diff -Nur smeserver-dansguardian-panel-2.11-old/root/etc/e-smith/templates/etc/dansguardian/dansguardian.conf/010header smeserver-dansguardian-panel-2.11/root/etc/e-smith/templates/etc/dansguardian/dansguardian.conf/010header --- smeserver-dansguardian-panel-2.11-old/root/etc/e-smith/templates/etc/dansguardian/dansguardian.conf/010header 1969-12-31 19:00:00.000000000 -0500 +++ smeserver-dansguardian-panel-2.11/root/etc/e-smith/templates/etc/dansguardian/dansguardian.conf/010header 2016-05-26 03:19:40.604000000 -0400 @@ -0,0 +1,11 @@ +# DansGuardian config file for version 2.10.1.1 + +# **NOTE** as of version 2.7.5 most of the list files are now in dansguardianf1.conf +{ + use esmith::config; + use esmith::db; + our %conf; + tie %conf, 'esmith::config'; + our %dungog; + tie %dungog, 'esmith::config', '/home/e-smith/db/dungog'; +} diff -Nur smeserver-dansguardian-panel-2.11-old/root/etc/e-smith/templates/etc/dansguardian/dansguardian.conf/015reportinglevel smeserver-dansguardian-panel-2.11/root/etc/e-smith/templates/etc/dansguardian/dansguardian.conf/015reportinglevel --- smeserver-dansguardian-panel-2.11-old/root/etc/e-smith/templates/etc/dansguardian/dansguardian.conf/015reportinglevel 1969-12-31 19:00:00.000000000 -0500 +++ smeserver-dansguardian-panel-2.11/root/etc/e-smith/templates/etc/dansguardian/dansguardian.conf/015reportinglevel 2016-05-26 03:47:07.122000000 -0400 @@ -0,0 +1,12 @@ +# Web Access Denied Reporting (does not affect logging) +# +# -1 = log, but do not block - Stealth mode +# 0 = just say 'Access Denied' +# 1 = report why but not what denied phrase +# 2 = report fully +# 3 = use HTML template file (accessdeniedaddress ignored) - recommended +# +{ + my $reportinglevel = db_get_prop(\%dungog, 'dansguardian', "reportinglevel") || '1'; + $OUT = "reportinglevel = $reportinglevel\n"; +} diff -Nur smeserver-dansguardian-panel-2.11-old/root/etc/e-smith/templates/etc/dansguardian/dansguardian.conf/020languagedir smeserver-dansguardian-panel-2.11/root/etc/e-smith/templates/etc/dansguardian/dansguardian.conf/020languagedir --- smeserver-dansguardian-panel-2.11-old/root/etc/e-smith/templates/etc/dansguardian/dansguardian.conf/020languagedir 1969-12-31 19:00:00.000000000 -0500 +++ smeserver-dansguardian-panel-2.11/root/etc/e-smith/templates/etc/dansguardian/dansguardian.conf/020languagedir 2016-05-25 13:14:48.000000000 -0400 @@ -0,0 +1,9 @@ +# Language dir where languages are stored for internationalisation. +# The HTML template within this dir is only used when reportinglevel +# is set to 3. When used, DansGuardian will display the HTML file instead of +# using the perl cgi script. This option is faster, cleaner +# and easier to customise the access denied page. +# The language file is used no matter what setting however. +# +languagedir = '/usr/share/dansguardian/languages' + diff -Nur smeserver-dansguardian-panel-2.11-old/root/etc/e-smith/templates/etc/dansguardian/dansguardian.conf/025language smeserver-dansguardian-panel-2.11/root/etc/e-smith/templates/etc/dansguardian/dansguardian.conf/025language --- smeserver-dansguardian-panel-2.11-old/root/etc/e-smith/templates/etc/dansguardian/dansguardian.conf/025language 1969-12-31 19:00:00.000000000 -0500 +++ smeserver-dansguardian-panel-2.11/root/etc/e-smith/templates/etc/dansguardian/dansguardian.conf/025language 2016-05-26 04:21:50.518000000 -0400 @@ -0,0 +1,11 @@ +# language to use from languagedir. +language = 'ukenglish' +{ + my $language = db_get_prop(\%dungog, 'dansguardian', "language") || 'ukenglish'; + $OUT = "language = '$language'\n"; + if (-e "/etc/dansguardian/languages/$language/templatef0.html") + { + $OUT .= "htmltemplate = templatef0.html\n"; + } +} + diff -Nur smeserver-dansguardian-panel-2.11-old/root/etc/e-smith/templates/etc/dansguardian/dansguardian.conf/030loggingsettings smeserver-dansguardian-panel-2.11/root/etc/e-smith/templates/etc/dansguardian/dansguardian.conf/030loggingsettings --- smeserver-dansguardian-panel-2.11-old/root/etc/e-smith/templates/etc/dansguardian/dansguardian.conf/030loggingsettings 1969-12-31 19:00:00.000000000 -0500 +++ smeserver-dansguardian-panel-2.11/root/etc/e-smith/templates/etc/dansguardian/dansguardian.conf/030loggingsettings 2016-05-26 04:16:59.629000000 -0400 @@ -0,0 +1,55 @@ +# Logging Settings +# +# 0 = none 1 = just denied 2 = all text based 3 = all requests +{ + my $loglevel = db_get_prop(\%dungog, 'dansguardian', "loglevel") || '2'; + $OUT = "loglevel = $loglevel\n"; +} + +# Log Exception Hits +# Log if an exception (user, ip, URL, phrase) is matched and so +# the page gets let through. Can be useful for diagnosing +# why a site gets through the filter. +# 0 = never log exceptions +# 1 = log exceptions, but do not explicitly mark them as such +# 2 = always log & mark exceptions (default) +logexceptionhits = 2 + +# Log File Format +# 1 = DansGuardian format (space delimited) +# 2 = CSV-style format +# 3 = Squid Log File Format +# 4 = Tab delimited +{ + my $logfileformat = db_get_prop(\%dungog, 'dansguardian', "logfileformat") || '3'; + $OUT = "logfileformat = $logfileformat\n"; +} + +# truncate large items in log lines +#maxlogitemlength = 400 + +# anonymize logs (blank out usernames & IPs) +#anonymizelogs = on + + +# Syslog logging +# +# Use syslog for access logging instead of logging to the file +# at the defined or built-in "loglocation" +#syslog = on + +# Log file location +# +# Defines the log directory and filename. +#loglocation = '/var/log/dansguardian/access.log' + + +# Statistics log file location +# +# Defines the stat file directory and filename. +# Only used in conjunction with maxips > 0 +# Once every 3 minutes, the current number of IPs in the cache, and the most +# that have been in the cache since the daemon was started, are written to this +# file. IPs persist in the cache for 7 days. +#statlocation = '/var/log/dansguardian/stats' + diff -Nur smeserver-dansguardian-panel-2.11-old/root/etc/e-smith/templates/etc/dansguardian/dansguardian.conf/035networksettings smeserver-dansguardian-panel-2.11/root/etc/e-smith/templates/etc/dansguardian/dansguardian.conf/035networksettings --- smeserver-dansguardian-panel-2.11-old/root/etc/e-smith/templates/etc/dansguardian/dansguardian.conf/035networksettings 1969-12-31 19:00:00.000000000 -0500 +++ smeserver-dansguardian-panel-2.11/root/etc/e-smith/templates/etc/dansguardian/dansguardian.conf/035networksettings 2016-05-25 13:14:48.000000000 -0400 @@ -0,0 +1,9 @@ +# Network Settings +# +# the IP that DansGuardian listens on. If left blank DansGuardian will +# listen on all IPs. That would include all NICs, loopback, modem, etc. +# Normally you would have your firewall protecting this, but if you want +# you can limit it to a certain IP. To bind to multiple interfaces, +# specify each IP on an individual filterip line. +filterip = + diff -Nur smeserver-dansguardian-panel-2.11-old/root/etc/e-smith/templates/etc/dansguardian/dansguardian.conf/040listenport smeserver-dansguardian-panel-2.11/root/etc/e-smith/templates/etc/dansguardian/dansguardian.conf/040listenport --- smeserver-dansguardian-panel-2.11-old/root/etc/e-smith/templates/etc/dansguardian/dansguardian.conf/040listenport 1969-12-31 19:00:00.000000000 -0500 +++ smeserver-dansguardian-panel-2.11/root/etc/e-smith/templates/etc/dansguardian/dansguardian.conf/040listenport 2016-05-26 03:21:16.515000000 -0400 @@ -0,0 +1,6 @@ +# the port that DansGuardian listens to. +{ + my $port = db_get_prop(\%dungog, 'dansguardian', 'port') || '8080'; + $OUT = "filterport = $port\n"; +} + diff -Nur smeserver-dansguardian-panel-2.11-old/root/etc/e-smith/templates/etc/dansguardian/dansguardian.conf/045proxyloop smeserver-dansguardian-panel-2.11/root/etc/e-smith/templates/etc/dansguardian/dansguardian.conf/045proxyloop --- smeserver-dansguardian-panel-2.11-old/root/etc/e-smith/templates/etc/dansguardian/dansguardian.conf/045proxyloop 1969-12-31 19:00:00.000000000 -0500 +++ smeserver-dansguardian-panel-2.11/root/etc/e-smith/templates/etc/dansguardian/dansguardian.conf/045proxyloop 2016-05-25 13:14:48.000000000 -0400 @@ -0,0 +1,6 @@ +# the ip of the proxy (default is the loopback - i.e. this server) +proxyip = 127.0.0.1 + +# the port DansGuardian connects to proxy on +proxyport = 3128 + diff -Nur smeserver-dansguardian-panel-2.11-old/root/etc/e-smith/templates/etc/dansguardian/dansguardian.conf/050dnscachenote smeserver-dansguardian-panel-2.11/root/etc/e-smith/templates/etc/dansguardian/dansguardian.conf/050dnscachenote --- smeserver-dansguardian-panel-2.11-old/root/etc/e-smith/templates/etc/dansguardian/dansguardian.conf/050dnscachenote 1969-12-31 19:00:00.000000000 -0500 +++ smeserver-dansguardian-panel-2.11/root/etc/e-smith/templates/etc/dansguardian/dansguardian.conf/050dnscachenote 2016-05-25 13:14:48.000000000 -0400 @@ -0,0 +1,14 @@ +# Whether to retrieve the original destination IP in transparent proxy +# setups and check it againt the domain pulled from the HTTP headers. +# +# Be aware that when visiting sites which use a certain type of round-robin +# DNS for load balancing, DG may mark requests as invalid unless DG gets +# exactly the same answers to its DNS requests as clients. The chances of +# this happening can be increased if all clients and servers on the same LAN +# make use of a local, caching DNS server instead of using upstream DNS +# directly. +# +# See http://www.kb.cert.org/vuls/id/435052 +# on (default) | off +#!! Not compiled !! originalip = on + diff -Nur smeserver-dansguardian-panel-2.11-old/root/etc/e-smith/templates/etc/dansguardian/dansguardian.conf/055accessdeniedaddress smeserver-dansguardian-panel-2.11/root/etc/e-smith/templates/etc/dansguardian/dansguardian.conf/055accessdeniedaddress --- smeserver-dansguardian-panel-2.11-old/root/etc/e-smith/templates/etc/dansguardian/dansguardian.conf/055accessdeniedaddress 1969-12-31 19:00:00.000000000 -0500 +++ smeserver-dansguardian-panel-2.11/root/etc/e-smith/templates/etc/dansguardian/dansguardian.conf/055accessdeniedaddress 2016-05-26 03:26:36.775000000 -0400 @@ -0,0 +1,24 @@ +# accessdeniedaddress is the address of your web server to which the cgi +# dansguardian reporting script was copied. Only used in reporting levels 1 and 2. +# +# This webserver must be either: +# 1. Non-proxied. Either a machine on the local network, or listed as an exception +# in your browser's proxy configuration. +# 2. Added to the exceptionsitelist. Option 1 is preferable; this option is +# only for users using both transparent proxying and a non-local server +# to host this script. +# +# Individual filter groups can override this setting in their own configuration. +# +{ + my $deniedurl = db_get_prop(\%dungog, 'dansguardian', "deniedurl") || ''; + if ($deniedurl ne '') + { + $OUT = "accessdeniedaddress = 'http://$deniedurl'\n"; + } + else + { + my $wsn = db_get_prop(\%dungog, 'dansguardian', "wsn") || ${'DomainName'}; + $OUT = "accessdeniedaddress = 'http://$wsn/cgi-bin/dansguardian.pl'\n"; + } +} \ No newline at end of file diff -Nur smeserver-dansguardian-panel-2.11-old/root/etc/e-smith/templates/etc/dansguardian/dansguardian.conf/060nonstandarddelimiter smeserver-dansguardian-panel-2.11/root/etc/e-smith/templates/etc/dansguardian/dansguardian.conf/060nonstandarddelimiter --- smeserver-dansguardian-panel-2.11-old/root/etc/e-smith/templates/etc/dansguardian/dansguardian.conf/060nonstandarddelimiter 1969-12-31 19:00:00.000000000 -0500 +++ smeserver-dansguardian-panel-2.11/root/etc/e-smith/templates/etc/dansguardian/dansguardian.conf/060nonstandarddelimiter 2016-05-25 13:14:48.000000000 -0400 @@ -0,0 +1,9 @@ +# Non standard delimiter (only used with accessdeniedaddress) +# To help preserve the full banned URL, including parameters, the variables +# passed into the access denied CGI are separated using non-standard +# delimiters. This can be useful to ensure correct operation of the filter +# bypass modes. Parameters are split using "::" in place of "&", and "==" in +# place of "=". +# Default is enabled, but to go back to the standard mode, disable it. +nonstandarddelimiter = on + diff -Nur smeserver-dansguardian-panel-2.11-old/root/etc/e-smith/templates/etc/dansguardian/dansguardian.conf/065bannedimagereplace smeserver-dansguardian-panel-2.11/root/etc/e-smith/templates/etc/dansguardian/dansguardian.conf/065bannedimagereplace --- smeserver-dansguardian-panel-2.11-old/root/etc/e-smith/templates/etc/dansguardian/dansguardian.conf/065bannedimagereplace 1969-12-31 19:00:00.000000000 -0500 +++ smeserver-dansguardian-panel-2.11/root/etc/e-smith/templates/etc/dansguardian/dansguardian.conf/065bannedimagereplace 2016-05-25 13:14:48.000000000 -0400 @@ -0,0 +1,9 @@ +# Banned image replacement +# Images that are banned due to domain/url/etc reasons including those +# in the adverts blacklists can be replaced by an image. This will, +# for example, hide images from advert sites and remove broken image +# icons from banned domains. +# on (default) | off +usecustombannedimage = on +custombannedimagefile = '/usr/share/dansguardian/transparent1x1.gif' + diff -Nur smeserver-dansguardian-panel-2.11-old/root/etc/e-smith/templates/etc/dansguardian/dansguardian.conf/070filtergroups smeserver-dansguardian-panel-2.11/root/etc/e-smith/templates/etc/dansguardian/dansguardian.conf/070filtergroups --- smeserver-dansguardian-panel-2.11-old/root/etc/e-smith/templates/etc/dansguardian/dansguardian.conf/070filtergroups 1969-12-31 19:00:00.000000000 -0500 +++ smeserver-dansguardian-panel-2.11/root/etc/e-smith/templates/etc/dansguardian/dansguardian.conf/070filtergroups 2016-05-26 03:28:57.490000000 -0400 @@ -0,0 +1,15 @@ +# Filter groups options +# filtergroups sets the number of filter groups. A filter group is a set of content +# filtering options you can apply to a group of users. The value must be 1 or more. +# DansGuardian will automatically look for dansguardianfN.conf where N is the filter +# group. To assign users to groups use the filtergroupslist option. All users default +# to filter group 1. You must have some sort of authentication to be able to map users +# to a group. The more filter groups the more copies of the lists will be in RAM so +# use as few as possible. +{ + #from filtergroupslist/30records template + my $fn = db_get_prop(\%dungog, 'dansguardian', "fn") || '1'; + $OUT = "filtergroups = $fn\n"; +} +filtergroupslist = '/etc/dansguardian/lists/filtergroupslist' + diff -Nur smeserver-dansguardian-panel-2.11-old/root/etc/e-smith/templates/etc/dansguardian/dansguardian.conf/075authfileloation smeserver-dansguardian-panel-2.11/root/etc/e-smith/templates/etc/dansguardian/dansguardian.conf/075authfileloation --- smeserver-dansguardian-panel-2.11-old/root/etc/e-smith/templates/etc/dansguardian/dansguardian.conf/075authfileloation 1969-12-31 19:00:00.000000000 -0500 +++ smeserver-dansguardian-panel-2.11/root/etc/e-smith/templates/etc/dansguardian/dansguardian.conf/075authfileloation 2016-05-25 13:14:48.000000000 -0400 @@ -0,0 +1,4 @@ +# Authentication files location +bannediplist = '/etc/dansguardian/lists/bannediplist' +exceptioniplist = '/etc/dansguardian/lists/exceptioniplist' + diff -Nur smeserver-dansguardian-panel-2.11-old/root/etc/e-smith/templates/etc/dansguardian/dansguardian.conf/080showweightphrase smeserver-dansguardian-panel-2.11/root/etc/e-smith/templates/etc/dansguardian/dansguardian.conf/080showweightphrase --- smeserver-dansguardian-panel-2.11-old/root/etc/e-smith/templates/etc/dansguardian/dansguardian.conf/080showweightphrase 1969-12-31 19:00:00.000000000 -0500 +++ smeserver-dansguardian-panel-2.11/root/etc/e-smith/templates/etc/dansguardian/dansguardian.conf/080showweightphrase 2016-05-25 13:14:48.000000000 -0400 @@ -0,0 +1,6 @@ +# Show weighted phrases found +# If enabled then the phrases found that made up the total which excedes +# the naughtyness limit will be logged and, if the reporting level is +# high enough, reported. on | off +showweightedfound = on + diff -Nur smeserver-dansguardian-panel-2.11-old/root/etc/e-smith/templates/etc/dansguardian/dansguardian.conf/085weightedphrasemode smeserver-dansguardian-panel-2.11/root/etc/e-smith/templates/etc/dansguardian/dansguardian.conf/085weightedphrasemode --- smeserver-dansguardian-panel-2.11-old/root/etc/e-smith/templates/etc/dansguardian/dansguardian.conf/085weightedphrasemode 1969-12-31 19:00:00.000000000 -0500 +++ smeserver-dansguardian-panel-2.11/root/etc/e-smith/templates/etc/dansguardian/dansguardian.conf/085weightedphrasemode 2016-05-25 13:14:48.000000000 -0400 @@ -0,0 +1,8 @@ +# Weighted phrase mode +# There are 3 possible modes of operation: +# 0 = off = do not use the weighted phrase feature. +# 1 = on, normal = normal weighted phrase operation. +# 2 = on, singular = each weighted phrase found only counts once on a page. +# +weightedphrasemode = 2 + diff -Nur smeserver-dansguardian-panel-2.11-old/root/etc/e-smith/templates/etc/dansguardian/dansguardian.conf/090urlcacheage smeserver-dansguardian-panel-2.11/root/etc/e-smith/templates/etc/dansguardian/dansguardian.conf/090urlcacheage --- smeserver-dansguardian-panel-2.11-old/root/etc/e-smith/templates/etc/dansguardian/dansguardian.conf/090urlcacheage 1969-12-31 19:00:00.000000000 -0500 +++ smeserver-dansguardian-panel-2.11/root/etc/e-smith/templates/etc/dansguardian/dansguardian.conf/090urlcacheage 2016-05-25 13:14:48.000000000 -0400 @@ -0,0 +1,14 @@ +#Positive (clean) result caching for URLs +# Caches good pages so they don't need to be scanned again. +# It also works with AV plugins. +# 0 = off (recommended for ISPs with users with disimilar browsing) +# 1000 = recommended for most users +# 5000 = suggested max upper limit +# If you're using an AV plugin then use at least 5000. +urlcachenumber = 1000 +# +# Age before they are stale and should be ignored in seconds +# 0 = never +# 900 = recommended = 15 mins +urlcacheage = 900 + diff -Nur smeserver-dansguardian-panel-2.11-old/root/etc/e-smith/templates/etc/dansguardian/dansguardian.conf/095scancleancache smeserver-dansguardian-panel-2.11/root/etc/e-smith/templates/etc/dansguardian/dansguardian.conf/095scancleancache --- smeserver-dansguardian-panel-2.11-old/root/etc/e-smith/templates/etc/dansguardian/dansguardian.conf/095scancleancache 1969-12-31 19:00:00.000000000 -0500 +++ smeserver-dansguardian-panel-2.11/root/etc/e-smith/templates/etc/dansguardian/dansguardian.conf/095scancleancache 2016-05-25 13:14:48.000000000 -0400 @@ -0,0 +1,8 @@ +# Clean cache for content (AV) scan results +# By default, to save CPU, files scanned and found to be +# clean are inserted into the clean cache and NOT scanned +# again for a while. If you don't like this then choose +# to disable it. +# (on|off) default = on. +scancleancache = on + diff -Nur smeserver-dansguardian-panel-2.11-old/root/etc/e-smith/templates/etc/dansguardian/dansguardian.conf/100phrasefiltermode smeserver-dansguardian-panel-2.11/root/etc/e-smith/templates/etc/dansguardian/dansguardian.conf/100phrasefiltermode --- smeserver-dansguardian-panel-2.11-old/root/etc/e-smith/templates/etc/dansguardian/dansguardian.conf/100phrasefiltermode 1969-12-31 19:00:00.000000000 -0500 +++ smeserver-dansguardian-panel-2.11/root/etc/e-smith/templates/etc/dansguardian/dansguardian.conf/100phrasefiltermode 2016-05-25 13:14:48.000000000 -0400 @@ -0,0 +1,11 @@ +# Smart, Raw and Meta/Title phrase content filtering options +# Smart is where the multiple spaces and HTML are removed before phrase filtering +# Raw is where the raw HTML including meta tags are phrase filtered +# Meta/Title is where only meta and title tags are phrase filtered (v. quick) +# CPU usage can be effectively halved by using setting 0 or 1 compared to 2 +# 0 = raw only +# 1 = smart only +# 2 = both of the above (default) +# 3 = meta/title +phrasefiltermode = 2 + diff -Nur smeserver-dansguardian-panel-2.11-old/root/etc/e-smith/templates/etc/dansguardian/dansguardian.conf/110lowercasing smeserver-dansguardian-panel-2.11/root/etc/e-smith/templates/etc/dansguardian/dansguardian.conf/110lowercasing --- smeserver-dansguardian-panel-2.11-old/root/etc/e-smith/templates/etc/dansguardian/dansguardian.conf/110lowercasing 1969-12-31 19:00:00.000000000 -0500 +++ smeserver-dansguardian-panel-2.11/root/etc/e-smith/templates/etc/dansguardian/dansguardian.conf/110lowercasing 2016-05-25 13:14:48.000000000 -0400 @@ -0,0 +1,18 @@ +# Lower casing options +# When a document is scanned the uppercase letters are converted to lower case +# in order to compare them with the phrases. However this can break Big5 and +# other 16-bit texts. If needed preserve the case. As of version 2.7.0 accented +# characters are supported. +# 0 = force lower case (default) +# 1 = do not change case +# 2 = scan first in lower case, then in original case +preservecase = 0 + +# Note: +# If phrasefiltermode and preserve case are both 2, this equates to 4 phrase +# filtering passes. If you have a large enough userbase for this to be a +# worry, and need to filter pages in exotic character encodings, it may be +# better to run two instances on separate servers: one with preservecase 1 +# (and possibly forcequicksearch 1) and non ASCII/UTF-8 phrase lists, and one +# with preservecase 0 and ASCII/UTF-8 lists. + diff -Nur smeserver-dansguardian-panel-2.11-old/root/etc/e-smith/templates/etc/dansguardian/dansguardian.conf/115hexdecoding smeserver-dansguardian-panel-2.11/root/etc/e-smith/templates/etc/dansguardian/dansguardian.conf/115hexdecoding --- smeserver-dansguardian-panel-2.11-old/root/etc/e-smith/templates/etc/dansguardian/dansguardian.conf/115hexdecoding 1969-12-31 19:00:00.000000000 -0500 +++ smeserver-dansguardian-panel-2.11/root/etc/e-smith/templates/etc/dansguardian/dansguardian.conf/115hexdecoding 2016-05-25 13:14:48.000000000 -0400 @@ -0,0 +1,8 @@ +# Hex decoding options +# When a document is scanned it can optionally convert %XX to chars. +# If you find documents are getting past the phrase filtering due to encoding +# then enable. However this can break Big5 and other 16-bit texts. +# off = disabled (default) +# on = enabled +hexdecodecontent = off + diff -Nur smeserver-dansguardian-panel-2.11-old/root/etc/e-smith/templates/etc/dansguardian/dansguardian.conf/120forcequicksearch smeserver-dansguardian-panel-2.11/root/etc/e-smith/templates/etc/dansguardian/dansguardian.conf/120forcequicksearch --- smeserver-dansguardian-panel-2.11-old/root/etc/e-smith/templates/etc/dansguardian/dansguardian.conf/120forcequicksearch 1969-12-31 19:00:00.000000000 -0500 +++ smeserver-dansguardian-panel-2.11/root/etc/e-smith/templates/etc/dansguardian/dansguardian.conf/120forcequicksearch 2016-05-25 13:14:48.000000000 -0400 @@ -0,0 +1,8 @@ +# Force Quick Search rather than DFA search algorithm +# The current DFA implementation is not totally 16-bit character compatible +# but is used by default as it handles large phrase lists much faster. +# If you wish to use a large number of 16-bit character phrases then +# enable this option. +# off (default) | on (Big5 compatible) +forcequicksearch = off + diff -Nur smeserver-dansguardian-panel-2.11-old/root/etc/e-smith/templates/etc/dansguardian/dansguardian.conf/125reverseaddrlook smeserver-dansguardian-panel-2.11/root/etc/e-smith/templates/etc/dansguardian/dansguardian.conf/125reverseaddrlook --- smeserver-dansguardian-panel-2.11-old/root/etc/e-smith/templates/etc/dansguardian/dansguardian.conf/125reverseaddrlook 1969-12-31 19:00:00.000000000 -0500 +++ smeserver-dansguardian-panel-2.11/root/etc/e-smith/templates/etc/dansguardian/dansguardian.conf/125reverseaddrlook 2016-05-25 13:14:48.000000000 -0400 @@ -0,0 +1,9 @@ +# Reverse lookups for banned site and URLs. +# If set to on, DansGuardian will look up the forward DNS for an IP URL +# address and search for both in the banned site and URL lists. This would +# prevent a user from simply entering the IP for a banned address. +# It will reduce searching speed somewhat so unless you have a local caching +# DNS server, leave it off and use the Blanket IP Block option in the +# bannedsitelist file instead. +reverseaddresslookups = off + diff -Nur smeserver-dansguardian-panel-2.11-old/root/etc/e-smith/templates/etc/dansguardian/dansguardian.conf/130reverseaddrip smeserver-dansguardian-panel-2.11/root/etc/e-smith/templates/etc/dansguardian/dansguardian.conf/130reverseaddrip --- smeserver-dansguardian-panel-2.11-old/root/etc/e-smith/templates/etc/dansguardian/dansguardian.conf/130reverseaddrip 1969-12-31 19:00:00.000000000 -0500 +++ smeserver-dansguardian-panel-2.11/root/etc/e-smith/templates/etc/dansguardian/dansguardian.conf/130reverseaddrip 2016-05-25 13:14:48.000000000 -0400 @@ -0,0 +1,11 @@ +# Reverse lookups for banned and exception IP lists. +# If set to on, DansGuardian will look up the forward DNS for the IP +# of the connecting computer. This means you can put in hostnames in +# the exceptioniplist and bannediplist. +# If a client computer is matched against an IP given in the lists, then the +# IP will be recorded in any log entries; if forward DNS is successful and a +# match occurs against a hostname, the hostname will be logged instead. +# It will reduce searching speed somewhat so unless you have a local DNS server, +# leave it off. +reverseclientiplookups = off + diff -Nur smeserver-dansguardian-panel-2.11-old/root/etc/e-smith/templates/etc/dansguardian/dansguardian.conf/135logclienthost smeserver-dansguardian-panel-2.11/root/etc/e-smith/templates/etc/dansguardian/dansguardian.conf/135logclienthost --- smeserver-dansguardian-panel-2.11-old/root/etc/e-smith/templates/etc/dansguardian/dansguardian.conf/135logclienthost 1969-12-31 19:00:00.000000000 -0500 +++ smeserver-dansguardian-panel-2.11/root/etc/e-smith/templates/etc/dansguardian/dansguardian.conf/135logclienthost 2016-05-25 13:14:48.000000000 -0400 @@ -0,0 +1,8 @@ +# Perform reverse lookups on client IPs for successful requests. +# If set to on, DansGuardian will look up the forward DNS for the IP +# of the connecting computer, and log host names (where available) rather than +# IPs against requests. +# This is not dependent on reverseclientiplookups being enabled; however, if it +# is, enabling this option does not incur any additional forward DNS requests. +logclienthostnames = off + diff -Nur smeserver-dansguardian-panel-2.11-old/root/etc/e-smith/templates/etc/dansguardian/dansguardian.conf/140bansiteurl smeserver-dansguardian-panel-2.11/root/etc/e-smith/templates/etc/dansguardian/dansguardian.conf/140bansiteurl --- smeserver-dansguardian-panel-2.11-old/root/etc/e-smith/templates/etc/dansguardian/dansguardian.conf/140bansiteurl 1969-12-31 19:00:00.000000000 -0500 +++ smeserver-dansguardian-panel-2.11/root/etc/e-smith/templates/etc/dansguardian/dansguardian.conf/140bansiteurl 2016-05-25 13:14:48.000000000 -0400 @@ -0,0 +1,8 @@ +# Build bannedsitelist and bannedurllist cache files. +# This will compare the date stamp of the list file with the date stamp of +# the cache file and will recreate as needed. +# If a bsl or bul .processed file exists, then that will be used instead. +# It will increase process start speed by 300%. On slow computers this will +# be significant. Fast computers do not need this option. on | off +createlistcachefiles = on + diff -Nur smeserver-dansguardian-panel-2.11-old/root/etc/e-smith/templates/etc/dansguardian/dansguardian.conf/145maxupsize smeserver-dansguardian-panel-2.11/root/etc/e-smith/templates/etc/dansguardian/dansguardian.conf/145maxupsize --- smeserver-dansguardian-panel-2.11-old/root/etc/e-smith/templates/etc/dansguardian/dansguardian.conf/145maxupsize 1969-12-31 19:00:00.000000000 -0500 +++ smeserver-dansguardian-panel-2.11/root/etc/e-smith/templates/etc/dansguardian/dansguardian.conf/145maxupsize 2016-05-26 03:26:08.080000000 -0400 @@ -0,0 +1,14 @@ +# POST protection (web upload and forms) +# does not block forms without any file upload, i.e. this is just for +# blocking or limiting uploads +# measured in kibibytes after MIME encoding and header bumph +# use 0 for a complete block +# use higher (e.g. 512 = 512Kbytes) for limiting +# use -1 for no blocking +#maxuploadsize = 512 +#maxuploadsize = 0 +{ + my $maxuploadsize = db_get_prop(\%dungog, 'dansguardian', "maxuploadsize") || '-1'; + if ($maxuploadsize eq 'block') {$maxuploadsize = '0';} + $OUT = "maxuploadsize = $maxuploadsize\n"; +} diff -Nur smeserver-dansguardian-panel-2.11-old/root/etc/e-smith/templates/etc/dansguardian/dansguardian.conf/150maxcontentfilesize smeserver-dansguardian-panel-2.11/root/etc/e-smith/templates/etc/dansguardian/dansguardian.conf/150maxcontentfilesize --- smeserver-dansguardian-panel-2.11-old/root/etc/e-smith/templates/etc/dansguardian/dansguardian.conf/150maxcontentfilesize 1969-12-31 19:00:00.000000000 -0500 +++ smeserver-dansguardian-panel-2.11/root/etc/e-smith/templates/etc/dansguardian/dansguardian.conf/150maxcontentfilesize 2016-05-25 13:14:48.000000000 -0400 @@ -0,0 +1,11 @@ +# Max content filter size +# Sometimes web servers label binary files as text which can be very +# large which causes a huge drain on memory and cpu resources. +# To counter this, you can limit the size of the document to be +# filtered and get it to just pass it straight through. +# This setting also applies to content regular expression modification. +# The value must not be higher than maxcontentramcachescansize +# The size is in Kibibytes - eg 2048 = 2Mb +# use 0 to set it to maxcontentramcachescansize +maxcontentfiltersize = 256 + diff -Nur smeserver-dansguardian-panel-2.11-old/root/etc/e-smith/templates/etc/dansguardian/dansguardian.conf/155maxcontentramcachesize smeserver-dansguardian-panel-2.11/root/etc/e-smith/templates/etc/dansguardian/dansguardian.conf/155maxcontentramcachesize --- smeserver-dansguardian-panel-2.11-old/root/etc/e-smith/templates/etc/dansguardian/dansguardian.conf/155maxcontentramcachesize 1969-12-31 19:00:00.000000000 -0500 +++ smeserver-dansguardian-panel-2.11/root/etc/e-smith/templates/etc/dansguardian/dansguardian.conf/155maxcontentramcachesize 2016-05-25 13:14:48.000000000 -0400 @@ -0,0 +1,10 @@ +# Max content ram cache scan size +# This is only used if you use a content scanner plugin such as AV +# This is the max size of file that DG will download and cache +# in RAM. After this limit is reached it will cache to disk +# This value must be less than or equal to maxcontentfilecachescansize. +# The size is in Kibibytes - eg 10240 = 10Mb +# use 0 to set it to maxcontentfilecachescansize +# This option may be ignored by the configured download manager. +maxcontentramcachescansize = 2000 + diff -Nur smeserver-dansguardian-panel-2.11-old/root/etc/e-smith/templates/etc/dansguardian/dansguardian.conf/160maxcontentfilecachescansize smeserver-dansguardian-panel-2.11/root/etc/e-smith/templates/etc/dansguardian/dansguardian.conf/160maxcontentfilecachescansize --- smeserver-dansguardian-panel-2.11-old/root/etc/e-smith/templates/etc/dansguardian/dansguardian.conf/160maxcontentfilecachescansize 1969-12-31 19:00:00.000000000 -0500 +++ smeserver-dansguardian-panel-2.11/root/etc/e-smith/templates/etc/dansguardian/dansguardian.conf/160maxcontentfilecachescansize 2016-05-25 13:14:48.000000000 -0400 @@ -0,0 +1,8 @@ +# Max content file cache scan size +# This is only used if you use a content scanner plugin such as AV +# This is the max size file that DG will download +# so that it can be scanned or virus checked. +# This value must be greater or equal to maxcontentramcachescansize. +# The size is in Kibibytes - eg 10240 = 10Mb +maxcontentfilecachescansize = 20000 + diff -Nur smeserver-dansguardian-panel-2.11-old/root/etc/e-smith/templates/etc/dansguardian/dansguardian.conf/165filebigcachedir smeserver-dansguardian-panel-2.11/root/etc/e-smith/templates/etc/dansguardian/dansguardian.conf/165filebigcachedir --- smeserver-dansguardian-panel-2.11-old/root/etc/e-smith/templates/etc/dansguardian/dansguardian.conf/165filebigcachedir 1969-12-31 19:00:00.000000000 -0500 +++ smeserver-dansguardian-panel-2.11/root/etc/e-smith/templates/etc/dansguardian/dansguardian.conf/165filebigcachedir 2016-05-25 13:14:48.000000000 -0400 @@ -0,0 +1,5 @@ +# File cache dir +# Where DG will download files