« Dell Laptop Slow / Lagging / Delayed Keyboard ResponseIPCop »

IPCop Part II - Cop+ and DansGuardian

09/01/07

Permalink 12:51:16 pm by guy, Categories: IPCop

So I went on an on in my last post about a month ago about the IPCop project and how much I liked what it does and what it can do. I never really got to the Cop+ addin that allows you to add DansGuardian to the installation. That is, after all, what drew me to the product in the first place. Here, in this post, hopefully I’ll get that covered.

So, to review, IPCop is a minimal Linux distribution that you can install on lagacy hardware (cheap) that provides all the same functionality and then some as any of the hardware router/firewalls that you would buy at Best Buy or Circuit City. You know, the Linksys’, Netgears, and D-Links. If you want a more detailed overview then read my first post.

So, what is DansGuardian? It is software that we can add to IPCop by installing the Cop+ addon that will allow you to transparently scan and evaluate all web traffic coming in to your home network. The result is that you don’t have to install any software on the individual computers within your network to perform this function.

The computer that has IPCop needs two network cards. One of the cards is directly connected to your Cable Modem or DSL Modem and the other is connected to a switch or an access point that you can connect the rest of your network to. Technically, you could probably connect a single PC directly to the 2nd network interface with the correct cable, but that probably isn’t typical. This configuration allows the IPCop computer to have full control of all network traffic. DansGuardian takes control of the web traffic by analyzing all incoming web traffic, evaluating it’s content and applying configurable rules to determine if the content is authorized.

So what is authorized?

There are many configurable options to how filtering is performed. Below is a screenshot of the configuration menu. You can see that there are several different ways that filtering is performed. Pages, sites, and even phrases can be included or excluded.


I’m not going to go through each page, but I’ll show a few just to get the idea.

Here is an example in the Banned Site list including the #comments. Keep in mind this is only one of very many different filter types:

#domains in banned list

#Don't bother with the www. or the http://

#The bannedurllist is for blocking PART of a site
#The bannedsitelist is for blocking ALL of a site

#As of DansGuardian 2.7.3 you can now include
#.tld so for example you can match .gov for example

#The 'grey' lists override the 'banned' lists.
#The 'exception' lists override the 'banned' lists also.
#The difference is that the 'exception' lists completely switch
#off *all* other filtering for the match. 'grey' lists only
#stop the URL filtering and allow the normal filtering to work.

#An example of grey list use is when in Blanket Block (whitelist)
#mode and you want to allow some sites but still filter as normal
#on their content

#Another example of grey list use is when you ban a site but want
#to allow part of it.

#To include additional files in this list use this example:
#.Include</etc/dansguardian/anotherbannedurllist>

#You can have multiple .Includes.

#List other sites to block:

badboys.com

#Blanket Block. To block all sites except those in the
#exceptionsitelist and greysitelist files remove
#the # from the next line to leave only a '**':
#**

#Blanket IP Block. To block all sites specified only as an IP
#remove the # from the next line to leave only a '*ip':
#*ip



#Remove the # from the following and edit as needed to use a stock
#squidGuard/urlblacklist blacklists collection.
#.Include</etc/dansguardian/blacklists/ads/domains>
.Include</etc/dansguardian/blacklists/adult/domains>
#.Include</etc/dansguardian/blacklists/aggressive/domains>
#.Include</etc/dansguardian/blacklists/artnudes/domains>
#.Include</etc/dansguardian/blacklists/audio-video/domains>
#.Include</etc/dansguardian/blacklists/beerliquorinfo/domains>
#.Include</etc/dansguardian/blacklists/beerliquorsale/domains>
#.Include</etc/dansguardian/blacklists/chat/domains>
#.Include</etc/dansguardian/blacklists/childcare/domains>
#.Include</etc/dansguardian/blacklists/clothing/domains>
#.Include</etc/dansguardian/blacklists/culinary/domains>
#.Include</etc/dansguardian/blacklists/dialers/domains>
#.Include</etc/dansguardian/blacklists/drugs/domains>
#.Include</etc/dansguardian/blacklists/entertainment/domains>
#.Include</etc/dansguardian/blacklists/forums/domains>
#.Include</etc/dansguardian/blacklists/frencheducation/domains>
#.Include</etc/dansguardian/blacklists/gambling/domains>
#.Include</etc/dansguardian/blacklists/government/domains>
#.Include</etc/dansguardian/blacklists/hacking/domains>
#.Include</etc/dansguardian/blacklists/homerepair/domains>
#.Include</etc/dansguardian/blacklists/hygiene/domains>
#.Include</etc/dansguardian/blacklists/jewelry/domains>
#.Include</etc/dansguardian/blacklists/jobsearch/domains>
#.Include</etc/dansguardian/blacklists/kidstimewasting/domains>
#.Include</etc/dansguardian/blacklists/mail/domains>
#.Include</etc/dansguardian/blacklists/news/domains>
#.Include</etc/dansguardian/blacklists/onlineauctions/domains>
#.Include</etc/dansguardian/blacklists/onlinegames/domains>
#.Include</etc/dansguardian/blacklists/onlinepayment/domains>
#.Include</etc/dansguardian/blacklists/personalfinance/domains>
#.Include</etc/dansguardian/blacklists/pets/domains>
.Include</etc/dansguardian/blacklists/phishing/domains>
.Include</etc/dansguardian/blacklists/porn/domains>
.Include</etc/dansguardian/blacklists/proxy/domains>
#.Include</etc/dansguardian/blacklists/publicite/domains>
.Include</etc/dansguardian/blacklists/redirector/domains>
#.Include</etc/dansguardian/blacklists/ringtones/domains>
#.Include</etc/dansguardian/blacklists/sportnews/domains>
#.Include</etc/dansguardian/blacklists/sports/domains>
#.Include</etc/dansguardian/blacklists/vacation/domains>
#.Include</etc/dansguardian/blacklists/violence/domains>
.Include</etc/dansguardian/blacklists/virusinfected/domains>
#.Include</etc/dansguardian/blacklists/warez/domains>

# You will need to edit to add and remove categories you want


As shown above, by default, after Cop+ is installed, the pornography oriented filters are active. I don’t profess to be an expert, but I think I have the basics and I’ve found that the default settings are pretty much exactly what I need.

I’ll try to do another entry that shows a little more about how the other filters work, but filtering can be done on words, phrases, IP addresses, domains, content types, PICS rating.

Here are a couple examples of filter violations. This first one is a simple banned site.

This is a weighted phrase violation. Note the limit (150) was set at the bottom of the config page as “Naughtyness Limit". The score of 1589 is the sum of all weighted phrase scores on the page. Again, I’ll go more into detail in the future, but phrases can be weighted positive and negative. So naughtly combinations of words might be +10 or +20 while innocent combinations of words that might otherwise be naughty can be assigned negative values to avoid false positives. I don’t want to give examples of either here because I don’t want to get a naughty rating for this page!

You may notice the “Bypass DG” textbox on the block screen. That textbox does not exist by default in Cop+. I found that while DansGuardian works really well, periodically there is that site that you have a legitimate reason for accessing that might violate the “Naughtyness limit". This is something that I added for my own use. It is based on a mod that I found for a different firewall system but I was able to make it work with Cop+. By entering a password you can bypass the block. All bypasses are logged, but will allow you to access the violating site for a set amount of time before making you re-enter the password. If anyone is interested I might put together instructions on how to add this to your Cop+ installation. Instructions Here

Since the internet is constantly changing, the blacklist files can be automatically updated on a regular basis to catch new sites, see below:


Enough for now…

May 2017
Sun Mon Tue Wed Thu Fri Sat
 << <   > >>
  1 2 3 4 5 6
7 8 9 10 11 12 13
14 15 16 17 18 19 20
21 22 23 24 25 26 27
28 29 30 31      
I'm a generalist, at least if I'm honest. In my job I am primarily a developer, but also a sysadmin, and (as little as possible) technical support. I know a little about a lot of things, a lot about some things, and everything about nothing. Here I will post random learnings...

Search

XML Feeds

User tools

powered by b2evolution