[SOLVED] Configuring Squid with DansGuardian in CENT OS 5.5

vikas027 · 01-21-2011, 12:54 PM

Hi,

I am trying to learn DansGuardian for content filtering, but for some reasons it is NOT working for me.

Request is directly getting routed to SQUID, it should come first to DansGuardian and then to SQUID.

I have created the below scenario on CENTOS 5.5 boxes.

Code:

192.168.0.10	box1.test.com		YUM/HTTP SERVER

192.168.0.20	box2.test.com		YUM/HTTP CLIENT, SQUID SERVER
192.168.1.20

192.168.1.30	box3.test.com		YUM/HTTP CLIENT, SQUID CLIENT

Here, clearly box3 can not connect to website hosted on box1.
Thus, I have configured SQUID proxy on box2 to enable this.

All well till here.

Now, I want to test DansGuardian for content filtering.

I am using the below versions of Squid and DansGuardian.

Quote:

squid-2.6.STABLE21-6.el5
dansguardian-2.8.0.6-1.2.el5.rf

This is my /etc/squid/squid.conf

Quote:

acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT
http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
acl our_networks src 192.168.1.0/24 192.168.0.0/24
http_access allow our_networks
http_access allow localhost
http_access deny all
icp_access allow all
http_port 8080
hierarchy_stoplist cgi-bin ?
access_log /var/log/squid/access.log squid
acl QUERY urlpath_regex cgi-bin \?
cache deny QUERY
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern . 0 20% 4320
acl apache rep_header Server ^Apache
broken_vary_encoding allow apache
visible_hostname box2.test.com
forwarded_for off
coredump_dir /var/spool/squid

This is my /etc/dansguardian/dansguardian.conf

Quote:

reportinglevel = 3
languagedir = '/etc/dansguardian/languages'
language = 'ukenglish'
loglevel = 2
logexceptionhits = on
logfileformat = 1
loglocation = '/var/log/dansguardian/access.log'
filterip = 192.168.1.20
filterport = 9999
proxyip = 192.168.1.20
proxyport = 8080
accessdeniedaddress = 'http://YOURSERVER.YOURDOMAIN/cgi-bin/dansguardian.pl'
nonstandarddelimiter = on
usecustombannedimage = 1
custombannedimagefile = '/etc/dansguardian/transparent1x1.gif'
filtergroups = 1
bannedextensionlist = '/etc/dansguardian/bannedextensionlist'
bannediplist = '/etc/dansguardian/bannediplist'
bannedmimetypelist = '/etc/dansguardian/bannedmimetypelist'
bannedphraselist = '/etc/dansguardian/bannedphraselist'
bannedregexpurllist = '/etc/dansguardian/bannedregexpurllist'
bannedsitelist = '/etc/dansguardian/bannedsitelist'
bannedurllist = '/etc/dansguardian/bannedurllist'
banneduserlist = '/etc/dansguardian/banneduserlist'
contentregexplist = '/etc/dansguardian/contentregexplist'
exceptioniplist = '/etc/dansguardian/exceptioniplist'
exceptionphraselist = '/etc/dansguardian/exceptionphraselist'
exceptionsitelist = '/etc/dansguardian/exceptionsitelist'
exceptionurllist = '/etc/dansguardian/exceptionurllist'
exceptionuserlist = '/etc/dansguardian/exceptionuserlist'
filtergroupslist = '/etc/dansguardian/filtergroupslist'
greysitelist = '/etc/dansguardian/greysitelist'
greyurllist = '/etc/dansguardian/greyurllist'
weightedphraselist = '/etc/dansguardian/weightedphraselist'
showweightedfound = on
weightedphrasemode = 2
urlcachenumber = 1000
urlcacheage = 900
phrasefiltermode = 2
preservecase = 0
hexdecodecontent = 0
forcequicksearch = 0
reverseaddresslookups = off
reverseclientiplookups = off
createlistcachefiles = on
maxuploadsize = -1
maxcontentfiltersize = 256
usernameidmethodproxyauth = on
usernameidmethodntlm = off # **NOT IMPLEMENTED**
usernameidmethodident = off
preemptivebanning = on
forwardedfor = off
usexforwardedfor = off
logconnectionhandlingerrors = on
maxchildren = 120
minchildren = 8
minsparechildren = 4
preforkchildren = 6
maxsparechildren = 32
maxagechildren = 500
ipcfilename = '/tmp/.dguardianipc'
urlipcfilename = '/tmp/.dguardianurlipc'
nodaemon = off
nologger = off
softrestart = off

