Koozali.org: home of the SME Server

DansGuardian

Offline nate

  • **
  • 55
  • +0/-0
    • http://www.solardepot.com
DansGuardian
« on: September 06, 2006, 10:47:05 PM »
I just installed DansGuardian on my test machine and I’m tuning things up, hopefully to deploy on the production box this weekend.  So far so good, it all seems to work as advertised.  -  Me likes it a lot!!!  

I have a couple questions for now and probably lost more soon.  

(1)   Is there a quick and easy way to lock all clients to the proxy server and 8080 port?  I’m hoping there is a real dumb way to do this that I just don’t know about, or haven’t thought of yet.  The only way I know how to do it is by manually configuring each browser on each workstation.  PITA!

(2)   I added the .mp3 to the file extension ban list but I get no joy!  I can still download file.mp3 – Anybody know why?

Thank you in advance oh gurus of IT……!
 
.........
....Making the Jump to 7.x   8-)

Offline raem

  • *
  • 3,972
  • +4/-0
Re: DansGuardian
« Reply #1 on: September 07, 2006, 11:29:24 AM »
nate

> Is there a quick and easy way to lock all clients to the proxy server and 8080 port?  

see the last post in http://forums.contribs.org/index.php?topic=26445.0


> I added the .mp3 to the... ban list but ...I can still download file.mp3

Did you restart dansguardian ?
...

Offline nate

  • **
  • 55
  • +0/-0
    • http://www.solardepot.com
DansGuardian
« Reply #2 on: September 08, 2006, 12:12:57 AM »
I read through your how to and the post “carefully and completely” and all I can say is - Thank You!
 
Everything is working great!  I think I am ready to go live.
....Making the Jump to 7.x   8-)

Offline raem

  • *
  • 3,972
  • +4/-0
DansGuardian
« Reply #3 on: September 08, 2006, 01:42:19 AM »
nate

> I read through your how to and the post “carefully and completely”...

That's good you resolved the matter & I'm glad you appreciate the comment.
At least you didn't blast me for telling you to read a howto !

It appears that for some people the reading bit is easy, but it's the "carefully and completely" part that seems to give problems !
...

buknoy

Inaccessible Website
« Reply #4 on: September 12, 2006, 08:53:37 AM »
>It appears that for some people the reading bit is easy, but it's the "carefully and completely" part that seems to give problems !

I think I'm one of these "some people" guys, and in addition, the "understanding" part is also an added handicap for us newbies.

I downloaded and expanded all the required custom templates (http://forums.contribs.org/index.php?topic=26445.0  ) but an error occurred in the line that states: '/home/e-smith/dungog'. It appears that this folder does not exist in my box. WOULD SOMEBODY TELL ME WHAT TO DO WITH THESE LINES?

And so I tried the solution of Mr. Funkusmunkus (http://forums.contribs.org/index.php?topic=26445.0) and it really did work. But true to his warning, it was not completely tested as I cannot access my website from another network. WHAT IS WRONG WITH THIS SOLUTION?

Additional problem encountered was that MAIL.YAHOO.COM (and other subsites), HOTMAIL.COM and GOOGLE.COM could not be accessed unless these domains are included in the exceptionsitelist. WHY?

Thanks Mr. Mitchell for patiently providing us answers. Thanks also to everyone contributing inputs in this topic.

setup:
DELL PIII-667, 40GB HDD, 512MB SDRAM, with SME 7 & DANSGUARDIAN, 16 PIII workstations

Domain is http://kidapawan.homelinux.com. Internet Connection uses Dynamic IP. No other router between the Canopy SM Lite and SME box.

Offline raem

  • *
  • 3,972
  • +4/-0
Re: Inaccessible Website
« Reply #5 on: September 12, 2006, 11:39:04 AM »
buknoy

There is no published answer, so don't be expecting one. If someone contributes it & I add it to the HowTo then good & well, if not bad luck.

Perhaps you missed the part of the HowTo that says:
The following details are in DRAFT form only.
You will have to determine the correct custom template fragments to use & which template to expand yourself. There have been numerous posts at the contribs.org forums with solutions provided. These have not been documented at this stage but can be found by doing searches.


> I downloaded and expanded all the required custom templates
> but an error occurred in the line that states: '/home/e-smith/dungog'

I believe those templates are from the dungog web gui implementation, & appear to be expecting a db file in home/e-smith/ called dungog.
As you are not using that version then you don't have the database file that the templates are expecting. You could try adding that file and see what happens, but that is experimental on your part.


> And so I tried the solution of Mr. Funkusmunkus and it really did work.
> But ......I cannot access my website from another network.

Sounds like port 80 is being blocked which is the whole idea of the template, but it appears to be also blocking external access. If you want port 80 to have access then you need to modify the template. I don't think you have understood what the template is doing & why.


