pax_global_header00006660000000000000000000000064136135171070014516gustar00rootroot0000000000000052 comment=1b34fbb466e18c7c9f55b804773d6c5a7fb6b8c6 e2guardian-5.3.4/000077500000000000000000000000001361351710700135505ustar00rootroot00000000000000e2guardian-5.3.4/.gitignore000066400000000000000000000000671361351710700155430ustar00rootroot00000000000000*.[oa] *.Po *.Tpo *~ Makefile autom4te.cache README.md e2guardian-5.3.4/.gitlab-ci.yml000066400000000000000000000340541361351710700162120ustar00rootroot00000000000000stages: - build:debian - create-debian-package - TestDebian - build:ubuntu - create-ubuntu-package - TestUbuntu # Works in progress ... #- build:raspbian #- create-raspbian-package Package Docker Image Debian: stage: build:debian artifacts: expire_in: 10 minutes name: build paths: - /builds/fredbcode/e2guardian image: amd64/debian:stable variables: OS: "debian" script: - apt update - apt-get -y upgrade - apt install --no-install-recommends --no-install-suggests -y curl unzip base-files automake base-passwd bash coreutils dash debianutils diffutils dpkg e2fsprogs findutils grep gzip hostname ncurses-base libevent-pthreads-* libevent-dev ncurses-bin perl-base sed login sysvinit-utils tar bsdutils mount util-linux libc6-dev libc-dev gcc g++ make dpkg-dev autotools-dev debhelper dh-autoreconf dpatch libclamav-dev libpcre3-dev zlib1g-dev pkg-config libssl-dev libssl1.1 git ca-certificates lsb-release - cd /builds/fredbcode/e2guardian && ./autogen.sh && ./configure '--prefix=/usr' '--enable-clamd=yes' '--with-proxyuser=e2guardian' '--with-proxygroup=e2guardian' '--sysconfdir=/etc' '--localstatedir=/var' '--enable-icap=yes' '--enable-commandline=yes' '--enable-email=yes' '--enable-ntlm=yes' '--mandir=${prefix}/share/man' '--infodir=${prefix}/share/info' '--enable-pcre=yes' '--enable-sslmitm=yes' 'CPPFLAGS=-mno-sse2 -g -O2' - make - rm -rf .git Create Debian Package: stage: create-debian-package artifacts: expire_in: 10 minutes name: build paths: - /builds/fredbcode/e2guardian/scripts/debian_package image: amd64/debian:stable variables: PACKPATH: "/builds/fredbcode/e2guardian" PACKDST: "/builds/fredbcode/e2guardian/scripts/debian_package/e2debian_package" OS: "debian" script: - apt update && apt install --no-install-recommends --no-install-suggests -y curl git ca-certificates util-linux binutils - git clone https://github.com/fredbcode/scripts - cp ${PACKPATH}/src/e2guardian ${PACKDST}/data/usr/sbin/e2guardian - cp -Rf ${PACKPATH}/configs ${PACKDST}/data/etc/e2guardian/ - mkdir -p ${PACKPATH}/share/e2guardian/languages - cp -Rf ${PACKPATH}/data/languages ${PACKDST}/data/usr/share/e2guardian/ - cp ${PACKPATH}/data/*.gif ${PACKDST}/data/usr/share/e2guardian/ - cp ${PACKPATH}/data/*swf ${PACKDST}/data/usr/share/e2guardian/ - cp ${PACKPATH}/data/scripts/e2guardian.service ${PACKDST}/data/lib/systemd/system - find ${PACKDST}/ -type f -name "Makefil*" -delete - find ${PACKDST}/ -type f -name "*.in" -delete - SIZE=`stat -c %s ${PACKDST}/data` && echo $SIZE && sed -i "s/Installed-Size:.*$/Installed-Size:\ $SIZE/g" ${PACKDST}/control/control - VFULL=`${PACKDST}/data/usr/sbin/e2guardian -v | sed -n 1p | cut -d ' ' -f 2` && sed -i "s/Version:.*$/Version:\ $VFULL/g" ${PACKDST}/control/control - cd ${PACKDST} && cd .. && ./rebuild.sh e2"$OS"_package - rm -rf .git Test and publish Debian: stage: TestDebian image: amd64/debian:stable variables: PACKPATH: "/builds/fredbcode/e2guardian" PACKDST: "/builds/fredbcode/e2guardian/scripts/debian_package" CERT_DIR: "/home/e2/e2install/" OS: "debian" script: - apt update - apt install -y openssl curl git lsb-release libevent-pthreads* libtommath* - VERSION=`lsb_release -cs` - cd ${PACKDST} && dpkg -i e2"$OS"_package.deb - sed -i "s/^sslmitm.*$/sslmitm\ =\ on/" /etc/e2guardian/e2guardianf1.conf && sed -i "s/^enablessl.*$/enablessl\ =\ on/" /etc/e2guardian/e2guardian.conf && sed -i "s/^#cacertificatepath/cacertificatepath/;s/#caprivatekeypath/caprivatekeypath/;s/#certprivatekeypath/certprivatekeypath/;s/#generatedcertpath/generatedcertpath/" /etc/e2guardian/e2guardian.conf && sed -i "s/^RANDFILE\s*=\s*\\\$ENV/#RANDFILE\ =\ \$ENV/" /etc/ssl/openssl.cnf - mkdir -p ${CERT_DIR}generatedcerts - openssl genrsa 4096 > "${CERT_DIR}ca.key" && openssl req -subj "/C=US" -new -x509 -days 3650 -key "${CERT_DIR}ca.key" -out "${CERT_DIR}ca.pem" && openssl genrsa 4096 > "${CERT_DIR}cert.key" - chown --recursive e2guardian:e2guardian /home/e2 - e2guardian -N & - sleep 5 && export https_proxy=http://localhost:8080 && curl -k https://google.com - unset https_proxy - git clone -b packages --single-branch https://gitlab.com/fredbcode/e2guardian.git gitpackages - mkdir -p gitpackages/${CI_COMMIT_REF_NAME} - mv e2"$OS"_package.deb gitpackages/${CI_COMMIT_REF_NAME}/e2"$OS"_"$VERSION"_V"$VFULL"_$(date +%Y%m%d).deb - cd gitpackages/${CI_COMMIT_REF_NAME} - git add e2"$OS"_"$VERSION"_V"$VFULL"_$(date +%Y%m%d).deb - git config --global user.name "${GITLAB_USER_NAME}" - git config --global user.email "${GITLAB_USER_EMAIL}" - git commit -m "Commit "$OS" ${CI_COMMIT_REF_NAME} Package" - git push https://${YOUR_USERNAME}:${PERSONAL_ACCESS_TOKEN}@gitlab.com/fredbcode/e2guardian.git HEAD:packages Package Docker Image Ubuntu: stage: build:ubuntu artifacts: expire_in: 15 minutes name: build paths: - /builds/fredbcode/e2guardian image: amd64/ubuntu:18.04 script: - apt update - apt-get -y upgrade - apt install --no-install-recommends --no-install-suggests -y curl unzip base-files automake base-passwd bash coreutils dash debianutils diffutils dpkg e2fsprogs findutils grep gzip hostname ncurses-base libevent-pthreads-* libevent-dev ncurses-bin perl-base sed login sysvinit-utils tar bsdutils mount util-linux libc6-dev libc-dev gcc g++ make dpkg-dev autotools-dev debhelper dh-autoreconf dpatch libclamav-dev libpcre3-dev zlib1g-dev pkg-config libssl-dev libssl1.1 git ca-certificates lsb-release - cd /builds/fredbcode/e2guardian && ./autogen.sh && ./configure '--prefix=/usr' '--enable-clamd=yes' '--with-proxyuser=e2guardian' '--with-proxygroup=e2guardian' '--sysconfdir=/etc' '--localstatedir=/var' '--enable-icap=yes' '--enable-commandline=yes' '--enable-email=yes' '--enable-ntlm=yes' '--mandir=${prefix}/share/man' '--infodir=${prefix}/share/info' '--enable-pcre=yes' '--enable-sslmitm=yes' 'CPPFLAGS=-mno-sse2 -g -O2' - make - rm -rf .git Create Ubuntu Package: stage: create-ubuntu-package image: amd64/ubuntu:18.04 artifacts: expire_in: 15 minutes name: build paths: - /builds/fredbcode/e2guardian/scripts/debian_package variables: PACKPATH: "/builds/fredbcode/e2guardian" PACKDST: "/builds/fredbcode/e2guardian/scripts/debian_package/e2ubuntu_package" OS: "ubuntu" script: - apt update && apt install --no-install-recommends --no-install-suggests -y curl git ca-certificates util-linux binutils - cp ${PACKPATH}/src/e2guardian ${PACKDST}/data/usr/sbin/e2guardian - cp -Rf ${PACKPATH}/configs ${PACKDST}/data/etc/e2guardian/ - mkdir -p ${PACKPATH}/share/e2guardian/languages - cp -Rf ${PACKPATH}/data/languages ${PACKDST}/data/usr/share/e2guardian/ - cp ${PACKPATH}/data/*.gif ${PACKDST}/data/usr/share/e2guardian/ - cp ${PACKPATH}/data/*swf ${PACKDST}/data/usr/share/e2guardian/ - cp ${PACKPATH}/data/scripts/e2guardian.service ${PACKDST}/data/lib/systemd/system - find ${PACKDST}/ -type f -name "Makefil*" -delete - find ${PACKDST}/ -type f -name "*.in" -delete - SIZE=`stat -c %s ${PACKDST}/data` && echo $SIZE && sed -i "s/Installed-Size:.*$/Installed-Size:\ $SIZE/g" ${PACKDST}/control/control - VFULL=`${PACKDST}/data/usr/sbin/e2guardian -v | sed -n 1p | cut -d ' ' -f 2` && sed -i "s/Version:.*$/Version:\ $VFULL/g" ${PACKDST}/control/control - cd ${PACKDST} && cd .. && ./rebuild.sh e2"$OS"_package - rm -rf .git Test and publish Ubuntu: stage: TestUbuntu image: amd64/ubuntu:18.04 variables: PACKPATH: "/builds/fredbcode/e2guardian" PACKDST: "/builds/fredbcode/e2guardian/scripts/debian_package" CERT_DIR: "/home/e2/e2install/" OS: "ubuntu" script: - apt update - apt install -y curl openssl git lsb-release libevent-pthreads* libtommath* - VERSION=`lsb_release -cs` - VFULL=`${PACKDST}/e2debian_package/data/usr/sbin/e2guardian -v | sed -n 1p | cut -d ' ' -f 2` - cd ${PACKDST} && dpkg -i e2"$OS"_package.deb - sed -i "s/^sslmitm.*$/sslmitm\ =\ on/" /etc/e2guardian/e2guardianf1.conf && sed -i "s/^enablessl.*$/enablessl\ =\ on/" /etc/e2guardian/e2guardian.conf && sed -i "s/^#cacertificatepath/cacertificatepath/;s/#caprivatekeypath/caprivatekeypath/;s/#certprivatekeypath/certprivatekeypath/;s/#generatedcertpath/generatedcertpath/" /etc/e2guardian/e2guardian.conf && sed -i "s/^RANDFILE\s*=\s*\\\$ENV/#RANDFILE\ =\ \$ENV/" /etc/ssl/openssl.cnf - mkdir -p ${CERT_DIR}generatedcerts - openssl genrsa 4096 > "${CERT_DIR}ca.key" && openssl req -subj "/C=US" -new -x509 -days 3650 -key "${CERT_DIR}ca.key" -out "${CERT_DIR}ca.pem" && openssl genrsa 4096 > "${CERT_DIR}cert.key" - chown --recursive e2guardian:e2guardian /home/e2 - e2guardian -N & - sleep 5 && export https_proxy=http://localhost:8080 && curl -k https://google.com - unset https_proxy - git clone -b packages --single-branch https://gitlab.com/fredbcode/e2guardian.git gitpackages - mkdir -p gitpackages/${CI_COMMIT_REF_NAME} - mv e2"$OS"_package.deb gitpackages/${CI_COMMIT_REF_NAME}/e2"$OS"_"$VERSION"_V"$VFULL"_$(date +%Y%m%d).deb - cd gitpackages/${CI_COMMIT_REF_NAME} - git add e2"$OS"_"$VERSION"_V"$VFULL"_$(date +%Y%m%d).deb - git config --global user.name "${GITLAB_USER_NAME}" - git config --global user.email "${GITLAB_USER_EMAIL}" - git commit -m "Commit "$OS" ${CI_COMMIT_REF_NAME} Package" - git push https://${YOUR_USERNAME}:${PERSONAL_ACCESS_TOKEN}@gitlab.com/fredbcode/e2guardian.git HEAD:packages # TODO: CONFIGURE configure --host=arm works only on real machine ? # #Package Docker Image Raspbian: # stage: build:raspbian # artifacts: # expire_in: 1 hour # name: build-raspbian # paths: # - /builds # image: amd64/debian:stable # variables: # OS: "rasbian" # script: # - echo "deb-src http://deb.debian.org/debian stretch main" >> /etc/apt/sources.list # - echo "deb-src http://deb.debian.org/debian-security/ stretch/updates main" >> /etc/apt/sources.list # - echo "deb-src http://deb.debian.org/debian stretch-updates main" >> /etc/apt/sources.list # - apt update # - apt-get -y upgrade # - apt install --no-install-recommends --no-install-suggests -y curl unzip base-files automake base-passwd # bash coreutils dash debianutils diffutils dpkg e2fsprogs findutils grep gzip hostname ncurses-base # libevent-pthreads-* libevent-dev ncurses-bin perl-base sed login sysvinit-utils tar bsdutils # mount util-linux libc6-dev libc-dev gcc g++ make dpkg-dev autotools-dev debhelper dh-autoreconf dpatch # libclamav-dev libpcre3-dev zlib1g-dev pkg-config libssl-dev libssl1.1 git ca-certificates lsb-release gcc-arm-linux-gnueabi g++-arm-linux-gnueabi # - dpkg --add-architecture armhf # - apt-get update # - apt-get install -y build-essential crossbuild-essential-armhf # - apt-get build-dep -y -aarmhf e2guardian # - git clone https://github.com/raspberrypi/tools.git --depth 1 /tmp/tools # - export ARCH=arm # - export CROSS_COMPILE=arm-bcm2708hardfp-linux-gnueabi- # - export CC=/tmp/tools/arm-bcm2708/arm-bcm2708hardfp-linux-gnueabi/bin/arm-bcm2708hardfp-linux-gnueabi-gcc # - export NM=/tmp/tools/arm-bcm2708/arm-bcm2708hardfp-linux-gnueabi/bin/arm-bcm2708hardfp-linux-gnueabi-nm # - export LD=/tmp/tools/arm-bcm2708/arm-bcm2708hardfp-linux-gnueabi/bin/arm-bcm2708hardfp-linux-gnueabi-ld # - export CXX=/tmp/tools/arm-bcm2708/arm-bcm2708hardfp-linux-gnueabi/bin/arm-bcm2708hardfp-linux-gnueabi-g++ # - export RANLIB=/tmp/tools/arm-bcm2708/arm-bcm2708hardfp-linux-gnueabi/bin/arm-bcm2708hardfp-linux-gnueabi-ranlib # - export AR=/tmp/tools/arm-bcm2708/arm-bcm2708hardfp-linux-gnueabi/bin/arm-bcm2708hardfp-linux-gnueabi-ar # - cd /builds/fredbcode/e2guardian # - ./autogen.sh # - export # - ./configure --host=arm --prefix=/usr --enable-clamd=yes --with-proxyuser=e2guardian --with-proxygroup=e2guardian --sysconfdir=/etc --localstatedir=/var --enable-icap=yes --enable-commandline=yes --enable-email=yes --enable-ntlm=yes --enable-pcre=yes --enable-sslmitm=yes # - make ARCH=arm CROSS_COMPIL=arm-linux-gnueabi- # - rm -rf .git # ##Create Raspbian Package: # stage: create-raspbian-package # image: amd64/debian:stable # variables: # PACKPATH: "/builds/fredbcode/e2guardian" # PACKDST: "/builds/fredbcode/e2guardian/scripts/debian_package/e2raspbian_package" # OS: "raspbian" # script: # - cd /builds/fredbcode/e2guardian # - apt update && apt install --no-install-recommends --no-install-suggests -y curl git ca-certificates lsb-release util-linux binutils # - git clone https://github.com/fredbcode/scripts # - cp ${PACKPATH}/src/e2guardian ${PACKDST}/data/usr/sbin/e2guardian # - cp -Rf ${PACKPATH}/configs ${PACKDST}/data/etc/e2guardian/ # - mkdir -p ${PACKPATH}/share/e2guardian/languages # - cp -Rf ${PACKPATH}/data/languages ${PACKDST}/data/usr/share/e2guardian/ # - cp ${PACKPATH}/data/*.gif ${PACKDST}/data/usr/share/e2guardian/ # - cp ${PACKPATH}/data/*swf ${PACKDST}/data/usr/share/e2guardian/ # - find ${PACKDST}/ -type f -name "Makefil*" -delete # - find ${PACKDST}/ -type f -name "*.in" -delete # - SIZE=`stat -c %s ${PACKDST}/data` && echo $SIZE && sed -i "s/Installed-Size:.*$/Installed-Size:\ $SIZE/g" ${PACKDST}/control/control # - sed -i "s/Version:.*$/Version:\ ${CI_COMMIT_REF_NAME}/g" ${PACKDST}/control/control # - cd ${PACKDST} && cd .. && ./rebuild.sh e2"$OS"_package # - git clone -b packages --single-branch https://gitlab.com/fredbcode/e2guardian.git gitpackages # - mkdir -p gitpackages/${CI_COMMIT_REF_NAME} # - mv e2"$OS"_package.deb gitpackages/${CI_COMMIT_REF_NAME}/e2"$OS"_${CI_COMMIT_REF_NAME}_$(date +%Y%m%d).deb # - cd gitpackages/${CI_COMMIT_REF_NAME} # - git add *.deb # - git config --global user.name "${GITLAB_USER_NAME}" # - git config --global user.email "${GITLAB_USER_EMAIL}" # - git commit -m "Commit "$OS" ${CI_COMMIT_REF_NAME} Package" # - git push https://${YOUR_USERNAME}:${PERSONAL_ACCESS_TOKEN}@gitlab.com/fredbcode/e2guardian.git HEAD:packages # - rm -rf * e2guardian-5.3.4/AUTHORS000077500000000000000000000001171361351710700146220ustar00rootroot00000000000000For authors go to http://e2guardian.org/ This file required by the autotools. e2guardian-5.3.4/COPYING000077500000000000000000000443161361351710700146160ustar00rootroot00000000000000 GNU GENERAL PUBLIC LICENSE Version 2, June 1991 Copyright (C) 1989, 1991 Free Software Foundation, Inc. 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA Everyone is permitted to copy and distribute verbatim copies of this license document, but changing it is not allowed. Preamble The licenses for most software are designed to take away your freedom to share and change it. By contrast, the GNU General Public License is intended to guarantee your freedom to share and change free software--to make sure the software is free for all its users. This General Public License applies to most of the Free Software Foundation's software and to any other program whose authors commit to using it. (Some other Free Software Foundation software is covered by the GNU Library General Public License instead.) You can apply it to your programs, too. When we speak of free software, we are referring to freedom, not price. Our General Public Licenses are designed to make sure that you have the freedom to distribute copies of free software (and charge for this service if you wish), that you receive source code or can get it if you want it, that you can change the software or use pieces of it in new free programs; and that you know you can do these things. To protect your rights, we need to make restrictions that forbid anyone to deny you these rights or to ask you to surrender the rights. These restrictions translate to certain responsibilities for you if you distribute copies of the software, or if you modify it. For example, if you distribute copies of such a program, whether gratis or for a fee, you must give the recipients all the rights that you have. You must make sure that they, too, receive or can get the source code. And you must show them these terms so they know their rights. We protect your rights with two steps: (1) copyright the software, and (2) offer you this license which gives you legal permission to copy, distribute and/or modify the software. Also, for each author's protection and ours, we want to make certain that everyone understands that there is no warranty for this free software. If the software is modified by someone else and passed on, we want its recipients to know that what they have is not the original, so that any problems introduced by others will not reflect on the original authors' reputations. Finally, any free program is threatened constantly by software patents. We wish to avoid the danger that redistributors of a free program will individually obtain patent licenses, in effect making the program proprietary. To prevent this, we have made it clear that any patent must be licensed for everyone's free use or not licensed at all. The precise terms and conditions for copying, distribution and modification follow. GNU GENERAL PUBLIC LICENSE TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION 0. This License applies to any program or other work which contains a notice placed by the copyright holder saying it may be distributed under the terms of this General Public License. The "Program", below, refers to any such program or work, and a "work based on the Program" means either the Program or any derivative work under copyright law: that is to say, a work containing the Program or a portion of it, either verbatim or with modifications and/or translated into another language. (Hereinafter, translation is included without limitation in the term "modification".) Each licensee is addressed as "you". Activities other than copying, distribution and modification are not covered by this License; they are outside its scope. The act of running the Program is not restricted, and the output from the Program is covered only if its contents constitute a work based on the Program (independent of having been made by running the Program). Whether that is true depends on what the Program does. 1. You may copy and distribute verbatim copies of the Program's source code as you receive it, in any medium, provided that you conspicuously and appropriately publish on each copy an appropriate copyright notice and disclaimer of warranty; keep intact all the notices that refer to this License and to the absence of any warranty; and give any other recipients of the Program a copy of this License along with the Program. You may charge a fee for the physical act of transferring a copy, and you may at your option offer warranty protection in exchange for a fee. 2. You may modify your copy or copies of the Program or any portion of it, thus forming a work based on the Program, and copy and distribute such modifications or work under the terms of Section 1 above, provided that you also meet all of these conditions: a) You must cause the modified files to carry prominent notices stating that you changed the files and the date of any change. b) You must cause any work that you distribute or publish, that in whole or in part contains or is derived from the Program or any part thereof, to be licensed as a whole at no charge to all third parties under the terms of this License. c) If the modified program normally reads commands interactively when run, you must cause it, when started running for such interactive use in the most ordinary way, to print or display an announcement including an appropriate copyright notice and a notice that there is no warranty (or else, saying that you provide a warranty) and that users may redistribute the program under these conditions, and telling the user how to view a copy of this License. (Exception: if the Program itself is interactive but does not normally print such an announcement, your work based on the Program is not required to print an announcement.) These requirements apply to the modified work as a whole. If identifiable sections of that work are not derived from the Program, and can be reasonably considered independent and separate works in themselves, then this License, and its terms, do not apply to those sections when you distribute them as separate works. But when you distribute the same sections as part of a whole which is a work based on the Program, the distribution of the whole must be on the terms of this License, whose permissions for other licensees extend to the entire whole, and thus to each and every part regardless of who wrote it. Thus, it is not the intent of this section to claim rights or contest your rights to work written entirely by you; rather, the intent is to exercise the right to control the distribution of derivative or collective works based on the Program. In addition, mere aggregation of another work not based on the Program with the Program (or with a work based on the Program) on a volume of a storage or distribution medium does not bring the other work under the scope of this License. 3. You may copy and distribute the Program (or a work based on it, under Section 2) in object code or executable form under the terms of Sections 1 and 2 above provided that you also do one of the following: a) Accompany it with the complete corresponding machine-readable source code, which must be distributed under the terms of Sections 1 and 2 above on a medium customarily used for software interchange; or, b) Accompany it with a written offer, valid for at least three years, to give any third party, for a charge no more than your cost of physically performing source distribution, a complete machine-readable copy of the corresponding source code, to be distributed under the terms of Sections 1 and 2 above on a medium customarily used for software interchange; or, c) Accompany it with the information you received as to the offer to distribute corresponding source code. (This alternative is allowed only for noncommercial distribution and only if you received the program in object code or executable form with such an offer, in accord with Subsection b above.) The source code for a work means the preferred form of the work for making modifications to it. For an executable work, complete source code means all the source code for all modules it contains, plus any associated interface definition files, plus the scripts used to control compilation and installation of the executable. However, as a special exception, the source code distributed need not include anything that is normally distributed (in either source or binary form) with the major components (compiler, kernel, and so on) of the operating system on which the executable runs, unless that component itself accompanies the executable. If distribution of executable or object code is made by offering access to copy from a designated place, then offering equivalent access to copy the source code from the same place counts as distribution of the source code, even though third parties are not compelled to copy the source along with the object code. 4. You may not copy, modify, sublicense, or distribute the Program except as expressly provided under this License. Any attempt otherwise to copy, modify, sublicense or distribute the Program is void, and will automatically terminate your rights under this License. However, parties who have received copies, or rights, from you under this License will not have their licenses terminated so long as such parties remain in full compliance. 5. You are not required to accept this License, since you have not signed it. However, nothing else grants you permission to modify or distribute the Program or its derivative works. These actions are prohibited by law if you do not accept this License. Therefore, by modifying or distributing the Program (or any work based on the Program), you indicate your acceptance of this License to do so, and all its terms and conditions for copying, distributing or modifying the Program or works based on it. 6. Each time you redistribute the Program (or any work based on the Program), the recipient automatically receives a license from the original licensor to copy, distribute or modify the Program subject to these terms and conditions. You may not impose any further restrictions on the recipients' exercise of the rights granted herein. You are not responsible for enforcing compliance by third parties to this License. 7. If, as a consequence of a court judgment or allegation of patent infringement or for any other reason (not limited to patent issues), conditions are imposed on you (whether by court order, agreement or otherwise) that contradict the conditions of this License, they do not excuse you from the conditions of this License. If you cannot distribute so as to satisfy simultaneously your obligations under this License and any other pertinent obligations, then as a consequence you may not distribute the Program at all. For example, if a patent license would not permit royalty-free redistribution of the Program by all those who receive copies directly or indirectly through you, then the only way you could satisfy both it and this License would be to refrain entirely from distribution of the Program. If any portion of this section is held invalid or unenforceable under any particular circumstance, the balance of the section is intended to apply and the section as a whole is intended to apply in other circumstances. It is not the purpose of this section to induce you to infringe any patents or other property right claims or to contest validity of any such claims; this section has the sole purpose of protecting the integrity of the free software distribution system, which is implemented by public license practices. Many people have made generous contributions to the wide range of software distributed through that system in reliance on consistent application of that system; it is up to the author/donor to decide if he or she is willing to distribute software through any other system and a licensee cannot impose that choice. This section is intended to make thoroughly clear what is believed to be a consequence of the rest of this License. 8. If the distribution and/or use of the Program is restricted in certain countries either by patents or by copyrighted interfaces, the original copyright holder who places the Program under this License may add an explicit geographical distribution limitation excluding those countries, so that distribution is permitted only in or among countries not thus excluded. In such case, this License incorporates the limitation as if written in the body of this License. 9. The Free Software Foundation may publish revised and/or new versions of the General Public License from time to time. Such new versions will be similar in spirit to the present version, but may differ in detail to address new problems or concerns. Each version is given a distinguishing version number. If the Program specifies a version number of this License which applies to it and "any later version", you have the option of following the terms and conditions either of that version or of any later version published by the Free Software Foundation. If the Program does not specify a version number of this License, you may choose any version ever published by the Free Software Foundation. 10. If you wish to incorporate parts of the Program into other free programs whose distribution conditions are different, write to the author to ask for permission. For software which is copyrighted by the Free Software Foundation, write to the Free Software Foundation; we sometimes make exceptions for this. Our decision will be guided by the two goals of preserving the free status of all derivatives of our free software and of promoting the sharing and reuse of software generally. NO WARRANTY 11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING, REPAIR OR CORRECTION. 12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. END OF TERMS AND CONDITIONS How to Apply These Terms to Your New Programs If you develop a new program, and you want it to be of the greatest possible use to the public, the best way to achieve this is to make it free software which everyone can redistribute and change under these terms. To do so, attach the following notices to the program. It is safest to attach them to the start of each source file to most effectively convey the exclusion of warranty; and each file should have at least the "copyright" line and a pointer to where the full notice is found. Copyright (C) This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA Also add information on how to contact you by electronic and paper mail. If the program is interactive, make it output a short notice like this when it starts in an interactive mode: Gnomovision version 69, Copyright (C) year name of author Gnomovision comes with ABSOLUTELY NO WARRANTY; for details type `show w'. This is free software, and you are welcome to redistribute it under certain conditions; type `show c' for details. The hypothetical commands `show w' and `show c' should show the appropriate parts of the General Public License. Of course, the commands you use may be called something other than `show w' and `show c'; they could even be mouse-clicks or menu items--whatever suits your program. You should also get your employer (if you work as a programmer) or your school, if any, to sign a "copyright disclaimer" for the program, if necessary. Here is a sample; alter the names: Yoyodyne, Inc., hereby disclaims all copyright interest in the program `Gnomovision' (which makes passes at compilers) written by James Hacker. , 1 April 1989 Ty Coon, President of Vice This General Public License does not permit incorporating your program into proprietary programs. If your program is a subroutine library, you may consider it more useful to permit linking proprietary applications with the library. If this is what you want to do, use the GNU Library General Public License instead of this License. In addition, as a special exception, the copyright holders of this work, gives permission to link the code of its release of E2Guardian with the OpenSSL project's "OpenSSL" library (or with modified versions of it that use the same license as the "OpenSSL" library), and distribute the linked executables. You must obey the GNU General Public License in all respects for all of the code used other than "OpenSSL". If you modify this file, you may extend this exception to your version of the file, but you are not obligated to do so. If you do not wish to do so, delete this exception statement from your version. e2guardian-5.3.4/ChangeLog000077500000000000000000000070761361351710700153370ustar00rootroot00000000000000About "Bug" tags show "https://github.com/e2guardian/e2guardian/issues?q=is%3Aissue+is%3Aclosed" version 5.3.4 January 2019 - Increase example maxcontentcachesize to make filtering youtube work - Fix #565 segfault when no write permission on generated certs directory - Fix #493 referexception not working - Fix #549 - Url in CGI and bypass wrong in MITM - Bug fix sigwait code for OpenBSD - Amend example bannedregexpulrlist - Fix #554 Override Search Terms not overriding weighted search term check - Add request log option for diagnostics - see notes/RequestLog and more ... Version 5.3.3 July 2019 - Memory not released when startSslServer returns error #542 June 2019 - IE10/11 on Win7 reports 408/9 error on some sites #538 May 2019 - Fix segfault when corrupt SNI presented April 2019 - Fix bug #532 - reverse IP lookup give random chars in log and segfaults - Update comments in list files - as per issue #530 - Add support for reading openssl config files - new optional e2guardian.conf params useopensslconf and opensslconffile - Fix bug #527 - memory leaking when complied with openssl v1.1 - Loop detect code added - enhancement #523 - Note that to activate loop detect 'checkip' lines need to be added to e2guardian.conf, one for each ip the e2guardian system is listening on, including loopback and any VIP used. March 2019 - Fix #512 - Fix segfault bug #509 Version 5.3.2 March 2019 - SSLMITM source code clean-up - no logic or call changes - Fix bug #514 - useragentin - Fix ICAP error (with SSL denied) introduced in 5.3.1 Version 5.3.1 January 2019 - Fix bug with Firefox and SSL denied web sites (connection still opened, massive performance issue) - Update ICAP client (tested with drweb AV) - Add stealth mode (reporting without block) to StoryBoard mode - Add new secure bypass mode (experimental) - Better handling for non-tls and non-sni calls on transparent https - Fix bug #490 modified URL not shown in log - Fix bug #489 - exception file ext/mime type not working correctly - Fix bug #486 - bypass cookie not being set in proxy mode December 2018 - Fix for #485 related to #481 wrong upstream site called in direct mode - Fix bug #481 auth exception being denied - Fix bug #480 Ignore http 100 when no expect: 100-continue - Fix bug #478 check searchterms always being called - Fix bug #476 - only check when potential url is longer than 3 chars and contains'.' - Fix bug #464 proxy auth issues - Fix bug #475 Client Hostname blank in template - Fix bug #473 ICAP mode: Wrong group in respmod - Fix bug #465 Incorrect wildcard certificate validation and more ... Version 5.2.2 September 2018 - Reenable content regexp option - Allow the ip authplugin to use the X-Client-IP header when using ICAP - Fix bug #432 Block html page gets shown twice - Fix bug #436 compilation bug with avast and kavscan - Fix some lags with debugmanager - Allow the ip authplugin to use the X-Client-IP header when using ICAP - Update default template page (denied access) and more ... August 2018 - Add new per cent option of weighted phrase lists - Global code review (remove gcc warnings) July 2018 - Fix ICAP client - tested with f-secure and Kav4proxy - - Fix bug #417 urlredirectregexplist doesn't work - Fix bug #418 NTLM auth is not working - Fix bug #410 segfault if "neterrtemplate=" doesn't exist in config - Fix bug #414 compiler error caused by extra brace Summary of changes in this release (v5.2) can be found in e2guardian.release and notes/NEWIN_v5 Changes to E2guardian 4.x.x can be found in ChangeLog4.x Changes to E2guardian 3.x.x can be found in ChangeLog3.x e2guardian-5.3.4/ChangeLog3.x000066400000000000000000000151461361351710700156620ustar00rootroot00000000000000 - Fix bug #181 ERR_RESPONSE_HEADERS with bypass - Fix bug #183 whitelist and identification - Fix bug #182 e2guardian systemd service does not support reload - Fix bug #178 (NTLM Messages) February 2016 - Version 3.5.0 Summary of changes in this release (v3.5.0) can be found in e2guardian.release January 2016 Many Improvements and bug fixes, big thanks to Chris Nighswonger for his help - Remove unused code - Fix Bug #169 Mismached use of free() - Fix Bug #162 Check missing dependency openssl - Fix Bug #163 e2guardian -g causes segfault December 2016 - Fix Bug #157 (Code 400 log) - Fix Bug #130 filtergroupslist not working with NTLM authentication (HTTPS) November 2016 - Fix Bug #135 SSL Bypass not working - Fix Bug #156 Crash with url beyond 2048 characters (in list) October 2016 - New blockedflash.swf version + source September 2016 - Add Squid Log File Format August 2016 - Fix Bug #119 readFromSocket incorrect error path - Fix Bug #136 (Ignoring the body of 304 replies causes corrupted messages) - New auth plugin - identification by header - July 2016 - New logheadervalue option added June 2016 - Russian translation - Update french translation March 2016 - Version 3.4.0.3 Summary of changes in this release (v3.4.0.3) can be found in e2guardian.release - Fix segfault when weightedphrasemode not defined - naughtynesslimit now defaults to 50 (previously undefined) February 2016 - Fix ICAP with c-icap server, new option previewforce - Version 3.4.0.2 - Fix bug #109 (bannedphraselist not working) - Version 3.4.0.1 - Hotfixes bugs #103 #105 (segfault) January 2016 - Version 3.4.0 - weightedphrasemode now optional - defaults to 1 - allowemptyhostcert option added (optional) - createlistcachefiles now defaults to off December 2015 - new sslsiteregexplist added (optional) - search term logic changed so banned_search_override works with both search block list and with weighted search term. - list_flags checked on lookups to avoid segv when lists not present - Fix SEGV when SSL connect fails - add logsslerrors option - Fix certificate generation with hostnames longer than 64 bytes (bug #96) November 2015 - Fix bug #96 Certificate Issues - requires X509_V_FLAG_TRUSTED_FIRST support in openssl - Add SNI support to MITM - note only works with openssh 1.0.1e or higher - Fix bux #94 new option textmimetypes - Reports error on ssl_connect failure - extra message (160) added - SSLMITM Upgrade sha1 to sha256 September 2015 - originalip off by default (complain about 400 Bad request URL is malformed) - Added, "namesuffix" option - one log file by instance (syslog) - August 2015 Summary of changes in this release (v3.2.0) can be found in e2guardian.release July 2015 - Fix bug #76 sslaccessdeniedaddress and reporting level < 3 - Remove old & unused values - Remove max_upload option from e2guardian.conf June 2015 - Fix Bug #75 contentscanners commandlinescan broken and potential problem with the others - Fix bug #30 compilation issue with --program-prefix - Security Fix: AV and empty access_denied_domain value break scan silently - Fix bug #72 (wrong config file) - Add new option: "xforwardedforfilterip" - Fix weighted phrases bug #15 - Add brazilian translation - Code cleaning - Add Czech translation - New ssllegacylogic option (SSL lists greysslsitelist and bannedsslsitelist in separate files) default off - Add SEARCHWORDS as default - Add SSL_EXTRA_LIST as default - Add LOCAL_LIST as default new option enablelocallists = on/off - Add TOTAL_BLOCK_LIST as default - Fix e2 now can start with --enable-sslmitm=yes without ca certificat January 2015 - MITM cert checking re-enabled - MITM cert checking can be turned on/off with mitmcheckcert option - Optional nocheckcertsitelist introduced December 2014 - Version 3.1.2 - Several bug fixes - MITM cert checking disabled