You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

348 lines
14 KiB

  1. # DansGuardian filter group config file for version 2.12.0.0
  2. # Filter group mode
  3. # This option determines whether members of this group have their web access
  4. # unfiltered, filtered, or banned. This mechanism replaces the "banneduserlist"
  5. # and "exceptionuserlist" files from previous versions.
  6. #
  7. # 0 = banned
  8. # 1 = filtered
  9. # 2 = unfiltered (exception)
  10. #
  11. # Only filter groups with a mode of 1 need to define phrase, URL, site, extension,
  12. # mimetype and PICS lists; in other modes, these options are ignored to conserve
  13. # memory.
  14. #
  15. # Defaults to 0 if unspecified.
  16. # Unauthenticated users are treated as being in the first filter group.
  17. groupmode = 1
  18. # Filter group name
  19. # Used to fill in the -FILTERGROUP- placeholder in the HTML template file, and to
  20. # name the group in the access logs
  21. # Defaults to empty string
  22. #groupname = ''
  23. # Content filtering files location
  24. bannedphraselist = '/etc/dansguardian/lists/bannedphraselist'
  25. weightedphraselist = '/etc/dansguardian/lists/weightedphraselist'
  26. exceptionphraselist = '/etc/dansguardian/lists/exceptionphraselist'
  27. bannedsitelist = '/etc/dansguardian/lists/bannedsitelist'
  28. greysitelist = '/etc/dansguardian/lists/greysitelist'
  29. exceptionsitelist = '/etc/dansguardian/lists/exceptionsitelist'
  30. bannedurllist = '/etc/dansguardian/lists/bannedurllist'
  31. greyurllist = '/etc/dansguardian/lists/greyurllist'
  32. exceptionurllist = '/etc/dansguardian/lists/exceptionurllist'
  33. exceptionregexpurllist = '/etc/dansguardian/lists/exceptionregexpurllist'
  34. bannedregexpurllist = '/etc/dansguardian/lists/bannedregexpurllist'
  35. picsfile = '/etc/dansguardian/lists/pics'
  36. contentregexplist = '/etc/dansguardian/lists/contentregexplist'
  37. urlregexplist = '/etc/dansguardian/lists/urlregexplist'
  38. # Filetype filtering
  39. #
  40. # Blanket download blocking
  41. # If enabled, all files will be blocked, unless they match the
  42. # exceptionextensionlist or exceptionmimetypelist.
  43. # These lists do not override virus scanning.
  44. # Exception lists defined above override all types of filtering, including
  45. # the blanket download block.
  46. # Defaults to disabled.
  47. # (on | off)
  48. #
  49. blockdownloads = off
  50. exceptionextensionlist = '/etc/dansguardian/lists/exceptionextensionlist'
  51. exceptionmimetypelist = '/etc/dansguardian/lists/exceptionmimetypelist'
  52. #
  53. # Use the following lists to block specific kinds of file downloads.
  54. # The two exception lists above can be used to override these.
  55. #
  56. bannedextensionlist = '/etc/dansguardian/lists/bannedextensionlist'
  57. bannedmimetypelist = '/etc/dansguardian/lists/bannedmimetypelist'
  58. #
  59. # In either file filtering mode, the following list can be used to override
  60. # MIME type & extension blocks for particular domains & URLs (trusted download sites).
  61. #
  62. exceptionfilesitelist = '/etc/dansguardian/lists/exceptionfilesitelist'
  63. exceptionfileurllist = '/etc/dansguardian/lists/exceptionfileurllist'
  64. # Categorise without blocking:
  65. # Supply categorised lists here and the category string shall be logged against
  66. # matching requests, but matching these lists does not perform any filtering
  67. # action.
