Dansguardian - multiple instances and filter by location.
I'm toying with the idea of using 3 Dansguardian instances (Test/Kids/Staff) on our proxy, talking to the same Squid and ClamAV instance.
I know this is technically possible and the proxy can easily handle the load, but is it a good idea?
Is it possible to detect where (based on machine name or MAC) a user is when they log in and only apply "staff" filtering if they're on their laptop/dept office/staff work room and otherwise apply student filtering?
This way, attempting to log on using staff usernames is useless to kids.
Re: Dansguardian - multiple instances and filter by location.
I am sure you can do what you want WITHOUT multiple DG instances - except I've not seen the multi-dependant auth idea implemented anywhere.
Re: Dansguardian - multiple instances and filter by location
Yeah, I know I could, but I'd like a testing instance for DG and to be able to tinker/upgrade staff filtering while leaving student filtering running and vice versa.
I've thought of a very hacky way of doing location-based filtering through iptables, but it would be distinctly sub-optimal.
User requests proxy access at server:8080, iptables checks MAC address and routes packets to DG-staff instance on (say) 8081 if MAC = staff mac address, otherwise lets it through to the DG-Student instance at server:8080.
I've no idea what sort of latency / processing overhead this would add to the proxy, so I'm loathe to try it and searching for a better solution.