to enable cross-platform working to address Google retirement of nosslsearch feature. December 2014 - Version 3.1.1 MITM now working - See notes/ssl_mitm for details - Fix Segfault with filter_ports < auth plugins bug #44 - Fix e2guardianf1.conf and groupmode = 0 breaks identification bug #38 November 2014 - Fix blanket block not working bug May/June 2014 - CIDR format support added in IP lists - Rooms facility updated - now includes room specific overide white lists - New perroomdirectory option in e2guardian.conf added - Backward compatible with perroombanneddirectory option. - Hard coded room user/log messages removed and replaced with new items in language messages file. - Reading of lists functions amended to accomodate reading of multiple types of lists from a single file. - Fixes from 3.0.4 merged - Fixes from 3.0.3 merged - Start of development version 3.1 - Fix Compilation problem with --enable-dnsauth=yes June/July 2014 - e2guardian 3.0.3 - Fix issue with urls ending in '//' - Fix Compilation problem with --enable-dnsauth=yes June 2014 - e2guardian 3.0.3 - Fix site truncation when total_block_list in use - Error message now given when maxchildren is reached - Fix gentle restart - A '-g' gentle restart does not kill current connections but filter group config is re-read. - Fix ugly check about "open room definitions" - Information message should be given when e2guardian is reloaded Mai 2014 - Release 3.0.2 - It fixes some compile errors reported in v3.0.1 April 2014 - Release 3.0.1 - see e2guardian.release for details February 2014 - Maxlogitemlength code moved into ConnectionHandler.cpp so as to prevent very large URLs corrupting log messages and to lower load on inter-process communication. - URL cache - Cache is now only checked (or added to) if URL is less than 2000 bytes and method is GET. - Emtpy list set issue fixed - was causes failure of logging and URLcache processes when filtergroup was set to block all. November 2013 - e2guardian 1.0.0.1 - mapportstoips conf option added - when off listens on every filterports on every IP address, - when on maps filterports to filterip's, default on First alpha version with E2BN Protex features added - See e2guardian.release for details. September 2013 - e2guardian 1.0.0.0 - URLs with # no longer truncated when reading lists - mapauthtoports conf option added - when off scans all auth plugs on every listening addr/port, when on maps auth plugins to addr/ports, default on - Warning message about reporting level by Frederic Bourgeois - Added, full banned URL, including parameters, for sslaccesdenied By frederic Bourgeois - Added, nonstandarddelimiter per filtergroupe By frederic Bourgeois - Fix Libpcre crash by Russell coker from Debian - Fix BSD crash (process forking out of control) By Philip Pearce and Martin Coco For historical changes to DansGuardian see DGChangeLog e2guardian-5.3.4/ChangeLog4.x000077500000000000000000000043641361351710700156660ustar00rootroot00000000000000About "Bug" tags show "https://github.com/e2guardian/e2guardian/issues?q=is%3Aissue+is%3Aclosed" Version 4.1.5 April 2018 - Fix bug #268 and bug #344 accept libssl1.0 & 1.1 - Fix bug #369 Segfault on some systems Mars 2018 - Fix some problems with log (Bug #354) January 2018 - Fix random crashes with Header (update) - Fix incorrect timeout in DataBuffer - Fix regression with sslaccessdeniedaddress Version 4.1.4 November 2017 - Fix bug #288 307 Answer is not CRLF just LF - Fix bug #302 Client address is missing with squid format logs - Fix random crashes with: Header without size - Fix bug #300 restrict log permissions with systemd Version 4.1.3 September 2017 - Fix segfault with SSLMITM - Fix many bugs with BYPASS - Fix bug #277 add option "disablecontentscanerror" - Fix bug #276 give better informations about header size filtering August 2017 - Fix bug #270 add logexceptionhits level 3 - Fix issue with sslaccessdeniedaddress and reporting level < 3 July 2017 - Fix bug #262 unable to compile with Kavdscan and avastdscan - Security update, user with GBYPASS must pass through deny page (reportinglevel !3) - Force log for BYPASS requests Version 4.1.2 - Fix segfault in HTTPHeader::returnCode - Fix bug #229 Segmentation fault with -HOST- placeholder - Fix fail with "Make dist" Version 4.1.1 Many improvements and changes are done at this version - Fix bug #241 SSLMITM and XForwarded_for - Fix several bugs with GYBYPASS - Add new banned list bannedsitelistwithbypass (block definitively a domain) - Fix bug #224 part2 clamdscan - Fix potential segfaut with wrong DNS request - Fix segfault when not able to open cert file May 2017 - Fix segfault "Illegal instruction" on FreeBSD - Fix bug #224 part1 segfault with commandlinescan - Fix bug #221 (dnsauth) error:cast from pointer - Fix bug #213 sudden segfault - Fix bug #212 fix bug with IP plugin, log with wrong IP - Fix bug #212 fix numerous bugs with NTLM (chrome and IE) and log with wrong IP - Fix bug #217 Segfault with wrong htmtemplate - Fix bug #216 Chrome rejects generated certificate - Fix bug #215 Filtergroupslist not being reloaded Summary of changes in this release (v4.1) can be found in e2guardian.release and notes/NEWIN_v4 Changes to E2guardian 3.x.x can be found in ChangeLog3.x e2guardian-5.3.4/DGChangeLog000077500000000000000000002126301361351710700155440ustar00rootroot00000000000000 June 2013 - DansGuardian 2.12.0.7 - Added, DansGuardian now supports epoll (partial and Linux only), bringing large increases in performance and scalability to Linux System - By Philip Pearce (e2bn.org) This feature must be used with --with-filedescriptors=N compile option - Fixed security bug, Dansguardian uses -USER- and -REASONGIVEN- that are replaced with what is necessary. In the authentication if we input html code or javascript it will include it on the error page, Thanks to Alfredo Sylva for report. - by frederic Bourgeois May 2013 - DansGuardian 2.12.0.6 - Fixed Reportinglevel per filtegroup By frederic Bourgeois - Added sslaccessdeniedaddress (fix HTTPS denied blanck page with reporting level 3 - only with firefox -) By frederic Bourgeois - Added ssldeniedrewrite (fix HTTPS denied blanck page with reporting level 3, need an HTTPS website - By frederic Bourgeois - Added zero value (optional) for some options, like maxcontentramcachescansize - By frederic Bourgeois - Some minor efficiency improvements (remove GCC warning, etc) - By Frederic Bourgeois April 2013 - DansGuardian 2.12.0.5 - alpha - Increase max children to support large networks by Frederic Bourgeois This new option is used to define the number of file descriptors for DansGuardian on large system Need to recompile DansGuardian with the --with-filedescriptors=N compile option configure option --with-filedescriptors=N N=MaxChildren Max January 2013 - Dansguardian 2.12.0.4 - alpha - Set persistent cnx timeout in e2guardian.conf by Frederic Bourgeois - Multiple auth fixed - checked only with one port - (crash fixed before patch #9) - by Frédéric Bourgeois - French translation update (accents problem) - by Frédéric Bourgeois - Added allow regex header filtering with greylist - Frédéric Bourgeois - MITM issues null ceriticate end date value (fixed) - by Marcelloc - Concat values resulting in /// on cert path (fixed) - by Marcelloc - Mitm_magic check code does not work, even if you do not set any mitm key (disabled in code)(ConnectionHandler.cpp) - by Marcelloc - Re-include general max_upload_size general option - use max_upload_size general value if not set in filtergrouplist - by Marcelloc - Fixed maxuploadsize silently ignored - all posts blocked - (patch #12) by Frederic Bourgeois - Applied patch 1 (allow regex filtering with greylist) - by Frederic Bourgeois - Fixed minor compilation error - by Frederic Bourgeois - Applied patch 13 (CONNECT broken due to attempted persistency) - by Nils Goroll September 2012 - Dansguardian 2.12.0.3 - alpha - Fixed memory leaks reported by analysis from coverity - Improved persistent connection for a better RFC compliant implementation, but not yet fully HTTP 1.1 - Minor improvement for debug output - Applied patch #11 (Maxuploadsize per filtergroup) by Frederic Bourgeois September 2012 - Dansguardian 2.12.0.2 - alpha - Applied patch #9 (Crash when more than one authplugin are selected) by Frederic Bourgeois - Added feature to allow Facebook mock ajax (request #6) by Jason Spiro - Added contrib dir - Added a new html & css validated html template in contrib (request #3). By Chris Peschke - Converted iso-8859 message files to utf-8 (bug #86). Suggested by Fred Ulisses Maranhao - Fixed Error reading Content-Length (bug #84). By Carlos Soto - Fixed compilation error BSD due lack of string.h when using memcpy() (bug #75). By Alexander Hornung - Fixed exceptioniplist case sensitivity (bug #11). By Mark J Hewitt - Fixed accept-encoding support for new tokens (bug #13). By userquin May 2012 - Dansguardian 2.12.0.1 - alpha - UNRELEASED - Applied patch 3438750 (GCC 4.4 and 4.6 compatibility) by Mathieu PARENT - Applied patch 3438749 (French translation update) by Mathieu PARENT - Applied patch 3418297 (Set proxy timeout in e2guardian.conf) by Frederic Bourgeois - Applied patch 3419088 (login/password in URL is dropped) by Mathieu PARENT - Applied patch 3419089 ("Expect" header should be dropped) by Mathieu PARENT - Applied patch 3438751 (Fix queue handling in OptionContainer) by Mathieu PARENT - Applied patch 3515167 (Fix digest identication) by Frederic Bourgeois - Fixed GCC warnings - LFS review in String.cpp (requires different arch review yet) August 2011 - DansGuardian 2.12.0.0 - alpha - Search term filtering - POST data scanning - ClamAV scanner removed (direct library usage, not ClamD) - "KavAV" scanner removed (direct library usage, not KavD) - Fix crash on logging very long URLs - Per-group PICS settings - Option to use a specific blocked response for Flash (".swf" URLs; "application/x-shockwave-flash" MIME type) - HTTPHeader bug fixes re. persistent connection detection, crash in some (unknown) circumstances when trying to tunnel POST data - Added per-room-blocking. - Fixed a very old problem with gentle restarts where DG would fail to release the RAM for the first set of config loaded. This was very noticeable on systems with many groups. - Added the ability to have DG listen on more than one port and to use a different authentication plugin on each port. However, some combinations are just not physically possible - for example basic auth (proxy auth) won't mix with other authentication methods. - Added transparent NTLM authentication, however to be useful needs an authentication daemon and daemon-aware, NTLM-enabled web server. (read source code for how to use it) - Added experimental SSL MITM. (read source code for how to use it) - Added experimental SSL certificate checking. (read source code for how to use it) - Added patch by Massimiliano Hofer to add Avast! support. - Tidied up licensing notices and removed some email addresses. - Support individual log items up to 32KB in length, which may require multiple calls to getLine to read in. 2010 - DansGuardian 2.11.*.* - Unreleased. Fri 5th June 2009 - DansGuardian 2.10.1.1 - stable - Add "originalip" option to e2guardian.conf, for determining the original destination IP in transparent proxy set-ups, and ensuring that the destination domain of the request resolves to that IP. This can help to address a particular transparent proxy security vulnerability (US-CERT VU#435052), but because of certain limitations - only implemented on Linux/Netfilter; potential breakage of websites using round-robin DNS - the code is not enabled by default. Enable by passing "--enable-orig-ip" to the configure script. - Fix a crash which could occur when dealing with simultaneous incoming connections in configurations using more than one listening socket. - Fix a crash when checking time limits on item lists. - Fix potential usage of uninitialised memory during phrase filtering. Wed 21st January 2009 - DansGuardian 2.10.0.3 - stable - uClibc++ compilation patch from Natanael Copa. - Fix crash on exit when running out of memory during phrase tree preparation, from Victor Stinner. - Clean up destructors for various objects, removing code duplication with reset() methods. - Compilation fixes from Jeffrey A. Young. - Better handling of whitespace (tab characters) in configuration files. - Fix HTTPS access for unauthenticated users when using basic or NTLM authentication plugins. - Reload list files on soft restart if cached (".processed") files have been updated directly, from Harry Mason. - Chop carriage return off useragent strings when "loguseragent" is enabled. - Don't force contents of e2guardianf*.conf files to lower-case on loading, so as not to destroy the case of group names. - Make temporary bypass cookies valid for subdomains of the original bypassed domain, including stripping "www.". Wed 26th November 2008 - DansGuardian 2.10.0.2 - stable - Fix persistent connection detection to resolve issues with HTTP 1.1 browsers (Firefox), NTLM authentication and HTTPS websites. - Change supported syntax for blocking HTTPS site access by IP to match that documented in the default bannedsitelist (use "*ips", as documented, NOT "**ips"). Tue 21st October 2008 - DansGuardian 2.10.0.1 - stable - Improve malformed URL detection (dc2008.de no longer incorrectly classed as malformed). - Improve persistent connection detection, correcting some situations in which DG would return a blank page to browsers. - Updated "proxies" weighted phrase list. - Updated Chinese Big-5 messages file from Vicente Chua. Wed 8th October 2008 - DansGuardian 2.10 - STABLE! - Fixed handling of content with no MIME type: it will be phrase filtered, but no Content-Type header will be inserted into the response, so a browser's own automatic type detection doesn't get interfered with - Fixed a performance issue with CONNECT requests being incorrectly marked as persistent, identified by Jason Deasi - Updated the man page (Jens Wilke) and French messages file (Jeanuel) - Clarifications to some of the included documents (INSTALL, UPGRADING) - Considered stable (future planned changes are fairly wide reaching, so work will continue in a new series of beta releases) Thu 11th September 2008 - DansGuardian 2.9.9.8 - Assume that content with no Content-Type header is HTML, so that it doesn't bypass the phrase filter. - Fix some incorrect usage of integer types in ListManager and ListContainer which can lead to crashes in some rare cases. - Escape certain characters in URLs when displaying the HTML template to prevent XSS. - Don't add responses other than "200 OK" to the clean URL cache. Mon 18th August 2008 - DansGuardian 2.9.9.7 - stable-surely - Fixed problem with PID file creation when pidfilename is not explicitly given in the config. Wed 13th August 2008 - DansGuardian 2.9.9.6 - stable-surely Build system clean-ups: - Use pkg-config to detect PCRE and ClamAV, not pcre-config and clamav-config. Please note that this means DG now depends on pkg-config. - Remove platform.h.in and use preprocessor symbols from dgconfig.h directly - Define preprocessor symbols corresponding to directory names using CXXFLAGS in the makefile, not platform.h, as the latter is no longer processed by the autotools - Remove checks in configure script for functions not actually called by the code - Remove a lot of obsolescent tests from the configure script, and get rid of platform.h completely as a result Improvements/bugfixes: - Fix an off-by-one error in NaughtyFilter which could result in phrase matching code looking at an uninitialised byte during filtering - Allow regular expression comments with PCRE - Fix a child process handling error which would cause DG to become unresponsive if restarted then soft-restarted in quick succession Mon 9th June 2008 - DansGuardian 2.9.9.5 - do-we-really-still-call-it-beta - IP range & subnet support in banned & exception IP lists. - Honour "--with-sysconfsubdir" setting when installing config. files. - Code clean-ups: remove some unused function arguments, and eliminate compiler warnings from checks enabled by default in recent versions of GCC. - New contributed Polish pornography and "good" weighted phrases. Tue 29th April 2008 - DansGuardian 2.9.9.4 - beta - Replaced quicksort with std::sort when loading in site & URL lists - should behave better with pre-sorted input. - Switch back to original compressed data before sending content to clients, if the decompressed data is found to be zero length (i.e. just compression headers). - Change file blocking logic; exceptionextensionlist and exceptionmimetypelist are now always loaded, and can override the banned lists (much more similar to URL/domain blocking). - ClamAV plugin updated to work with 0.93-style unpacking limits (only; no support for 0.92.1 or earlier). Wed 27th February 2008 - DansGuardian 2.9.9.3 - beta - Large file (2GB+) download & scanning support - Updated German block page template from Peter Vollmar - Small fix to phrase matching to allow it to match the full 0-255 range for each byte, improving foreign language filtering - Fix for incorrect interpretation of URLs containing colons in list files (long standing but rare bug; could cause memory corruption and match failures) - More documentation added to the installation (not new content, but docs that were previously only in the source tarball now get installed) Thu 13th December 2007 - DansGuardian 2.9.9.2 - beta - Fixed a few memory leaks, including a fairly large one in the String class. - Attempt to allocate less memory when reading in phrase lists (start small, and resize the block if needed). - Check for out-of-memory conditions when loading phrase lists, as this was a common cause of segfaults on soft restart on systems with low free memory (daemon will still die, but a bit more gracefully). - Re-worked phrase filtering: fix occurrence counting for combination phrases, and possible performance improvements in weightedphrasemode 2. - Digest auth support (based on contributions by Darryl Sutherland). - uclibc compatibility patch from Gentoo Linux. - Example of headerregexplist usage: force filtering on Windows Live Search by cookie modification. - Contributed updates to some of the language templates. - Miscellaneous other bug fixes, applications of const correctness, etc. Fri 24th August 2007 - DansGuardian 2.9.9.1 - beta - Fix for transparent proxying. - Fixed missing list and language files omitted from previous release. Mon 13th August 2007 - DansGuardian 2.9.9.0 - beta - Fix settings validation to allow maxcontentfiltersize to be set to 0. - Tidy up option data types (hexdecodecontent, forcequicksearch and usecustombannedimage are now "on"/"off" instead of 1/0). - Tweak exception logging (logexceptionhits now has 3 supported values). - Improved pre-emptive blocking for HTTPS requests. - Altered blanket block implementation to also allow blanket exception & grey domain/URL list matching (eg you can have allow everything). - Added exceptionfileurllist in addition to exceptionfilesitelist. - Added outgoing HTTP header blocking & modification. - Added optional domain and URL lists for categorisation without blocking. - Enabled TCP_NODELAY on all TCP sockets to work around a performance hit with persistent connections. - Improved phrase loading code to allow null bytes in phrases. Should allow for support of phrases in encodings such as UTF-16. Tue 27th March 2007 - DansGuardian 2.9.8.5 - beta - Fix behaviour of maxcontent* settings when set to zero ("cascading" values). - Don't allow daemon to start with maxcontent* settings all zero. - Tweak config. validation to better check for allowed values. - Fix memory corruption/leaks in PICS and ClamAV (not ClamD) code. - Protect against more types of IP obfuscation. - Minor cleanups in string class. - Add contributed Japanese messages & template.html. - Add contributed YaST-specific info to supplied init script. - Compatible with ClamAV 0.90. - Fix pre-emptive blocking for unrecognised users when the auth plugin(s) in use don't rely on the parent proxy (ident, ip). - Fixed suggested file paths for using squidGuard/URLBlacklist list sets. DansGuardian 2.9.8.3 and 2.9.8.4 - beta - Never fully released Mon 22nd January 2007 - DansGuardian 2.9.8.2 - beta - "managedmimetypelist" and "managedextensionlist" made into an either/or match, instead of both. - Handle single dots on the end of domain names (e.g. "http://www.cnn.com./"). - Typo fixes to a few error messages and config files. - Allow WebDAV/OWA to work. - Fix a bug in the phrase filtering that was introduced along with the enhanced character encoding support. - Add a little more info to error messages generated by failure to connect to the URL cache, as some people seem to be having trouble with it. Fri 8th December 2006 - DansGuardian 2.9.8.1 - beta - Pre-emptive blocking re-introduced, but for authed users only (don't retrieve anything, even headers, from banned sites/URLs; helps defeat trackers). - Build option to record a backtrace on segmentation fault ("--enable-segv-backtrace"). - Rudimentary performance testing options (add -D__BENCHMARK to your CXXFLAGS when compiling to make some extra command-line options available; content to be tested is read in on standard input). - Syslog logging support. - Performance increase for weightedphrasemode 2. - Reduce some ListContainer code duplication. - FAQ and plugin documents added, see doc subdirectory. Mon 25th September 2006 - DansGuardian 2.9.8.0 - beta - Command-line content scanner. - "Trickle" download manager. - New "#noconvert" instruction in phraselists to prevent case conversion (aid support for exotic character encodings). - New valid value for "preservecase" to scan pages once with case preserved, and once without (aid support for exotic character encodings). - OpenBSD fixes, with thanks to Soner Tari. Wed 9th August 2006 - DansGuardian 2.9.7.5 - alpha - Fixes a logic error with persistent authentication, i.e. NTLM (and ident by IP when not obeying x-forwarded-for headers). POST upload blocking didn't work because it is skipped for unauthenticated users, and persistent authentication methods weren't setting the authenticated flag for every request. Tue 8th August 2006 - DansGuardian 2.9.7.4 - alpha - Updated Dutch translations. - Tweaks which may or may not fix cpu load issues. - Added a work around for IE bug randomly dropping file extensions of files that are scanned. Thu 3rd August 2006 - DansGuardian 2.9.7.3 - alpha - Complete URL unescaping during deep URL analysis. - Fixed more minor memory leaks. - Stricter adherence to target throughput in FDTunnel. - "Graceful" socket closing. - Fixed (some?) IE POST problems (hopefully) which were introduced since persistant connection support. Fri 28th July 2006 - DansGuardian 2.9.7.2 - alpha - Handle more simultaneous phraselist character encodings (help alleviate the infamous "more than 60 links from this node" error). - Fixed POST upload problems with NTLM. - Nicer error messages when phrase tree cannot be built (human-readable version of "more than 60 links from this node"). - Correctly parse ICAP URLs without explicit port numbers. Thu 8th June 2006 - DansGuardian 2.9.7.1 - alpha - Don't phrase filter non-text content when AV is enabled. - Free up unused memory after loading phrase lists. - Corrections to persistent connection detection. - Moved looking up of client hostnames for logging back into ConnectionHandler, to remove potential bottleneck introduced in last version. - Don't convert regular expressions to lowercase when reading in from list files! (Big difference in meaning between e.g. \W and \w). - Fixed memory leak in ipToHostname. Mon 8th May 2006 - DansGuardian 2.9.7.0 - alpha - Added -SERVERIP- placeholder in fancy DM template. - icapscan compatibility greatly enhanced (known working with servers from Symantec, Dr. Web, Trend Micro, AVIRA and Kaspersky ICAP {unreleased}). - ListContainer and HTTPHeader performance enhancements. - "pathprefix" option in clamdscan & kavdscan, for compatibility with daemons inside chroot jails. - Auth by IP plugin correctly ignores blank lines in the ipgroups file. - "reportinglevel = -1" is now allowed in filter group config files. - Time-limited regular expression lists (not fully hierarchic, just checks top-level file and file containing the current expression). - Don't log garbage when logclienthostnames is enabled and a client IP has no DNS record. - Read in maxcontentfilecachescansize option correctly. - Delete temp files after sending when a partially downloaded file becomes too big to scan (default DM). - Safe handling of files larger than maxcontentfilecachescansize in the fancy DM (new "maxdownloadsize" option in fancy.conf). - Email notification of blocked pages/viruses (--enable-email compile option, various new configuration options; patch by J. Gauthier). - Direct tunnelling of traffic from exception sites (that are excepted from both filtering and virus scanning). - Various other bugfixes & build tweaks. - Includes the latest updated phrase lists. Mon 3rd April 2006 - DansGuardian 2.9.6.2 - alpha - NTLM username strings are correctly terminated after conversion from UTF-16LE. - Spelling mistake fixed in ukenglish template.html. - Fixed "-c" option (Jason Gauthier). - Slightly tweaked handling of exception CONNECT (HTTPS) requests - should help those with IE & SSL problems. - Tweaked detection of persistent connections (HTTP 1.1 requests are assumed persistent unless marked otherwise, as per standards). - Buffered network input in BaseSocket::getLine (fewer system calls during HTTP header retrieval). - Optional logging of child process handling operations (logchildprocesshandling). - Conditional installation of contentscanners, lists/contentscanners and lists/downloadmanagers directories. - Fancy DM has managedextensionlist enabled by default, not managedmimetypelist. Fri 3rd March 2006 - DansGuardian 2.9.6.1 - alpha - Improvements/fixes to filter group range checking (auth by IP plugin usable again - sorry!). - URL cache sorting & searching fixed. - Workaround for clients that send lowercase "host:" headers. - Workaround for certain types of Squid-unfriendly request (allows more clients to work with DG+Squid used as a transparent proxy). - Updated Turkish language files (Ozgur Karatas). - Confusing "--with-libiconv=yes" configure option removed; iconv check now looks for library in standard search path automatically if a platform-native iconv function is not found. - Iconv library check looks for both "iconv" and "libiconv" functions - should help OS X 10.3 users. - Time limits are applied hierarchically to included list files, as has been the intention for a while now (obviously the feature is not widely used :P). - Case-insensitive handling of HTTP headers (Nerijus Baliunas). Mon 20th February 2006 - DansGuardian 2.9.6.0 - alpha - "ident" auth plugin supports usexforwardedfor when determining client IPs. - Range checking on filtergroup returned from auth plugins (pointed out by Götz Babin-Ebell). - Auth by IP plugin ignores entries in ipgroups which specify an out-of-range filtergroup, and prints warning messages when it encounters them. - Fixed "SafeNetalcoholtobacco" typo in PICS settings file. - Changed handling of POST uploads; large files should no longer cause timeouts. - There are now default managed extension/MIME type lists under. "/etc/e2guardian/lists/downloadmanagers", and the latter is enabled by default in the fancy download manager's config file.Götz Babin-Ebell. - Optional blanket download blocking, with new exception MIME and extension lists for overriding the block (existing banned MIME & extension lists not used in this mode - everything not excepted is banned). - New "exceptionfilesites" list, for defining domains which are not subject to filtering by MIME type or extension, i.e. trusted download sites. - Log format changes: IP and hostname are both logged (instead of using one field for either); group name & number are now separate fields. - Connections are correctly closed after being sent a download link from the fancy download manager. Thu 2nd February 2006 - DansGuardian 2.9.5.0 - alpha - Auth by IP plugin works without PCRE. - When using auth by IP, credentials are cached for the lifetime of a persistent connection, instead of querying the plugin for every request (unless usexforwarded for is enabled). - Added blanket SSL block (**s) and blanket SSL IP block (*ips). - All usernames show up as lowercase in the logs. - Auth plugins get reloaded on -g (allows changes to IP plugin's. ipgroups file to take effect as well as changes to the filtergroupslist). - Added allow per-group override of reportinglevel (hence per-group choice between HTML template & external access denied address). - Fixed a few memory leaks & some minor memory corruption. Wed 25th January 2006 - DansGuardian 2.9.4.0 - alpha - NTLM and proxy auth plugins renamed to "proxy-ntlm" and "proxy-basic" - Fixed child process failure after -g - Changed clamav's memory scanning method (uses more reliable parts of Clam API; both clamav and clamdscan should now detect the same viruses) - Unfortunately the new method does involve saving to file first; however, you can use POSIX shared memory on supported platforms, or specify a ramfs/tmpfs location, with a fallback to using the standard filecachedir. - Also, the temp directory used internally by libclamav can be configured. - zlib can optionally be statically linked - Improved handling of HEAD requests and HTTP redirects - Improved error logging in clamav & clamdscan - clamdscan now issues "SCAN" command instead of "CONTSCAN" (stops scanning after the first error/virus is found) - kavdscan can handle archive files containing multiple viruses (patch submitted by littlecahya) - More verbose output in debug mode - Improved default & fancy download managers handling of files larger than maxcontentfiltersize (or maxcontentfilecachescansize) - Filter groups can be named - Only load filter group 1's settings if no auth plugins are loaded - Changed -FILTERGROUP- placeholder to return group name - Added -RAWFILTERGROUP- placeholder for retrieving group number - Added -SERVERIP- placeholder; returns the IP on which the filter is running (returns correct address if using multiple filterip options; returns 0.0.0.0 if filterip is blank) - URL cache now stores the group(s) for which a URL is clean, in addition to URLs themselves (cannot access a page with a score beyond your naughtiness limit if someone in a group with higher limit/different phrases has previously accessed it) - Fixed child process crashes when using maxips option, and add logging of IP usage statistics (new statlocation option) Wed 21st December 2005 - DansGuardian 2.9.3.2 - alpha - Adds logging of upstream proxy return code & user's filter group number - Fixes/improvements to configure script (FreeBSD users: try '--with-libiconv=/usr/local') Fri 16th December 2005 - DansGuardian 2.9.3.1 - alpha - Fixed x-forwarded-for support in Auth by IP plugin. - NTLM plugin now compiles on FreeBSD. - Can now log in using NTLM when browsing HTTPS sites. - Fixed mis-authentication with downstream proxies. - Fixed log all usernames, even those not in the filtergroupslist. - NTLM plugin handles UTF-16 usernames. - Improved child process responsiveness when using tunnels. Tue 6th December 2005 - DansGuardian 2.9.3.0 - alpha and approaching feature complete - Added NTLM Auth support. - IP Auth plugin now supports X-Forwarded-For headers. - Added Persistent connection support to allow pass through of a number of protocols like NTLM and others that break without persistent connections. It also should improve performance. - Added better support for filter/infection bypass mode "-1" setting. - Added configurable category list thresholding where you can configure it to only show the top phrase categories matched. - Performance enhancements to phrase filtering. - Added infection bypass mode (with optionally only allow on scan error). - Multiple auth plugins now allowed. - Embedded URL (links, images) extraction & weighting to allow sites with lots of links to banned domains to be more likely to be denied. - Now marks content & URL modifications in the logs. - Added Hungarian & Portuguese Brazilian language files. - Fixed URL regular expression search & replace. - Fixed hexdecodecontent handling of a page's last few bytes. - Fix for empty pages with gzip & zlib encoding. - Fixed content-length header for pages with content modifications. Tue 8th November 2005 - DansGuardian 2.9.2.0 - alpha and feature incomplete - Filter groups now define a "filtering mode": banneduserlist and exceptionuserlist support have been removed, and replaced with the concept of a user being a member of a group which is in banned/filtered/unfiltered mode. - Added plugin-based authentication system - proxy and identd auth methods are now provided as plugins. - Added auth by IP plugin - maps individual IPs, IP ranges & subnets to filter groups. - Download managers support optional extension/mimetype inclusion lists, for additional limiting of which requests get handled by a given manager. - Fancy download manager supports HTML templates. - Added client hostname display for banned pages (new placeholder available for HTML templates; new parameter for CGI). - Page weights are now explicitly logged against all filtered requests (not just as part of the "reason" string on weighted phrase banned requests). - Now includes a lot of example content and URL regexps. - Now includes latest phrase lists. - Fixed PICS enable/disable option fixed (PICS now disabled by default). - Fixed filter bypass links cannot bypass the blocking of files virus scanned and found to be infected: you can now only download known infected files by being a member of an exception filter group (if contentscanexceptions is disabled), or by being in a group with disablecontentscan set. - Fixed improved extension detection for downloads from CGI scripts - fewer downloads can now slip through the net. - Fixed exceptionvirusmimetypelist support (i.e. it now works). - Fixed improved behaviour of logclienthostnames option. - Fixed configure script checks that the installed PCRE version is recent enough, if building with PCRE support. Mon 24th October 2005 - DansGuardian 2.9.1.0 - alpha and feature incomplete - Added Deep URL scanning to spot URLs in URLs to for example block images in google images. - Added Advanced advert blocking, including an option not to log advert blocks (DG now includes advert domain/URL lists from squidGuard, with added categorisation, to demonstrate this feature). - Added Korean PICS support. - Added new phrase filtering mode: looks only at contents of title & meta tags. - Added case insensitive detection of headers retrieved from webservers which don't obey standards. - PCRE support is now optional at configure time (--with-pcre; disabled by default). - e2guardian.org removed from exceptionsitelist, and a rule added to bannedregexpurllist, to prevent accidental access to the DG sample virus repository. - Firefox DoS fix in contentregexplist (commented out by default to conserve CPU). - Fixed Grey URL list checking scans greyurllist, not bannedurllist. - Fixed support for matching multiple URLs which differ only by a suffix. - Fixed ClamD/KavD so they now run as both the same user & group as DG and successfully access temp files. Wed 19th October 2005 - DansGuardian 2.9.0.1 - alpha and feature incomplete - Designed from scratch easily pluginable download management system which works with the... - Designed from scratch content scanner system with a simple plugin system which makes it easy to write new content scanners such as the included AV. It can also chain multiple scanners so you could use more than one AV engine for example. Other nice things include in-memory scanning if the plugin supports it saving writing to disk. - Download manager is compatible with WGET and software updates and will switch to a fancier version with percent graph when used with a browser. - Download manager is secure as each download is keyed to the original downloader. - No dependance on libtool or pkg-config unlike the original 2.9 AV version. - Added time/day controls support for lists. - Added category support so when it says banned site it says what category. - General speed and code improvements. - New code style guide produced. - Code is now in the new style. - Ported to automake and autoconf for a more standard and logical code maintanence. - Developer documentation is now provided online to describe the code better. - Regular expression content replacement is improved so back references work so browser vulnerabilites can usually be automagically removed. - Added URL regular expression replacement so you can force safe search in google or redirect people to a different site. - Long log lines are now inteligently truncated. - Port < 1024 can be used and group and user set IDs are properly used and similar clean ups. - Multiple command line options are now possible. - The compile time options are displayed with a -v. - Anonimised logs option for countries with strict privacy laws like Germany. - Added a -Q option which allows a restart and a full config change for example. - Added regular expression exception URLs. - Added the ability to listen on N IPs rather than 1 or all. - The latest phrase lists from Fernand (phrase maintainer). Sun 14th August 2005 - DansGuardian 2.8.0.6 - More phrase and other list mods. - Increased IPC buffers to solve problems with long log lines and URLs. Tue 9th August 2005 - DansGuardian 2.8.0.5 - Fixed not being able to regexp content replace with a blank. - Fixed long standing bug with processed list files which now makes startup several times faster if you are using multiple filter groups. - Added a nocache directive to the HTML template display header. - Added Slovak language files. - Removed german2 language files. - Added option so bypass hash could be enabled but no valid hash presented so external auth mechanisms can be used with the bypass feature. - Removed deleting of log ipc file on -r restart. - Added lots of phraselists thanks to Fernand Jonker. - Added fix so it should compile on Fedore Core 4 and other GCC4 distros. - Corrected TEMPLATE spelling error. - Filter groups now limited to 99 not 9. - Updated proxy testing error message. Sun 20th February 2005 - DansGuardian 2.8.0.4 - Corrections to Brazillian messages in Portuguese. - Updates to Lithuanian messages. - Updates to INSTALL file to stop confusing debian users. - Fixed libz problem in Makefile for OSX. - Fixed long standing bug where when it sigtermed with a -q it killed itself rather than exiting gracefully. - Fix to long standing bug in HTTP header handling causing possible problems with non-browser HTTP clients. - Minor improvement to HTTP header sending. - Updated HTTP header to handle RFC compliant but abnormal requests. - Fixed long standing bug where a -r restart would not cause the users groups file to be re-read correctly so users who were changed group would not always be detected. This bug could also cause users to appear to be in the wrong group sometimes. Fri 10th September 2004 - DansGuardian 2.8.0.3 - Corrected log configuration logic for running with a seperate log daemon. - Corrected hard-coded /usr/lib which causes problems on 64-bit systems. - Corrected mistake introduced by a 3rd party submitted patch which caused the entire set of config files to be loaded and processed even on a soft restart. - Corrected potential unsafe permissions on the log dir. - Updated Big5 language file. Thu 29th July 2004 - DansGuardian 2.8.0.2 - Corrected missing new line in French messages file. - Added include in String.cpp for Debian/FreeBSD compile problems. - Removed eronous openssl part in configure script. - More INSTALL file improvements. - Added some more domains to default exception lists. Wed 28th July 2004 - DansGuardian 2.8.0.1 - Corrected INSTALL file. - Corrected some language files. - Corrected a locale issue. - Corrected issue where banned extensions could be bypassed by hex encoding the file name. - Fix to start script to make it more debian compatible. - Moved to new numbering scheme and lower case source name as requested by package builders. Wed 21st July 2004 - DansGuardian 2.8.0 - Included zlib static building info in INSTALL file. Fri 16th July 2004 (pm) - DansGuardian 2.7.7-11 - Made parameter checking more durable and less messy. Fri 16th July 2004 (4am) - DansGuardian 2.7.7-10 - Fixed a typo in the FreeBSD Makefile. - Added new googlesearches phrase file. - Fixed a terrible DoS bug in the file download buffering so that large binary files with no length header but are marked as text no longer eat up all the RAM. - gzip or zlib compressed pages are now no longer sent to the client uncompressed if they are not modified with content replacement. This is extra good if the clients are remote to the filter as it will save bandwidth. This was a pleasant side effect of fixing the DoS bug. - Updated to use zlib 1.2.1 for gzip in-memory decompression but will fail gracefully if an older version is installed. This change was *required* to fix the DoS bug. - Slightly improved socket handling so it's a tiny bit quicker and takes up less file descriptors. This was a result of the DoS bug fixing. Mon 14th June 2004 - DansGuardian 2.7.7-9 - Improved sysv file for Linux. - Fixed some compile issues on FreeBSD with needing more #includes. - Incorporated FreeBSD Makefile changes at request of port maintainer. - Fixed checking for auth required so it only matches "407 Proxy Authentication Required". - Disabled log entries for "407 Proxy Authentication Required" to prevent log poisoning (user X attempting to access a bad URL posing as user Y). - Fixed issue with very small list files being ignored. - Fixed crash on empty phraselists. - Reinstated case sensitivity in conf files. - Improved socket exception error messages. - Fixed "user@site" URLs not being filtered properly. Wed 28th April 2004 - DansGuardian 2.7.7-8 - Fixed grey lists not overriding regexpurl lists. - Added frenchpornography phrases. Wed 21st April 2004 - DansGuardian 2.7.7-7 - Fixed compile issue on FreeBSD. - Fixed ".Include" files not working for bannedregexpurllist. Wed 14th April 2004 - DansGuardian 2.7.7-6 - Fixed content filter bypass which with a specially crafted request could force an unclean page into the clean page cache. - Fixed a memory allocation error in the list files which lead to 1 byte of memory potentially being overwritten. - Corrected German messages file. - Fixed mistake in the hash parameter sent to the access denied perl script. Fri 26th March 2004 - DansGuardian 2.7.7-5 - Increased some timeouts to more reasonable values. - Client IP now passed to deny script. - Added feature where when a user is not found the IP is checked for in the filter group list. - Added workaround for OS X bypass feature problem. - Slightly improved content replacement so it can handle " characters. - Included updated lists for use with urlblacklist.com. - Added danish language. Wed 25th February 2004 - DansGuardian 2.7.7-4 - Gentle restart now flushes the clean URL cache so changes don't appear to not work. - Fixed bug where non-text URLs were getting added to the URL cache. - Changed cookie bypass to use the same time code as the URL bypass so that users are not able to effectively double the time period. - Fixed mistake in bypass logic which stopped exeptions from working. - Changed configure to try to detect the correct path to endian.h. - Dissabled bypass when post block. - Added check for ..