LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Closed Thread
 
Search this Thread
Old 01-19-2008, 08:08 PM   #1
metallica1973
Senior Member
 
Registered: Feb 2003
Location: Washington D.C
Posts: 2,118

Rep: Reputation: 58
Dansguardian/SquidGuard - Web Filter/ Squid


I have been using DANSGUARDIAN and SquidGuard for many years and am not complete happy with it. I am looking for a web filter that has corporate strength features and will allow me a lot more flexability then DANSGUARDIAN. This product is good for a SOHO or a for the family but I need something that can handle a small business with 50 plus nodes+. Any suggestions?

Last edited by metallica1973; 01-19-2008 at 08:09 PM.
 
Old 01-20-2008, 03:32 AM   #2
Jay_Drummond
Member
 
Registered: Jul 2005
Location: Ohio
Distribution: CentOS 4 & 5, Ubuntu 7.04 & 7.10
Posts: 38

Rep: Reputation: 15
Well. I'm using squid and dansguardian too. When I first looked into it I investigated http://www.untangle.com/, but could get it to install on my low end hardware.
 
Old 01-20-2008, 05:30 AM   #3
ledow
Member
 
Registered: Apr 2005
Location: UK
Distribution: Slackware 13.0
Posts: 241

Rep: Reputation: 34
Smoothwall has commercial appliances and software that are as powerful at filtering etc.

However, DansGuardian isn't THAT bad. I know of at least one school of 1000+ users that is using it 24/7 as the primary Internet filter (and transparent proxy/bridge, so ALL Internet-bound traffic passes through that single machine without any problems). The PC it runs on is an old server, not that high-spec, and it copes admirably. Granted, you really need a nice GUI on top to manage it properly but when there's only ever really one person or a small team managing something like that, a few shell scripts or a single PHP page can more than comfortably handle the majority of common features. Your situation might be different, however.

Give Smoothwall a call - they were very knowledgeable and helpful last time I spoke to them.
 
Old 01-20-2008, 11:55 AM   #4
metallica1973
Senior Member
 
Registered: Feb 2003
Location: Washington D.C
Posts: 2,118

Original Poster
Rep: Reputation: 58
I was hoping to find something for free that competes with it. Thanks
 
Old 01-25-2008, 10:25 AM   #5
archtoad6
Senior Member
 
Registered: Oct 2004
Location: Houston, TX (usa)
Distribution: MEPIS, Debian, Knoppix,
Posts: 4,727
Blog Entries: 15

Rep: Reputation: 231Reputation: 231Reputation: 231
Mainly to OP:
  1. What are you not completely happy with? How about a couple of examples to give us a feel for the source of your discontent?
  2. In what way(s) does DansGuardian lack flexibility? Again, just 1 or 2 examples would suffice.
  3. Thanks, Jay, for the Untangle link -- it's very interesting. Unfortunately, I suspect the advanced, more flexible, features are not free:
    (from http://wiki.untangle.com/index.php/Policy_Management)
    Quote:
    Advanced Policy Management with 'Custom Racks' is currently only available in the Professional Package. You can, however, create 'No Rack' and 'Default Rack' policies in the Open Source version.
  4. I presume you are aware of SmoothWall Express, the community (free) version, & do not think it meets your needs.
  5. IPCop, which is free in both senses, started out as fork of SmoothWall -- would it work for you?
  6. Last time I looked, Dan works for SmoothWall, Ltd.
 
Old 01-25-2008, 10:42 AM   #6
metallica1973
Senior Member
 
Registered: Feb 2003
Location: Washington D.C
Posts: 2,118

Original Poster
Rep: Reputation: 58
What I mean is granularity, tracking, particial subnet isolation. Well for example with dansguardian you cannot simply filter certain urls between specific nodes, it is either all or nothing. Let say for example there is a user on subnet 192.168.10.0/27 and you wanted to block streaming, myspace.com and ebay and on another subnet 192.168.9.0/27 you would allow these sites but block out washingtonpost.com, suntimes.com, linuxquestions.com, you cannot simply do that with bannedurllist.conf or bannediplist.conf. It is either all or nothing. What I am saying is I want granularity of isolating certain parts of a subnet or individually. What about a SOHO. You have user1 who is wasting time online shopping and user2 is wasting time on ebay but user1 needs access to ebay to perform her job. Please tell me how I would do this with DANSGUARDIAN. If that is possible then please show me a decent how-to on what I am trying to accomplish. It certainly hasnt been provided by

dansguardian.org

or a google search.

Also reporting would be a nice feature.

Last edited by metallica1973; 01-25-2008 at 10:43 AM.
 
