|2.8 of Dansguardian
2.2 of Cop+
|Version and patch level of IPCop:||1.4.15 and later - use Copplus 2.2
1.4.4 thru 1.4.13 - use Copplus 2.1
|Interface type :||GUI = Graphical user interface, the MOD is accessed from the Web Browser
Content Filter User Authority
|Build Level:||b1 = Build 1
This represents minor changes to the MOD.
|Rating :||Green - Opens no ports to red. No known vulnerabilities.|
|Description :||DansGuardian allows you to filter
web browsing by both blacklists/whitelists and greylists, and by examining the page contents for banned
words or phrases. It can also block downloading of files based on file extension (like .exe or .scr files)
or MIME types.
There are two different log file viewers for the Dansguardian log files, allowing the administrator to identify people who are attempting to abuse the system and deal with them.
Web Proxy authentication allows you require a user to input their name & password before they can web browse. This helps in identifying who was involved when reviewing the DansGuardian log files. It also can be used to restrict web access to only certain people in the office.
The GUI content filter page allows you to enter any url you want to download your blacklists from. Downloads will run automatically once a week at 1:20 AM or you can turn that feature off. A manual download can be initiated any time by the administrator.
|Operation :||Everything is preconfigured for you.
Automatic Blacklist downloads are ON by default. Sorry, but you can't control the time they run at from the GUI... 1:20 AM. Maybe someday I'll add that. Controls are at the bottom of the 'Services' - 'Content filter' page.
The Web Proxy will be turned on in transparent mode for you. Dansguardian can take over 12 minutes to install and start up on a PII 200Mhz machine; be patient. Your browser may time out waiting for the install to complete. It's rather slow at loading and sorting the blacklists. After that it runs well on slower machines. At the bottom of the 'Services' - 'Web Proxy' GUI page is a control to create Web Users and passwords. To change a password, just delete the user and recreate it with a new password.
Also on the 'Services' - 'Web Proxy' page is a checkbox to "Require User Authentication" If you check this box and hit the 'Save' button, transparent will be turned off and IPCop will reboot. After that, the web browsers (Internet explorer, Mozilla etc.) on all your PCs need to be reconfigured to use a "proxy server" at your GREEN IPCop IP number, port 8080. When a user starts up their web browser, it will ask them for a name and password before they can get out to the internet. (Create them on the Web Proxy GUI page.) The usernames will then appear in the Dansguardian logs as well as the ip numbers.
By default, Dansguardian is blocking only 'adult' and porn sites. You can configure what Dansguardian does or doesn't allow by editing it's control files. The 'Services' - 'Content filter' GUI page has links that allow you to edit these files. Any line in these files that starts with a # is ignored by Dansguardian.
For instance if you click on the link for the 'Banned url list file' you'll see a list of all the available blacklist categories. Only a few of the categories are used by default; the ones without the # at the beginning. By removing a few # signs and hitting the save button, you can change what categories DG will block. You should do the same for the 'Banned site (domain) list file' and then restart the content filter to make your changes take effect.
Putting a site in the 'Exception site (domain) list' file is the easiest way to stop it from being blocked, but be very careful about this since downloads and browsing of the entire domain will be allowed without inspection or restriction.
If you'd like to get usernames in the Dansguardian logs, but not hassle your users every time they start up a web browser, leave "Require user authentication" off and instead install an "Ident" server on all your windows PCs. You can get a free Windows Ident server for NT Here, and for Win95-ME Here. If you try the NT ident server on Win2K or XP, and it slows web browsing to a crawl, try this one. After you've installed that on all your client PCs, go to the IPCop GUI 'Services' - 'Content Filter" page and click the 'Advanced Settings' button. Near the bottom of that page is a checkbox called "User name ID method Ident." Check it and press the "Save" button at the bottom of the page. After that restart the content filter. Whatever name people used to logon to windows will then appear in the Dansguardian logs. Be aware that clever users can easily spoof a different name.
|Setup :||Download and install
the Addon Server MOD first.
Second download Copplus 2.2 for IPCop 1.4.15 or later
for IPCop 1.4.4 thru 1.4.13 use Copplus2.1
NOTE COP+ is not avalible for IPCop 1.3.0
NOTE: If you have previously changed the Web Proxy port from the default of 800, change it back to 800.
The MOD will start or restart the Web Server.
Third install using the Addons page found in your IPCop.
No Reboot is required, the MOD will stop and restart the Web Server.
|Configure :||Configuration instructions are included with the MOD.|
Cop+ for IPCop 1.4.x
2 Jan 2008 Cop+ 2.2 released
minor upgrade with bugfixes. Still using Dansguardian 126.96.36.199.
- Compatible with ipcop 1.4.15 and later. (but not earlier versions!)
- Blacklists are randomized upon downloading. (Fixes bug -Dansguardian wasn't restarting with the latest sorted Blacklists from URLBlacklist.com)
- Now Compatible with Update Accelerator (http://www.advproxy.net/update-accelerator/)
- For folks using web authentication feature, sites in the Dansguardian exception site list are now allowed out for everyone WITHOUT username/password.
- minor bug fixes including the problem with some Dansguardian configuration changes not taking effect upon restarting Dansguardian.
July 20, 2005 Build 1 of Cop+ 2.1 Released
Dansguardian restart method improved. Restarts of the content filter are now transparent to the users or a very brief interruption. (Initial startup of DG after installing or IPCop reboot is still 10+minutes on a 300Mhz machine.)
Improved Filtering of Google images and cached pages using Philip Pearce's DG patch
Improved Dansguardian Phraselists thanks to Fernand Jonker
Fixed problem with duplicating iptables rules on Dial-up or PPPoE internet connections
Minor Dansguardian Log viewer improvements and bug fixes.
26 April 2005
Version 2.0 released for IPCop 1.44 and later
Includes Dansguardian 2.8
No longer includes autoupdates or ad blocking via hosts file.
20 Dec 2004
Update1 b2 released
22 Oct 2004
Firewall rules that were incorrectly blocking port 80 traffic to orange and green networks from the red. (i.e. people could not host a web server.) - fixed
The blacklist download script didn't work correctly with URLBlacklist.com as a source. - fixed.
Eliminated error messages at squid startup.
04 October 2004
The install program is a tiny bit smarter about handling rc.firewall.local files that have been modified, the firewall rules have been changed to disallow ssl connections that bypass DG and squid.
Packaged for Addons Server
08 September 2004