> MAIL.YAHOO.COM (and other subsites), HOTMAIL.COM and
> GOOGLE.COM could not be accessed unless these domains are included > in the exceptionsitelist

Dansguardian is a content filter and scores a website. If the naughtynesslimit score is reached then access to the site is blocked, it sounds like it's working correctly. You need to tweak the config to change the naughtynesslimit score as per HowTo.


> Thanks Mr. Mitchell for patiently providing us answers.

Thanks for thanking me, it's better than being blasted for telling people to read the manual, ..... but I'm going to tell you to read the manual as it seems like it could be useful to you to understand Dansguardian better.

Please go to the website at http://www.dansguardian.org and read all about Dansguardian, what it does and how it works, that will give you a better understanding of the tool & your usage experience may improve.
...

Offline raem

  • *
  • 3,972
  • +4/-0
Re: Inaccessible Website
« Reply #6 on: September 12, 2006, 11:44:59 AM »
buknoy

A workaround for Windows clients using Internet Explorer is to configure group policies on workstations. Run gpedit.msc and configure the section that disables certain menus in IE and stops users changing the proxy port settings (this should be set to Auto Detect by the Administrator), and also stop Registry editing.
Set sme Transproxy Port to 8080 and no templates needed then.

Access will only be by the auto detected port which is set to 8080 on sme and therefore subject to dansguardian filtering.
...

Offline nate

  • **
  • 55
  • +0/-0
    • http://www.solardepot.com
Re: Inaccessible Website
« Reply #7 on: September 12, 2006, 06:44:03 PM »
Quote from: "RayMitchell"
buknoy

A workaround for Windows clients using Internet Explorer is to configure group policies on workstations. Run gpedit.msc and configure the section that disables certain menus in IE and stops users changing the proxy port settings (this should be set to Auto Detect by the Administrator), and also stop Registry editing.
Set sme Transproxy Port to 8080 and no templates needed then.

Access will only be by the auto detected port which is set to 8080 on sme and therefore subject to dansguardian filtering.
+1
 
This is very easy to do.  However it is only practical on a small network (say less than 50 users).  Also, it has the added benefit of setting D.G. up on a per-user basis.  You can leve the Managers with full, unfiltered web access and set other user workstation (the trouble makers) to use 8080.  
 
There is a slightly different process for Firefox.  This is some information I found:
 
(I DID NOT TEST THIS)

Let’s say you are the administrator of one or more installations of Mozilla Firefox and you want to lock certain settings/options, so users cannot edit them.

For instance you may want to prevent people from changing the proxy setting, the homepage, the ability to save passwords, etc.  It is possible, but it’s a little complicated.

First you need to find out what the names are of the preferences you wish to lock. The best way to do this is by entering about:config in the Firefox location bar. Every preference that has been used will appear in the resulting list. You can use the filter field to search for preferences that contain certain words. For instance, if you’re looking for the homepage URL setting, just type homepage in the filter field. For more info on preference names, and about: config see:
http://kb.mozillazine.org/About:config

Next, create a file anywhere on your hard drive, called mozilla.txt. Open mozilla.txt in a text editor (Notepad), and begin the first line with two forward slashes. The following lines will contain the preferences you want to lock, and their values. They should be in the same form as you see them in your profile’s prefs.js file, with one exception: instead of using user_pref, use lockPref. For instance, if you want to lock the proxy at “direct connection“, and lock the homepage at (forgive the ego) http://ilias.ca, the contents of your mozilla.txt file would look like this:
//
lockPref("network.proxy.type", 0);
lockPref("browser.startup.homepage", "http://ilias.ca/");

Here’s where it gets tricky. The file must be encoded, and renamed. The encoding is a simple “byte-shifting” with an offset of 13. You can download a program that will do this here, or use an online encoder here.

The resulting file should be named mozilla.cfg. Save that in the same directory as firefox.exe.

Last step: In C:\Program Files\Mozilla Firefox\greprefs\ there’s a file called all.js. Open all.js in a text editor, and add the following line at the end of it:
pref("general.config.filename", "mozilla.cfg");

Save, close, and start Firefox to test it.
....Making the Jump to 7.x   8-)

buknoy

Thanks for being the Dansguardian's Guardians
« Reply #8 on: September 20, 2006, 03:15:28 PM »
Thanks guys, I really appreciate your assistance.

Offline cheezeweeze

  • 18
  • +0/-0
DansGuardian
« Reply #9 on: September 21, 2006, 05:58:38 PM »
You can also try disabling local net access to the squid proxy.  See my post at the following:

http://forums.contribs.org/index.php?topic=33775.0

Offline raem

  • *
  • 3,972
  • +4/-0
DansGuardian
« Reply #10 on: July 11, 2007, 06:06:17 PM »
cheezeweeze & others

The answer is here in the new Howto
http://wiki.contribs.org/Dansguardian
...