Old 01-25-2008, 11:08 AM   #7
win32sux
Guru
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Rep: Reputation: 371Reputation: 371Reputation: 371Reputation: 371
Quote:
Originally Posted by metallica1973 View Post
What I mean is granularity, tracking, particial subnet isolation. Well for example with dansguardian you cannot simply filter certain urls between specific nodes, it is either all or nothing. Let say for example there is a user on subnet 192.168.10.0/27 and you wanted to block streaming, myspace.com and ebay and on another subnet 192.168.9.0/27 you would allow these sites but block out washingtonpost.com, suntimes.com, linuxquestions.com, you cannot simply do that with bannedurllist.conf or bannediplist.conf. It is either all or nothing. What I am saying is I want granularity of isolating certain parts of a subnet or individually. What about a SOHO. You have user1 who is wasting time online shopping and user2 is wasting time on ebay but user1 needs access to ebay to perform her job. Please tell me how I would do this with DANSGUARDIAN. If that is possible then please show me a decent how-to on what I am trying to accomplish. It certainly hasnt been provided by dansguardian.org or a google search.
IIRC this was tedious to do in earlier DG versions (I would actually run several DGs and have the router take clients to the appropriate instance based on source IP and MAC). It should, however, be pretty straight-forward using the 2.9.x.x branch, as AFAICT it includes an IP authentication plugin which lets you set different filters for different groups.
 
Old 01-25-2008, 11:14 AM   #8
metallica1973
Senior Member
 
Registered: Feb 2003
Location: Washington D.C
Posts: 2,118

Original Poster
Rep: Reputation: 58
Thanks for the reply. It seems very tedious. I guess DANSGUARDIAN stands alone for free stuff. I will try running a couple of instances of DANSGUARDIAN and see what happens. I guess what I was looking for was a product that could do all of this from one central location and not have to go through all of these loops. Many thanks
 
Old 01-25-2008, 11:40 AM   #9
win32sux
Guru
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Rep: Reputation: 371Reputation: 371Reputation: 371Reputation: 371
Quote:
Originally Posted by metallica1973 View Post
Thanks for the reply. It seems very tedious. I guess DANSGUARDIAN stands alone for free stuff. I will try running a couple of instances of DANSGUARDIAN and see what happens. I guess what I was looking for was a product that could do all of this from one central location and not have to go through all of these loops. Many thanks
I think you misunderstood my post. I know from experience that it used to be tedious on prior versions. But AFAICT this is not the case anymore with the 2.9.x.x branch. I downloaded a tarball a few minutes ago to have a look and got the impression you could achieve what you want without any major fuss at all.
 
Old 01-25-2008, 01:39 PM   #10
metallica1973
Senior Member
 
Registered: Feb 2003
Location: Washington D.C
Posts: 2,118

Original Poster
Rep: Reputation: 58
Ill give it a shot. thanks
 
Old 01-25-2008, 01:57 PM   #11
Jay_Drummond
Member
 
Registered: Jul 2005
Location: Ohio
Distribution: CentOS 4 & 5, Ubuntu 7.04 & 7.10
Posts: 38

Rep: Reputation: 15
I think squid guard might be able to do what you were talking about in your example. Here's a link to its docs talking about limiting based on IP address.

http://www.squidguard.org/Doc/extended.html#sourceIP

I guess you would also need Squid installed but that might offer a speed boost in that it's a web cache.
 
Old 10-24-2009, 07:54 AM   #12
karanb17
LQ Newbie
 
Registered: Oct 2009
Posts: 2

Rep: Reputation: 0
Wink Solution to your qurery (SafeSquid)

Quote:
Originally Posted by metallica1973 View Post
I have been using DANSGUARDIAN and SquidGuard for many years and am not complete happy with it. I am looking for a web filter that has corporate strength features and will allow me a lot more flexability then DANSGUARDIAN. This product is good for a SOHO or a for the family but I need something that can handle a small business with 50 plus nodes+. Any suggestions?
After using DANSGUARDIAN AND SQUIDGURAD I suggest you should try to use SafeSquid having a multithreaded architcure and having far more better features and benefits .It has a browser based GUI interface which gives much more flexibility in terms of Content Filtering .Its an open source software and i have personally used it i can provide you with the details of it and provide you the link for its installation which is free upto three users and then you can commercially but the product starting from 5 to 1000 users depending upon how many users are there.
You can just type safesquid on your search engine and then the website of SafeSquid will guide you and solve all your constant queries.
I can provide and help you with the installation process of it.
 
Old 10-24-2009, 05:03 PM   #13
win32sux
Guru
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Rep: Reputation: 371Reputation: 371Reputation: 371Reputation: 371
karanb17, after reading your intro, I suspect you're using your LQ privileges for the sole purpose of pushing a software product. I guarantee you that your LQ privileges will be revoked if you continue down this path. You've been warned.
 
  


Closed Thread


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
LXer: How to use Squid as an easy web filter LXer Syndicated Linux News 0 08-31-2007 10:20 PM
Problem installing squid as a web filter with dansguardian davimint Slackware 3 07-21-2007 06:18 AM
Squid as Web Filter + Web Server in other machine Balkce *BSD 3 12-17-2005 04:40 PM
Squid as Web Filter + Web Server in other machine Balkce Linux - Networking 2 12-15-2005 08:13 PM
web filter tools for squid alnreddy Linux - Networking 4 03-28-2005 09:14 AM


All times are GMT -5. The time now is 03:49 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration