A while ago I had a look at dansguardian as a better alternative to squidguard for web filtering, but at the time the pfSense package was still only being created or was in beta mode and there was no GUI added for it in the web console, so everything had to be done via the command line, I therefore decided to ignore the option of using dansguardian as I deemed it counter productive to what was needed. Fortunately someone had requested that I do a quick tutorial on using dansguardian, causing me to look at it once again for the first time in more then a year (not including the couple of times I’ve configured a simple version on a normal Linux Server) only to find that a GUI has been added to the dansguardian package in pfSense. So for this post I’m going to quickly go over configuring dansguardian with squid3 in transparent mode. *NB: installing any proxy or web filter in transparent mode will not filter https traffic without setting up man-in-middle proxy and that is difficult (damn near impossible as it works only sometimes) and not to mention highly unethical, rather use the firewall rules to block HTTPS access to websites.
What is Dansguardian?Dansguardian is a web filtering application that can run on any Linux OS and filters web traffic not only by URL, Domain names or IP address but by using search phrases in a file, block extensions, handle virus scanning, filter using PICS and can have a grey list as well as a exception list with time settings for each blocking category. Dansguardian works by having the web traffic from the user passed to the firewall/gateway then to Dansguardian which passes the allowed traffic to the proxy and then out to the internet.
Installing Squid3 and Dansguardian:Install dansguardian through the package manager under System > Packages > Available Packages. Once dansguardian is installed you can then install squid3 and configure it as a transparent proxy the same as in Part 3 of the pfSense Walkthrough. **NB: Dansguardian must be installed before Squid3 as it installs squid2.7 files as a dependency and will corrupt your squid3 install. If you have installed squid3 already and only now installing dansguardian then re-install the squid3 package after dansguardian is installed, your settings will be saved and squid3 will carry on working as before.
Configuring Dansguardian:First we need to create a redirect rule on the firewall to send all HTTP (80) traffic to dansguardian(8080). So go to Firewall > NAT > Port Forward and create a rule like the one below
- Interface = LAN
- Protocol = TCP
- Destination = any
- Destination Port = HTTP (80)
- Redirect Target IP = 192.168.1.1 (the IP address of your LAN interface)
(Optional) Adding Blacklists to dansguardian:Like squidguard, dansguardian can have an automated blacklist configured that will update it self ever so often. To configure the blacklists we will first need to tell dansguardian to download a list and also when to update it. Go to the Blacklist tab:
- Set the List on to Banned and Exception
- Set the Update frequency to Download and Update now
- insert the blacklist download URL (we using the shalla blacklist)
- click Save
- MIME types – filter by file extensions to prevent downloads of certain files
- Phrase filters – filter sites based on pages containing a certain phrase or string of phrases
- PICS – PICs is the internet standards filtering, which filters according to inter standards rating for Teens, Adult, etc
- Search Engines – well it blocks certain search engine.
*the link redirects you to paypal to securely process the payment.