1 # DansGuardian filter group config file for version 2.12.0.0
5 # This option determines whether members of this group have their web access
6 # unfiltered, filtered, or banned. This mechanism replaces the "banneduserlist"
7 # and "exceptionuserlist" files from previous versions.
11 # 2 = unfiltered (exception)
13 # Only filter groups with a mode of 1 need to define phrase, URL, site, extension,
14 # mimetype and PICS lists; in other modes, these options are ignored to conserve
17 # Defaults to 0 if unspecified.
18 # Unauthenticated users are treated as being in the first filter group.
22 # Used to fill in the -FILTERGROUP- placeholder in the HTML template file, and to
23 # name the group in the access logs
24 # Defaults to empty string
27 # Content filtering files location
28 bannedphraselist = '/etc/dansguardian/lists/bannedphraselist'
29 weightedphraselist = '/etc/dansguardian/lists/weightedphraselist'
30 exceptionphraselist = '/etc/dansguardian/lists/exceptionphraselist'
31 bannedsitelist = '/etc/dansguardian/lists/bannedsitelist'
32 greysitelist = '/etc/dansguardian/lists/greysitelist'
33 exceptionsitelist = '/etc/dansguardian/lists/exceptionsitelist'
34 bannedurllist = '/etc/dansguardian/lists/bannedurllist'
35 greyurllist = '/etc/dansguardian/lists/greyurllist'
36 exceptionurllist = '/etc/dansguardian/lists/exceptionurllist'
37 exceptionregexpurllist = '/etc/dansguardian/lists/exceptionregexpurllist'
38 bannedregexpurllist = '/etc/dansguardian/lists/bannedregexpurllist'
39 picsfile = '/etc/dansguardian/lists/pics'
40 contentregexplist = '/etc/dansguardian/lists/contentregexplist'
41 urlregexplist = '/etc/dansguardian/lists/urlregexplist'
45 # Blanket download blocking
46 # If enabled, all files will be blocked, unless they match the
47 # exceptionextensionlist or exceptionmimetypelist.
48 # These lists do not override virus scanning.
49 # Exception lists defined above override all types of filtering, including
50 # the blanket download block.
51 # Defaults to disabled.
55 exceptionextensionlist = '/etc/dansguardian/lists/exceptionextensionlist'
56 exceptionmimetypelist = '/etc/dansguardian/lists/exceptionmimetypelist'
58 # Use the following lists to block specific kinds of file downloads.
59 # The two exception lists above can be used to override these.
61 bannedextensionlist = '/etc/dansguardian/lists/bannedextensionlist'
62 bannedmimetypelist = '/etc/dansguardian/lists/bannedmimetypelist'
64 # In either file filtering mode, the following list can be used to override
65 # MIME type & extension blocks for particular domains & URLs (trusted download sites).
67 exceptionfilesitelist = '/etc/dansguardian/lists/exceptionfilesitelist'
68 exceptionfileurllist = '/etc/dansguardian/lists/exceptionfileurllist'
70 # Categorise without blocking:
71 # Supply categorised lists here and the category string shall be logged against
72 # matching requests, but matching these lists does not perform any filtering
74 #logsitelist = '/etc/dansguardian/lists/logsitelist'
75 #logurllist = '/etc/dansguardian/lists/logurllist'
76 #logregexpurllist = '/etc/dansguardian/lists/logregexpurllist'
78 # Outgoing HTTP header rules:
79 # Optional lists for blocking based on, and modification of, outgoing HTTP
80 # request headers. Format for headerregexplist is one modification rule per
81 # line, similar to content/URL modifications. Format for
82 # bannedregexpheaderlist is one regular expression per line, with matching
83 # headers causing a request to be blocked.
84 # Headers are matched/replaced on a line-by-line basis, not as a contiguous
86 # Use for example, to remove cookies or prevent certain user-agents.
87 headerregexplist = '/etc/dansguardian/lists/headerregexplist'
88 bannedregexpheaderlist = '/etc/dansguardian/lists/bannedregexpheaderlist'
90 # Weighted phrase mode
91 # Optional; overrides the weightedphrasemode option in dansguardian.conf
92 # for this particular group. See documentation for supported values in
94 #weightedphrasemode = 0
97 # This the limit over which the page will be blocked. Each weighted phrase is given
98 # a value either positive or negative and the values added up. Phrases to do with
99 # good subjects will have negative values, and bad subjects will have positive
100 # values. See the weightedphraselist file for examples.
102 # 50 is for young children, 100 for old children, 160 for young adults.
103 naughtynesslimit = 50
105 # Search term blocking
106 # Search terms can be extracted from search URLs and filtered using the
107 # bannedphraselist, weightedphraselist and exceptionphraselist, with a separate
108 # threshold for blocking than that used for normal page content.
109 # To do this, the first two options below must be enabled.
111 # Search engine regular expression list
112 # List of regular expressions for matching search engine URLs. It is assumed
113 # that the search terms themselves will be contained within the first submatch
114 # of each expression.
115 #searchengineregexplist = '/etc/dansguardian/lists/searchengineregexplist'
118 # The limit over which requests will be blocked for containing search terms
119 # which match the weightedphraselist. This should usually be lower than the
120 # 'naughtynesslimit' value above, because the amount of text being filtered
121 # is only a few words, rather than a whole page.
122 # This option must be uncommented if searchengineregexplist is uncommented.
123 # A value of 0 here indicates that search terms should be extracted,
124 # for logging/reporting purposes, but no filtering should be performed
125 # on the resulting text.
126 #searchtermlimit = 30
129 # If the three lines below are uncommented, search term blocking will use
130 # the banned, weighted & exception phrases from these lists, instead of using
131 # the same phrase lists as for page content. This is optional but recommended,
132 # as weights for individual phrases in the "normal" lists may not be
133 # appropriate for blocking when those phrases appear in a much smaller block
135 # Please note that all or none of the below should be uncommented, not a
137 #bannedsearchtermlist = '/etc/dansguardian/lists/bannedsearchtermlist'
138 #weightedsearchtermlist = '/etc/dansguardian/lists/weightedsearchtermlist'
139 #exceptionsearchtermlist = '/etc/dansguardian/lists/exceptionsearchtermlist'
141 # Category display threshold
142 # This option only applies to pages blocked by weighted phrase filtering.
143 # Defines the minimum score that must be accumulated within a particular
144 # category in order for it to show up on the block pages' category list.
145 # All categories under which the page scores positively will be logged; those
146 # that were not displayed to the user appear in brackets.
148 # -1 = display only the highest scoring category
149 # 0 = display all categories (default)
150 # > 0 = minimum score for a category to be displayed
151 categorydisplaythreshold = 0
153 # Embedded URL weighting
154 # When set to something greater than zero, this option causes URLs embedded within a
155 # page's HTML (from links, image tags, etc.) to be extracted and checked against the
156 # bannedsitelist and bannedurllist. Each link to a banned page causes the amount set
157 # here to be added to the page's weighting.
158 # The behaviour of this option with regards to multiple occurrences of a site/URL is
159 # affected by the weightedphrasemode setting.
161 # NB: Currently, this feature uses regular expressions that require the PCRE library.
162 # As such, it is only available if you compiled DansGuardian with '--enable-pcre=yes'.
163 # You can check compile-time options by running 'dansguardian -v'.
165 # Set to 0 to disable.
167 # WARNING: This option is highly CPU intensive!
168 embeddedurlweight = 0
170 # Enable PICS rating support
172 # Defaults to disabled
176 # Temporary Denied Page Bypass
177 # This provides a link on the denied page to bypass the ban for a few minutes. To be
178 # secure it uses a random hashed secret generated at daemon startup. You define the
179 # number of seconds the bypass will function for before the deny will appear again.
180 # To allow the link on the denied page to appear you will need to edit the template.html
181 # or dansguardian.pl file for your language.
182 # 300 = enable for 5 minutes
183 # 0 = disable ( defaults to 0 )
184 # -1 = enable but you require a separate program/CGI to generate a valid link
187 # Temporary Denied Page Bypass Secret Key
188 # Rather than generating a random key you can specify one. It must be more than 8 chars.
189 # '' = generate a random one (recommended and default)
190 # 'Mary had a little lamb.' = an example
191 # '76b42abc1cd0fdcaf6e943dcbc93b826' = an example
194 # Infection/Scan Error Bypass
195 # Similar to the 'bypass' setting, but specifically for bypassing files scanned and found
196 # to be infected, or files that trigger scanner errors - for example, archive types with
197 # recognised but unsupported compression schemes, or corrupt archives.
198 # The option specifies the number of seconds for which the bypass link will be valid.
199 # 300 = enable for 5 minutes
200 # 0 = disable (default)
201 # -1 = enable, but require a separate program/CGI to generate a valid link
204 # Infection/Scan Error Bypass Secret Key
205 # Same as the 'bypasskey' option, but used for infection bypass mode.
206 infectionbypasskey = ''
208 # Infection/Scan Error Bypass on Scan Errors Only
209 # Enable this option to allow infectionbypass links only when virus scanning fails,
210 # not when a file is found to contain a virus.
211 # on = enable (default and highly recommended)
213 infectionbypasserrorsonly = on
215 # Disable content scanning
216 # If you enable this option you will disable content scanning for this group.
217 # Content scanning primarily is AV scanning (if enabled) but could include
219 # (on|off) default = off.
220 disablecontentscan = off
222 # Enable Deep URL Analysis
223 # When enabled, DG looks for URLs within URLs, checking against the bannedsitelist and
224 # bannedurllist. This can be used, for example, to block images originating from banned
225 # sites from appearing in Google Images search results, as the original URLs are
226 # embedded in the thumbnail GET requests.
227 # (on|off) default = off
228 deepurlanalysis = off
232 # -1 = log, but do not block - Stealth mode
233 # 0 = just say 'Access Denied'
234 # 1 = report why but not what denied phrase
236 # 3 = use HTML template file (accessdeniedaddress ignored) - recommended
238 # If defined, this overrides the global setting in dansguardian.conf for
239 # members of this filter group.
243 # accessdeniedaddress is the address of your web server to which the cgi
244 # dansguardian reporting script was copied. Only used in reporting levels
247 # This webserver must be either:
248 # 1. Non-proxied. Either a machine on the local network, or listed as an
249 # exception in your browser's proxy configuration.
250 # 2. Added to the exceptionsitelist. Option 1 is preferable; this option is
251 # only for users using both transparent proxying and a non-local server
252 # to host this script.
254 # If defined, this overrides the global setting in dansguardian.conf for
255 # members of this filter group.
257 #accessdeniedaddress = 'http://YOURSERVER.YOURDOMAIN/cgi-bin/dansguardian.pl'
259 # HTML Template override
260 # If defined, this specifies a custom HTML template file for members of this
261 # filter group, overriding the global setting in dansguardian.conf. This is
262 # only used in reporting level 3.
264 # The default template file path is <languagedir>/<language>/template.html
265 # e.g. /usr/share/dansguardian/languages/ukenglish/template.html when using 'ukenglish'
268 # This option generates a file path of the form:
269 # <languagedir>/<language>/<htmltemplate>
270 # e.g. /usr/share/dansguardian/languages/ukenglish/custom.html
272 #htmltemplate = 'custom.html'
274 # Email reporting - original patch by J. Gauthier
277 # If on, will enable system wide events to be reported by email.
278 # need to configure mail program (see 'mailer' in global config)
279 # and email recipients
280 # default usesmtp = off
281 #!! Not compiled !!usesmtp = off
284 # who the email would come from
285 # example: mailfrom = 'dansguardian@mycompany.com'
286 #!! Not compiled !!mailfrom = ''
289 # who the virus emails go to (if notify av is on)
290 # example: avadmin = 'admin@mycompany.com'
291 #!! Not compiled !!avadmin = ''
294 # who the content emails go to (when thresholds are exceeded)
295 # and contentnotify is on
296 # example: contentadmin = 'admin@mycompany.com'
297 #!! Not compiled !!contentadmin = ''
300 # Subject of the email sent when a virus is caught.
301 # only applicable if notifyav is on
302 # default avsubject = 'dansguardian virus block'
303 #!! Not compiled !!avsubject = 'dansguardian virus block'
306 # Subject of the email sent when violation thresholds are exceeded
307 # default contentsubject = 'dansguardian violation'
308 #!! Not compiled !!contentsubject = 'dansguardian violation'
311 # This will send a notification, if usesmtp/notifyav is on, any time an
312 # infection is found.
313 # Important: If this option is off, viruses will still be recorded like a
314 # content infraction.
315 #!! Not compiled !!notifyav = off
318 # This will send a notification, if usesmtp is on, based on thresholds
320 #!! Not compiled !!notifycontent = off
323 # results are only predictable with user authenticated configs
324 # if enabled the violation/threshold count is kept track of by the user
325 #!! Not compiled !!thresholdbyuser = off
328 # number of violations before notification
329 # setting to 0 will never trigger a notification
330 #!! Not compiled !!violations = 0
333 # this is in seconds. If 'violations' occur in 'threshold' seconds, then
334 # a notification is made.
335 # if this is set to 0, then whenever the set number of violations are made a
336 # notifaction will be sent.
337 #!! Not compiled !!threshold = 0
339 #SSL certificate checking
340 # Check that ssl certificates for servers on https connections are valid
341 # and signed by a ca in the configured path
344 #SSL man in the middle
345 # Forge ssl certificates for all sites, decrypt the data then re encrypt it
346 # using a different private key. Used to filter ssl sites