mode (with STLS="mitm")

  Peeping the encrypted communication in HTTPS/SSL as a HTTP proxy becomes
  necessary in several situations. If the peeping is done by stealth by a
  malicious third party, it should be prevented as Man-In-The-Middle attack.
  But if it is done by the same party including the user of the client, it
  can be a useful feature.
  Configuring DeleGate as a HTTP proxy to do such peeping has become easy
  in the version 9.2.3, with a STLS option just as:


  By this option, all of HTTPS/SSL communications relayed on it become
  peepable.  The following is an example of a HTTP proxy to peep the
  HTTPS/SSL request messages toward the server.

      delegated -v -P8080 SERVER=http STLS=mitm FTOSV=-tee-n

  SITE: <URL:>
  FILE: delegate9.2.3.tar.{gz,bz2}
  DATE: Jul 16 06:30 JST 2006
  TAR-SIZE: 5928960 bytes
  TAR-MD5:  1c2b9964fe3a0c5bdaa4636f8d037d66

 * SYSLOG: supported sending syslog to multiple SYSLOG=syslog//host:port
 + SYSLOG: enabled SYSLOG=-vs,-vh,file:/path
 + SYSLOG: enabled bind. syslog src. port. as SRCIF=:514:syslog
 * MITM/STLS/HTTP: introduced STLS="mitm" Man-In-The-Midle mode
 + MITM/STLS/HTTP: spot MITM by STLS=-mitm + ""
 + MITM/STLS/HTTP: supported Proxy-Authorization in MITM mode
 + FTP: enabled FTPCONF=noport for client
 + FTP: added announcement of "AUTH TLS" to FEAT command
 + FTP: supported caching MLST and MLSD response
 + FTP: added Unique=B64(dev,ino) fact to MLST/MLSD resp.
 + CFI: removed the delay by msleep(100) for CFI on Win
 + CFI: don't insert pre-filter for FTOCL of CFIscript (Win)
 + CFI: don't use a command shell by system() if unncessary
 + HTTP: delayed inserting (possibly unnecessary) CFI until response relay
 + HTTP: HTTPCONF=bugs:no-cfi-delay to force immediate CFI insertion
 + HTTP: HTTPCONF=bugs:do-pre-filter to force "pre-filter"
 + general: supported Notify-Mail on ABORT in the initialization phase
 + general: introduced internal log in the initizlization phase
 + general: introduced "virtual node" with file stat (by facts of MLST)
 + general: check ports before being a service to be blocked (Win)
 + general: introduced file copying suppressing identical one
 + general: all directories in symlink chain of executable into LIBPATH
 + general: -vT3 -vT6 ... for log. time stamp in milli/micro seconds
 + general: stopped repetitive search for gzip.exe on spawn (Win)
 + general: tracing socket/descriptor mapping by -ds option (Win)
 + MOUNT: introduced "vurl:URL" in rURL for recursive MOUNT
 + auth: enabled AUTHORIZER=authServ({user:pass@host:port})
 + auth: enabled AUTHORIZER=authServ(user) + AUTH=admin::user
 + DNS: wildcard "*" in host-name in /etc/hosts
 + DNS: introduced "unknown::*.domain"

 + general: changed to use vsnprintf() instead of snprintf()
 + general: moved service start log to TEMP/delegate/ (Win)
 + HTTP: added
 + HTTP: relay gzip encoded text as a binary from the start
 + general: CountUp log be optional (can be activated by COUNTER=do,debug)
 + general: convert DGROOT=rel-path to abs-path in argv[] (Win)
 + general: pass DGROOT=abs-path in argv[] to childlen (Win)
 + general: substituion of ${EXECDIR} in DGPATH, DATAPATH, SUBIN, ...
 + general: Peek() recv(MSG_PEEK) on MacOSX (Darwin8)

 * Win: fixed file-descriptor jam (can cause ABORT) after fclose(socket) on Win
 + FTP: escaping response code (inserting SP) in message from server
 + FTP: coped with commands with relative-path arg. on virtual-dir.
 + FTP: set "asproxy" (exit stab mode) after MLST //serv + CWD //serv (9.2.2)
 + FTP: suppressed "recvPeek: failed: 0" flood in LOGFILE
 + FTP: fixed to hold virtual CWD in switchings by non-CWD
 + FTP: virtualized the real-path returned in MLST response
 + FTP: fixed listing symbolic links in MLSD 
 + FTP: fixed proxying by "USER user@server" (9.2.2)
 + FTP: fixed SERVER=ftp://server (disabled in 9.2.2)
 + HTTP: don't reuse cache/Keep-Alive if no PERMIT matched with AUTHORIZER
 + HTTP: enabled @Realm even for -none or -any
 + HTTP/HTTPS-GW: broken header erasing Cookie "Secure" flag
 + HTTP: suppressed fwrite() in caching "takeover"mode for text
 + HTTP: fixed automatic MovedTo from "url" to "url/" by MOUNT="http://* ..."
 + CFI: fixed possible SEGV with CFI on fileno(NULL)
 + CCX: fixed broken char-code conv. for UTF-8 and EUC (9.2.0-pre7)
 + DNS: resolving a hostname including "_" (9.2.0)
 + Linux: close tty/stdin to be a daemon (for SSH+Linux)
 + general: enabled DGROOT="../dir"
 + general: loading ${EXECNAME}.conf on Win (with .exe)
 + general: finding EXECDIR of self in PATH
 + general: don't check the ${EXECNAME}.conf for every "DeleGate" (8.9.6/Win)

  9 9   Yutaka Sato <>
 ( ~ )  National Institute of Advanced Industrial Science and Technology
_<   >_ 1-1-4 Umezono, Tsukuba, Ibaraki, 305-8568 Japan
Do the more with the less -- B. Fuller

  admin search upper oldest olders older1 this newer1 newers latest
[Top/Up] [oldest] - [Older+chunk] - [Newer+chunk] - [newest + Check]