to be scanned if too large for the +# RAM cache. +filecachedir = '/tmp' + diff -Nur smeserver-dansguardian-panel-2.11-old/root/etc/e-smith/templates/etc/dansguardian/dansguardian.conf/170deldowntempl smeserver-dansguardian-panel-2.11/root/etc/e-smith/templates/etc/dansguardian/dansguardian.conf/170deldowntempl --- smeserver-dansguardian-panel-2.11-old/root/etc/e-smith/templates/etc/dansguardian/dansguardian.conf/170deldowntempl 1969-12-31 19:00:00.000000000 -0500 +++ smeserver-dansguardian-panel-2.11/root/etc/e-smith/templates/etc/dansguardian/dansguardian.conf/170deldowntempl 2016-05-25 13:14:48.000000000 -0400 @@ -0,0 +1,9 @@ +# Delete file cache after user completes download +# When a file gets save to temp it stays there until it is deleted. +# You can choose to have the file deleted when the user makes a sucessful +# download. This will mean if they click on the link to download from +# the temp store a second time it will give a 404 error. +# You should configure something to delete old files in temp to stop it filling up. +# on|off (defaults to on) +deletedownloadedtempfiles = on + diff -Nur smeserver-dansguardian-panel-2.11-old/root/etc/e-smith/templates/etc/dansguardian/dansguardian.conf/175initialtrickdelay smeserver-dansguardian-panel-2.11/root/etc/e-smith/templates/etc/dansguardian/dansguardian.conf/175initialtrickdelay --- smeserver-dansguardian-panel-2.11-old/root/etc/e-smith/templates/etc/dansguardian/dansguardian.conf/175initialtrickdelay 1969-12-31 19:00:00.000000000 -0500 +++ smeserver-dansguardian-panel-2.11/root/etc/e-smith/templates/etc/dansguardian/dansguardian.conf/175initialtrickdelay 2016-05-25 13:14:48.000000000 -0400 @@ -0,0 +1,9 @@ +# Initial Trickle delay +# This is the number of seconds a browser connection is left waiting +# before first being sent *something* to keep it alive. The +# *something* depends on the download manager chosen. +# Do not choose a value too low or normal web pages will be affected. +# A value between 20 and 110 would be sensible +# This may be ignored by the configured download manager. +initialtrickledelay = 20 + diff -Nur smeserver-dansguardian-panel-2.11-old/root/etc/e-smith/templates/etc/dansguardian/dansguardian.conf/180trickdelay smeserver-dansguardian-panel-2.11/root/etc/e-smith/templates/etc/dansguardian/dansguardian.conf/180trickdelay --- smeserver-dansguardian-panel-2.11-old/root/etc/e-smith/templates/etc/dansguardian/dansguardian.conf/180trickdelay 1969-12-31 19:00:00.000000000 -0500 +++ smeserver-dansguardian-panel-2.11/root/etc/e-smith/templates/etc/dansguardian/dansguardian.conf/180trickdelay 2016-05-25 13:14:48.000000000 -0400 @@ -0,0 +1,7 @@ +# Trickle delay +# This is the number of seconds a browser connection is left waiting +# before being sent more *something* to keep it alive. The +# *something* depends on the download manager chosen. +# This may be ignored by the configured download manager. +trickledelay = 10 + diff -Nur smeserver-dansguardian-panel-2.11-old/root/etc/e-smith/templates/etc/dansguardian/dansguardian.conf/185downloadmang smeserver-dansguardian-panel-2.11/root/etc/e-smith/templates/etc/dansguardian/dansguardian.conf/185downloadmang --- smeserver-dansguardian-panel-2.11-old/root/etc/e-smith/templates/etc/dansguardian/dansguardian.conf/185downloadmang 1969-12-31 19:00:00.000000000 -0500 +++ smeserver-dansguardian-panel-2.11/root/etc/e-smith/templates/etc/dansguardian/dansguardian.conf/185downloadmang 2016-05-25 13:14:48.000000000 -0400 @@ -0,0 +1,31 @@ +# Download Managers +# These handle downloads of files to be filtered and scanned. +# They differ in the method they deal with large downloads. +# Files usually need to be downloaded 100% before they can be +# filtered and scanned before being sent on to the browser. +# Normally the browser can just wait, but with content scanning, +# for example to AV, the browser may timeout or the user may get +# confused so the download manager has to do some sort of +# 'keep alive'. +# +# There are various methods possible but not all are included. +# The author does not have the time to write them all so I have +# included a plugin systam. Also, not all methods work with all +# browsers and clients. Specifically some fancy methods don't +# work with software that downloads updates. To solve this, +# each plugin can support a regular expression for matching +# the client's user-agent string, and lists of the mime types +# and extensions it should manage. +# +# Note that these are the matching methods provided by the base plugin +# code, and individual plugins may override or add to them. +# See the individual plugin conf files for supported options. +# +# The plugins are matched in the order you specify and the last +# one is forced to match as the default, regardless of user agent +# and other matching mechanisms. +# +downloadmanager = '/etc/dansguardian/downloadmanagers/fancy.conf' +#downloadmanager = '/etc/dansguardian/downloadmanagers/trickle.conf' +downloadmanager = '/etc/dansguardian/downloadmanagers/default.conf' + diff -Nur smeserver-dansguardian-panel-2.11-old/root/etc/e-smith/templates/etc/dansguardian/dansguardian.conf/190contentscanners smeserver-dansguardian-panel-2.11/root/etc/e-smith/templates/etc/dansguardian/dansguardian.conf/190contentscanners --- smeserver-dansguardian-panel-2.11-old/root/etc/e-smith/templates/etc/dansguardian/dansguardian.conf/190contentscanners 1969-12-31 19:00:00.000000000 -0500 +++ smeserver-dansguardian-panel-2.11/root/etc/e-smith/templates/etc/dansguardian/dansguardian.conf/190contentscanners 2016-05-26 03:59:22.616000000 -0400 @@ -0,0 +1,29 @@ +# Content Scanners (Also known as AV scanners) +# These are plugins that scan the content of all files your browser fetches +# for example to AV scan. The options are limitless. Eventually all of +# DansGuardian will be plugin based. You can have more than one content +# scanner. The plugins are run in the order you specify. +# This is one of the few places you can have multiple options of the same name. +# +# Some of the scanner(s) require 3rd party software and libraries eg clamav. +# See the individual plugin conf file for more options (if any). +# +#!! Not compiled !! contentscanner = '/etc/dansguardian/contentscanners/clamav.conf' +#contentscanner = '/etc/dansguardian/contentscanners/clamdscan.conf' +#!! Unimplemented !! contentscanner = '/etc/dansguardian/contentscanners/kavav.conf' +#!! Not compiled !! contentscanner = '/etc/dansguardian/contentscanners/kavdscan.conf' +#contentscanner = '/etc/dansguardian/contentscanners/icapscan.conf' +#contentscanner = '/etc/dansguardian/contentscanners/commandlinescan.conf' + +{ + my $contentscanner = db_get_prop(\%dungog, 'dansguardian', "contentscanner") || ''; + if ($contentscanner eq 'clamscan') + { + $OUT = "contentscanner = '/etc/dansguardian/contentscanners/clamdscan.conf'\n"; + } + else + { + $OUT= "# clamscan disabled " + } + +} diff -Nur smeserver-dansguardian-panel-2.11-old/root/etc/e-smith/templates/etc/dansguardian/dansguardian.conf/195contentscantimout smeserver-dansguardian-panel-2.11/root/etc/e-smith/templates/etc/dansguardian/dansguardian.conf/195contentscantimout --- smeserver-dansguardian-panel-2.11-old/root/etc/e-smith/templates/etc/dansguardian/dansguardian.conf/195contentscantimout 1969-12-31 19:00:00.000000000 -0500 +++ smeserver-dansguardian-panel-2.11/root/etc/e-smith/templates/etc/dansguardian/dansguardian.conf/195contentscantimout 2016-05-25 13:14:48.000000000 -0400 @@ -0,0 +1,7 @@ +# Content scanner timeout +# Some of the content scanners support using a timeout value to stop +# processing (eg AV scanning) the file if it takes too long. +# If supported this will be used. +# The default of 60 seconds is probably reasonable. +contentscannertimeout = 60 + diff -Nur smeserver-dansguardian-panel-2.11-old/root/etc/e-smith/templates/etc/dansguardian/dansguardian.conf/200contentscanexceptions smeserver-dansguardian-panel-2.11/root/etc/e-smith/templates/etc/dansguardian/dansguardian.conf/200contentscanexceptions --- smeserver-dansguardian-panel-2.11-old/root/etc/e-smith/templates/etc/dansguardian/dansguardian.conf/200contentscanexceptions 1969-12-31 19:00:00.000000000 -0500 +++ smeserver-dansguardian-panel-2.11/root/etc/e-smith/templates/etc/dansguardian/dansguardian.conf/200contentscanexceptions 2016-05-25 13:14:48.000000000 -0400 @@ -0,0 +1,8 @@ +# Content scan exceptions +# If 'on' exception sites, urls, users etc will be scanned +# This is probably not desirable behavour as exceptions are +# supposed to be trusted and will increase load. +# Correct use of grey lists are a better idea. +# (on|off) default = off +contentscanexceptions = off + diff -Nur smeserver-dansguardian-panel-2.11-old/root/etc/e-smith/templates/etc/dansguardian/dansguardian.conf/205authplugins smeserver-dansguardian-panel-2.11/root/etc/e-smith/templates/etc/dansguardian/dansguardian.conf/205authplugins --- smeserver-dansguardian-panel-2.11-old/root/etc/e-smith/templates/etc/dansguardian/dansguardian.conf/205authplugins 1969-12-31 19:00:00.000000000 -0500 +++ smeserver-dansguardian-panel-2.11/root/etc/e-smith/templates/etc/dansguardian/dansguardian.conf/205authplugins 2016-05-26 03:38:41.514000000 -0400 @@ -0,0 +1,29 @@ +# Auth plugins +# These replace the usernameidmethod* options in previous versions. They +# handle the extraction of client usernames from various sources, such as +# Proxy-Authorisation headers and ident servers, enabling requests to be +# handled according to the settings of the user's filter group. +# Multiple plugins can be specified, and will be queried in order until one +# of them either finds a username or throws an error. For example, if Squid +# is configured with both NTLM and Basic auth enabled, and both the 'proxy-basic' +# and 'proxy-ntlm' auth plugins are enabled here, then clients which do not support +# NTLM can fall back to Basic without sacrificing access rights. +# +# If you do not use multiple filter groups, you need not specify this option. +# +#authplugin = '/etc/dansguardian/authplugins/proxy-basic.conf' +#authplugin = '/etc/dansguardian/authplugins/proxy-digest.conf' +#authplugin = '/etc/dansguardian/authplugins/proxy-ntlm.conf' +#authplugin = '/etc/dansguardian/authplugins/ident.conf' +#authplugin = '/etc/dansguardian/authplugins/ip.conf' +{ + my $proxyaccess = db_get_prop(\%conf, 'squid', "RequireAuth") || ''; + if ($proxyaccess eq 'ident') + { + $OUT = "authplugin = '/etc/dansguardian/authplugins/ident.conf'\n"; + } + elsif ($proxyaccess =~ /(ncsa|pam|ldap)/) + { + $OUT = "authplugin = '/etc/dansguardian/authplugins/proxy-basic.conf'\n"; + } +} diff -Nur smeserver-dansguardian-panel-2.11-old/root/etc/e-smith/templates/etc/dansguardian/dansguardian.conf/20local smeserver-dansguardian-panel-2.11/root/etc/e-smith/templates/etc/dansguardian/dansguardian.conf/20local --- smeserver-dansguardian-panel-2.11-old/root/etc/e-smith/templates/etc/dansguardian/dansguardian.conf/20local 2008-10-20 11:44:27.000000000 -0400 +++ smeserver-dansguardian-panel-2.11/root/etc/e-smith/templates/etc/dansguardian/dansguardian.conf/20local 1969-12-31 19:00:00.000000000 -0500 @@ -1,66 +0,0 @@ -###---------- LOCAL DansGuardian's settings ----------### - -{ - use esmith::config; - use esmith::db; - - my %conf; - tie %conf, 'esmith::config'; - - my %dungog; - tie %dungog, 'esmith::config', '/home/e-smith/db/dungog'; - - $OUT = ''; - - my $port = db_get_prop(\%dungog, 'dansguardian', 'port') || '8080'; - $OUT .