Dansguardian - multiple instances and filter by location.

[pete]

I'm toying with the idea of using 3 Dansguardian instances (Test/Kids/Staff) on our proxy, talking to the same Squid and ClamAV instance.

I know this is technically possible and the proxy can easily handle the load, but is it a good idea?

Alternatively.....

Is it possible to detect where (based on machine name or MAC) a user is when they log in and only apply "staff" filtering if they're on their laptop/dept office/staff work room and otherwise apply student filtering?

This way, attempting to log on using staff usernames is useless to kids.

[tom_newton]

I am sure you can do what you want WITHOUT multiple DG instances - except I've not seen the multi-dependant auth idea implemented anywhere.

Tom

[pete]

Yeah, I know I could, but I'd like a testing instance for DG and to be able to tinker/upgrade staff filtering while leaving student filtering running and vice versa.

I've thought of a very hacky way of doing location-based filtering through iptables, but it would be distinctly sub-optimal.

User requests proxy access at server:8080, iptables checks MAC address and routes packets to DG-staff instance on (say) 8081 if MAC = staff mac address, otherwise lets it through to the DG-Student instance at server:8080.

I've no idea what sort of latency / processing overhead this would add to the proxy, so I'm loathe to try it and searching for a better solution.