\ Thu 19th February 2004 - DansGuardian 2.7.7-3 - Fixed problem with Darwin using non-standard accept() Wed 18th February 2004 - DansGuardian 2.7.7-2 - Added check for /../ in URLs to stop users bypassing part of the filtering. Wed 4th February 2004 - DansGuardian 2.7.7-1 - Fixed minor problem with IE and denied page. Tue 3rd February 2004 - DansGuardian 2.7.7 - Added a temporal denied page bypass facility. Sat 3rd January 2004 - DansGuardian 2.7.6-7 - Improved detection of when a sub list file has changed for gentle restart. Wed 24th December 2003 - DansGuardian 2.7.6-6 - Made header request line tolerant to multiple spaces. - Fixed preemptive banning not deactivating unless proxy auth was also enabled. - Fixed broken bannedphraselist file included by default. - Fixed segfault on missing config file. - Removed arbitary limit on filter groups. Now 99. - Fixed SSL site banning when preemptive banning is switched off. Sun 14th December 2003 - DansGuardian 2.7.6-5 - Fixed a segfault when using gentle restart in some situations. Thu 11th December 2003 - DansGuardian 2.7.6-4 - Fixed segfault with -N option. - Fixed typo in bannedurllist. - Fixed cross site scripting vuln in e2guardian.pl. - Fixed error in Solaris Makefile. - Fixed '//' detection yet again to use a further different approach due to broken sites. Thu 4th December 2003 pm - DansGuardian 2.7.6-3 - Fixed a URL filtering bypass which worked by appending a period '.' after the domain. Thu 4th December 2003 am - DansGuardian 2.7.6-2 - '//' detection fixed to not give so many false positives. Wed 3rd December 2003 - DansGuardian 2.7.6-1 - Fixed some compile problems with a missing cerrno. - ICRAviolenceobjects was missing and is now added. - Exception phrases now take presidence when there is a dup. - URL matching has been improved to support non-path elements better. - '//' in URL paths properly checked for now. - Tidied some code structure. - Fixed inability to listen on privelaged ports. - Fixed gentle restart segfault when a file is changed twice. - Removed lots of commented out code. Thu 20th November 2003 - DansGuardian 2.7.6 - Sub list (.Include) support fixed. - Added processed file support for grey and exception URL and site lists. - Fixed bug where it would not exit when there was a mistake in the f1 conf file on start up. - Made non-standard redirector delimiting optional. - 'e2guardian -s' now works as non-root. - Generally improved errors with the -s -r -g and -q options. - Ident now uses X-Forwarded-For when DansGuardian is configured to use it. - Bug fixed in exceptionurllist using wrong list file. - './configure --logdir' option being ignored by default fixed. - OSX compiler warnings solved. Sun 16th November 2003 - DansGuardian 2.7.5 - Improved URL encoding for e2guardian.pl. - Added greysitelist and greyurllist to allow sites past the URL filtering but to still have the content filtering applied. - Added chineasegb2312. - Minor code changes. - Fixed underscores in hostnames giving malformed URL. - Fixed an image replacement bug. - Startup speed improved by using seperate lists per each included file. - Fixed '-r' restart problems not killing processes. - Fixed race condition causing problems when restarting. - Added a '-g' gentle restart that does not kill current connections but filter group config is re-read. - Added filter group support so different filtering settings can be used for different groups of users. - Added inteligent list managing so that if different filter groups use the same file they will share one copy of it. It also means it does not need to read in two copies. The list managing also caches the lists between restarts thus reducing restart speed dramatically. - Added a German pornography phrase category. Wed 10th September 2003 - DansGuardian 2.7.3-1 - Added check for '//' in URLs thus stopping the URL filter workaround. Sun 31st August 2003 - DansGuardian 2.7.3 - HTTP port now stored in logs. - Exception/banned site lists can now use .tld - Fixed banned extension not being logged. - Improved whitelist mode so that domains listed in the bannedsitelist are actually allowed, however they have the normal filtering applied. - URL matching fixed so that /blah no longer matches /blahfoo - Fixed broken image replacement due to debug code left in. - Included an upgrading guide. Wed 30th July 2003 - DansGuardian 2.7.2 - AD image replacing improved with mime checking as well as extension checking. - Added option to dissable pre-emptive banning which provides many benifits such as not needing to access a clean site first before your unfiltered user is recognised. - Fixed bug where a missing '/' in the .conf caused everything to be not filtered. - Added options to specify log, pid, and uds so that multiple instances can be run simulaneously. Previously this was only possible with code editing an recompiling. - Added support for HP/UX. - Added support for fully qualified addresses in banned and exception ip lists. - Fixed a memory leak. - Added option to disable forking into the background. - Added option to disable logging process. - Added option to specify the user that it runs as to override the compile default. - Added option to do a 'safe' restart where the process leader does not send a kill to every other process. This makes it possible to run as su safer. - Added mxspanish language files. Sat 12th July 2003 - DansGuardian 2.7.1-4 - Fixed typos in several autoconf files. - Removed redundant fcntl calls which caused problems in FBSD. Mon 7th July 2003 - DansGuardian 2.7.1-3 - Fixed 2 file descriptor leaks in the logging and url cache code. Sun 6th July 2003 - DansGuardian 2.7.1-2 - Fixed bugs with URL cache. - Fixed the exiting on HUP. - Included new Bulgarian language files. - Fixed typo in linux.in file. Fri 13th June 2003 - DansGuardian 2.7.1-1 - Fixed Ident. Mon 12th May 2003 - DansGuardian 2.7.1 - Added image replacement code based on ideas from Aecio F. Neto which guesses if a banned file is an image and if so replaces it with a configurable replacement such as a 1x1 gif. - Much improved the IF structure in the ConnectionHandler.cpp to make it slightly faster and a LOT more organised. Based on ideas from Aecio F. Neto again. - Fixed bug in Makefile where contentregexplist would get deleted by mistake. Sun 20th April 2003 - DansGuardian 2.7.0-1 - Removed some debug code left in by mistake. Fri 18th April 2003 - DansGuardian 2.7.0 - Added option to do raw, smart or both phrase filtering thus optionally reducing cpu usage by half. - Added ICRA vk PICS option support. - Added improved internationalisation language file support. - Removed bodge for UDS truncated file and replaced with a proper fix. - Added WebDAV support (for Outlook Express access to Hotmail). - Added forkpooling to on average half cpu usage and improve scaleability. (big feature) - Descriptors 0-2 are now dup2ed to /dev/null to prevent some shell hanging. - Added improved granulinarity to the content filtering limit. - Added option to switch off DFA searching so full 16-bit char support is regained. - Added more 16-bit char support. - Added support for lower-casing accented characters. - Added support for unescaping HTML content. Wed 14th April 2004 - DansGuardian 2.6.1-13 - Fixed content filter bypass which with a specially crafted request could force an unclean page into the clean page cache. - Fixed a memory allocation error in the list files which lead to 1 byte of memory potentially being overwritten. Wed 25th February 2004 - DansGuardian 2.6.1-12 - Added check for ..\ and ../ in URLs Wed 24th December 2003 - DansGuardian 2.6.1-11 - Made header request line tolerant to multiple spaces. - Fixed broken bannedphraselist file included by default. Thu 11th December 2003 - DansGuardian 2.6.1-10 - Fixed cross site scripting vuln in e2guardian.pl. - Fixed '//' detection yet again to use a further different approach due to broken sites. Thu 4th December 2003 pm - DansGuardian 2.6.1-9 - Fixed a URL filtering bypass which worked by appending a period '.' after the domain. Thu 4th December 2003 am - DansGuardian 2.6.1-8 - '//' detection fixed to not give so many false positives. Wed 3rd December 2003 - DansGuardian 2.6.1-7 - ICRAviolenceobjects was missing and is now added. - '//' in URL paths properly checked for now. Thu 20th November 2003 2003 - DansGuardian 2.6.1-6 - Fixed malformed URL error with a '_' in the hostname. Wed 10th September 2003 - DansGuardian 2.6.1-5 - Added check for '//' in URLs thus stopping the URL filter workaround. Sun 31st August 2003 - DansGuardian 2.6.1-4 - Typo in OBSD Makefile to do with 'install' program fixed. - Fixed banned extension not being logged. Mon 7th July 2003 - DansGuardian 2.6.1-3 - Fixed 2 file descriptor leaks in the logging and url cache code. Sun 6th July 2003 - DansGuardian 2.6.1-2 - Fixed bugs with URL cache. - Included new Bulgarian language files. Fri 13th June 2003 - DansGuardian 2.6.1-1 - Fixed case sensitivity in Ident. Mon 12th May 2003 - DansGuardian 2.6.1 - Improved file extension list. - Removed RLIMIT code that seems to cause problems and is not needed anyway. - Added Italian bad words. Mon 14th April 2003 - DansGuardian 2.6.0 - Fixed URL cache bug that caused it to stop caching when not enough different URLs are used. - Fixed dlopen false requirement in configure. - Increased logrotate.d sleep to cope with slower machines better. - Fixed bug where log ipc socket not closed on error which could cause fd resource problems. - Fixed bug in sysv script so stdin is redirected to /dev/null to prevent some shell hanging. - Fixed bug where when a list file had been modifed but not the main refering file, the processed file would not get recreated and a file descriptor left hanging. - Fixed bug where rlim_cur was set too low causing forking problems in high loads. - Fixed bug where the url passed to the cgi reporting script was not encoded enough. - Fixed bug where it can check a PICS rating against the wrong service if more than one service rating is contained in the label. - Minor HTTP header improvement. Tue 7th January 2003 - DansGuardian-2.5.3-4 - Added a test to get round a mis-feature of squid where it allows hostnames of the form host.domain..tld which bypassed the URL filtering. Sun 1st December 2002 - DansGuardian-2.5.3-3 - Double free, compile warnings and configure typo fixed. Sat 30th November 2002 - DansGuardian-2.5.3 - Fixed a bug with trailing '/' being added on some URLs with Mozilla. - Added feature where you can limit the file size that text documents are under before they are content filtered and content replaced. This is most useful for sites that label 640mb iso images as text. - Added feature where you can now log in the squid log format for use with your favourite log analysers. - Added guessing as to gcc version so should compile easier on gcc 3. - Some typographical errors corrected. - A fix for when an empty phrase list is used. Fri 8th November 2002 - DansGuardian-2.5.2 - Added Mac OS X support. Sat 26th October 2002 - DansGuardian-2.5.1 - Fixed 2 important typos in default configure files and options reading code. (Namely to do with X-Forwarded-For and a phrase list directory). - Added an improved logging support patch for logrotate.d by James A. Pattie. Thu 24th October 2002 - DansGuardian-2.5.0-2 - Fixed a number of spelling mistakes. Wed 23rd October 2002 - DansGuardian-2.5.0-1 - Fixed reload bug where the caching url proccess would not reload when a reload was requested. - Fixed a problem where several sockets were left hanging. Sun 20th October 2002 - DansGuardian-2.5.0 - Added content regular expression replacement. (eg popup removal) - Added foreign language support to the messages. (Comes with Spanish, Chinese, Dutch, French, German, Indonesian, Italian, Polish, Portuguese, Turkish and English). - Added clean-url caching to dramatically improve performance in a classroom environment. - Added support for NetBSD. - Added tab delimitation log format. - Dramatically improved phrase table generation speed by at least 10 times which will reduce daemon start time by half when coupled with the large URL blacklist. - Added 3rd party command-line '-P' plugin option. - Added '-' as the entry for a blank username like squid. Tue 7th January 2003 - DansGuardian-2.4.6-8 - Added a test to get round a mis-feature of squid where it allows hostnames of the form host.domain..tld which bypassed the URL filtering. Sat 30th November 2002 - DansGuardian-2.4.6-7 - Fixed a bug with trailing '/' being added on some URLs with Mozilla. - A fix for when an empty phrase list is used. Sat 26th October 2002 - DansGuardian-2.4.6-6 - Fixed 2 important typos in default configure files and options reading code. (Namely to do with X-Forwarded-For and a phrase list directory). Wed 16th October 2002 - DansGuardian-2.4.6-5 - Fixed bug where a parameter being sent to accept() was not being initialised properly after an error condition. Thu 10th October 2002 - DansGuardian-2.4.6-4 - Fixed over allowing in exceptionsitelist due to matching just part of url. - Fixed bug in socket code which was not initiating a struct properly. - Fixed mistake in accept() code using size_t rather than socklen_t. Mon 23rd September 2002 - DansGuardian-2.4.6-3 - Added x-forwarded-for support for the incomming request. - Slighlty improved malform URL checking. - Included the latest phrase lists from the PMG. - Fixed bug in reg exp code where it did not find all matches. - Fixed bug in url reporting code when in transparent mode. Wed 4th September 2002 - DansGuardian-2.4.5-3 - Fixed bug in URL matching code where it matched on a partial which should have been a complete. Thu 25th July 2002 - DansGuardian-2.4.5-2 - Fixed properly this time the pid file bug fixed last time. - Added a workaround for buggy browsers causing Malformed URL errors. - Included the latest phrase lists from the PMG. Sun 21st July 2002 - DansGuardian-2.4.5-1 - Added a hex decoder to prevent users from bypassing URL checking by hex encodint the URL string. - Fixed a problem with the template display where it was adding additional newlines within the replaced fields. Sun 14th July 2002 - DansGuardian-2.4.5 - Fixed properly this time the logging bug fixed last time. - A bug that might have caused random crashes with some squidGuard lists has been fixed. - Problems with the pid missing a newline and having odd permissions have been solved. - Stealthmode works again. This has been broken for some time. Sun 16th June 2002 - DansGuardian-2.4.4 - Fixed a bug in the code logging the size of a file passing through. - Implemented a work around for template file displaying with HTTPS blocked pages. - Fixed a minor bug in the HTML template displaying code. - Included the very latest phrase lists. Sun 19th May 2002 - DansGuardian-2.4.3-2 - Fixed a mistake in the linux.in file that made the install prefix be ignored for the weightedphraselist. Plus a number of other minor issues to do with the weightedphraselist file and the Makefile and the source distribution. Sat 18th May 2002 - DansGuardian-2.4.3-1 - Fixed a bug in the configure script that caused an incorrect default weightphraselist to be installed. - Fixed an issue where one of the weightedphraselist files was missing. Mon 13th May 2002 - DansGuardian-2.4.3 - Fixed a bug where an unused socket FD was left hanging. - Fixed a bug where Netscape 6.2 users would be blocked with an 'Malformed URL' error. - Fixed a bug with overblocking and file extensions. - Added an installprefix option to configure so that the project can be installed to a different location, but still be coded to work without the prefix. E.g. for package contruction such as .deb. - Implemented a work around to deal with broken browsers that pass invalid URLs which caused the URL filtering to not work. - Slightly improved error checking on the accessdeniedaddress setting. - Fixed a bug where stdin was getting closed too early. - Fixed a bug with certain pages generating a reporting URL too long for the perl script to handle which caused no page at all to display. - Fixed a bug which caused "THIS IS NOT HAPPENING!" messages. - Fixed bug where all combination weighted phrases were given a value of zero instead of their correct value which meant they had no effect at all! How did that go undetected for so long??? - Fixed bug where the combination weighted phrases were not logged as part of the weighting calculation. - Added a feature where negative weighted phrases are logged with a prefix of a minus sign. - Included the latest weighted phrase lists from the PornMasterGeneral. Mon 8th April 2002 - DansGuardian-2.4.2-2 - Added an option so that any weighted phrase in a page only counted once. Sun 31st March 2002 - DansGuardian-2.4.2-1 - Fixed small problem with compiling on GCC 3. - Fixed small issue with exceptionurllist unblocking too much. Thu 28th March 2002 - DansGuardian-2.4.2 - The default included PICS settings are less strict and so more useable. - A bug in the zlib deflation code causing partial display of some pages has been fixed. - A problem with the 'e2guardian -r' feature on FreeBSD and OpenBSD has been fixed. - Added a HTML template feature where DansGuardian displays a HTML file for the access denied page which makes installation easier as no perl script or web server are needed. It also makes modifying the page much simpler. And finally the addition does not use URL encoding to pass the information to the page so no more long nasty URLs. Fri 15th March 2002 - DansGuardian-2.4.1 - Fixed GCC3 compilation problem (hopefully) due to incorrect use of namespace. - Fixed complilation problem on Solaris, OpenBSD and FreeBSD. - Reduced non-C++ library usage in String class. - Fixed an issue where banned IPs and users were unable to view the message saying they were banned because their web access was blocked. - Fixed a bug were it reported the wrong phrases when a banned phrase combination was found. - Recompiled statically linked binaries with updated zlib. The fixes a double free bug in zlib which DansGuardian uses which makes it theoretically possible for a web site to cause denial of service or even run arbitrary code. This only affects those that do not compile from source but users are advised to update their zlib and recompile if needed. - Improved gcc 3 compatability (i.e. fixed some non-standard coding). - Increased use of more appropriate C++ libraries rather than C libraries. - Fixed a problem with overblocking banned file extensions and certain URLs. Most notably with hotmail attachments and also with pages that redirect. - Added exception URL list feature. Sun 10th March 2002 - DansGuardian-2.4.0 - Fixed a single long standing memory leak in the string handling code. - Fixed a problem with URL matching not comparing the final character and so causing overblocking. Fri 1st March 2002 - DansGuardian-2.3.3 - Added -HUP and 'e2guardian -r' support. - Better handling of tabs in list files. - Optional CSV format log file format. - Better banned file extension list. - Improved handling under very heavy load. - Added the username to the information passed to the perl reporting script. - Reworked some of the code for more speed. - Better phrase lists. - Weighted phrase matching can now optionally log and report the phrases found. - PICS filtering can be switched off globally. Sun 17th February 2002 - DansGuardian-2.3.2 - Improved String class speed. - Added basic url filtering for https. - Improved included weightedphraselist. Thu 14th February 2002 - DansGuardian-2.3.1-1 - Fixed a problem causing freezing, segfaults and all sorts of nastyness when top bit set characters appear in a web page. Mon 11th February 2002 - DansGuardian-2.3.1 - Fixed an issue which caused DG to stop responding under very heavy load. - Fixed a security issue that allowed file extension filtering to be bypassed. - Added support for Big5 etc. Sat 2nd February 2002 - DansGuardian-2.3.0-2 - Fixed bug in .Include in phrase lists. - Corrected the included Makefile. Wed 30th January 2002 - DansGuardian-2.3.0-1 - Total rewrite of the phrase searching code. Now it uses an advanced Deterministic Finite Automata Graph Algorithm. This means the searching on large phrase lists is faster by several times. On small lists it makes no difference, but lists over 300 no longer slow it down as much as it used to. - Almost all console errors are now logged in SysLog for easier problem solving. - The exception matching now logs (configurable) exception hits which makes it easier to find out why a certain page is not blocking. - Exception phrases are now seperated into a different file for ease of maintaining and no longer need the '!'. - A new weighted phrase system has been added where phrases can be assigned a good or bad value. If the totals for the page are over a configurable limit then it will block. This allows for much finer control of filtering and will reduce over or under blocking. - Banned, weighted and exception phrases can all use combinations. Previously it was just banned phrases that had this feature. - There is now a banned user list and banned ip list. - Better Debian and RedHat 7.2 support has been added to the configure and Makefiles. - The log format now includes the size of the requested page or file. - Blanket blocking now logs the IP the user was trying to get to. - Overall the code is faster, but has more features. Mon 22nd April 2002 - DansGuardian-2.2.10 - Fixed a bug where an unused socket FD was left hanging. - Fixed a bug where Netscape 6.2 users would be blocked with an 'Malformed URL' error. - Fixed a bug with overblocking and file extensions. - Fixed a bug where stdin was getting closed too early. Tue 9th April 2002 - DansGuardian-2.2.9-1 - Fixed a bug introduced in 2.2.9 which makes DansGuardian think that https is a malformed URL. Mon 8th April 2002 - DansGuardian-2.2.9 - Implemented a work around to deal with broken browsers that pass invalid URLs which caused the URL filtering to not work. - Slightly improved error checking on the accessdeniedaddress setting. Thu 28th March 2002 - DansGuardian-2.2.8 - Fixed a bug in the zlib code which caused certain pages in certain browsers to be half missing. - Added a compile option to disable PICS filtering. - The default included PICS settings are less strict and so more useable. Fri 15th March 2002 - DansGuardian-2.2.7-1 - Recompiled statically linked binaries with updated zlib. The fixes a double free bug in zlib which DansGuardian uses which makes it theoretically possible for a web site to cause denial of service or even run arbitrary code. This only affects those that do not compile from source but users are advised to update their zlib and recompile if needed. Sun 10th March 2002 - DansGuardian-2.2.7 - Fixed 3 long standing memory leaks in the string handling code. - Fixed a problem with URL matching not comparing the final character and so causing overblocking. - Improved gcc 3 compatability (i.e. fixed some non-standard coding). - Increased use of more appropriate C++ libraries rather than C libraries. - Fixed a problem with overblocking banned file extensions and certain URLs. Most notably with hotmail attachments and also with pages that redirect. Sun 24th February 2002 - DansGuardian-2.2.6 - Improved handling under very heavy load. - Added the username to the information passed to the perl reporting script. Wed 1th February 2002 - DansGuardian-2.2.5-1 - Replaced included bannedphraselist file with the correct one. - Improved included bannedextensionlist. Sun 10th February 2002 - DansGuardian-2.2.5 - Fixed an issue which caused DG to stop responding under very heavy load. - Fixed a security issue that allowed file extension filtering to be bypassed. Mon 21st January 2002 - DansGuardian-2.2.4 - Fixed an issue with case sensitivity when filtering file extensions and URLs. Sat 12th January 2002 - DansGuardian-2.2.3 - Fixed an important bug that caused it to report the wrong name of the banned phrase found. This bug was introduced in version 2.2.2. Thu 27th Dec 2001 - DansGuardian-2.2.2 - Fixed small bug in xBSD start/stop script that failed to remove a temporary Unix Domain Socket file upon shutting it down. - Fixed small bug for when the accessdeniedaddress setting contains a port number; it could cause an endless loop. Tue 20th November 2001 - DansGuardian-2.2.1 - Content-Encoding: deflate - finally works. - Fixed bug in file extension checking which caused .com domains to be blocked. - Added Blanket IP Block feature which allows IP based URLs to be blocked. - Added forward dns lookup feature where it looks up the hostname for an IP based URL and checks for it in the bannedsitelist and bannedurllist. This closes a big security loop hole that allowed users to simply type the IP of a banned site instead to bypass the URL filtering. The forward dns lookup checks all the aliases for that IP as well. - Improved the URL filtering so that all variants of web addresses don't need to be listed, eg www.domain.com/blah/ and domain.com/blah/. Now just the highest level domain (domain.com/blah/) is needed. Sat 17th November 2001 - DansGuardian-2.2.0-7 - Improved handling of odd entries in stock squidGuard lists. - Fixed bug in URL extraction code to do with port numbers. - Fixed bug which caused it to not block some domains in the bannedsitelist under certain conditions. Fri 16th November 2001 - DansGuardian-2.2.0-6 - Fixed bug causing url and site matching problems when a port was specified in the URL. - Added blanket blocking feature to bannedsitelist so it can now block all sites except those in the exceptionsitelist. - Made username comparison case insensitive for people used to Windblows machines. - Fixed an issue with --prefix and the configure script. Mon 12th November 2001 - DansGuardian-2.2.0-5 - Added ident support for logging the username. - Fixed small issue with man page for Solaris as it does not support gzipped man pages. - Added regular expression URL support. - Fixed small bug that switched off filtering or caused problems if some of the list files had no entries. - Replaced search algorthm with one based on Quick Search. This gives an 87% speed increase in phrase matching. - Made regular expression code comply with the reportinglevel. - Added option so that DansGuardian can limit the listening to on one IP only. Sat 10th November 2001 - DansGuardian-2.1.2 - Fixed small bug that switched off filtering or caused problems if some of the list files had no entries. Wed 7th November 2001 - DansGuardian-2.1.1 - Improved ability to handle non-unix format text files for the config files and especally the site and URL lists. - Fixed bug which caused an incorrect extraction of the URL from the header of requests from some types of browser. (Should fix problems with exceptionsitelist, bannedurllist). - Fixed another bug in the exceptionsitelist code. - Fixed mistake in Solaris Makefile to now use non gzipped man page. - Added a '--prefix' option to the configure script. Fri 2nd November 2001 - DansGuardian-2.1.0-4 - Removed redundant code that caused a segfault due to being naughty. Thu 1st November 2001 - DansGuardian-2.1.0-3 - Fixed bug in certain list searching which caused some matches to fail incorrectly. This specifically affected exceptionuserlist and exceptioniplist. - Fixed bug where the main parent process lost count of number of child processes due to a race condition. - Fixed mistake in configure file which missed off an option in the e2guardian.conf file. - Slightly more colourful perl script. Mon 29th October 2001 - DansGuardian-2.1.0-2 - Fixed bug that caused problems with a blank domain or url list. Sun 28th October 2001 - DansGuardian-2.1.0-1 - Fixed bug in mimetype blocking. - Added url and domain blocking. A major feature. - Improved all list conf files (except bpl) so they now have little impact on speed if they are large. - Improved overall speed by reduced passing of objects and switching to pointers instead. - Now runs on Solaris 8. - Improved xBSD start/stop/restart scripts. - Improved Linux start/stop/restart scripts. Now not so RedHat dependant. - Fixed bug in configure script which gave an incorrect X-Forwarded-For format option in the conf file. Sat 13th October 2001 - DansGuardian-2.0.0-pre9 - e2guardian -v gives proper message now. - LICENSE file included now. - Missing steath-mode option in conf file reinstated. - Fixed mistake in logrotation script. - Added banned phrase exception feature. Mon 1st October 2001 - DansGuardian-2.0.0-pre8 - Fixed bug with failure to test for fork() failure condition. - Fixed bug with x-forwarded-for option not working. - Added self quitting and status reading from the command line (-q and -s). - Added option to not log accept()-type errors. - URL encoder improved to better handle reporting of phrases with symbols. - Now checks to see if its already running before it starts. - Now supports .pid file. - Fixed bug in OpenBSD start/stop script. I.e. it works now. - rlimit is now specifically set so that maxchildren should always work. - configure script now creates the sysv and bsdv scripts so the paths will be correct. - Improved documentation. - Fixed bug causing PICS options not to be read correctly. - Fixed problem with Makefile not creating whole directory tree when needed. - Re-added log feature missing that was in version 1.1.x. Thu 13th September 2001 - DansGuardian-2.0.0-pre7 - Now supports OpenBSD. - Fixed issue with UDS file name getting truncated. - Added better logging of problems including reasons for exiting. - Fixed bug in deflate compressed HTML - i.e. it works now. But its only a work-around. - Now does not exit as soon as a tcp/ip error occurs as these occur under heavy load in normal conditions. - Now monitors tcp/ip errors and exits if it goes over a threshold of continuous errors. - Vastly improved logging. It has a dedicated process for logging which keeps the file open as well as allowing it to scale to more users better. Hopefully the not logging bug has been fixed by this as well. - Fixed 2 bugs in the xBSD start script. - Some minor efficiency improvements. - Permissions on the configure files is correct now. - Timeouts in the SSL code have been increased to deal with slow sites. - Random exiting problems have been cured. - Problems under heavy load caused by incorrect handling of error conditions have been reduced or cured. - An improved bannedphraselist file is included. - A minor permission problem with logging has been fixed. Sat 1st September 2001 - DansGuardian-2.0.0-pre6 - Now supports FreeBSD. - Fixed bug stopping file extensions from being blocked. (was a missing '!') - Added a .Include feature to the bannedphraselist file so that different groups of additional phrases can be included. - Added better log file error detection. - DG now checks log file access before it starts. - RH RPM puts DG in runlevel 3+5 now. - Runlevel number changed from 89 to 92 to ensure its after squid. Mon 27th August 2001 - DansGuardian-2.0.0-pre5 - Made minor adjustments to improve tunneling code speed. - Fixed bug where a 47 was added to the hostname. - Fixed bug where RPM did not create and permission the /var/log/e2guardian directory. Sun 19th August 2001 - DansGuardian-2.0.0-pre4 - Fixed bug in phrase checking that caused it to overwrite the wrong memory. - Added web upload limiting and blocking feature. - Fixed minor bug with content type checking (typo). - Added process spawning capping to prevent DoS attacks killing the server. - Added stealth mode - logs, but does not block. - e2guardian.conf format modified slightly Sun 5th August 2001 - DansGuardian-2.0.0-pre3 - Fixed bug with compressed HTML support. - Speeded up DataBuffer class by a factor of 2. Sun 5th August 2001 - DansGuardian-2.0.0-pre2 - Added comand-line interface (-h for help on this) (includes version number). - Added content-encoding (gzip, deflate - not compress). - Improved the inteligent HTML scanning code. - Fixed not-reading-last-line-of-conf-file bug. - Issues with ^M in the log file and site exceptions fixed. Sun 22nd July 2001 - DansGuardian-2.0.0-pre1 - First beta test released. e2guardian-5.3.4/INSTALL000077500000000000000000000331151361351710700146070ustar00rootroot00000000000000NOTE: Change release 3.1.0 onwards ---------------------------------- Due to differences in release levels of the GNU autotools on different platforms we are no longer including the configure script as part of the distribution. NOTE: For v5 - please read notes/NEWIN_v5 first! ------------------------------------------------ HOW TO BUILD: ------------- The distribution uses GNU autotools for building. Run ./autogen.sh or autoreconf after downloading and unpacking to (re)generate the configure script and Makefile.in files. Most users should then follow the standard "./configure; make; make install" process common to UNIX packages. Please read the sections below for your OS for the most widely used configuration options. *** xBSD users, please ensure you have bash1 installed first *** *** Debian and Ubuntu users, please read the Debian section first. *** *** OS X / Darwin users, please read the OS X section first. *** 1. Run the ./autogen.sh script to generate the configure script. If an error occurs in running autogen.sh or ./configure then make sure you have an up-to-date version of automake tools and then run autoreconf. 