LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Software
User Name
Password
Linux - Software This forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.

Notices

Reply
 
Search this Thread
Old 03-10-2007, 09:38 PM   #1
flycast
Member
 
Registered: Jul 2006
Posts: 87

Rep: Reputation: 15
DansGuardian/TinyProxy on Slackware


I have installed DansGuardian and TinyProxy on Slackware and it is not filtering. I have made sure that there is a site URL in the filter definition file and that TinyProxy is started first and DansGuardian is started second. I have confirmed that there are processes for both. My Tiny proxy log says this when I restart DansGuardian:
Quote:
CONNECT Mar 10 21:14:32 [1578]: Connect (file descriptor 10): localhost [127.0.0.1]
ERROR Mar 10 21:14:32 [1578]: read_request_line: Client (file descriptor: 10) closed socket before read.
My TinyProxy config is:
Quote:
User nobody
Group nogroup
Port 3128
#Listen 127.0.0.1
#Bind 192.168.0.1
Timeout 600
DefaultErrorFile "/usr/share/tinyproxy/default.html"
StatFile "/usr/share/tinyproxy/stats.html"
Logfile "/var/log/tinyproxy.log"
LogLevel Info
PidFile "/var/run/tinyproxy.pid"
#XTinyproxy mydomain.com
#Upstream some.remote.proxy:port
MaxClients 100
MinSpareServers 5
MaxSpareServers 20
StartServers 10
MaxRequestsPerChild 0
Allow 127.0.0.1
#Allow 192.168.1.0/254
ViaProxyName "tinyproxy"
#Filter "/etc/tinyproxy/filter"
#FilterURLs On
#FilterExtended On
#FilterCaseSensitive On
#FilterDefaultDeny Yes
#Anonymous "Host"
#Anonymous "Authorization"
ConnectPort 443
ConnectPort 563
DansGuardian config is:
Quote:
# DansGuardian config file for version 2.9.8.2
reportinglevel = 3
languagedir = '/usr/share/dansguardian/languages'
language = 'ukenglish'
loglevel = 3
logexceptionhits = on
logfileformat = 1
#maxlogitemlength = 400
anonymizelogs = off
#syslog = on
#loglocation = '/var/log/dansguardian/access.log'
#statlocation = '/var/log/dansguardian/stats'
filterip =
filterport = 8080
proxyip = 127.0.0.1
proxyport = 3128
accessdeniedaddress = 'http://YOURSERVER.YOURDOMAIN/cgi-bin/dansguardian.pl'
nonstandarddelimiter = on
usecustombannedimage = 1
custombannedimagefile = '/usr/share/dansguardian/transparent1x1.gif'
filtergroups = 1
filtergroupslist = '/etc/dansguardian/lists/filtergroupslist'
bannediplist = '/etc/dansguardian/lists/bannediplist'
exceptioniplist = '/etc/dansguardian/lists/exceptioniplist'
showweightedfound = on
weightedphrasemode = 2
urlcachenumber = 1000
urlcacheage = 900
scancleancache = on
phrasefiltermode = 2
preservecase = 0
hexdecodecontent = 0
forcequicksearch = 0
reverseaddresslookups = off
reverseclientiplookups = off
logclienthostnames = off
createlistcachefiles = on
#maxuploadsize = 512
#maxuploadsize = 0
maxuploadsize = -1
maxcontentfiltersize = 256
maxcontentramcachescansize = 2000
maxcontentfilecachescansize = 20000
filecachedir = '/tmp'
deletedownloadedtempfiles = on
initialtrickledelay = 20
trickledelay = 10
downloadmanager = '/etc/dansguardian/downloadmanagers/fancy.conf'
##!! Not compiled !! downloadmanager = '/etc/dansguardian/downloadmanagers/trickle.conf'
downloadmanager = '/etc/dansguardian/downloadmanagers/default.conf'
