|
|
@ -0,0 +1,426 @@ |
|
|
|
# e2guardian filter group config file for version 3.0.4 |
|
|
|
|
|
|
|
|
|
|
|
# Filter group mode |
|
|
|
# This option determines whether members of this group have their web access |
|
|
|
# unfiltered, filtered, or banned. |
|
|
|
# |
|
|
|
# 0 = banned |
|
|
|
# 1 = filtered |
|
|
|
# 2 = unfiltered (exception) |
|
|
|
# |
|
|
|
# Only filter groups with a mode of 1 need to define phrase, URL, site, extension, |
|
|
|
# mimetype and PICS lists; in other modes, these options are ignored to conserve |
|
|
|
# memory. |
|
|
|
# |
|
|
|
# Defaults to 0 if unspecified. |
|
|
|
# Unauthenticated users are treated as being in the first filter group. |
|
|
|
groupmode = 1 |
|
|
|
|
|
|
|
# Filter group name |
|
|
|
# Used to fill in the -FILTERGROUP- placeholder in the HTML template file, and to |
|
|
|
# name the group in the access logs |
|
|
|
# Defaults to empty string |
|
|
|
#groupname = '' |
|
|
|
groupname = '' |
|
|
|
|
|
|
|
# Content filtering files location |
|
|
|
bannedphraselist = 'etc/e2guardian/lists/bannedphraselist' |
|
|
|
weightedphraselist = 'etc/e2guardian/lists/weightedphraselist' |
|
|
|
exceptionphraselist = 'etc/e2guardian/lists/exceptionphraselist' |
|
|
|
bannedsitelist = 'etc/e2guardian/lists/bannedsitelist' |
|
|
|
greysitelist = 'etc/e2guardian/lists/greysitelist' |
|
|
|
bannedsslsitelist = 'etc/e2guardian/lists/bannedsslsitelist' |
|
|
|
greysslsitelist = 'etc/e2guardian/lists/greysslsitelist' |
|
|
|
exceptionsitelist = 'etc/e2guardian/lists/exceptionsitelist' |
|
|
|
bannedurllist = 'etc/e2guardian/lists/bannedurllist' |
|
|
|
greyurllist = 'etc/e2guardian/lists/greyurllist' |
|
|
|
exceptionurllist = 'etc/e2guardian/lists/exceptionurllist' |
|
|
|
exceptionregexpurllist = 'etc/e2guardian/lists/exceptionregexpurllist' |
|
|
|
bannedregexpurllist = 'etc/e2guardian/lists/bannedregexpurllist' |
|
|
|
picsfile = 'etc/e2guardian/lists/pics' |
|
|
|
contentregexplist = 'etc/e2guardian/lists/contentregexplist' |
|
|
|
urlregexplist = 'etc/e2guardian/lists/urlregexplist' |
|
|
|
refererexceptionsitelist = 'etc/e2guardian/lists/refererexceptionsitelist' |
|
|
|
refererexceptionurllist = 'etc/e2guardian/lists/refererexceptionurllist' |
|
|
|
embededreferersitelist = 'etc/e2guardian/lists/embededreferersitelist' |
|
|
|
embededrefererurllist = 'etc/e2guardian/lists/embededrefererurllist' |
|
|
|
urlredirectregexplist = 'etc/e2guardian/lists/urlredirectregexplist' |
|
|
|
|
|
|
|
# local versions of lists (where LOCAL_LISTS enabled) |
|
|
|
#localbannedsitelist = 'etc/e2guardian/lists/localbannedsitelist' |
|
|
|
#localgreysitelist = 'etc/e2guardian/lists/localgreysitelist' |
|
|
|
#localexceptionsitelist = 'etc/e2guardian/lists/localexceptionsitelist' |
|
|
|
#localbannedurllist = 'etc/e2guardian/lists/localbannedurllist' |
|
|
|
#localgreyurllist = 'etc/e2guardian/lists/localgreyurllist' |
|
|
|
#localexceptionurllist = 'etc/e2guardian/lists/localexceptionurllist' |
|
|
|
#localbannedsslsitelist = 'etc/e2guardian/lists/localbannedsslsitelist' |
|
|
|
#localgreysslsitelist = 'etc/e2guardian/lists/localgreysslsitelist' |
|
|
|
#localbannedsearchlist = 'etc/e2guardian/lists/localbannedsearchlist' |
|
|
|
|
|
|
|
!! Not compiled !! authexceptionsitelist = 'etc/e2guardian/lists/authexceptionsitelist' |
|
|
|
!! Not compiled !! authexceptionurllist = 'etc/e2guardian/lists/authexceptionurllist' |
|
|
|
|
|
|
|
# Filetype filtering |
|
|
|
# |
|
|
|
# Allow bannedregexpurllist with grey list mode |
|
