Dansguardian package for 2.0
-
I've just pushed some fixes do improve dansguardian boot process and checks.
On my tests, dansguardian startup time during boot process reduced to 20 seconds.
Wait 15 minutes, reinstall the package, apply config and reboot.
Thanks for the updates… BTW. I made the changes to include 'bypasskey' and 'accessdeniedaddress' on the groups page. Turns out this was all I had to do in order to make my changes work (since the settings in dansguardianf1.conf override those that are set in dansguardian.conf). It was a pretty simple change, but you can drop me an email at randyj.crowder@gmail.com if you want me to send you the three files I had to touch - they were dansguardian_groups.xml, dansguardian.conf.template, dansguardian.inc (in /usr/local/pkg).
-
I made the changes to include 'bypasskey' and 'accessdeniedaddress' on the groups page.
Push these changes via github https://github.com/bsdperimeter/pfsense-packages/tree/master/config/dansguardian.
This way I can check changes and commit to the code.
-
I made the changes to include 'bypasskey' and 'accessdeniedaddress' on the groups page.
Push these changes via github https://github.com/bsdperimeter/pfsense-packages/tree/master/config/dansguardian.
This way I can check changes and commit to the code.
OK…done.
BTW. I was looking at the main "report and log" page (dansguardian_log.xml). The way it really should work is if you pick reporting level 3, then it enables the editing of the html template in the text box. Otherwise, it should enable a field for entering the accessdeniedaddress... I was digging through the package directory and saw how to enable fields from a checkbox, but couldn't figure out how to enable/disable multiple fields based on the value selected from a list... Sorry for my ignorance.
-
OK…done.
I'm seeing only one push on github.
https://github.com/rjcrowder/pfsense-packages/commit/aa9fbaf910c0e1a3465826f9f5483646ab6b819e
What happen if user do not select any custom error page? Your code force this option on dansguardianfx.conf.template
accessdeniedaddress = '{$dansguardian_groups['accessdeniedaddress']}'
-
OK…done.
I'm seeing only one push on github.
https://github.com/rjcrowder/pfsense-packages/commit/aa9fbaf910c0e1a3465826f9f5483646ab6b819e
What happen if user do not select any custom error page? Your code force this option on dansguardianfx.conf.template
accessdeniedaddress = '{$dansguardian_groups['accessdeniedaddress']}'
K… I'll try to figure out what I did wrong on pushing to github - first time I've used it.
As far as the accessdeniedaddress, it should be fine to not specify a URL as long as the reportinglevel is 3. That's why I also "uncommented" the reportinglevel field in dansguardianfx.conf.template.
Like I said on the main page, the UI should only allow you to specify the template content if you choose level 3. Since the template file is global, there is no need to put it on the group page. However, the accessdeniedaddress field should be disabled on the group page if you pick reportinglevel 3 - since it would be ignored anyway.
-
OK…done.
I'm seeing only one push on github.
https://github.com/rjcrowder/pfsense-packages/commit/aa9fbaf910c0e1a3465826f9f5483646ab6b819e
What happen if user do not select any custom error page? Your code force this option on dansguardianfx.conf.template
accessdeniedaddress = '{$dansguardian_groups['accessdeniedaddress']}'
I'll figure out what I did wrong… but all the changes are out there under different patches...
-
Hi all,
Just published version 1.5.3 with per user reporting level, accessdenied url and passkey.
rjcrowder,
I did not found your chages except that I've posted. Take a look if my changes works like yours.att,
Marcello Coutinho -
That's exactly it. Thanks.
The only thing I did different was that I made the accessdeniedaddress field a "text area" (75 wide, 1 row) so that you could enter a long string and it would scroll…
Thanks a ton!
-
Can you test if startup issue is fixed too?
-
Can you test if startup issue is fixed too?
I have had no problem at all on the last two releases (since you made Squid3 start first and DG last)… of course that's working out of a VM. I will let you know if I get a chance to reinstall physical.
-
(since you made Squid3 start first and DG last)…
I didn't…
Maybe a install package order made this.
With this latest patch, Dansguardian startup time now is around 3 seconds :)
-
any news on ssl filtering?
-
-
(since you made Squid3 start first and DG last)…
I didn't…
Maybe a install package order made this.
With this latest patch, Dansguardian startup time now is around 3 seconds :)
Installing squid3 and latest dans package appears to have resolved my startup issues on my physical box. Thanks!
-
(since you made Squid3 start first and DG last)…
I didn't…
Maybe a install package order made this.
With this latest patch, Dansguardian startup time now is around 3 seconds :)
Interesting… Glad it works. However, I'm slightly concerned that it may break in the future if there is not a way to explicitly control startup order... Guess I'll have to wait and see.
-
Interesting… Glad it works. However, I'm slightly concerned that it may break in the future if there is not a way to explicitly control startup order... Guess I'll have to wait and see.
I'm quite sure it will not break as all my working dansguardians has squid started after.
Dansguardian does not crash or exit on the first squid test.
-
Interesting… Glad it works. However, I'm slightly concerned that it may break in the future if there is not a way to explicitly control startup order... Guess I'll have to wait and see.
I'm quite sure it will not break as all my working dansguardians has squid started after.
Dansguardian does not crash or exit on the first squid test.
Reinstalled physical tonight… no problem. Thanks for all the great work on this package!
-
Is there any way I could get "captive portal" style authentication with dansguardian either through the built-in pfsense captive portal or something else? Basically I'm looking for forms based authentication.
-
The content scanner timeout should read 60 seconds on the DansGuardian config page. Instead the field changes to the icapserver settings. The error I received was that Dans Guardian could not understand the config file.
-
The startup problem is solved for me. Dans Guardian now starts on reboot. Thanks.
- 8 days later
-
Is there a doc that explains step by step how to configure Dansguardian? I am looking to replace SquidGuard (which works fine) with Dansguardian.
I have Snort, HAVP, Squid (null config) and SquidGuard installed. -
Is there a doc that explains step by step how to configure Dansguardian? I am looking to replace SquidGuard (which works fine) with Dansguardian.
I have Snort, HAVP, Squid (null config) and SquidGuard installed.Check out this thread http://forum.pfsense.org/index.php/topic,47856.0.html
-
Thank you !!!!!!
- 2 months later
-
hi all
I have a bug here:in access list, when I am in URL tab, and then I click on Content tab, it goes to Extension tab
Can someone reproduced this ?
bye
Julien -
in access list, when I am in URL tab, and then I click on Content tab, it goes to Extension tab
Thank's for the feedback Julien
It's fixed now.
To apply this patch, just reinstall the package or apply the changes to dansguardian_url_acl.xmlhttps://github.com/bsdperimeter/pfsense-packages/commit/5e02cb482cd5bc25eaac17e7af33c4039390ed33
att,
Marcello Coutinho -
thank's Marcello for you're quick response, it's fixed after reinstalling the package
-
version 0.1.5.4 of dansguardian package is out
Changes:
-
fix content xml call in dansguardian_url_acl.xml file
-
Includes exceptioniplist missing field on ip tab.
att,
Marcello Coutinho -
-
Maybe i missed out on all of this, but how do you access the logs created by Dansguardian. Also the funny thing is clicking reply showed up as pornographic. :o
Thanks.
Again i surprise myself. Figured it all out.
-
Maybe i missed out on all of this, but how do you access the logs created by Dansguardian.
using console/ssh, exec tail -f /var/log/dansguardian/access.log
Also the funny thing is clicking reply showed up as pornographic. :o
Just whitelist it ;)
-
I'm very new to proxies and running content filtering via servers, but I want to try. Can someone please tell me step-by-step (sorry for needing the newbie run down) how to set up squid + squidguard + dansguardian? (32-bit system)
From what I've read, squidguard is more customizable/configurable as far as ACLs (with respect to users, subnets, etc), but I really want content filtering instead of just URL filtering.
Thanks in advance!
-
test dansguardian + squid packages first.
Dansguardian default install creates almost 90% of default configuration, you will get a running filter with few steps:
-
Install squid2, enable service on loopback port 3128)
-
Install dansguardian package, enable service on port 8080
-
Create a firewall rule on lan to enable access to lan address port 8080
-
configure client proxy to use dansguardian ip/port
-
-
Thanks for the quick response. If I have two NICs (subnets) one for the adults and one for the kids, I read with the squidguard that it's very easy to make different blacklists per subnet or user. How easy is that to do with dansguardian? Also, would I need to make a firewall rule on each NIC allowing access to LAN port 8080?
Now the really dumb questions… where do I get the dansguardian package? When you say configure client proxy is that the browser on all users computers?? I don't want to have to manually adjust settings on all computers.
Thanks again!
-
How easy is that to do with dansguardian?
Just create groups based on ip addresses/subnets and select ip based auth
Also, would I need to make a firewall rule on each NIC allowing access to LAN port 8080?
Yes.
where do I get the dansguardian package?
just go on system -> packages and install it.
When you say configure client proxy is that the browser on all users computers?? I don't want to have to manually adjust settings on all computers.
Transparent proxy can only filter http but not https.
You can configure it using proxy wpad/pac settings on dns/dhcp
-
Transparent proxy can only filter http but not https.
is the ssl stuff already working?
thanks
-
is the ssl stuff already working?
No, we are still on the same point. Dansguardian tries to intercept but client rejects it's certificate.
- 20 days later
-
i have installed Dansguardian but its not showing up in services or anywhere else apart from installed packages. i am using latest pfsense. any idea? thanks
-
- 14 days later
-
I've had to drop this for a while (new baby and all) but I had someone asking about the SSO for dansguardian. Hopefully I'll be able to revisit it and provide a howto for everyone, though it may be a little while.
Marcelloc, did you ever get that patch from dansguardian working that would fix the bug about not being able to use multiple authplugins?
-
So couple questions… the first being that I was told in this thread to install Squid2, but I don't see Squid2 I only see Squid3 but it says it's a beta version. Is there still a Squid2 available?
Next thought, I don't understand the configuration of using the proxy. From the last response, I assume there is no firewall rule needed for using the proxy, but is there anything else in pfsense besides the loopback address at port 3128 that I would need to set up? Where is the setup for that loopback on port 3128 done?
Another thought, again sorry for the newbie questions, is the proxy automatically run on ALL NICs of pfsense because it's the interface to the WAN yes? Is there any way I can select which NICs the proxy is run on?
Last thought, with the firewall rules: Normal access on the KIDS opt interface I have a single rule that says allow any from KIDS net to any. Would that rule still exist or do I need to change that rule to only allowing on port 8080 to use dansguardian correctly? Does that question make sense?
Thanks again in advance!
-
Marcelloc, did you ever get that patch from dansguardian working that would fix the bug about not being able to use multiple authplugins?
Not yet, I've tried once without success. Next month maybe I'll have time to test it again.