  68. #logsitelist = '/etc/dansguardian/lists/logsitelist'
  69. #logurllist = '/etc/dansguardian/lists/logurllist'
  70. #logregexpurllist = '/etc/dansguardian/lists/logregexpurllist'
  71. # Outgoing HTTP header rules:
  72. # Optional lists for blocking based on, and modification of, outgoing HTTP
  73. # request headers. Format for headerregexplist is one modification rule per
  74. # line, similar to content/URL modifications. Format for
  75. # bannedregexpheaderlist is one regular expression per line, with matching
  76. # headers causing a request to be blocked.
  77. # Headers are matched/replaced on a line-by-line basis, not as a contiguous
  78. # block.
  79. # Use for example, to remove cookies or prevent certain user-agents.
  80. headerregexplist = '/etc/dansguardian/lists/headerregexplist'
  81. bannedregexpheaderlist = '/etc/dansguardian/lists/bannedregexpheaderlist'
  82. # Weighted phrase mode
  83. # Optional; overrides the weightedphrasemode option in dansguardian.conf
  84. # for this particular group. See documentation for supported values in
  85. # that file.
  86. #weightedphrasemode = 0
  87. # Naughtiness limit
  88. # This the limit over which the page will be blocked. Each weighted phrase is given
  89. # a value either positive or negative and the values added up. Phrases to do with
  90. # good subjects will have negative values, and bad subjects will have positive
  91. # values. See the weightedphraselist file for examples.
  92. # As a guide:
  93. # 50 is for young children, 100 for old children, 160 for young adults.
  94. naughtynesslimit = 50
  95. # Search term blocking
  96. # Search terms can be extracted from search URLs and filtered using the
  97. # bannedphraselist, weightedphraselist and exceptionphraselist, with a separate
  98. # threshold for blocking than that used for normal page content.
  99. # To do this, the first two options below must be enabled.
  100. #
  101. # Search engine regular expression list
  102. # List of regular expressions for matching search engine URLs. It is assumed
  103. # that the search terms themselves will be contained within the first submatch
  104. # of each expression.
  105. #searchengineregexplist = '/etc/dansguardian/lists/searchengineregexplist'
  106. #
  107. # Search term limit
  108. # The limit over which requests will be blocked for containing search terms
  109. # which match the weightedphraselist. This should usually be lower than the
  110. # 'naughtynesslimit' value above, because the amount of text being filtered
  111. # is only a few words, rather than a whole page.
  112. # This option must be uncommented if searchengineregexplist is uncommented.
  113. # A value of 0 here indicates that search terms should be extracted,
  114. # for logging/reporting purposes, but no filtering should be performed
  115. # on the resulting text.
  116. #searchtermlimit = 30
  117. #
  118. # Search term lists
  119. # If the three lines below are uncommented, search term blocking will use
  120. # the banned, weighted & exception phrases from these lists, instead of using
  121. # the same phrase lists as for page content. This is optional but recommended,
  122. # as weights for individual phrases in the "normal" lists may not be
  123. # appropriate for blocking when those phrases appear in a much smaller block
  124. # of text.
  125. # Please note that all or none of the below should be uncommented, not a
  126. # mixture.
  127. #bannedsearchtermlist = '/etc/dansguardian/lists/bannedsearchtermlist'
  128. #weightedsearchtermlist = '/etc/dansguardian/lists/weightedsearchtermlist'
  129. #exceptionsearchtermlist = '/etc/dansguardian/lists/exceptionsearchtermlist'
  130. # Category display threshold
  131. # This option only applies to pages blocked by weighted phrase filtering.
  132. # Defines the minimum score that must be accumulated within a particular
  133. # category in order for it to show up on the block pages' category list.
  134. # All categories under which the page scores positively will be logged; those
  135. # that were not displayed to the user appear in brackets.
  136. #
  137. # -1 = display only the highest scoring category
  138. # 0 = display all categories (default)
  139. # > 0 = minimum score for a category to be displayed
  140. categorydisplaythreshold = 0
  141. # Embedded URL weighting
  142. # When set to something greater than zero, this option causes URLs embedded within a
  143. # page's HTML (from links, image tags, etc.) to be extracted and checked against the
  144. # bannedsitelist and bannedurllist. Each link to a banned page causes the amount set
  145. # here to be added to the page's weighting.
  146. # The behaviour of this option with regards to multiple occurrences of a site/URL is
  147. # affected by the weightedphrasemode setting.
  148. #
  149. # NB: Currently, this feature uses regular expressions that require the PCRE library.
  150. # As such, it is only available if you compiled DansGuardian with '--enable-pcre=yes'.
  151. # You can check compile-time options by running 'dansguardian -v'.
  152. #
  153. # Set to 0 to disable.
  154. # Defaults to 0.
  155. # WARNING: This option is highly CPU intensive!
  156. embeddedurlweight = 0
  157. # Enable PICS rating support
  158. #
  159. # Defaults to disabled
  160. # (on | off)
  161. enablepics = off
  162. # Temporary Denied Page Bypass
  163. # This provides a link on the denied page to bypass the ban for a few minutes. To be
  164. # secure it uses a random hashed secret generated at daemon startup. You define the
  165. # number of seconds the bypass will function for before the deny will appear again.
  166. # To allow the link on the denied page to appear you will need to edit the template.html
  167. # or dansguardian.pl file for your language.
  168. # 300 = enable for 5 minutes
  169. # 0 = disable ( defaults to 0 )
  170. # -1 = enable but you require a separate program/CGI to generate a valid link
  171. bypass = 0
  172. # Temporary Denied Page Bypass Secret Key
  173. # Rather than generating a random key you can specify one. It must be more than 8 chars.
  174. # '' = generate a random one (recommended and default)
  175. # 'Mary had a little lamb.' = an example
  176. # '76b42abc1cd0fdcaf6e943dcbc93b826' = an example
  177. bypasskey = ''
  178. # Infection/Scan Error Bypass
  179. # Similar to the 'bypass' setting, but specifically for bypassing files scanned and found
  180. # to be infected, or files that trigger scanner errors - for example, archive types with
  181. # recognised but unsupported compression schemes, or corrupt archives.
  182. # The option specifies the number of seconds for which the bypass link will be valid.
  183. # 300 = enable for 5 minutes
  184. # 0 = disable (default)
  185. # -1 = enable, but require a separate program/CGI to generate a valid link
  186. infectionbypass = 0
  187. # Infection/Scan Error Bypass Secret Key
  188. # Same as the 'bypasskey' option, but used for infection bypass mode.
  189. infectionbypasskey = ''
  190. # Infection/Scan Error Bypass on Scan Errors Only
  191. # Enable this option to allow infectionbypass links only when virus scanning fails,
  192. # not when a file is found to contain a virus.
  193. # on = enable (default and highly recommended)
  194. # off = disable
  195. infectionbypasserrorsonly = on
  196. # Disable content scanning
  197. # If you enable this option you will disable content scanning for this group.
  198. # Content scanning primarily is AV scanning (if enabled) but could include
  199. # other types.
  200. # (on|off) default = off.
  201. disablecontentscan = off
  202. # Enable Deep URL Analysis
  203. # When enabled, DG looks for URLs within URLs, checking against the bannedsitelist and
  204. # bannedurllist. This can be used, for example, to block images originating from banned
  205. # sites from appearing in Google Images search results, as the original URLs are
  206. # embedded in the thumbnail GET requests.
  207. # (on|off) default = off
  208. deepurlanalysis = off
  209. # reportinglevel
  210. #
  211. # -1 = log, but do not block - Stealth mode
  212. # 0 = just say 'Access Denied'
  213. # 1 = report why but not what denied phrase
  214. # 2 = report fully
  215. # 3 = use HTML template file (accessdeniedaddress ignored) - recommended
  216. #
  217. # If defined, this overrides the global setting in dansguardian.conf for
  218. # members of this filter group.
  219. #
  220. #reportinglevel = 3
  221. # accessdeniedaddress is the address of your web server to which the cgi
  222. # dansguardian reporting script was copied. Only used in reporting levels
  223. # 1 and 2.