2. Run the configure (./configure --help) script with the help option to see the user selectable settings. Default settings are shown in []. 3. Run the configure (./configure) script with your options, if any. It is HIGHLY LIKELY that you will want to change some options. Please read down for suggested options for your platform. 4. "make"** or "gmake" will now build E2Guardian. 5. "make install" will create the directory structure and install all the files in the chosen paths. For a more efficient install, try "make install-strip" which will strip symbol information to the DG binary smaller. 6. "make clean" will remove the now un-needed object files etc. 7. See the section later called ADDITIONAL SCRIPTS to add log rotation, optional CGI block page, startup scripts etc. ** You can often use "make -j 2" or "make -j 5" to compile DG faster, especially on multiple CPU computers. As a general rule of thumb, use the number of CPUs/cores plus one. With Solaris and others you may need "gmake" instead of "make". OPTIONS: -------- `configure' configures e2guardian to adapt to many kinds of systems. Usage: ./configure [OPTION]... [VAR=VALUE]... To assign environment variables (e.g., CC, CFLAGS...), specify them as VAR=VALUE. See below for descriptions of some of the useful variables. Defaults for the options are specified in brackets. Configuration: -h, --help display help and exit --help=short display options specific to this package --help=recursive display the short help of all the included packages -V, --version display version information and exit -q, --quiet, --silent do not print `checking...' messages --cache-file=FILE cache test results in FILE [disabled] -C, --config-cache alias for `--cache-file=config.cache' -n, --no-create do not create output files --srcdir=DIR find the sources in DIR [configure dir or `..'] Installation directories: --prefix=PREFIX install architecture-independent files in PREFIX [/usr/local] --exec-prefix=EPREFIX install architecture-dependent files in EPREFIX [PREFIX] By default, `make install' will install all the files in `/usr/local/bin', `/usr/local/lib' etc. You can specify an installation prefix other than `/usr/local' using `--prefix', for instance `--prefix=$HOME'. For better control, use the options below. Fine tuning of the installation directories: --bindir=DIR user executables [EPREFIX/bin] --sbindir=DIR system admin executables [EPREFIX/sbin] --libexecdir=DIR program executables [EPREFIX/libexec] --datadir=DIR read-only architecture-independent data [PREFIX/share] --sysconfdir=DIR read-only single-machine data [PREFIX/etc] --sharedstatedir=DIR modifiable architecture-independent data [PREFIX/com] --localstatedir=DIR modifiable single-machine data [PREFIX/var] --libdir=DIR object code libraries [EPREFIX/lib] --includedir=DIR C header files [PREFIX/include] --oldincludedir=DIR C header files for non-gcc [/usr/include] --infodir=DIR info documentation [PREFIX/info] --mandir=DIR man documentation [PREFIX/man] Program names: --program-prefix=PREFIX prepend PREFIX to installed program names --program-suffix=SUFFIX append SUFFIX to installed program names --program-transform-name=PROGRAM run sed PROGRAM on installed program names System types: --build=BUILD configure for building on BUILD [guessed] Optional Features: --disable-FEATURE do not include FEATURE (same as --enable-FEATURE=no) --enable-FEATURE[=ARG] include FEATURE [ARG=yes] --disable-dependency-tracking speeds up one-time build --enable-dependency-tracking do not reject slow dependency extractors --enable-static-zlib[=no] Enable static linking of zlib --enable-pcre[=yes] Enable support for the PCRE library --enable-segv-backtrace[=no] Enable logging a backtrace when a segmentation fault occurs --enable-lfs[=yes] Enable large file support on 32 bit systems --enable-orig-ip[=no] Enable support for checking the client's original destination IP address against HTTP request details when deployed as a transparent proxy (US-CERT VU#435052). Currently only works on Linux. --enable-clamd[=no] Enable support for the ClamD content scanner --enable-avastd[=no] Enable support for the AvastD content scanner --enable-icap[=no] Enable support for ICAP AV server content scanner --enable-kavd[=no] Enable support for the Kaspersky AV daemon content scanner --enable-commandline[=no] Enable support for command-line content scanners --enable-fancydm[=yes] Enable support for the fancy download manager --enable-totalblocklist[=no] Enable support for total block list --enable-trickledm[=no] Enable support for the trickle download manager --enable-ntlm[=no] Enable support for the NTLM auth plugin --enable-dnsauth[=no] Enable support for the DNS auth plugin --enable-email[=no] Enable support for email reporting functionality Optional Packages: --with-PACKAGE[=ARG] use PACKAGE [ARG=yes] --without-PACKAGE do not use PACKAGE (same as --with-PACKAGE=no) --with-zlib[=NONE] non-standard search path for zlib library --with-dgdebug[=off] switch on debug build mode --with-proxyuser[=nobody] name of proxy user --with-proxygroup[=nobody] name of proxy group --with-piddir[=${localstatedir}/run] path for pid file --with-logdir[=${localstatedir}/log/${PACKAGE_NAME}] path for log files --with-libiconv[=NONE] Specify search path on a system which requires an external iconv library (only used in conjunction with NTLM auth plugin). --with-sysconfsubdir[=e2guardian] subdirectory under sysconfdir in which to place config files Some influential environment variables: CXX C++ compiler command CXXFLAGS C++ compiler flags LDFLAGS linker flags, e.g. -L if you have libraries in a nonstandard directory CPPFLAGS C/C++ preprocessor flags, e.g. -I if you have headers in a nonstandard directory CC C compiler command CFLAGS C compiler flags CPP C preprocessor CXXCPP C++ preprocessor PKG_CONFIG path to pkg-config utility PCRE_CFLAGS C compiler flags for PCRE, overriding pkg-config PCRE_LIBS linker flags for PCRE, overriding pkg-config Use these variables to override the choices made by `configure' or to help it to find libraries and programs with nonstandard names/locations. See ./configure --help for more details. MACOSX: ------- *** Note in order to do any compiling in OS X you need to install *** * the Developer Tools - an additional pkg called BSDSDK.pkg. * A standard configure script that should work, provided you have installed MACOSX and the associated programs in their default locations. ./configure --localstatedir=/var \ --mandir=/usr/share/man/ \ --bindir=/usr/local/sbin/ You might consider changing the location of the log files to '--with-logdir=/usr/local/e2guardian/logs/' and use the provided log rotation script. Alternatively stick with the default (/var/log/e2guardian/) and read newsyslog(8). DEBIAN: ------- Build-Depends: base-files, base-passwd, bash, coreutils, dash, debianutils, diffutils, dpkg, e2fsprogs, findutils, grep, gzip, hostname, ncurses-base, libevent_pthreads, libevent-dev, ncurses-bin, perl-base, sed, login, sysvinit-utils, sysvinit, tar, bsdutils, mount, util-linux, libc6-dev , libc-dev, gcc , g++ , make, dpkg-dev , autotools-dev, debhelper , dh-autoreconf, dpatch , libclamav-dev , libpcre3-dev, zlib1g-dev, pkg-config, libssl-dev, libssl1.1 (can be also compiled with libssl1.0) Other packages related to E2guardian : adduser, perl, libbz2, libc6, libgcc1, libpcre3, libstdc++, libtommath0, zlib1g Other Packages suggests to E2guardian: squid, clamav, clamav-freshclam Autogen is needed ! Eg: ./autogen.sh && ./configure '--prefix=/usr' '--enable-clamd=yes' '--with-proxyuser=e2guardian' '--with-proxygroup=e2guardian' '--sysconfdir=/etc' '--localstatedir=/var' '--enable-icap=yes' '--enable-commandline=yes' '--enable-email=yes' '--enable-ntlm=yes' '--mandir=${prefix}/share/man' '--infodir=${prefix}/share/info' '--enable-pcre=yes' '--enable-sslmitm=yes' 'CPPFLAGS=-mno-sse2 -g -O2' && make NETBSD: ------- A standard configure script that should work, provided you have installed NetBSD and the associated programs in their default locations. ./configure --localstatedir=/var \ --prefix=/usr/pkg --sysconfdir=/usr/pkg/etc \ --bindir=/usr/pkg/sbin/ For NetBSD you might consider changing the location of the log files to '--with-logdir=/usr/local/e2guardian/logs/' and use the provided log rotation script. Alternatively stick with the default (/var/log/e2guardian/) and read newsyslog(8). Be sure that /usr/sbin/ is in your PATH before make install (for chown). FREEBSD: -------- A standard configure script that should work, provided you have installed FreeBSD and the associated programs in their default locations. ./configure --localstatedir=/var For FreeBSD and OpenBSD you might consider changing the location of the log files to '--with-logdir=/usr/local/e2guardian/logs/' and use the provided log rotation script. Alternatively stick with the default (/var/log/e2guardian/) and read newsyslog(8). OPENBSD: -------- A standard configure script that should work, provided you have installed OpenBSD and the associated programs in their default locations. ./configure --localstatedir=/var \ --bindir=/usr/sbin \ --mandir=/usr/share/man \ --sysconfdir=/etc HOW TO CONFIGURE: ----------------- Edit the e2guardian.conf, e2guardianf1.conf and other files. The files are commented well. ADDITIONAL SCRIPTS: ------------------- In /usr/local/share/e2guardian/scripts (or wherever you configured it to be) you will find at least the following files: bsd-init - a BSD style startup script to be put in your rc.d solaris-init - a Solaris style startup script to be put in your rc.d systemv-init - a Linux style startup script to be put in your rc.d e2guardian.service - a Linux style startup script to be put in your systemd directory e2guardian - a logrotate.d file logrotation - a sh script to rotate the logs ../e2guardian.pl - a cgi script for an access denied page The installation of startup scripts is deemed out of the scope of source code and is the playground of packagers and sysadmins. This is also true of log rotation scripts. You can choose to use the example logrotate.d file or you could crontab the logrotation script thus: crontab -e 59 23 * * sat /usr/local/share/e2guardian/scripts/logrotation (now save) I.e. 23:59 every Saturday. Or change to as pleases you. If you wish to use the cgi denied script rather than the template html denied page you will find it in: /usr/local/share/e2guardian/ (or wherever you configured it to be). This is not usually recommended but if you do want to do this copy it to your web servers' cgi-bin directory. E2Guardian. HOW TO RUN: ----------- You can start it by just running the binary. You can stop it by appending a ' -q' to the end, thus: 'e2guardian -q'. Or you can use the SysV(-like) script provided. HOW TO GET HELP: ---------------- http://e2guardian.org/ Here is the first place to start for getting support. There is a mailing list available for those that do not find the answers to their questions from the url above. The mailing list can be found at the url. Please DO NOT email the authors for support as you will be just directed at the mailing list. e2guardian-5.3.4/LICENSE000077500000000000000000000366241361351710700145730ustar00rootroot00000000000000 GNU GENERAL PUBLIC LICENSE Version 2, June 1991 Copyright (C) 1989, 1991 Free Software Foundation, Inc. 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA Everyone is permitted to copy and distribute verbatim copies of this license document, but changing it is not allowed. Preamble The licenses for most software are designed to take away your freedom to share and change it. By contrast, the GNU General Public License is intended to guarantee your freedom to share and change free software--to make sure the software is free for all its users. This General Public License applies to most of the Free Software Foundation's software and to any other program whose authors commit to using it. (Some other Free Software Foundation software is covered by the GNU Library General Public License instead.) You can apply it to your programs, too. When we speak of free software, we are referring to freedom, not price. Our General Public Licenses are designed to make sure that you have the freedom to distribute copies of free software (and charge for this service if you wish), that you receive source code or can get it if you want it, that you can change the software or use pieces of it in new free programs; and that you know you can do these things. To protect your rights, we need to make restrictions that forbid anyone to deny you these rights or to ask you to surrender the rights. These restrictions translate to certain responsibilities for you if you distribute copies of the software, or if you modify it. For example, if you distribute copies of such a program, whether gratis or for a fee, you must give the recipients all the rights that you have. You must make sure that they, too, receive or can get the source code. And you must show them these terms so they know their rights. We protect your rights with two steps: (1) copyright the software, and (2) offer you this license which gives you legal permission to copy, distribute and/or modify the software. Also, for each author's protection and ours, we want to make certain that everyone understands that there is no warranty for this free software. If the software is modified by someone else and passed on, we want its recipients to know that what they have is not the original, so that any problems introduced by others will not reflect on the original authors' reputations. Finally, any free program is threatened constantly by software patents. We wish to avoid the danger that redistributors of a free program will individually obtain patent licenses, in effect making the program proprietary. To prevent this, we have made it clear that any patent must be licensed for everyone's free use or not licensed at all. The precise terms and conditions for copying, distribution and modification follow. GNU GENERAL PUBLIC LICENSE TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION 0. This License applies to any program or other work which contains a notice placed by the copyright holder saying it may be distributed under the terms of this General Public License. The "Program", below, refers to any such program or work, and a "work based on the Program" means either the Program or any derivative work under copyright law: that is to say, a work containing the Program or a portion of it, either verbatim or with modifications and/or translated into another language. (Hereinafter, translation is included without limitation in the term "modification".) Each licensee is addressed as "you". Activities other than copying, distribution and modification are not covered by this License; they are outside its scope. The act of running the Program is not restricted, and the output from the Program is covered only if its contents constitute a work based on the Program (independent of having been made by running the Program). Whether that is true depends on what the Program does. 1. You may copy and distribute verbatim copies of the Program's source code as you receive it, in any medium, provided that you conspicuously and appropriately publish on each copy an appropriate copyright notice and disclaimer of warranty; keep intact all the notices that refer to this License and to the absence of any warranty; and give any other recipients of the Program a copy of this License along with the Program. You may charge a fee for the physical act of transferring a copy, and you may at your option offer warranty protection in exchange for a fee. 2. You may modify your copy or copies of the Program or any portion of it, thus forming a work based on the Program, and copy and distribute such modifications or work under the terms of Section 1 above, provided that you also meet all of these conditions: a) You must cause the modified files to carry prominent notices stating that you changed the files and the date of any change. b) You must cause any work that you distribute or publish, that in whole or in part contains or is derived from the Program or any part thereof, to be licensed as a whole at no charge to all third parties under the terms of this License. c) If the modified program normally reads commands interactively when run, you must cause it, when started running for such interactive use in the most ordinary way, to print or display an announcement including an appropriate copyright notice and a notice that there is no warranty (or else, saying that you provide a warranty) and that users may redistribute the program under these conditions, and telling the user how to view a copy of this License. (Exception: if the Program itself is interactive but does not normally print such an announcement, your work based on the Program is not required to print an announcement.) These requirements apply to the modified work as a whole. If identifiable sections of that work are not derived from the Program, and can be reasonably considered independent and separate works in themselves, then this License, and its terms, do not apply to those sections when you distribute them as separate works. But when you distribute the same sections as part of a whole which is a work based on the Program, the distribution of the whole must be on the terms of this License, whose permissions for other licensees extend to the entire whole, and thus to each and every part regardless of who wrote it. Thus, it is not the intent of this section to claim rights or contest your rights to work written entirely by you; rather, the intent is to exercise the right to control the distribution of derivative or collective works based on the Program. In addition, mere aggregation of another work not based on the Program with the Program (or with a work based on the Program) on a volume of a storage or distribution medium does not bring the other work under the scope of this License. 3. You may copy and distribute the Program (or a work based on it, under Section 2) in object code or executable form under the terms of Sections 1 and 2 above provided that you also do one of the following: a) Accompany it with the complete corresponding machine-readable source code, which must be distributed under the terms of Sections 1 and 2 above on a medium customarily used for software interchange; or, b) Accompany it with a written offer, valid for at least three years, to give any third party, for a charge no more than your cost of physically performing source distribution, a complete machine-readable copy of the corresponding source code, to be distributed under the terms of Sections 1 and 2 above on a medium customarily used for software interchange; or, c) Accompany it with the information you received as to the offer to distribute corresponding source code. (This alternative is allowed only for noncommercial distribution and only if you received the program in object code or executable form with such an offer, in accord with Subsection b above.) The source code for a work means the preferred form of the work for making modifications to it. For an executable work, complete source code means all the source code for all modules it contains, plus any associated interface definition files, plus the scripts used to control compilation and installation of the executable. However, as a special exception, the source code distributed need not include anything that is normally distributed (in either source or binary form) with the major components (compiler, kernel, and so on) of the operating system on which the executable runs, unless that component itself accompanies the executable. If distribution of executable or object code is made by offering access to copy from a designated place, then offering equivalent access to copy the source code from the same place counts as distribution of the source code, even though third parties are not compelled to copy the source along with the object code. 4. You may not copy, modify, sublicense, or distribute the Program except as expressly provided under this License. Any attempt otherwise to copy, modify, sublicense or distribute the Program is void, and will automatically terminate your rights under this License. However, parties who have received copies, or rights, from you under this License will not have their licenses terminated so long as such parties remain in full compliance. 5. You are not required to accept this License, since you have not signed it. However, nothing else grants you permission to modify or distribute the Program or its derivative works. These actions are prohibited by law if you do not accept this License. Therefore, by modifying or distributing the Program (or any work based on the Program), you indicate your acceptance of this License to do so, and all its terms and conditions for copying, distributing or modifying the Program or works based on it. 6. Each time you redistribute the Program (or any work based on the Program), the recipient automatically receives a license from the original licensor to copy, distribute or modify the Program subject to these terms and conditions. You may not impose any further restrictions on the recipients' exercise of the rights granted herein. You are not responsible for enforcing compliance by third parties to this License. 7. If, as a consequence of a court judgment or allegation of patent infringement or for any other reason (not limited to patent issues), conditions are imposed on you (whether by court order, agreement or otherwise) that contradict the conditions of this License, they do not excuse you from the conditions of this License. If you cannot distribute so as to satisfy simultaneously your obligations under this License and any other pertinent obligations, then as a consequence you may not distribute the Program at all. For example, if a patent license would not permit royalty-free redistribution of the Program by all those who receive copies directly or indirectly through you, then the only way you could satisfy both it and this License would be to refrain entirely from distribution of the Program. If any portion of this section is held invalid or unenforceable under any particular circumstance, the balance of the section is intended to apply and the section as a whole is intended to apply in other circumstances. It is not the purpose of this section to induce you to infringe any patents or other property right claims or to contest validity of any such claims; this section has the sole purpose of protecting the integrity of the free software distribution system, which is implemented by public license practices. Many people have made generous contributions to the wide range of software distributed through that system in reliance on consistent application of that system; it is up to the author/donor to decide if he or she is willing to distribute software through any other system and a licensee cannot impose that choice. This section is intended to make thoroughly clear what is believed to be a consequence of the rest of this License. 8. If the distribution and/or use of the Program is restricted in certain countries either by patents or by copyrighted interfaces, the original copyright holder who places the Program under this License may add an explicit geographical distribution limitation excluding those countries, so that distribution is permitted only in or among countries not thus excluded. In such case, this License incorporates the limitation as if written in the body of this License. 9. The Free Software Foundation may publish revised and/or new versions of the General Public License from time to time. Such new versions will be similar in spirit to the present version, but may differ in detail to address new problems or concerns. Each version is given a distinguishing version number. If the Program specifies a version number of this License which applies to it and "any later version", you have the option of following the terms and conditions either of that version or of any later version published by the Free Software Foundation. If the Program does not specify a version number of this License, you may choose any version ever published by the Free Software Foundation. 10. If you wish to incorporate parts of the Program into other free programs whose distribution conditions are different, write to the author to ask for permission. For software which is copyrighted by the Free Software Foundation, write to the Free Software Foundation; we sometimes make exceptions for this. Our decision will be guided by the two goals of preserving the free status of all derivatives of our free software and of promoting the sharing and reuse of software generally. NO WARRANTY 11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING, REPAIR OR CORRECTION. 12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. END OF TERMS AND CONDITIONS In addition, as a special exception, the copyright holders of e2guardian, give permission to link the code of this release of E2Guardian with the OpenSSL project's "OpenSSL" library (or with modified versions of it that use the same license as the "OpenSSL" library), and distribute the linked executables. You must obey the GNU General Public License in all respects for all of the code used other than "OpenSSL". If you modify this file, you may extend this exception to your version of the file, but you are not obligated to do so. If you do not wish to do so, delete this exception statement from your version. e2guardian-5.3.4/Makefile.am000077500000000000000000000002771361351710700156150ustar00rootroot00000000000000DISTCLEANFILES = Makefile.in \ aclocal.m4 \ config.guess \ config.h.in \ config.sub \ configure \ dgconfig.h.in \ configure SUBDIRS= . doc data configs src EXTRA_DIST = autogen.sh UPGRADING e2guardian-5.3.4/NEWS000077500000000000000000000001171361351710700142510ustar00rootroot00000000000000For news go to http://e2guardian.org/ This file is required by the autotools. e2guardian-5.3.4/README.md000066400000000000000000000055361361351710700150400ustar00rootroot00000000000000# [E2Guardian](http://e2guardian.org) This is the v5 production version - v5.3.4 Note that large sections of the code has been re-written and there are significant changes to the configuration files in this release. Note: Configuration files in this version are not backward compatable with v4 configuration files. Please read notes/NEWIN_v5 before installing. **For copyright go to: http://e2guardian.org** e2guardian is a content filtering proxy that can work in explicit and transparent proxy mode or as a ICAP server mode. More information can be found in the "notes" subdirectory of the distribution, and the comments in the configuration and list files themselves. e2guardian is a fork of [DansGuardian](http://dansguardian.org) and the maintainers fully acknowledge the work carried out by and the copyright of Daniel Baron and other contributors to the Dansguardian project. Read the INSTALL for installation instructions. ## Contributing Github: https://github.com/e2guardian * v5develop is used to develop new features * Bugfixes primarily occurs in the version branch ## Bugs and Feature Requests Github: https://github.com/e2guardian/e2guardian/issues Codacy Badge: [![Codacy Badge](https://api.codacy.com/project/badge/Grade/92742338bce249c6a52739d0343dabfa)](https://www.codacy.com/app/numsys/e2guardian?utm_source=github.com&utm_medium=referral&utm_content=e2guardian/e2guardian&utm_campaign=Badge_Grade) ## Community * Join the [Community Forum](https://groups.google.com/forum/#!forum/e2guardian). ## License Copyright 2018, [Frederic Bourgeois](http://numsys.eu), [E2BN Protex](http://protex.e2bn.org) Ltd and others. This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License version 2 as published by the Free Software Foundation. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA In addition, as a special exception, the copyright holders of this work, give permission to link the code of its release of e2guardian with the OpenSSL project's "OpenSSL" library (or with modified versions of it that use the same license as the "OpenSSL" library), and distribute the linked executables. You must obey the GNU General Public License in all respects for all of the code used other than "OpenSSL". If you modify this file, you may extend this exception to your version of the file, but you are not obligated to do so. If you do not wish to do so, delete this exception statement from your version. e2guardian-5.3.4/autogen.sh000077500000000000000000000001571361351710700155540ustar00rootroot00000000000000#! /bin/sh set -x cp README.md README aclocal -I m4 && autoheader && automake --add-missing --copy && autoconf e2guardian-5.3.4/configs/000077500000000000000000000000001361351710700152005ustar00rootroot00000000000000e2guardian-5.3.4/configs/Makefile.am000077500000000000000000000012311361351710700172340ustar00rootroot00000000000000DISTCLEANFILES = Makefile.in \ e2guardian.conf \ e2guardianf1.conf \ examplef1.story SUBDIRS = lists downloadmanagers authplugins . if NEED_CSCONFIGS SUBDIRS += contentscanners endif FLISTS = e2guardian.conf e2guardianf1.conf examplef1.story common.story \ site.story preauth.story EXTRA_DIST = e2guardian.conf.in e2guardianf1.conf.in examplef1.story.in install-data-local: $(mkinstalldirs) $(DESTDIR)$(DGCONFDIR) && \ for l in $(FLISTS) ; do \ echo "$(INSTALL_DATA) $$l $(DESTDIR)$(DGCONFDIR)/$$l"; \ $(INSTALL_DATA) $$l $(DESTDIR)$(DGCONFDIR)/$$l; \ done uninstall-local: for l in $(FLISTS) ; do \ rm -f $(DESTDIR)$(DGCONFDIR)/$$l ; \ done e2guardian-5.3.4/configs/Makefile.in000066400000000000000000000434011361351710700172470ustar00rootroot00000000000000# Makefile.in generated by automake 1.11.1 from Makefile.am. # @configure_input@ # Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, # 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation, # Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY, to the extent permitted by law; without # even the implied warranty of MERCHANTABILITY or FITNESS FOR A # PARTICULAR PURPOSE. @SET_MAKE@ VPATH = @srcdir@ pkgdatadir = $(datadir)/@PACKAGE@ pkgincludedir = $(includedir)/@PACKAGE@ pkglibdir = $(libdir)/@PACKAGE@ pkglibexecdir = $(libexecdir)/@PACKAGE@ am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd install_sh_DATA = $(install_sh) -c -m 644 install_sh_PROGRAM = $(install_sh) -c install_sh_SCRIPT = $(install_sh) -c INSTALL_HEADER = $(INSTALL_DATA) transform = $(program_transform_name) NORMAL_INSTALL = : PRE_INSTALL = : POST_INSTALL = : NORMAL_UNINSTALL = : PRE_UNINSTALL = : POST_UNINSTALL = : build_triplet = @build@ @NEED_CSCONFIGS_TRUE@am__append_1 = contentscanners subdir = configs DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in \ $(srcdir)/e2guardian.conf.in $(srcdir)/e2guardianf1.conf.in \ $(srcdir)/examplef1.story.in ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/ac_finalize.m4 \ $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/dgconfig.h CONFIG_CLEAN_FILES = e2guardian.conf e2guardianf1.conf examplef1.story CONFIG_CLEAN_VPATH_FILES = SOURCES = DIST_SOURCES = RECURSIVE_TARGETS = all-recursive check-recursive dvi-recursive \ html-recursive info-recursive install-data-recursive \ install-dvi-recursive install-exec-recursive \ install-html-recursive install-info-recursive \ install-pdf-recursive install-ps-recursive install-recursive \ installcheck-recursive installdirs-recursive pdf-recursive \ ps-recursive uninstall-recursive RECURSIVE_CLEAN_TARGETS = mostlyclean-recursive clean-recursive \ distclean-recursive maintainer-clean-recursive AM_RECURSIVE_TARGETS = $(RECURSIVE_TARGETS:-recursive=) \ $(RECURSIVE_CLEAN_TARGETS:-recursive=) tags TAGS ctags CTAGS \ distdir ETAGS = etags CTAGS = ctags DIST_SUBDIRS = lists downloadmanagers authplugins . contentscanners DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) am__relativize = \ dir0=`pwd`; \ sed_first='s,^\([^/]*\)/.*$$,\1,'; \ sed_rest='s,^[^/]*/*,,'; \ sed_last='s,^.