624
edits
Changes
From SME Server
Jump to navigationJump to searchrearranged filter groups section & improved text & layout generally
===Modifying Dansguardian configuration===
===Modifying Dansguardian configuration===
You need to manually modify configuration files /etc/dansguardian/dansguardian.conf and /etc/dansguardian/dansguardianf1.conf and /etc/dansguardian/dansguardianf2.conf and /etc/dansguardian/dansguardianf3.conf and so on depending on the number of filter groups you wish to have.
You need to manually modify various configuration files.
As a minimum the following basic changes need to be made:
pico -w /etc/dansguardian/dansguardian.conf
pico -w /etc/dansguardian/dansguardian.conf
You will initially need to change:
You will initially need to change:
accessdeniedaddress = 'http://YOURSERVER.YOURDOMAIN/cgi-bin/dansguardian.pl'
for example to
accessdeniedaddress = 'http://www.mydomain.com/cgi-bin/dansguardian.pl'
Make any other required changes to suit your situation by carefully reviewing the other setting possibilities
To save & exit
Ctrl o
Ctrl x
pico -w /etc/dansguardian/dansguardianf1.conf
You may initially need to change (to suit adult level of protection)
naughtynesslimit = 50
to
naughtynesslimit = 160
(or even 250 or 300 depending on your sensitivity/tolerance requirements)
Make any other required changes to suit your situation by carefully reviewing the other setting possibilities
Make any other required changes to suit your situation by carefully reviewing the other setting possibilities
Ctrl o (to save)
Save & exit
Ctrl o
Ctrl x
If you have additional filter groups, then additional configuration files will need to be created and modified. See section on "Filter Groups and Auth login" below.
====Modifying other Dansguardian configuration files====
You will need to change other config files to suit your site requirements:
You can read information in the beginning of each config file that explains usage & syntax
These are located in
/etc/dansguardian/lists...
/etc/dansguardian/lists/f1/...
& so on and subfolders
eg
pico -w /etc/dansguardian/lists/f1/bannedextensionlist
make the required changes
Ctrl o
Ctrl x
Most users will need to change these 4 files as a minimum
bannedextensionlist
bannedsitelist
bannedurllist
exceptionsitelist
You should review ALL the dansguardian config files in /etc/dansguardian/lists and subfolders as part of your initial Dansguardian setup.
Some of the default settings in these files will prevent access to certain web sites and file types, which may conflict with your site requirements. See more details on the [[:Dansguardian/ConfigFiles]] page of this Howto or at http://dansguardian.org
====Modifying the default html error message page====
You may initially need to change (to suit adult level of protection)
You may also want to tailor the html template for the error message displayed when Dansguardian blocks a site, see
/etc/dansguardian/languages/(languagename)/template.html
eg
pico -w /etc/dansguardian/languages/ukenglish/template.html
====Filter Groups and Auth login====
Dansguardian supports filter groups, which allow web access control of users based on filter group membership. Different users can have different access rights, and to achieve this each filter groups configuration files are configured with different access rights. Users are made members of the required filter group by editing /etc/dansguardian/lists/filtergroupslist
When you open a web browser you get asked to login with a username & password.
Depending on the users group membership they get filtered or unfiltered access.
For additional information on filtering users access rights based on group membership (in conjunction with Auth login), see http:/dansguardian.org
In order to use filter groups, you must be using one of the Auth login methods.
If you wish to authenticate users when opening a browser using pam auth method, then you will need to disable Transparent Proxy as it is not compatible with this method.
Issue the following command
config setprop squid Transparent no
expand-template /etc/squid/squid.conf
sv t /service/squid
Doing the above will also require you to manually specify the proxy settings in your browser, so you will need to add the server IP eg 192.168.1.1 and port 8080 for the proxy setting
You cannot have pam auth enabled and Transparent Proxy set to yes.
Issue one of the following commands to enable the type of Auth login required, which will then permit the configuration & use of Filter Groups
config setprop squid RequireAuth pam
config setprop squid RequireAuth nsca
config setprop squid RequireAuth ident
To enable any of the above settings do
expand-template /etc/squid/squid.conf
sv t /service/squid
When using Filter Groups, a typical situation may have:
Filter Group 1 - standard users (standard access rights)
Filter Group 2 - blocked users (no access)
Filter Group 3 - guest users (limited access rights)
Filter Group 4 - power users (more generous access & file download rights)
Filter Group 5 - admin users (unlimited access)
To create the additional filter group configuration files and folders do
cp /etc/dansguardian/dansguardianf1.conf /etc/dansguardian/dansguardianf2.conf
cp /etc/dansguardian/dansguardianf1.conf /etc/dansguardian/dansguardianf3.conf
cp /etc/dansguardian/dansguardianf1.conf /etc/dansguardian/dansguardianf4.conf
cp /etc/dansguardian/dansguardianf1.conf /etc/dansguardian/dansguardianf5.conf
cp -R /etc/dansguardian/lists/f1 /etc/dansguardian/lists/f2
cp -R /etc/dansguardian/lists/f1 /etc/dansguardian/lists/f3
cp -R /etc/dansguardian/lists/f1 /etc/dansguardian/lists/f4
cp -R /etc/dansguardian/lists/f1 /etc/dansguardian/lists/f5
(which will include all subfolders and files)
Then edit & save the various main configuration files
pico -w /etc/dansguardian/dansguardianf2.conf
and change all instances of f1 to f2 in filename locations
pico -w /etc/dansguardian/dansguardianf3.conf
and change all instances of f1 to f3 in filename locations
pico -w /etc/dansguardian/dansguardianf4.conf
and change all instances of f1 to f4 in filename locations
pico -w /etc/dansguardian/dansguardianf5.conf
and change all instances of f1 to f5 in filename locations
Edit & save the main dansguardian configuration file to setup filter groups
pico -w /etc/dansguardian/dansguardian.conf
Configure the following settings as shown
#Filter group options
filtergroups = 5
(or however many filter groups you want to have)
#Auth plugins
authplugin = '/etc/dansguardian/authplugins/proxy-basic.conf'
(leave other possibilities with # at start of line)
Edit Filter Group 1 main configuration file
pico -w /etc/dansguardian/dansguardianf1.conf
Configure the following settings as shown
#Filter group mode
groupmode = 1
#Filter group name
groupname = 'Standard Users'
Edit & save Filter Group 2 main configuration file
pico -w /etc/dansguardian/dansguardianf2.conf
Configure the following settings as shown
#Filter group mode
groupmode = 0
#Filter group name
groupname = 'Blocked Users'
Content filtering files location
change all these to show f2 in the location path
change all other occurrences of f1 to f2 in file paths
Edit & save Filter Group 3 main configuration file
pico -w /etc/dansguardian/dansguardianf3.conf
Configure the following settings as shown
#Filter group mode
groupmode = 1
#Filter group name
groupname = 'Guest Users'
Content filtering files location
change all these to show f3 in the location path
change all other occurrences of f1 to f3 in file paths
Edit & save Filter Group 4 main configuration file
pico -w /etc/dansguardian/dansguardianf4.conf
Configure the following settings as shown
#Filter group mode
groupmode = 1
#Filter group name
groupname = 'Power Users'
Content filtering files location
change all these to show f4 in the location path
change all other occurrences of f1 to f4 in file paths
Edit & save Filter Group 5 main configuration file
pico -w /etc/dansguardian/dansguardianf5.conf
Configure the following settings as shown
#Filter group mode
groupmode = 2
#Filter group name
groupname = 'Admin Users'
Content filtering files location
change all these to show f5 in the location path
change all other occurrences of f1 to f5 in file paths
Edit & save the Filter Groups List file to add details of users and their group membership
All users are automatically members of Filter Group 1, so you only need to add details of users who are in other groups.
pico -w /etc/dansguardian/lists/filtergroupslist
add entries for users who are members of other filter groups, use this format
username=filtergroupnumber
for example
ray=filter2
george=filter3
mary=filter4
peter=filter5
and so on.
Filter group 2,3,4 & 5 settings override filter group 1 settings.
Restart dansguardian for changes to take effect
/etc/init.d/dansguardian restart
You can create as many groups as you want, using similar steps as above.
Each group can have different levels of filtering eg different exceptionlists and naughtyness limits etc.
/etc/dansguardian/lists/f1/...
edit the exception and banned lists in
pico -w /etc/dansguardian/lists/f2/exceptionsitelist
etc etc
and in each other group list structure eg f3, f4 & f5
Where f2 is a blocked group then setting changes to exception & other lists for that group will have no effect.
Where f5 is a unfiltered group then setting changes to exception & other lists for that group will have no effect.
====Other Dansguardian Config Files====
====Other Dansguardian Config Files====
There are many other config files, including but not limited to the ones in this appendix
There are many other config files, including but not limited to the ones in this appendix
[[:Dansguardian/ConfigFiles]]
[[:Dansguardian/ConfigFiles]]
