Dansguardian: Difference between revisions
Jump to navigation
Jump to search
Line 11: | Line 11: | ||
== Install == |
== Install == |
||
* |
* See http://blog.bodhizazen.net/linux/web-content-filtering-made-easy/ |
||
* Install {{deb|dansguardian}} along with {{deb|privoxy}} |
|||
sudo apt-get install dansguardian privoxy |
|||
* Edit {{file|/etc/privoxy/config}}: |
|||
<source lang=diff> |
|||
-listen-address localhost:8118 |
|||
+listen-address 127.0.0.1:8118 |
|||
</source> |
|||
* Restart {{deb|privoxy}} |
|||
sudo service privoxy force-reload |
|||
* Edit {{file|/etc/dansguardian/dansguardian.conf}} |
|||
<source lang=diff> |
|||
-UNCONFIGURED - Please remove this line after configuration |
|||
- |
|||
-proxyport = 3128 |
|||
+proxyport = 8118 |
|||
</source> |
|||
* Start {{deb|dansguardian}} |
|||
sudo service dansguardian start |
|||
* Enable ufw |
|||
sudo ufw enable |
|||
* Edit iptable (using ufw). Edit {{file|/etc/ufw/before.rules}}: |
|||
<source lang=diff> |
|||
-A ufw-before-output -o lo -j ACCEPT |
|||
+#-A ufw-before-output -o lo -j ACCEPT |
|||
+# Rules for Dansguardian |
|||
+ |
|||
+-A ufw-before-output -m owner --uid-owner root -j ACCEPT |
|||
+-A ufw-before-output -p tcp -m multiport --dports 80,443 -m owner --uid-owner privoxy -j ACCEPT |
|||
+-A ufw-before-output -p tcp -m multiport --dports 80,443 -j DROP |
|||
+-A ufw-before-output -o lo -p tcp -m tcp --dport 8118 -m owner --uid-owner dansguardian -j ACCEPT |
|||
+-A ufw-before-output -o lo -p tcp -m tcp --dport 8118 -m owner --uid-owner baddreams -j ACCEPT |
|||
+-A ufw-before-output -o lo -p tcp -m tcp --dport 8118 -j DROP |
|||
+-A ufw-before-output -o lo -j ACCEPT |
|||
# don’t delete the ‘COMMIT’ line or these rules won’t be processed |
|||
COMMIT |
|||
</source> |
|||
* Edit iptable (using ufw). Edit {{file|/etc/ufw/before6.rules}}: |
|||
<source lang=diff> |
|||
-A ufw6-before-output -o lo -j ACCEPT |
|||
+#-A ufw6-before-output -o lo -j ACCEPT |
|||
+# Rules for Dansguardian |
|||
+ |
|||
+-A ufw6-before-output -m owner --uid-owner root -j ACCEPT |
|||
+-A ufw6-before-output -p tcp -m multiport --dports 80,443 -m owner --uid-owner privoxy -j ACCEPT |
|||
+-A ufw6-before-output -p tcp -m multiport --dports 80,443 -j DROP |
|||
+-A ufw6-before-output -o lo -p tcp -m tcp --dport 8118 -m owner --uid-owner dansguardian -j ACCEPT |
|||
+-A ufw6-before-output -o lo -p tcp -m tcp --dport 8118 -m owner --uid-owner baddreams -j ACCEPT |
|||
+-A ufw6-before-output -o lo -p tcp -m tcp --dport 8118 -j DROP |
|||
+-A ufw6-before-output -o lo -j ACCEPT |
|||
# don’t delete the ‘COMMIT’ line or these rules won’t be processed |
|||
COMMIT |
|||
</source> |
|||
* Reload rules |
|||
sudo ufw reload |
|||
* Configure the proxies |
|||
<source lang=bash> |
|||
export http_proxy=’localhost:8080′ # For children (apply as children user proxy, firefox proxy, etc) |
|||
export http_proxy=’localhost:8118′ # For parents, or system-wide proxy (apt-get) |
|||
</source> |
|||
== Configuration == |
== Configuration == |
Revision as of 22:27, 30 March 2014
Reference
- Documentation
- Install tutorials
- Web content filtering made easy - Shadows of epiphany
- dansguardian (on contribs.org)
- DansGuardian (ubuntu.com)
Install
- See http://blog.bodhizazen.net/linux/web-content-filtering-made-easy/
- Install dansguardian along with privoxy
sudo apt-get install dansguardian privoxy
- Edit /etc/privoxy/config:
-listen-address localhost:8118
+listen-address 127.0.0.1:8118
- Restart privoxy
sudo service privoxy force-reload
- Edit /etc/dansguardian/dansguardian.conf
-UNCONFIGURED - Please remove this line after configuration
-
-proxyport = 3128
+proxyport = 8118
- Start dansguardian
sudo service dansguardian start
- Enable ufw
sudo ufw enable
- Edit iptable (using ufw). Edit /etc/ufw/before.rules:
-A ufw-before-output -o lo -j ACCEPT
+#-A ufw-before-output -o lo -j ACCEPT
+# Rules for Dansguardian
+
+-A ufw-before-output -m owner --uid-owner root -j ACCEPT
+-A ufw-before-output -p tcp -m multiport --dports 80,443 -m owner --uid-owner privoxy -j ACCEPT
+-A ufw-before-output -p tcp -m multiport --dports 80,443 -j DROP
+-A ufw-before-output -o lo -p tcp -m tcp --dport 8118 -m owner --uid-owner dansguardian -j ACCEPT
+-A ufw-before-output -o lo -p tcp -m tcp --dport 8118 -m owner --uid-owner baddreams -j ACCEPT
+-A ufw-before-output -o lo -p tcp -m tcp --dport 8118 -j DROP
+-A ufw-before-output -o lo -j ACCEPT
# don’t delete the ‘COMMIT’ line or these rules won’t be processed
COMMIT
- Edit iptable (using ufw). Edit /etc/ufw/before6.rules:
-A ufw6-before-output -o lo -j ACCEPT
+#-A ufw6-before-output -o lo -j ACCEPT
+# Rules for Dansguardian
+
+-A ufw6-before-output -m owner --uid-owner root -j ACCEPT
+-A ufw6-before-output -p tcp -m multiport --dports 80,443 -m owner --uid-owner privoxy -j ACCEPT
+-A ufw6-before-output -p tcp -m multiport --dports 80,443 -j DROP
+-A ufw6-before-output -o lo -p tcp -m tcp --dport 8118 -m owner --uid-owner dansguardian -j ACCEPT
+-A ufw6-before-output -o lo -p tcp -m tcp --dport 8118 -m owner --uid-owner baddreams -j ACCEPT
+-A ufw6-before-output -o lo -p tcp -m tcp --dport 8118 -j DROP
+-A ufw6-before-output -o lo -j ACCEPT
# don’t delete the ‘COMMIT’ line or these rules won’t be processed
COMMIT
- Reload rules
sudo ufw reload
- Configure the proxies
export http_proxy=’localhost:8080′ # For children (apply as children user proxy, firefox proxy, etc)
export http_proxy=’localhost:8118′ # For parents, or system-wide proxy (apt-get)
Configuration
To reload dansguardian configuration:
sudo service dansguardian force-reload
- Fix banned url regex. Edit /etc/dansguardian/lists/bannedregexpurllist
-(sex|fuck|boob|...)+.*(\.jpg|\.wmv|\.mpg|\.mpeg|\.gif|\.mov)
+(sex|fuck|boob|...)+.*(\.jpg|\.wmv|\.mpg|\.mpeg|\.gif|\.mov)$
- Hide error message when blocked. Edit file /etc/dansguardian/languages/ukenglish/template.html (or any other language in use)
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL was not found on this server.</p>
<hr>
<address>Apache/2.2.22 Server</address>
</body></html>
- Disable anti-virus
- In dansguardian.conf, uncomment
#contentscanner = '/etc/dansguardian/contentscanners/clamdscan.conf'
- In dansguardianf1.conf, adapt line as follow:
disablecontentscan = off
- To disable it, do the opposite, i.e., comment first line, and set
disablecontentscan = on
.
- Adapt
naughtyness_limit
if necessary
- See [3]
- White-list some sites
- Add them to /etc/dansguardian/lists/exceptionsitelist (see[4])
- Site to white-list:
mail.yahoo.com mail.yimg.com
- ... or grey-list some sites
- There are sites that are still keyword filtered
- Add them to /etc/dansguardian/lists/greysitelist
- Fetch up-to-date black-list
- From urlblacklist.com
- Requires to explicit allow / forbid some categories (see [5])
- ... note that even though list can be easily downloaded, urlblacklist.com is a commercial service (and quite expensive in fact).
Troubleshooting
- See log files
- View /var/log/dansguardian/access.log
- Search for keywords like
*DENIED*
— these explains in detail why a page is denied access. - More information here
- Advanced troubleshooting
- See [6]