|
|
# bannedregexpheaderlist and bannedregexpurllist |
|
|
|
# |
|
|
|
# bannedregexwithblanketblock = off |
|
|
|
# |
|
|
|
# Blanket download blocking |
|
|
|
# If enabled, all files will be blocked, unless they match the |
|
|
|
# exceptionextensionlist or exceptionmimetypelist. |
|
|
|
# These lists do not override virus scanning. |
|
|
|
# Exception lists defined above override all types of filtering, including |
|
|
|
# the blanket download block. |
|
|
|
# Defaults to disabled. |
|
|
|
# (on | off) |
|
|
|
# |
|
|
|
blockdownloads = off |
|
|
|
exceptionextensionlist = 'etc/e2guardian/lists/exceptionextensionlist' |
|
|
|
exceptionmimetypelist = 'etc/e2guardian/lists/exceptionmimetypelist' |
|
|
|
# |
|
|
|
# Use the following lists to block specific kinds of file downloads. |
|
|
|
# The two exception lists above can be used to override these. |
|
|
|
# |
|
|
|
bannedextensionlist = 'etc/e2guardian/lists/bannedextensionlist' |
|
|
|
bannedmimetypelist = 'etc/e2guardian/lists/bannedmimetypelist' |
|
|
|
# |
|
|
|
# In either file filtering mode, the following list can be used to override |
|
|
|
# MIME type & extension blocks for particular domains & URLs (trusted download sites). |
|
|
|
# |
|
|
|
exceptionfilesitelist = 'etc/e2guardian/lists/exceptionfilesitelist' |
|
|
|
exceptionfileurllist = 'etc/e2guardian/lists/exceptionfileurllist' |
|
|
|
|
|
|
|
# POST protection (web upload and forms) |
|
|
|
# does not block forms without any file upload, i.e. this is just for |
|
|
|
# blocking or limiting uploads |
|
|
|
# measured in kibibytes after MIME encoding and header bumph |
|
|
|
# use 0 for a complete block |
|
|
|
# use higher (e.g. 512 = 512Kbytes) for limiting |
|
|
|
# use -1 for no blocking |
|
|
|
#maxuploadsize = 512 |
|
|
|
#maxuploadsize = 0 |
|
|
|
maxuploadsize = -1 |
|
|
|
|
|
|
|
# Categorise without blocking: |
|
|
|
# Supply categorised lists here and the category string shall be logged against |
|
|
|
# matching requests, but matching these lists does not perform any filtering |
|
|
|
# action. |
|
|
|
#logsitelist = 'etc/e2guardian/lists/logsitelist' |
|
|
|
#logurllist = 'etc/e2guardian/lists/logurllist' |
|
|
|
#logregexpurllist = 'etc/e2guardian/lists/logregexpurllist' |
|
|
|
|
|
|
|
# Outgoing HTTP header rules: |
|
|
|
# Optional lists for blocking based on, and modification of, outgoing HTTP |
|
|
|
# request headers. Format for headerregexplist is one modification rule per |
|
|
|
# line, similar to content/URL modifications. Format for |
|
|
|
# bannedregexpheaderlist is one regular expression per line, with matching |
|
|
|
# headers causing a request to be blocked. |
|
|
|
# Headers are matched/replaced on a line-by-line basis, not as a contiguous |
|
|
|
# block. |
|
|
|
# Use for example, to remove cookies or prevent certain user-agents. |
|
|
|
headerregexplist = 'etc/e2guardian/lists/headerregexplist' |
|
|
|
bannedregexpheaderlist = 'etc/e2guardian/lists/bannedregexpheaderlist' |
|
|
|
addheaderregexplist = 'etc/e2guardian/lists/addheaderregexplist' |
|
|
|
|
|
|
|
# Weighted phrase mode |
|
|
|
# Optional; overrides the weightedphrasemode option in e2guardian.conf |
|
|
|
# for this particular group. See documentation for supported values in |
|
|
|
# that file. |
|
|
|
#weightedphrasemode = 0 |
|
|
|
|
|
|
|
# Naughtiness limit |
|
|
|
# This the limit over which the page will be blocked. Each weighted phrase is given |
|
|
|
# a value either positive or negative and the values added up. Phrases to do with |
|