= "filterport = $port\n"; - - #Individual filter groups can override this setting in their own configuration. - my $deniedurl = db_get_prop(\%dungog, 'dansguardian', "deniedurl") || ''; - if ($deniedurl ne '') - { - $OUT .= "accessdeniedaddress = 'http://$deniedurl'\n"; - } - else - { - my $wsn = db_get_prop(\%dungog, 'dansguardian', "wsn") || ${'DomainName'}; - $OUT .= "accessdeniedaddress = 'http://$wsn/cgi-bin/dansguardian.pl'\n"; - } - - my $maxuploadsize = db_get_prop(\%dungog, 'dansguardian', "maxuploadsize") || '-1'; - if ($maxuploadsize eq 'block') {$maxuploadsize = '0';} - $OUT .= "maxuploadsize = $maxuploadsize\n"; - - #from filtergroupslist/30records template - my $fn = db_get_prop(\%dungog, 'dansguardian', "fn") || '1'; - $OUT .= "filtergroups = $fn\n"; - - my $loglevel = db_get_prop(\%dungog, 'dansguardian', "loglevel") || '0'; - $OUT .= "loglevel = $loglevel\n"; - - my $logfileformat = db_get_prop(\%dungog, 'dansguardian', "logfileformat") || '1'; - $OUT .= "logfileformat = $logfileformat\n"; - - my $language = db_get_prop(\%dungog, 'dansguardian', "language") || 'ukenglish'; - $OUT .= "language = $language\n"; - - if (-e "/etc/dansguardian/languages/$language/templatef0.html") - { - $OUT .= "htmltemplate = templatef0.html\n"; - } - - my $proxyaccess = db_get_prop(\%conf, 'squid', "RequireAuth") || ''; - if ($proxyaccess eq 'ident') - { - $OUT .= "authplugin = '/etc/dansguardian/authplugins/ident.conf'\n"; - } - elsif ($proxyaccess =~ /(ncsa|pam|ldap)/) - { - $OUT .= "authplugin = '/etc/dansguardian/authplugins/proxy-basic.conf'\n"; - } -} -reportinglevel = 1 -maxlogitemlength = 300 -contentscanner = '/etc/dansguardian/contentscanners/clamdscan.conf' - -###---------- Default DansGuardian's settings ----------### diff -Nur smeserver-dansguardian-panel-2.11-old/root/etc/e-smith/templates/etc/dansguardian/dansguardian.conf/210recheckreplacedurls smeserver-dansguardian-panel-2.11/root/etc/e-smith/templates/etc/dansguardian/dansguardian.conf/210recheckreplacedurls --- smeserver-dansguardian-panel-2.11-old/root/etc/e-smith/templates/etc/dansguardian/dansguardian.conf/210recheckreplacedurls 1969-12-31 19:00:00.000000000 -0500 +++ smeserver-dansguardian-panel-2.11/root/etc/e-smith/templates/etc/dansguardian/dansguardian.conf/210recheckreplacedurls 2016-05-25 13:14:48.000000000 -0400 @@ -0,0 +1,11 @@ +# Re-check replaced URLs +# As a matter of course, URLs undergo regular expression search/replace (urlregexplist) +# *after* checking the exception site/URL/regexpURL lists, but *before* checking against +# the banned site/URL lists, allowing certain requests that would be matched against the +# latter in their original state to effectively be converted into grey requests. +# With this option enabled, the exception site/URL/regexpURL lists are also re-checked +# after replacement, making it possible for URL replacement to trigger exceptions based +# on them. +# Defaults to off. +recheckreplacedurls = off + diff -Nur smeserver-dansguardian-panel-2.11-old/root/etc/e-smith/templates/etc/dansguardian/dansguardian.conf/215forwardmisc smeserver-dansguardian-panel-2.11/root/etc/e-smith/templates/etc/dansguardian/dansguardian.conf/215forwardmisc --- smeserver-dansguardian-panel-2.11-old/root/etc/e-smith/templates/etc/dansguardian/dansguardian.conf/215forwardmisc 1969-12-31 19:00:00.000000000 -0500 +++ smeserver-dansguardian-panel-2.11/root/etc/e-smith/templates/etc/dansguardian/dansguardian.conf/215forwardmisc 2016-05-25 13:14:48.000000000 -0400 @@ -0,0 +1,7 @@ +# Misc settings + +# if on it adds an X-Forwarded-For: to the HTTP request +# header. This may help solve some problem sites that need to know the +# source ip. on | off +forwardedfor = off + diff -Nur smeserver-dansguardian-panel-2.11-old/root/etc/e-smith/templates/etc/dansguardian/dansguardian.conf/220xforwardmisc smeserver-dansguardian-panel-2.11/root/etc/e-smith/templates/etc/dansguardian/dansguardian.conf/220xforwardmisc --- smeserver-dansguardian-panel-2.11-old/root/etc/e-smith/templates/etc/dansguardian/dansguardian.conf/220xforwardmisc 1969-12-31 19:00:00.000000000 -0500 +++ smeserver-dansguardian-panel-2.11/root/etc/e-smith/templates/etc/dansguardian/dansguardian.conf/220xforwardmisc 2016-05-25 13:14:48.000000000 -0400 @@ -0,0 +1,5 @@ +# if on it uses the X-Forwarded-For: to determine the client +# IP. This is for when you have squid between the clients and DansGuardian. +# Warning - headers are easily spoofed. on | off +usexforwardedfor = off + diff -Nur smeserver-dansguardian-panel-2.11-old/root/etc/e-smith/templates/etc/dansguardian/dansguardian.conf/225logconnectionmisc smeserver-dansguardian-panel-2.11/root/etc/e-smith/templates/etc/dansguardian/dansguardian.conf/225logconnectionmisc --- smeserver-dansguardian-panel-2.11-old/root/etc/e-smith/templates/etc/dansguardian/dansguardian.conf/225logconnectionmisc 1969-12-31 19:00:00.000000000 -0500 +++ smeserver-dansguardian-panel-2.11/root/etc/e-smith/templates/etc/dansguardian/dansguardian.conf/225logconnectionmisc 2016-05-25 13:14:48.000000000 -0400 @@ -0,0 +1,5 @@ +# if on it logs some debug info regarding fork()ing and accept()ing which +# can usually be ignored. These are logged by syslog. It is safe to leave +# it on or off +logconnectionhandlingerrors = on + diff -Nur smeserver-dansguardian-panel-2.11-old/root/etc/e-smith/templates/etc/dansguardian/dansguardian.conf/230logchildprocesshandle smeserver-dansguardian-panel-2.11/root/etc/e-smith/templates/etc/dansguardian/dansguardian.conf/230logchildprocesshandle --- smeserver-dansguardian-panel-2.11-old/root/etc/e-smith/templates/etc/dansguardian/dansguardian.conf/230logchildprocesshandle 1969-12-31 19:00:00.000000000 -0500 +++ smeserver-dansguardian-panel-2.11/root/etc/e-smith/templates/etc/dansguardian/dansguardian.conf/230logchildprocesshandle 2016-05-25 13:14:48.000000000 -0400 @@ -0,0 +1,8 @@ +# Fork pool options + +# If on, this causes DG to write to the log file whenever child processes are +# created or destroyed (other than by crashes). This information can help in +# understanding and tuning the following parameters, but is not generally +# useful in production. +logchildprocesshandling = off + diff -Nur smeserver-dansguardian-panel-2.11-old/root/etc/e-smith/templates/etc/dansguardian/dansguardian.conf/235maxchild smeserver-dansguardian-panel-2.11/root/etc/e-smith/templates/etc/dansguardian/dansguardian.conf/235maxchild --- smeserver-dansguardian-panel-2.11-old/root/etc/e-smith/templates/etc/dansguardian/dansguardian.conf/235maxchild 1969-12-31 19:00:00.000000000 -0500 +++ smeserver-dansguardian-panel-2.11/root/etc/e-smith/templates/etc/dansguardian/dansguardian.conf/235maxchild 2016-05-25 13:14:48.000000000 -0400 @@ -0,0 +1,5 @@ +# sets the maximum number of processes to spawn to handle the incoming +# connections. Max value usually 250 depending on OS. +# On large sites you might want to try 180. +maxchildren = 120 + diff -Nur smeserver-dansguardian-panel-2.11-old/root/etc/e-smith/templates/etc/dansguardian/dansguardian.conf/240minchild smeserver-dansguardian-panel-2.11/root/etc/e-smith/templates/etc/dansguardian/dansguardian.conf/240minchild --- smeserver-dansguardian-panel-2.11-old/root/etc/e-smith/templates/etc/dansguardian/dansguardian.conf/240minchild 1969-12-31 19:00:00.000000000 -0500 +++ smeserver-dansguardian-panel-2.11/root/etc/e-smith/templates/etc/dansguardian/dansguardian.conf/240minchild 2016-05-25 13:14:48.000000000 -0400 @@ -0,0 +1,4 @@ +# sets the minimum number of processes to spawn to handle the incoming connections. +# On large sites you might want to try 32. +minchildren = 8 + diff -Nur smeserver-dansguardian-panel-2.11-old/root/etc/e-smith/templates/etc/dansguardian/dansguardian.conf/245minsparechild smeserver-dansguardian-panel-2.11/root/etc/e-smith/templates/etc/dansguardian/dansguardian.conf/245minsparechild --- smeserver-dansguardian-panel-2.11-old/root/etc/e-smith/templates/etc/dansguardian/dansguardian.conf/245minsparechild 1969-12-31 19:00:00.000000000 -0500 +++ smeserver-dansguardian-panel-2.11/root/etc/e-smith/templates/etc/dansguardian/dansguardian.conf/245minsparechild 2016-05-25 13:14:48.000000000 -0400 @@ -0,0 +1,4 @@ +# sets the minimum number of processes to be kept ready to handle connections. +# On large sites you might want to try 8. +minsparechildren = 4 + diff -Nur smeserver-dansguardian-panel-2.11-old/root/etc/e-smith/templates/etc/dansguardian/dansguardian.conf/250preforkchild smeserver-dansguardian-panel-2.11/root/etc/e-smith/templates/etc/dansguardian/dansguardian.conf/250preforkchild --- smeserver-dansguardian-panel-2.11-old/root/etc/e-smith/templates/etc/dansguardian/dansguardian.conf/250preforkchild 1969-12-31 19:00:00.000000000 -0500 +++ smeserver-dansguardian-panel-2.11/root/etc/e-smith/templates/etc/dansguardian/dansguardian.conf/250preforkchild 2016-05-25 13:14:48.000000000 -0400 @@ -0,0 +1,4 @@ +# sets the minimum number of processes to spawn when it runs out +# On large sites you might want to try 10. +preforkchildren = 6 + diff -Nur smeserver-dansguardian-panel-2.11-old/root/etc/e-smith/templates/etc/dansguardian/dansguardian.conf/255maxsparechild smeserver-dansguardian-panel-2.11/root/etc/e-smith/templates/etc/dansguardian/dansguardian.conf/255maxsparechild --- smeserver-dansguardian-panel-2.11-old/root/etc/e-smith/templates/etc/dansguardian/dansguardian.conf/255maxsparechild 1969-12-31 19:00:00.000000000 -0500 +++ smeserver-dansguardian-panel-2.11/root/etc/e-smith/templates/etc/dansguardian/dansguardian.conf/255maxsparechild 2016-05-25 13:14:48.000000000 -0400 @@ -0,0 +1,5 @@ +# sets the maximum number of processes to have doing nothing. +# When this many are spare it will cull some of them. +# On large sites you might want to try 64. +maxsparechildren = 32 + diff -Nur smeserver-dansguardian-panel-2.11-old/root/etc/e-smith/templates/etc/dansguardian/dansguardian.conf/260maxagechild