WebMarshal 7.5 Release Notes

Last Revision: October 10, 2023

These notes are additional to the WebMarshal User Guide and supersede information supplied in that Guide.

The information in this document is current as of the date of publication. To check for any later information, please see Trustwave Knowledge Base article Q21182.

Table of Contents

New Features
System Requirements
Upgrade Instructions
Release History

New Features

For more information about additional minor features and bug fixes, see the release history.

Features New in 7.5.5

Updates to Web Filter Database Categories
A new category "Artificial Intelligence" is included. For full information on this and other changes, see Trustwave Knowledge Base article Q21089.
Proxy Caching for HTTPS
Proxy caching now caches static content requested over HTTPS by default. For details of a setting to disable caching of HTTPS content, see Trustwave Knowledge Base article Q21204.
TLS/SSL update
The TLS/SSL library included is updated.
Operating System Support
Windows Server 2012 and 2012R2 are no longer supported. Windows 8 and Windows 8.1 are no longer supported.
SQL Version Support
SQL Server 2022 and 2022 Express are supported. SQL Server 2012 and 2012 Express are no longer supported.

Features New in 7.5.0

X-Forwarded-For Authentication
WebMarshal IP based authentication can use the IP address from the X-Forwarded-For header of the client request. See Trustwave Knowledge Base article Q21183.
Office365 URL Retrieval
WebMarshal retrieves the URL listings for Office365 related sites from Microsoft. These listings are inserted to FileFilter categories. The "All URLs" list can be included in the Proxy Bypass list.

Features New in 7.4.5

Brotli compression support
WebMarshal supports decompression and compression of web requests using the Brotli compression format.
Header Matching
WebMarshal provides a rule condition to match or compare HTTP headers.

Features New in 7.4.1

Google Web Risk support
WebMarshal implements use of the Google Web Risk API as a scan engine.

Features and Changes in 7.4

Syslog Support
WebMarshal can deliver traffic logging to a Syslog server from processing nodes. See Trustwave Knowledge Base article Q21116.
Google Safe Browsing support disabled
The plug-in for Google Safe Browsing support is disabled due to a change in Google Terms of Service. For more information, see Trustwave Knowledge Base article Q21118. Trustwave plans to provide access to Google threat data through the Web Risk API in a future release.

Earlier Feature Enhancements

To review earlier feature enhancement history, see the release notes for earlier WebMarshal versions, available through the Trustwave Knowledge Base.

System Requirements

Hardware required is dependent on the number of concurrent web users and the rules in use. Use of Filtering Lists improves performance. Heavy use of TextCensor decreases performance. Be prepared to adjust specification as required.

Typically a computer with the following specifications is adequate as a processing server for 250-500 concurrent users.

WebMarshal Array Manager, processing servers, and Console require the following software:

Note: Install Windows using the English language version.

Upgrade Instructions

The minimum prior version supported for direct upgrade is 7.4.0. To upgrade from earlier versions, first upgrade to 7.4.0 or above. For details, see release notes for previous product releases.

See the upgrade notes below for version-specific information. For upgrade notes relating to versions prior to 7.4.0, please see earlier Release Note documents available through the Trustwave Knowledge Base.

Upgrade Notes

For upgrade notes relating to versions prior to 7.4, please see earlier Release Note documents available on the Trustwave website.


WebMarshal can be installed in a variety of scenarios. For full information on uninstalling WebMarshal from a production environment, see the WebMarshal User Guide.

To uninstall a trial installation on a single computer:

  1. Close the WebMarshal applications including the Console and Reports on all workstations.
  2. On the WebMarshal server(s), use the Windows Add/Remove Programs control panel to remove WebMarshal.
  3. If you selected a location outside the WebMarshal install folder for files created by WebMarshal (such as Proxy Cache or Configuration Backup), the uninstallation will not remove the files. Delete these files manually if required.
  4. On any other workstations where WebMarshal components were installed, use the Windows Add/Remove Programs control panel to remove them. These components can include WebMarshal console software and older versions of WebMarshal Reports.
  5. You can drop the WebMarshal database from the SQL server by using the SQL Express administration tools.

Release History

The following additional items have been changed or updated in the specific build versions of WebMarshal listed.

7.5.5 (October 10, 2023

WM-5213 Proxy caching supports caching of HTTPS content by default. For details of the setting to disable caching of HTTPS content, see Trustwave Knowledge Base article Q21204.
WM-5354 The default SQL provider is updated to MSOLEDBSQL.
WM-5537 Proxying of M-JPEG content could result in unlimited growth of a temporary file. Fixed.
WM-5715 Validation of certificate chains is improved.
WM-5823 Proxy certificates generated by WebMarshal could have invalid dates if the remote website certificate was misconfigured. Fixed.
WM-5824 Proxying of RTSP over websocket content could result in unlimited growth of a temporary file. Fixed.
WM-5826 In release 7.5.0, messages generated by the "Send email to administrator" rule action were not sent. Fixed.
WM-5827 The TLS/SSL library is updated.
WM-5830 The Web Filter Database includes additional categories.
WM-5848 The PDF unpacking component is updated.
WM-5851 Kaspersky for Marshal is removed from the installer options. This module is no longer sold. Customers must migrate to other scanners before 31 December 2023.
WM-5857 Database connections support SQL Multi-Subnet Failover. For details of the required setting, see Trustwave Knowledge Base article Q21205.

7.5.0 (August 31, 2022)

WM-5727 The Microsoft Office 365 endpoints list is automatically retrieved by WebMarshal and available for use in FileFilter and the Proxy Bypass List.
WM-5734 Administrative notification emails now show the name of the node where the issue was reported.
WM-5735 A new advanced setting allows dynamic update of the IP Group membership of a computer. See Trustwave Knowledge Base article Q21186.
WM-5739 The default value for MaxRuleThreads (filter threads from Proxy to Engine) is reduced to 50. This setting enhances performance by reducing congestion in the Engine.
WM-5741 WebMarshal can now be configured to authenticate and log requests using the IP address presented in the X-Forwarded-For header.
WM-5743 For the avoidance of doubt, Windows authentication used by WebMarshal is no longer referred to as "NTLM". WebMarshal uses the "Negotiate" method and Kerberos is the preferred option. This is a wording change only. The functionality was already present.
WM-5748 Categories deprecated in the Web Filter Database are no longer inserted in new installations. On upgraded installations these categories are renamed, but must be removed manually. See Trustwave Knowledge Base article Q21089.
WM-5777 The Customer Feedback Module (anonymized browsing data) has been disabled.
WM-5786 The TextCensor2 DLL dependencies are updated to more recent versions.
WM-5789 The Engine service could hang in certain circumstances due to a resource deadlock. Fixed.
WM-5791 In-memory caching of CRLs by the Proxy is more efficient.
WM-5793 The TLS/SSL library is updated.
WM-5794 The web download automation component included in the install is updated.
WM-5796 The archive extraction component in the install is updated.
WM-5797 The PDF unpacking component is updated.
WM-5799 The version of Brotli compression support is upgraded.

7.4.5 (February 18, 2021)

WM-5344 The Remote Console (ClickOnce) did not work on client systems with UAC enabled. Fixed.
WM-5510 In release 7.2.0 and above, IP authentication did not work under HTTPS for entries manually created by computer name. Fixed.
WM-5542 Blocked Upload requests were not logged. Fixed.
WM-5676 Brotli compression is supported.
WM-5677 Header Matching and comparison are supported as rule conditions.
WM-5683 Configuration was committed each time the WebMarshal Console was opened. Fixed.
WM-5685 WebMarshal did not correctly validate a HTTPS certificate chain when the original root certificate was expired but another valid chain existed. Fixed.
WM-5686 The policy tester did not work for uploads. Fixed.
WM-5703 A possible memory leak related to certificate handling was identified. Fixed.
WM-5704 When no trusted certificate chain was available, the WebMarshal block page was not served. Fixed.
WM-5705 Ajax requests with very large content in response headers failed. This issue is addressed with an increase in default permitted header size and ability to set allowed header size over all components.
WM-5715 Validation of certificate chains is improved.

7.4.1 (February 4, 2020)

WM-5602 The PDF unpacking component is updated.
WM-5635 The Google Safe Browsing Scan Engine plug-in is removed. The Google Web Risk Scan-Engine plug-in is added.

7.4.0 (November 19, 2019)

WM-5499 In earlier 7.X releases, console connections required the permission "Modify Policy". Fixed: the minimum permissions required are "Console Connect" and "View Policy"
WM-5522 In earlier 7.X releases, adding many URLs to a category concurrently could cause the Controller service to stop. Fixed.
WM-5538 Where no virus scanners were present, the Engine could fail to start due to an uninitialized value. Fixed.

Note: To review change history for earlier versions, please see the Release Notes for the specific version of WebMarshal. All Release Notes are available through the Trustwave Knowledge Base.

Legal Notice

Copyright © 2023 Trustwave Holdings, Inc.

All rights reserved. This document is protected by copyright and any distribution, reproduction, copying, or decompilation is strictly prohibited without the prior written consent of Trustwave. No part of this document may be reproduced in any form or by any means without the prior written authorization of Trustwave. While every precaution has been taken in the preparation of this document, Trustwave assumes no responsibility for errors or omissions. This publication and features described herein are subject to change without notice.

While the authors have used their best efforts in preparing this document, they make no representation or warranties with respect to the accuracy or completeness of the contents of this document and specifically disclaim any implied warranties of merchantability or fitness for a particular purpose. No warranty may be created or extended by sales representatives or written sales materials. The advice and strategies contained herein may not be suitable for your situation. You should consult with a professional where appropriate. Neither the author nor Trustwave shall be liable for any loss of profit or any commercial damages, including but not limited to direct, indirect, special, incidental, consequential, or other damages.


Trustwave and the Trustwave logo are trademarks of Trustwave. Such trademarks shall not be used, copied, or disseminated in any manner without the prior written permission of Trustwave.

About Trustwave®

Trustwave helps businesses fight cybercrime, protect data and reduce security risk. With cloud and managed security services, integrated technologies and a team of security experts, ethical hackers and researchers, Trustwave enables businesses to transform the way they manage their information security and compliance programs. More than three million businesses are enrolled in the Trustwave TrustKeeper® cloud platform, through which Trustwave delivers automated, efficient and cost-effective threat, vulnerability and compliance management. Trustwave is headquartered in Chicago, with customers in 96 countries. For more information about Trustwave, visit https://www.trustwave.com.