+ Post New Thread
Page 2 of 4 FirstFirst 1234 LastLast
Results 16 to 30 of 47
*nix Thread, Web Filter in Technical; Originally Posted by Geoff Shh, or I'll grep you! Promises Promises!...
  1. #16

    Ric_'s Avatar
    Join Date
    Jun 2005
    Location
    London
    Posts
    7,582
    Thank Post
    107
    Thanked 761 Times in 592 Posts
    Rep Power
    179

    Re: Web Filter

    Quote Originally Posted by Geoff
    Shh, or I'll grep you!
    Promises Promises!

  2. #17
    apeo's Avatar
    Join Date
    Sep 2005
    Location
    Lost
    Posts
    1,612
    Thank Post
    95
    Thanked 115 Times in 111 Posts
    Rep Power
    41

    Re: Web Filter

    Thanks for all the replies ppl, its been v.useful and i will naturally have a look at all the elements discussed. Going back to the first post Geoff, err answer would be.. er all of the above would be nice (told you Im a nix Newb ).

  3. #18

    SpuffMonkey's Avatar
    Join Date
    Jul 2005
    Posts
    2,192
    Thank Post
    53
    Thanked 270 Times in 178 Posts
    Rep Power
    131

    Re: Web Filter

    Have you thought of going over to the VMWare Site - d/l a (free) copy of VMWare Player, then have a browse through their free appliances list (VMWare Appliances) - there is a Squid/Dansguard one - d/l it, load it up in Player and Bob's yer uncle - jobs a goodun - well nearly....

    So Geoff - how do you point Squid via the RBC proxy? Haven'y quite worked that out yet.

    Oh - and there are some fab Network Monitoring appliances - even an Online Learning Suite and a setup for secure diskless Internet Cafe PCs amongst hundreds - its a great resource.

  4. #19

    Join Date
    Feb 2006
    Posts
    1,187
    Thank Post
    0
    Thanked 1 Time in 1 Post
    Rep Power
    0

    Re: Web Filter

    Look in the squid.conf file for the cache_peer tag you need to set it to something like
    Code:
    cache_peer proxy.yourisp.com parent 3128 3130
    prefer_direct off

  5. #20

    Geoff's Avatar
    Join Date
    Jun 2005
    Location
    Fylde, Lancs, UK.
    Posts
    11,800
    Thank Post
    110
    Thanked 582 Times in 503 Posts
    Blog Entries
    1
    Rep Power
    223

    Re: Web Filter

    prefer_direct isn't sufficent, plus your cache_peer syntax is wrong. Consider the following:

    Code:
    #Define upstream proxy
    
    cache_peer proxy.lancsngfl.ac.uk parent 8080 7 no-query default
    
    #Local LEA
    acl local_external dstdomain lancsngfl.ac.uk
    
    #Local domain
    acl local_servers dstdomain st-michaels-ce23.lancsngfl.ac.uk
    
    #LAN IP Range
    acl local_ip_range dst 10.81.104.0/255.255.255.0
    
    # Don't go via another proxy for these addresses
    always_direct allow local_external
    always_direct allow local_servers
    always_direct allow local_ip_range
    never_direct allow all

  6. #21
    apeo's Avatar
    Join Date
    Sep 2005
    Location
    Lost
    Posts
    1,612
    Thank Post
    95
    Thanked 115 Times in 111 Posts
    Rep Power
    41

    Re: Web Filter

    Sorry to dig this up again after such a long time but i finally got some time to read up on/learn Ubuntu. Didnt really get far but making slow progress.. Anyway heres my problem, I've added my Ubuntu box to the domain but the annoying thing is that when I do a find computer in AD Users and Computers it finds it but it shows its machine role as Domain Controller. I then checked it by looking at its properties and its role there is Workstation or Server.