  224. #
  225. # This webserver must be either:
  226. # 1. Non-proxied. Either a machine on the local network, or listed as an
  227. # exception in your browser's proxy configuration.
  228. # 2. Added to the exceptionsitelist. Option 1 is preferable; this option is
  229. # only for users using both transparent proxying and a non-local server
  230. # to host this script.
  231. #
  232. # If defined, this overrides the global setting in dansguardian.conf for
  233. # members of this filter group.
  234. #
  235. #accessdeniedaddress = 'http://YOURSERVER.YOURDOMAIN/cgi-bin/dansguardian.pl'
  236. # HTML Template override
  237. # If defined, this specifies a custom HTML template file for members of this
  238. # filter group, overriding the global setting in dansguardian.conf. This is
  239. # only used in reporting level 3.
  240. #
  241. # The default template file path is <languagedir>/<language>/template.html
  242. # e.g. /usr/share/dansguardian/languages/ukenglish/template.html when using 'ukenglish'
  243. # language.
  244. #
  245. # This option generates a file path of the form:
  246. # <languagedir>/<language>/<htmltemplate>
  247. # e.g. /usr/share/dansguardian/languages/ukenglish/custom.html
  248. #
  249. #htmltemplate = 'custom.html'
  250. # Email reporting - original patch by J. Gauthier
  251. # Use SMTP
  252. # If on, will enable system wide events to be reported by email.
  253. # need to configure mail program (see 'mailer' in global config)
  254. # and email recipients
  255. # default usesmtp = off
  256. #!! Not compiled !!usesmtp = off
  257. # mailfrom
  258. # who the email would come from
  259. # example: mailfrom = 'dansguardian@mycompany.com'
  260. #!! Not compiled !!mailfrom = ''
  261. # avadmin
  262. # who the virus emails go to (if notify av is on)
  263. # example: avadmin = 'admin@mycompany.com'
  264. #!! Not compiled !!avadmin = ''
  265. # contentdmin
  266. # who the content emails go to (when thresholds are exceeded)
  267. # and contentnotify is on
  268. # example: contentadmin = 'admin@mycompany.com'
  269. #!! Not compiled !!contentadmin = ''
  270. # avsubject
  271. # Subject of the email sent when a virus is caught.
  272. # only applicable if notifyav is on
  273. # default avsubject = 'dansguardian virus block'
  274. #!! Not compiled !!avsubject = 'dansguardian virus block'
  275. # content
  276. # Subject of the email sent when violation thresholds are exceeded
  277. # default contentsubject = 'dansguardian violation'
  278. #!! Not compiled !!contentsubject = 'dansguardian violation'
  279. # notifyAV
  280. # This will send a notification, if usesmtp/notifyav is on, any time an
  281. # infection is found.
  282. # Important: If this option is off, viruses will still be recorded like a
  283. # content infraction.
  284. #!! Not compiled !!notifyav = off
  285. # notifycontent
  286. # This will send a notification, if usesmtp is on, based on thresholds
  287. # below
  288. #!! Not compiled !!notifycontent = off
  289. # thresholdbyuser
  290. # results are only predictable with user authenticated configs
  291. # if enabled the violation/threshold count is kept track of by the user
  292. #!! Not compiled !!thresholdbyuser = off
  293. #violations
  294. # number of violations before notification
  295. # setting to 0 will never trigger a notification
  296. #!! Not compiled !!violations = 0
  297. #threshold
  298. # this is in seconds. If 'violations' occur in 'threshold' seconds, then
  299. # a notification is made.
  300. # if this is set to 0, then whenever the set number of violations are made a
  301. # notifaction will be sent.
  302. #!! Not compiled !!threshold = 0
  303. #SSL certificate checking
  304. # Check that ssl certificates for servers on https connections are valid
  305. # and signed by a ca in the configured path
  306. sslcertcheck = off
  307. #SSL man in the middle
  308. # Forge ssl certificates for all sites, decrypt the data then re encrypt it
  309. # using a different private key. Used to filter ssl sites
  310. sslmitm = off