[pfSense] [pfsense] dansguardian
Radiotech1 at aaremail.com
Thu Apr 26 18:23:56 EDT 2012
Mine is up and running, but I have to manually put the dansguardian port in
the web browser as a proxy server. I do not have it working for transparent
As you can see, most of the settings are default.
These are the Dansguardian settings. (I hope you can read this).
I agree with dansguardian Terms and Conditions.
<http://dansguardian.org/?page=copyright2> Listen Interface(s)
Select interface(s) that you want to dansguardian listen on. Listen port
The port(s) that DansGuardian listens to. Daemon Options
Daemon Options. Default values are in ( ) Min/Max Children
Sets the minimun and maximum number of processes to spawn to handle the
Max value usually 250 depending on OS.
On large sites you might want to try 32/180. Min/Max Spare Children
Sets the minimum and maximun number of processes to be kept ready to handle
On large sites you might want to try 8/64. Prefork Children
sets the minimum number of processes to spawn when it runs out
On large sites you might want to try 10 Max Age Children
Sets the maximum age of a child process before it croaks it.
This is the number of connections they handle before exiting.
On large sites you might want to try 10000. Max Ips
Sets the maximum number client IP addresses allowed to connect at once.
Use this to set a hard limit on the number of users allowed to concurrently
browse the web. Set to 0 for no limit, and to disable the IP cache process.
Parent proxy Settings
Sets ip address for proxy server(usually squid). Proxy Port
Sets port number for proxy serve
This option handle the extraction of client usernames from various sources,
such as Proxy-Authorisation headers and ident servers, enabling requests to
be handled according to the settings of the user's filter group Scan Options
Scan options. Default values are in ( ) Weighted phrase mode
IMPORTANT: Note that setting this to "0" turns off all features which
extract phrases from page content, including banned & exception phrases (not
just weighted), search term filtering, and scanning for links to banned
URLs. Lower casing options
When a document is scanned the uppercase letters are converted to lower case
in order to compare them with the phrases.
However this can break Big5 and other 16-bit texts. If needed preserve the
case. Phrase filter mode
Smart, Raw and Meta/Title phrase content filtering options
Smart is where the multiple spaces and HTML are removed before phrase
Raw is where the raw HTML including meta tags are phrase filtered
Meta/Title is where only meta and title tags are phrase filtered (v. quick)
CPU usage can be effectively halved by using setting 0 or 1 compared to 2
Url cache number
Positive (clean) result caching for URLs Caches good pages so they don't
need to be scanned again.It also works with AV plugins.
0 = off (recommended for ISPs with users with disimilar browsing)
1000 = recommended for most user
5000 = suggested max upper limit
If you're using an AV plugin then use at least 5000. Url cache age
Age before cache are stale and should be ignored in seconds
900 = 15 mins(recommended)
0 = never SSL man in the middle Filtering
CA Warning: Invalid argument supplied for foreach() in
/usr/local/www/pkg_edit.php on line 560
Select Certificate Authority to use when SSL filtering is enabled on Group
To create a CA on pfsense, go to system -> Cert Manager Cert
Select Certificate pair to use when SSL filtering is enabled on Group
To create a Certificate on pfsense, go to system -> Cert Manager Content
Content Scanners (antivirus)
Content Scanners options. Default values are in ( ) freshclam frequency
Select how often pfsense will update clamd virus database Content scanner
Default is 60
Some of the content scanners support using a timeout value to stop
processing (eg AV scanning) the file if it takes too long.
If supported this will be used.
The default of 60 seconds is probably reasonable. Content scan exceptions
If 'on' exception sites, urls, users etc will be scanned.
This is probably not desirable behavour as exceptions are supposed to be
trusted and will increase load.
Correct use of grey lists are a better idea. ICAP URL
Enter ICAP URL in icap://icapserver:1344/avscan format
Use hostname rather than IP address and Always specify the port Misc
Misc options. Default values are in ( )
In squid from top to bottom I have selected (squid won't paiste for some
Proxy Interface: LAN and Loopback
Allow users = checked
Blank until Enable Logging
Enable logging = checked
Log store = /var/squid/logs
Log rotate = 90
Proxy port = 3128
ICP port = (blank)
Visible hostname = localhost
Anministrator email = admin at localhost
Language = English
X-Forward = no check
Disable Via = no check
The rest is blank
Upstream Proxy is totally blank and I am using no authentication for now.
This may not be the best settings. If anyone has any suggestion, please let
me know. I always look for ways to do things better.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the List