|
|
# good subjects will have negative values, and bad subjects will have positive |
|
|
|
# values. See the weightedphraselist file for examples. |
|
|
|
# As a guide: |
|
|
|
# 50 is for young children, 100 for old children, 160 for young adults. |
|
|
|
naughtynesslimit = 50 |
|
|
|
|
|
|
|
# Search term blocking |
|
|
|
# Search terms can be extracted from search URLs and filtered using one or |
|
|
|
# both of two different methods. |
|
|
|
|
|
|
|
# Method 1 is that developed by Protex where specific |
|
|
|
# search terms are contained in a bannedsearchlist. |
|
|
|
# (localbannedsearchlist and bannedsearchoveridelist can be used to suppliment |
|
|
|
# and overide this list as required.) |
|
|
|
# These lists contain banned search words combinations on each line. |
|
|
|
# Words are separated by '+' and must be in sorted order within a line. |
|
|
|
# so to block 'sexy girl' then the list must contain the line |
|
|
|
# girl+sexy |
|
|
|
# and this will block both 'sexy girl' and 'girl sexy' |
|
|
|
# To use this method, the searchregexplist must be enabled and the bannedsearchlist(s) defined |
|
|
|
|
|
|
|
# Method 2 is uses the |
|
|
|
# bannedphraselist, weightedphraselist and exceptionphraselist, with a separate |
|
|
|
# threshold for blocking than that used for normal page content. |
|
|
|
# To do this, the searchregexplist must be enabled and searchtermlimit |
|
|
|
# must be grater than 0. |
|
|
|
|
|
|
|
# |
|
|
|
# Search engine regular expression list (need for both options) |
|
|
|
# List of regular expressions for matching search engine URLs. It is assumed |
|
|
|
# that the search terms themselves will be contained in the |
|
|
|
# of output of each expression. |
|
|
|
#searchregexplist = 'etc/e2guardian/lists/searchregexplist' |
|
|
|
# |
|
|
|
# Banned Search Term list(s) for option 1 |
|
|
|
#bannedsearchlist = 'etc/e2guardian/lists/bannedsearchlist' |
|
|
|
#bannedsearchoveridelist = 'etc/e2guardian/lists/bannedsearchoveridelist' |
|
|
|
|
|
|
|
|
|
|
|
# Search term limit (for Option 2) |
|
|
|
# The limit over which requests will be blocked for containing search terms |
|
|
|
# which match the weightedphraselist. This should usually be lower than the |
|
|
|
# 'naughtynesslimit' value above, because the amount of text being filtered |
|
|
|
# is only a few words, rather than a whole page. |
|
|
|
# This option must be uncommented if searchregexplist is uncommented. |
|
|
|
# A value of 0 here indicates that search terms should be extracted, |
|
|
|
# but no phrase filtering should be performed on the resulting text. |
|
|
|
#searchtermlimit = 0 |
|
|
|
# |
|
|
|
# Search term phrase lists (for Option 2) |
|
|
|
# If the three lines below are uncommented, search term blocking will use |
|
|
|
# the banned, weighted & exception phrases from these lists, instead of using |
|
|
|
# the same phrase lists as for page content. This is optional but recommended, |
|
|
|
# as weights for individual phrases in the "normal" lists may not be |
|
|
|
# appropriate for blocking when those phrases appear in a much smaller block |
|
|
|
# of text. |
|
|
|
# Please note that all or none of the below should be uncommented, not a |
|
|
|
# mixture. |
|
|
|
#bannedsearchtermlist = 'etc/e2guardian/lists/bannedsearchtermlist' |
|
|
|
#weightedsearchtermlist = 'etc/e2guardian/lists/weightedsearchtermlist' |
|
|
|
#exceptionsearchtermlist = 'etc/e2guardian/lists/exceptionsearchtermlist' |
|
|
|
|
|
|
|
# Category display threshold |
|
|
|
# This option only applies to pages blocked by weighted phrase filtering. |
|
|
|
# Defines the minimum score that must be accumulated within a particular |
|
|
|
# category in order for it to show up on the block pages' category list. |
|
|
|
# All categories under which the page scores positively will be logged; those |
|
|
|
# that were not displayed to the user appear in brackets. |
|
|
|
# |
|
|
|
# -1 = display only the highest scoring category |
|
|
|
# 0 = display all categories (default) |
|
|
|
# > 0 = minimum score for a category to be displayed |
|
|
|
categorydisplaythreshold = 0 |
|
|
|
|
|
|
|
# Embedded URL weighting |
|
|
|
# When set to something greater than zero, this option causes URLs embedded within a |
|
|
|
# page's HTML (from links, image tags, etc.) to be extracted and checked against the |
|
|
|
# bannedsitelist and bannedurllist. Each link to a banned page causes the amount set |
|
|
|
# here to be added to the page's weighting. |
|
|
|
# The behaviour of this option with regards to multiple occurrences of a site/URL is |
|
|
|
# affected by the weightedphrasemode setting. |
|
|
|
# |
|
|
|
# NB: Currently, this feature uses regular expressions that require the PCRE library. |
|
|
|
# As such, it is only available if you compiled DansGuardian with '--enable-pcre=yes'. |
|
|
|
# You can check compile-time options by running 'e2guardian -v'. |
|
|
|
# |
|
|
|
# Set to 0 to disable. |
|
|
|
# Defaults to 0. |
|
|
|
# WARNING: This option is highly CPU intensive! |
|
|
|
embeddedurlweight = 0 |
|
|
|
|
|
|
|
# Enable PICS rating support |
|
|
|
# |
|
|
|
# Defaults to disabled |
|
|
|
# (on | off) |
|
|
|
enablepics = off |
|
|
|
|
|
|
|
# Temporary Denied Page Bypass |
|
|
|
# This provides a link on the denied page to bypass the ban for a few minutes. To be |
|
|
|
# secure it uses a random hashed secret generated at daemon startup. You define the |
|
|
|
# number of seconds the bypass will function for before the deny will appear again. |
|
|
|
# To allow the link on the denied page to appear you will need to edit the template.html |
|
|
|
# or e2guardian.pl file for your language. |
|
|
|
# 300 = enable for 5 minutes |
|
|
|
# 0 = disable ( defaults to 0 ) |
|
|
|
# -1 = enable but you require a separate program/CGI to generate a valid link |
|
|
|
bypass = 0 |
|
|
|
|
|
|
|
# Temporary Denied Page Bypass Secret Key |
|
|
|
# Rather than generating a random key you can specify one. It must be more than 8 chars. |
|
|
|
# '' = generate a random one (recommended and default) |
|
|
|
# 'Mary had a little lamb.' = an example |
|
|
|
# '76b42abc1cd0fdcaf6e943dcbc93b826' = an example |
|
|
|
bypasskey = '' |
|
|
|
|
|
|
|
# Infection/Scan Error Bypass |
|
|
|
# Similar to the 'bypass' setting, but specifically for bypassing files scanned and found |
|
|
|
# to be infected, or files that trigger scanner errors - for example, archive types with |
|
|
|
# recognised but unsupported compression schemes, or corrupt archives. |
|
|
|
# The option specifies the number of seconds for which the bypass link will be valid. |
|
|
|
# 300 = enable for 5 minutes |
|
|
|
# 0 = disable (default) |
|
|
|
# -1 = enable, but require a separate program/CGI to generate a valid link |
|
|
|
infectionbypass = 0 |
|
|
|
|
|
|
|
# Infection/Scan Error Bypass Secret Key |
|
|
|
# Same as the 'bypasskey' option, but used for infection bypass mode. |
|
|
|
infectionbypasskey = '' |
|
|
|
|
|
|
|
# Infection/Scan Error Bypass on Scan Errors Only |
|