*/\([^/]*\)$$,\1,'; \ sed_butlast='s,/*[^/]*$$,,'; \ while test -n "$$dir1"; do \ first=`echo "$$dir1" | sed -e "$$sed_first"`; \ if test "$$first" != "."; then \ if test "$$first" = ".."; then \ dir2=`echo "$$dir0" | sed -e "$$sed_last"`/"$$dir2"; \ dir0=`echo "$$dir0" | sed -e "$$sed_butlast"`; \ else \ first2=`echo "$$dir2" | sed -e "$$sed_first"`; \ if test "$$first2" = "$$first"; then \ dir2=`echo "$$dir2" | sed -e "$$sed_rest"`; \ else \ dir2="../$$dir2"; \ fi; \ dir0="$$dir0"/"$$first"; \ fi; \ fi; \ dir1=`echo "$$dir1" | sed -e "$$sed_rest"`; \ done; \ reldir="$$dir2" ACLOCAL = @ACLOCAL@ AMTAR = @AMTAR@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ AVASTDSUPPORT = @AVASTDSUPPORT@ AWK = @AWK@ CC = @CC@ CCDEPMODE = @CCDEPMODE@ CFLAGS = @CFLAGS@ CLAMDSUPPORT = @CLAMDSUPPORT@ COMMANDLINESUPPORT = @COMMANDLINESUPPORT@ CPP = @CPP@ CPPFLAGS = @CPPFLAGS@ CXX = @CXX@ CXXCPP = @CXXCPP@ CXXDEPMODE = @CXXDEPMODE@ CXXFLAGS = @CXXFLAGS@ CYGPATH_W = @CYGPATH_W@ DEFS = @DEFS@ DEPDIR = @DEPDIR@ DGBINDIR = @DGBINDIR@ DGCONFDIR = @DGCONFDIR@ DGCONFFILE = @DGCONFFILE@ DGDATADIR = @DGDATADIR@ DGLIBDIR = @DGLIBDIR@ DGLOGLOCATION = @DGLOGLOCATION@ DGPIDDIR = @DGPIDDIR@ DGPROXYGROUP = @DGPROXYGROUP@ DGPROXYUSER = @DGPROXYUSER@ DNSAUTHSUPPORT = @DNSAUTHSUPPORT@ ECHO_C = @ECHO_C@ ECHO_N = @ECHO_N@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ EMAILSUPPORT = @EMAILSUPPORT@ EXEEXT = @EXEEXT@ GREP = @GREP@ ICAPSUPPORT = @ICAPSUPPORT@ INSTALL = @INSTALL@ INSTALL_DATA = @INSTALL_DATA@ INSTALL_PROGRAM = @INSTALL_PROGRAM@ INSTALL_SCRIPT = @INSTALL_SCRIPT@ INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ KAVDSUPPORT = @KAVDSUPPORT@ LDFLAGS = @LDFLAGS@ LIBOBJS = @LIBOBJS@ LIBS = @LIBS@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ MAKEINFO = @MAKEINFO@ MKDIR_P = @MKDIR_P@ NTLMSUPPORT = @NTLMSUPPORT@ OBJEXT = @OBJEXT@ OPENSSL_CFLAGS = @OPENSSL_CFLAGS@ OPENSSL_LIBS = @OPENSSL_LIBS@ ORIGIPSUPPORT = @ORIGIPSUPPORT@ PACKAGE = @PACKAGE@ PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ PACKAGE_NAME = @PACKAGE_NAME@ PACKAGE_STRING = @PACKAGE_STRING@ PACKAGE_TARNAME = @PACKAGE_TARNAME@ PACKAGE_VERSION = @PACKAGE_VERSION@ PATH_SEPARATOR = @PATH_SEPARATOR@ PCRE_CFLAGS = @PCRE_CFLAGS@ PCRE_LIBS = @PCRE_LIBS@ PKG_CONFIG = @PKG_CONFIG@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ SSLMITMSUPPORT = @SSLMITMSUPPORT@ STRIP = @STRIP@ VERSION = @VERSION@ abs_builddir = @abs_builddir@ abs_srcdir = @abs_srcdir@ abs_top_builddir = @abs_top_builddir@ abs_top_srcdir = @abs_top_srcdir@ ac_ct_CC = @ac_ct_CC@ ac_ct_CXX = @ac_ct_CXX@ am__include = @am__include@ am__leading_dot = @am__leading_dot@ am__quote = @am__quote@ am__tar = @am__tar@ am__untar = @am__untar@ bindir = @bindir@ build = @build@ build_alias = @build_alias@ build_cpu = @build_cpu@ build_os = @build_os@ build_vendor = @build_vendor@ builddir = @builddir@ datadir = @datadir@ datarootdir = @datarootdir@ docdir = @docdir@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ host_alias = @host_alias@ htmldir = @htmldir@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ libdir = @libdir@ libexecdir = @libexecdir@ localedir = @localedir@ localstatedir = @localstatedir@ mandir = @mandir@ mkdir_p = @mkdir_p@ oldincludedir = @oldincludedir@ pdfdir = @pdfdir@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ sbindir = @sbindir@ sharedstatedir = @sharedstatedir@ srcdir = @srcdir@ sysconfdir = @sysconfdir@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ DISTCLEANFILES = Makefile.in \ e2guardian.conf \ e2guardianf1.conf \ examplef1.story SUBDIRS = lists downloadmanagers authplugins . $(am__append_1) FLISTS = e2guardian.conf e2guardianf1.conf examplef1.story common.story \ site.story preauth.story EXTRA_DIST = e2guardian.conf.in e2guardianf1.conf.in examplef1.story.in all: all-recursive .SUFFIXES: $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) @for dep in $?; do \ case '$(am__configure_deps)' in \ *$$dep*) \ ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \ && { if test -f $@; then exit 0; else break; fi; }; \ exit 1;; \ esac; \ done; \ echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu configs/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu configs/Makefile .PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \ *) \ echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \ cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \ esac; $(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(top_srcdir)/configure: $(am__configure_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(ACLOCAL_M4): $(am__aclocal_m4_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(am__aclocal_m4_deps): e2guardian.conf: $(top_builddir)/config.status $(srcdir)/e2guardian.conf.in cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ e2guardianf1.conf: $(top_builddir)/config.status $(srcdir)/e2guardianf1.conf.in cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ examplef1.story: $(top_builddir)/config.status $(srcdir)/examplef1.story.in cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ # This directory's subdirectories are mostly independent; you can cd # into them and run `make' without going through this Makefile. # To change the values of `make' variables: instead of editing Makefiles, # (1) if the variable is set in `config.status', edit `config.status' # (which will cause the Makefiles to be regenerated when you run `make'); # (2) otherwise, pass the desired values on the `make' command line. $(RECURSIVE_TARGETS): @fail= failcom='exit 1'; \ for f in x $$MAKEFLAGS; do \ case $$f in \ *=* | --[!k]*);; \ *k*) failcom='fail=yes';; \ esac; \ done; \ dot_seen=no; \ target=`echo $@ | sed s/-recursive//`; \ list='$(SUBDIRS)'; for subdir in $$list; do \ echo "Making $$target in $$subdir"; \ if test "$$subdir" = "."; then \ dot_seen=yes; \ local_target="$$target-am"; \ else \ local_target="$$target"; \ fi; \ ($(am__cd) $$subdir && $(MAKE) $(AM_MAKEFLAGS) $$local_target) \ || eval $$failcom; \ done; \ if test "$$dot_seen" = "no"; then \ $(MAKE) $(AM_MAKEFLAGS) "$$target-am" || exit 1; \ fi; test -z "$$fail" $(RECURSIVE_CLEAN_TARGETS): @fail= failcom='exit 1'; \ for f in x $$MAKEFLAGS; do \ case $$f in \ *=* | --[!k]*);; \ *k*) failcom='fail=yes';; \ esac; \ done; \ dot_seen=no; \ case "$@" in \ distclean-* | maintainer-clean-*) list='$(DIST_SUBDIRS)' ;; \ *) list='$(SUBDIRS)' ;; \ esac; \ rev=''; for subdir in $$list; do \ if test "$$subdir" = "."; then :; else \ rev="$$subdir $$rev"; \ fi; \ done; \ rev="$$rev ."; \ target=`echo $@ | sed s/-recursive//`; \ for subdir in $$rev; do \ echo "Making $$target in $$subdir"; \ if test "$$subdir" = "."; then \ local_target="$$target-am"; \ else \ local_target="$$target"; \ fi; \ ($(am__cd) $$subdir && $(MAKE) $(AM_MAKEFLAGS) $$local_target) \ || eval $$failcom; \ done && test -z "$$fail" tags-recursive: list='$(SUBDIRS)'; for subdir in $$list; do \ test "$$subdir" = . || ($(am__cd) $$subdir && $(MAKE) $(AM_MAKEFLAGS) tags); \ done ctags-recursive: list='$(SUBDIRS)'; for subdir in $$list; do \ test "$$subdir" = . || ($(am__cd) $$subdir && $(MAKE) $(AM_MAKEFLAGS) ctags); \ done ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES) list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ mkid -fID $$unique tags: TAGS TAGS: tags-recursive $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) set x; \ here=`pwd`; \ if ($(ETAGS) --etags-include --version) >/dev/null 2>&1; then \ include_option=--etags-include; \ empty_fix=.; \ else \ include_option=--include; \ empty_fix=; \ fi; \ list='$(SUBDIRS)'; for subdir in $$list; do \ if test "$$subdir" = .; then :; else \ test ! -f $$subdir/TAGS || \ set "$$@" "$$include_option=$$here/$$subdir/TAGS"; \ fi; \ done; \ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ shift; \ if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \ test -n "$$unique" || unique=$$empty_fix; \ if test $$# -gt 0; then \ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ "$$@" $$unique; \ else \ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ $$unique; \ fi; \ fi ctags: CTAGS CTAGS: ctags-recursive $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ test -z "$(CTAGS_ARGS)$$unique" \ || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ $$unique GTAGS: here=`$(am__cd) $(top_builddir) && pwd` \ && $(am__cd) $(top_srcdir) \ && gtags -i $(GTAGS_ARGS) "$$here" distclean-tags: -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags distdir: $(DISTFILES) @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ list='$(DISTFILES)'; \ dist_files=`for file in $$list; do echo $$file; done | \ sed -e "s|^$$srcdirstrip/||;t" \ -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \ case $$dist_files in \ */*) $(MKDIR_P) `echo "$$dist_files" | \ sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \ sort -u` ;; \ esac; \ for file in $$dist_files; do \ if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ if test -d $$d/$$file; then \ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ if test -d "$(distdir)/$$file"; then \ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ fi; \ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ fi; \ cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \ else \ test -f "$(distdir)/$$file" \ || cp -p $$d/$$file "$(distdir)/$$file" \ || exit 1; \ fi; \ done @list='$(DIST_SUBDIRS)'; for subdir in $$list; do \ if test "$$subdir" = .; then :; else \ test -d "$(distdir)/$$subdir" \ || $(MKDIR_P) "$(distdir)/$$subdir" \ || exit 1; \ fi; \ done @list='$(DIST_SUBDIRS)'; for subdir in $$list; do \ if test "$$subdir" = .; then :; else \ dir1=$$subdir; dir2="$(distdir)/$$subdir"; \ $(am__relativize); \ new_distdir=$$reldir; \ dir1=$$subdir; dir2="$(top_distdir)"; \ $(am__relativize); \ new_top_distdir=$$reldir; \ echo " (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) top_distdir="$$new_top_distdir" distdir="$$new_distdir" \\"; \ echo " am__remove_distdir=: am__skip_length_check=: am__skip_mode_fix=: distdir)"; \ ($(am__cd) $$subdir && \ $(MAKE) $(AM_MAKEFLAGS) \ top_distdir="$$new_top_distdir" \ distdir="$$new_distdir" \ am__remove_distdir=: \ am__skip_length_check=: \ am__skip_mode_fix=: \ distdir) \ || exit 1; \ fi; \ done check-am: all-am check: check-recursive all-am: Makefile installdirs: installdirs-recursive installdirs-am: install: install-recursive install-exec: install-exec-recursive install-data: install-data-recursive uninstall: uninstall-recursive install-am: all-am @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am installcheck: installcheck-recursive install-strip: $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ `test -z '$(STRIP)' || \ echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install mostlyclean-generic: clean-generic: distclean-generic: -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) -test -z "$(DISTCLEANFILES)" || rm -f $(DISTCLEANFILES) maintainer-clean-generic: @echo "This command is intended for maintainers to use" @echo "it deletes files that may require special tools to rebuild." clean: clean-recursive clean-am: clean-generic mostlyclean-am distclean: distclean-recursive -rm -f Makefile distclean-am: clean-am distclean-generic distclean-tags dvi: dvi-recursive dvi-am: html: html-recursive html-am: info: info-recursive info-am: install-data-am: install-data-local install-dvi: install-dvi-recursive install-dvi-am: install-exec-am: install-html: install-html-recursive install-html-am: install-info: install-info-recursive install-info-am: install-man: install-pdf: install-pdf-recursive install-pdf-am: install-ps: install-ps-recursive install-ps-am: installcheck-am: maintainer-clean: maintainer-clean-recursive -rm -f Makefile maintainer-clean-am: distclean-am maintainer-clean-generic mostlyclean: mostlyclean-recursive mostlyclean-am: mostlyclean-generic pdf: pdf-recursive pdf-am: ps: ps-recursive ps-am: uninstall-am: uninstall-local .MAKE: $(RECURSIVE_CLEAN_TARGETS) $(RECURSIVE_TARGETS) ctags-recursive \ install-am install-strip tags-recursive .PHONY: $(RECURSIVE_CLEAN_TARGETS) $(RECURSIVE_TARGETS) CTAGS GTAGS \ all all-am check check-am clean clean-generic ctags \ ctags-recursive distclean distclean-generic distclean-tags \ distdir dvi dvi-am html html-am info info-am install \ install-am install-data install-data-am install-data-local \ install-dvi install-dvi-am install-exec install-exec-am \ install-html install-html-am install-info install-info-am \ install-man install-pdf install-pdf-am install-ps \ install-ps-am install-strip installcheck installcheck-am \ installdirs installdirs-am maintainer-clean \ maintainer-clean-generic mostlyclean mostlyclean-generic pdf \ pdf-am ps ps-am tags tags-recursive uninstall uninstall-am \ uninstall-local install-data-local: $(mkinstalldirs) $(DESTDIR)$(DGCONFDIR) && \ for l in $(FLISTS) ; do \ echo "$(INSTALL_DATA) $$l $(DESTDIR)$(DGCONFDIR)/$$l"; \ $(INSTALL_DATA) $$l $(DESTDIR)$(DGCONFDIR)/$$l; \ done uninstall-local: for l in $(FLISTS) ; do \ rm -f $(DESTDIR)$(DGCONFDIR)/$$l ; \ done # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. .NOEXPORT: e2guardian-5.3.4/configs/authplugins/000077500000000000000000000000001361351710700175435ustar00rootroot00000000000000e2guardian-5.3.4/configs/authplugins/Makefile.am000077500000000000000000000012451361351710700216040ustar00rootroot00000000000000DISTCLEANFILES = Makefile.in DGDATADIR = $(DGCONFDIR)/authplugins SUBDIRS = . FLISTS = proxy-basic.conf ident.conf ip.conf proxy-digest.conf \ port.conf if ENABLE_NTLM FLISTS += proxy-ntlm.conf endif if PRT_DNSAUTH FLISTS += dnsauth.conf endif EXTRA_DIST = proxy-basic.conf ident.conf ip.conf.in proxy-ntlm.conf \ proxy-digest.conf port.conf.in dnsauth.conf install-data-local: $(mkinstalldirs) $(DESTDIR)$(DGDATADIR) && \ for l in $(FLISTS) ; do \ echo "$(INSTALL_DATA) $$l $(DESTDIR)$(DGDATADIR)/$$l"; \ $(INSTALL_DATA) $$l $(DESTDIR)$(DGDATADIR)/$$l; \ done uninstall-local: for l in $(FLISTS) ; do \ rm -f $(DESTDIR)$(DGDATADIR)/$$l ; \ done e2guardian-5.3.4/configs/authplugins/dnsauth.conf000066400000000000000000000007341361351710700220640ustar00rootroot00000000000000# IP/DNS-based auth plugin # # Obtains user and group from domain entry maintained by separate authentication# program. plugname = 'dnsauth' # Base domain #basedomain = "my.privatedomain" # Authentication URL #authurl = "http://192.168.1.3/auth/login/login.pl?url" # Prefix for auth URLs #prefix_auth = "http://192.168.1.3/auth/" # Redirect to auth (i.e. log-in) # yes - redirects to authurl to login # no - drops through to next auth plugin redirect_to_auth = "yes" e2guardian-5.3.4/configs/authplugins/ident.conf000077500000000000000000000001501361351710700215140ustar00rootroot00000000000000# Ident auth plugin # Identifies users via IDENT servers running on client machines plugname = 'ident' e2guardian-5.3.4/configs/authplugins/ip.conf.in000077500000000000000000000004751361351710700214400ustar00rootroot00000000000000# IP-based auth plugin # # Maps client IPs to filter groups. # If "usexforwardedfor" is enabled, grabs the IP from the X-Forwarded-For # header, if available. plugname = 'ip' # ipgroups file # List file assigning IP addresses, subnets and ranges to filter groups ipgroups = '@DGCONFDIR@/lists/authplugins/ipgroups' e2guardian-5.3.4/configs/authplugins/port.conf.in000066400000000000000000000003131361351710700220000ustar00rootroot00000000000000# IP-Port-based auth plugin # # Maps IP Ports to filter groups. plugname = 'port' # portgroups file # List file assigning ports to filter groups portgroups = '@DGCONFDIR@/lists/authplugins/portgroups' e2guardian-5.3.4/configs/authplugins/proxy-basic.conf000077500000000000000000000003031361351710700226510ustar00rootroot00000000000000# Proxy-Basic auth plugin # Identifies usernames in "Proxy-Authorization: Basic" headers; # relies upon the upstream proxy (squid) to perform the actual password check. plugname = 'proxy-basic' e2guardian-5.3.4/configs/authplugins/proxy-digest.conf000077500000000000000000000004011361351710700230460ustar00rootroot00000000000000# Proxy-Digest auth plugin # Identifies usernames in "Proxy-Authorization: Digest" headers; # relies upon the upstream proxy (squid) to perform the actual password check. # Contributed by Darryl Sutherland plugname = 'proxy-digest' e2guardian-5.3.4/configs/authplugins/proxy-header.conf000066400000000000000000000010161361351710700230170ustar00rootroot00000000000000# Proxy-header auth plugin # FredB August 2016 # Identifies users with header; # relies upon the upstream proxy. # Eg: in groups file # Mozilla/5.0 (Windows NT 6.1; rv:47.0) Gecko/20100101 Firefox/47.0=filter3 # here: # header = 'user-agent' # Firefox 47 + windows is added to group3 without any kind of authentification (! not related with your proxy configuration/identification !) # THIS IS REALLY INSECURE This can be easily compromised by spoofing the Origin header # low case # header = '' # plugname = 'proxy-header' e2guardian-5.3.4/configs/authplugins/proxy-ntlm.conf000077500000000000000000000002761361351710700225530ustar00rootroot00000000000000# Proxy-NTLM auth plugin # Identifies usernames in "Proxy-Authorization: NTLM" headers; # relies on the upstream proxy (squid) to perform the actual password check. plugname = 'proxy-ntlm' e2guardian-5.3.4/configs/common.story000066400000000000000000000171001361351710700175710ustar00rootroot00000000000000# Storyboard library file # For ease of upgrade DO NOT CHANGE THIS library file # Make your function changes by overriding functions # in the site.story file - for site wide changes # and in filtergroup specific story file - see examplef1.story # # This library is built to largely duplicate the logic in V4 # # Many e2guardian[f1].conf flags are replaced by overiding # library functions - see site.story and examplef1.story # # Simple functions are defined which control the logic flow and the # lists that are used. See notes/Storyboard for details. # # The entry point in v5 for standard filtering is 'checkrequest' # # Entry function called by proxy module to check http request function(checkrequest) if(viruscheckset) checknoscanlists if(bypassallowset) checknobypasslists if(exceptionset) return true if(fullurlin,searchterms) setsearchterm ifnot(greyset) returnif localcheckrequest if(connect) return sslrequestcheck ifnot(greyset) returnif exceptioncheck ifnot(greyset) greycheck ifnot(greyset) returnif bannedcheck if(fullurlin, change) setmodurl if(true) returnif embeddedcheck if(headerin,headermods) setmodheader if(fullurlin, addheader) setaddheader if(searchin,override) setexception if(returnset) return setdone if(searchin,banned) return setblock if(fullurlin,redirect) return setredirect if(true) setgrey # Entry function called by proxy module to check http response function(checkresponse) if(exceptionset) return false if(viruscheckset) checknoscantypes if(urlin,exceptionfile) return false if(true) return checkfiletype # Entry function called by THTTPS module to check https request function(thttps-checkrequest) if(true) returnif localsslrequestcheck if(true) returnif sslrequestcheck ifnot(hassniset) checksni # Entry function called by ICAP module to check reqmod function(icap-checkrequest) #unless blocked or redirect or connect - leave logging for RESPMOD if(connect) return icapsslrequestcheck ifnot(greyset) icap-checkrequest2 if(redirectset) return true ifnot(blockset) setnolog function(icap-checkrequest2) if(viruscheckset) checknoscanlists if(bypassallowset) checknobypasslists if(exceptionset) return true if(fullurlin,searchterms) setsearchterm ifnot(greyset) returnif localcheckrequest ifnot(greyset) returnif exceptioncheck ifnot(greyset) greycheck ifnot(greyset) returnif bannedcheck if(fullurlin, change) setmodurl if(true) returnif embeddedcheck if(headerin,headermods) setmodheader if(fullurlin, addheader) setaddheader if(searchin,override) return setgrey if(searchin,banned) return setblock if(true) setgrey # Entry function called by ICAP module to check respmod function(icap-checkresponse) if(viruscheckset) checknoscanlists if(true) return checkresponse # Checks embeded urls # returns true if blocked, otherwise false function(embeddedcheck) if(embeddedin, localexception) return false if(embeddedin, localgrey) return false if(embeddedin, localbanned) return setblock if(embeddedin, exception) return false if(embeddedin, grey) return false if(embeddedin, banned) return setblock # Local checks # returns true if matches local exception or banned function(localcheckrequest) if(connect) return localsslrequestcheck ifnot(greyset) returnif localexceptioncheck ifnot(greyset) localgreycheck ifnot(greyset) returnif localbannedcheck if(searchin,localbanned) return setblock # Local SSL checks # returns true if matches local exception function(localsslrequestcheck) if(sitein, localexception) return setexception if(sitein, localgreyssl) returnif sslcheckmitm if(sitein, localbanned) true ifnot(returnset) return false if(true) returnif sslcheckmitm if(true) return setblock # SSL site replace (used instead of dns kulge) # returns true on match and successful replacement function(sslreplace) if(fullurlin,sslreplace) return setconnectsite if(true) return false # Local grey check # returns true on match function(localgreycheck) if(urlin, localgrey) return setgrey # Local banned check # returns true on match function(localbannedcheck) if(urlin, localbanned) return setblock # Local exception check # returns true on match function(localexceptioncheck) if(urlin, localexception) return setexception # Exception check # returns true on match function(exceptioncheck) if(urlin, exception) return setexception if(refererin,refererexception) return setexception if(headerin, exceptionheader) return setexception if(useragentin, exceptionuseragent) return setexception ifnot(urlin,embededreferer) return false if(embeddedin,refererexception) return setexception # SSL Exception check # returns true on match function(sslexceptioncheck) if(sitein, exception) return setexception if(headerin, exceptionheader) return setexception if(useragentin, exceptionuseragent) return setexception if(true) return false # Greylist check # returns true on match function(greycheck) if(urlin, grey) return setgrey # Banned list check # returns true on match function(bannedcheck) if(true) returnif checkblanketblock if(urlin, banned) return setblock if(urlin,bannedextension) return setblock if(useragentin, banneduseragent) return setblock if(headerin, bannedheader) return setblock # Local SSL list(s) check # returns true on match function(localsslcheckrequest) if(sitein, localexception) return setexception #if(sitein, localbanned) return setblock # Check whether to go MITM # returns true if yes, false if no function(sslcheckmitm) # use next line to have general MITM if(true) return sslcheckmitmgeneral # use next line instead of last to limit MITM to greylist #if(true) return sslcheckmitmgreyonly # Always go MITM # returns true if yes, false if no function(sslcheckmitmgeneral) if(true) setgomitm ifnot(returnset) return false if(sitein, nocheckcert) setnocheckcert if(true) sslreplace if(true) return true # Only go MITM when in greyssl list # returns true if yes, false if no function(sslcheckmitmgreyonly) if(sitein, greyssl) setgomitm ifnot(returnset) return false if(sitein, nocheckcert) setnocheckcert if(true) sslreplace if(true) return true # SSL request check # returns true if exception or gomitm function(sslrequestcheck) if(true) returnif sslexceptioncheck if(true) returnif sslcheckmitm if(sitein, banned) return setblock if(true) sslreplace ifnot(returnset) returnif sslcheckblanketblock if(true) setgrey function(checknoscanlists) if(urlin,exceptionvirus) unsetviruscheck function(checknoscantypes) if(mimein,exceptionvirus) return unsetviruscheck if(extensionin,exceptionvirus) return unsetviruscheck function(checknobypasslists) if(urlin,bannedbypass) return unsetbypassallow # ICAP SSL request check # returns true if exception function(icapsslrequestcheck) if(true) returnif icapsquidbump if(true) returnif sslexceptioncheck if(true) sslreplace if(sitein, banned) return setblock # Blanket block # returns true if to block # Placeholder function - overide in fn.story function(checkblanketblock) # SSL Blanket block # returns true if to block # Placeholder function - overide in fn.story function(sslcheckblanketblock) # ICAP Squid bump # override in site.story to return true if bump is being deployed on squid function(icapsquidbump) # File type blocking # returns true if blocking # Default uses banned lists and allows all others # Overide in site.story or fn.story if only types in exception file type lists # are to be allowed function(checkfiletype) if(mimein, bannedmime) return setblock if(extensionin, bannedextension) return setblock # SNI checking - determines default action when no SNI or TSL is present on a # THTTPS connection # Default blocks all requests with TLS or SNI absent that are not ip site exceptions function(checksni) ifnot(tls,,511) return setblock ifnot(hassniset,,512) return setblock e2guardian-5.3.4/configs/contentscanners/000077500000000000000000000000001361351710700204075ustar00rootroot00000000000000e2guardian-5.3.4/configs/contentscanners/Makefile.am000077500000000000000000000015331361351710700224500ustar00rootroot00000000000000DISTCLEANFILES = Makefile.in \ clamdscan.conf icapscan.conf \ kavdscan.conf commandlinescan.conf DGDATADIR = $(DGCONFDIR)/contentscanners SUBDIRS = . FLISTS = if ENABLE_CLAMD FLISTS += clamdscan.conf endif if ENABLE_AVASTD FLISTS += avastdscan.conf endif if ENABLE_ICAP FLISTS += icapscan.conf endif if ENABLE_KAVD FLISTS += kavdscan.conf endif if ENABLE_COMMANDLINE FLISTS += commandlinescan.conf endif EXTRA_DIST = clamdscan.conf.in avastdscan.conf.in icapscan.conf.in \ kavdscan.conf.in commandlinescan.conf.in install-data-local: $(mkinstalldirs) $(DESTDIR)$(DGDATADIR) && \ for l in $(FLISTS) ; do \ echo "$(INSTALL_DATA) $$l $(DESTDIR)$(DGDATADIR)/$$l"; \ $(INSTALL_DATA) $$l $(DESTDIR)$(DGDATADIR)/$$l; \ done uninstall-local: for l in $(FLISTS) ; do \ rm -f $(DESTDIR)$(DGDATADIR)/$$l ; \ done e2guardian-5.3.4/configs/contentscanners/avastdscan.conf.in000077500000000000000000000005531361351710700240200ustar00rootroot00000000000000plugname = 'avastdscan' # edit this to match the location of your AvastD UNIX domain socket #avastdudsfile = '/var/run/avast4/local.sock' # edit this to block unscannable files (e.g. encrypted archives) #archivewarn = off #Specify the version of avast protocol. It Must be 'avast4' or 'avast2014' #default is avast4 for compatibility avastprotocol = 'avast4' e2guardian-5.3.4/configs/contentscanners/clamdscan.conf.in000077500000000000000000000011231361351710700236100ustar00rootroot00000000000000plugname = 'clamdscan' # edit this to match the location of your ClamD UNIX domain socket #clamdudsfile = '/var/run/clamav/clamd.sock' # If this string is set, the text it contains shall be removed from the # beginning of filenames when passing them to ClamD. # Use it to - for example - support a ClamD running inside a chroot jail: # if DG's filecachedir is set to "/var/clamdchroot/downloads/" and pathprefix # is set to "/var/clamdchroot", then file names given to ClamD will be of the # form "/downloads/tf*" instead of "/var/clamdchroot/downloads/tf*". #pathprefix = '/var/clamdchroot' e2guardian-5.3.4/configs/contentscanners/commandlinescan.conf.in000077500000000000000000000023401361351710700250200ustar00rootroot00000000000000plugname = 'commandlinescan' # Program to run & initial arguments - filename for scanning will be appended #progname = /path/to/scanner # At least one of the following three options must be defined! # They are checked in the following order, with the first match determining # the scan result: # virusregexp - regular expression for extracting virus names from # the scanner's output # cleancodes - program return code(s), as a comma-separated list, for # uninfected files # infectedcodes - program return code(s), as a comma-separated list, for # infected files #virusregexp = (someregexp) # Which submatch of the above contains the virus name? (0 = all matched text) #submatch = 1 # cleancodes = 0 # infectedcodes = 1,2,3 # Default result when none of the other options triggers a match # Valid values are "infected" and "clean" #defaultresult = infected # # Example configuration for clamdscan # ## Path to binary #progname = '/usr/bin/clamdscan' ## Program returns 0 for clean files (for an easy out) #cleancodes = 0 ## Regular expression for virus names #virusregexp = : ([ -/a-zA-Z0-9\.]+) FOUND #submatch = 1 ## Default scan result when the above don't match #defaultresult = infected e2guardian-5.3.4/configs/contentscanners/icapscan.conf.in000077500000000000000000000002171361351710700234470ustar00rootroot00000000000000plugname = 'icapscan' # ICAP URL # Use hostname rather than IP address # Always specify the port # icapurl = 'icap://icapserver:1344/avscan' e2guardian-5.3.4/configs/contentscanners/kavdscan.conf.in000077500000000000000000000011011361351710700234510ustar00rootroot00000000000000plugname = 'kavdscan' # edit this to match the location of your KAVD UNIX domain socket #kavdudsfile = '/var/run/aveserver' # If this string is set, the text it contains shall be removed from the # beginning of filenames when passing them to KAVD. # Use it to - for example - support a KAVD running inside a chroot jail: # if DG's filecachedir is set to "/var/kavdchroot/downloads/" and pathprefix # is set to "/var/kavdchroot", then file names given to KAVD will be of the # form "/downloads/tf*" instead of "/var/kavdchroot/downloads/tf*". #pathprefix = '/var/kavdchroot' e2guardian-5.3.4/configs/downloadmanagers/000077500000000000000000000000001361351710700205255ustar00rootroot00000000000000e2guardian-5.3.4/configs/downloadmanagers/Makefile.am000077500000000000000000000007251361351710700225700ustar00rootroot00000000000000DISTCLEANFILES = Makefile.in \ default.conf DGDATADIR = $(DGCONFDIR)/downloadmanagers SUBDIRS = . FLISTS = default.conf EXTRA_DIST = default.conf.in install-data-local: $(mkinstalldirs) $(DESTDIR)$(DGDATADIR) && \ for l in $(FLISTS) ; do \ echo "$(INSTALL_DATA) $$l $(DESTDIR)$(DGDATADIR)/$$l"; \ $(INSTALL_DATA) $$l $(DESTDIR)$(DGDATADIR)/$$l; \ done uninstall-local: for l in $(FLISTS) ; do \ rm -f $(DESTDIR)$(DGDATADIR)/$$l ; \ done e2guardian-5.3.4/configs/downloadmanagers/default.conf.in000077500000000000000000000010331361351710700234250ustar00rootroot00000000000000# The default download manager. # This is the safest option for unknown user-agents and content types, and # hence a good one to include last. # Which plugin should be loaded? plugname = 'default' # Regular expression for matching user agents # When not defined, matches all agents. #useragentregexp = '.*' # Lists of mime types and extensions to manage # When not defined, matches everything. # These can be enabled separately; when both enabled, # a request may match either list. #managedmimetypelist = '' #managedextensionlist = '' e2guardian-5.3.4/configs/e2guardian.conf.in000077500000000000000000000677541361351710700205230ustar00rootroot00000000000000# e2guardian config file for version @PACKAGE_VERSION@ #NOTE This file is only read at start-up # # but the lists defined in this file are re-read on reload or gentle restart # as is any rooms directory files. # Language dir where languages are stored for internationalisation. # The HTML template within this dir is only used when reportinglevel # is set to 3. When used, e2guardian will display the HTML file instead of # using the perl cgi script. This option is faster, cleaner # and easier to customise the access denied page. # The language file is used no matter what setting however. # languagedir = '@DGDATADIR@/languages' # language to use from languagedir. language = 'ukenglish' #Debug Level #Enable debug e2guardian #debug one value: #Eg # debuglevel = 'ICAP' #Enable ICAP debug informations only # #Eg # debuglevel = 'ALL' #Enable ALL debug informations # #Additive mode: #Eg # debuglevel = 'ICAP,NET' #Enable ICAP and NET debug informations # #Soustractive mode: #Eg # debuglevel = 'ALL,-ICAP' #Enable all debug informations but without ICAP debug informations # debuglevel = 'ALL,-ICAP,-NET,-FILTER' #Enable all debug informations but without ICAP, NETWORK and FILTER debug informations #by default disabled, if this option is required just uncomment the line below #works also with e2guardian -N (-N Do not go into the background) #Possible value : ICAP CLAMAV ICAPC (icap client) #debuglevel = 'ALL' #Directory for result of debug level (log) #Works only if debuglevel is enabled # #debuglevelfile = '/var/log/e2guardian/debuge2' # Logging Settings # # 0 = none 1 = just denied 2 = all text based 3 = all requests loglevel = 3 # Log Exception Hits # Log if an exception (user, ip, URL, phrase) is matched and so # the page gets let through. Can be useful for diagnosing # why a site gets through the filter. # 0 = never log exceptions # 1 = log exceptions, but do not explicitly mark them as such # 2 = always log & mark exceptions (default) logexceptionhits = 2 # Log File Format # 1 = Dansguardian format (space delimited) # 2 = CSV-style format # 3 = Squid Log File Format # 4 = Tab delimited # Protex format type 5 Tab delimited, squid style format with extra fields # for filter block/result codes, reasons, filter group, and system name # used in arrays so that combined logs show originating server. # 5 = Protex format # Protex format type 6 Same format as above but system name field is blank # used in stand-alone systems. # 6 = Protex format with server field blanked logfileformat = 6 # Log a specific value from header # low case only # only used with logs: 1,5 and 6 # logheadervalue = 'proxy-authorization:' # truncate large items in log lines # allowable values 10 to 32000 # default 2000 # unlimited not longer allowed - 0 will now set default of 2000 #maxlogitemlength = 2000 # anonymize logs (blank out usernames & IPs) #anonymizelogs = off # Syslog logging # # Use syslog for access logging instead of logging to the file # at the defined or built-in "loglocation" #logsyslog = off #Suffix to append to program name when logging through syslog # Default is the e2Guardian instance number #namesuffix = $z # Log file location # # Defines the log directory and filename. #loglocation = '@DGLOGLOCATION@/access.log' # Defines optional request log path # This is for useful for debug purposes to log all requests before processing or setting filter group # See notes/LogRequests for details #rqloglocation = '@DGLOGLOCATION@/request.log' # Dymamic statistics log file location # # Defines the dstats file directory and filename. # Once every 'dstatinterval' seconds, stats on number of threads in use, # Q sizes and other useful information is written to this file. # Format is similar to sar. See notes/dstats_format for more details. # Default is not to write stats. #dstatlocation = '@DGLOGLOCATION@/dstats.log' # Interval in seconds between stats output # Default 300 (= 5 mins) # Minimum 10 # Maximum 3600 (= 1 hour) #dstatinterval = 300 # = 5 minutes # Time format is epoch GMT+0 by default | statshumanreadable change to local zone #statshumanreadable = off # Container mode # the process will not fork into the background AND log in stdout # In this mode systemd service is disabled ! # Default: #dockermode = off # Network Settings # # the IP that e2guardian listens on. If left blank e2guardian will # listen on all IPs. That would include all NICs, loopback, modem, etc. # Normally you would have your firewall protecting this, but if you want # you can limit it to a certain IP. To bind to multiple interfaces, # specify each IP on an individual filterip line. # If mapportstoips is 'on' you can have the same IP twice so long as # it has a different port. filterip = # loop prevention # # For loop prevention purposes list all IPs e2g can be reached on # Include all e2g host server IPs and any VIP used when when in an array. # Specify each IP on an individual checkip line. # # Defaults: Not set - no loop prevention # checkip = 127.0.0.1 # the ports that e2guardian listens to. Specify one line per filterip # line. If both mapportstoips and mapauthtoports are set to 'on' # you can specify different authentication mechanisms per port but # only if the mechanisms can co-exist (e.g. basic/proxy auth can't) filterports = 8080 #filterports = 8081 # Map ports to IPs # If enabled map filterports to filterip - number of filterports must then be same as # number of filterip # If disabled will listen on all filterports on all filterips. # on (default) | off mapportstoips = off #port for transparent https #if defined enables tranparent https transparenthttpsport = 8443 #port for ICAP #if defined enables icap mode #icapport = 1344 # the ip of upstream proxy - optional - if blank e2g will go direct to sites. # default is "" i.e. no proxy #proxyip = 127.0.0.1 # the port e2guardian connects to proxy on #proxyport = 3128 # Proxy timeout # Set tcp timeout between the Proxy and e2guardian # This is a connection timeout # If proxy is remote you may need to increase this to 10 or more. # Min 5 - Max 100 proxytimeout = 5 # Connect timeout # Set tcp timeout between the e2guardian and upstream service (proxy or target host) # This is a connection timeout # For remote sites you may need to increase this to 10 or more. # Min 1 - Max 100 # default 3 connecttimeout = 5 # Connect retries # Set the number of retries to make on connection failure before giving up # Min 1 - Max 100 # default 1 # Proxy header exchange # Set timeout between the Proxy and e2guardian # Min 20 - Max 300 # If this is higher than proxies timeout user will get proxy Gateway error page # If lower e2guardian Gateway error page proxyexchange = 61 # Pconn timeout # how long a persistent connection will wait for other requests # squid apparently defaults to 1 minute (persistent_request_timeout), # so wait slightly less than this to avoid duff pconns. # Min 5 - Max 300 pcontimeout = 55 # Whether to retrieve the original destination IP in transparent proxy # setups and check it against the domain pulled from the HTTP headers. # # Be aware that when visiting sites which use a certain type of round-robin # DNS for load balancing, DG may mark requests as invalid unless DG gets # exactly the same answers to its DNS requests as clients. The chances of # this happening can be increased if all clients and servers on the same LAN # make use of a local, caching DNS server instead of using upstream DNS # directly. # # See http://www.kb.cert.org/vuls/id/435052 # on (default) | off @ORIGIPSUPPORT@originalip = off # Banned image replacement # Images that are banned due to domain/url/etc reasons including those # in the adverts blacklists can be replaced by an image. This will, # for example, hide images from advert sites and remove broken image # icons from banned domains. # on (default) | off usecustombannedimage = on custombannedimagefile = '@DGDATADIR@/transparent1x1.gif' #Banned flash replacement usecustombannedflash = on custombannedflashfile = '@DGDATADIR@/blockedflash.swf' # Filter groups options # filtergroups sets the number of filter groups. A filter group is a set of content # filtering options you can apply to a group of users. The value must be 1 or more. # e2guardian will automatically look for e2guardianfN.conf where N is the filter # group. To assign users to groups use the filtergroupslist option. All users default # to filter group 1. You must have some sort of authentication to be able to map users # to a group. filtergroups = 1 filtergroupslist = '@DGCONFDIR@/lists/filtergroupslist' # default filtergroup for standard (explicit) mode # optional defaults to 1 #defaultfiltergroup = 1; # default filtergroup for transparent proxy mode # optional defaults to 1 #defaulttransparentfiltergroup = 1; # default filtergroup for ICAP mode # optional defaults to 1 #defaulticapfiltergroup = 1; # If on it a user without group is considered like unauthenfied # E2guardian tries the next plugin # If off the user is connected with group1 # Defaults to off # authrequiresuserandgroup = off # Authentication files location # These are now replaced with pre-authstoryboard logic but lists defined here # # bannediplist is ONLY for banned client IP iplist = 'name=bannedclient,messageno=100,logmessageno=103,path=@DGCONFDIR@/lists/bannediplist' # Put client dns names in bannedclientlist if required #sitelist = 'name=bannedclient,messageno=100,logmessageno=104,path=@DGCONFDIR@/lists/bannedclientlist' # exceptioniplist is ONLY for exception client IP iplist = 'name=exceptionclient,messageno=600,path=@DGCONFDIR@/lists/exceptioniplist' # Put client dns names in exceptionclientlist if required #sitelist = 'name=exceptionclient,messageno=631,path=@DGCONFDIR@/lists/exceptionclientlist' # authexception lists are for exception sites/urls allowed before authentication# to allow for machines to update without user authentication iplist = 'name=authexception,messageno=602,path=@DGCONFDIR@/lists/authexceptioniplist' sitelist = 'name=authexception,messageno=602,path=@DGCONFDIR@/lists/authexceptionsitelist' urllist = 'name=authexception,messageno=603,path=@DGCONFDIR@/lists/authexceptionurllist' #Note: only iplist, sitelist, ipsitelist and urllist can currently be defined for use with pre-authstoryboard. # Per-Room definition directory # A directory containing text files containing the room's name followed by IPs or ranges # and optionaly site and url lists # Think of it as bannediplist and/or exceptions on crack # perroomdirectory = '@DGCONFDIR@/lists/rooms/' # Show weighted phrases found # If enabled then the phrases found that made up the total which excedes # the naughtyness limit will be logged and, if the reporting level is # high enough, reported. on | off showweightedfound = on # Weighted phrase mode # There are 3 possible modes of operation: # 0 = off = do not use the weighted phrase feature. # 1 = on, normal = normal weighted phrase operation. # 2 = on, singular = each weighted phrase found only counts once on a page. # # IMPORTANT: Note that setting this to "0" turns off all features which # extract phrases from page content, including banned & exception # phrases (not just weighted), search term filtering, and scanning for # links to banned URLs. # weightedphrasemode = 2 # Smart, Raw and Meta/Title phrase content filtering options # Smart is where the multiple spaces and HTML are removed before phrase filtering # Raw is where the raw HTML including meta tags are phrase filtered # Meta/Title is where only meta and title tags are phrase filtered (v. quick) # CPU usage can be effectively halved by using setting 0 or 1 compared to 2 # 0 = raw only # 1 = smart only # 2 = both of the above (default) # 3 = meta/title phrasefiltermode = 2 # Lower casing options # When a document is scanned the uppercase letters are converted to lower case # in order to compare them with the phrases. However this can break Big5 and # other 16-bit texts. If needed preserve the case. As of version 2.7.0 accented # characters are supported. # 0 = force lower case (default) # 1 = do not change case # 2 = scan first in lower case, then in original case preservecase = 0 # Note: # If phrasefiltermode and preserve case are both 2, this equates to 4 phrase # filtering passes. If you have a large enough userbase for this to be a # worry, and need to filter pages in exotic character encodings, it may be # better to run two instances on separate servers: one with preservecase 1 # (and possibly forcequicksearch 1) and non ASCII/UTF-8 phrase lists, and one # with preservecase 0 and ASCII/UTF-8 lists. # Hex decoding options # When a document is scanned it can optionally convert %XX to chars. # If you find documents are getting past the phrase filtering due to encoding # then enable. However this can break Big5 and other 16-bit texts. # off = disabled (default) # on = enabled hexdecodecontent = off # Force Quick Search rather than DFA search algorithm # The current DFA implementation is not totally 16-bit character compatible # but is used by default as it handles large phrase lists much faster. # If you wish to use a large number of 16-bit character phrases then # enable this option. # off (default) | on (Big5 compatible) forcequicksearch = off # Reverse lookups for banned site and URLs. # If set to on, e2guardian will look up the forward DNS for an IP URL # address and search for both in the banned site and URL lists. This would # prevent a user from simply entering the IP for a banned address. # It will reduce searching speed somewhat so unless you have a local caching # DNS server, leave it off and use the Blanket IP Block option in the # f1.story file instead. reverseaddresslookups = off # Reverse lookups for banned and exception IP lists. # If set to on, e2guardian will look up the forward DNS for the IP # of the connecting computer. # If a client computer is matched against an IP given in the lists, then the # IP will be recorded in any log entries; if forward DNS is successful and a # match occurs against a hostname, the hostname will be logged instead. # It will reduce searching speed somewhat so unless you have a local DNS server, # leave it off. reverseclientiplookups = off # Perform reverse lookups on client IPs for successful requests. # If set to on, e2guardian will look up the forward DNS for the IP # of the connecting computer, and log host names (where available) rather than # IPs against requests. # This is not dependent on reverseclientiplookups being enabled; however, if it # is, enabling this option does not incur any additional forward DNS requests. logclienthostnames = off # Max content filter size # Sometimes web servers label binary files as text which can be very # large which causes a huge drain on memory and cpu resources. # To counter this, you can limit the size of the document to be # filtered and get it to just pass it straight through. # This setting also applies to content regular expression modification. # The value must not be higher than maxcontentramcachescansize # Do not set this too low as this will result in pages that contain a # long preamble not being content filtered # The size is in Kibibytes - eg 2048 = 2Mb # use 0 to set it to maxcontentramcachescansize maxcontentfiltersize = 2048 # Max content ram cache scan size # This is only used if you use a content scanner plugin such as AV # This is the max size of file that e2g will download and cache # in RAM. After this limit is reached it will cache to disk # This value must be less than or equal to maxcontentfilecachescansize. # The size is in Kibibytes - eg 10240 = 10Mb # use 0 to set it to maxcontentfilecachescansize # This option may be ignored by the configured download manager. maxcontentramcachescansize = 2000 # Max content file cache scan size # This is only used if you use a content scanner plugin such as AV # This is the max size file that DG will download # so that it can be scanned or virus checked. # This value must be greater or equal to maxcontentramcachescansize. # The size is in Kibibytes - eg 10240 = 10Mb maxcontentfilecachescansize = 20000 # File cache dir # Where DG will download files to be scanned if too large for the # RAM cache. filecachedir = '/tmp' # Delete file cache after user completes download # When a file gets save to temp it stays there until it is deleted. # You can choose to have the file deleted when the user makes a sucessful # download. This will mean if they click on the link to download from # the temp store a second time it will give a 404 error. # You should configure something to delete old files in temp to stop it filling up. # on|off (defaults to on) deletedownloadedtempfiles = on # Initial Trickle delay # This is the number of seconds a browser connection is left waiting # before first being sent *something* to keep it alive. The # *something* depends on the download manager chosen. # Do not choose a value too low or normal web pages will be affected. # A value between 20 and 110 would be sensible # This may be ignored by the configured download manager. initialtrickledelay = 20 # Trickle delay # This is the number of seconds a browser connection is left waiting # before being sent more *something* to keep it alive. The # *something* depends on the download manager chosen. # This may be ignored by the configured download manager. trickledelay = 10 # Download Managers # These handle downloads of files to be filtered and scanned. # They differ in the method they deal with large downloads. # Files usually need to be downloaded 100% before they can be # filtered and scanned before being sent on to the browser. # Normally the browser can just wait, but with content scanning, # for example to AV, the browser may timeout or the user may get # confused so the download manager has to do some sort of # 'keep alive'. # # There are various methods possible but not all are included. # The author does not have the time to write them all so I have # included a plugin systam. Also, not all methods work with all # browsers and clients. Specifically some fancy methods don't # work with software that downloads updates. To solve this, # each plugin can support a regular expression for matching # the client's user-agent string, and lists of the mime types # and extensions it should manage. # # Note that these are the matching methods provided by the base plugin # code, and individual plugins may override or add to them. # See the individual plugin conf files for supported options. # # The plugins are matched in the order you specify and the last # one is forced to match as the default, regardless of user agent # and other matching mechanisms. # # NOTE - ONLY default downloadmanager is supported in v5 downloadmanager = '@DGCONFDIR@/downloadmanagers/default.conf' # Content Scanners (Also known as AV scanners) # These are plugins that scan the content of all files your browser fetches # for example to AV scan. You can have more than one content # scanner. The plugins are run in the order you specify. # This is one of the few places you can have multiple options of the same name. # # Some of the scanner(s) require 3rd party software and libraries eg clamav. # See the individual plugin conf file for more options (if any). # #@CLAMDSUPPORT@contentscanner = '@DGCONFDIR@/contentscanners/clamdscan.conf' #@AVASTDSUPPORT@contentscanner = '@DGCONFDIR@/contentscanners/avastdscan.conf' #@KAVDSUPPORT@contentscanner = '@DGCONFDIR@/contentscanners/kavdscan.conf' #@ICAPSUPPORT@contentscanner = '@DGCONFDIR@/contentscanners/icapscan.conf' #@COMMANDLINESUPPORT@contentscanner = '@DGCONFDIR@/contentscanners/commandlinescan.conf' # Content scanner timeout # Some of the content scanners support using a timeout value to stop # processing (eg AV scanning) the file if it takes too long. # If supported this will be used. # The default of 60 seconds is probably reasonable. contentscannertimeout = 60 # Content scan exceptions // THIS MOVED to e2guardianf1.conf # contentscanexceptions = off # Auth plugins # # Handle the extraction of client usernames from various sources, such as # Proxy-Authorisation headers and ident servers, enabling requests to be # handled according to the settings of the user's filter group. # # If you do not use multiple filter groups, you need not specify this option. # #authplugin = '@DGCONFDIR@/authplugins/proxy-basic.conf' #authplugin = '@DGCONFDIR@/authplugins/proxy-digest.conf' #@NTLMSUPPORT@authplugin = '@DGCONFDIR@/authplugins/proxy-ntlm.conf' #authplugin = '@DGCONFDIR@/authplugins/ident.conf' #authplugin = '@DGCONFDIR@/authplugins/ip.conf' #authplugin = '@DGCONFDIR@/authplugins/proxy-header.conf' #authplugin = '@DGCONFDIR@/authplugins/port.conf' # Map auth to ports # If enabled map auth plugins to ips/ports - number of authplugins must then be same as # number of ports # If disabled scan authplugins on all ports - number of authplugins can then be different # to number of ports # on (default) | off #mapauthtoports = off # Re-check replaced URLs # As a matter of course, URLs undergo regular expression search/replace (urlregexplist) # *after* checking the exception site/URL/regexpURL lists, but *before* checking against # the banned site/URL lists, allowing certain requests that would be matched against the # latter in their original state to effectively be converted into grey requests. # With this option enabled, the exception site/URL/regexpURL lists are also re-checked # after replacement, making it possible for URL replacement to trigger exceptions based # on them. # Defaults to off. recheckreplacedurls = off # Misc settings # if on it adds an X-Forwarded-For: to the HTTP request # header. This may help solve some problem sites that need to know the # source ip. on | off forwardedfor = off # if on it uses the X-Forwarded-For: to determine the client # IP. This is for when you have squid between the clients and e2guardian. # Warning - headers are easily spoofed. on | off usexforwardedfor = off # as mentioned above, the headers can be easily spoofed in order to fake the # request origin by setting the X-Forwarded-For header. If you have the # "usexforwardedfor" option enabled, you may want to specify the IPs from which # this kind of header is allowed, such as another upstream proxy server for # instance If you want authorize multiple IPs, specify each one on an individual # xforwardedforfilterip line. # xforwardedforfilterip = # if on it logs some debug info regarding accept()ing and failed connections # which # can usually be ignored. These are logged by syslog. It is safe to leave # it on or off logconnectionhandlingerrors = on #sets the number of worker threads to use # # This figure is the maximum number of concurrent connections. # If more connections are made, connections will queue until a worker thread is free. # On large site you might want to try 5000 (max value 20000) # 500 is the default suitable for home or samll office use on 64-bit systems # On 32-bit systems reduce this to 300 to avoid exceeding the <4GB # virtual memory limit and on Linux decrease the thread stack size from # 10MB to 2MB (ulimit -s 2048) httpworkers = 500 # Process options # (Change these only if you really know what you are doing). # These options allow you to run multiple instances of e2guardian on a single machine. # Remember to edit the log file path above also if that is your intention. # PID filename # # Defines process id directory and filename. #pidfilename = '@DGPIDDIR@/e2guardian.pid' # Disable daemoning # If enabled the process will not fork into the background. # It is not usually advantageous to do this. # on|off (defaults to off) nodaemon = off # Disable logging process # on|off (defaults to off) nologger = off # Enable logging of "ADs" category blocks # on|off (defaults to off) logadblocks = off # Enable logging of client User-Agent # Some browsers will cause a *lot* of extra information on each line! # on|off (defaults to off) loguseragent = off # Daemon runas user and group # This is the user that e2guardian runs as. Normally the user/group nobody. # Uncomment to use. Defaults to the user set at compile time. # Temp files created during virus scanning are given owner and group read # clamdscan, the two processes must run with either the same group or user ID. #daemonuser = '@DGPROXYUSER@' #daemongroup = '@DGPROXYGROUP@' # Mail program # Path (sendmail-compatible) email program, with options. # Not used if usesmtp is disabled (filtergroup specific). #@EMAILSUPPORT@mailer = '/usr/sbin/sendmail -t' # NOT YET IMPLIMENTED # Enable SSL support # This must be present to enable MITM and/or Cert checking # default is off enablessl = off #SSL certificate checking path #Path to CA certificates used to validate the certificates of https sites. # if left blank openssl default ca certificate bundle will be used #Leave as default unless you want to load non-default cert bundle #sslcertificatepath = '' #SSL man in the middle #CA certificate path #Path to the CA certificate to use as a signing certificate for #generated certificates. # default is blank - required if ssl_mitm is enabled. #cacertificatepath = '/home/e2/e2install/ca.pem' #CA private key path #path to the private key that matches the public key in the CA certificate. # default is blank - required if ssl_mitm is enabled. #caprivatekeypath = '/home/e2/e2install/ca.key' #Cert private key path #The public / private key pair used by all generated certificates # default is blank - required if ssl_mitm is enabled. #certprivatekeypath = '/home/e2/e2install/cert.key' #Generated cert path #The location where generated certificates will be saved for future use. #(must be writable by the dg user) # default is blank - required if ssl_mitm is enabled. #generatedcertpath = '/home/e2/e2install/generatedcerts/' #Warning: if you change the cert start/end time from default on a running # system you will need to clear the generated certificate # store and also may get problems on running client browsers #Generated cert start time (in unix time) - optional # defaults to 1417872951 = 6th Dec 2014 # generatedcertstart = 1417872951 #Generated cert end time (in unix time) - optional # defaults to generatedcertstart + 10 years #genratedcertend = # generatedcertstart = #Use openssl configuration file # switch this on if you want e2g to read in openssl configuration # This is useful if you want to use a hardware acceleration engine. # default is off #useopensslconf = off # #Alternate openssl configuration file # only used if useopensslconf = on # default is to use standard openssl configuration file # only use this if an alternate openssl configuration file is used for e2g # opensslconffile = '/home/e2/openssl.conf' # monitor helper path # If defined this script/binary will be called with start or stop appended as follows:- # Note change in V4!!! - No longer detects cache failure # At start after e2guardian has started listener and worker threads with # ' start' appended # When e2guardian is stopping with ' stop' appended # monitorhelper = '/usr/local/bin/mymonitor' # monitor flag prefix path # If defined path will be used to generate flag files as follows:- # # At start after e2guardian has started listener and worker threads with # 'running' appended # When e2guardian is stopping with 'paused' appended # Note change in V4!!! - No longer detects cache failure # monitorflagprefix = '/home/e2g/run/e2g_flag_' # Much logic has moved to storyboard files preauthstoryboard = '@DGCONFDIR@/preauth.story' # Storyboard tracing # Warning - produces verbose output - do not use in production # Output goes to syslog (or stderr in debug mode) # default off # storyboardtrace = off # Abort if list is missing or unreadable # default is to warn but then ignore missing lists # To abort on missing list set to on # abortiflistmissing = off //NOT YET IMPLIMENTED #Search sitelist for ip sites # In v5 a separate set of lists has been introduced for IP sites # and normally e2g will no longer check site lists for ip's # If you want to keep backward list compatablity then set this to # 'on' - but note this incurs an overhead - putting IP in ipsitelists # and setting this to off gives the fastest implimentation. # default is 'on' searchsitelistforip = on # http header checking setings # # Limit number of http header lines in a request/response # (to guard against attacks) # Minimum 10 max 250 # default 50 # maxheaderlines = 50 e2guardian-5.3.4/configs/e2guardianf1.conf.in000077500000000000000000000555671361351710700207510ustar00rootroot00000000000000# e2guardian filter group config file for version @PACKAGE_VERSION@ # This file is re-read on gentle restart and any changes actioned # Filter group mode IS NOT LONGER SUPPORTED # Unauthenticated users are treated as being in the default filter group. # groupmode = 1 #DISABLED # Filter group name # Used to fill in the -FILTERGROUP- placeholder in the HTML template file, and to # name the group in the access logs # Defaults to empty string #groupname = '' groupname = 'no_name_group' # Much logic has moved to storyboard files storyboard = '@DGCONFDIR@/examplef1.story' # Enable legacy (DG) ssl logic # # The following option is replaced by storyboard logic # ssllegacylogic = off # Content filtering files location bannedphraselist = '@DGCONFDIR@/lists/bannedphraselist' weightedphraselist = '@DGCONFDIR@/lists/weightedphraselist' exceptionphraselist = '@DGCONFDIR@/lists/exceptionphraselist' ## To use new phraselists comment the last three lines and ## uncommnet the next 3 lines #bannedphraselist = '@DGCONFDIR@/lists/newbannedphraselist' #weightedphraselist = '@DGCONFDIR@/lists/newweightedphraselist' #exceptionphraselist = '@DGCONFDIR@/lists/newexceptionphraselist' ### NOTE - New format for all other list definitions in v5.0 ### see notes/V5_list_definition for details #banned lists sitelist = 'name=banned,messageno=500,path=@DGCONFDIR@/lists/bannedsitelist' ipsitelist = 'name=banned,messageno=510,path=@DGCONFDIR@/lists/bannedsiteiplist' urllist = 'name=banned,messageno=501,path=@DGCONFDIR@/lists/bannedurllist' regexpboollist = 'name=banned,messageno=503,path=@DGCONFDIR@/lists/bannedregexpurllist' regexpboollist = 'name=banneduseragent,messageno=522,path=@DGCONFDIR@/lists/bannedregexpuseragentlist' sitelist = 'name=bannedssl,messageno=520,path=@DGCONFDIR@/lists/bannedsslsitelist' ipsitelist = 'name=bannedssl,messageno=520,path=@DGCONFDIR@/lists/bannedsslsiteiplist' #grey (i.e. content check) lists sitelist = 'name=grey,path=@DGCONFDIR@/lists/greysitelist' ipsitelist = 'name=grey,path=@DGCONFDIR@/lists/greysiteiplist' urllist = 'name=grey,path=@DGCONFDIR@/lists/greyurllist' sitelist = 'name=greyssl,path=@DGCONFDIR@/lists/greysslsitelist' ipsitelist = 'name=greyssl,path=@DGCONFDIR@/lists/greysslsiteiplist' #exception lists sitelist = 'name=exception,messageno=602,path=@DGCONFDIR@/lists/exceptionsitelist' ipsitelist = 'name=exception,messageno=602,path=@DGCONFDIR@/lists/exceptionsiteiplist' urllist = 'name=exception,messageno=603,path=@DGCONFDIR@/lists/exceptionurllist' regexpboollist = 'name=exception,messageno=609,path=@DGCONFDIR@/lists/exceptionregexpurllist' regexpboollist = 'name=exceptionuseragent,messageno=610,path=@DGCONFDIR@/lists/exceptionregexpuseragentlist' sitelist = 'name=refererexception,messageno=620,path=@DGCONFDIR@/lists/refererexceptionsitelist' ipsitelist = 'name=refererexception,messageno=620,path=@DGCONFDIR@/lists/refererexceptionsiteiplist' urllist = 'name=refererexception,messageno=620,path=@DGCONFDIR@/lists/refererexceptionurllist' sitelist = 'name=embededreferer,path=@DGCONFDIR@/lists/embededreferersitelist' ipsitelist = 'name=embededreferer,path=@DGCONFDIR@/lists/embededreferersiteiplist' urllist = 'name=embededreferer,path=@DGCONFDIR@/lists/embededrefererurllist' #modification lists regexpreplacelist = 'name=change,path=@DGCONFDIR@/lists/urlregexplist' regexpreplacelist = 'name=sslreplace,path=@DGCONFDIR@/lists/sslsiteregexplist' #redirection lists regexpreplacelist = 'name=redirect,path=@DGCONFDIR@/lists/urlredirectregexplist' contentregexplist = '@DGCONFDIR@/lists/contentregexplist' # local versions of lists #local banned sitelist = 'name=localbanned,messageno=560,path=@DGCONFDIR@/lists/localbannedsitelist' #ipsitelist = 'name=localbanned,messageno=560,path=@DGCONFDIR@/lists/localbannedsiteiplist' #urllist = 'name=localbanned,messageno=561,path=@DGCONFDIR@/lists/localbannedurllist' #sitelist = 'name=localbannedssl,messageno=580,path=@DGCONFDIR@/lists/localbannedsslsitelist' #ipsitelist = 'name=localbannedssl,messageno=580,path=@DGCONFDIR@/lists/localbannedsslsiteiplist' searchlist = 'name=localbanned,messageno=581,path=@DGCONFDIR@/lists/localbannedsearchlist' #local grey lists sitelist = 'name=localgrey,path=@DGCONFDIR@/lists/localgreysitelist' #ipsitelist = 'name=localgrey,path=@DGCONFDIR@/lists/localgreysiteiplist' #urllist = 'name=localgrey,path=@DGCONFDIR@/lists/localgreyurllist' sitelist = 'name=localgreyssl,path=@DGCONFDIR@/lists/localgreysslsitelist' #ipsitelist = 'name=localgreyssl,path=@DGCONFDIR@/lists/localgreysslsiteiplist' #local exception lists sitelist = 'name=localexception,messageno=662,path=@DGCONFDIR@/lists/localexceptionsitelist' #ipsitelist = 'name=localexception,messageno=662,path=@DGCONFDIR@/lists/localexceptionsiteiplist' #urllist = 'name=localexception,messageno=663,path=@DGCONFDIR@/lists/localexceptionurllist' # Filetype filtering # # Allow bannedregexpurllist with grey list mode # # The following option is replaced by storyboard logic # bannedregexwithblanketblock = off # # The following option is replaced by storyboard logic #blockdownloads = off # Phrase filtering additional mime types (by default text/*) # textmimetypes = 'application/xhtml+xml,application/xml,application/json,application/javascript,application/x-javascript' # Uncomment the two lines below if want to only allow extentions/mime types in these lists # You will also need to uncomment the checkfiletype function in site.story to enable this #fileextlist = 'name=exceptionextension,path=@DGCONFDIR@/lists/exceptionextensionlist' #mimelist = 'name=exceptionmime,path=@DGCONFDIR@/lists/exceptionmimelist' # # Use the following lists to block specific kinds of file downloads. # fileextlist = 'name=bannedextension,messageno=900,path=@DGCONFDIR@/lists/bannedextensionlist' mimelist = 'name=bannedmime,messageno=800,path=@DGCONFDIR@/lists/bannedmimetypelist' # # In either file filtering mode, the following list can be used to override # MIME type & extension blocks for particular domains & URLs (trusted download sites). # sitelist = 'name=exceptionfile,path=@DGCONFDIR@/lists/exceptionfilesitelist' ipsitelist = 'name=exceptionfile,path=@DGCONFDIR@/lists/exceptionfilesiteiplist' urllist = 'name=exceptionfile,path=@DGCONFDIR@/lists/exceptionfileurllist' # POST protection (web upload and forms) # does not block forms without any file upload, i.e. this is just for # blocking or limiting uploads # measured in kibibytes after MIME encoding and header bumph # use 0 for a complete block # use higher (e.g. 512 = 512Kbytes) for limiting # use -1 for no blocking # NOTE: POST PROTECTION IS NOT YET IMPLIMENTED IN V5 #maxuploadsize = 512 #maxuploadsize = 0 maxuploadsize = -1 # Categorise without blocking: # Supply categorised lists here and the category string shall be logged against # matching requests, but matching these lists does not perform any filtering # action. #sitelist = 'name=log,path=@DGCONFDIR@/lists/logsitelist' #ipsitelist = 'name=log,path=@DGCONFDIR@/lists/logsiteiplist' #urllist = 'name=log,path=@DGCONFDIR@/lists/logurllist' #regexpboollist = 'name=log,path=@DGCONFDIR@/lists/logregexpurllist' # Outgoing HTTP header rules: # Optional lists for blocking based on, and modification of, outgoing HTTP # request headers. Format for headerregexplist is one modification rule per # line, similar to content/URL modifications. Format for # bannedregexpheaderlist is one regular expression per line, with matching # headers causing a request to be blocked. # Headers are matched/replaced on a line-by-line basis, not as a contiguous # block. # Use for example, to remove cookies or prevent certain user-agents. regexpreplacelist = 'name=headermods,path=@DGCONFDIR@/lists/headerregexplist' regexpboollist = 'name=bannedheader,path=@DGCONFDIR@/lists/bannedregexpheaderlist' regexpboollist = 'name=exceptionheader,path=@DGCONFDIR@/lists/exceptionregexpheaderlist' # used for Youtube add cookies etc regexpreplacelist = 'name=addheader,path=@DGCONFDIR@/lists/addheaderregexplist' #Virus checking exceptions - matched urls will not be virus checked #mimelist = 'name=exceptionvirus,path=@DGCONFDIR@/lists/contentscanners/exceptionvirusmimetypelist' #fileextlist = 'name=exceptionvirus,path=@DGCONFDIR@/lists/contentscanners/exceptionvirusextensionlist' #sitelist = 'name=exceptionvirus,path=@DGCONFDIR@/lists/contentscanners/exceptionvirussitelist' #ipsitelist = 'name=exceptionvirus,path=@DGCONFDIR@/lists/contentscanners/exceptionvirussiteiplist' #urllist = 'name=exceptionvirus,path=@DGCONFDIR@/lists/contentscanners/exceptionvirusurllist' # Weighted phrase mode # Optional; overrides the weightedphrasemode option in e2guardian.conf # for this particular group. See documentation for supported values in # that file. #weightedphrasemode = 0 # Naughtiness limit # This the limit over which the page will be blocked. Each weighted phrase is given # a value either positive or negative and the values added up. Phrases to do with # good subjects will have negative values, and bad subjects will have positive # values. See the weightedphraselist file for examples. # As a guide: # 50 is for young children, 100 for old children, 160 for young adults. naughtynesslimit = 50 # Search term blocking # Search terms can be extracted from search URLs and filtered using one or # both of two different methods. # Method 1 is that developed by Protex where specific # search terms are contained in a bannedsearchlist. # (localbannedsearchlist and bannedsearchoveridelist can be used to suppliment # and overide this list as required.) # These lists contain banned search words combinations on each line. # Words are separated by '+' and must be in sorted order within a line. # so to block 'sexy girl' then the list must contain the line # girl+sexy # and this will block both 'sexy girl' and 'girl sexy' # To use this method, the searchregexplist must be enabled and the bannedsearchlist(s) defined # Method 2 is uses the # bannedphraselist, weightedphraselist and exceptionphraselist, with a separate # threshold for blocking than that used for normal page content. # To do this, the searchregexplist must be enabled and searchtermlimit # must be greater than 0. # # Search engine regular expression list (need for both options) # List of regular expressions for matching search engine URLs. It is assumed # that the search terms themselves will be contained in the # of output of each expression. regexpreplacelist = 'name=searchterms,path=@DGCONFDIR@/lists/searchregexplist' # # Banned Search Term list(s) for option 1 searchlist = 'name=banned,path=@DGCONFDIR@/lists/bannedsearchlist' searchlist = 'name=override,path=@DGCONFDIR@/lists/bannedsearchoveridelist' # Search term limit (for Option 2) # The limit over which requests will be blocked for containing search terms # which match the weightedphraselist. This should usually be lower than the # 'naughtynesslimit' value above, because the amount of text being filtered # is only a few words, rather than a whole page. # This option must be uncommented if searchregexplist is uncommented. # A value of 0 here indicates that search terms should be extracted, # but no phrase filtering should be performed on the resulting text. #searchtermlimit = 0 # # Search term phrase lists (for Option 2) # If the three lines below are uncommented, search term blocking will use # the banned, weighted & exception phrases from these lists, instead of using # the same phrase lists as for page content. This is optional but recommended, # as weights for individual phrases in the "normal" lists may not be # appropriate for blocking when those phrases appear in a much smaller block # of text. # Please note that all or none of the below should be uncommented, not a # mixture. # NOTE: these are phrase lists and still use the old style defines #bannedsearchtermlist = '@DGCONFDIR@/lists/bannedsearchtermlist' #weightedsearchtermlist = '@DGCONFDIR@/lists/weightedsearchtermlist' #exceptionsearchtermlist = '@DGCONFDIR@/lists/exceptionsearchtermlist' # Category display threshold # This option only applies to pages blocked by weighted phrase filtering. # Defines the minimum score that must be accumulated within a particular # category in order for it to show up on the block pages' category list. # All categories under which the page scores positively will be logged; those # that were not displayed to the user appear in brackets. # # -1 = display only the highest scoring category # 0 = display all categories (default) # > 0 = minimum score for a category to be displayed categorydisplaythreshold = 0 # Embedded URL weighting # When set to something greater than zero, this option causes URLs embedded within a # page's HTML (from links, image tags, etc.) to be extracted and checked against the # bannedsitelist and bannedurllist. Each link to a banned page causes the amount set # here to be added to the page's weighting. # The behaviour of this option with regards to multiple occurrences of a site/URL is # affected by the weightedphrasemode setting. # # NB: Currently, this feature uses regular expressions that require the PCRE library. # As such, it is only available if you compiled e2guardian with '--enable-pcre=yes'. # You can check compile-time options by running 'e2guardian -v'. # # Set to 0 to disable. # Defaults to 0. # WARNING: This option is highly CPU intensive! embeddedurlweight = 0 # Temporary Denied Page Bypass # This provides a link on the denied page to bypass the ban for a few minutes. To be # secure it uses a random hashed secret generated at daemon startup. You define the # number of seconds the bypass will function for before the deny will appear again. # To allow the link on the denied page to appear you will need to edit the template.html # or e2guardian.pl file for your language. # 300 = enable for 5 minutes # 0 = disable ( defaults to 0 ) # -1 - depreciated - for backward compatability enables cgibypass with bypassversion 1 bypass = 0 # Byapss version 2 is experimental, provide a secure cgi communication (see notes/cgi_bypass documentation) # # Bypass version # can be 1 or 2 # Always use v2 unless you have old style cgi hash generation in use # Default is 1 # bypassversion = 2 # cgibypass - Use a separate program/CGI to (in v1 generate) or (in v2 validate) link # 'on' or 'off' (default) # cgibypass = 'off' # Temporary Denied Page Bypass Secret Key # Rather than generating a random key you can specify one. It must be more than 8 chars. # '' = generate a random one (recommended and default) # 'Mary had a little lamb.' = an example # '76b42abc1cd0fdcaf6e943dcbc93b826' = an example bypasskey = '' # magic key for cgi bypass v2 - used to sign communications between e2g and cgi # default is blank #cgikey = 'you must change this text in order to be secure' # Users will not be able to bypass sites/urls in these lists sitelist = 'name=bannedbypass,messageno=500,path=@DGCONFDIR@/lists/domainsnobypass' #ipsitelist = 'name=bannedbypass,messageno=500,path=@DGCONFDIR@/lists/ipnobypass' #urllist = 'name=bannedbypass,messageno=501,path=@DGCONFDIR@/lists/urlnobypass' # Infection/Scan Error Bypass # Similar to the 'bypass' setting, but specifically for bypassing files scanned and found # to be infected, or files that trigger scanner errors - for example, archive types with # recognised but unsupported compression schemes, or corrupt archives. # The option specifies the number of seconds for which the bypass link will be valid. # 300 = enable for 5 minutes # 0 = disable (default) # -1 - depreciated - for backward compatability enables cgiinfectionbypass with bypassversion 1 infectionbypass = 0 # cgiinfectionbypass - Use a separate program/CGI to (v1 generate) or (v2 validate) link # 'on' or 'off' (default) # cgiinfectionbypass = 'off' # Infection/Scan Error Bypass Secret Key # Same as the 'bypasskey' option, but used for infection bypass mode. infectionbypasskey = '' # Infection/Scan Error Bypass on Scan Errors Only # Enable this option to allow infectionbypass links only when virus scanning fails, # not when a file is found to contain a virus. # on = enable (default and highly recommended) # off = disable infectionbypasserrorsonly = on # Disable content scanning # If you enable this option you will disable content scanning for this group. # Content scanning primarily is AV scanning (if enabled) but could include # other types. # (on|off) default = off. disablecontentscan = off # Disable content scanning with error (timeout, AV crash, etc) # If you enable this option you will allow object with an unexpected result # Content scanning primarily is AV scanning (if enabled) but could include # other types. # With "on" you can allow INFECTED objects # (on|off) default = off. (default and highly recommended) disablecontentscanerror = off # If 'on' exception sites, urls, users etc will be scanned # This is probably not desirable behavour as exceptions are # supposed to be trusted and will increase load. # Correct use of grey lists are a better idea. # (on|off) default = off contentscanexceptions = off # Auth plugins # Enable Deep URL Analysis # When enabled, DG looks for URLs within URLs, checking against the bannedsitelist and # bannedurllist. This can be used, for example, to block images originating from banned # sites from appearing in Google Images search results, as the original URLs are # embedded in the thumbnail GET requests. # (on|off) default = off deepurlanalysis = off # reportinglevel # # -1 = log, but do not block - Stealth mode # 0 = just say 'Access Denied' # 1 = report why but not what denied phrase # 2 = report fully # 3 = use HTML template file (accessdeniedaddress ignored) - recommended # # If defined, this overrides the global setting in e2guardian.conf for # members of this filter group. # reportinglevel = 3 # accessdeniedaddress is the address of your web server to which the cgi # e2guardian reporting script was copied. Only used in reporting levels # 1 and 2. # # This webserver must be either: # 1. Non-proxied. Either a machine on the local network, or listed as an # exception in your browser's proxy configuration. # 2. Added to the exceptionsitelist. Option 1 is preferable; this option is # only for users using both transparent proxying and a non-local server # to host this script. # #accessdeniedaddress = 'http://YOURSERVER.YOURDOMAIN/cgi-bin/e2guardian.pl' # HTML Template override # If defined, this specifies a custom HTML template file for members of this # filter group, overriding the global setting in e2guardian.conf. This is # only used in reporting level 3. # # The default template file path is //template.html # e.g. @DGDATADIR@/languages/ukenglish/template.html when using 'ukenglish' # language. # # This option generates a file path of the form: # // # e.g. @DGDATADIR@/languages/ukenglish/custom.html # #htmltemplate = 'custom.html' #Template for use to report network issues and sites which are not responding # The default template file path is //neterr_template.html # e.g. @DGDATADIR@/languages/ukenglish/neterr_template.html when using 'ukenglish' # language. #neterrtemplate = 'custom_neterr_template.html' # Non standard delimiter (only used with accessdeniedaddress) # To help preserve the full banned URL, including parameters, the variables # passed into the access denied CGI are separated using non-standard # delimiters. This can be useful to ensure correct operation of the filter # bypass modes. Parameters are split using "::" in place of "&", and "==" in # place of "=". # Default is enabled, but to go back to the standard mode, disable it. #nonstandarddelimiter = off # Email reporting - original patch by J. Gauthier # Use SMTP # If on, will enable system wide events to be reported by email. # need to configure mail program (see 'mailer' in global config) # and email recipients # default usesmtp = off @EMAILSUPPORT@usesmtp = off #NOT YET TESTED # mailfrom # who the email would come from # example: mailfrom = 'e2guardian@mycompany.com' @EMAILSUPPORT@mailfrom = '' # avadmin # who the virus emails go to (if notify av is on) # example: avadmin = 'admin@mycompany.com' @EMAILSUPPORT@avadmin = '' # contentdmin # who the content emails go to (when thresholds are exceeded) # and contentnotify is on # example: contentadmin = 'admin@mycompany.com' @EMAILSUPPORT@contentadmin = '' # avsubject # Subject of the email sent when a virus is caught. # only applicable if notifyav is on # default avsubject = 'e2guardian virus block' @EMAILSUPPORT@avsubject = 'e2guardian virus block' # content # Subject of the email sent when violation thresholds are exceeded # default contentsubject = 'e2guardian violation' @EMAILSUPPORT@contentsubject = 'e2guardian violation' # notifyAV # This will send a notification, if usesmtp/notifyav is on, any time an # infection is found. # Important: If this option is off, viruses will still be recorded like a # content infraction. @EMAILSUPPORT@notifyav = off # notifycontent # This will send a notification, if usesmtp is on, based on thresholds # below @EMAILSUPPORT@notifycontent = off # thresholdbyuser # results are only predictable with user authenticated configs # if enabled the violation/threshold count is kept track of by the user @EMAILSUPPORT@thresholdbyuser = off #violations # number of violations before notification # setting to 0 will never trigger a notification @EMAILSUPPORT@violations = 0 #threshold # this is in seconds. If 'violations' occur in 'threshold' seconds, then # a notification is made. # if this is set to 0, then whenever the set number of violations are made a # notifaction will be sent. @EMAILSUPPORT@threshold = 0 #NOTE to enable SSL MITM or NON-MITM SSL CERT checking # enablessl must be defined as 'yes' in e2guardian.conf #SSL certificate checking # Check that ssl certificates for servers on https connections are valid # and signed by a ca in the configured path # ONLY for connections that are NOT MITM #sslcertcheck = off - NOT implimented in V5 yet #SSL man in the middle # Forge ssl certificates for all non-exception sites, decrypt the data then re encrypt it # using a different private key. Used to filter ssl sites sslmitm = off #Limit SSL MITM to sites in greysslsitelist(s) # ignored if sslmitm is off # SSL sites not matching greysslsitelist will be treat as if sslmitm is off. # The following option is replaced by storyboard logic #onlymitmsslgrey = off - ignored in V5 # Enable MITM site certificate checking # ignored if sslmitm is off # default (recommended) is 'on' mitmcheckcert = on #Do not check ssl certificates for sites listed # Can be used to allow sites with self-signed or invalid certificates # or to reduced CPU load by not checking certs on heavily used sites (e.g. Google, Bing) # Use with caution! # Ignored if mitmcheckcert is 'off' #nocheckcertsitelist = '@DGCONFDIR@/lists/nocheckcertsitelist' sitelist = 'name=nocheckcert,path=@DGCONFDIR@/lists/nocheckcertsitelist' ipsitelist = 'name=nocheckcert,path=@DGCONFDIR@/lists/nocheckcertsiteiplist' # # Auto switch to MITM with upstream connection error or to deliver block page # ignored if sslmitm is off # To revert to v4 type behavour switch this off # Default is 'on' # automitm = on e2guardian-5.3.4/configs/examplef1.story.in000066400000000000000000000031021361351710700205650ustar00rootroot00000000000000.Include<@DGCONFDIR@/common.story> .Include<@DGCONFDIR@/site.story> # Add any altered functions for this filtergroup here # They will overwrite library or site level definitions # To allow unfiltered access to this group # uncomment next 4 lines #function(checkrequest) #if(true) return setexception #function(thttps-checkrequest) #if(true) return setexception # To block all access to this group # uncomment next 4 lines #function(checkrequest) #if(true,,105) return setblock #function(sslexceptioncheck) #function(localsslcheckrequest) # Note: Blanket blocks are checked after exceptions # and can be used to make a 'walled garden' filtergroup # To create blanket block for http # uncomment next line and one condition line. #function(checkblanketblock) #if(true,,502) return setblock # = ** total blanket #if(siteisip,,505) return setblock # = *ip ip blanket # To create blanket block for SSL # uncomment next line and one condition line. #function(sslcheckblanketblock) #if(true,,506) return setblock # = **s total blanket #if(siteisip,,507) return setblock # = **ips ip blanket # To limit MITM to sslgreylist # replaces onlymitmsslgrey e2guardianf1.conf option # uncomment the next 2 lines #function(sslcheckmitm) #if(true) return sslcheckmitmgreyonly # SNI checking - overrides default action when no SNI or TSL is present on a # THTTPS connection # To allow (tunnell) non-tls and/or non-sni connections uncomment the next 3 lines #function(checksni) #ifnot(tls,,511) return setexception # change to setblock to block only non-tls #ifnot(hassniset,,512) return setexception e2guardian-5.3.4/configs/exceptionregexhearderlist000066400000000000000000000005021361351710700224000ustar00rootroot00000000000000#Allowed outgoing HTTP headers based on regular expressions # # E.g. 'User-Agent: .*MSIE' would allow several versions of Internet Explorer # (assuming the user-agent is not being spoofed by the client) # # Headers are matched line-by-line, not as a single block. #listcategory: "Allowed Regular Expression HTTP Headers" e2guardian-5.3.4/configs/lists/000077500000000000000000000000001361351710700163365ustar00rootroot00000000000000e2guardian-5.3.4/configs/lists/Makefile.am000077500000000000000000000052511361351710700204000ustar00rootroot00000000000000DISTCLEANFILES = Makefile.in \ bannedphraselist bannedsitelist bannedurllist \ exceptionphraselist nocheckcertsitelist weightedphraselist \ newbannedphraselist \ newexceptionphraselist newweightedphraselist DGDATADIR = $(DGCONFDIR)/lists SUBDIRS = newphraselists phraselists . authplugins bannedrooms if NEED_CSLISTS SUBDIRS += contentscanners endif if NEED_DMLISTS SUBDIRS += downloadmanagers endif WLISTS = addheaderregexplist \ bannedsearchoveridelist \ authexceptionsiteiplist \ authexceptioniplist \ authexceptionsitelist \ authexceptionurllist \ bannedextensionlist \ bannediplist \ bannedclientlist \ bannedmimetypelist \ bannedphraselist \ newbannedphraselist \ bannedregexpheaderlist \ bannedregexpurllist \ bannedregexpuseragentlist \ bannedsearchlist \ bannedsiteiplist \ exceptionvirussiteiplist \ bannedsitelist \ bannedsslsiteiplist \ bannedsslsitelist \ bannedurllist \ contentregexplist \ embededreferersiteiplist \ embededreferersitelist \ embededrefererurllist \ exceptionextensionlist \ exceptionvirusextensionlist \ exceptionfilesiteiplist \ exceptionfilesitelist \ exceptionfileurllist \ exceptioniplist \ exceptionclientlist \ exceptionmimetypelist \ exceptionphraselist \ newexceptionphraselist \ exceptionregexpurllist \ exceptionregexpuseragentlist \ exceptionsiteiplist \ exceptionsitelist \ exceptionregexpheaderlist \ exceptionurllist \ filtergroupslist \ greysiteiplist \ greysitelist \ greysslsiteiplist \ greysslsitelist \ greyurllist \ headerregexplist \ localbannedsearchlist \ localbannedsiteiplist \ localbannedsitelist \ localbannedsslsiteiplist \ localbannedsslsitelist \ localbannedurllist \ localexceptionsiteiplist \ localexceptionsitelist \ localexceptionurllist \ localgreysiteiplist \ localgreysitelist \ localgreysslsiteiplist \ localgreysslsitelist \ localgreyurllist \ logregexpurllist \ logsiteiplist \ logsitelist \ logurllist \ nocheckcertsiteiplist \ nocheckcertsitelist \ refererexceptionsiteiplist \ refererexceptionsitelist \ refererexceptionurllist \ searchregexplist \ sslsiteregexplist \ urlredirectregexplist \ urlregexplist \ ipnobypass \ domainsnobypass \ urlnobypass \ weightedphraselist \ newweightedphraselist EXTRA_DIST = bannedphraselist.in \ newbannedphraselist.in \ bannedsitelist.in \ bannedurllist.in \ exceptionphraselist.in \ newexceptionphraselist.in \ domainsnobypass.in \ urlnobypass.in \ weightedphraselist.in \ newweightedphraselist.in install-data-local: $(mkinstalldirs) $(DESTDIR)$(DGDATADIR) && \ for l in $(WLISTS) ; do \ echo "$(INSTALL_DATA) $$l $(DESTDIR)$(DGDATADIR)/$$l"; \ $(INSTALL_DATA) $$l $(DESTDIR)$(DGDATADIR)/$$l; \ done uninstall-local: for l in $(WLISTS) ; do \ rm -f $(DESTDIR)$(DGDATADIR)/$$l ; \ done e2guardian-5.3.4/configs/lists/addheaderregexplist000066400000000000000000000013361361351710700222740ustar00rootroot00000000000000#Add header where url matches # ## to enable restricted YouTube #"(^http://www\.youtube\.com/.*$)"->"YouTube-Restrict: Strict" #"(^http://m\.youtube\.com/.*$)"->"YouTube-Restrict: Strict" #"(^http://youtubei\.googleapis\.com/.*$)"->"YouTube-Restrict: Strict" #"(^http://youtube\.googleapis\.com/.*$)"->"YouTube-Restrict: Strict" #"(^http://www\.youtube-nocookie\.com/.*$)"->"YouTube-Restrict: Strict" #"(^http://www\.youtube\.com$)"->"YouTube-Restrict: Strict" #"(^http://m\.youtube\.com$)"->"YouTube-Restrict: Strict" #"(^http://youtubei\.googleapis\.com$)"->"YouTube-Restrict: Strict" #"(^http://youtube\.googleapis\.com$)"->"YouTube-Restrict: Strict" #"(^http://www\.youtube-nocookie\.com$)"->"YouTube-Restrict: Strict" e2guardian-5.3.4/configs/lists/authexceptioniplist000066400000000000000000000002461361351710700223700ustar00rootroot00000000000000#Access allowed prior to authentication # IP site addresses # # Single IPs, ranges and subnets can be used, # e.g. # 192.168.0.1 # 10.0.0.1-10.0.0.3 # 10.0.0.0/24 # e2guardian-5.3.4/configs/lists/authexceptionsiteiplist000066400000000000000000000002461361351710700232550ustar00rootroot00000000000000#Access allowed prior to authentication # IP site addresses # # Single IPs, ranges and subnets can be used, # e.g. # 192.168.0.1 # 10.0.0.1-10.0.0.3 # 10.0.0.0/24 # e2guardian-5.3.4/configs/lists/authexceptionsitelist000066400000000000000000000000501361351710700227150ustar00rootroot00000000000000#Access allowed prior to authentication e2guardian-5.3.4/configs/lists/authexceptionurllist000066400000000000000000000000501361351710700225530ustar00rootroot00000000000000#Access allowed prior to authentication e2guardian-5.3.4/configs/lists/authplugins/000077500000000000000000000000001361351710700207015ustar00rootroot00000000000000e2guardian-5.3.4/configs/lists/authplugins/Makefile.am000077500000000000000000000006731361351710700227460ustar00rootroot00000000000000DISTCLEANFILES = Makefile.in DGDATADIR = $(DGCONFDIR)/lists/authplugins SUBDIRS = . WLISTS = ipgroups portgroups EXTRA_DIST = $(WLISTS) install-data-local: $(mkinstalldirs) $(DESTDIR)$(DGDATADIR) && \ for l in $(WLISTS) ; do \ echo "$(INSTALL_DATA) $$l $(DESTDIR)$(DGDATADIR)/$$l"; \ $(INSTALL_DATA) $$l $(DESTDIR)$(DGDATADIR)/$$l; \ done uninstall-local: for l in $(WLISTS) ; do \ rm -f $(DESTDIR)$(DGDATADIR)/$$l ; \ done e2guardian-5.3.4/configs/lists/authplugins/ipgroups000077500000000000000000000004111361351710700224730ustar00rootroot00000000000000# IP-Group list # Used by the IP-based auth plugin to assign IP addresses to filter groups. # # Examples: # Straight IP matching: #192.168.0.1 = filter1 # Subnet matching: #192.168.1.0/255.255.255.0 = filter1 # Range matching: #192.168.1.0-192.168.1.255 = filter1 e2guardian-5.3.4/configs/lists/authplugins/portgroups000077500000000000000000000002761361351710700230600ustar00rootroot00000000000000# Port-Group list # Used by the Port-based auth plugin to assign Ports to filter groups. # # Note that ports MUST be entered in ascending order # # Examples: #8080 = filter1 #8081 = filter2 e2guardian-5.3.4/configs/lists/bannedclientlist000077500000000000000000000002051361351710700216030ustar00rootroot00000000000000# Domain names of client machines to # disallow web access to. # # This is not the the domains of web servers # you want to filter. e2guardian-5.3.4/configs/lists/bannedextensionlist000077500000000000000000000115251361351710700223500ustar00rootroot00000000000000#Banned extension list # File extensions with executable code # The following file extensions can contain executable code. # This means they can potentially carry a virus to infect your computer. .ade # Microsoft Access project extension .adp # Microsoft Access project .asx # Windows Media Audio / Video .bas # Microsoft Visual Basic class module .bat # Batch file .cab # Windows setup file .chm # Compiled HTML Help file .cmd # Microsoft Windows NT Command script .com # Microsoft MS-DOS program .cpl # Control Panel extension .crt # Security certificate .dll # Windows system file .exe # Program .hlp # Help file .ini # Windows system file .hta # HTML program .inf # Setup Information .ins # Internet Naming Service .isp # Internet Communication settings # .js # JScript file - often needed in web pages # .jse # Jscript Encoded Script file - often needed in web pages .lnk # Windows Shortcut .mda # Microsoft Access add-in program .mdb # Microsoft Access program .mde # Microsoft Access MDE database .mdt # Microsoft Access workgroup information .mdw # Microsoft Access workgroup information .mdz # Microsoft Access wizard program .msc # Microsoft Common Console document .msi # Microsoft Windows Installer package .msp # Microsoft Windows Installer patch .mst # Microsoft Visual Test source files .pcd # Photo CD image, Microsoft Visual compiled script .pif # Shortcut to MS-DOS program .prf # Microsoft Outlook profile settings .reg # Windows registry entries .scf # Windows Explorer command .scr # Screen saver .sct # Windows Script Component .sh # Shell script .shs # Shell Scrap object .shb # Shell Scrap object .sys # Windows system file .url # Internet shortcut .vb # VBScript file .vbe # VBScript Encoded script file .vbs # VBScript file .vxd # Windows system file .wsc # Windows Script Component .wsf # Windows Script file .wsh # Windows Script Host Settings file .otf # Font file - can be used to instant reboot 2k and xp .ops # Office XP settings # Files which one normally things as non-executable but # can contain harmful macros and viruses .doc # Word document .xls # Excel document .pps # Other files which may contain files with executable code .gz # Gziped file .tar # Tape ARchive file .zip # Windows compressed file .tgz # Unix compressed file .bz2 # Unix compressed file .cdr # Mac disk image .dmg # Mac disk image .smi # Mac self mounting disk image .sit # Mac compressed file .sea # Mac compressed file, self extracting .bin # Mac binary compressed file .hqx # Mac binhex encoded file .rar # Similar to zip # Time/bandwidth wasting files .mp3 # Music file .mpeg # Movie file .mpg # Movie file .avi # Movie file .asf # this can also exploit a security hole allowing virus infection .iso # CD ISO image .ogg # Music file .wmf # Movie file .bin # CD ISO image .cue # CD ISO image # Banned Media extension list (Audio , Video , Streaming) # Arrange Alphabetically # Some have no Description #.3g2 # #.3gp # Nokia Movie File #.3gp2 #.3gpp #.3gpp2 #.aac # AAC Audio #.acp # AAC for SD Media #.adts #.aif #.aifc #.aiff # AIFF Audio #.amc # AMC Media #.amr # narrow-Band Content #.asf # Media / this can also exploit a security hole allowing virus infection #.asx # Windows Media Audio / Video #.au # uLaw/AU Audio #.avi # Movie file #.awb # AMR Wide-Band Content #.bwf #.caf # CAF Audio #.cda # Audio CD File #.cdda # Audio CD File #.cel #.cue # CD ISO image #.dif #.divx # Compress Movie #.dv # Video Format used in Portable Camera #.flc # Autodesk Animator #.fli #.flv # Internet Movies #.gsm #.ivf #.kar # Karaoke Media Files #.m15 #.m1a #.m1s #.m1v #.m2v #.m3u # MP3 Playlist #.m4a # AAC Audio #.m4b #.m4e #.m4p # AAC Audio (Protected) #.m4v # Video (Protected) #.m75 #.mid # Midi Audio Files #.midi # Midi Audio Files #.mjpg #.mov # Movie Files #.mp1 #.mp2 #.mp3 # Music file #.mp4 # Mpeg-4 Media #.mpa #.mpe #.mpeg # Movie file #.mpg # Movie file #.mpga #.mpm #.mps #.mpv #.mpv2 #.mqv # Quicktime Movies #.mv #.ogg # Music file #.ogm # Ogg Based Movie Files #.pls # Shoutcast type of radio #.qcp # Qualcomm Purevoice Audio #.qt # Quicktime File #.qtc #.qtl # Quicktime Movies #.ra # Real Audio #.ram # Real Audio Media #.rm # Real Media Files #.rmi #.rmm #.rmp #.rmvb # Real Media Video #.rnx #.rp # Real Player Files #.rt #.rts #.rtsp #.rv #.sd2 # Sound Designer II #.sdp # Stream Descriptor #.sdv # SD Video #.sf #.smf #.smi # #.smil # SMIL Multimedia Presentation (Video and Audio Presentation #.snd #.ssm # Streaming Media Metafile #.swa # MP3 Audio #.swf # Shockwave Streaming files #.ulw #.vfw # Video for Windows #.wav #.wax #.wm #.wma #.wmf # Movie file #.wmp #.wmv # Windows Media Video #.wmx #.wvx #.xpl e2guardian-5.3.4/configs/lists/bannediplist000077500000000000000000000003431361351710700207400ustar00rootroot00000000000000# IP addresses of client machines to # disallow web access to. # # This is not the IP of web servers # you want to filter. # Single IPs, ranges and subnets can be used, # e.g. # 192.168.0.1 # 10.0.0.1-10.0.0.3 # 10.0.0.0/24 # e2guardian-5.3.4/configs/lists/bannedmimetypelist000077500000000000000000000004341361351710700221620ustar00rootroot00000000000000# banned MIME types audio/mpeg audio/x-mpeg audio/x-pn-realaudio audio/x-wav video/mpeg video/x-mpeg2 video/acorn-replay video/quicktime video/x-msvideo video/msvideo application/gzip application/x-gzip application/zip application/compress application/x-compress application/java-vm e2guardian-5.3.4/configs/lists/bannedphraselist.in000077500000000000000000000035641361351710700222270ustar00rootroot00000000000000# BANNEDPHRASELIST - INSTRUCTIONS FOR USE # # To block any page with the word "sex". # < sex > # # To block any page with words that contain the string "sex". (ie. sexual) # # # To block any page with the string "sex magazine". # # # To block any page containing the words/strings "sex" and "fetish". # , # # < test> will match any word with the string 'test' at the beginning # will match any word with the string 'test' at the end # will match any word with the string 'test' at any point in the word # < test > will match only the word 'test' # will match that exact phrase # , will match if both words are found in the page # A combination of the above can also be used eg < test>, # # # Extra phrase-list files to include # .Include # # # All phrases need to be within < and > to work, othewise they will be # ignored. # MORE EXAMPLE LISTS CAN BE DOWNLOADED FROM DANSGUARDIAN.ORG # Phrase Exceptions are no longer listed in this file, they are now # listed in the exceptionphraselist file. # #listcategory: "Banned Phrases" # The following banned phraselists enable Website Content Labeling systems. These are enabled by default, but may also be activated using phraselists. .Include<@DGCONFDIR@/lists/phraselists/safelabel/banned> #.Include<@DGCONFDIR@/lists/phraselists/rta/banned_portuguese> # The following banned phraselists are included in the default DG distribution. .Include<@DGCONFDIR@/lists/phraselists/pornography/banned> ##.Include<@DGCONFDIR@/lists/phraselists/pornography/banned_portuguese> #.Include<@DGCONFDIR@/lists/phraselists/illegaldrugs/banned> #.Include<@DGCONFDIR@/lists/phraselists/gambling/banned> ##.Include<@DGCONFDIR@/lists/phraselists/gambling/banned_portuguese> #.Include<@DGCONFDIR@/lists/phraselists/googlesearches/banned> e2guardian-5.3.4/configs/lists/bannedregexpheaderlist000077500000000000000000000005011361351710700227670ustar00rootroot00000000000000#Banned outgoing HTTP headers based on regular expressions # # E.g. 'User-Agent: .*MSIE' would block several versions of Internet Explorer # (assuming the user-agent is not being spoofed by the client) # # Headers are matched line-by-line, not as a single block. #listcategory: "Banned Regular Expression HTTP Headers" e2guardian-5.3.4/configs/lists/bannedregexpurllist000077500000000000000000000123131361351710700223450ustar00rootroot00000000000000#Banned URLs based on Regular Expressions # # E.g. 'sex' would block sex.com and middlesex.com etc #listcategory: "Banned Regular Expression URLs" #Banned URLs based on Regular Expressions #These examples should be used with extreme caution # as most regexp url patterns tend to overblock # Be as specific as possible as this helps avoid this ###################################################### # Pornography, Modelling and Adult Sites ###################################################### #\b(big|cyber|hard|huge|mega|small|soft|super|tiny|bare|naked|nude|anal|oral|topp?les|sex|phone)+\b.*\b(anal|babe|bharath|boob|breast|busen|busty|clit|cum|cunt|dick|fetish|fuck|girl|hooter|lez|lust|naked|nude|oral|orgy|penis|porn|porno|pupper|pussy|rotten|sex|shit|smutpump|teen|tit|topp?les|xxx)s\b? #\b(anal|babe|bharath|boob|breast|busen|busty|clit|cum|cunt|dick|fetish|fuck|girl|hooter|lez|lust|naked|nude|oral|orgy|penis|porn|porno|pupper|pussy|rotten|sex|shit|smutpump|teen|tit|topp?les|xxx)+\b.*\b(big|cyber|hard|huge|mega|small|soft|super|tiny|bare|naked|nude|anal|oral|topp?les|sex)\b+ #HardCore phrases #(adultsight|adultsite|adultsonly|adultweb|blowjob|bondage|centerfold|cumshot|cyberlust|cybercore|hardcore|masturbat) #(bangbros|pussylip|playmate|pornstar|sexdream|showgirl|softcore|striptease) #SoftCore phrases - more likely to overblock - possibly on news sites #(incest|obscene|pedophil|pedofil) #Photo Modeling - supplied by David Burkholder #(male|m[ae]n|boy|girl|beaut|agen[ct]|glam)+.*(model|talent) # The following will help to block explicit media files (images and video) #(sex|fuck|boob|cunt|fetish|tits|anal|hooter|asses|shemale|submission|porn|xxx|busty|knockers|slut|nude|naked|pussy)+.*(\.jpg|\.wmv|\.mpg|\.mpeg|\.gif|\.mov) #(girls|babes|bikini|model)+.*(\.jpg|\.wmv|\.mpg|\.mpeg|\.gif|\.mov) #Block Naturism and Nudist sites #(naturism|naturist|nude|nudist|nudism|nekkid|nakt|naakt) ###################################################### # Search Engine and Related ###################################################### #Block unfiltered options on various search engines #(^|[\?+=&/])(.*\.google\..*/.*\?.*safe=off)([\?+=&/]|$) #(^|[\?+=&/])(.*\.alltheweb.com/customize\?.*copt_offensive=off)([\?+=&/]|$) #Block images and video on altavista, alltheweb, yahoo etc - as they are anonomised #(yahoo.com\/image\/) #(yimg.com\/image\/) #(altavista.com\/image\/) #(altavista.com\/video\/) #(picsearch.com\/is) #Block images and video on google #(images.google)+.*(\.jpg|\.wmv|\.mpg|\.mpeg|\.gif|\.mov) #(google.com\/video) #block all video #(google.com\/ThumbnailServer) #block video thumbnails #(google.com\/videoplay) #block only playing the video ###################################################### # Proxy Sites ###################################################### #Block Cgiproxy, Poxy, PHProxy and other Web-based proxies #(cecid.php|nph-webpr|nph-pro|/dmirror|cgiproxy|phpwebproxy|__proxy_url|proxy.php) #Block websites containing proxy lists #(anonymizer|proxify|megaproxy) #AGRESSIVE blocking of all URLs containing proxy - WARNING - this WILL overblock!! #(proxy) ###################################################### # Gambling - supplied by David Burkholder ###################################################### #(casino|bet(ting|s)|lott(ery|o)|gam(e[rs]|ing|bl(e|ing))|sweepstake|poker) ###################################################### # Sport - supplied by David Burkholder ###################################################### #(bowling|badminton|box(e[dr]|ing)|skat(e[rs]|ing)|hockey|soccer|nascar|wrest|rugby|tennis|sports|cheerlead|rodeo|cricket|badminton|stadium|derby) #((paint|volley|bas(e|ket)|foot|quet)ball|/players[/\.]?|(carn|fest)ival) #Racing - supplied by David Burkholder #(speed(st|wa|y)|corvette|rac[eiy]|wrest|harley|motorcycle|nascar) ###################################################### # News sites - supplied by David Burkholder ###################################################### #(news(watch|pap|cast)|herald|sentinel|courier|gazet|tribune|chronicle|daily|ning)news) ###################################################### # Dating Sites - supplied by David Burkholder ###################################################### #(meet|hook|mailord|latin|(asi|mexic|dominic|russi|kore|colombi|balk)an|brazil|filip|french|chinese|ukrain|thai|tour|foreign|date)+.*(dar?[lt]ing|(sing|coup)le|m[ae]n|girl|boy|guy|mat(e|ing)|l[ou]ve?|partner|meet) #(marr(y|i[ae])|roman(ce|tic)|fiance|bachelo|dating|affair|personals) ###################################################### # Miscellaneous - Productivity etc. ###################################################### #Use this to block web counters: #(adlog.php|cnt.cgi|count.cgi|count.dat|count.jsp|count.pl|count.php|counter.cgi|counter.js|counter.pl|countlink.cgi|fpcount.exe|logitpro.cgi|rcounter.dll|track.pl|w_counter.js) #Contributed by proxy@barendse.to #Free stuff - supplied by David Burkholder #(free|phone|mobile)+.*(love|music|movie|dvd|video|stuff|site|arcade|wallpaper|mp3) #((ring|real)tone) #Music - supplied by David Burkholder #(rock|pop|jazz|rap|punk)+.*(cult|roll|geek|drum|music|history|band) # WARNING: This is part of the URL for the e2guardian.org sample virus archive. # You probably don't want to go there unintentionally. (Variants/AVTest) e2guardian-5.3.4/configs/lists/bannedregexpuseragentlist000077500000000000000000000004441361351710700235420ustar00rootroot00000000000000#Banned User-Agents based on regular expressions # # E.g. ' .*MSIE' would block several versions of Internet Explorer # (assuming the user-agent is not being spoofed by the client) # #listcategory: "user-agent" # # This is useful for blocking apps # e.g. to block Kindle app #kindle #Kindle e2guardian-5.3.4/configs/lists/bannedrooms/000077500000000000000000000000001361351710700206455ustar00rootroot00000000000000e2guardian-5.3.4/configs/lists/bannedrooms/Makefile.am000077500000000000000000000006571361351710700227140ustar00rootroot00000000000000DISTCLEANFILES = Makefile.in DGDATADIR = $(DGCONFDIR)/lists/bannedrooms SUBDIRS = . WLISTS = default EXTRA_DIST = $(WLISTS) install-data-local: $(mkinstalldirs) $(DESTDIR)$(DGDATADIR) && \ for l in $(WLISTS) ; do \ echo "$(INSTALL_DATA) $$l $(DESTDIR)$(DGDATADIR)/$$l"; \ $(INSTALL_DATA) $$l $(DESTDIR)$(DGDATADIR)/$$l; \ done uninstall-local: for l in $(WLISTS) ; do \ rm -f $(DESTDIR)$(DGDATADIR)/$$l ; \ done e2guardian-5.3.4/configs/lists/bannedrooms/default000077500000000000000000000000351361351710700222150ustar00rootroot00000000000000#Untitled room 192.168.42.42 e2guardian-5.3.4/configs/lists/bannedsearchlist000066400000000000000000000003541361351710700215740ustar00rootroot00000000000000#Banned Search Words # #Words must be in alphabetic order within a single line # and separated by a '+' sign. #All combinations of the words will be blocked # e.g. girl+naughty # will block naughty+girl as well as girl+naughty e2guardian-5.3.4/configs/lists/bannedsearchoveridelist000066400000000000000000000000001361351710700231360ustar00rootroot00000000000000e2guardian-5.3.4/configs/lists/bannedsiteiplist000077500000000000000000000003221361351710700216220ustar00rootroot00000000000000# IP sites in banned list #The bannedsiteiplist is for blocking ALL of an IP site # IP site addresses # # Single IPs, ranges and subnets can be used, # e.g. # 192.168.0.1 # 10.0.0.1-10.0.0.3 # 10.0.0.0/24 # e2guardian-5.3.4/configs/lists/bannedsitelist.in000077500000000000000000000102431361351710700217010ustar00rootroot00000000000000#domains in banned list #Don't bother with the www. or the http:// #The bannedurllist is for blocking PART of a site #The bannedsitelist is for blocking ALL of a site #NOTE: Sites using just IP should be put into bannedsiteiplist #You can include #.tld so for example you can match .gov for example #The 'grey' lists override the 'banned' lists. #The 'exception' lists override the 'banned' lists also. #The difference is that the 'exception' lists completely switch #off *all* other filtering for the match. 'grey' lists only #stop the URL filtering and allow the normal filtering to work. #An example of grey list use is when in Blanket Block (whitelist) #mode and you want to allow some sites but still filter as normal #on their content #Another example of grey list use is when you ban a site but want #to allow part of it. #To include additional files in this list use this example: #.Include<@DGCONFDIR@/anotherbannedurllist> #You can have multiple .Includes. # Time limiting syntax: # #time: # Example: ##time: 9 0 17 0 01234 # Remove the first # from the line above to enable this list only from # 9am to 5pm, Monday to Friday. # List categorisation #listcategory: "Banned Sites" #List other sites to block: # badboys.com # NOTE: From v5 Blanket blocks are now implimented using Storyboarding # WARNING: Old style Blanket blocks in this file will be silently ignored # The squidGuard advert domain/URL lists are now included by default. # To work with advanced ad blocking & the logadblocks option, advert # phrase/site/URL lists should have the string "ADs" in their listcategory. # .Include<@DGCONFDIR@/lists/blacklists/ads/domains> #Remove the # from the following and edit as needed to use a stock #squidGuard/urlblacklists collection. #.Include<@DGCONFDIR@/lists/blacklists/adult/domains> #.Include<@DGCONFDIR@/lists/blacklists/aggressive/domains> #.Include<@DGCONFDIR@/lists/blacklists/artnudes/domains> #.Include<@DGCONFDIR@/lists/blacklists/audio-video/domains> #.Include<@DGCONFDIR@/lists/blacklists/beerliquorinfo/domains> #.Include<@DGCONFDIR@/lists/blacklists/beerliquorsale/domains> #.Include<@DGCONFDIR@/lists/blacklists/chat/domains> #.Include<@DGCONFDIR@/lists/blacklists/childcare/domains> #.Include<@DGCONFDIR@/lists/blacklists/clothing/domains> #.Include<@DGCONFDIR@/lists/blacklists/culinary/domains> #.Include<@DGCONFDIR@/lists/blacklists/dialers/domains> #.Include<@DGCONFDIR@/lists/blacklists/drugs/domains> #.Include<@DGCONFDIR@/lists/blacklists/entertainment/domains> #.Include<@DGCONFDIR@/lists/blacklists/forums/domains> #.Include<@DGCONFDIR@/lists/blacklists/frencheducation/domains> #.Include<@DGCONFDIR@/lists/blacklists/gambling/domains> #.Include<@DGCONFDIR@/lists/blacklists/government/domains> #.Include<@DGCONFDIR@/lists/blacklists/hacking/domains> #.Include<@DGCONFDIR@/lists/blacklists/homerepair/domains> #.Include<@DGCONFDIR@/lists/blacklists/hygiene/domains> #.Include<@DGCONFDIR@/lists/blacklists/jewelry/domains> #.Include<@DGCONFDIR@/lists/blacklists/jobsearch/domains> #.Include<@DGCONFDIR@/lists/blacklists/kidstimewasting/domains> #.Include<@DGCONFDIR@/lists/blacklists/mail/domains> #.Include<@DGCONFDIR@/lists/blacklists/news/domains> #.Include<@DGCONFDIR@/lists/blacklists/onlineauctions/domains> #.Include<@DGCONFDIR@/lists/blacklists/onlinegames/domains> #.Include<@DGCONFDIR@/lists/blacklists/onlinepayment/domains> #.Include<@DGCONFDIR@/lists/blacklists/personalfinance/domains> #.Include<@DGCONFDIR@/lists/blacklists/pets/domains> #.Include<@DGCONFDIR@/lists/blacklists/porn/domains> #.Include<@DGCONFDIR@/lists/blacklists/proxy/domains> #.Include<@DGCONFDIR@/lists/blacklists/publicite/domains> #.Include<@DGCONFDIR@/lists/blacklists/redirector/domains> #.Include<@DGCONFDIR@/lists/blacklists/ringtones/domains> #.Include<@DGCONFDIR@/lists/blacklists/sportnews/domains> #.Include<@DGCONFDIR@/lists/blacklists/sports/domains> #.Include<@DGCONFDIR@/lists/blacklists/vacation/domains> #.Include<@DGCONFDIR@/lists/blacklists/violence/domains> #.Include<@DGCONFDIR@/lists/blacklists/virusinfected/domains> #.Include<@DGCONFDIR@/lists/blacklists/warez/domains> # You will need to edit to add and remove categories you want e2guardian-5.3.4/configs/lists/bannedsslsiteiplist000066400000000000000000000007421361351710700223470ustar00rootroot00000000000000#IP sites in banned ssl list #This list is only used for SSL (or CONNECT) requests #Unlike the bannedsitelist it overides all other lists # so can be used ban an https site white the http is allowed or made an exception # #Only list sites where you only want the https site blocked #Use bannedsiteiplist for sites where you want both http & https blocked # IP site addresses # # Single IPs, ranges and subnets can be used, # e.g. # 192.168.0.1 # 10.0.0.1-10.0.0.3 # 10.0.0.0/24 # e2guardian-5.3.4/configs/lists/bannedsslsitelist000066400000000000000000000007021361351710700220120ustar00rootroot00000000000000#domains in banned ssl list #Don't bother with the www. or the https:// #This list is only used for SSL (or CONNECT) requests # and will not have any effect when MITM is enabled. #Unlike the bannedsitelist it overides all other lists # so can be used ban an https site white the http is allowed or made an exception # #Only list sites where you only want the https site blocked #Use bannedsitelist for sites where you want both http & https blocked e2guardian-5.3.4/configs/lists/bannedurllist.in000077500000000000000000000047111361351710700215420ustar00rootroot00000000000000#URLs in banned list #Don't bother with the http:// or the www #The bannedurllist is for blocking PART of a site #The bannedsitelist is for blocking ALL of a site #The 'grey' lists override the 'banned' lists. #The 'exception' lists override the 'banned' lists also. #The difference is that the 'exception' lists completely switch #off *all* other filtering for the match. 'grey' lists only #stop the URL filtering and allow the normal filtering to work. #An example of grey list use is when in Blanket Block (whitelist) #mode and you want to allow some sites but still filter as normal #on their content #Another example of grey list use is when you ban a site but want #to allow part of it. #To include additional files in this list use this example: #.Include<@DGCONFDIR@/anotherbannedurllist> #You can have multiple .Includes. #listcategory: "Banned URLs" #List other URLs to block: # members.home.net/uporn # The squidGuard advert domain/URL lists are now included by default. # To work with advanced ad blocking & the logadblocks option, advert # phrase/site/URL lists should have the string "ADs" in their listcategory. #.Include<@DGCONFDIR@/lists/blacklists/ads/urls> #Remove the # from the following and edit as needed to use a stock #squidGuard/urlblacklist blacklists collection. #.Include<@DGCONFDIR@/lists/blacklists/adult/urls> #.Include<@DGCONFDIR@/lists/blacklists/aggressive/urls> #.Include<@DGCONFDIR@/lists/blacklists/audio-video/urls> #.Include<@DGCONFDIR@/lists/blacklists/chat/urls> #.Include<@DGCONFDIR@/lists/blacklists/drugs/urls> #.Include<@DGCONFDIR@/lists/blacklists/entertainment/urls> #.Include<@DGCONFDIR@/lists/blacklists/frencheducation/urls> #.Include<@DGCONFDIR@/lists/blacklists/gambling/urls> #.Include<@DGCONFDIR@/lists/blacklists/government/urls> #.Include<@DGCONFDIR@/lists/blacklists/hacking/urls> #.Include<@DGCONFDIR@/lists/blacklists/jobsearch/urls> #.Include<@DGCONFDIR@/lists/blacklists/kidstimewasting/urls> #.Include<@DGCONFDIR@/lists/blacklists/mail/urls> #.Include<@DGCONFDIR@/lists/blacklists/news/urls> #.Include<@DGCONFDIR@/lists/blacklists/porn/urls> #.Include<@DGCONFDIR@/lists/blacklists/proxy/urls> #.Include<@DGCONFDIR@/lists/blacklists/publicite/urls> #.Include<@DGCONFDIR@/lists/blacklists/redirector/urls> #.Include<@DGCONFDIR@/lists/blacklists/violence/urls> #.Include<@DGCONFDIR@/lists/blacklists/virusinfected/urls> #.Include<@DGCONFDIR@/lists/blacklists/warez/urls> # You will need to edit to add and remove categories you want e2guardian-5.3.4/configs/lists/contentregexplist000077500000000000000000000115571361351710700220560ustar00rootroot00000000000000#Content modifying Regular Expressions # # The format is: "extended regular expression"->"replacement straight string" # E.g. "shit"->"censored" would replace all occurances of shit in any case. # Far more complicated matches are possible. See other sources for examples # of extended regular expressions. # These are just some examples. If you write any, for example, to # remove popups etc, please send them to author at e2guardian.org. # #"" #"=[ ]*?window\.open[ ]*?\("->"=fwo(" #""->"" # Fix Firefox <= 1.0.7 DoS # http://www.whitedust.net/speaks/1432/ #"(("->"$1dosremovedtext" # Disable ActiveX objects. #"]*application\/x-oleobject[^>]*>.*?<\/object>"->"" #"]*(application/x-oleobject).*?>(.*?)?"->"" # Warn about address bar spoofing. #"(]*href[^>]*)(\x01|\x02|\x03|%0[012])"->"$1MALICIOUS-LINK" # Disable all popups in JavaScript and HTML. It may cause unavoidable # Javascript warnings or errors. Do not enable at the same time as other # popup removing lines. #"((\W\s*)(window|this|parent)\.)open\s*\\?\("->"$1concat(" #"\starget\s*=\s*(['"]?)_?(blank|new)\1?"->" notarget" # Removes the APPLET tag which is generally used Java applets. #"]*>.*?<\/applet>"->"" # Disable the BLINK and MARQUEE tags. #"]*>"->"" # Warn about potential cross-site-scripting vulnerability described here: # http://online.securityfocus.com/archive/1/298748/2002-11-02/2002-11-08/2 #"f\("javascript:location.replace\('mk:@MSITStore:C:'\)"\);"->"alert\("This page looks like it tries to use a vulnerability described here:\n http://online.securityfocus.com/archive/1/298748/2002-11-02/2002-11-08/2"\);" # Removes the SCRIPT tag with JavaScript. This will likely break sites that are # badly written and thus rely on JavaScript. This should not be used at the same # time as the 'script' category. #""->"
