DC LoCo

Notes on using Dan's Guardian with Edubuntu

Greg Reagle, CITI

Introduction

Dan's Guardian is an HTTP (World Wide Web) proxy that filters web traffic. It has the ability to ban or allow web pages according to:

  • domain name, e.g. to ban anything from naughty.com.
  • Uniform Resource Locator or URL, sometimes known as a "web address", e.g. to ban a specific section of a website such as www.generic.com/naughtysection.
  • file extension, e.g. to ban downloading all files that end with .exe.
  • the computer doing the web browsing, e.g. a specific computer can be either completely blocked from using the WWW or not filtered at all.
  • MIME type, e.g. to ban Quicktime videos (which are classified as video/quicktime).
  • user, e.g. certain users can be banned and others can be not filtered at all.
  • content, i.e. words that appear on the web page

Installing Dan's Guardian

  1. apt-get install squid
  2. nano --nowrap /etc/squid/squid.conf
  3. Set "Visible_hostname" to edubuntu in the conf file
  4. /etc/init.d/squid start
  5. apt-get install dansguardian
  6. nano --nowrap /etc/dansguardian/dansguardian.conf
  7. Comment out UNCONFIGURED in the conf file
  8. /etc/init.d/dansguardian start
  9. Configure Firefox to use Dan's Guardian as its proxy by adding these lines to /etc/mozilla-firefox/pref/firefox.js:
     
    pref("network.proxy.http", "localhost");
    pref("network.proxy.http_port", 8080);
    pref("network.proxy.type", 1);

Using Dan's Guardian

Quick Instructions to Ban a Website

  1. Log in as the administrator
  2. Click Applications > Accessories > Terminal
  3. In the terminal, type "sudo gedit /etc/danguardian/bannedsitelist"
  4. In gedit, go to the bottom of the file and add a line such as "naughty.com"
  5. In gedit, save the file then quit gedit.
  6. Again from the terminal, type "sudo /etc/init.d/dansguardian restart"
  7. Quit the terminal

Quick Instructions to Allow a Website

  1. Log in as the administrator
  2. Click Applications > Accessories > Terminal
  3. In the terminal, type "sudo gedit /etc/danguardian/exceptionsitelist"
  4. In gedit, go to the bottom of the file and add a line such as "legitimate.com"
  5. In gedit, save the file then quit gedit.
  6. Again from the terminal, type "sudo /etc/init.d/dansguardian restart"
  7. Quit the terminal

Configuring Dan's Guardian

Dan's Guardian is controlled by files in /etc/dansguardian/. The files whose name begins with "banned" block web traffic and the files whose name begins with "exception" allow web traffic.

  • domain name: Controlled by files bannedsitelist and exceptionsitelist
  • URL: controlled by files bannedurllist and exceptionurllist.
  • file extension: Controlled by file bannedextensionlist.
  • the computer doing the web browsing: Controlled by files bannediplist and exceptioniplist.
  • MIME type: Controlled by file bannedmimetypelist.
  • user: Controlled by files banneduserlist and exceptionuserlist.
  • content: Controlled by files bannedphraselist, exceptionphraselist, and weightedphraselist

Note that specifying a domain name covers all names that end with that domain name, e.g. if google.com is put into bannedsitelist then it blocks google.com as well as www.google.com and maps.google.com and so on.

These files of course can only be modified by the system administrator. So, to modify any of these files:

  1. Log in as the administrator
  2. Click Applications > Accessories > Terminal
  3. In the terminal, type "sudo gedit /etc/danguardian/<filename>"
  4. In gedit, go to the bottom of the file and add a line such as "website.com"
  5. In gedit, save the file then quit gedit.
  6. Again from the terminal, type "sudo /etc/init.d/dansguardian restart"
  7. Quit the terminal

How to disable Dan's Guardian on all computers

Dan's Guardian listens on port 8080 and squid listens on port 3128. Tell Firefox to use 3128 rather than 8080 and this will bypass Dans Guardian while still using squid for its caching function.

$ sudo gedit /etc/mozilla-firefox/pref/firefox.js

change this line

pref("network.proxy.http_port", 8080);

to

pref("network.proxy.http_port", 3128);

Start or re-start Firefox for the change to take effect.

The method described above completely turns off Dan's Guardian for all users, so REMEMBER to change the port in firefox.js back to 8080 to re-enable Dan's Guardian and quit all instances of Firefox (or log off) for the change to take effect.

Resources

For more information regarding Dan's Guardian, visit http://dansguardian.org/.