    Any ideas why there is a conflict? Here is whats in my smb.conf file (note most of the config are default settings):

    [global]
    workgroup = MY
    realm = MY.DOMAIN
    server string = %h server (Samba, Ubuntu)
    security = ADS
    obey pam restrictions = Yes
    passdb backend = tdbsam
    passwd program = /usr/bin/passwd %u
    passwd chat = *Enter\snew\sUNIX\spassword:* %n\n *Retype\snew\sUNIX\spassword:* %n\n *password\supdated\ssuccessfully* .
    syslog = 0
    log file = /var/log/samba/log.%m
    max log size = 1000
    dns proxy = No
    panic action = /usr/share/samba/panic-action %d
    invalid users = root

    [printers]
    comment = All Printers
    path = /tmp
    create mask = 0700
    printable = Yes
    browseable = No

    [print$]
    comment = Printer Drivers
    path = /var/lib/samba/printers

  7. #22
    ChrisH's Avatar
    Join Date
    Jun 2005
    Location
    East Lancs
    Posts
    4,938
    Thank Post
    114
    Thanked 272 Times in 250 Posts
    Rep Power
    104

    Re: Web Filter

    Its normal that it shows up like that in AD users and computers. I wouldnt worry about ti.

  8. #23
    apeo's Avatar
    Join Date
    Sep 2005
    Location
    Lost
    Posts
    1,612
    Thank Post
    95
    Thanked 115 Times in 111 Posts
    Rep Power
    41

    Re: Web Filter

    Oh right.. just wanted to make sure. Thanks for the input, gonna plod along and do some more configuring now.

  9. #24
    mitcheln's Avatar
    Join Date
    Dec 2005
    Posts
    54
    Thank Post
    1
    Thanked 0 Times in 0 Posts
    Rep Power
    0

    Re: Web Filter

    just for information about hardware really: i run a shorewall/dansguardian/squid setup on debian stable on a 733 P3 with 256MB of RAM and a 20GB hdd. Its a small site - 60 PCs - but it runs very happily.

  10. #25
    apeo's Avatar
    Join Date
    Sep 2005
    Location
    Lost
    Posts
    1,612
    Thank Post
    95
    Thanked 115 Times in 111 Posts
    Rep Power
    41

    Re: Web Filter

    Ok I think ive set it all up now and appears to be working properly. I just need to sort out the blacklist and praselist, exactly how do i do this? Can someone tell me what the command to find out what the versions of the different packages/software eg if i wanted to find out what version of dansguardian, how would i do it? Also I installed dansguardian from the universe/multiverse list, does this mean that if i do an apt-get upgrade it will upgrade dansguardian?

  11. #26

    Geoff's Avatar
    Join Date
    Jun 2005
    Location
    Fylde, Lancs, UK.
    Posts
    11,800
    Thank Post
    110
    Thanked 582 Times in 503 Posts
    Blog Entries
    1
    Rep Power
    223

    Re: Web Filter

    Also I installed dansguardian from the universe/multiverse list, does this mean that if i do an apt-get upgrade it will upgrade dansguardian?
    Yes, apt will keep dansguardian up to date.

    Ok I think ive set it all up now and appears to be working properly. I just need to sort out the blacklist and praselist, exactly how do i do this?
    You can get phraselist updates from The Phrase Master for free.

    http://contentfilter.futuragts.com/phraselists/

    You can get regular updates for your blacklists from urlblacklist.com for not very much money.

    http://urlblacklist.com/

    URLBlacklist also has a auto update script you can download and use as a cron job if you wish.

    Can someone tell me what the command to find out what the versions of the different packages/software eg if i wanted to find out what version of dansguardian, how would i do it?
    Code:
    root@proxy:~# dansguardian -v
    DansGuardian 2.9.7.5
    
    Built with: '--enable-clamav' '--enable-email' '--enable-ntlm' '--enable-clamd'

  12. #27

    Join Date
    May 2006
    Location
    West Bromwich
    Posts
    2,184
    Thank Post
    299
    Thanked 211 Times in 181 Posts
    Rep Power
    55

    Re: Web Filter

    i installed censornet onto an old box and found it to be pretty simple (i'm not that great with linux, see the many threads...) to configure and run. It lets you pull the users from the ad and also scan the network for machines or import a dhcp file.

    There is the web-based system that lets you gather reports on usage and you can also restrict PCs or users in certain groups.

    All in all pretty good really, and authentication is through AD as well.

