I have installed DansGuardian and TinyProxy on Slackware and it is not filtering. I have made sure that there is a site URL in the filter definition file and that TinyProxy is started first and DansGuardian is started second. I have confirmed that there are processes for both. My Tiny proxy log says this when I restart DansGuardian:
Quote:
CONNECT Mar 10 21:14:32 [1578]: Connect (file descriptor 10): localhost [127.0.0.1]
ERROR Mar 10 21:14:32 [1578]: read_request_line: Client (file descriptor: 10) closed socket before read.
|
My TinyProxy config is:
Quote:
User nobody
Group nogroup
Port 3128
#Listen 127.0.0.1
#Bind 192.168.0.1
Timeout 600
DefaultErrorFile "/usr/share/tinyproxy/default.html"
StatFile "/usr/share/tinyproxy/stats.html"
Logfile "/var/log/tinyproxy.log"
LogLevel Info
PidFile "/var/run/tinyproxy.pid"
#XTinyproxy mydomain.com
#Upstream some.remote.proxy:port
MaxClients 100
MinSpareServers 5
MaxSpareServers 20
StartServers 10
MaxRequestsPerChild 0
Allow 127.0.0.1
#Allow 192.168.1.0/254
ViaProxyName "tinyproxy"
#Filter "/etc/tinyproxy/filter"
#FilterURLs On
#FilterExtended On
#FilterCaseSensitive On
#FilterDefaultDeny Yes
#Anonymous "Host"
#Anonymous "Authorization"
ConnectPort 443
ConnectPort 563
|
DansGuardian config is:
Quote:
# DansGuardian config file for version 2.9.8.2
reportinglevel = 3
languagedir = '/usr/share/dansguardian/languages'
language = 'ukenglish'
loglevel = 3
logexceptionhits = on
logfileformat = 1
#maxlogitemlength = 400
anonymizelogs = off
#syslog = on
#loglocation = '/var/log/dansguardian/access.log'
#statlocation = '/var/log/dansguardian/stats'
filterip =
filterport = 8080
proxyip = 127.0.0.1
proxyport = 3128
accessdeniedaddress = 'http://YOURSERVER.YOURDOMAIN/cgi-bin/dansguardian.pl'
nonstandarddelimiter = on
usecustombannedimage = 1
custombannedimagefile = '/usr/share/dansguardian/transparent1x1.gif'
filtergroups = 1
filtergroupslist = '/etc/dansguardian/lists/filtergroupslist'
bannediplist = '/etc/dansguardian/lists/bannediplist'
exceptioniplist = '/etc/dansguardian/lists/exceptioniplist'
showweightedfound = on
weightedphrasemode = 2
urlcachenumber = 1000
urlcacheage = 900
scancleancache = on
phrasefiltermode = 2
preservecase = 0
hexdecodecontent = 0
forcequicksearch = 0
reverseaddresslookups = off
reverseclientiplookups = off
logclienthostnames = off
createlistcachefiles = on
#maxuploadsize = 512
#maxuploadsize = 0
maxuploadsize = -1
maxcontentfiltersize = 256
maxcontentramcachescansize = 2000
maxcontentfilecachescansize = 20000
filecachedir = '/tmp'
deletedownloadedtempfiles = on
initialtrickledelay = 20
trickledelay = 10
downloadmanager = '/etc/dansguardian/downloadmanagers/fancy.conf'
##!! Not compiled !! downloadmanager = '/etc/dansguardian/downloadmanagers/trickle.conf'
downloadmanager = '/etc/dansguardian/downloadmanagers/default.conf'
#!! Not compiled !! contentscanner = '/etc/dansguardian/contentscanners/clamav.conf'
#contentscanner = '/etc/dansguardian/contentscanners/clamdscan.conf'
#!! Unimplemented !! contentscanner = '/etc/dansguardian/contentscanners/kavav.conf'
#!! Not compiled !! contentscanner = '/etc/dansguardian/contentscanners/kavdscan.conf'
#!! Not compiled !! contentscanner = '/etc/dansguardian/contentscanners/icapscan.conf'
#!! Not compiled !! contentscanner = '/etc/dansguardian/contentscanners/commandlinescan.conf'
contentscannertimeout = 60
contentscanexceptions = off
#authplugin = '/etc/dansguardian/authplugins/proxy-basic.conf'
#!! Not compiled !! authplugin = '/etc/dansguardian/authplugins/proxy-ntlm.conf'
#authplugin = '/etc/dansguardian/authplugins/ident.conf'
#authplugin = '/etc/dansguardian/authplugins/ip.conf'
recheckreplacedurls = off
forwardedfor = off
usexforwardedfor = off
logconnectionhandlingerrors = on
logchildprocesshandling = off
maxchildren = 120
minchildren = 8
minsparechildren = 4
preforkchildren = 6
maxsparechildren = 32
maxagechildren = 500
maxips = 0
ipcfilename = '/tmp/.dguardianipc'
urlipcfilename = '/tmp/.dguardianurlipc'
ipipcfilename = '/tmp/.dguardianipipc'
#pidfilename = '/var/run/dansguardian.pid'
nodaemon = off
nologger = off
logadblocks = off
#daemonuser = 'nobody'
#daemongroup = 'nobody'
softrestart = off
mailer = '/usr/sbin/sendmail -t'
|
My Iptables rules are:
Quote:
# Full access to the userid of the dansguardian and tinyproxy (==nobody), and of freshclam (==clamav):
# Note that dansguardian needs to connect to tinyproxy at port 3128,
# tinyproxy needs to be able to connect to external servers at port 80 on behalf of the web browsers,
# and freshclam needs to be able to fetch virus definition updates.
/usr/sbin/iptables -A OUTPUT -t nat -p tcp --dport 3128 -m owner --uid-owner nobody -j ACCEPT
/usr/sbin/iptables -A OUTPUT -t nat -p tcp --dport 80 -m owner --uid-owner nobody -j ACCEPT
/usr/sbin/iptables -A OUTPUT -t nat -p tcp --dport 80 -m owner --uid-owner clamav -j ACCEPT
# Privileged user(s) will bypass the content filter:
PRIVUSERS="root alien"
for user in $EXEMPTUSERS; do
/usr/sbin/iptables -A OUTPUT -t nat -p tcp --dport 80 -m owner --uid-owner $user -j ACCEPT
done
# What comes next is the catch-all. Any user account not listed above
# (nobody, clamav and $PRIVUSERS) is forced through the content filter.
# Redirect requests for web pages (http traffic) to the dansguardian listen port:
/usr/sbin/iptables -A OUTPUT -t nat -p tcp --dport 80 -j REDIRECT --to-ports 8080
# Also catch the sneaky bastards that try to bypass dansguardian:
/usr/sbin/iptables -A OUTPUT -t nat -p tcp --dport 3128 -j REDIRECT --to-ports 8080
|
Any ideas?
