| View previous topic :: View next topic |
| Author |
Message |
mcuddy
n00b
Joined: 06 Dec 2004
Posts: 71
|
 Posted: Mon Dec 01, 2008 11:50 pm Post subject: Dansguardian accessdeniedaddress |
 |
|
I have a computer I intend to use as a firewall and content filter for a school. I have installed guarddog and dansguardian. No proxy or hosting software. When I try to start dansguardian, I get :
# /etc/init.d/dansguardian start
* Starting DansGuardian ...
Error connecting to parent proxy
commenting out the accessdeniedaddress line of dansguardian.conf gives me:
# /etc/init.d/dansguardian start
* Starting DansGuardian ...
accessdeniedaddress setting appears to be wrong.
I changed the line to:
accessdeniedaddress = '/usr/share/dansguardian/dansguardian.pl'
with the same result.
What can I do? Do I have to add a proxy and web hosting?
| Code: |
# DansGuardian config file for version 2.10
# **NOTE** as of version 2.7.5 most of the list files are now in dansguardianf1.conf
# Web Access Denied Reporting (does not affect logging)
reportinglevel = 2
languagedir = '/usr/share/dansguardian/languages'
language = 'ukenglish'
loglevel = 2
logexceptionhits = 2
logfileformat = 1
filterip =
filterport = 8080
proxyip = 127.0.0.1
proxyport = 3128
#accessdeniedaddress = 'http://YOURSERVER.YOURDOMAIN/cgi-bin/dansguardian.pl'
#accessdeniedaddress = '/usr/share/dansguardian/dansguardian.pl'
nonstandarddelimiter = on
usecustombannedimage = on
custombannedimagefile = '/usr/share/dansguardian/transparent1x1.gif'
filtergroups = 1
filtergroupslist = '/etc/dansguardian/lists/filtergroupslist'
bannediplist = '/etc/dansguardian/lists/bannediplist'
exceptioniplist = '/etc/dansguardian/lists/exceptioniplist'
showweightedfound = on
weightedphrasemode = 2
urlcachenumber = 1000
urlcacheage = 900
scancleancache = on
phrasefiltermode = 2
preservecase = 0
hexdecodecontent = off
forcequicksearch = off
reverseaddresslookups = off
reverseclientiplookups = off
logclienthostnames = off
createlistcachefiles = on
maxuploadsize = -1
maxcontentfiltersize = 256
maxcontentramcachescansize = 2000
filecachedir = '/tmp'
deletedownloadedtempfiles = on
initialtrickledelay = 20
trickledelay = 10
downloadmanager = '/etc/dansguardian/downloadmanagers/fancy.conf'
downloadmanager = '/etc/dansguardian/downloadmanagers/default.conf'
contentscannertimeout = 60
contentscanexceptions = off
recheckreplacedurls = off
forwardedfor = off
usexforwardedfor = off
logconnectionhandlingerrors = on
logchildprocesshandling = off
maxchildren = 120
minchildren = 8
minsparechildren = 4
preforkchildren = 6
maxsparechildren = 32
maxagechildren = 500
maxips = 0
ipcfilename = '/tmp/.dguardianipc'
urlipcfilename = '/tmp/.dguardianurlipc'
ipipcfilename = '/tmp/.dguardianipipc'
nodaemon = off
nologger = off
logadblocks = off
loguseragent = off
softrestart = off
mailer = '/usr/sbin/sendmail -t'
|
|
|
| Back to top |
|
 |
Xanadu
Guru
Joined: 10 Oct 2002
Posts: 335
Location: Hour West of Philly (USA)
|
| Posted: Tue Dec 02, 2008 1:37 am Post subject: Re: Dansguardian accessdeniedaddress |
|
|
| mcuddy wrote: | | I have a computer I intend to use as a firewall and content filter for a school. I have installed guarddog and dansguardian. No proxy or hosting software. |
That's the problem right there. DansGuardian is a "plugin" (if you will, it's more of an "extension" or an "assistant" maybe is a better word) to a proxy server (squid, to name one). The proxy server does it's fetching and caching then before it sends it out to the user, redirects the requests through DansGuardian THEN out to the user. I've set it all up successfully in the past, but it was more of crude tests. It did work as advertised howver.
Hmmm...
Actually you remind me of one of the things on my plate that I have to spiff up. Now that my Son is getting older enough to get his own computer in his room... (he's 9.5 years)
_________________
I'm not a prophet or a stone-age man
I'm just a mortal with potential of a super man
-David Bowie |
|
| Back to top |
|
|
mcuddy
n00b
Joined: 06 Dec 2004
Posts: 71
|
| Posted: Tue Dec 02, 2008 2:40 pm Post subject: |
|
|
| Is there another web filter that would be useful on a router/firewall computer? how does a proxy work? Will it take extra setup on the client machines? |
|
| Back to top |
|
|
derk
Guru
Joined: 10 Mar 2003
Posts: 347
Location: St Thomas Ontario
|
| Posted: Tue Dec 02, 2008 4:02 pm Post subject: |
|
|
actually squid is a very good choice as it does webpage caching. this can reduce your internet traffic considerably in the case of students accessing the same sites regularly. The only caveat is that it needs enoiugh disk space for it's cache. you also need to allow for log file space. squid runs on the same machine as Dansguardian. Just set dansguardian output to squids default 3128 input port. traffic is passed internally from one to the other. If you are worried about exposing the port externally that can be firewalled on an ip or nic basis.
Make sure you force proxy port (8080) usage by firewalling port 80 from the internal network. Also firewall squid port 3128 to the interent and to the localnetwork unless you want to provide an unfiltered path for trusted users. squid only needs localhost access on it'sdefault input port.
I had this set-up on a firewall/server system used for a small school with about 50 computers. It worked very well. |
|
| Back to top |
|
|
|
Networking & Security
