Easy Web Content Filtering with DansGuardian

Jack Wallen
Mar 9, 2009
Updated • Dec 28, 2012

I have a young step daughter at home and I know that curiosity can get the best of a young teen. I had been looking for an easy solution to deal with content filtering that would allow me to control over various types of content she could see. So I tured to DansGuardian. This filter sets up on a Linux server and, with the help of tinyproxy, acts as a content proxy filter for any machine on your network that needs filtering. It's easy to install and easy to set up.

And don't get my reason for using DansGuardian stop you from thinking this server could be used in other deployments. DansGuardian could be used for schools, businesses, internet cafes, etc. With that in mind let's see just how easy this is to get running.

I installed DansGuardian on a Ubuntu Server 8.10 installation. The installation took me all of approximately 2 minutes. The complexity of the configuration of DansGuardian will depend completely on how much you need to ban.


The first thing to do is get to the command line of your server and issue the following command:

sudo apt-get install dansguardian

The above command will install the filtering system. But you're not finished because DG requrires another tool, tinyproxy, to act as a proxy server. To install tinyproxy issue the following command:

sudo apt-get install tinyproxy

Now you're ready to configure.


You could start up both DansGuardian and tinyproxy now and set up your browsers to use the proxy server right now. But you might want to take a visit to a couple of .conf files as well as the banned lists for DansGuardian. You will find the configuration file for DansGuardian in /etc/dansguardian. Open this up and take a look around. The most important configuration of this file is to make sure all the ports match up. In my installation both DansGuardian and tinyproxy were set up for port 8080. Perfect.

If you have a specific need for your network, make sure you go through both configuration files, which are set up very clearly and are well commented.

The next step is to take a look at the /etc/dansguardian/lists directory. In this directory you will find nearly every type of banned list you will need. The three most popular lists are:

  • bannedsitelist
  • bannedurllist
  • bannedphraselist

The difference between bannedurl and bannedsite is with bannedurl you are able to ban only part of a site and with banndsite you can ban an entire site. The banned lists are set up very clearly. For instance, if you want to ban a site you would see this in the bannedsitelist:

# List categorisation
#listcategory: "Banned Sites"
#List other sites to block:

You can list any IP you want in this section. The bannedphraselist configuration looks like this:

# To block any page with words that contain the string "sex". (ie. sexual)
# <sex>

You would uncomment out the second line from the above. Again, this configuration file is commented very well so it will be easy to set up.

Starting the Services

First start up tiny proxy with the command:

sudo /etc/init.d/tinyproxy start

Now start DansGuardian with the command:

sudo /etc/init.d/dansguardian start

Configuring your browsers

This is very simple. What you need to do is configure all the browsers you want to go through the content filter to use the IP address of the DansGuardian server as their proxy server.

Final Thoughts

If you have ever wanted to use a content filtering server but didn't want to have to spend hours setting one up, DansGuardian is your solution. Not only is this solution simple, it is reliable and easy to maintain.


Previous Post: «
Next Post: «


  1. jim said on August 23, 2010 at 10:08 pm

    would not the child be able to disable the proxy settings from the browser?

  2. vicko said on March 10, 2009 at 10:57 am

    DansGuardian is mean! Had it running in my previous job. It blocked completely random pages for no understandable reason. Had to use Gpass constantly to browse normaly.

  3. gatordrew said on March 10, 2009 at 4:32 am

    For sure, if you want complete control with access restrictions then what you have outlined above is perfect. I use OpenDNS mainly for my protection (filtering out known phishing sites, for example). Additionally, I like not having to totally rely on my local ISP for dns servers. And lastly, I really enjoy having keywords that are accessible from any computer in my network. My usage is definitely different that yours, I just wanted to make sure that it wasn’t overlooked (heck, I sometimes overlook the easy alternative!)

  4. Ashraf said on March 10, 2009 at 4:03 am

    In addition to what Jack said: if you read OpenDNS’s privacy policy, it is not the most impressive although kind of understandable.

  5. jack said on March 9, 2009 at 9:22 pm

    while opendns is a good solution for sure. but i prefer using tools that i have absolute control over. dansguardian also allows me to control when/if she has access other sites like facebook and such.

    1. Herard said on March 5, 2019 at 7:51 am

      using opendns is easy to bypass

  6. gatordrew said on March 9, 2009 at 6:13 pm

    While this is a great tutorial, wouldn’t OpenDNS be an easier way to control what content your step daughter could see?

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

We love comments and welcome thoughtful and civilized discussion. Rudeness and personal attacks will not be tolerated. Please stay on-topic.
Please note that your comment may not appear immediately after you post it.