LiveStream 5.3.0 released!

HTTPS Interception

With this release we’ve overhauled how we handle intercepted HTTPS requests.Clients no longer need to install a certificate when connecting to the transparent proxy.

Organisations that wish to decrypt and inspect HTTPS URL paths can still toggle this on, in which case all clients will need to install and trust the proxy’s CA certificate; including connecting to the proxy explicitly.

You'll also find a new Inspection Exception list where you can specify domains not to try inspecting. Use this for services that prevent inspection with advance encryption techniques and for websites you see no value in inspecting such as Internet Banking services.


  • The Dashboard would show all categories as blocked regardless of the actual policy configuration.
  • Fixed some timezone inconsistencies in the back-end.
  • Some domains were being displayed as “com”.
  • Overnight software updates were failing in some cases.
  • Supervisor-bypassed URLs were being added in a scheme-specific way.
  • There was still a way to enable null quotas for a policy.
  • LDAP synchronisation will now be deferred if it’s not connectable.
  • System backups are now compressed as they’re written to disk to avoid large fluctuations in disk usage.
  • It’s no longer possible to create List Groups with the same name but difference case letters.
  • Assigning a new Allowed or Denied list would erroneously return the Categories tab in a Policy Set.
  • Netfox payload transmission will be gracefully deferred if the collector stops responding.
  • Overlapping Squid restarts will no longer be triggered by saving certain system settings.
  • Report period presets were calculating the current and previous week incorrectly.
  • Policy Set switching was getting broken by some duplicate IDs on the Dashboard HTML, in some cases.


  • Prevent the disk cache sizes larger than the system memory can handle.
  • More specific graph data ranges for statistics.
  • HTTPS inspection certificates can now be manually regenerated.
  • Handle URL encoding anomalies a bit better when returning a redirect page.
  • LDAP synchronisation is now faster, more adaptable and less opinionated about weird characters in object names.
  • System backup archives are now ordered by date rather than alphabetically.
  • Significantly faster aggregation of weekly and monthly reporting data.
  • Licence details are synced more frequently to pick up any changes sooner.
  • Better validation and sanitisation of Policy Set names.
  • Improved validation of domain List Group entries
  • The task runner’s status will now be monitored by the system so common problems can be handled.
  • Various improvements to UI help text.

Top Secret

Laying the ground work for a super-cool future feature.