Unfortunately the performance of DansGuardian/Squid when first .. for rebuilding DansGuardian, see question Usage#11c in the Wiki FAQ. DansGuardian is an award winning Open Source web content filter which currently runs on Linux, FreeBSD, OpenBSD, NetBSD, Mac OS X. DansGuardian is an award winning Open Source web content filter which DansGuardian is excellent at filtering pages from the Internet as it . Content is available under GNU Free Documentation License or later.

Author: Voktilar Kajigis
Country: Guinea-Bissau
Language: English (Spanish)
Genre: Environment
Published (Last): 25 December 2010
Pages: 452
PDF File Size: 9.78 Mb
ePub File Size: 7.25 Mb
ISBN: 635-5-71618-388-4
Downloads: 79905
Price: Free* [*Free Regsitration Required]
Uploader: Maujar

But eliminating skipping may not be automatic in either case, and some instructions are a little misleading about configuring a DansGuardian system so it can’t be skipped. Users may either skip around your whole DansGuardian system entirely, danguardian they may skip around the first half and access your back-end proxy directly.

Of course, preventing skipping is only the first step in shutting down flouting of web restrictions. Even after skipping is prevented, dansguzrdian end user may still be able to connect right through DansGuardian to an external proxy site and hop onward to a restricted site, or to avoid web ports completely with some anonymizer tools.

But until you first prevent skipping, none of your other restrictions will have hardly any effect because users will be able to so simply and easily avoid them. The same techniques used to prevent circumventing the filter are often also used for one or more of documentatiin closely related goals:.


Do not implement non-skipping measures until your DansGuardian is installed and working. These measures do more than just prevent illicit use; they also interfere with several useful dansguardina techniques. This description of how to prevent skipping of DansGuardian is generic to any Linux-based system with IPtables. But for convenience and brevity, these examples refer to a specific configuration. Here we assume DansGuardian is using ‘squid’ for its back-end proxy.

Please expand these instructions with details for a those that build on the IPtables configuration built into their distribution and b those that craft individual IPtables commands. Here we assume the DansGuardian input port is and the Squid input port is beware: And here we assume DansGuardian and Squid are running on the main firewall computer rather than elsewhere.

As a side effect of dansguarrdian this, you’ll also keep users from directly accessing a website over the standard port in other words you’ll satisfy number one.

DansGuardian Documentation Wiki

You’ll need an IPtables instruction to grab all traffic that comes in to port 80 from your workstations and redirect it to the DansGuardian input port in ShoreWall syntax: One of its side effects will be to prevent skipping around, so there still won’t be any problem. For both configuration families you’ll need IPtables or something similaralthough only for one or a few settings.

You may notice that the IPtables rules for the two configuration dansguardiian are pretty similar. Usually these things already happen by default or policy, and no explicit setting is needed.


To do the second thing, simply make the back-end documentatin available only to other software running on the same machine. The best way to do this is probably not with IPtables but rather with the configuration of the back-end proxy itself.

All you need to do is configure the communication between DansGuardian and your back-end proxy to use only the local computer rather than any global IP address specifically, in squid. Once you’ve done both things, your users won’t dandguardian able to skip around your DansGuardian system.

Ubuntu Hardy and DansGuardian, Page 6 – Configuring DansGuardian

But doing so would affect all traffic to the Internet, not just web traffic, which is inappropriate in most situations. DansGuardian Documentation Wiki You are here: Customizing the Block Page. Prevent Circumventing the Filter.

Not Until It Works. The same documentatuon used to prevent circumventing the filter are often also used for one or more of these closely related goals: Implement these measures after filtered web access is working for everyone. To eliminate any possibility of skipping, you need to do two things: Ensure the connection between DansGuardian and its back-end proxy is not available to users.