Hi,
thank's for your advice ...
... my config is like following now :
squid-2.4.x ( running on 3128 )
dansguardian ( running on 8080 )
prevent direct connections to 3128 with iptables
haven't configured about the web-interface but I think it's working ...
dansguardian.conf :
filterip = myinternalip ( not loopback )
prxyip = 127.0.0.1
I think it's working now correctly ... have added
application/pdf
to "/etc/dansguardian/bannedmimetypelist" and wasn't able to open such
files anymore ...
Regards / Mit freundlichen Grüßen
Bruno Leonhardt
CLP Domino R5 Systemadministrator
-----------
AnalyTek Systemhaus
Hospital Str. 2a
D-65589 Hadamar
Telefon : 06433/81403-15
Telefax : 06433/81403-40
Besuchen Sie uns im Internet unter : http://www.analytek.de
"Philippe Vogel"
Have the problem, that if I deny images/* - the site will be displayed anyway ... ... and if I deny .gif's - file-extension , the whole site won't be displayed ...
This makes no sense! If you ban something, the whole site page with that content will be banned.
... it's even not working if I say in
/etc/dansguardian/bannedmimitypelist
:
application/*
... have loaded an pdf-file directly over http ...
why isn't that working have the port of DansGuardian set to 8080 and so in my client in proxy-configuration ...
Dansguardian needs following: webserver, firewall, squid First setup squid correctly. e.g. set squid to 3128 and dansguardian to 8080. let dansguardian use suid on 3128 and add the line "Firewall-Server" should be setup like this: internal net <-> Dansguardian <-> udp_outgoing_address <external ip firewall> <-> Squid <-> udp_incoming_address <internal ip firewall> <-> internet 1) setup squid to udp_outgoing_address <external ip> udp_incoming_address <internal ip> 2) setup dansguardin to listen on 8080 on internal ip (look at bottom of this mail) 3) copy files to apache and configure it running on your host copy danguardian.pl to /usr/local/httpd/cgi-bin and chown root:root chmod 755 4) setup firewall to redirect traffic from internal to external /etc/rc.config.d/firewall2.rc.conf #9.) FW_SERVICES_EXT_TCP="" FW_SERVICES_EXT_UDP="" FW_SERVICES_INT_TCP="80 8080" <- add here what you want to be let throug too FW_SERVICES_INT_UDP="80 8080" <- add here what you want to be let throug too #15.) FW_REDIRECT="$YOUR_LAN,0/0,tcp,80,8080" $YOUR_LAN should look like $YOUR_LAN="192.168.168.0/24" for all ip's from 192.168.168.0 - 255 5) block all incoming Traffic from extern to 8080 firewall (local access from the firewall to external must be allowed) block all incoming traffic from internal to 3128 on firewall NO rules set for this ports in FW_SERVICES_INT and FW_SERVICES_EXT Dansguardian: Expressions for your lan could be 192.168.168.0/24 for all IP's within 192.168.168.0 - 255 $IPTABLES should contain the full path to iptables! Configure the blocktypes and only block URLs! Block Extensions only for malicious code. I use: .ade .adp .bas .bat .cab .chm .cmd .com .cpl .crt .dll .eml .hta .ins .isp .lnk .mdb .mde .msc .msi .msp .mst .ocx .pcd .pif .reg .url .vb .vbe .vbs .wsc .wsf .wsh As for Windows 2000 typical scripts/programms are executed as well with other extensions! For URL-blocking there are several uptodate lists on the dansguardian homepage. I only block porno-content. Even here is a funny thing. I blocked expressions, so assh***.jpg was banned or a page on ebay was blocked because of a "false" meta-tag! So setup expressionlist to your delight or do not use it. It is not easy to get it running to your delight in 5 minutes. You have to modify rules until the filter works fine! It took me a week to get it working fine. Don't forget to restart squid and dansguardian to take changes affect! Philippe P.S.: #<file dansguardian.conf> htmltemplate = /etc/dansguardian/template.html filterip = yourinternalserverip filterport = 8080 proxyport = 3128 proxyip = 127.0.0.1 accessdeniedaddress = http://yourwebserver/cgi-bin/dansguardian.pl bannedphraselist = /etc/dansguardian/bannedphraselist banneduserlist = /etc/dansguardian/banneduserlist bannediplist = /etc/dansguardian/bannediplist bannedextensionlist = /etc/dansguardian/bannedextensionlist bannedmimetypelist = /etc/dansguardian/bannedmimetypelist bannedsitelist = /etc/dansguardian/bannedsitelist bannedurllist = /etc/dansguardian/bannedurllist bannedregexpurllist = /etc/dansguardian/bannedregexpurllist exceptionphraselist = /etc/dansguardian/exceptionphraselist exceptionsitelist = /etc/dansguardian/exceptionsitelist exceptionuserlist = /etc/dansguardian/exceptionuserlist exceptioniplist = /etc/dansguardian/exceptioniplist exceptionurllist = /etc/dansguardian/exceptionurllist weightedphraselist = /etc/dansguardian/weightedphraselist picsfile = /etc/dansguardian/pics maxuploadsize = -1 #maxchildren = 120 maxchildren = 240 weightedphrasemode = 2 naughtynesslimit = 50 logexceptionhits = on showweightedfound = on reverseaddresslookups = createlistcachefiles = on usernameidmethodproxyauth = off usernameidmethodident = forwardedfor = logconnectionhandlingerrors = on logfileformat = 1 reportinglevel = 3 #</file>