# DansGuardian filter group config file for version 2.12.0.0 # Filter group mode # This option determines whether members of this group have their web access # unfiltered, filtered, or banned. This mechanism replaces the "banneduserlist" # and "exceptionuserlist" files from previous versions. # # 0 = banned # 1 = filtered # 2 = unfiltered (exception) # # Only filter groups with a mode of 1 need to define phrase, URL, site, extension, # mimetype and PICS lists; in other modes, these options are ignored to conserve # memory. # # Defaults to 0 if unspecified. # Unauthenticated users are treated as being in the first filter group. groupmode = 1 # Filter group name # Used to fill in the -FILTERGROUP- placeholder in the HTML template file, and to # name the group in the access logs # Defaults to empty string #groupname = '' # Content filtering files location bannedphraselist = '/etc/dansguardian/lists/bannedphraselist' weightedphraselist = '/etc/dansguardian/lists/weightedphraselist' exceptionphraselist = '/etc/dansguardian/lists/exceptionphraselist' bannedsitelist = '/etc/dansguardian/lists/bannedsitelist' greysitelist = '/etc/dansguardian/lists/greysitelist' exceptionsitelist = '/etc/dansguardian/lists/exceptionsitelist' bannedurllist = '/etc/dansguardian/lists/bannedurllist' greyurllist = '/etc/dansguardian/lists/greyurllist' exceptionurllist = '/etc/dansguardian/lists/exceptionurllist' exceptionregexpurllist = '/etc/dansguardian/lists/exceptionregexpurllist' bannedregexpurllist = '/etc/dansguardian/lists/bannedregexpurllist' picsfile = '/etc/dansguardian/lists/pics' contentregexplist = '/etc/dansguardian/lists/contentregexplist' urlregexplist = '/etc/dansguardian/lists/urlregexplist' # Filetype filtering # # Blanket download blocking # If enabled, all files will be blocked, unless they match the # exceptionextensionlist or exceptionmimetypelist. # These lists do not override virus scanning. # Exception lists defined above override all types of filtering, including # the blanket download block. # Defaults to disabled. # (on | off) # blockdownloads = off exceptionextensionlist = '/etc/dansguardian/lists/exceptionextensionlist' exceptionmimetypelist = '/etc/dansguardian/lists/exceptionmimetypelist' # # Use the following lists to block specific kinds of file downloads. # The two exception lists above can be used to override these. # bannedextensionlist = '/etc/dansguardian/lists/bannedextensionlist' bannedmimetypelist = '/etc/dansguardian/lists/bannedmimetypelist' # # In either file filtering mode, the following list can be used to override # MIME type & extension blocks for particular domains & URLs (trusted download sites). # exceptionfilesitelist = '/etc/dansguardian/lists/exceptionfilesitelist' exceptionfileurllist = '/etc/dansguardian/lists/exceptionfileurllist' # Categorise without blocking: # Supply categorised lists here and the category string shall be logged against # matching requests, but matching these lists does not perform any filtering # action. #logsitelist = '/etc/dansguardian/lists/logsitelist' #logurllist = '/etc/dansguardian/lists/logurllist' #logregexpurllist = '/etc/dansguardian/lists/logregexpurllist' # Outgoing HTTP header rules: # Optional lists for blocking based on, and modification of, outgoing HTTP # request headers. Format for headerregexplist is one modification rule per # line, similar to content/URL modifications. Format for # bannedregexpheaderlist is one regular expression per line, with matching # headers causing a request to be blocked. # Headers are matched/replaced on a line-by-line basis, not as a contiguous # block. # Use for example, to remove cookies or prevent certain user-agents. headerregexplist = '/etc/dansguardian/lists/headerregexplist' bannedregexpheaderlist = '/etc/dansguardian/lists/bannedregexpheaderlist' # Weighted phrase mode # Optional; overrides the weightedphrasemode option in dansguardian.conf # for this particular group. See documentation for supported values in # that file. #weightedphrasemode = 0 # Naughtiness limit # This the limit over which the page will be blocked. Each weighted phrase is given # a value either positive or negative and the values added up. Phrases to do with # good subjects will have negative values, and bad subjects will have positive # values. See the weightedphraselist file for examples. # As a guide: # 50 is for young children, 100 for old children, 160 for young adults. naughtynesslimit = 50 # Search term blocking # Search terms can be extracted from search URLs and filtered using the # bannedphraselist, weightedphraselist and exceptionphraselist, with a separate # threshold for blocking than that used for normal page content. # To do this, the first two options below must be enabled. # # Search engine regular expression list # List of regular expressions for matching search engine URLs. It is assumed # that the search terms themselves will be contained within the first submatch # of each expression. #searchengineregexplist = '/etc/dansguardian/lists/searchengineregexplist' # # Search term limit # The limit over which requests will be blocked for containing search terms # which match the weightedphraselist. This should usually be lower than the # 'naughtynesslimit' value above, because the amount of text being filtered # is only a few words, rather than a whole page. # This option must be uncommented if searchengineregexplist is uncommented. # A value of 0 here indicates that search terms should be extracted, # for logging/reporting purposes, but no filtering should be performed # on the resulting text. #searchtermlimit = 30 # # Search term lists # If the three lines below are uncommented, search term blocking will use # the banned, weighted & exception phrases from these lists, instead of using # the same phrase lists as for page content. This is optional but recommended, # as weights for individual phrases in the "normal" lists may not be # appropriate for blocking when those phrases appear in a much smaller block # of text. # Please note that all or none of the below should be uncommented, not a # mixture. #bannedsearchtermlist = '/etc/dansguardian/lists/bannedsearchtermlist' #weightedsearchtermlist = '/etc/dansguardian/lists/weightedsearchtermlist' #exceptionsearchtermlist = '/etc/dansguardian/lists/exceptionsearchtermlist' # Category display threshold # This option only applies to pages blocked by weighted phrase filtering. # Defines the minimum score that must be accumulated within a particular # category in order for it to show up on the block pages' category list. # All categories under which the page scores positively will be logged; those # that were not displayed to the user appear in brackets. # # -1 = display only the highest scoring category # 0 = display all categories (default) # > 0 = minimum score for a category to be displayed categorydisplaythreshold = 0 # Embedded URL weighting # When set to something greater than zero, this option causes URLs embedded within a # page's HTML (from links, image tags, etc.) to be extracted and checked against the # bannedsitelist and bannedurllist. Each link to a banned page causes the amount set # here to be added to the page's weighting. # The behaviour of this option with regards to multiple occurrences of a site/URL is # affected by the weightedphrasemode setting. # # NB: Currently, this feature uses regular expressions that require the PCRE library. # As such, it is only available if you compiled DansGuardian with '--enable-pcre=yes'. # You can check compile-time options by running 'dansguardian -v'. # # Set to 0 to disable. # Defaults to 0. # WARNING: This option is highly CPU intensive! embeddedurlweight = 0 # Enable PICS rating support # # Defaults to disabled # (on | off) enablepics = off # Temporary Denied Page Bypass # This provides a link on the denied page to bypass the ban for a few minutes. To be # secure it uses a random hashed secret generated at daemon startup. You define the # number of seconds the bypass will function for before the deny will appear again. # To allow the link on the denied page to appear you will need to edit the template.html # or dansguardian.pl file for your language. # 300 = enable for 5 minutes # 0 = disable ( defaults to 0 ) # -1 = enable but you require a separate program/CGI to generate a valid link bypass = 0 # Temporary Denied Page Bypass Secret Key # Rather than generating a random key you can specify one. It must be more than 8 chars. # '' = generate a random one (recommended and default) # 'Mary had a little lamb.' = an example # '76b42abc1cd0fdcaf6e943dcbc93b826' = an example bypasskey = '' # Infection/Scan Error Bypass # Similar to the 'bypass' setting, but specifically for bypassing files scanned and found # to be infected, or files that trigger scanner errors - for example, archive types with # recognised but unsupported compression schemes, or corrupt archives. # The option specifies the number of seconds for which the bypass link will be valid. # 300 = enable for 5 minutes # 0 = disable (default) # -1 = enable, but require a separate program/CGI to generate a valid link infectionbypass = 0 # Infection/Scan Error Bypass Secret Key # Same as the 'bypasskey' option, but used for infection bypass mode. infectionbypasskey = '' # Infection/Scan Error Bypass on Scan Errors Only # Enable this option to allow infectionbypass links only when virus scanning fails, # not when a file is found to contain a virus. # on = enable (default and highly recommended) # off = disable infectionbypasserrorsonly = on # Disable content scanning # If you enable this option you will disable content scanning for this group. # Content scanning primarily is AV scanning (if enabled) but could include # other types. # (on|off) default = off. disablecontentscan = off # Enable Deep URL Analysis # When enabled, DG looks for URLs within URLs, checking against the bannedsitelist and # bannedurllist. This can be used, for example, to block images originating from banned # sites from appearing in Google Images search results, as the original URLs are # embedded in the thumbnail GET requests. # (on|off) default = off deepurlanalysis = off # reportinglevel # # -1 = log, but do not block - Stealth mode # 0 = just say 'Access Denied' # 1 = report why but not what denied phrase # 2 = report fully # 3 = use HTML template file (accessdeniedaddress ignored) - recommended # # If defined, this overrides the global setting in dansguardian.conf for # members of this filter group. # #reportinglevel = 3 # accessdeniedaddress is the address of your web server to which the cgi # dansguardian reporting script was copied. Only used in reporting levels # 1 and 2. # # This webserver must be either: # 1. Non-proxied. Either a machine on the local network, or listed as an # exception in your browser's proxy configuration. # 2. Added to the exceptionsitelist. Option 1 is preferable; this option is # only for users using both transparent proxying and a non-local server # to host this script. # # If defined, this overrides the global setting in dansguardian.conf for # members of this filter group. # #accessdeniedaddress = 'http://YOURSERVER.YOURDOMAIN/cgi-bin/dansguardian.pl' # HTML Template override # If defined, this specifies a custom HTML template file for members of this # filter group, overriding the global setting in dansguardian.conf. This is # only used in reporting level 3. # # The default template file path is //template.html # e.g. /usr/share/dansguardian/languages/ukenglish/template.html when using 'ukenglish' # language. # # This option generates a file path of the form: # // # e.g. /usr/share/dansguardian/languages/ukenglish/custom.html # #htmltemplate = 'custom.html' # Email reporting - original patch by J. Gauthier # Use SMTP # If on, will enable system wide events to be reported by email. # need to configure mail program (see 'mailer' in global config) # and email recipients # default usesmtp = off #!! Not compiled !!usesmtp = off # mailfrom # who the email would come from # example: mailfrom = 'dansguardian@mycompany.com' #!! Not compiled !!mailfrom = '' # avadmin # who the virus emails go to (if notify av is on) # example: avadmin = 'admin@mycompany.com' #!! Not compiled !!avadmin = '' # contentdmin # who the content emails go to (when thresholds are exceeded) # and contentnotify is on # example: contentadmin = 'admin@mycompany.com' #!! Not compiled !!contentadmin = '' # avsubject # Subject of the email sent when a virus is caught. # only applicable if notifyav is on # default avsubject = 'dansguardian virus block' #!! Not compiled !!avsubject = 'dansguardian virus block' # content # Subject of the email sent when violation thresholds are exceeded # default contentsubject = 'dansguardian violation' #!! Not compiled !!contentsubject = 'dansguardian violation' # notifyAV # This will send a notification, if usesmtp/notifyav is on, any time an # infection is found. # Important: If this option is off, viruses will still be recorded like a # content infraction. #!! Not compiled !!notifyav = off # notifycontent # This will send a notification, if usesmtp is on, based on thresholds # below #!! Not compiled !!notifycontent = off # thresholdbyuser # results are only predictable with user authenticated configs # if enabled the violation/threshold count is kept track of by the user #!! Not compiled !!thresholdbyuser = off #violations # number of violations before notification # setting to 0 will never trigger a notification #!! Not compiled !!violations = 0 #threshold # this is in seconds. If 'violations' occur in 'threshold' seconds, then # a notification is made. # if this is set to 0, then whenever the set number of violations are made a # notifaction will be sent. #!! Not compiled !!threshold = 0 #SSL certificate checking # Check that ssl certificates for servers on https connections are valid # and signed by a ca in the configured path sslcertcheck = off #SSL man in the middle # Forge ssl certificates for all sites, decrypt the data then re encrypt it # using a different private key. Used to filter ssl sites sslmitm = off