Easy Web Content Filtering with DansGuardian
I have a young step daughter at home and I know that curiosity can get the best of a young teen. I had been looking for an easy solution to deal with content filtering that would allow me to control over various types of content she could see. So I tured to DansGuardian. This filter sets up on a Linux server and, with the help of tinyproxy, acts as a content proxy filter for any machine on your network that needs filtering. It's easy to install and easy to set up.
And don't get my reason for using DansGuardian stop you from thinking this server could be used in other deployments. DansGuardian could be used for schools, businesses, internet cafes, etc. With that in mind let's see just how easy this is to get running.
I installed DansGuardian on a Ubuntu Server 8.10 installation. The installation took me all of approximately 2 minutes. The complexity of the configuration of DansGuardian will depend completely on how much you need to ban.
Installation
The first thing to do is get to the command line of your server and issue the following command:
sudo apt-get install dansguardian
The above command will install the filtering system. But you're not finished because DG requrires another tool, tinyproxy, to act as a proxy server. To install tinyproxy issue the following command:
sudo apt-get install tinyproxy
Now you're ready to configure.
Configuration
You could start up both DansGuardian and tinyproxy now and set up your browsers to use the proxy server right now. But you might want to take a visit to a couple of .conf files as well as the banned lists for DansGuardian. You will find the configuration file for DansGuardian in /etc/dansguardian. Open this up and take a look around. The most important configuration of this file is to make sure all the ports match up. In my installation both DansGuardian and tinyproxy were set up for port 8080. Perfect.
If you have a specific need for your network, make sure you go through both configuration files, which are set up very clearly and are well commented.
The next step is to take a look at the /etc/dansguardian/lists directory. In this directory you will find nearly every type of banned list you will need. The three most popular lists are:
- bannedsitelist
- bannedurllist
- bannedphraselist
The difference between bannedurl and bannedsite is with bannedurl you are able to ban only part of a site and with banndsite you can ban an entire site. The banned lists are set up very clearly. For instance, if you want to ban a site you would see this in the bannedsitelist:
# List categorisation
#listcategory: "Banned Sites"
#List other sites to block:
badboys.com
You can list any IP you want in this section. The bannedphraselist configuration looks like this:
# To block any page with words that contain the string "sex". (ie. sexual)
# <sex>
You would uncomment out the second line from the above. Again, this configuration file is commented very well so it will be easy to set up.
Starting the Services
First start up tiny proxy with the command:
sudo /etc/init.d/tinyproxy start
Now start DansGuardian with the command:
sudo /etc/init.d/dansguardian start
Configuring your browsers
This is very simple. What you need to do is configure all the browsers you want to go through the content filter to use the IP address of the DansGuardian server as their proxy server.
Final Thoughts
If you have ever wanted to use a content filtering server but didn't want to have to spend hours setting one up, DansGuardian is your solution. Not only is this solution simple, it is reliable and easy to maintain.
Advertisement
would not the child be able to disable the proxy settings from the browser?
DansGuardian is mean! Had it running in my previous job. It blocked completely random pages for no understandable reason. Had to use Gpass constantly to browse normaly.
For sure, if you want complete control with access restrictions then what you have outlined above is perfect. I use OpenDNS mainly for my protection (filtering out known phishing sites, for example). Additionally, I like not having to totally rely on my local ISP for dns servers. And lastly, I really enjoy having keywords that are accessible from any computer in my network. My usage is definitely different that yours, I just wanted to make sure that it wasn’t overlooked (heck, I sometimes overlook the easy alternative!)
In addition to what Jack said: if you read OpenDNS’s privacy policy, it is not the most impressive although kind of understandable.
while opendns is a good solution for sure. but i prefer using tools that i have absolute control over. dansguardian also allows me to control when/if she has access other sites like facebook and such.
using opendns is easy to bypass
While this is a great tutorial, wouldn’t OpenDNS be an easier way to control what content your step daughter could see?