+ Post New Thread
Results 1 to 3 of 3
*nix Thread, Dansguardian - multiple instances and filter by location. in Technical; I'm toying with the idea of using 3 Dansguardian instances (Test/Kids/Staff) on our proxy, talking to the same Squid and ...
  1. #1


    Join Date
    Dec 2005
    Location
    In the server room, with the lead pipe.
    Posts
    4,650
    Thank Post
    275
    Thanked 780 Times in 607 Posts
    Rep Power
    224

    Dansguardian - multiple instances and filter by location.

    I'm toying with the idea of using 3 Dansguardian instances (Test/Kids/Staff) on our proxy, talking to the same Squid and ClamAV instance.

    I know this is technically possible and the proxy can easily handle the load, but is it a good idea?

    Alternatively.....

    Is it possible to detect where (based on machine name or MAC) a user is when they log in and only apply "staff" filtering if they're on their laptop/dept office/staff work room and otherwise apply student filtering?

    This way, attempting to log on using staff usernames is useless to kids.

  2. #2


    tom_newton's Avatar
    Join Date
    Sep 2006
    Location
    Leeds
    Posts
    4,475
    Thank Post
    866
    Thanked 850 Times in 672 Posts
    Rep Power
    196

    Re: Dansguardian - multiple instances and filter by location.

    I am sure you can do what you want WITHOUT multiple DG instances - except I've not seen the multi-dependant auth idea implemented anywhere.

    Tom

  3. #3


    Join Date
    Dec 2005
    Location
    In the server room, with the lead pipe.
    Posts
    4,650
    Thank Post
    275
    Thanked 780 Times in 607 Posts
    Rep Power
    224

    Re: Dansguardian - multiple instances and filter by location

    Yeah, I know I could, but I'd like a testing instance for DG and to be able to tinker/upgrade staff filtering while leaving student filtering running and vice versa.

    I've thought of a very hacky way of doing location-based filtering through iptables, but it would be distinctly sub-optimal.

    User requests proxy access at server:8080, iptables checks MAC address and routes packets to DG-staff instance on (say) 8081 if MAC = staff mac address, otherwise lets it through to the DG-Student instance at server:8080.

    I've no idea what sort of latency / processing overhead this would add to the proxy, so I'm loathe to try it and searching for a better solution.

SHARE:
+ Post New Thread

Similar Threads

  1. dansguardian
    By callumtuckey in forum How do you do....it?
    Replies: 3
    Last Post: 21st May 2007, 08:43 AM
  2. Replies: 5
    Last Post: 8th May 2007, 11:30 AM
  3. Replies: 19
    Last Post: 26th February 2007, 03:39 PM
  4. DansGuardian without local Squid
    By NetworkGeezer in forum *nix
    Replies: 2
    Last Post: 13th February 2007, 02:07 PM
  5. Replies: 13
    Last Post: 4th October 2006, 10:42 AM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •