// DansGuardian2 – web content filter

It filters using multiple methods. These methods include URL and domain filtering,  content phrase filtering, PICS filtering, MIME type filter-ing, file extension filtering, POST limiting and content (AV) scanning.

download dansguardian rpm

wget http://usmirror.dansguardian.org/downloads/2/Stable/dansguardian-

tar zxf dansguardian-

Configure it:



make install

option        description                default value

bindir        where the binary gets placed     /usr/sbin/

sysconfdir    where the config and data files gets placed     /etc/dansguardian/

sysvdir        where the startup script gets placed     /etc/rc.d/init.d/

cgidir        where the cgi-bin dir is located     /home/httpd/cgi-bin/

mandir        where the man docs get placed     /usr/man/

logdir         where the logs get place     /var/log/dansguardian/

runas_usr    the system user the daemon runs as     nobody

runas_grp    the system group the daemon runs as     nobody

piddir        where the pid file gets placed     /var/run/

then goto its configuration

vim /etc/dansguardian/dansguardian.conf

Network Settings


# the IP that DansGuardian listens on.  If left blank DansGuardian will

# listen on all IPs.  That would include all NICs, loopback, modem, etc.

# Normally you would have your firewall protecting this, but if you want

# you can limit it to a certain IP. To bind to multiple interfaces,

# specify each IP on an individual filterip line.

filterip =

# the port that DansGuardian listens to.

filterport = 8080

# the ip of the proxy (default is the loopback – i.e. this server)

proxyip =

# the port DansGuardian connects to proxy on

proxyport = 4040

Authentication files location

bannediplist = ‘/etc/dansguardian/lists/bannediplist’

exceptioniplist = ‘/etc/dansguardian/lists/exceptioniplist’

then goto

vim /etc/dansguardian/dansguardianf1.conf

#Content filtering files location

bannedphraselist = ‘/etc/dansguardian/lists/bannedphraselist’

weightedphraselist = ‘/etc/dansguardian/lists/weightedphraselist’

exceptionphraselist = ‘/etc/dansguardian/lists/exceptionphraselist’

bannedsitelist = ‘/etc/dansguardian/lists/bannedsitelist’

greysitelist = ‘/etc/dansguardian/lists/greysitelist’

exceptionsitelist = ‘/etc/dansguardian/lists/exceptionsitelist’

bannedurllist = ‘/etc/dansguardian/lists/bannedurllist’

greyurllist = ‘/etc/dansguardian/lists/greyurllist’

exceptionurllist = ‘/etc/dansguardian/lists/exceptionurllist’

exceptionregexpurllist = ‘/etc/dansguardian/lists/exceptionregexpurllist’

bannedregexpurllist = ‘/etc/dansguardian/lists/bannedregexpurllist’

picsfile = ‘/etc/dansguardian/lists/pics’

contentregexplist = ‘/etc/dansguardian/lists/contentregexplist’

urlregexplist = ‘/etc/dansguardian/lists/urlregexplist’

# Filetype filtering


# Blanket download blocking

# If enabled, all files will be blocked, unless they match the

# exceptionextensionlist or exceptionmimetypelist.

# These lists do not override virus scanning.

# Exception lists defined above override all types of filtering, including

# the blanket download block.

# Defaults to disabled.

# (on | off)


blockdownloads = on

exceptionextensionlist = ‘/etc/dansguardian/lists/exceptionextensionlist’

exceptionmimetypelist = ‘/etc/dansguardian/lists/exceptionmimetypelist’


# Use the following lists to block specific kinds of file downloads.

# The two exception lists above can be used to override these.


bannedextensionlist = ‘/etc/dansguardian/lists/bannedextensionlist’

bannedmimetypelist = ‘/etc/dansguardian/lists/bannedmimetypelist’


# In either file filtering mode, the following list can be used to override

# MIME type & extension blocks for particular domains & URLs (trusted download sites).


exceptionfilesitelist = ‘/etc/dansguardian/lists/exceptionfilesitelist’

exceptionfileurllist = ‘/etc/dansguardian/lists/exceptionfileurllist’

the main list is avialable at

cd /etc/dansguardian/lists/

[root@desktop72 lists]# ls

authplugins             contentscanners         filtergroupslist

bannedextensionlist     downloadmanagers        greysitelist

bannediplist            exceptionextensionlist  greyurllist

bannedmimetypelist      exceptionfilesitelist   headerregexplist

bannedphraselist        exceptionfileurllist    logregexpurllist

bannedregexpheaderlist  exceptioniplist         logsitelist

bannedregexpurllist     exceptionmimetypelist   logurllist

bannedsitelist          exceptionphraselist     phraselists

bannedurllist           exceptionregexpurllist  pics

blacklists              exceptionsitelist       urlregexplist

contentregexplist       exceptionurllist        weightedphraselist

here we can set all configuartion as per our required.

then restart the service:

/etc/init.d/dansguarding restart

Iptables Rules

then put the iptables rules:

#iptables -t nat PREROUTING -s -p tcp  –dport 80 -j REDIRECT –to-port 8080

#iptables -t nat PREROUTING -s -p tcp –dport 3128 -j REDIRECT –to-port 8080








       Setting Up ‘Multiple Filter Groups’

Basically all you need to do is the following:

  1.  modify the filtergroups setting in dansguardian.conf to reflect how many groups you have

    2.  duplicate the dansguardianf1.conf file to dansguardianf2.conf etc for the different groups you’re creating (if necessary use chown/chgrp/chmod to give the newly copied files the same owership and permissions as the existing dansguardianf1.conf)


     Adjust the settings in the subsequent dansguardianf(x).conf files to reflect the settings each group should have


     Add your usernames to the filtergroupslist file (or your IP addresses to the authplugins/ipgroups file)

Configuring the number of filter groups

filtergroups = 2

filtergroupslist = ‘/etc/dansguardian/filtergroupslist’

cp dansguardianf1.conf dansguardianf2.conf

[root@desktop9 ~]# cat /etc/dansguardian/dansguardianf2.conf

exceptionsitelist = ‘/etc/dansguardian/lists/exceptionsitelistf2’

now create another exceptionsitelist for filter2 group

cp -avr exceptionsitelist exceptionsitelistf2

then add the site list which you want to exception to exceptionsitef2


Allow ip base filtering in dansguardin.conf file

[root@desktop9 ~]# vim /etc/dansguardian/dansguardian.conf

authplugin = ‘/etc/dansguardian/authplugins/ip.conf’

Adding users to specific filter groups

[root@desktop9 ~]# vim /etc/dansguardian/lists/authplugins/ipgroups

# IP-Group list

# Used by the IP-based auth plugin to assign IP addresses to filter groups.


# Examples:

# Straight IP matching:

# = filter1

# Subnet matching:

# = filter1

# Range matching:

# = filter1 = filter2


About bpn4it

Feel Free in Linux. Bipin Patel bpn4it@gmail.com Ahmadabad, Gujarat, India
This entry was posted in Bipin hands-on. Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s