  13. #28
    apeo's Avatar
    Join Date
    Sep 2005
    Location
    Lost
    Posts
    1,612
    Thank Post
    95
    Thanked 115 Times in 111 Posts
    Rep Power
    41

    Re: Web Filter

    Thanks for your input, appreciate it. Ok extracted the blacklist and phraselists into the dansguardian directory now all i have to do is restart dansguardian right? i dont have to make any config changes for it to pick up the lists.. While im at it if i want to add my own list be it blacklist or phraselist how do i do it? which file do i edit? E.g. i want to ban foo.bar.com or ban the word 'NaughtyWord', how would i add it in?

  14. #29

    Geoff's Avatar
    Join Date
    Jun 2005
    Location
    Fylde, Lancs, UK.
    Posts
    11,800
    Thank Post
    110
    Thanked 582 Times in 503 Posts
    Blog Entries
    1
    Rep Power
    223

    Re: Web Filter

    now all i have to do is restart dansguardian right?
    Code:
    /etc/init.d/dansguardian restart
    Does the job but there are more gentle ways to do it (Doesn't disconnect existing client sessions).

    Code:
    dansguardian -g
    i dont have to make any config changes for it to pick up the lists.. While im at it if i want to add my own list be it blacklist or phraselist how do i do it? which file do i edit? E.g. i want to ban foo.bar.com or ban the word 'NaughtyWord', how would i add it in?
    Depends. There are several files in the lists folder to control differing things. You will need to edit some to make your phrase lists/black lists function.

    Ban Lists

    bannedextensionlist - File type extension bans. Here you can ban .exe, .mp3 etc.

    bannedmimetypelist - File mime type extension bans. Here you can ban text/plain, application/executable, etc.

    bannedregexpurllist - URL regular expression bans. Here you can ban parts of sites with urls matching certain words or phrases. eg
    Code:
    (images.google){1,}.*(\.jpg|\.wmv|\.mpg|\.mpeg|\.gif|\.mov)
    blocks google video/images. Additionally you'll want to include the 'expressions' blacklists in this file like so:
    Code:
    .Include</etc/dansguardian/lists/blacklists/adult/expressions>
    bannedurllist - URL Ban list. When you only need to ban part of a site. So for example you with to allow www.somesite.com but not www.somesite.com/forums you'd add the forums url here. You'll also want to include the 'urls' list from your downloaded blacklists in this file too:
    Code:
    .Include</etc/dansguardian/blacklists/adult/urls>
    bannediplist - IP Ban list. This prevents CLIENT machines with the listed IP's from using the proxy. So if you have a machine on ip 10.0.0.5 infested with spyware and you want to stop it from sending spam via some webform you can list its ip here and deny it internet access.

    bannedphraselist - List of weighted phrases for the phrase match filtering. You need to include your downloaded phraselists here too:
    Code:
    .Include</etc/dansguardian/lists/phraselists/pornography/banned>
    bannedsitelist - List of banned domains. eg google.com. You need to include your blacklists 'domain' files here:
    Code:
    .Include</etc/dansguardian/blacklists/adult/domains>

  15. #30
    apeo's Avatar
    Join Date
    Sep 2005
    Location
    Lost
    Posts
    1,612
    Thank Post
    95
    Thanked 115 Times in 111 Posts
    Rep Power
    41

    Re: Web Filter

    Ah ok.. right. Just one more question, you have given examples of code which im not entirely sure what to do with (bearing in mind that im a complete nix newb). ops:

SHARE:
+ Post New Thread
Page 2 of 4 FirstFirst 1234 LastLast

Similar Threads

  1. URL Filter
    By richard.thomas in forum Network and Classroom Management
    Replies: 3
    Last Post: 2nd November 2007, 10:27 AM
  2. Web Filter
    By Jackd in forum Windows
    Replies: 9
    Last Post: 26th March 2007, 09:23 AM
  3. B Gone filter
    By gwendes in forum General Chat
    Replies: 6
    Last Post: 18th March 2007, 01:49 PM
  4. P2P Traffic Filter
    By Peter in forum Wireless Networks
    Replies: 1
    Last Post: 8th January 2006, 11:34 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •