Dansguardian package for 2.0
-
Tried selecting each of them. I can only select one as I have multiple interfaces.
Thinking of going back to SquidGuard as this is turning out to be a headache.
Was wondering if the older version of Dansguardian be resurrected with the pcre fix.
-
Was wondering if the older version of Dansguardian be resurrected with the pcre fix.
I'ts basically the same gui version. Most work was on pfsense 2.1 dir checks. Pcre and other fixes were done on freebsd ports.
What you have on dansguardian log files?
Did you tried to listen it on only one interface and then nat it to other?
-
whats the path for the log files?
I know the service is running and I get that Web Upload banned page.. so I know its working to some degree. Also some pics (not all) are being blocked on porn sites.. so that is kinda working to some degree as well.
It's working on very few little things that might go unnoticed. Site/URL blocking, weighted phrases..etc is not working. After 3 clean installs and configuration I can confirm this.
-
Log file is /var/log/dansguardian/access.log
Choose dansguarian report type to see more detailed log.
-
Checked the logs. As reported earlier.. logs are all filled with .jpg being blocked from bad sites. No bad sites being blocked.
-
Checked the logs. As reported earlier.. logs are all filled with .jpg being blocked from bad sites. No bad sites being blocked.
I have bad sites blocked in my log files, filter group identification, users as well and exception sites too.
How can I help you????
-
Darn. Dunno what to do. Never faced this issue before.
Are you on a 2.1 amd64 snapshot? How did u install Dans? All I did was install squid3 .. configure all the interfaces for squid (as each interface services a separate subnet) and then install dans and select the usual options that worked on first try.. always.
One thing which I have done differently is I have Squid3 rather than the Squid2. Could that be the issue? Will try to do a clean install again and use Squid2 instead and see if that helps.
BTW, any major difference between Squid 2 & 3 versions?
EDIT:
Confirmed extensions being blocked as well. So there is a definite issue (at least in my cofiguration) that is not blocking bad sites and URLS. -
So, I had a backup config of 2.0 saved which had working settings for Squid2 and Dans. I applied that to a clean new install of 2.1. Upon reboot Dans worked but the response to bad sites was like 5 to 8 secs. So I knew its working on the Phrase weight. I checked in Dans and found no change in what I was doing earlier. But to test I clicked save and boom it killed dans again with the exact same behavior.
For now I am moving back to SquidGuard as I need IPv6 for some RND and Dans is taking too much of my time. Will check on this package in a few months.
Adios!
-
as I need IPv6 for some RND
Dansguardian 2.12 does not have ivp6 support yet.
I have no idea how to reproduce your config, all I can tell is that my config is still running.
BTW, I'll keep doing testes to see if I find/reproduce same limitations/issues you found. -
What I have noticed is that for Sites and URLs .. the "DEFAULT" config does not stick to the "Group" (there is only one group in the list). In the categories list I selected specific categories to ban ..for example costtraps, porn..etc. The selection list is there but the moment you click save it does not apply the settings to the "Group". File extensions download ban works and even Pics ban are working.
You might wanna check and compare the code from the previous working dans version for Site and URL and more importantly the directory paths for the categories list downloaded that need to be applied on the Site and URL tabs.
-
I was tied up in some other stuff but just noticed this got released ;D. I am still early in my testing but I did notice that my code for the /usr/local/www/dansguardian_ldap.php wasn't added. Was that intentional?
marcelloc - I figured out the code for this and was able to get it to synchronize completely (even when the AD group is empty) by just adding a little bit of code to /usr/local/www/dansguardian_ldap.php. Here is the section (towards the end), my addition is in bold:
if (!empty($members)){
$import_users = explode("\n", $members);
asort($import_users);
$members=base64_encode(implode("\n", $import_users));
if($config['installedpackages']['dansguardianusers']['config'][0][strtolower($group['name'])] != $members){
$config['installedpackages']['dansguardianusers']['config'][0][strtolower($group['name'])] = $members;
$apply_config++;
}
}
else {
$config['installedpackages']['dansguardianusers']['config'][0][strtolower($group['name'])] = NULL;
$apply_config++;
}
}
$id++;
}Is that a fix you'd be willing to add to the package? Also I noticed that there is a typo when configuring a group in the Values section. It says "Naughtiness limite" and should be "Naughtiness limit" without the 'e'. Really minor but thought I'd let you know.
Other than that I haven't seen any problems but I am still early in my testing.
-
I did notice that my code for the /usr/local/www/dansguardian_ldap.php wasn't added. Was that intentional?
Sorry, It was not intentinal, I've received some fixes on forum, other in private messages, and most by myself. I just missed yours.
I'll include it ASAP.
-
No worries, I can always copy/paste it in but is more for the benefit of others. Other than that though it looks good so far, great work!
-
No worries, I can always copy/paste it in but is more for the benefit of others. Other than that though it looks good so far, great work!
I've commited on my code, it will be there next time I push the code to github.
Thanks again for your contribution. :)
-
Installs fine now..
For some reason it takes a while before filtering kicks in.
Some issues. Banned sites/urls are not getting filtered. Reboot hasnt helped.
Also how do I fix this.. cant find categories anywhere
Web upload is banned.
Categories:
Web upload
I am having similar issues. I am running pfsense 2.0.2 and just recently updated to Dansguardian 2.12.0.3. There is a particular external website that we maintain. Every time we attempt to save the information we get are denied access because 'Web upload is banned'. At the time that we are updating the information, I can see in the access log that we are attempting a POST. I have verified that I was not limiting the max upload size. I even specified -1 for the value. I verified that the dansguardian.conf file was updating the maxuploadsize value correctly and do not see any issues with the config being applied. I have put the domain name in the URL exception list as a work around, but am looking for a permanent fix to my upload issue. Any help would be appreciated.
-
Maybe it's related to this new feature:
What's new in DansGuardian 2.12.0.3:
October 2nd, 2012· Fixed memory leaks reported by analysis from coverity
· Improved persistent connection for a better RFC compliant implementation, but not yet fully HTTP 1.1
· Minor improvement for debug output
· Applied patch #11 (Maxuploadsize per filtergroup) by fredbmail35I've pushed a fix including web upload check on group as well ldap empty group check.
-
Apologize that I missed this thread - I started a new one on the maxuploadsize topic. See http://forum.pfsense.org/index.php/topic,58442.0.html
As far as I can see, the only fix is to use the 2.12.0.2 executable. The other alternative is that someone with a devel environment could remove "patch 11" and recompile dans 2.12.0.3. The diff for patch 11 is here… http://sourceforge.net/p/dansguardian/patches/11/
Maybe it's related to this new feature:
What's new in DansGuardian 2.12.0.3:
October 2nd, 2012· Fixed memory leaks reported by analysis from coverity
· Improved persistent connection for a better RFC compliant implementation, but not yet fully HTTP 1.1
· Minor improvement for debug output
· Applied patch #11 (Maxuploadsize per filtergroup) by fredbmail35I've pushed a fix including web upload check on group as well ldap empty group check.
-
Did you tried with latest package GUI version? I've included max upload size to group options.
-
I did notice that my code for the /usr/local/www/dansguardian_ldap.php wasn't added. Was that intentional?
Sorry, It was not intentinal, I've received some fixes on forum, other in private messages, and most by myself. I just missed yours.
I'll include it ASAP.
Actually that may be my fault. I looked again and I saw this:
if (empty($members)){ $config['installedpackages']['dansguardianusers']['config'][0][strtolower($group['name'])] = NULL; $apply_config++; }
So I think either you updated it since your last posting or you did include it but just re-worked it a bit (probably for the best). However I do have an optimization. It may be better to do something like this:
if (empty($members)){
if($config['installedpackages']['dansguardianusers']['config'][0][strtolower($group['name'])] != NULL){
$config['installedpackages']['dansguardianusers']['config'][0][strtolower($group['name'])] = NULL;
$apply_config++;
}
}
else{
$import_users = explode("\n", $members);
asort($import_users);
$members=base64_encode(implode("\n", $import_users));
if($config['installedpackages']['dansguardianusers']['config'][0][strtolower($group['name'])] != $members){
$config['installedpackages']['dansguardianusers']['config'][0][strtolower($group['name'])] = $members;
$apply_config++;
}
}
}
$id++;
}
if ($apply_config > 0){
print "user list from LDAP is different from current group, applying new configuration…";
write_config();
include("/usr/local/pkg/dansguardian.inc");
sync_package_dansguardian();
print "done\n";
}
else {
print "user list from LDAP is already the same as current group, no changes made\n";
}#mount filesystem read-only
conf_mount_ro();?>
This way it will only update if the DG groups are not NULL. Additionally I added a little more feedback so if you run on the command line it explicitly tells you it found no changes. What do you think?
-
I have a question on the multi-auth. From my SSO thread you see the integration options I have set. How would I change this to use ntlm, then IP auth, then unauthenticated into the default group. Is this possible?