[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Ajuda com dansguardian

Caros,
Segue abaixo o meu dansguardian.conf:

# comente esta linha para dizer que já o configuramos
#UNCONFIGURED - Please remove this line after configuration

#  3 = usar HTML template para acessos negados
reportinglevel = 3

# Diretório de Linguagens
languagedir = '/etc/dansguardian/languages'

# Linguagem usada:
language = 'portuguese'

#Nível de log 0 = nenhum  1 = somente negado  2 = todos acessados  3 = Todos requisições
loglevel = 3

# 2 = always log & mark exceptions (default)
logexceptionhits = 2

# Formato do log, 1 = Formato default.
logfileformat = 1

# Localização do arquivo de log
loglocation = '/var/log/dansguardian/access.log'

# Ips filtrados individualmente
filterip =

# Porta de escuta do Dansguardian
filterport = 8080

# Ip do proxy, onde está o squid
proxyip = 127.0.0.1

# porta do squid
proxyport = 3128

# url de acesso negado
accessdeniedaddress = 'http://YOURSERVER.YOURDOMAIN/cgi-bin/dansguardian.pl'

# Default is enabled, but to go back to the standard mode, disable it.
nonstandarddelimiter = on

# Usar banner do dansguardian on (default) | off
usecustombannedimage = on
custombannedimagefile = '/usr/share/dansguardian/transparent1x1.gif'

# Quantidade de grupos existente, pode ser criado até 9
filtergroups = 1

# Onde fica o arquivo onde são atribuídos os grupos aos usuários ou ips.
# agora podemos também atribuir faixas de ips
filtergroupslist = '/etc/dansguardian/lists/filtergroupslist'

# Ips sem acesso
bannediplist = '/etc/dansguardian/lists/bannediplist'
# Ips com acesso total
exceptioniplist = '/etc/dansguardian/lists/exceptioniplist'

# high enough, reported. on | off
showweightedfound = on

# 2 = on, singular = each weighted phrase found only counts once on a page.
weightedphrasemode = 2

urlcachenumber = 1000
urlcacheage = 900
scancleancache = on

# 2 = both of the above (default)
phrasefiltermode = 2

# 0 = force lower case (default)
preservecase = 0

# off = disabled (default)
# on = enabled
hexdecodecontent = off

# off (default) | on (Big5 compatible)
forcequicksearch = off

# bannedsitelist file instead.
reverseaddresslookups = off

# leave it off.
reverseclientiplookups = off

# is, enabling this option does not incur any additional forward DNS requests.
logclienthostnames = off

# be significant.  Fast computers do not need this option. on | off
createlistcachefiles = on

# use -1 for no blocking
#maxuploadsize = 512
#maxuploadsize = 0
maxuploadsize = -1

# The size is in Kibibytes - eg 2048 = 2Mb
# use 0 to set it to maxcontentramcachescansize
maxcontentfiltersize = 256

# use 0 to set it to maxcontentfilecachescansize
# This option may be ignored by the configured download manager.
maxcontentramcachescansize = 2000

# The size is in Kibibytes - eg 10240 = 10Mb
maxcontentfilecachescansize = 20000

# RAM cache.
filecachedir = '/tmp'

# on|off (defaults to on)
deletedownloadedtempfiles = on

# This may be ignored by the configured download manager.
initialtrickledelay = 20

# This may be ignored by the configured download manager.
trickledelay = 10

# Controle dobre gerenciador de Downloads
downloadmanager = '/etc/dansguardian/downloadmanagers/fancy.conf'
downloadmanager = '/etc/dansguardian/downloadmanagers/default.conf'

# The default of 60 seconds is probably reasonable.
contentscannertimeout = 60

# (on|off) default = off
contentscanexceptions = off

# Este plugin deve ser habilitado para aparecer os usuários no log do Dansguardian
authplugin = '/etc/dansguardian/authplugins/proxy-basic.conf'


# Defaults to off.
recheckreplacedurls = off

# Importante, deve ser habilitado para repassar os ips clientes ao squid.
forwardedfor = on

# Warning - headers are easily spoofed. on | off
usexforwardedfor = off

# it on or off
logconnectionhandlingerrors = on

# useful in production.
logchildprocesshandling = off

# On large sites you might want to try 180.
maxchildren = 120

# On large sites you might want to try 32.
minchildren = 8

# sets the minimum number of processes to be kept ready to handle connections.
# On large sites you might want to try 8.
minsparechildren = 4

# sets the minimum number of processes to spawn when it runs out
# On large sites you might want to try 10.
preforkchildren = 6

# sets the maximum number of processes to have doing nothing.
# When this many are spare it will cull some of them.
# On large sites you might want to try 64.
maxsparechildren = 32

# On large sites you might want to try 10000.
maxagechildren = 500

# browse the web. Set to 0 for no limit, and to disable the IP cache process.
maxips = 0

# Defines IPC server directory and filename used to communicate with the log process.
ipcfilename = '/tmp/.dguardianipc'

# Defines URL list IPC server directory and filename used to communicate with the URL
# cache process.
urlipcfilename = '/tmp/.dguardianurlipc'

# Defines IP list IPC server directory and filename, for communicating with the client
# IP cache process.
ipipcfilename = '/tmp/.dguardianipipc'

# on|off (defaults to off)
nodaemon = off

# Disable logging process
# on|off (defaults to off)
nologger = off

# Enable logging of "ADs" category blocks
# on|off (defaults to off)
logadblocks = off

# Enable logging of client User-Agent
# Some browsers will cause a *lot* of extra information on each line!
# on|off (defaults to off)
loguseragent = off

# on|off (defaults to off)
softrestart = off

# Mail program
# Path (sendmail-compatible) email program, with options.
# Not used if usesmtp is disabled (filtergroup specific).
mailer = '/usr/sbin/sendmail -t'

Att.

Leandro Moreira.

2009/11/19 Marcelo <msalavee@gmail.com>
Leanddro,

posta o seu dansguardian.conf


Abraços,
Marcelo

Leandro Moreira wrote:
> Caros,
> A minha rede tem a seguinte topologia
>
> # --------- #        # -------------- #          # -------------------- #
> #  LAN   # ----> #  FW DMZ #  -----> #  FW BORDA  #
> # --------- #        # --------------- #         # -------------------- #
>                                |
>                                |
>              # --------------------------------------- #
>              #  PROXY/DANSGUARDIAN #
>              # --------------------------------------- #
>
> Instalei e configurei o dansguardian, ao set-lo manualmente no
> navegador, funciona sem problemas. Entao criei um NAT no firewall de
> borda para enviar todas as requisições da porta 80 para o servidor com
> o dansguardian:
>
> iptables -t nat -A PREROUTING -i ! eth0 -s ! 172.20.0.30 -p tcp -m
> multiport --dport 80 -j DNAT --to-destination 172.20.0.30:8080
> <http://172.20.0.30:8080>
>
> Ao ativar o nat a internet simplesmente para, entao fiz o mesmo nat
> para o proxy que se encontra na mesma maquina e funcionou normalmente.
> Ainda estou com o dansguardian basicao apenas com as blacklist padrões
> dele, o que mais me intriga é que ao redirecionar o NAT acima pro
> squid a navegação ficou norma.
> Alguém ja passou por esse tipo de problemas, agradeço desde ja ajuda.
>
> PS.: 1- Não é problema de hardware, pois o servidor é um poweredge com
> placa gigabit.
>         2- Já discuti com o gerente de "projeto" pois queria fazer
> essa solução usando bridge e ele não aprovou.
>
> Att.
>
> --
> Leandro Moreira
> Linux Administrator: LPIC-1
> e-mail/msn: leandro@leandromoreira.eti.br
> <mailto:leandro@leandromoreira.eti.br>
> Tel.: + 55(32) 9906-5713



--
Leandro Moreira
Linux Administrator: LPIC-1
e-mail/msn: leandro@leandromoreira.eti.br
Tel.: + 55(32) 9906-5713
Reply to: