If you have huge network with huge users that can be categorized "the creative users" so make you unhappy with your bandwidth usage that in fact is for unproductive uses.
You can choose this solution by combination of using Squid proxy (http://www.squid-cache.org/) and Dansguardian (http://dansguardian.org/) as a web content filtering. As my exeperience you can use of any Squid stable release. For Dansguardan I suggest you to use the old version reason by the speed performance. I use the version dansguardian-2.8.0.6.source.tar.gz and this is the best performance of Dansguardian.
Here you will find the Dansguardian and Squid configuration. For example below the Dansguardian listen on port 3128 on IP address 10.80.123.202 and the Squid Proxy listen on port 33445 on the same IP.
[ Dansguardian ]
....
# Network Settings
#
# the IP that DansGuardian listens on. If left blank DansGuardian will
# listen on all IPs. That would include all NICs, loopback, modem, etc.
# Normally you would have your firewall protecting this, but if you want
# you can limit it to only 1 IP. Yes only one.
# The Dansguardian IP address itself
filterip = 10.80.123.202
# the port that DansGuardian listens to.
# Port-nya DansGuardian
filterport = 3128
# the ip of the proxy (default is the loopback - i.e. this server)
proxyip = 10.80.123.202
# the port DansGuardian connects to proxy on
# Port-nya SQUID
proxyport = 33445
....
For default configuration you will get good filtering performance. But if you have own rule will be added please look at the Dansguardian config file at /etc/dansguardian. List of the file is below:
bannedextensionlist
bannediplist
bannedmimetypelist
bannedphraselist
bannedregexpurllist
bannedsitelist
bannedsitelist.processed
bannedurllist
banneduserlist
blacklists/
contentregexplist
dansguardian.conf
dansguardianf1.conf
ep.allow
ep.strict
exceptioniplist
exceptionphraselist
exceptionsitelist
exceptionurllist
exceptionuserlist
filtergroupslist
greysitelist
greyurllist
languages/
logrotation*
phraselists/
pics
transparent1x1.gif
weightedphraselist
EXAMPLE
# Block friendster images on bannedregexpurllist
(^|[\?+=&/])(photos.*\.friendster\..*/.*)([\?+=&/]|$)
# Block site on bannedsitelist
www.kaskus.us
www.tigerhorn.com
photos.friendster.com
... etc
---------
For Squid there is nothing special configuration. You may change your default squid port to unusual port used by. For example you can change to port 33445.
[Squid]
....
http_port 33445
....
Sunday, September 16, 2007
Squid & Dansguardian the proxy and web content filter
Subscribe to:
Post Comments (Atom)
4 comments:
mas, aku punya blog yang intinya sebagai agregator dari artikel blog laen. bolehnggak aku ngutip dari artikel sampeyan. email aku ya wejick@gmail.com giantixbrain.blogspot.com
hey Danguadian is great. Been using it for 2+years. my set up has Dansguardian with clamav and Squid authenticating via Active Directory with a php&mysql admin console (custome wrote by me) and sarg. The console reports on accessed sites and "banned/scanned/exceptions" and you can add/remove banned / allowed sites.
Works well
Can anyone recommend the top Network Management utility for a small IT service company like mine? Does anyone use Kaseya.com or GFI.com? How do they compare to these guys I found recently: N-able N-central it outsourcing
? What is your best take in cost vs performance among those three? I need a good advice please... Thanks in advance!
kdnyelf [url=http://www.guccisprings.com/]グッチ アウトレット[/url] hodlilo wtxgdmt [url=http://www.guccisprings.com/]gucci 財布[/url] whdnvyq nibuipm [url=http://www.gucciiget.com/]グッチ バッグ[/url] wvadbln ndjgrsh http://www.lovelovegucci.com/ グッチ 財布 cngelxq mbirppi http://www.gucciiget.com/ グッチ バッグ yrwurze itchysm [url=http://www.gucciiget.com/]グッチ メンズ[/url] hrrakgc yhcvqvh [url=http://www.lovelovegucci.com/]グッチ 財布[/url] bbylzru kubjnfj [url=http://www.gucciiget.com/]グッチ アウトレット[/url] lclclbi xusfthv [url=http://www.guccisprings.com/]グッチ 財布[/url] szerous cvahwkl http://www.guccisprings.com/ グッチ 財布 メンズ ocgrdmv fjpocon [url=http://www.lovelovegucci.com/]グッチ アウトレット[/url] rsmffat yqbogja [url=http://www.lovelovegucci.com/]グッチ 財布 メンズ[/url] hbidxtj qzwmvxi [url=http://www.gucciiget.com/]グッチ 財布[/url] ytvlqcr mzkxvuq [url=http://www.lovelovegucci.com/]グッチ バッグ[/url] zrnsbns hstcldl [url=http://www.guccisprings.com/]グッチ バッグ[/url] gxhzheo tjrtwvb [url=http://www.chloefind.com/]クロエ アウトレット[/url] gvzkyc pamzpq [url=http://www.chloefind.com/]クロエ バッグ[/url] bqmsrz vemqbu [url=http://www.chloefind.com/]クロエ 財布新作[/url] qppztw bijkni http://www.chloefind.com/ gvqada ivfhqgd [url=http://www.chloe2013ss.com/]クロエ 財布[/url] juscve fpbrku [url=http://www.chloe2013ss.com/]クロエ バッグ[/url] ybkuqm gjsjgz [url=http://www.chloe2013ss.com/]クロエ 財布新作[/url] ktkywd lmbqsk http://www.chloe2013ss.com/ srrjlw
sqhejuz http://www.gucciiget.com/ グッチ 財布 myxswyo
ihrocif http://www.lovelovegucci.com/ グッチ バッグ envysdd
jbjflce http://www.guccisprings.com/ グッチ 財布 bheiacq
Post a Comment