I have made changes in the "bold" files above as below :-

Code:

[root@box2 dansguardian]# grep 192.168.1.30 bannediplist
192.168.1.30
[root@box2 dansguardian]# grep 192.168.0.10 bannedregexpurllist
192.168.0.10
[root@box2 dansguardian]# grep 192.168.0.10 bannedsitelist
192.168.0.10
[root@box2 dansguardian]# grep 192.168.0.10 bannedurllist
192.168.0.10

Ideally, I believe (when sitting on box3) changes in any of the above files should be able to block http://192.168.0.10/index.html
and
the corresponding logs should come in /var/log/dansguardian/access.log. BUT nothing is getting logged in this file

Any idea, how to troubleshoot this ? My DansGuardian is not coming into picture.

vikas027 · 01-21-2011, 09:58 PM

Hi All,

I got it working

I forced all traffic from SQUID port 8080 to DansGuardian Port 9999 through IPTABLES.

Code:

iptables -t nat -A PREROUTING -p tcp --dport 8080 -i eth0 -j REDIRECT --to-port 9999

However, I feel this should have been done by configuration in /etc/dansguardian/dansguardian.conf.

Anyways, it is working well for me and I am a happy man.

Now, I will try to add CLAM AV antivirus in this setup.

vikas027 · 01-21-2011, 11:29 PM

Hi All,

I have configured Squid and DansGuardian successfully.

Now, I have configured Clam AV (antivirus) following this link, but I am not sure whether Clam AV is working or not.

I installed Clam AV
yum install clamav clamav-db clamd

and add the below lines in my /etc/dansguardian/dansguardian.conf

Code:

virusscan = on
virusengine = 'clamav'
tricklelength = 32768
forkscanlength = 32768
firsttrickledelay = 10
followingtrickledelay = 10
maxcontentscansize = 41904304
virusscanexceptions = on
urlcachecleanonly = on
virusscannertimeout = 60
notify = 2 # will notify the admin only
emaildomain = 'test.com'
postmaster = 'root@box2.test.com'
emailserver = '127.0.0.1:25'
downloaddir = '/tmp/dgvirus'
clmaxfiles = 1500
clmaxreclevel = 3
clmaxfilesize = 10485760
clblockencryptedarchives = off
cldetectbroken = off
clamdsocket = '127.0.0.1:3310'

Although, restarting clamd services does not give any warnings But I doubt it is working well because neither the /var/log/clamav/clamd.log shows anything
nor
anything is getting captured in tcpdump on port Clam AV port 3310 when downloading or browsing any webpage.

Code:

[root@box2 dansguardian]# tcpdump -nn -q -i any src port 3310 -w box3.pcap
tcpdump: WARNING: Promiscuous mode not supported on the "any" device
tcpdump: listening on any, link-type LINUX_SLL (Linux cooked), capture size 96 bytes
0 packets captured
5 packets received by filter
0 packets dropped by kernel
[root@box2 dansguardian]# tcpdump -nnr box3.pcap
reading from file box31.pcap, link-type LINUX_SLL (Linux cooked)
[root@box2 dansguardian]#

vikas027 · 01-23-2011, 01:13 AM

Hi All,

I have changed order of configuration.

Earlier, I was configuring Squid, then DansGuardian and then Clam AV

Now,

I first configured Squid, then build it SquidClamAV and then DansGuardian.

This helped me out.

I am closing this thread.

Thanks people.