DansGuardian as Squid redirector

1. Download the program
# wget http://sourceforge.net/projects/dansguardian/files/dansguardian-2.12.0.3.tar.bz2/download
2. Untar the program
# tar jxf dansguardian-2.12.0.3.tar.bz2
3. Installation
# cd dansguardian-2.12.0.3
# ./configure –prefix=
If you get those messages :
configure: error: no zlib!
Install ALL the zlib package parts (zlib, zlib-devel, zlib-static).
If the following error occurs :
No package ‘libpcre’ found
Install all packages : pcre-devel, pcre-static and of course pcre
# make
# make install
# make clean
4. Options
# dansguardian -h
Usage: dansguardian [{-c ConfigFileName|-v|-P|-h|-N|-q|-s|-r|-g}]
-v gives the version number and build options.
-h gives this message.
-c allows you to specify a different configuration file location.
-N Do not go into the background.
-q causes DansGuardian to kill any running copy.
-Q kill any running copy AND start a new one with current options.
-s shows the parent process PID and exits.
-r closes all connections and reloads config files by issuing a HUP,
but this does not reset the maxchildren option (amongst others).
-g gently restarts by not closing all current connections; only reloads
filter group config files. (Issues a USR1)
5. Where are which files
Main configuration and lists : /etc/dansguardian/
Logs : /var/log/dansguardian
Ownership is such :
# chown -R squid.squid /var/log/dansguardian
Executive file : /sbin/dansguardian
6. Configuration through /etc/dansguardian/dansguardian.conf
Generally, only these lines are changed :
filterip = 127.0.0.1
filterports = 8080 this port MUST NOT be the same as Squid port!
proxyip = 127.0.0.1
proxyport = our Squid server port
loglocation = ‘/var/log/dansguardian/access.log
accessdeniedaddress = ‘to which site redirection goes’
daemonuser = ‘squid’
daemongroup = ‘squid’
7. Additional configuration
Folder /var/log/dansguardian has to have 777 on it, and ownership of “squid”
The whole thing will not work withount the iptables redirection from DG port to Squid port :
iptables -t nat -A OUTPUT -p tcp –dport 80 -m owner –uid-owner squid -j ACCEPT
iptables -t nat -A OUTPUT -p tcp –dport 8080 -m owner –uid-owner squid -j ACCEPT
iptables -t nat -A OUTPUT -p tcp –dport 80 -j REDIRECT –to-ports 8081
iptables -t nat -A OUTPUT -p tcp –dport 8080 -j REDIRECT –to-ports 8081
Where 8080 is port Squid port, and 8081 is DansGuardian port.
Here the DG logic can be seen link.
Take Care!!!! Users as proxy port MUST use DansGuardian port, so that it can work over user demands.
8. Black lists, and how to add them – Take Care!!!! They are downloaded separately, here or here.
New BLs are just coppied to location /etc/dansguardian/lists/blacklists
Ownership of folders and files :
drwxr-xr-x 2 root root 4096 Aug 28 14:57 adult
9. How to activate single BLs
Nice. All those lists just sit there. How to make DansGuardian use them?
On location /etc/dansguardian/lists are files which should be edited to activate and deactivate lists, to put some IPs, sites on white lists :
bannedextensionlist
bannediplist
bannedmimetypelist
bannedphraselist
bannedregexpurllist
bannedsitelist
bannedurllist
banneduserlist- here are BLs enabled
exceptioniplist – white lists for single IP addressess
exceptionphraselist
exceptionsitelist – whitelisted sites
exceptionurllist
exceptionuserlist
exceptionvirusextensionlist
exceptionvirusmimetypelist
exceptionvirussitelist
exceptionvirusurllist
10. Testing
First start it up and see if it works :
# /sbin/dansguardian
# ps -axf|grep dans
…..
15645 ? Ss 0:00 /sbin/dansguardian
15646 ? S 0:00 \_ /sbin/dansguardian
…..
Or
# /sbin/dansguardian -s
Parent DansGuardian pid:15730

Notes :
DansGuardian and SquidGuard can not work together.

This entry was posted in Linux and tagged , , . Bookmark the permalink.

Comments are closed.