BotGuard GateKeeper

Release Notes v1.5.3

The following are release notes for the Blackwall GateKeeper v1.5.3 release. Some features were added, enhancements made, and issues fixed to improve the platform.

Features and Enhancements: GK-236 - New functionality has been added to the GateKeeper API. You can now transfer ownership of websites, servers, and devices between accounts by issuing a PUT request that updates the object user_id. This unlocks smooth handovers (such as agency changes, and consolidations) without manual support, with permission checks, and full auditing to keep moves safe and traceable. Existing endpoints and payloads are unchanged; simply set the new user_id in your PUT to complete the migration. GK-90 - An improvement has been released in terms of DNS validation before certificate issuance. GateKeeper now verifies that all A and AAAA records of a domain point to GateKeeper IPs before issuing or renewing certificates. This prevents certificate failures due to misconfigured DNS (e.g., missing or incorrect AAAA records). GK-305 - A new Magento ruleset has been added, following the same structure and behavior as existing rulesets. This enables consistent handling and configuration for Magento-based environments.

Fixed Issues: GK-318 - BuyPass Certificate Authority (CA) support has been removed and any existing certificates cannot be renewed. Instead Blackwall recommends that you switch either to Lets Encrypt or use custom certificates. GK-203 - An issue has been fixed where the Force redirect from www subdomain to primary domain setting had no effect. When enabled, GateKeeper now issues a permanent redirect (301) from www . to the apex and returns the correct Location header, ensuring proper canonicalization. The change applies to new and existing sites. If the option was already enabled, redirects take effect automatically after deployment (no user action required). GK-300 - A fix has been added to ensure that API-applied custom rules now propagate to servers. Previously an issue existed where custom rules set via the GateKeeper API were not synchronized to BotGuard servers, despite appearing in the dashboard. The sync path and JSON handling are now corrected, so that API updates now persist and apply on nodes without manual intervention. GK-244 - A fix has been provided for an issue where GateKeeper incorrectly reported its private IP, instead of the public-facing IP on AWS EC2 instances. This was due to NAT-based networking. The system now correctly identifies and uses the public IP address. GK-333 - Previously, on fresh GateKeeper instances (e.g., Vultr), when adding a new domain, it could hang and never reach an Online status. Sometimes this required hosts-file edits and service restarts to get it Online. A fix has been released, so that provisioning now completes automatically without manual steps, and the Add subdomains prompt no longer blocks activation.

Release Notes v1.5.0

Features and Enhancements: GateKeeper API: GK-41 - Blackwall is pleased to introduce the first General Availability version of our application load-balancing GateKeeper API, with support for multi-tenant management. This API provides hosting partners, SaaS users, and integration developers with a programmatic interface to manage users, websites, and settings. This mirrors all key features available in the Blackwall dashboard. It also supports a reseller model, with master and sub-account hierarchies for scalable, delegated access. Significant enhancements have been made to the beta version previously released to a limited user group and feedback provided has been incorporated into this GA version. For example, a website custom rules API editor has been added, and the ability to get event logs for all Gatekeeper API schemas - user, device, server, and website. GK-184 - A new feature has been added, introducing read-only event log API endpoints for users, devices, servers, and websites. This feature adds support for retrieving event log record via new GET endpoints, enabling clients to fetch event data scoped to specific resources; for example, /user/{user_id}/events, or /device/{device_id}/events. The API supports filtering by time range and other rule-based parameters, providing flexible access for auditing, analysis, and integrations. GK-136 - Added a possibility to get event logs for all Gatekeeper API schemas (user, device, server, website). GK-139 - Logout functionality has been added to the GateKeeper dashboard. Users can now securely log out of the GateKeeper UI. This feature enhances session control and aligns authentication behaviour across the Blackwall platform. GK-58 - Added support for light mode in the GateKeeper platform UI, enabling users to toggle between dark mode and light mode based on personal visual preference or environment. Previously, only dark mode was available. GK-51 - A new Early Hints feature has been added to help users optimize their websites, whether using the Blackwall GateKeeper user interface (UI) or our GateKeeper API. HTTP header 103 support has been added along with the corresponding web application acceleration logic, by implementing a module for nginx and using it in GateKeeper. This added feature significantly improves browser page load performance, leading to a smoother browsing experience.

Fixed Issues: GK-144, GK-199, and GK-138 - The nginx-stat-module has been replaced with the status-nginx-module to prevent OOM crashes during frequent Nginx reloads. By replacing it with the more stable status-nginx-module, GateKeeper now supports safe and reliable configuration reloads, even under high-frequency update cycles. GK-195 - A fix has been created for an issue preventing domains without IPv6 addresses from being added via API. Previously, domains that only had IPv4 (or only IPv6) addresses were incorrectly rejected when added through the API. This fix correctly distinguishes between a missing IPv6 address and an invalid one, allowing valid domains with single-stack configurations to be registered and function as expected.

1.4.3 LB API add website bugfix, prevent certificate issuing for invalid websites 1.4.2 Implemented LB API mTLS auth, first boot initialization scripts updated, fixed website apply config on edit issue, fixed nginx: [emerg] no servers are inside upstream issue 1.4.1 SSH config issue on uninstall resolved, embedded terminal issue on first login resolved, added wildcard subdomain support 1.4.0 GateKeeper API server and a lot of performance improvements 1.3.3 SSL certificate management improvements, Debian updated to 12.6 (CVE-2024-6387 fixed), High CPU usage issue fixed 1.3.2 Nginx 1.27.0 1.3.1 BotGuard nginx module updated to 1.4.2 1.3.0 Transparent JavaScript challenges are supported, TCP BBR optimization applied, Nginx updated to 1.25.5, OpenSSL updated to 3.0.13, ZSTD compression support added, UI bug fixes 1.2.2 Fixed issue with Apache HTTP2 upstreams (Safari cannot open the page xxx because the server unexpectedly dropped the connection) 1.2.1 Debian 12.2.0, Nginx 1.25.2, added upstream patch for CVE-2023-44487 1.2.0 Debian 12, Nginx 1.25.1, OpenSSL 3.0.9. Optimized rate limits 1.1.6 Nginx 1.25.0, switch to 1.1.1.1 dns resolver by default (8.8.8.8 has limits) 1.1.3 Nginx 1.23.3 (mainline), OCSP stapling fixes, cache optimization 1.1.2 Fix for SSL upstreams with SNI, display number of blocked IP addresses in dashboard 1.1.1 Optimized Nginx performance 1.1.0 External Redis support for clustering purposes, tuning limits 1.0.2 OpenSSL upgraded to 3.0.7 version with security bugfix 1.0.1 Nginx settings tune and logrotate fix 1.0.0 Initial release