#!! Not compiled !! contentscanner = '/etc/dansguardian/contentscanners/clamav.conf'
#contentscanner = '/etc/dansguardian/contentscanners/clamdscan.conf'
#!! Unimplemented !! contentscanner = '/etc/dansguardian/contentscanners/kavav.conf'
#!! Not compiled !! contentscanner = '/etc/dansguardian/contentscanners/kavdscan.conf'
#!! Not compiled !! contentscanner = '/etc/dansguardian/contentscanners/icapscan.conf'
#!! Not compiled !! contentscanner = '/etc/dansguardian/contentscanners/commandlinescan.conf'
contentscannertimeout = 60
contentscanexceptions = off
#authplugin = '/etc/dansguardian/authplugins/proxy-basic.conf'
#!! Not compiled !! authplugin = '/etc/dansguardian/authplugins/proxy-ntlm.conf'
#authplugin = '/etc/dansguardian/authplugins/ident.conf'
#authplugin = '/etc/dansguardian/authplugins/ip.conf'
recheckreplacedurls = off
forwardedfor = off
usexforwardedfor = off
logconnectionhandlingerrors = on
logchildprocesshandling = off
maxchildren = 120
minchildren = 8
minsparechildren = 4
preforkchildren = 6
maxsparechildren = 32
maxagechildren = 500
maxips = 0
ipcfilename = '/tmp/.dguardianipc'
urlipcfilename = '/tmp/.dguardianurlipc'
ipipcfilename = '/tmp/.dguardianipipc'
#pidfilename = '/var/run/dansguardian.pid'
nodaemon = off
nologger = off
logadblocks = off
#daemonuser = 'nobody'
#daemongroup = 'nobody'
softrestart = off
mailer = '/usr/sbin/sendmail -t'
My Iptables rules are:
Quote:
# Full access to the userid of the dansguardian and tinyproxy (==nobody), and of freshclam (==clamav):
# Note that dansguardian needs to connect to tinyproxy at port 3128,
# tinyproxy needs to be able to connect to external servers at port 80 on behalf of the web browsers,
# and freshclam needs to be able to fetch virus definition updates.
/usr/sbin/iptables -A OUTPUT -t nat -p tcp --dport 3128 -m owner --uid-owner nobody -j ACCEPT
/usr/sbin/iptables -A OUTPUT -t nat -p tcp --dport 80 -m owner --uid-owner nobody -j ACCEPT
/usr/sbin/iptables -A OUTPUT -t nat -p tcp --dport 80 -m owner --uid-owner clamav -j ACCEPT
# Privileged user(s) will bypass the content filter:
PRIVUSERS="root alien"
for user in $EXEMPTUSERS; do
/usr/sbin/iptables -A OUTPUT -t nat -p tcp --dport 80 -m owner --uid-owner $user -j ACCEPT
done
# What comes next is the catch-all. Any user account not listed above
# (nobody, clamav and $PRIVUSERS) is forced through the content filter.
# Redirect requests for web pages (http traffic) to the dansguardian listen port:
/usr/sbin/iptables -A OUTPUT -t nat -p tcp --dport 80 -j REDIRECT --to-ports 8080
# Also catch the sneaky bastards that try to bypass dansguardian:
/usr/sbin/iptables -A OUTPUT -t nat -p tcp --dport 3128 -j REDIRECT --to-ports 8080
Any ideas?
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
will tinyproxy or Dansguardian log mac address gfem Linux - Software 2 02-26-2007 06:55 PM
tinyproxy dependency problem. sixth_sense Linux - Networking 1 02-14-2007 11:32 AM
using DansGuardian Trio3b Linux - Security 4 12-02-2005 03:18 AM
Dansguardian jomy Linux - Networking 2 11-27-2005 09:56 AM
Dansguardian mahmoudkhn Linux - Networking 4 12-20-2004 06:15 AM


All times are GMT -5. The time now is 05:56 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration