diff --git a/net/e2guardian/Makefile b/net/e2guardian/Makefile new file mode 100644 index 000000000..0823d95fc --- /dev/null +++ b/net/e2guardian/Makefile @@ -0,0 +1,78 @@ +# +# Copyright (C) 2015 OpenWrt.org +# +# This is free software, licensed under the GNU General Public License v2. +# See /LICENSE for more information. +# + +include $(TOPDIR)/rules.mk + +PKG_NAME:=e2guardian +PKG_VERSION:=3.0.4 +PKG_RELEASE:=1 + +PKG_LICENSE:=GPL-2.0 +PKG_MAINTAINER:=Luka Perkov + +PKG_SOURCE:=v$(PKG_VERSION).tar.gz +PKG_SOURCE_URL:=https://github.com/e2guardian/e2guardian/archive/ +PKG_MD5SUM:=f8ffac7ac4f040b672cc4e62121bf4c5 + +PKG_BUILD_PARALLEL:=1 +PKG_INSTALL:=1 + +include $(INCLUDE_DIR)/uclibc++.mk +include $(INCLUDE_DIR)/package.mk + +define Package/e2guardian + SECTION:=net + DEPENDS:=+libpthread $(CXX_DEPENDS) +zlib +libpcre + CATEGORY:=Network + SUBMENU:=Web Servers/Proxies + TITLE:=E2Guardian + URL:=http://e2guardian.org/cms/ +endef + +define Package/e2guardian/conffiles +/etc/e2guardian/e2guardianf1.conf +/etc/config/e2guardian +endef + +CONFIGURE_VARS += \ + INCLUDES="" \ + CXXFLAGS="$$$$CXXFLAGS -fno-rtti" \ + LIBS="-lpthread" + +CONFIGURE_ARGS += \ + --with-sysconfsubdir=e2guardian \ + --with-proxyuser=root \ + --with-proxygroup=root \ + --enable-pcre=yes + +define Build/Configure + $(call Build/Configure/Default,$CONFIGURE_ARGS) +endef + +define Package/e2guardian/install + $(INSTALL_DIR) $(1)/usr/sbin + $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/sbin/e2guardian $(1)/usr/sbin/ + + $(INSTALL_DIR) $(1)/etc + $(CP) $(PKG_INSTALL_DIR)/etc/e2guardian $(1)/etc/ + $(INSTALL_CONF) ./files/e2guardianf1.conf $(1)/etc/e2guardian/e2guardianf1.conf + + $(INSTALL_DIR) $(1)/etc/config + $(INSTALL_CONF) ./files/e2guardian.config $(1)/etc/config/e2guardian + + $(INSTALL_DIR) $(1)/usr/share/e2guardian + $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/share/e2guardian/transparent1x1.gif $(1)/usr/share/e2guardian/ + $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/share/e2guardian/blockedflash.swf $(1)/usr/share/e2guardian/ + + $(INSTALL_DIR) $(1)/usr/share/e2guardian/languages/ukenglish + $(CP) $(PKG_INSTALL_DIR)/usr/share/e2guardian/languages/ukenglish/* $(1)/usr/share/e2guardian/languages/ukenglish/ + + $(INSTALL_DIR) $(1)/etc/init.d/ + $(INSTALL_BIN) ./files/e2guardian.init $(1)/etc/init.d/e2guardian +endef + +$(eval $(call BuildPackage,e2guardian)) diff --git a/net/e2guardian/files/e2guardian.config b/net/e2guardian/files/e2guardian.config new file mode 100644 index 000000000..2b46f2035 --- /dev/null +++ b/net/e2guardian/files/e2guardian.config @@ -0,0 +1,70 @@ +config e2guardian 'e2guardian' + option config_file '/etc/e2guardian/e2guardianf1.conf' + option languagedir '/usr/share/e2guardian/languages' + option language 'ukenglish' + option loglevel '2' + option logexceptionhits '2' + option logfileformat '1' + option loglocation '/dev/null' + option maxuploadsize '-1' + option filterip '' + option filterports '8080' + option proxyip '127.0.0.1' + option proxyport '3128' + option proxytimeout '20' + option proxyexchange '20' + option pcontimeout '55' + option accessdeniedaddress 'http://YOURSERVER.YOURDOMAIN/cgi-bin/e2guardian.pl' + option usecustombannedimage 'on' + option custombannedimagefile '/usr/share/e2guardian/transparent1x1.gif' + option usecustombannedflash 'on' + option custombannedflashfile '/usr/share/e2guardian/blockedflash.swf' + option filtergroups '1' + option filtergroupslist '/etc/e2guardian/lists/filtergroupslist' + option bannediplist '/etc/e2guardian/lists/bannediplist' + option exceptioniplist '/etc/e2guardian/lists/exceptioniplist' + option perroomdirectory '/etc/e2guardian/lists/bannedrooms/' + option showweightedfound 'on' + option weightedphrasemode '2' + option urlcachenumber '1000' + option urlcacheage '900' + option scancleancache 'on' + option phrasefiltermode '2' + option preservecase '0' + option hexdecodecontent 'off' + option forcequicksearch 'off' + option reverseaddresslookups 'off' + option reverseclientiplookups 'off' + option logclienthostnames 'off' + option createlistcachefiles 'on' + option prefercachedlists 'off' + option maxcontentfiltersize '256' + option maxcontentramcachescansize '2000' + option maxcontentfilecachescansize '20000' + option filecachedir '/tmp' + option deletedownloadedtempfiles 'on' + option initialtrickledelay '20' + option trickledelay '10' + option downloadmanager '/etc/e2guardian/downloadmanagers/default.conf' + option contentscannertimeout '60' + option contentscanexceptions 'off' + option recheckreplacedurls 'off' + option forwardedfor 'off' + option usexforwardedfor 'off' + option logconnectionhandlingerrors 'on' + option logchildprocesshandling 'off' + option maxchildren '180' + option minchildren '20' + option minsparechildren '16' + option preforkchildren '10' + option maxsparechildren '32' + option maxagechildren '500' + option maxips '0' + option ipcfilename '/tmp/.dguardianipc' + option urlipcfilename '/tmp/.dguardianurlipc' + option ipipcfilename '/tmp/.dguardianipipc' + option nodaemon 'off' + option nologger 'off' + option logadblocks 'off' + option loguseragent 'off' + option softrestart 'off' diff --git a/net/e2guardian/files/e2guardian.init b/net/e2guardian/files/e2guardian.init new file mode 100644 index 000000000..132b61f83 --- /dev/null +++ b/net/e2guardian/files/e2guardian.init @@ -0,0 +1,192 @@ +#!/bin/sh /etc/rc.common +# Copyright (C) 2015 OpenWrt.org + +START=90 +STOP=10 + +USE_PROCD=1 +PROG=/usr/sbin/e2guardian +CONFIGFILE="/tmp/e2guardian/e2guardian.conf" + +validate_e2guardian_section() { + uci_validate_section e2guardian e2guardian "${1}" \ + 'config_file:string' \ + 'accessdeniedaddress:string' \ + 'bannediplist:string' \ + 'contentscanexceptions:string' \ + 'contentscannertimeout:uinteger' \ + 'createlistcachefiles:string' \ + 'custombannedflashfile:string' \ + 'custombannedimagefile:string' \ + 'deletedownloadedtempfiles:string' \ + 'downloadmanager:string' \ + 'exceptioniplist:string' \ + 'filecachedir:string' \ + 'filtergroups:uinteger' \ + 'filtergroupslist:string' \ + 'filterip:ipaddr' \ + 'filterports:port:8080' \ + 'forcequicksearch:string' \ + 'forwardedfor:string' \ + 'hexdecodecontent:string' \ + 'initialtrickledelay:uinteger' \ + 'ipcfilename:string' \ + 'ipipcfilename:string' \ + 'languagedir:string' \ + 'language:string' \ + 'logadblocks:string' \ + 'logchildprocesshandling:string' \ + 'logclienthostnames:string' \ + 'logconnectionhandlingerrors:string' \ + 'logexceptionhits:range(0,2)' \ + 'logfileformat:range(1,6)' \ + 'loglevel:range(0,3)' \ + 'loglocation:string' \ + 'loguseragent:string' \ + 'maxagechildren:uinteger' \ + 'maxchildren:uinteger' \ + 'maxcontentfilecachescansize:uinteger' \ + 'maxcontentfiltersize:uinteger' \ + 'maxcontentramcachescansize:uinteger' \ + 'maxips:uinteger' \ + 'maxsparechildren:uinteger' \ + 'maxuploadsize:integer' \ + 'minchildren:uinteger' \ + 'minsparechildren:uinteger' \ + 'nodaemon:string' \ + 'nologger:string' \ + 'pcontimeout:range(5,300)' \ + 'perroomdirectory:string' \ + 'phrasefiltermode:range(0,3)' \ + 'prefercachedlists:string' \ + 'preforkchildren:uinteger' \ + 'preservecase:range(0,2)' \ + 'proxyexchange:range(20,300)' \ + 'proxyip:ipaddr' \ + 'proxyport:port:3128' \ + 'proxytimeout:range(5,100)' \ + 'recheckreplacedurls:string' \ + 'reverseaddresslookups:string' \ + 'reverseclientiplookups:string' \ + 'scancleancache:string' \ + 'showweightedfound:string' \ + 'softrestart:string' \ + 'trickledelay:uinteger' \ + 'urlcacheage:uinteger' \ + 'urlcachenumber:uinteger' \ + 'urlipcfilename:string' \ + 'usecustombannedflash:string' \ + 'usecustombannedimage:string' \ + 'usexforwardedfor:string' \ + 'weightedphrasemode:range(0,2)' +} + +start_service() { + + local config_file accessdeniedaddress bannediplist contentscanexceptions contentscannertimeout \ + createlistcachefiles custombannedflashfile custombannedimagefile deletedownloadedtempfiles \ + downloadmanager exceptioniplist filecachedir loglocation \ + filtergroups filtergroupslist filterip filterports forcequicksearch forwardedfor hexdecodecontent \ + initialtrickledelay ipcfilename ipipcfilename language languagedir logadblocks logchildprocesshandling \ + logclienthostnames logconnectionhandlingerrors logexceptionhits logfileformat loglevel loguseragent \ + maxagechildren maxchildren maxcontentfilecachescansize maxcontentfiltersize maxcontentramcachescansize \ + maxips maxsparechildren maxuploadsize minchildren minsparechildren nodaemon nologger \ + pcontimeout perroomdirectory phrasefiltermode prefercachedlists preforkchildren preservecase proxyexchange \ + proxyip proxyport proxytimeout recheckreplacedurls reverseaddresslookups reverseclientiplookups scancleancache \ + showweightedfound softrestart trickledelay urlcacheage urlcachenumber urlipcfilename usecustombannedflash \ + usecustombannedimage usexforwardedfor weightedphrasemode + + validate_e2guardian_section e2guardian || { + echo "validation failed" + return 1 + } + + mkdir -p $(dirname $CONFIGFILE) + ln -sf $config_file $(dirname $CONFIGFILE) + + echo "accessdeniedaddress = " $accessdeniedaddress > $CONFIGFILE + echo "bannediplist = " $bannediplist >> $CONFIGFILE + echo "contentscanexceptions = " $contentscanexceptions >> $CONFIGFILE + echo "contentscannertimeout = " $contentscannertimeout >> $CONFIGFILE + echo "createlistcachefiles = " $createlistcachefiles >> $CONFIGFILE + echo "custombannedflashfile = " $custombannedflashfile >> $CONFIGFILE + echo "custombannedimagefile = " $custombannedimagefile >> $CONFIGFILE + echo "deletedownloadedtempfiles = " $deletedownloadedtempfiles >> $CONFIGFILE + echo "downloadmanager = " $downloadmanager >> $CONFIGFILE + echo "exceptioniplist = " $exceptioniplist >> $CONFIGFILE + echo "filecachedir = " $filecachedir >> $CONFIGFILE + echo "filtergroups = " $filtergroups >> $CONFIGFILE + echo "filtergroupslist = " $filtergroupslist >> $CONFIGFILE + echo "filterip = " $filterip >> $CONFIGFILE + echo "filterports = " $filterports >> $CONFIGFILE + echo "forcequicksearch = " $forcequicksearch >> $CONFIGFILE + echo "forwardedfor = " $forwardedfor >> $CONFIGFILE + echo "hexdecodecontent = " $hexdecodecontent >> $CONFIGFILE + echo "initialtrickledelay = " $initialtrickledelay >> $CONFIGFILE + echo "ipcfilename = " $ipcfilename >> $CONFIGFILE + echo "ipipcfilename = " $ipipcfilename >> $CONFIGFILE + echo "language = " $language >> $CONFIGFILE + echo "languagedir = " $languagedir >> $CONFIGFILE + echo "logadblocks = " $logadblocks >> $CONFIGFILE + echo "logchildprocesshandling = " $logchildprocesshandling >> $CONFIGFILE + echo "logclienthostnames = " $logclienthostnames >> $CONFIGFILE + echo "logconnectionhandlingerrors = " $logconnectionhandlingerrors >> $CONFIGFILE + echo "logexceptionhits = " $logexceptionhits >> $CONFIGFILE + echo "logfileformat = " $logfileformat >> $CONFIGFILE + echo "loglevel = " $loglevel >> $CONFIGFILE + echo "loglocation = " $loglocation >> $CONFIGFILE + echo "loguseragent = " $loguseragent >> $CONFIGFILE + echo "maxagechildren = " $maxagechildren >> $CONFIGFILE + echo "maxchildren = " $maxchildren >> $CONFIGFILE + echo "maxcontentfilecachescansize = " $maxcontentfilecachescansize >> $CONFIGFILE + echo "maxcontentfiltersize = " $maxcontentfiltersize >> $CONFIGFILE + echo "maxcontentramcachescansize = " $maxcontentramcachescansize >> $CONFIGFILE + echo "maxips = " $maxips >> $CONFIGFILE + echo "maxsparechildren = " $maxsparechildren >> $CONFIGFILE + echo "maxuploadsize = " $maxuploadsize >> $CONFIGFILE + echo "minchildren = " $minchildren >> $CONFIGFILE + echo "minsparechildren = " $minsparechildren >> $CONFIGFILE + echo "nodaemon = " $nodaemon >> $CONFIGFILE + echo "nologger = " $nologger >> $CONFIGFILE + echo "pcontimeout = " $pcontimeout >> $CONFIGFILE + echo "perroomdirectory = " $perroomdirectory >> $CONFIGFILE + echo "phrasefiltermode = " $phrasefiltermode >> $CONFIGFILE + echo "prefercachedlists = " $prefercachedlists >> $CONFIGFILE + echo "preforkchildren = " $preforkchildren >> $CONFIGFILE + echo "preservecase = " $preservecase >> $CONFIGFILE + echo "proxyexchange = " $proxyexchange >> $CONFIGFILE + echo "proxyip = " $proxyip >> $CONFIGFILE + echo "proxyport = " $proxyport >> $CONFIGFILE + echo "proxytimeout = " $proxytimeout >> $CONFIGFILE + echo "recheckreplacedurls = " $recheckreplacedurls >> $CONFIGFILE + echo "reverseaddresslookups = " $reverseaddresslookups >> $CONFIGFILE + echo "reverseclientiplookups = " $reverseclientiplookups >> $CONFIGFILE + echo "scancleancache = " $scancleancache >> $CONFIGFILE + echo "showweightedfound = " $showweightedfound >> $CONFIGFILE + echo "softrestart = " $softrestart >> $CONFIGFILE + echo "trickledelay = " $trickledelay >> $CONFIGFILE + echo "urlcacheage = " $urlcacheage >> $CONFIGFILE + echo "urlcachenumber = " $urlcachenumber >> $CONFIGFILE + echo "urlipcfilename = " $urlipcfilename >> $CONFIGFILE + echo "usecustombannedflash = " $usecustombannedflash >> $CONFIGFILE + echo "usecustombannedimage = " $usecustombannedimage >> $CONFIGFILE + echo "usexforwardedfor = " $usexforwardedfor >> $CONFIGFILE + echo "weightedphrasemode = " $weightedphrasemode >> $CONFIGFILE + + procd_open_instance + procd_set_param command $PROG -N -c "$CONFIGFILE" + procd_set_param file $CONFIGFILE + procd_set_param respawn + procd_close_instance +} + +stop_service() +{ + e2guardian -s | awk -F':' '{ print $2}' | xargs kill -9 +} + +service_triggers() +{ + procd_add_reload_trigger "e2guardian" + procd_add_validation validate_e2guardian_section +} diff --git a/net/e2guardian/files/e2guardianf1.conf b/net/e2guardian/files/e2guardianf1.conf new file mode 100644 index 000000000..21a145a49 --- /dev/null +++ b/net/e2guardian/files/e2guardianf1.conf @@ -0,0 +1,426 @@ +# e2guardian filter group config file for version 3.0.4 + + +# Filter group mode +# This option determines whether members of this group have their web access +# unfiltered, filtered, or banned. +# +# 0 = banned +# 1 = filtered +# 2 = unfiltered (exception) +# +# Only filter groups with a mode of 1 need to define phrase, URL, site, extension, +# mimetype and PICS lists; in other modes, these options are ignored to conserve +# memory. +# +# Defaults to 0 if unspecified. +# Unauthenticated users are treated as being in the first filter group. +groupmode = 1 + +# Filter group name +# Used to fill in the -FILTERGROUP- placeholder in the HTML template file, and to +# name the group in the access logs +# Defaults to empty string +#groupname = '' +groupname = '' + +# Content filtering files location +bannedphraselist = 'etc/e2guardian/lists/bannedphraselist' +weightedphraselist = 'etc/e2guardian/lists/weightedphraselist' +exceptionphraselist = 'etc/e2guardian/lists/exceptionphraselist' +bannedsitelist = 'etc/e2guardian/lists/bannedsitelist' +greysitelist = 'etc/e2guardian/lists/greysitelist' +bannedsslsitelist = 'etc/e2guardian/lists/bannedsslsitelist' +greysslsitelist = 'etc/e2guardian/lists/greysslsitelist' +exceptionsitelist = 'etc/e2guardian/lists/exceptionsitelist' +bannedurllist = 'etc/e2guardian/lists/bannedurllist' +greyurllist = 'etc/e2guardian/lists/greyurllist' +exceptionurllist = 'etc/e2guardian/lists/exceptionurllist' +exceptionregexpurllist = 'etc/e2guardian/lists/exceptionregexpurllist' +bannedregexpurllist = 'etc/e2guardian/lists/bannedregexpurllist' +picsfile = 'etc/e2guardian/lists/pics' +contentregexplist = 'etc/e2guardian/lists/contentregexplist' +urlregexplist = 'etc/e2guardian/lists/urlregexplist' +refererexceptionsitelist = 'etc/e2guardian/lists/refererexceptionsitelist' +refererexceptionurllist = 'etc/e2guardian/lists/refererexceptionurllist' +embededreferersitelist = 'etc/e2guardian/lists/embededreferersitelist' +embededrefererurllist = 'etc/e2guardian/lists/embededrefererurllist' +urlredirectregexplist = 'etc/e2guardian/lists/urlredirectregexplist' + +# local versions of lists (where LOCAL_LISTS enabled) +#localbannedsitelist = 'etc/e2guardian/lists/localbannedsitelist' +#localgreysitelist = 'etc/e2guardian/lists/localgreysitelist' +#localexceptionsitelist = 'etc/e2guardian/lists/localexceptionsitelist' +#localbannedurllist = 'etc/e2guardian/lists/localbannedurllist' +#localgreyurllist = 'etc/e2guardian/lists/localgreyurllist' +#localexceptionurllist = 'etc/e2guardian/lists/localexceptionurllist' +#localbannedsslsitelist = 'etc/e2guardian/lists/localbannedsslsitelist' +#localgreysslsitelist = 'etc/e2guardian/lists/localgreysslsitelist' +#localbannedsearchlist = 'etc/e2guardian/lists/localbannedsearchlist' + +!! Not compiled !! authexceptionsitelist = 'etc/e2guardian/lists/authexceptionsitelist' +!! Not compiled !! authexceptionurllist = 'etc/e2guardian/lists/authexceptionurllist' + +# Filetype filtering +# +# Allow bannedregexpurllist with grey list mode +# bannedregexpheaderlist and bannedregexpurllist +# +# bannedregexwithblanketblock = off +# +# Blanket download blocking +# If enabled, all files will be blocked, unless they match the +# exceptionextensionlist or exceptionmimetypelist. +# These lists do not override virus scanning. +# Exception lists defined above override all types of filtering, including +# the blanket download block. +# Defaults to disabled. +# (on | off) +# +blockdownloads = off +exceptionextensionlist = 'etc/e2guardian/lists/exceptionextensionlist' +exceptionmimetypelist = 'etc/e2guardian/lists/exceptionmimetypelist' +# +# Use the following lists to block specific kinds of file downloads. +# The two exception lists above can be used to override these. +# +bannedextensionlist = 'etc/e2guardian/lists/bannedextensionlist' +bannedmimetypelist = 'etc/e2guardian/lists/bannedmimetypelist' +# +# In either file filtering mode, the following list can be used to override +# MIME type & extension blocks for particular domains & URLs (trusted download sites). +# +exceptionfilesitelist = 'etc/e2guardian/lists/exceptionfilesitelist' +exceptionfileurllist = 'etc/e2guardian/lists/exceptionfileurllist' + +# POST protection (web upload and forms) +# does not block forms without any file upload, i.e. this is just for +# blocking or limiting uploads +# measured in kibibytes after MIME encoding and header bumph +# use 0 for a complete block +# use higher (e.g. 512 = 512Kbytes) for limiting +# use -1 for no blocking +#maxuploadsize = 512 +#maxuploadsize = 0 +maxuploadsize = -1 + +# Categorise without blocking: +# Supply categorised lists here and the category string shall be logged against +# matching requests, but matching these lists does not perform any filtering +# action. +#logsitelist = 'etc/e2guardian/lists/logsitelist' +#logurllist = 'etc/e2guardian/lists/logurllist' +#logregexpurllist = 'etc/e2guardian/lists/logregexpurllist' + +# Outgoing HTTP header rules: +# Optional lists for blocking based on, and modification of, outgoing HTTP +# request headers. Format for headerregexplist is one modification rule per +# line, similar to content/URL modifications. Format for +# bannedregexpheaderlist is one regular expression per line, with matching +# headers causing a request to be blocked. +# Headers are matched/replaced on a line-by-line basis, not as a contiguous +# block. +# Use for example, to remove cookies or prevent certain user-agents. +headerregexplist = 'etc/e2guardian/lists/headerregexplist' +bannedregexpheaderlist = 'etc/e2guardian/lists/bannedregexpheaderlist' +addheaderregexplist = 'etc/e2guardian/lists/addheaderregexplist' + +# Weighted phrase mode +# Optional; overrides the weightedphrasemode option in e2guardian.conf +# for this particular group. See documentation for supported values in +# that file. +#weightedphrasemode = 0 + +# Naughtiness limit +# This the limit over which the page will be blocked. Each weighted phrase is given +# a value either positive or negative and the values added up. Phrases to do with +# good subjects will have negative values, and bad subjects will have positive +# values. See the weightedphraselist file for examples. +# As a guide: +# 50 is for young children, 100 for old children, 160 for young adults. +naughtynesslimit = 50 + +# Search term blocking +# Search terms can be extracted from search URLs and filtered using one or +# both of two different methods. + +# Method 1 is that developed by Protex where specific +# search terms are contained in a bannedsearchlist. +# (localbannedsearchlist and bannedsearchoveridelist can be used to suppliment +# and overide this list as required.) +# These lists contain banned search words combinations on each line. +# Words are separated by '+' and must be in sorted order within a line. +# so to block 'sexy girl' then the list must contain the line +# girl+sexy +# and this will block both 'sexy girl' and 'girl sexy' +# To use this method, the searchregexplist must be enabled and the bannedsearchlist(s) defined + +# Method 2 is uses the +# bannedphraselist, weightedphraselist and exceptionphraselist, with a separate +# threshold for blocking than that used for normal page content. +# To do this, the searchregexplist must be enabled and searchtermlimit +# must be grater than 0. + +# +# Search engine regular expression list (need for both options) +# List of regular expressions for matching search engine URLs. It is assumed +# that the search terms themselves will be contained in the +# of output of each expression. +#searchregexplist = 'etc/e2guardian/lists/searchregexplist' +# +# Banned Search Term list(s) for option 1 +#bannedsearchlist = 'etc/e2guardian/lists/bannedsearchlist' +#bannedsearchoveridelist = 'etc/e2guardian/lists/bannedsearchoveridelist' + + +# Search term limit (for Option 2) +# The limit over which requests will be blocked for containing search terms +# which match the weightedphraselist. This should usually be lower than the +# 'naughtynesslimit' value above, because the amount of text being filtered +# is only a few words, rather than a whole page. +# This option must be uncommented if searchregexplist is uncommented. +# A value of 0 here indicates that search terms should be extracted, +# but no phrase filtering should be performed on the resulting text. +#searchtermlimit = 0 +# +# Search term phrase lists (for Option 2) +# If the three lines below are uncommented, search term blocking will use +# the banned, weighted & exception phrases from these lists, instead of using +# the same phrase lists as for page content. This is optional but recommended, +# as weights for individual phrases in the "normal" lists may not be +# appropriate for blocking when those phrases appear in a much smaller block +# of text. +# Please note that all or none of the below should be uncommented, not a +# mixture. +#bannedsearchtermlist = 'etc/e2guardian/lists/bannedsearchtermlist' +#weightedsearchtermlist = 'etc/e2guardian/lists/weightedsearchtermlist' +#exceptionsearchtermlist = 'etc/e2guardian/lists/exceptionsearchtermlist' + +# Category display threshold +# This option only applies to pages blocked by weighted phrase filtering. +# Defines the minimum score that must be accumulated within a particular +# category in order for it to show up on the block pages' category list. +# All categories under which the page scores positively will be logged; those +# that were not displayed to the user appear in brackets. +# +# -1 = display only the highest scoring category +# 0 = display all categories (default) +# > 0 = minimum score for a category to be displayed +categorydisplaythreshold = 0 + +# Embedded URL weighting +# When set to something greater than zero, this option causes URLs embedded within a +# page's HTML (from links, image tags, etc.) to be extracted and checked against the +# bannedsitelist and bannedurllist. Each link to a banned page causes the amount set +# here to be added to the page's weighting. +# The behaviour of this option with regards to multiple occurrences of a site/URL is +# affected by the weightedphrasemode setting. +# +# NB: Currently, this feature uses regular expressions that require the PCRE library. +# As such, it is only available if you compiled DansGuardian with '--enable-pcre=yes'. +# You can check compile-time options by running 'e2guardian -v'. +# +# Set to 0 to disable. +# Defaults to 0. +# WARNING: This option is highly CPU intensive! +embeddedurlweight = 0 + +# Enable PICS rating support +# +# Defaults to disabled +# (on | off) +enablepics = off + +# Temporary Denied Page Bypass +# This provides a link on the denied page to bypass the ban for a few minutes. To be +# secure it uses a random hashed secret generated at daemon startup. You define the +# number of seconds the bypass will function for before the deny will appear again. +# To allow the link on the denied page to appear you will need to edit the template.html +# or e2guardian.pl file for your language. +# 300 = enable for 5 minutes +# 0 = disable ( defaults to 0 ) +# -1 = enable but you require a separate program/CGI to generate a valid link +bypass = 0 + +# Temporary Denied Page Bypass Secret Key +# Rather than generating a random key you can specify one. It must be more than 8 chars. +# '' = generate a random one (recommended and default) +# 'Mary had a little lamb.' = an example +# '76b42abc1cd0fdcaf6e943dcbc93b826' = an example +bypasskey = '' + +# Infection/Scan Error Bypass +# Similar to the 'bypass' setting, but specifically for bypassing files scanned and found +# to be infected, or files that trigger scanner errors - for example, archive types with +# recognised but unsupported compression schemes, or corrupt archives. +# The option specifies the number of seconds for which the bypass link will be valid. +# 300 = enable for 5 minutes +# 0 = disable (default) +# -1 = enable, but require a separate program/CGI to generate a valid link +infectionbypass = 0 + +# Infection/Scan Error Bypass Secret Key +# Same as the 'bypasskey' option, but used for infection bypass mode. +infectionbypasskey = '' + +# Infection/Scan Error Bypass on Scan Errors Only +# Enable this option to allow infectionbypass links only when virus scanning fails, +# not when a file is found to contain a virus. +# on = enable (default and highly recommended) +# off = disable +infectionbypasserrorsonly = on + +# Disable content scanning +# If you enable this option you will disable content scanning for this group. +# Content scanning primarily is AV scanning (if enabled) but could include +# other types. +# (on|off) default = off. +disablecontentscan = off + +# Enable Deep URL Analysis +# When enabled, DG looks for URLs within URLs, checking against the bannedsitelist and +# bannedurllist. This can be used, for example, to block images originating from banned +# sites from appearing in Google Images search results, as the original URLs are +# embedded in the thumbnail GET requests. +# (on|off) default = off +deepurlanalysis = off + +# reportinglevel +# +# -1 = log, but do not block - Stealth mode +# 0 = just say 'Access Denied' +# 1 = report why but not what denied phrase +# 2 = report fully +# 3 = use HTML template file (accessdeniedaddress ignored) - recommended +# +# If defined, this overrides the global setting in e2guardian.conf for +# members of this filter group. +# +reportinglevel = 3 + +# accessdeniedaddress is the address of your web server to which the cgi +# e2guardian reporting script was copied. Only used in reporting levels +# 1 and 2. +# +# This webserver must be either: +# 1. Non-proxied. Either a machine on the local network, or listed as an +# exception in your browser's proxy configuration. +# 2. Added to the exceptionsitelist. Option 1 is preferable; this option is +# only for users using both transparent proxying and a non-local server +# to host this script. +# +# If defined, this overrides the global setting in e2guardian.conf for +# members of this filter group. +# +#accessdeniedaddress = 'http://YOURSERVER.YOURDOMAIN/cgi-bin/e2guardian.pl' + +# sslaccessdeniedaddress is the address of your web server to which the static page +# e2guardian reporting was copied. Only used in reporting levels 3 (avoid blank page) +# Work only in firefox with ssldeniedrewrite off + +# sslaccessdeniedaddress = 'http://YOURSERVER.YOURDOMAIN/denyssl.htm' + +# Break SSL protocol and redirect to another HTTPS website for denied page (sslaccessdeniedaddress url) + +#ssldeniedrewrite = 'on' + +# HTML Template override +# If defined, this specifies a custom HTML template file for members of this +# filter group, overriding the global setting in e2guardian.conf. This is +# only used in reporting level 3. +# +# The default template file path is //template.h +# e.g. share/e2guardian/languages/ukenglish/template.html when using 'ukenglish' +# language. +# +# This option generates a file path of the form: +# // +# e.g. share/e2guardian/languages/ukenglish/custom.html +# +#htmltemplate = 'custom.html' + +# Non standard delimiter (only used with accessdeniedaddress) +# To help preserve the full banned URL, including parameters, the variables +# passed into the access denied CGI are separated using non-standard +# delimiters. This can be useful to ensure correct operation of the filter +# bypass modes. Parameters are split using "::" in place of "&", and "==" in +# place of "=". +# Default is enabled, but to go back to the standard mode, disable it. + +#nonstandarddelimiter = off + +# Email reporting - original patch by J. Gauthier + +# Use SMTP +# If on, will enable system wide events to be reported by email. +# need to configure mail program (see 'mailer' in global config) +# and email recipients +# default usesmtp = off +#!! Not compiled !!usesmtp = off + +# mailfrom +# who the email would come from +# example: mailfrom = 'e2guardian@mycompany.com' +#!! Not compiled !!mailfrom = '' + +# avadmin +# who the virus emails go to (if notify av is on) +# example: avadmin = 'admin@mycompany.com' +#!! Not compiled !!avadmin = '' + +# contentdmin +# who the content emails go to (when thresholds are exceeded) +# and contentnotify is on +# example: contentadmin = 'admin@mycompany.com' +#!! Not compiled !!contentadmin = '' + +# avsubject +# Subject of the email sent when a virus is caught. +# only applicable if notifyav is on +# default avsubject = 'e2guardian virus block' +#!! Not compiled !!avsubject = 'e2guardian virus block' + +# content +# Subject of the email sent when violation thresholds are exceeded +# default contentsubject = 'e2guardian violation' +#!! Not compiled !!contentsubject = 'e2guardian violation' + +# notifyAV +# This will send a notification, if usesmtp/notifyav is on, any time an +# infection is found. +# Important: If this option is off, viruses will still be recorded like a +# content infraction. +#!! Not compiled !!notifyav = off + +# notifycontent +# This will send a notification, if usesmtp is on, based on thresholds +# below +#!! Not compiled !!notifycontent = off + +# thresholdbyuser +# results are only predictable with user authenticated configs +# if enabled the violation/threshold count is kept track of by the user +#!! Not compiled !!thresholdbyuser = off + +#violations +# number of violations before notification +# setting to 0 will never trigger a notification +#!! Not compiled !!violations = 0 + +#threshold +# this is in seconds. If 'violations' occur in 'threshold' seconds, then +# a notification is made. +# if this is set to 0, then whenever the set number of violations are made a +# notifaction will be sent. +#!! Not compiled !!threshold = 0 + +#SSL certificate checking +# Check that ssl certificates for servers on https connections are valid +# and signed by a ca in the configured path +sslcertcheck = off + +#SSL man in the middle +# Forge ssl certificates for all sites, decrypt the data then re encrypt it +# using a different private key. Used to filter ssl sites +sslmitm = off +