Dansguardian Bypass

From INIwiki
Jump to: navigation, search

Digg this!

<meta name="keywords" content="dansguardian, bypass, custom web access page"></meta> <meta name="description" content="Dansguardian custom bypass webpage"></meta>

(This is a Debian specific install but should work for other distributions)

This will allow for an Apache controlled bypass page for Dansguardian. It can also be configured to require a password for the bypass. Helpfull to allow some users a bypass window while blocking others.

Contents

Basic Install

Install php5 stuff

apt-get install php5 libapache2-mod-php5 php5-cli php5-common php5-cgi libphp-phpmailer sudo -y

Configure Dansguardian exception files

vi /etc/dansguardian/exceptioniplist
Remove all data  (d20d within vi)
chmod 777 /etc/dansguardian/exceptioniplist

NOTE: If you have access to my firewall files skip to the Cheating Section

Modify the dansguardian banned template file to include a bypass link

vi /etc/dansguardian/languages/ukenglish/template.html
<a href="http://192.168.1.1/bypass/bypass.php?user=-USER-&ip=-IP-&url=-URL-">Click here to bypass.</a>

Note: localhost will not work in this link you need to use the ip address of you firewall
Note: A local web server needs to be configured. Once the local web server is configured you can add this content to the /var/www/ directory. Bypass example files here, you will probably want to make some simples edits before using.

Edit crontab

crontab -e
*/1 * * * * /scripts/exception.sh 1 >> /var/log/DGbypass.log

visudo

Edit the visudo file to allow the apache user access to the required files

visudo
www-data        ALL=(ALL) NOPASSWD: ALL

Create script directory

mkdir /scripts

build files needed for crontab job

cat > /scripts/exception.sh
#!/bin/bash
CUR=1
LINE=`cat --number /etc/dansguardian/exceptioniplist | tail -1 | cut -b 1-7`
       if [ "$LINE" = "" ];
       then LINES=0
       else LINES=$LINE
       fi
echo $LINES
EXTIME=`head -$CUR /etc/dansguardian/exceptioniplist | cut -d" " -f 3`
UNIXT=`date +%s`
#echo $EXTIME
#while [ $LINES -gt 0 ];
while [ $CUR -le $LINES ];
       do
#       echo "You have more than one line"
               if [ `expr $UNIXT - $EXTIME` -ge 60 ];
               then
               sed "$CUR"d /etc/dansguardian/exceptioniplist > /etc/dansguardian/exceptioniplist.tmp
               chmod 777 /etc/dansguardian/exceptioniplist.tmp
               mv -f /etc/dansguardian/exceptioniplist.tmp /etc/dansguardian/exceptioniplist
               /etc/init.d/dansguardian reload
               else
               echo "line '$CUR' not deleted"
               fi
       let CUR=$CUR+1
       done
echo "file had '$LINES' lines"

(Now hit Control-D to end cat input)

Now the second file...

cat > /scripts/deleteexception.sh
#!/bin/bash
CUR=1
LINE=`cat --number /etc/dansguardian/exceptionsitelist | tail -1 | cut -b 1-7`
       if [ "$LINE" = "" ];
       then LINES=0
       else LINES=$LINE
       fi
echo $LINES
EXTIME=`head -$CUR /etc/dansguardian/exceptionsitelist | cut -d" " -f 3`
UNIXT=`date +%s`
#echo $EXTIME
#while [ $LINES -gt 0 ];
while [ $CUR -le $LINES ];
       do
#       echo "You have more than one line"
               if [ `expr $UNIXT - $EXTIME` -ge 60 ];
               then
               sed "$CUR"d /etc/dansguardian/exceptionsitelist > /etc/dansguardian/exceptionsitelist.tmp
               mv -f /etc/dansguardian/exceptionsitelist.tmp /etc/dansguardian/exceptionsitelist
               else
               echo "line '$CUR' not deleted"
               fi
       let CUR=$CUR+1
       done
echo "file had '$LINES' lines"

(Now hit Control-D to end cat input)

Set full control for the files

chmod 777 /scripts/exception.sh
chmod 777 /scripts/deleteexception.sh

Change php.ini settings:

vi /etc/php5/apache2/php.ini
Change the register_globals setting to On
register_globals = Off
register_globals = On

To require a password for bypass

NON LDAP

- Not a required step Modify the apache.conf (httpd.conf) file:

Add the following below the .htaccess section 

#Used for FW Bypass
<Directory "/var/www/bypass">
   AllowOverride AuthConfig
   Order allow,deny
   Allow from all
</Directory>

- Not a required step Add users to the .htaccess file

htpasswd -c /var/www/htpasswd.bypass USERNAME   - use for the first user
htpasswd /var/www/htpasswd.bypass USERNAME      - use for additional users

- NOTE: replace USERNAME with the actual username

LDAP with ADS enabled

Coming Soon


Install 3rd party Blacklists

Edit the bannedsitelist file add or uncomment the following;

- NOTE: To lighten up the filtering simply comment out the itmes below and reload dansguardian
vi /etc/dansguardian/bannedsitelist
.Include</etc/dansguardian/blacklists/ads/domains>
.Include</etc/dansguardian/blacklists/adult/domains>
.Include</etc/dansguardian/blacklists/aggressive/domains>
.Include</etc/dansguardian/blacklists/antispyware/domains>
.Include</etc/dansguardian/blacklists/artnudes/domains>
.Include</etc/dansguardian/blacklists/audio-video/domains>
.Include</etc/dansguardian/blacklists/beerliquorinfo/domains>
.Include</etc/dansguardian/blacklists/beerliquorsale/domains>
.Include</etc/dansguardian/blacklists/cellphones/domains>
.Include</etc/dansguardian/blacklists/chat/domains>
.Include</etc/dansguardian/blacklists/childcare/domains>
.Include</etc/dansguardian/blacklists/clothing/domains>
.Include</etc/dansguardian/blacklists/culinary/domains>
.Include</etc/dansguardian/blacklists/custom/domains>
.Include</etc/dansguardian/blacklists/desktopsillies/domains>
.Include</etc/dansguardian/blacklists/dialers/domains>
.Include</etc/dansguardian/blacklists/drugs/domains>
.Include</etc/dansguardian/blacklists/ecommerce/domains>
.Include</etc/dansguardian/blacklists/entertainment/domains>
.Include</etc/dansguardian/blacklists/frencheducation/domains>
.Include</etc/dansguardian/blacklists/gambling/domains>
.Include</etc/dansguardian/blacklists/gardening/domains>
.Include</etc/dansguardian/blacklists/government/domains>
.Include</etc/dansguardian/blacklists/hacking/domains>
.Include</etc/dansguardian/blacklists/homerepair/domains>
.Include</etc/dansguardian/blacklists/hygiene/domains>
.Include</etc/dansguardian/blacklists/instantmessaging/domains>
.Include</etc/dansguardian/blacklists/jewelry/domains>
.Include</etc/dansguardian/blacklists/jobsearch/domains>
.Include</etc/dansguardian/blacklists/kidstimewasting/domains>
.Include</etc/dansguardian/blacklists/mail/domains>
.Include</etc/dansguardian/blacklists/naturism/domains>
.Include</etc/dansguardian/blacklists/news/domains>
.Include</etc/dansguardian/blacklists/onlineauctions/domains>
.Include</etc/dansguardian/blacklists/onlinegames/domains>
.Include</etc/dansguardian/blacklists/onlinepayment/domains>
.Include</etc/dansguardian/blacklists/personalfinance/domains>
.Include</etc/dansguardian/blacklists/pets/domains>
.Include</etc/dansguardian/blacklists/phishing/domains>
.Include</etc/dansguardian/blacklists/porn/domains>
.Include</etc/dansguardian/blacklists/proxy/domains>
.Include</etc/dansguardian/blacklists/radio/domains>
.Include</etc/dansguardian/blacklists/religion/domains>
.Include</etc/dansguardian/blacklists/ringtones/domains>
.Include</etc/dansguardian/blacklists/searchengines/domains>
.Include</etc/dansguardian/blacklists/sexuality/domains>
.Include</etc/dansguardian/blacklists/sportnews/domains>
.Include</etc/dansguardian/blacklists/sports/domains>
.Include</etc/dansguardian/blacklists/spyware/domains>
.Include</etc/dansguardian/blacklists/updatesites/domains>
.Include</etc/dansguardian/blacklists/vacation/domains>
.Include</etc/dansguardian/blacklists/violence/domains>
.Include</etc/dansguardian/blacklists/virusinfected/domains>
.Include</etc/dansguardian/blacklists/warez/domains>
.Include</etc/dansguardian/blacklists/weather/domains>
.Include</etc/dansguardian/blacklists/weapons/domains>
.Include</etc/dansguardian/blacklists/webmail/domains>
.Include</etc/dansguardian/blacklists/whitelist/domains>

Add custome files:

mkdir /etc/dansguardian/blacklists/custom/
touch /etc/dansguardian/blacklists/custom/domains
chmod 777 /etc/dansguardian/blacklists/custom/domains

Web interface Admin Functions

To view shorewall rules

chmod 604 /etc/shorewall/rules
http://192.168.0.1/admin/dang/ruleedit.php

Cheating

Only use this section if you have access to my firewall dansgardian files

rsync the following files/folders

/etc/dansguardian
/var/www/
/scripts

modify the visudo file modify the php.ini file

Digg this!

Personal tools