smeserver-dansguardian-panel-2.11/root/etc/e-smith/templates/etc/dansguardian/dansguardian.conf/260maxagechild --- smeserver-dansguardian-panel-2.11-old/root/etc/e-smith/templates/etc/dansguardian/dansguardian.conf/260maxagechild 1969-12-31 19:00:00.000000000 -0500 +++ smeserver-dansguardian-panel-2.11/root/etc/e-smith/templates/etc/dansguardian/dansguardian.conf/260maxagechild 2016-05-25 13:14:48.000000000 -0400 @@ -0,0 +1,5 @@ +# sets the maximum age of a child process before it croaks it. +# This is the number of connections they handle before exiting. +# On large sites you might want to try 10000. +maxagechildren = 500 + diff -Nur smeserver-dansguardian-panel-2.11-old/root/etc/e-smith/templates/etc/dansguardian/dansguardian.conf/265maxips smeserver-dansguardian-panel-2.11/root/etc/e-smith/templates/etc/dansguardian/dansguardian.conf/265maxips --- smeserver-dansguardian-panel-2.11-old/root/etc/e-smith/templates/etc/dansguardian/dansguardian.conf/265maxips 1969-12-31 19:00:00.000000000 -0500 +++ smeserver-dansguardian-panel-2.11/root/etc/e-smith/templates/etc/dansguardian/dansguardian.conf/265maxips 2016-05-25 13:14:48.000000000 -0400 @@ -0,0 +1,5 @@ +# Sets the maximum number client IP addresses allowed to connect at once. +# Use this to set a hard limit on the number of users allowed to concurrently +# browse the web. Set to 0 for no limit, and to disable the IP cache process. +maxips = 0 + diff -Nur smeserver-dansguardian-panel-2.11-old/root/etc/e-smith/templates/etc/dansguardian/dansguardian.conf/270processoptions smeserver-dansguardian-panel-2.11/root/etc/e-smith/templates/etc/dansguardian/dansguardian.conf/270processoptions --- smeserver-dansguardian-panel-2.11-old/root/etc/e-smith/templates/etc/dansguardian/dansguardian.conf/270processoptions 1969-12-31 19:00:00.000000000 -0500 +++ smeserver-dansguardian-panel-2.11/root/etc/e-smith/templates/etc/dansguardian/dansguardian.conf/270processoptions 2016-05-25 13:14:48.000000000 -0400 @@ -0,0 +1,22 @@ +# Process options +# (Change these only if you really know what you are doing). +# These options allow you to run multiple instances of DansGuardian on a single machine. +# Remember to edit the log file path above also if that is your intention. + +# IPC filename +# +# Defines IPC server directory and filename used to communicate with the log process. +ipcfilename = '/tmp/.dguardianipc' + +# URL list IPC filename +# +# Defines URL list IPC server directory and filename used to communicate with the URL +# cache process. +urlipcfilename = '/tmp/.dguardianurlipc' + +# IP list IPC filename +# +# Defines IP list IPC server directory and filename, for communicating with the client +# IP cache process. +ipipcfilename = '/tmp/.dguardianipipc' + diff -Nur smeserver-dansguardian-panel-2.11-old/root/etc/e-smith/templates/etc/dansguardian/dansguardian.conf/275pidfilename smeserver-dansguardian-panel-2.11/root/etc/e-smith/templates/etc/dansguardian/dansguardian.conf/275pidfilename --- smeserver-dansguardian-panel-2.11-old/root/etc/e-smith/templates/etc/dansguardian/dansguardian.conf/275pidfilename 1969-12-31 19:00:00.000000000 -0500 +++ smeserver-dansguardian-panel-2.11/root/etc/e-smith/templates/etc/dansguardian/dansguardian.conf/275pidfilename 2016-05-25 13:14:48.000000000 -0400 @@ -0,0 +1,5 @@ +# PID filename +# +# Defines process id directory and filename. +#pidfilename = '/var/run/dansguardian.pid' + diff -Nur smeserver-dansguardian-panel-2.11-old/root/etc/e-smith/templates/etc/dansguardian/dansguardian.conf/280disabledaemon smeserver-dansguardian-panel-2.11/root/etc/e-smith/templates/etc/dansguardian/dansguardian.conf/280disabledaemon --- smeserver-dansguardian-panel-2.11-old/root/etc/e-smith/templates/etc/dansguardian/dansguardian.conf/280disabledaemon 1969-12-31 19:00:00.000000000 -0500 +++ smeserver-dansguardian-panel-2.11/root/etc/e-smith/templates/etc/dansguardian/dansguardian.conf/280disabledaemon 2016-05-25 13:14:48.000000000 -0400 @@ -0,0 +1,6 @@ +# Disable daemoning +# If enabled the process will not fork into the background. +# It is not usually advantageous to do this. +# on|off (defaults to off) +nodaemon = off + diff -Nur smeserver-dansguardian-panel-2.11-old/root/etc/e-smith/templates/etc/dansguardian/dansguardian.conf/285disablelog smeserver-dansguardian-panel-2.11/root/etc/e-smith/templates/etc/dansguardian/dansguardian.conf/285disablelog --- smeserver-dansguardian-panel-2.11-old/root/etc/e-smith/templates/etc/dansguardian/dansguardian.conf/285disablelog 1969-12-31 19:00:00.000000000 -0500 +++ smeserver-dansguardian-panel-2.11/root/etc/e-smith/templates/etc/dansguardian/dansguardian.conf/285disablelog 2016-05-25 13:14:48.000000000 -0400 @@ -0,0 +1,4 @@ +# Disable logging process +# on|off (defaults to off) +nologger = off + diff -Nur smeserver-dansguardian-panel-2.11-old/root/etc/e-smith/templates/etc/dansguardian/dansguardian.conf/290logadblocks smeserver-dansguardian-panel-2.11/root/etc/e-smith/templates/etc/dansguardian/dansguardian.conf/290logadblocks --- smeserver-dansguardian-panel-2.11-old/root/etc/e-smith/templates/etc/dansguardian/dansguardian.conf/290logadblocks 1969-12-31 19:00:00.000000000 -0500 +++ smeserver-dansguardian-panel-2.11/root/etc/e-smith/templates/etc/dansguardian/dansguardian.conf/290logadblocks 2016-05-25 13:14:48.000000000 -0400 @@ -0,0 +1,4 @@ +# Enable logging of "ADs" category blocks +# on|off (defaults to off) +logadblocks = off + diff -Nur smeserver-dansguardian-panel-2.11-old/root/etc/e-smith/templates/etc/dansguardian/dansguardian.conf/295loguseragent smeserver-dansguardian-panel-2.11/root/etc/e-smith/templates/etc/dansguardian/dansguardian.conf/295loguseragent --- smeserver-dansguardian-panel-2.11-old/root/etc/e-smith/templates/etc/dansguardian/dansguardian.conf/295loguseragent 1969-12-31 19:00:00.000000000 -0500 +++ smeserver-dansguardian-panel-2.11/root/etc/e-smith/templates/etc/dansguardian/dansguardian.conf/295loguseragent 2016-05-25 13:14:48.000000000 -0400 @@ -0,0 +1,5 @@ +# Enable logging of client User-Agent +# Some browsers will cause a *lot* of extra information on each line! +# on|off (defaults to off) +loguseragent = off + diff -Nur smeserver-dansguardian-panel-2.11-old/root/etc/e-smith/templates/etc/dansguardian/dansguardian.conf/300daemonrunasusergroup smeserver-dansguardian-panel-2.11/root/etc/e-smith/templates/etc/dansguardian/dansguardian.conf/300daemonrunasusergroup --- smeserver-dansguardian-panel-2.11-old/root/etc/e-smith/templates/etc/dansguardian/dansguardian.conf/300daemonrunasusergroup 1969-12-31 19:00:00.000000000 -0500 +++ smeserver-dansguardian-panel-2.11/root/etc/e-smith/templates/etc/dansguardian/dansguardian.conf/300daemonrunasusergroup 2016-05-25 13:14:48.000000000 -0400 @@ -0,0 +1,9 @@ +# Daemon runas user and group +# This is the user that DansGuardian runs as. Normally the user/group nobody. +# Uncomment to use. Defaults to the user set at compile time. +# Temp files created during virus scanning are given owner and group read +# permissions; to use content scanners based on external processes, such as +# clamdscan, the two processes must run with either the same group or user ID. +#daemonuser = 'dansguardian' +#daemongroup = 'dansguardian' + diff -Nur smeserver-dansguardian-panel-2.11-old/root/etc/e-smith/templates/etc/dansguardian/dansguardian.conf/305softrestart smeserver-dansguardian-panel-2.11/root/etc/e-smith/templates/etc/dansguardian/dansguardian.conf/305softrestart --- smeserver-dansguardian-panel-2.11-old/root/etc/e-smith/templates/etc/dansguardian/dansguardian.conf/305softrestart 1969-12-31 19:00:00.000000000 -0500 +++ smeserver-dansguardian-panel-2.11/root/etc/e-smith/templates/etc/dansguardian/dansguardian.conf/305softrestart 2016-05-25 13:14:48.000000000 -0400 @@ -0,0 +1,6 @@ +# Soft restart +# When on this disables the forced killing off all processes in the process group. +# This is not to be confused with the -g run time option - they are not related. +# on|off (defaults to off) +softrestart = off + diff -Nur smeserver-dansguardian-panel-2.11-old/root/etc/e-smith/templates/etc/dansguardian/dansguardian.conf/310mailer smeserver-dansguardian-panel-2.11/root/etc/e-smith/templates/etc/dansguardian/dansguardian.conf/310mailer --- smeserver-dansguardian-panel-2.11-old/root/etc/e-smith/templates/etc/dansguardian/dansguardian.conf/310mailer 1969-12-31 19:00:00.000000000 -0500 +++ smeserver-dansguardian-panel-2.11/root/etc/e-smith/templates/etc/dansguardian/dansguardian.conf/310mailer 2016-05-25 13:14:48.000000000 -0400 @@ -0,0 +1,5 @@ +# Mail program +# Path (sendmail-compatible) email program, with options. +# Not used if usesmtp is disabled (filtergroup specific). +mailer = '/usr/sbin/sendmail -t' + diff -Nur smeserver-dansguardian-panel-2.11-old/root/etc/e-smith/templates/etc/dansguardian/dansguardian.conf/40distro smeserver-dansguardian-panel-2.11/root/etc/e-smith/templates/etc/dansguardian/dansguardian.conf/40distro --- smeserver-dansguardian-panel-2.11-old/root/etc/e-smith/templates/etc/dansguardian/dansguardian.conf/40distro 2007-10-29 10:14:12.000000000 -0400 +++ smeserver-dansguardian-panel-2.11/root/etc/e-smith/templates/etc/dansguardian/dansguardian.conf/40distro 1969-12-31 19:00:00.000000000 -0500 @@ -1,609 +0,0 @@ -# DansGuardian config file for version 2.9.9.1, - -# **NOTE** as of version 2.7.5 most of the list files are now in dansguardianf1.conf - - -# Web Access Denied Reporting (does not affect logging) -# -# -1 = log, but do not block - Stealth mode -# 0 = just say 'Access Denied' -# 1 = report why but not what denied phrase -# 2 = report fully -# 3 = use HTML template file (accessdeniedaddress ignored) - recommended -# -reportinglevel = 3 - -# Language dir where languages are stored for internationalisation. -# The HTML template within this dir is only used when reportinglevel -# is set to 3. When used, DansGuardian will display the HTML file instead of -# using the perl cgi script. This option is faster, cleaner -# and easier to customise the access denied page. -# The language file is used no matter what setting however. -# -languagedir = '/etc/dansguardian/languages' - -# language to use from languagedir. -language = 'ukenglish' - -# Logging Settings -# -# 0 = none 1 = just denied 2 = all text based 3 = all requests -loglevel = 2 - -# Log Exception Hits -# Log if an exception (user, ip, URL, phrase) is matched and so -# the page gets let through. Can be useful for diagnosing -# why a site gets through the filter. -# 0 = never log exceptions -# 1 = log exceptions, but do not explicitly mark them as such -# 2 = always log & mark exceptions (default) -logexceptionhits = 2 - -# Log File Format -# 1 = DansGuardian format (space delimited) -# 2 = CSV-style format -# 3 = Squid Log File Format -# 4 = Tab delimited -logfileformat = 1 - -# truncate large items in log lines -#maxlogitemlength = 400 - -# anonymize logs (blank out usernames & IPs) -#anonymizelogs = on - - -# Syslog logging -# -# Use syslog for access logging instead of logging to the file -# at the defined or built-in "loglocation" -#syslog = on - -# Log file location -# -# Defines the log directory and filename. -#loglocation = '/var/log/dansguardian/access.log' - - -# Statistics log file location -# -# Defines the stat file directory and filename. -# Only used in conjunction with maxips > 0 -# Once every 3 minutes, the current number of IPs in the cache, and the most -# that have been in the cache since the daemon was started, are written to this -# file. IPs persist in the cache for 7 days. -#statlocation = '/var/log/dansguardian/stats' - - -# Network Settings -# -# the IP that DansGuardian listens on. If left blank DansGuardian will -# listen on all IPs. That would include all NICs, loopback, modem, etc. -# Normally you would have your firewall protecting this, but if you want -# you can limit it to a certain IP. To bind to multiple interfaces, -# specify each IP on an individual filterip line. -filterip = - -# the port that DansGuardian listens to. -filterport = 8080 - -# the ip of the proxy (default is the loopback - i.e. this server) -proxyip = 127.0.0.1 - -# the port DansGuardian connects to proxy on -proxyport = 3128 - -# accessdeniedaddress is the address of your web server to which the cgi -# dansguardian reporting script was copied. Only used in reporting levels 1 and 2. -# -# This webserver must be either: -# 1. Non-proxied. Either a machine on the local network, or listed as an exception -# in your browser's proxy configuration. -# 2. Added to the exceptionsitelist. Option 1 is preferable; this option is -# only for users using both transparent proxying and a non-local server -# to host this script. -# -# Individual filter groups can override this setting in their own configuration. -# -accessdeniedaddress = 'http://YOURSERVER.YOURDOMAIN/cgi-bin/dansguardian.pl' - -# Non standard delimiter (only used with accessdeniedaddress) -# To help preserve the full banned URL, including parameters, the variables -# passed into the access denied CGI are separated using non-standard -# delimiters. This can be useful to ensure correct operation of the filter -# bypass modes. Parameters are split using "::" in place of "&", and "==" in -# place of "=". -# Default is enabled, but to go back to the standard mode, disable it. -nonstandarddelimiter = on - - - -# Banned image replacement -# Images that are banned due to domain/url/etc reasons including those -# in the adverts blacklists can be replaced by an image. This will, -# for example, hide images from advert sites and remove broken image -# icons from banned domains. -# on (default) | off -usecustombannedimage = on -custombannedimagefile = '/etc/dansguardian/transparent1x1.gif' - - - -# Filter groups options -# filtergroups sets the number of filter groups. A filter group is a set of content -# filtering options you can apply to a group of users. The value must be 1 or more. -# DansGuardian will automatically look for dansguardianfN.conf where N is the filter -# group. To assign users to groups use the filtergroupslist option. All users default -# to filter group 1. You must have some sort of authentication to be able to map users -# to a group. The more filter groups the more copies of the lists will be in RAM so -# use as few as possible. -filtergroups = 1 -filtergroupslist = '/etc/dansguardian/lists/filtergroupslist' - - - -# Authentication files location -bannediplist = '/etc/dansguardian/lists/bannediplist' -exceptioniplist = '/etc/dansguardian/lists/exceptioniplist' - - - -# Show weighted phrases found -# If enabled then the phrases found that made up the total which excedes -# the naughtyness limit will be logged and, if the reporting level is -# high enough, reported. on | off -showweightedfound = on - -# Weighted phrase mode -# There are 3 possible modes of operation: -# 0 = off = do not use the weighted phrase feature. -# 1 = on, normal = normal weighted phrase operation. -# 2 = on, singular = each weighted phrase found only counts once on a page. -# -weightedphrasemode = 2 - - - -# Positive (clean) result caching for URLs -# Caches good pages so they don't need to be scanned again. -# It also works with AV plugins. -# 0 = off (recommended for ISPs with users with disimilar browsing) -# 1000 = recommended for most users -# 5000 = suggested max upper limit -# If you're using an AV plugin then use at least 5000. -urlcachenumber = 1000 -# -# Age before they are stale and should be ignored in seconds -# 0 = never -# 900 = recommended = 15 mins -urlcacheage = 900 - - - -# Clean cache for content (AV) scan results -# By default, to save CPU, files scanned and found to be -# clean are inserted into the clean cache and NOT scanned -# again for a while. If you don't like this then choose -# to disable it. -# (on|off) default = on. -scancleancache = on - - - -# Smart, Raw and Meta/Title phrase content filtering options -# Smart is where the multiple spaces and HTML are removed before phrase filtering -# Raw is where the raw HTML including meta tags are phrase filtered -# Meta/Title is where only meta and title tags are phrase filtered (v. quick) -# CPU usage can be effectively halved by using setting 0 or 1 compared to 2 -# 0 = raw only -# 1 = smart only -# 2 = both of the above (default) -# 3 = meta/title -phrasefiltermode = 2 - -# Lower casing options -# When a document is scanned the uppercase letters are converted to lower case -# in order to compare them with the phrases. However this can break Big5 and -# other 16-bit texts. If needed preserve the case. As of version 2.7.0 accented -# characters are supported. -# 0 = force lower case (default) -# 1 = do not change case -# 2 = scan first in lower case, then in original case -preservecase = 0 - -# Note: -# If phrasefiltermode and preserve case are both 2, this equates to 4 phrase -# filtering passes. If you have a large enough userbase for this to be a -# worry, and need to filter pages in exotic character encodings, it may be -# better to run two instances on separate servers: one with preservecase 1 -# (and possibly forcequicksearch 1) and non ASCII/UTF-8 phrase lists, and one -# with preservecase 0 and ASCII/UTF-8 lists. - - - -# Hex decoding options -# When a document is scanned it can optionally convert %XX to chars. -# If you find documents are getting past the phrase filtering due to encoding -# then enable. However this can break Big5 and other 16-bit texts. -# off = disabled (default) -# on = enabled -hexdecodecontent = off - - - -# Force Quick Search rather than DFA search algorithm -# The current DFA implementation is not totally 16-bit character compatible -# but is used by default as it handles large phrase lists much faster. -# If you wish to use a large number of 16-bit character phrases then -# enable this option. -# off (default) | on (Big5 compatible) -forcequicksearch = off - - - -# Reverse lookups for banned site and URLs. -# If set to on, DansGuardian will look up the forward DNS for an IP URL -# address and search for both in the banned site and URL lists. This would -# prevent a user from simply entering the IP for a banned address. -# It will reduce searching speed somewhat so unless you have a local caching -# DNS server, leave it off and use the Blanket IP Block option in the -# bannedsitelist file instead. -reverseaddresslookups = off - - - -# Reverse lookups for banned and exception IP lists. -# If set to on, DansGuardian will look up the forward DNS for the IP -# of the connecting computer. This means you can put in hostnames in -# the exceptioniplist and bannediplist. -# If a client computer is matched against an IP given in the lists, then the -# IP will be recorded in any log entries; if forward DNS is successful and a -# match occurs against a hostname, the hostname will be logged instead. -# It will reduce searching speed somewhat so unless you have a local DNS server, -# leave it off. -reverseclientiplookups = off - - -# Perform reverse lookups on client IPs for successful requests. -# If set to on, DansGuardian will look up the forward DNS for the IP -# of the connecting computer, and log host names (where available) rather than -# IPs against requests. -# This is not dependent on reverseclientiplookups being enabled; however, if it -# is, enabling this option does not incur any additional forward DNS requests. -logclienthostnames = off - - -# Build bannedsitelist and bannedurllist cache files. -# This will compare the date stamp of the list file with the date stamp of -# the cache file and will recreate as needed. -# If a bsl or bul .processed file exists, then that will be used instead. -# It will increase process start speed by 300%. On slow computers this will -# be significant. Fast computers do not need this option. on | off -createlistcachefiles = on - - - -# POST protection (web upload and forms) -# does not block forms without any file upload, i.e. this is just for -# blocking or limiting uploads -# measured in kibibytes after MIME encoding and header bumph -# use 0 for a complete block -# use higher (e.g. 512 = 512Kbytes) for limiting -# use -1 for no blocking -#maxuploadsize = 512 -#maxuploadsize = 0 -maxuploadsize = -1 - - - -# Max content filter size -# Sometimes web servers label binary files as text which can be very -# large which causes a huge drain on memory and cpu resources. -# To counter this, you can limit the size of the document to be -# filtered and get it to just pass it straight through. -# This setting also applies to content regular expression modification. -# The value must not be higher than maxcontentramcachescansize -# The size is in Kibibytes - eg 2048 = 2Mb -# use 0 to set it to maxcontentramcachescansize -maxcontentfiltersize = 256 - - - -# Max content ram cache scan size -# This is only used if you use a content scanner plugin such as AV -# This is the max size of file that DG will download and cache -# in RAM. After this limit is reached it will cache to disk -# This value must be less than or equal to maxcontentfilecachescansize. -# The size is in Kibibytes - eg 10240 = 10Mb -# use 0 to set it to maxcontentfilecachescansize -# This option may be ignored by the configured download manager. -maxcontentramcachescansize = 2000 - - - -# Max content file cache scan size -# This is only used if you use a content scanner plugin such as AV -# This is the max size file that DG will download -# so that it can be scanned or virus