Cipafilter Support:
309 517 2022 option 2
Mon - Fri 7 AM - 6 PM CT
RSS Feed
Google Public DNS Issues
Posted by Dan Schuler on 18 March 2016 10:16 AM

Yesterday we identified that Google's Public DNS servers ( & encountered an issue where they began returning either slow or invalid DNS responses. For customers using Google as both their primary and secondary DNS, this may result in websites seeming slow or unresponsive. Our proactive support team has been working to help alleviate the issue on affected customers. If you believe you are experiencing this issue, we suggest changing one of the DNS entries on the Cipafilter to point to another public DNS server, such as those offered by your ISP. 

Read more »

Cipafilter 8.8 Preview
Posted by Dan Schuler on 01 September 2015 02:37 PM

Cipafilter is proud to announce version 8.8 of our device firmware. Our major priorities for this version related to SSL decryption and authentication, two subjects on which we have received tremendous feedback from our customers. However, as always, improvements have been made in a number of areas.

SSL decryption by group and domain

SSL decryption is the best — and sometimes only — way to filter the increasingly secure Web. However, many customers have found it to be a complicated investment. Cipafilter 8.8 improves the flexibility and ease of deployment of SSL decryption in two related ways: First, it is now possible to apply SSL decryption on a per-group basis. This allows organizations to selectively exempt particular groups (such as teachers or application servers) from decryption. In addition, decryption can be applied or exempted for each group on a per Web site basis, allowing you to decrypt only what you want.

Multiple authentication directory services

Previous firmware versions supported only a single authentication directory service, which could be a limitation for larger and more complex environments. With Cipafilter 8.8, we now support any number of authentication back-ends. User log-in attempts will be passed to each service in turn until either one succeeds or they all fail. We continue to support all of the back-end options from previous firmware: Microsoft Active Directory, Apple Open Directory, Novell eDirectory, Google OAuth, and Cipafilter User Manager.

Integration with wireless devices via RADIUS accounting

With the new E-Rate focus on wireless systems, we have added the ability for Cipafilter to integrate with wireless APs such as those provided by Ruckus and Aruba. Cipafilter can be configured to receive authentication events from supported APs via RADIUS accounting, providing a seamless authentication experience for your...
Read more »

Important Changes to Google SafeSearch
Posted by Dan Schuler on 03 June 2015 02:59 PM

Google has announced that it will be making some changes to its SafeSearch feature. Currently, when the “Safe Search Enforcement” box is checked on your Cipafilter, searches are sent to a non-SSL version of Google. This allows your Cipafilter to log search terms, as well as to enforce SafeSearch and perform additional filtering through our Enhanced Safe Search features. Due to abuse by external parties, Google will no longer be supporting non-SSL searches and will soon allow only SSL connections.

What this means for you:

Recent versions of Cipafilter firmware will still be able to enforce Google SafeSearch. However, unless SSL Decryption is enabled, Google’s changes will prevent your Cipafilter from either logging searches or using our Enhanced Safe Search features.

Firmware versions supporting this change:

  • 8.6.3 and newer
  • 8.4.7 and newer


If your Cipafilter is on firmware older than the versions listed above, or if you have any additional questions about Google SafeSearch, please contact the Technical Support team at

Read more »

8.6.6 Released
Posted by Chris Cooper on 20 March 2015 03:32 PM

A new build of 8.6 is now available.

Version 8.6.6 - Friday, March 20, 2015

  • New Feature: 0007324: Significantly improved the memory profile of the content filter.
  • 0007415: Increased the default DHCP lease time to 10 days.
  • 0007405: Corrected a minor typo in the portal SSL guide.
  • 0007237: Corrected an issue with DNS resolution which could lead to premature hot-spare fail-over.
  • New Feature: 0006599: Added a virus detection report to the beta web reporting feature.
  • 0007325: Google OAuth directory authentication now excludes group members whose e-mail addresses are not on the configured Google Apps domain.
  • 0007415: Added place-holders showing the default values on the DHCP Server page's Advanced Configuration tab.
  • 0007396: Corrected a minor file-handling issue on the Log Viewer page.
  • 0007475: Updated Web-interface and portal SSL configuration to mitigate 'FREAK' vulnerability (CVE-2015-0204).
  • New Feature: 0007429: Added Enhanced Safe Search and logging support for Wikipedia, Tumblr, Imgur, and (partially) Pinterest.
  • 0007511: Updated software packages to mitigate several minor OpenSSL vulnerabilities (CVE-2015-0209, et al.)
  • 0007479: The Web-interface news feed now includes blog entries from the Cipafilter website.
  • 0007422: The main Web-interface header now links to the Status page.
  • 0007186: Improved the performance of regular-expression matching in the content filter.
  • 0007344: Improved handling of access tokens for the Google OAuth directory back-end.
  • New Feature: 0007429: Added full Safe Search Enforcement and logging support for Flickr.
  • 0007444: Corrected an issue with IPv6 automatic address assignment which could interfere with DNS resolution and mail delivery.
  • 0007324: Decryption connections between clients...
    Read more »

Introduction to Cipafilter 8.6
Posted by Chris Cooper on 17 February 2015 04:38 PM

Can't see the video? Click Here.

Cipafilter is proud to introduce the latest version of our firmware, 8.6. This release is focused on numerous enhancements that are the direct result of customer feedback. This firmware makes Cipafilter one of the most versatile solutions for Chromebooks and other wireless devices on your network. It also features improvements to troubleshooting tools, log access, and much more! View our 8.6 Feature List here

Enhanced Chromebook Experience

Cipafilter goes the extra mile to make your Chromebook experience easy and painless. Special compatibility options make it a snap to register and authenticate your Chromebooks from behind the content filter. In addition, our Chrome authentication client is a breeze to distribute to your managed Chrome devices via the Google Admin Console, giving you a quick and easy way to tie your devices into your directory service for accountability.

Remote Filter with Clientless Sign On Options

Filtering your device off-site has become even easier. We have added more options to authenticate your mobile and 1-to-1 devices. Prompt  your users with our portal page over proxy settings, have them log in utilizing our new single sign-on option, or even use Google’s front-end to authenticate your users!

Better Tools and Reliability

Customers can now view more logs from the interface. We give you peace of mind with our new troubleshooting tools and hot spare functionality, allowing you to know exactly what your filter is doing and keep you online 24/7.

Customized Anti-Spam

Read more »

CVE-2015-0235 glibc Vulnerability (GHOST)
Posted by Chris Cooper on 28 January 2015 05:10 PM

Qualys recently announced the discovery of a bug (CVE-2015-0235) in the gethostbyname function of the Linux glibc library. This bug is commonly referred to as GHOST. More information on the vulnerability itself can be found on the Qualys Blog


Affected Cipafilter Versions

The following versions of CIPAFilter are affected:

  • 8.6 Release Candidate: 8.6.3 and below
  • 8.4: 8.4.6 and below
  • 8.2: 8.2.56 and below
  • 8.0 and older: All versions affected



The Cipafilter Proactive Maintenance team has been busy hot patching all affected units that can be reached. While we are attempting to reach as many units as possible, it is still recommended to upgrade your firmware to the latest version to ensure the patch is installed. 8.2 and above users may upgrade themselves by visiting the Firmware Updates page on their filter. 8.0 and older users will want to contact support to schedule an upgrade.


If you have any additional questions regarding how GHOST affects your Cipafilter, please feel free to Submit a Ticket.


Read more »

©Cipafilter 2017. All Rights Reserved.