|
|
# Enable this option to allow infectionbypass links only when virus scanning fails, |
|
|
|
# not when a file is found to contain a virus. |
|
|
|
# on = enable (default and highly recommended) |
|
|
|
# off = disable |
|
|
|
infectionbypasserrorsonly = on |
|
|
|
|
|
|
|
# Disable content scanning |
|
|
|
# If you enable this option you will disable content scanning for this group. |
|
|
|
# Content scanning primarily is AV scanning (if enabled) but could include |
|
|
|
# other types. |
|
|
|
# (on|off) default = off. |
|
|
|
disablecontentscan = off |
|
|
|
|
|
|
|
# Enable Deep URL Analysis |
|
|
|
# When enabled, DG looks for URLs within URLs, checking against the bannedsitelist and |
|
|
|
# bannedurllist. This can be used, for example, to block images originating from banned |
|
|
|
# sites from appearing in Google Images search results, as the original URLs are |
|
|
|
# embedded in the thumbnail GET requests. |
|
|
|
# (on|off) default = off |
|
|
|
deepurlanalysis = off |
|
|
|
|
|
|
|
# reportinglevel |
|
|
|
# |
|
|
|
# -1 = log, but do not block - Stealth mode |
|
|
|
# 0 = just say 'Access Denied' |
|
|
|
# 1 = report why but not what denied phrase |
|
|
|
# 2 = report fully |
|
|
|
# 3 = use HTML template file (accessdeniedaddress ignored) - recommended |
|
|
|
# |
|
|
|
# If defined, this overrides the global setting in e2guardian.conf for |
|
|
|
# members of this filter group. |
|
|
|
# |
|
|
|
reportinglevel = 3 |
|
|
|
|
|
|
|
# accessdeniedaddress is the address of your web server to which the cgi |
|
|
|
# e2guardian reporting script was copied. Only used in reporting levels |
|
|
|
# 1 and 2. |
|
|
|
# |
|
|
|
# This webserver must be either: |
|
|
|
# 1. Non-proxied. Either a machine on the local network, or listed as an |
|
|
|
# exception in your browser's proxy configuration. |
|
|
|
# 2. Added to the exceptionsitelist. Option 1 is preferable; this option is |
|
|
|
# only for users using both transparent proxying and a non-local server |
|
|
|
# to host this script. |
|
|
|
# |
|
|
|
# If defined, this overrides the global setting in e2guardian.conf for |
|
|
|
# members of this filter group. |
|
|
|
# |
|
|
|
#accessdeniedaddress = 'http://YOURSERVER.YOURDOMAIN/cgi-bin/e2guardian.pl' |
|
|
|
|
|
|
|
# sslaccessdeniedaddress is the address of your web server to which the static page |
|
|
|
# e2guardian reporting was copied. Only used in reporting levels 3 (avoid blank page) |
|
|
|
# Work only in firefox with ssldeniedrewrite off |
|
|
|
|
|
|
|
# sslaccessdeniedaddress = 'http://YOURSERVER.YOURDOMAIN/denyssl.htm' |
|
|
|
|
|
|
|
# Break SSL protocol and redirect to another HTTPS website for denied page (sslaccessdeniedaddress url) |
|
|
|
|
|
|
|
#ssldeniedrewrite = 'on' |
|
|
|
|
|
|
|
# HTML Template override |
|
|
|
# If defined, this specifies a custom HTML template file for members of this |
|
|
|
# filter group, overriding the global setting in e2guardian.conf. This is |
|
|
|
# only used in reporting level 3. |
|
|
|
# |
|
|
|
# The default template file path is <languagedir>/<language>/template.h |
|
|
|
# e.g. share/e2guardian/languages/ukenglish/template.html when using 'ukenglish' |
|
|
|
# language. |
|
|
|
# |
|
|
|
# This option generates a file path of the form: |
|
|
|
# <languagedir>/<language>/<htmltemplate> |
|
|
|
# e.g. share/e2guardian/languages/ukenglish/custom.html |
|
|
|
# |
|
|
|
#htmltemplate = 'custom.html' |
|
|
|
|
|
|
|
# Non standard delimiter (only used with accessdeniedaddress) |
|
|
|
# To help preserve the full banned URL, including parameters, the variables |
|
|
|
# passed into the access denied CGI are separated using non-standard |
|
|
|
# delimiters. This can be useful to ensure correct operation of the filter |
|
|
|
# bypass modes. Parameters are split using "::" in place of "&", and "==" in |
|
|
|
# place of "=". |
|
|
|
# Default is enabled, but to go back to the standard mode, disable it. |
|
|
|
|
|
|
|
#nonstandarddelimiter = off |
|
|
|
|
|
|
|
# Email reporting - original patch by J. Gauthier |
|
|
|
|
|
|
|
# Use SMTP |
|
|
|
# If on, will enable system wide events to be reported by email. |
|
|
|
# need to configure mail program (see 'mailer' in global config) |
|
|
|
# and email recipients |
|
|
|
# default usesmtp = off |
|
|
|
#!! Not compiled !!usesmtp = off |
|
|
|
|
|
|
|
# mailfrom |
|
|
|
# who the email would come from |
|
|
|
# example: mailfrom = 'e2guardian@mycompany.com' |
|
|
|
#!! Not compiled !!mailfrom = '' |
|
|
|
|
|
|
|
# avadmin |
|
|
|
# who the virus emails go to (if notify av is on) |
|
|
|
# example: avadmin = 'admin@mycompany.com' |
|
|
|
#!! Not compiled !!avadmin = '' |
|
|
|
|
|
|
|
# contentdmin |
|
|
|
# who the content emails go to (when thresholds are exceeded) |
|
|
|
# and contentnotify is on |
|
|
|
# example: contentadmin = 'admin@mycompany.com' |
|
|
|
#!! Not compiled !!contentadmin = '' |
|
|
|
|
|
|
|
# avsubject |
|
|
|
# Subject of the email sent when a virus is caught. |
|
|
|
# only applicable if notifyav is on |
|
|
|
# default avsubject = 'e2guardian virus block' |
|
|
|
#!! Not compiled !!avsubject = 'e2guardian virus block' |
|
|
|
|
|
|
|
# content |
|
|
|
# Subject of the email sent when violation thresholds are exceeded |
|
|
|
# default contentsubject = 'e2guardian violation' |
|
|
|
#!! Not compiled !!contentsubject = 'e2guardian violation' |
|
|
|
|
|
|
|
# notifyAV |
|
|
|
# This will send a notification, if usesmtp/notifyav is on, any time an |
|
|
|
# infection is found. |
|
|
|
# Important: If this option is off, viruses will still be recorded like a |
|
|
|
# content infraction. |
|
|
|
#!! Not compiled !!notifyav = off |
|
|
|
|
|
|
|
# notifycontent |
|
|
|
# This will send a notification, if usesmtp is on, based on thresholds |
|
|
|
# below |
|
|
|
#!! Not compiled !!notifycontent = off |
|
|
|
|
|
|
|
# thresholdbyuser |
|
|
|
# results are only predictable with user authenticated configs |
|
|
|
# if enabled the violation/threshold count is kept track of by the user |
|
|
|
#!! Not compiled !!thresholdbyuser = off |
|
|
|
|
|
|
|
#violations |
|
|
|
# number of violations before notification |
|
|
|
# setting to 0 will never trigger a notification |
|
|
|
#!! Not compiled !!violations = 0 |
|
|
|
|
|
|
|
#threshold |
|
|
|
# this is in seconds. If 'violations' occur in 'threshold' seconds, then |
|
|
|
# a notification is made. |
|
|
|
# if this is set to 0, then whenever the set number of violations are made a |
|
|
|
# notifaction will be sent. |
|
|
|
#!! Not compiled !!threshold = 0 |
|
|
|
|
|
|
|
#SSL certificate checking |
|
|
|
# Check that ssl certificates for servers on https connections are valid |
|
|
|
# and signed by a ca in the configured path |
|
|
|
sslcertcheck = off |
|
|
|
|
|
|
|
#SSL man in the middle |
|
|
|
# Forge ssl certificates for all sites, decrypt the data then re encrypt it |
|
|
|
# using a different private key. Used to filter ssl sites |
|
|
|
sslmitm = off |
|
|
|
|