checked. -# This value must be greater or equal to maxcontentramcachescansize. -# The size is in Kibibytes - eg 10240 = 10Mb -maxcontentfilecachescansize = 20000 - - - -# File cache dir -# Where DG will download files to be scanned if too large for the -# RAM cache. -filecachedir = '/tmp' - - - -# Delete file cache after user completes download -# When a file gets save to temp it stays there until it is deleted. -# You can choose to have the file deleted when the user makes a sucessful -# download. This will mean if they click on the link to download from -# the temp store a second time it will give a 404 error. -# You should configure something to delete old files in temp to stop it filling up. -# on|off (defaults to on) -deletedownloadedtempfiles = on - - - -# Initial Trickle delay -# This is the number of seconds a browser connection is left waiting -# before first being sent *something* to keep it alive. The -# *something* depends on the download manager chosen. -# Do not choose a value too low or normal web pages will be affected. -# A value between 20 and 110 would be sensible -# This may be ignored by the configured download manager. -initialtrickledelay = 20 - - - -# Trickle delay -# This is the number of seconds a browser connection is left waiting -# before being sent more *something* to keep it alive. The -# *something* depends on the download manager chosen. -# This may be ignored by the configured download manager. -trickledelay = 10 - - - -# Download Managers -# These handle downloads of files to be filtered and scanned. -# They differ in the method they deal with large downloads. -# Files usually need to be downloaded 100% before they can be -# filtered and scanned before being sent on to the browser. -# Normally the browser can just wait, but with content scanning, -# for example to AV, the browser may timeout or the user may get -# confused so the download manager has to do some sort of -# 'keep alive'. -# -# There are various methods possible but not all are included. -# The author does not have the time to write them all so I have -# included a plugin systam. Also, not all methods work with all -# browsers and clients. Specifically some fancy methods don't -# work with software that downloads updates. To solve this, -# each plugin can support a regular expression for matching -# the client's user-agent string, and lists of the mime types -# and extensions it should manage. -# -# Note that these are the matching methods provided by the base plugin -# code, and individual plugins may override or add to them. -# See the individual plugin conf files for supported options. -# -# The plugins are matched in the order you specify and the last -# one is forced to match as the default, regardless of user agent -# and other matching mechanisms. -# -downloadmanager = '/etc/dansguardian/downloadmanagers/fancy.conf' -#downloadmanager = '/etc/dansguardian/downloadmanagers/trickle.conf' -downloadmanager = '/etc/dansguardian/downloadmanagers/default.conf' - - - -# Content Scanners (Also known as AV scanners) -# These are plugins that scan the content of all files your browser fetches -# for example to AV scan. The options are limitless. Eventually all of -# DansGuardian will be plugin based. You can have more than one content -# scanner. The plugins are run in the order you specify. -# This is one of the few places you can have multiple options of the same name. -# -# Some of the scanner(s) require 3rd party software and libraries eg clamav. -# See the individual plugin conf file for more options (if any). -# -#contentscanner = '/etc/dansguardian/contentscanners/clamav.conf' -#contentscanner = '/etc/dansguardian/contentscanners/clamdscan.conf' -#!! Unimplemented !! contentscanner = '/etc/dansguardian/contentscanners/kavav.conf' -#!! Not compiled !! contentscanner = '/etc/dansguardian/contentscanners/kavdscan.conf' -#contentscanner = '/etc/dansguardian/contentscanners/icapscan.conf' -#!! Not compiled !! contentscanner = '/etc/dansguardian/contentscanners/commandlinescan.conf' - - - -# Content scanner timeout -# Some of the content scanners support using a timeout value to stop -# processing (eg AV scanning) the file if it takes too long. -# If supported this will be used. -# The default of 60 seconds is probably reasonable. -contentscannertimeout = 60 - - - -# Content scan exceptions -# If 'on' exception sites, urls, users etc will be scanned -# This is probably not desirable behavour as exceptions are -# supposed to be trusted and will increase load. -# Correct use of grey lists are a better idea. -# (on|off) default = off -contentscanexceptions = off - - - -# Auth plugins -# These replace the usernameidmethod* options in previous versions. They -# handle the extraction of client usernames from various sources, such as -# Proxy-Authorisation headers and ident servers, enabling requests to be -# handled according to the settings of the user's filter group. -# Multiple plugins can be specified, and will be queried in order until one -# of them either finds a username or throws an error. For example, if Squid -# is configured with both NTLM and Basic auth enabled, and both the 'proxy-basic' -# and 'proxy-ntlm' auth plugins are enabled here, then clients which do not support -# NTLM can fall back to Basic without sacrificing access rights. -# -# If you do not use multiple filter groups, you need not specify this option. -# -#authplugin = '/etc/dansguardian/authplugins/proxy-basic.conf' -#authplugin = '/etc/dansguardian/authplugins/proxy-ntlm.conf' -#authplugin = '/etc/dansguardian/authplugins/ident.conf' -#authplugin = '/etc/dansguardian/authplugins/ip.conf' - - - -# Re-check replaced URLs -# As a matter of course, URLs undergo regular expression search/replace (urlregexplist) -# *after* checking the exception site/URL/regexpURL lists, but *before* checking against -# the banned site/URL lists, allowing certain requests that would be matched against the -# latter in their original state to effectively be converted into grey requests. -# With this option enabled, the exception site/URL/regexpURL lists are also re-checked -# after replacement, making it possible for URL replacement to trigger exceptions based -# on them. -# Defaults to off. -recheckreplacedurls = off - - - -# Misc settings - -# if on it adds an X-Forwarded-For: to the HTTP request -# header. This may help solve some problem sites that need to know the -# source ip. on | off -forwardedfor = off - - -# if on it uses the X-Forwarded-For: to determine the client -# IP. This is for when you have squid between the clients and DansGuardian. -# Warning - headers are easily spoofed. on | off -usexforwardedfor = off - - -# if on it logs some debug info regarding fork()ing and accept()ing which -# can usually be ignored. These are logged by syslog. It is safe to leave -# it on or off -logconnectionhandlingerrors = on - - - -# Fork pool options - -# If on, this causes DG to write to the log file whenever child processes are -# created or destroyed (other than by crashes). This information can help in -# understanding and tuning the following parameters, but is not generally -# useful in production. -logchildprocesshandling = off - -# sets the maximum number of processes to spawn to handle the incoming -# connections. Max value usually 250 depending on OS. -# On large sites you might want to try 180. -maxchildren = 120 - - -# sets the minimum number of processes to spawn to handle the incoming connections. -# On large sites you might want to try 32. -minchildren = 8 - - -# sets the minimum number of processes to be kept ready to handle connections. -# On large sites you might want to try 8. -minsparechildren = 4 - - -# sets the minimum number of processes to spawn when it runs out -# On large sites you might want to try 10. -preforkchildren = 6 - - -# sets the maximum number of processes to have doing nothing. -# When this many are spare it will cull some of them. -# On large sites you might want to try 64. -maxsparechildren = 32 - - -# sets the maximum age of a child process before it croaks it. -# This is the number of connections they handle before exiting. -# On large sites you might want to try 10000. -maxagechildren = 500 - - -# Sets the maximum number client IP addresses allowed to connect at once. -# Use this to set a hard limit on the number of users allowed to concurrently -# browse the web. Set to 0 for no limit, and to disable the IP cache process. -maxips = 0 - - - -# Process options -# (Change these only if you really know what you are doing). -# These options allow you to run multiple instances of DansGuardian on a single machine. -# Remember to edit the log file path above also if that is your intention. - -# IPC filename -# -# Defines IPC server directory and filename used to communicate with the log process. -ipcfilename = '/tmp/.dguardianipc' - -# URL list IPC filename -# -# Defines URL list IPC server directory and filename used to communicate with the URL -# cache process. -urlipcfilename = '/tmp/.dguardianurlipc' - -# IP list IPC filename -# -# Defines IP list IPC server directory and filename, for communicating with the client -# IP cache process. -ipipcfilename = '/tmp/.dguardianipipc' - -# PID filename -# -# Defines process id directory and filename. -#pidfilename = '/var/run/dansguardian.pid' - -# Disable daemoning -# If enabled the process will not fork into the background. -# It is not usually advantageous to do this. -# on|off (defaults to off) -nodaemon = off - -# Disable logging process -# on|off (defaults to off) -nologger = off - -# Enable logging of "ADs" category blocks -# on|off (defaults to off) -logadblocks = off - -# Enable logging of client User-Agent -# Some browsers will cause a *lot* of extra information on each line! -# on|off (defaults to off) -loguseragent = off - -# Daemon runas user and group -# This is the user that DansGuardian runs as. Normally the user/group nobody. -# Uncomment to use. Defaults to the user set at compile time. -# Temp files created during virus scanning are given owner and group read -# permissions; to use content scanners based on external processes, such as -# clamdscan, the two processes must run with either the same group or user ID. -#daemonuser = 'clamav' -#daemongroup = 'clamav' - -# Soft restart -# When on this disables the forced killing off all processes in the process group. -# This is not to be confused with the -g run time option - they are not related. -# on|off (defaults to off) -softrestart = off - -# Mail program -# Path (sendmail-compatible) email program, with options. -# Not used if usesmtp is disabled (filtergroup specific). -mailer = '/usr/sbin/sendmail -t'