WARNING: This Server is infected with Nimda!" # Disable onunload (page close) popups. #"(]*)onunload"->"$1never" #"()"->"$1never" # Removes the SCRIPT tag which could include JavaScript, perlscript and vbscript. # This will likely break sites that are badly written and thus rely on client # side scripts. This should not be used at the same time as the 'javascript' line. #"]*>.*?<\/script>"->"" # Disable Sockwave Flash objects. #"]*macromedia[^>]*>.*?<\/object>"->"" #"]*(application/x-shockwave-flash\|\.swf).*?>(.*?)?"->"" # Disable unsolicited popups. #"([^'"]\s*)(?=\s*[^'"])"->"$1" #"([^\w\s.]\s*)((window|this|parent)\.)?open\s*\("->"$1SWGuardianWindowOpen(" #"([^'"]\s*)(?!\s*(\\n|'|"))"->"$1" # Remove 1x1 GIFs used for user tracking. #"]*(?:(width)|(height))\s*=\s*['"]?[01](?=\D)[^>]*(?:(width)|(height))\s*=\s*['"]?[01](?=\D)[^>]*?>"->"" # Prevent windows from resizing and moving themselves. #"(?:window|this|self|top)\.(?:move|resize)(?:to|by)\("->"''.concat(" e2guardian-5.3.4/configs/lists/contentscanners/000077500000000000000000000000001361351710700215455ustar00rootroot00000000000000e2guardian-5.3.4/configs/lists/contentscanners/Makefile.am000077500000000000000000000010321361351710700236000ustar00rootroot00000000000000DISTCLEANFILES = Makefile.in DGDATADIR = $(DGCONFDIR)/lists/contentscanners SUBDIRS = . WLISTS = exceptionvirusmimetypelist exceptionvirusextensionlist \ exceptionvirussitelist exceptionvirusurllist EXTRA_DIST = $(WLISTS) install-data-local: $(mkinstalldirs) $(DESTDIR)$(DGDATADIR) && \ for l in $(WLISTS) ; do \ echo "$(INSTALL_DATA) $$l $(DESTDIR)$(DGDATADIR)/$$l"; \ $(INSTALL_DATA) $$l $(DESTDIR)$(DGDATADIR)/$$l; \ done uninstall-local: for l in $(WLISTS) ; do \ rm -f $(DESTDIR)$(DGDATADIR)/$$l ; \ done e2guardian-5.3.4/configs/lists/contentscanners/exceptionvirusextensionlist000077500000000000000000000011431361351710700274120ustar00rootroot00000000000000#Exception Virus extension list #This file originally from: #http://dgav.sourceforge.net # The Virus scanning code will ignore files with these extensions. # File extensions with executable code # Files which one normally things as non-executable but # can contain harmful macros and viruses # Other files which may contain files with executable code # Time/bandwidth wasting files .mp3 # Music file .mpeg # Movie file .mpg # Movie file .avi # Movie file .ra # Real Audio .ram # " .rm # " # Image files not to scan .gif .png .tiff .ico # http://www.kb.cert.org/vuls/id/297462 #.jpg #.jpeg e2guardian-5.3.4/configs/lists/contentscanners/exceptionvirusmimetypelist000077500000000000000000000007031361351710700272300ustar00rootroot00000000000000# MIME types the virus scanning code ignores. #This file originally from: #http://dgav.sourceforge.net audio/mpeg audio/x-mpeg audio/x-pn-realaudio audio/x-wav audio/x-realaudio audio/x-pn-realaudio audio/vnd.rn-realaudio application/ogg video/mpeg video/x-mpeg2 video/acorn-replay video/quicktime video/x-msvideo video/msvideo video/vnd.rn-realvideo image/png image/gif image/tiff # http://www.kb.cert.org/vuls/id/297462 # image/jpeg # text/html e2guardian-5.3.4/configs/lists/contentscanners/exceptionvirussitelist000077500000000000000000000004271361351710700263460ustar00rootroot00000000000000#Sites in virus exception list will not be virus scanned #Don't bother with the www. or #the http:// # #These are specifically domains and are not URLs. #For example 'foo.bar/porn/' is no good, you need #to just have 'foo.bar'. # #You can also match IPs here too. # example.com e2guardian-5.3.4/configs/lists/contentscanners/exceptionvirusurllist000077500000000000000000000006071361351710700262040ustar00rootroot00000000000000#URLs in exception virus list will not be virus scanned #Don't bother with the www. or #the http:// # #These are parts of sites that filtering should #be switched off for. # #These should not be domains, i.e. entire sites, #they should be a domain with a path. # #For example 'foo.bar' is no good, you need #to just have 'foo.bar/porn'. # #Another example: #generallybadsite.tld/partthatsok e2guardian-5.3.4/configs/lists/domainsnobypass.in000077500000000000000000000056571361351710700221170ustar00rootroot00000000000000# User are not allowed to bypass domains in this list #Don't bother with the www. or the http:// #NOTE: Sites using just IP should be put into bannedsiteiplistwithbypass #You can include #.tld so for example you can match .gov for example #.Include<@DGCONFDIR@/anotherbannedurllist> #You can have multiple .Includes. # WARNING: Old style Blanket blocks in this file will be silently ignored # .Include<@DGCONFDIR@/lists/blacklists/ads/domains> #Remove the # from the following and edit as needed to use a stock #squidGuard/urlblacklists collection. #.Include<@DGCONFDIR@/lists/blacklists/adult/domains> #.Include<@DGCONFDIR@/lists/blacklists/aggressive/domains> #.Include<@DGCONFDIR@/lists/blacklists/artnudes/domains> #.Include<@DGCONFDIR@/lists/blacklists/audio-video/domains> #.Include<@DGCONFDIR@/lists/blacklists/beerliquorinfo/domains> #.Include<@DGCONFDIR@/lists/blacklists/beerliquorsale/domains> #.Include<@DGCONFDIR@/lists/blacklists/chat/domains> #.Include<@DGCONFDIR@/lists/blacklists/childcare/domains> #.Include<@DGCONFDIR@/lists/blacklists/clothing/domains> #.Include<@DGCONFDIR@/lists/blacklists/culinary/domains> #.Include<@DGCONFDIR@/lists/blacklists/dialers/domains> #.Include<@DGCONFDIR@/lists/blacklists/drugs/domains> #.Include<@DGCONFDIR@/lists/blacklists/entertainment/domains> #.Include<@DGCONFDIR@/lists/blacklists/forums/domains> #.Include<@DGCONFDIR@/lists/blacklists/frencheducation/domains> #.Include<@DGCONFDIR@/lists/blacklists/gambling/domains> #.Include<@DGCONFDIR@/lists/blacklists/government/domains> #.Include<@DGCONFDIR@/lists/blacklists/hacking/domains> #.Include<@DGCONFDIR@/lists/blacklists/homerepair/domains> #.Include<@DGCONFDIR@/lists/blacklists/hygiene/domains> #.Include<@DGCONFDIR@/lists/blacklists/jewelry/domains> #.Include<@DGCONFDIR@/lists/blacklists/jobsearch/domains> #.Include<@DGCONFDIR@/lists/blacklists/kidstimewasting/domains> #.Include<@DGCONFDIR@/lists/blacklists/mail/domains> #.Include<@DGCONFDIR@/lists/blacklists/news/domains> #.Include<@DGCONFDIR@/lists/blacklists/onlineauctions/domains> #.Include<@DGCONFDIR@/lists/blacklists/onlinegames/domains> #.Include<@DGCONFDIR@/lists/blacklists/onlinepayment/domains> #.Include<@DGCONFDIR@/lists/blacklists/personalfinance/domains> #.Include<@DGCONFDIR@/lists/blacklists/pets/domains> #.Include<@DGCONFDIR@/lists/blacklists/porn/domains> #.Include<@DGCONFDIR@/lists/blacklists/proxy/domains> #.Include<@DGCONFDIR@/lists/blacklists/publicite/domains> #.Include<@DGCONFDIR@/lists/blacklists/redirector/domains> #.Include<@DGCONFDIR@/lists/blacklists/ringtones/domains> #.Include<@DGCONFDIR@/lists/blacklists/sportnews/domains> #.Include<@DGCONFDIR@/lists/blacklists/sports/domains> #.Include<@DGCONFDIR@/lists/blacklists/vacation/domains> #.Include<@DGCONFDIR@/lists/blacklists/violence/domains> #.Include<@DGCONFDIR@/lists/blacklists/virusinfected/domains> #.Include<@DGCONFDIR@/lists/blacklists/warez/domains> # You will need to edit to add and remove categories you want e2guardian-5.3.4/configs/lists/downloadmanagers/000077500000000000000000000000001361351710700216635ustar00rootroot00000000000000e2guardian-5.3.4/configs/lists/downloadmanagers/Makefile.am000077500000000000000000000007251361351710700237260ustar00rootroot00000000000000DISTCLEANFILES = Makefile.in DGDATADIR = $(DGCONFDIR)/lists/downloadmanagers SUBDIRS = . WLISTS = managedmimetypelist managedextensionlist EXTRA_DIST = $(WLISTS) install-data-local: $(mkinstalldirs) $(DESTDIR)$(DGDATADIR) && \ for l in $(WLISTS) ; do \ echo "$(INSTALL_DATA) $$l $(DESTDIR)$(DGDATADIR)/$$l"; \ $(INSTALL_DATA) $$l $(DESTDIR)$(DGDATADIR)/$$l; \ done uninstall-local: for l in $(WLISTS) ; do \ rm -f $(DESTDIR)$(DGDATADIR)/$$l ; \ done e2guardian-5.3.4/configs/lists/downloadmanagers/managedextensionlist000077500000000000000000000010561361351710700260400ustar00rootroot00000000000000# Managed extension list # For use as the 'managedextensionlist' option in the configuration of # download managers supporting this feature. # # When enabled, only content matching the extensions given in this list will # be handled by the download manager. # If a managedmimetypelist is also enabled, then only content matching both # a mimetype and an extension in the lists will be handled. .bat .cab .com .crt .exe .hlp .ini .hta .inf .lnk .mdb .pcd .sh .vbs .doc .xls .gz .tar .bz2 .sit .bin .hqx .zip .sxw .doc .iso .pdf .rar .ace .arj .dll .mda .mde e2guardian-5.3.4/configs/lists/downloadmanagers/managedmimetypelist000077500000000000000000000062541361351710700256620ustar00rootroot00000000000000# Managed mime type list # For use as the 'managedmimetypelist' option in the configuration of # download managers supporting this feature. # # When enabled, only content matching the mime types given in this list will # be handled by the download manager. # If a managedextensionlist is also enabled, then only content matching both # a mimetype and an extension in the lists will be handled. # List originally by David Chewning # MIME Types Researched at http://filext.com/ # bat application/bat application/x-bat # cab application/cab zz-application/zz-winassoc-cab # com application/com application/x-com # crt application/x-x509-ca-cert application/pkix-cert application/keychain_access # exe application/octet-stream application/exe application/x-exe application/dos-exe vms/exe application/x-winexe application/msdos-windows # hlp application/winhlp application/x-helpfile application/x-winhelp zz-application/zz-winassoc-hlp # ini zz-application/zz-winassoc-ini # hta application/hta # inf text/inf application/x-setupscript # lnk application/x-ms-shortcut # mdb application/x-msaccess application/vnd.msaccess application/mdb application/x-mdb zz-application/zz-winassoc-mdb # pcd image/pcd image/x-photo-cd # sh application/x-sh application/x-shar # vbs application/x-vbs text/vbs text/vbscript # doc application/msword application/doc application/vnd.msword application/vnd.ms-word application/winword application/word application/x-msw6 application/x-msword zz-application/zz-winassoc-doc # xls application/msexcel application/x-msexcel application/x-ms-excel application/vnd.ms-excel application/x-excel application/x-dos_ms_excel application/xls application/x-xls zz-application/zz-winassoc-xls # gz application/gzip application/x-gunzip application/gzipped application/gzip-compressed gzip/document # tar application/tar applicaton/x-gtar multipart/x-tar # bz2 application/bzip2 application/x-bz2 application/x-bzip # sit application/stuffit application/x-sit # bin application/macbinary application/x-macbinary application/bin application/binary # hqx application/binhex application/mac-binhex application/mac-binhex40 application/x-winzip # zip application/zip application/x-zip multipart/x-zip # Audio/video types commented out to prevent breakage of streaming apps # mp3 #audio/mpeg #audio/x-mpeg #audio/mp3 #audio/x-mp3 #audio/mpeg3 #audio/x-mpeg3 #audio/mpg #audio/x-mpg #audio/x-mpegaudio # mpeg #video/mpeg # avi #video/avi #video/msvideo #video/x-msvideo #image/avi #video/xmpg2 #application/x-troff-msvideo #audio/aiff #audio/avi # asf #audio/asf #application/asx #video/x-ms-asf-plugin #application/x-mplayer2 #video/x-ms-asf #application/vnd.ms-asf #video/x-ms-asf-plugin #video/x-ms-wm #video/x-ms-wmx # ogg #audio/x-ogg #application/x-ogg # Multiple extensions # bat, com, dll, exe application/x-msdos-program # cab, gz, tar, zip application/x-compress # cab, gz, tar, bz2, zip application/x-compressed # com, dll, exe, bin application/x-msdownload # mda, mdb, mde application/msaccess application/vnd.ms-access # sct, wsc text/scriptlet # sit, bin, hqx application/x-stuffit # gz, hqx application/x-gzip # tar, hqx application/x-tar # hqx, zip application/x-zip-compressed e2guardian-5.3.4/configs/lists/embededreferersiteiplist000066400000000000000000000003371361351710700233360ustar00rootroot00000000000000# Embeded referer IP sites # sites which may contain embeded exception referer sites in the url # IP site addresses # # Single IPs, ranges and subnets can be used, # e.g. # 192.168.0.1 # 10.0.0.1-10.0.0.3 # 10.0.0.0/24 # e2guardian-5.3.4/configs/lists/embededreferersitelist000066400000000000000000000001361361351710700230020ustar00rootroot00000000000000# Embeded referer sites # sites which may contain embeded exception referer sites in the url e2guardian-5.3.4/configs/lists/embededrefererurllist000066400000000000000000000003101361351710700226320ustar00rootroot00000000000000# Embeded referer urls # urls which may contain embeded exception referer sites in the url # e.g. to allow youtube video when embeded in a trusted referer site/urls # www.youtube.com/get_video_info e2guardian-5.3.4/configs/lists/exceptionclientlist000077500000000000000000000006301361351710700223540ustar00rootroot00000000000000# Doamin names of computers from which # web access should not be filtered. # # These would be servers which # need unfiltered access for # updates. Also administrator # workstations which need to # download programs and check # out blocked sites should be # put here. # # To work you must # cater for reverse DNS lookups # on your LAN and enable the # "reverseclientiplookups" option in # e2guardian.conf e2guardian-5.3.4/configs/lists/exceptionextensionlist000077500000000000000000000007401361351710700231140ustar00rootroot00000000000000# Exception file extension list # Use as a filter group's "exceptionextensionlist", # to override a blanket download block. # (blockdownloads = on) # # DOES NOT override content/virus scanning or site/URL bans. # # Default list: # Unblock web pages & graphics # Text/web document types .css .html .shtml .htm .stm .asp .php .txt .rtx .xml .xsl .cgi .pl # Image types .bmp .cod .gif .ief .jpe .jpeg .jpg .jfif .tif .tiff .ras .cmx .ico .pnm .pbm .pgm .ppm .rgb .xbm .xpm .xwd e2guardian-5.3.4/configs/lists/exceptionfilesiteiplist000077500000000000000000000006451361351710700232410ustar00rootroot00000000000000# Exception file site ip list # Use this list to define ip sites from which files can be downloaded, # overriding a blanket download block (blockdownloads = on) or the # banned MIME type and extension lists (blockdownloads = off). # # DOES NOT override content/virus scanning or site/URL bans. # IP site addresses # # Single IPs, ranges and subnets can be used, # e.g. # 192.168.0.1 # 10.0.0.1-10.0.0.3 # 10.0.0.0/24 # e2guardian-5.3.4/configs/lists/exceptionfilesitelist000077500000000000000000000016201361351710700227020ustar00rootroot00000000000000# Exception file site list # Use this list to define sites from which files can be downloaded, # overriding a blanket download block (blockdownloads = on) or the # banned MIME type and extension lists (blockdownloads = off). # # DOES NOT override content/virus scanning or site/URL bans. # Don't bother with the www. or # the http:// # # These are specifically domains and are not URLs. # For example 'foo.bar/porn/' is no good, you need # to just have 'foo.bar'. # # You can also match IPs here too. # # As of DansGuardian 2.7.3 you can now include # .tld so for example you can match .gov for example # Time limiting syntax: # #time: # Example: ##time: 9 0 17 0 01234 # Remove the first # from the line above to enable this list only from # 9am to 5pm, Monday to Friday. windowsupdate.microsoft.com update.microsoft.com download.windowsupdate.com e2guardian-5.3.4/configs/lists/exceptionfileurllist000077500000000000000000000015021361351710700225370ustar00rootroot00000000000000# Exception file URL list # Use this list to define URLs from which files can be downloaded, # overriding a blanket download block (blockdownloads = on) or the # banned MIME type and extension lists (blockdownloads = off). # # DOES NOT override content/virus scanning or site/URL bans. # Don't bother with the www. or # the http:// # # These are specifically domains and are not URLs. # For example 'foo.bar/porn/' is no good, you need # to just have 'foo.bar'. # # You can also match IPs here too. # # As of DansGuardian 2.7.3 you can now include # .tld so for example you can match .gov for example # Time limiting syntax: # #time: # Example: ##time: 9 0 17 0 01234 # Remove the first # from the line above to enable this list only from # 9am to 5pm, Monday to Friday. e2guardian-5.3.4/configs/lists/exceptioniplist000077500000000000000000000011021361351710700215010ustar00rootroot00000000000000# IP addresses of computers from which # web access should not be filtered. # # These would be servers which # need unfiltered access for # updates. Also administrator # workstations which need to # download programs and check # out blocked sites should be # put here. # # Hostnames are NOT allowed here, # put these in exceptionclientlist and # enable the reverseclientlookups option. # # This is not the IP of web servers # you don't want to filter. #192.168.0.1 #192.168.0.2 #192.168.42.2 # Ranges and subnets can also be used, # e.g. # 10.0.0.1-10.0.0.3 # 10.0.0.0/24 # e2guardian-5.3.4/configs/lists/exceptionmimetypelist000077500000000000000000000012151361351710700227270ustar00rootroot00000000000000# Exception MIME type list # Use as a filter group's "exceptionmimetypelist", # to override a blanket download block. # (blockdownloads = on) # # DOES NOT override content/virus scanning or site/URL bans. # # Default list: # Unblock web pages & graphics # Text/web document types text/plain text/html text/css text/xml text/xsl text/richtext # Image types image/bmp image/cis-cod image/gif image/ief image/jpeg image/pipeg image/png image/tiff image/x-cmu-raster image/x-cmx image/x-icon image/x-portable-anymap image/x-portable-bitmap image/x-portable-graymap image/x-portable-pixmap image/x-rgb image/x-xbitmap image/x-xpixmap image/x-xwindowdump e2guardian-5.3.4/configs/lists/exceptionphraselist.in000077500000000000000000000010161361351710700227640ustar00rootroot00000000000000# EXCEPTIONPHRASELIST - INSTRUCTIONS FOR USE # # If any of the phrases listed below appear in a web page # then it will bypass the filtering and be allowed through # eg # < medical > # # # Combinations # Unblock the page if the following phrases are found on the same page. # Each line is a new combination. # eg #,, # # See the bannedphraselist for more examples. .Include<@DGCONFDIR@/lists/phraselists/goodphrases/exception> #.Include<@DGCONFDIR@/lists/phraselists/goodphrases/exception_email> e2guardian-5.3.4/configs/lists/exceptionregexpheaderlist000077500000000000000000000005021361351710700235370ustar00rootroot00000000000000#Allowed outgoing HTTP headers based on regular expressions # # E.g. 'User-Agent: .*MSIE' would allow several versions of Internet Explorer # (assuming the user-agent is not being spoofed by the client) # # Headers are matched line-by-line, not as a single block. #listcategory: "Allowed Regular Expression HTTP Headers" e2guardian-5.3.4/configs/lists/exceptionregexpurllist000077500000000000000000000005171361351710700231170ustar00rootroot00000000000000#Exception URLs based on Regular Expressions # # E.g. 'news' would unblock news.bbc.com etc # Example #news # Prevent content scanning of CSS and/or JavaScript files #^[^?]*\.css($|\?) #^[^?]*\.jsp?($|\?) # Allow Facebook plugin applications like # http://apps.facebook.com/neighborhoods/Setup.aspx and others. mock_ajax_proxy.php e2guardian-5.3.4/configs/lists/exceptionregexpuseragentlist000077500000000000000000000004611361351710700243100ustar00rootroot00000000000000#Exception User-Agent based on regular expressions # # E.g. ' .*MSIE' would allow several versions of Internet Explorer # (assuming the user-agent is not being spoofed by the client) # # Usefull for allowing 'apps' to work # E.g. 'Kindle' would make kindle app an exception #listcategory: "user-agent" e2guardian-5.3.4/configs/lists/exceptionsiteiplist000077500000000000000000000002321361351710700223710ustar00rootroot00000000000000#IP Sites in exception list # IP site addresses # # Single IPs, ranges and subnets can be used, # e.g. # 192.168.0.1 # 10.0.0.1-10.0.0.3 # 10.0.0.0/24 # e2guardian-5.3.4/configs/lists/exceptionsitelist000077500000000000000000000012771361351710700220520ustar00rootroot00000000000000#Sites in exception list #Don't bother with the www. or #the http:// # #These are specifically domains and are not URLs. #For example 'foo.bar/porn/' is no good, you need #to just have 'foo.bar'. # # IP must be put in exceptionsiteiplist # #.tld so for example you can match .gov for example # Time limiting syntax: # #time: # Example: ##time: 9 0 17 0 01234 # Remove the first # from the line above to enable this list only from # 9am to 5pm, Monday to Friday. # NOTE: From v5 Blanket exceptions are now implimented using Storyboarding # WARNING: Old style Blanket blocks in this file will be silently ignored windowsupdate.microsoft.com e2guardian-5.3.4/configs/lists/exceptionurllist000077500000000000000000000005511361351710700217020ustar00rootroot00000000000000#URLs in exception list #Don't bother with the www. or #the http:// # #These are parts of sites that filtering should #be switched off for. # #These should not be domains, i.e. entire sites, #they should be a domain with a path. # #For example 'foo.bar' is no good, you need #to just have 'foo.bar/porn/'. # #Another example: #generallybadsite.tld/partthatsok/ e2guardian-5.3.4/configs/lists/exceptionvirusextensionlist000077500000000000000000000005451361351710700242100ustar00rootroot00000000000000# Exception file extension list # Use as a filter group's "exceptionvirusextensionlist", # # Default list: # Unblock web pages & graphics # Text/web document types .css .html .shtml .htm .stm .asp .php .txt .rtx .xml .xsl .cgi .pl # Image types .bmp .cod .gif .ief .jpe .jpeg .jpg .jfif .tif .tiff .ras .cmx .ico .pnm .pbm .pgm .ppm .rgb .xbm .xpm .xwd e2guardian-5.3.4/configs/lists/exceptionvirussiteiplist000077500000000000000000000003501361351710700234630ustar00rootroot00000000000000# IP sites in exceptionvirussiteiplist #The exceptionvirussiteiplist is for allowing ALL of an IP site # IP site addresses # # Single IPs, ranges and subnets can be used, # e.g. # 192.168.0.1 # 10.0.0.1-10.0.0.3 # 10.0.0.0/24 # e2guardian-5.3.4/configs/lists/filtergroupslist000077500000000000000000000003021361351710700217000ustar00rootroot00000000000000# Filter Groups List file for DansGuardian # # Format is =filter<1-9> where 1-9 are the groups # # Eg: # daniel=filter2 # # This file is only of use if you have more than 1 filter group # e2guardian-5.3.4/configs/lists/greysiteiplist000077500000000000000000000006741361351710700213530ustar00rootroot00000000000000# IP site in grey list #The 'grey' lists override the 'banned' lists. #The 'exception' lists override the 'banned' lists also. #The difference is that the 'exception' lists completely switch #off *all* other filtering for the match. 'grey' lists only #stop the URL filtering and allow the normal filtering to work. # IP site addresses # # Single IPs, ranges and subnets can be used, # e.g. # 192.168.0.1 # 10.0.0.1-10.0.0.3 # 10.0.0.0/24 # e2guardian-5.3.4/configs/lists/greysitelist000077500000000000000000000035641361351710700210230ustar00rootroot00000000000000#domains in grey list #Don't bother with the www. or the http:// #The 'grey' lists override the 'banned' lists. #The 'exception' lists override the 'banned' lists also. #The difference is that the 'exception' lists completely switch #off *all* other filtering for the match. 'grey' lists only #stop the URL filtering and allow the normal filtering to work. #An example of grey list use is when in Blanket Block (whitelist) #mode and you want to allow some sites but still filter as normal #on their content #Another example of grey list use is when you ban a site but want #to allow part of it. #The greyurllist is for partly unblocking PART of a site #The greysitelist is for partly unblocking ALL of a site #As of DansGuardian 2.7.3 you can now include #.tld so for example you can match .gov for example #To include additional files in this list use this example: #.Include #You can have multiple .Includes. # Time limiting syntax: # #time: # Example: ##time: 9 0 17 0 01234 # Remove the first # from the line above to enable this list only from # 9am to 5pm, Monday to Friday. # Blanket match. To greylist all sites except those in the # exceptionsitelist and greysitelist files, remove # the # from the next line to leave only a '**': #** # Blanket SSL/CONNECT match. To greylist all SSL # and CONNECT tunnels except to addresses in the # exceptionsitelist and greysitelist files, remove # the # from the next line to leave only a '**s': #**s # Blanket IP match. To greylist all sites specified only as an IP, # remove the # from the next line to leave only a '*ip': #*ip # Blanket SSL/CONNECT IP match. To greylist all SSL and CONNECT # tunnels to sites specified only as an IP, # remove the # from the next line to leave only a '*ips': #*ips #List other sites to greylist: #www.bbc.co.uk e2guardian-5.3.4/configs/lists/greysslsiteiplist000066400000000000000000000002331361351710700220610ustar00rootroot00000000000000# IP sites in SSL grey list # IP site addresses # # Single IPs, ranges and subnets can be used, # e.g. # 192.168.0.1 # 10.0.0.1-10.0.0.3 # 10.0.0.0/24 # e2guardian-5.3.4/configs/lists/greysslsitelist000066400000000000000000000002041361351710700215260ustar00rootroot00000000000000#domains in SSL grey list #Don't bother with the www. or the https:// #This 'grey' lists override the 'banned' lists for SSL only. e2guardian-5.3.4/configs/lists/greyurllist000077500000000000000000000016041361351710700206520ustar00rootroot00000000000000#URLs in grey list #Don't bother with the http:// or the www #The greyurllist is for partly unblocking PART of a site #The greysitelist is for partly unblocking ALL of a site #The 'grey' lists override the 'banned' lists. #The 'exception' lists override the 'banned' lists also. #The difference is that the 'exception' lists completely switch #off *all* other filtering for the match. 'grey' lists only #stop the URL filtering and allow the normal filtering to work. #An example of grey list use is when in Blanket Block (whitelist) #mode and you want to allow some sites but still filter as normal #on their content #Another example of grey list use is when you ban a site but want #to allow part of it. #To include additional files in this list use this example: #.Include #You can have multiple .Includes. #List other URLs to block: #members.home.net/nice e2guardian-5.3.4/configs/lists/headerregexplist000077500000000000000000000010101361351710700216130ustar00rootroot00000000000000# Outgoing HTTP header modifying Regular Expressions # # The format is: "extended regular expression"->"replacement straight string" # E.g. "shit"->"censored" would replace all occurances of shit in any case. # Far more complicated matches are possible. See other sources for examples # of extended regular expressions. # # Headers are run through replacements line-by-line, not as a single block. # Windows Live Search cookie replacement - force filtering on #"cookie:(.*)&ADLT=(OFF|DEMOTE)"->"Cookie:$1&ADLT=STRICT" e2guardian-5.3.4/configs/lists/ipnobypass000066400000000000000000000003351361351710700204510ustar00rootroot00000000000000# User are not allowed to bypass IP sites in this list # # This is not the IP of web servers # you want to filter. # Single IPs, ranges and subnets can be used, # e.g. # 192.168.0.1 # 10.0.0.1-10.0.0.3 # 10.0.0.0/24 # e2guardian-5.3.4/configs/lists/localbannedsearchlist000066400000000000000000000010511361351710700226020ustar00rootroot00000000000000#Local Banned Search Words # #Words must be in alphabetic order within a single line # and separated by a '+' sign. #All combinations of the words will be blocked # e.g. girl+naughty # will block naughty+girl as well as girl+naughty #.Include #.Include #.Include #.Include #.Include e2guardian-5.3.4/configs/lists/localbannedsiteiplist000066400000000000000000000002371361351710700226370ustar00rootroot00000000000000# IP sites in local banned list # IP site addresses # # Single IPs, ranges and subnets can be used, # e.g. # 192.168.0.1 # 10.0.0.1-10.0.0.3 # 10.0.0.0/24 # e2guardian-5.3.4/configs/lists/localbannedsitelist000066400000000000000000000004431361351710700223050ustar00rootroot00000000000000#domains in local banned list #.Include #.Include #.Include #.Include #.Include e2guardian-5.3.4/configs/lists/localbannedsslsiteiplist000066400000000000000000000004201361351710700233530ustar00rootroot00000000000000# IP sites in local banned ssl list #This list is only used for SSL (or CONNECT) requests #Unlike the bannedsitelist it overides all other lists # IP site addresses # # Single IPs, ranges and subnets can be used, # e.g. # 192.168.0.1 # 10.0.0.1-10.0.0.3 # 10.0.0.0/24 # e2guardian-5.3.4/configs/lists/localbannedsslsitelist000066400000000000000000000003361361351710700230300ustar00rootroot00000000000000#domains in banned ssl list #Don't bother with the www. or the https:// #This list is only used for SSL (or CONNECT) requests # and has no effect when MITM is enabled #Unlike the bannedsitelist it overides all other lists e2guardian-5.3.4/configs/lists/localbannedurllist000066400000000000000000000000331361351710700221360ustar00rootroot00000000000000#URLs in local banned list e2guardian-5.3.4/configs/lists/localexceptionsiteiplist000066400000000000000000000002411361351710700234010ustar00rootroot00000000000000#IP Sites in local exception list # IP site addresses # # Single IPs, ranges and subnets can be used, # e.g. # 192.168.0.1 # 10.0.0.1-10.0.0.3 # 10.0.0.0/24 # e2guardian-5.3.4/configs/lists/localexceptionsitelist000066400000000000000000000000371361351710700230530ustar00rootroot00000000000000#Sites in local exception list e2guardian-5.3.4/configs/lists/localexceptionurllist000066400000000000000000000000361361351710700227100ustar00rootroot00000000000000#URLs in local exception list e2guardian-5.3.4/configs/lists/localgreysiteiplist000066400000000000000000000002351361351710700223540ustar00rootroot00000000000000# IP sites in local grey list # IP site addresses # # Single IPs, ranges and subnets can be used, # e.g. # 192.168.0.1 # 10.0.0.1-10.0.0.3 # 10.0.0.0/24 # e2guardian-5.3.4/configs/lists/localgreysitelist000066400000000000000000000000341361351710700220200ustar00rootroot00000000000000#domains in local grey list e2guardian-5.3.4/configs/lists/localgreysslsiteiplist000066400000000000000000000002411361351710700230730ustar00rootroot00000000000000# IP sites in local SSL grey list # IP site addresses # # Single IPs, ranges and subnets can be used, # e.g. # 192.168.0.1 # 10.0.0.1-10.0.0.3 # 10.0.0.0/24 # e2guardian-5.3.4/configs/lists/localgreysslsitelist000066400000000000000000000005521361351710700225470ustar00rootroot00000000000000#domains in SSL grey list #Don't bother with the www. or the https:// #This 'grey' lists overrides the main site 'exception' lists for SSL allowing MITM to be enabled in order to check https full url. # Use to overcome issue where ssl url is in local blocked url list but is overriden by main site exception list forcing tunnel mode and so url never checked. e2guardian-5.3.4/configs/lists/localgreyurllist000066400000000000000000000000311361351710700216530ustar00rootroot00000000000000#URLs in local grey list e2guardian-5.3.4/configs/lists/logregexpurllist000077500000000000000000000011551361351710700217010ustar00rootroot00000000000000# Log regular expression URL list # # This acts as a list of URL regexes which, if matched, will have their category # recorded but no specific filtering action taken. It is only really useful # in conjunction with log analysers, to perform meaningful categorisation and # analysis upon non-blocked/exception requests, and so is disabled and empty # by default. # # If you would like to enable this feature, uncomment "logregexpurllist" in your # e2guardianf*.conf file(s), and place .Include<> statements here for the # categories you would like to log. Included list files must contain a # "#listcategory" directive. e2guardian-5.3.4/configs/lists/logsiteiplist000077500000000000000000000013251361351710700211600ustar00rootroot00000000000000# Log IP site list # # This acts as a list of IP sites which, when found, will have their category # recorded but no specific filtering action taken. It is only really useful # in conjunction with log analysers, to perform meaningful categorisation and # analysis upon non-blocked/exception requests, and so is disabled and empty # by default. # # If you would like to enable this feature, uncomment "logsitelist" in your # e2guardianf*.conf file(s), and place .Include<> statements here for the # categories you would like to log. Included list files must contain a # "#listcategory" directive. # IP site addresses # # Single IPs, ranges and subnets can be used, # e.g. # 192.168.0.1 # 10.0.0.1-10.0.0.3 # 10.0.0.0/24 # e2guardian-5.3.4/configs/lists/logsitelist000077500000000000000000000011221361351710700206220ustar00rootroot00000000000000# Log site list # # This acts as a list of domains which, when found, will have their category # recorded but no specific filtering action taken. It is only really useful # in conjunction with log analysers, to perform meaningful categorisation and # analysis upon non-blocked/exception requests, and so is disabled and empty # by default. # # If you would like to enable this feature, uncomment "logsitelist" in your # e2guardianf*.conf file(s), and place .Include<> statements here for the # categories you would like to log. Included list files must contain a # "#listcategory" directive. e2guardian-5.3.4/configs/lists/logurllist000077500000000000000000000011151361351710700204620ustar00rootroot00000000000000# Log URL list # # This acts as a list of URLs which, when found, will have their category # recorded but no specific filtering action taken. It is only really useful # in conjunction with log analysers, to perform meaningful categorisation and # analysis upon non-blocked/exception requests, and so is disabled and empty # by default. # # If you would like to enable this feature, uncomment "logurllist" in your # e2guardianf*.conf file(s), and place .Include<> statements here for the # categories you would like to log. Included list files must contain a # "#listcategory" directive. e2guardian-5.3.4/configs/lists/newbannedphraselist.in000066400000000000000000000035651361351710700227370ustar00rootroot00000000000000# BANNEDPHRASELIST - INSTRUCTIONS FOR USE # # To block any page with the word "sex". # < sex > # # To block any page with words that contain the string "sex". (ie. sexual) # # # To block any page with the string "sex magazine". # # # To block any page containing the words/strings "sex" and "fetish". # , # # < test> will match any word with the string 'test' at the beginning # will match any word with the string 'test' at the end # will match any word with the string 'test' at any point in the word # < test > will match only the word 'test' # will match that exact phrase # , will match if both words are found in the page # A combination of the above can also be used eg < test>, # # # Extra phrase-list files to include # .Include # # # All phrases need to be within < and > to work, othewise they will be # ignored. # MORE EXAMPLE LISTS CAN BE DOWNLOADED FROM DANSGUARDIAN.ORG # Phrase Exceptions are no longer listed in this file, they are now # listed in the exceptionphraselist file. # #listcategory: "Banned Phrases" # The following banned phraselists enable Website Content Labeling systems. These are enabled by default, but may also be activated using phraselists. .Include<@DGCONFDIR@/lists/newphraselists/ukenglish/safelabel/banned> #.Include<@DGCONFDIR@/lists/newphraselists/portuguese/rta/banned> # The following banned newphraselists are included in the default DG distribution. .Include<@DGCONFDIR@/lists/newphraselists/ukenglish/pornography/banned> ##.Include<@DGCONFDIR@/lists/newphraselists/portuguese/pornography/banned> #.Include<@DGCONFDIR@/lists/newphraselists/ukenglish/illegaldrugs/banned> #.Include<@DGCONFDIR@/lists/newphraselists/ukenglish/gambling/banned> ##.Include<@DGCONFDIR@/lists/newphraselists/portuguese/gambling/banned> e2guardian-5.3.4/configs/lists/newexceptionphraselist.in000066400000000000000000000010501361351710700234710ustar00rootroot00000000000000# EXCEPTIONPHRASELIST - INSTRUCTIONS FOR USE # # If any of the phrases listed below appear in a web page # then it will bypass the filtering and be allowed through # eg # < medical > # # # Combinations # Unblock the page if the following phrases are found on the same page. # Each line is a new combination. # eg #,, # # See the bannedphraselist for more examples. .Include<@DGCONFDIR@/lists/newphraselists/ukenglish/goodphrases/exception> #.Include<@DGCONFDIR@/lists/newphraselists/ukenglish/goodphrases/exception_email> e2guardian-5.3.4/configs/lists/newphraselists/000077500000000000000000000000001361351710700214115ustar00rootroot00000000000000e2guardian-5.3.4/configs/lists/newphraselists/Makefile.am000077500000000000000000000037171361351710700234600ustar00rootroot00000000000000DISTCLEANFILES = Makefile.in DGDATADIR = $(DGCONFDIR)/lists/phraselists MYSUBDIRS = chinesebig5 chinesegb2312 danish dutch french german italian japanese malay norwegian polish portuguese russian-1251 russian-koi8-r spanish swedish ukenglish #WLISTS = README #install-data-local: # $(mkinstalldirs) $(DESTDIR)$(DGDATADIR) && \ # for l in $(WLISTS) ; do \ # echo "$(INSTALL_DATA) $$l $(DESTDIR)$(DGDATADIR)/$$l"; \ # $(INSTALL_DATA) $$l $(DESTDIR)$(DGDATADIR)/$$l; \ # done #uninstall-local: # for l in $(WLISTS) ; do \ # rm -f $(DESTDIR)$(DGDATADIR)/$$l ; \ # done PHRASELISTS = badwords chat drugadvocacy gambling games goodphrases \ gore illegaldrugs intolerance \ nudism personals pornography \ proxies violence warezhacking weapons install-data-local: for lang in $(MYSUBDIRS); do \ for l in $(PHRASELISTS); do \ if test -d $(srcdir)/$$lang/$$l ; then \ $(mkinstalldirs) $(DESTDIR)$(DGDATADIR)/$$lang/$$l && \ for f in $(srcdir)/$$lang/$$l/weighted* $(srcdir)/$$lang/$$l/exception* $(srcdir)/$$lang/$$l/banned*; do \ if test -f $$f ; then \ echo "$(INSTALL_DATA) $$f $(DESTDIR)$(DGDATADIR)/$$lang/$$l"; \ $(INSTALL_DATA) $$f $(DESTDIR)$(DGDATADIR)/$$lang/$$l; \ fi \ done \ fi \ done \ done uninstall-local: for lang in $(MYSUBDIRS); do \ for l in $(PHRASELISTS); do \ for f in $(srcdir)/$$lang/$$l/weighted* $(srcdir)/$$lang/$$l/exception*; do \ rm -f $(DESTDIR)$(DGDATADIR)/$$lang/$$l/`basename $$f`; \ done \ done \ done dist-hook: for lang in $(MYSUBDIRS); do \ for phrase in $(PHRASELISTS); do \ if test "$$phrase" = .; then :; else \ test -d $(distdir)/$$lang/$$phrase \ || mkdir $(distdir)/$$lang/$$phrase \ || exit 1; \ for f in $(srcdir)/$$lang/$$phrase/weighted* $(srcdir)/$$lang/$$phrase/banned* $(srcdir)/$$lang/$$phrase/exception*; do \ if test -f $$f ; then \ cp -p $$f $(distdir)/$$lang/$$phrase ;\ fi; \ done; \ fi; \ done \ done e2guardian-5.3.4/configs/lists/newphraselists/README000066400000000000000000000015761361351710700223020ustar00rootroot00000000000000Revised Phaselists These updated phrase lists are held in language directorys. Protex has updated the ukenglish lists and this is a snapshot of the work doen by Protex staff on these lists. The updated lists give a much reduced rate of false positives than the old phrases lists. Languages other than English - I have populated these with what information I have, but a number of languages have very sparse lists, and urgently need revison by native speakers. If you have better lists then please contribute them so that the lists can be more complete. In v5.3. both the old and new phrase lists are in the distribution and the sample list files point at the old phraselists. To use the new lists you will need to amend the master phraselists manually to point at the new path. Whan v5.4 is released the new phraselist will be the default. Philip Pearce 11th September 2019 e2guardian-5.3.4/configs/lists/newphraselists/chinesebig5/000077500000000000000000000000001361351710700235765ustar00rootroot00000000000000e2guardian-5.3.4/configs/lists/newphraselists/chinesebig5/pornography/000077500000000000000000000000001361351710700261465ustar00rootroot00000000000000e2guardian-5.3.4/configs/lists/newphraselists/chinesebig5/pornography/weighted000077500000000000000000000006221361351710700276740ustar00rootroot00000000000000#listcategory: "Pornography (Chinese)" # # Originally Created by Fernand Jonker # Sponsored by Eric Duveau # <乳房的><30> #breast <性感女神><30> #sexy goddess <性感女><30> #sexy female <性感><30> #sexy <全裸写真><30> #nude pictures <美女明星><30>3 #beauty star <禁止性交图片><100> #explicit photos <快感><40> #hedonic <情色><40> #erotica <金发美女><50>#blond beauty e2guardian-5.3.4/configs/lists/newphraselists/chinesegb2312/000077500000000000000000000000001361351710700236505ustar00rootroot00000000000000e2guardian-5.3.4/configs/lists/newphraselists/chinesegb2312/pornography/000077500000000000000000000000001361351710700262205ustar00rootroot00000000000000e2guardian-5.3.4/configs/lists/newphraselists/chinesegb2312/pornography/weighted000077500000000000000000000006221361351710700277460ustar00rootroot00000000000000#listcategory: "Pornography (Chinese)" # # Originally Created by Fernand Jonker # Sponsored by Eric Duveau # <乳房的><30> #breast <性感女神><30> #sexy goddess <性感女><30> #sexy female <性感><30> #sexy <全裸写真><30> #nude pictures <美女明星><30>3 #beauty star <禁止性交图片><100> #explicit photos <快感><40> #hedonic <情色><40> #erotica <金发美女><50>#blond beauty e2guardian-5.3.4/configs/lists/newphraselists/danish/000077500000000000000000000000001361351710700226575ustar00rootroot00000000000000e2guardian-5.3.4/configs/lists/newphraselists/danish/goodphrases/000077500000000000000000000000001361351710700251755ustar00rootroot00000000000000e2guardian-5.3.4/configs/lists/newphraselists/danish/goodphrases/weighted_general000077500000000000000000000002151361351710700304160ustar00rootroot00000000000000#listcategory: "GoodPhrases (Swedish)" # # Good phrases in Danish # <-35> #education <-15> #educating information e2guardian-5.3.4/configs/lists/newphraselists/danish/pornography/000077500000000000000000000000001361351710700252275ustar00rootroot00000000000000e2guardian-5.3.4/configs/lists/newphraselists/danish/pornography/weighted000077500000000000000000000036721361351710700267650ustar00rootroot00000000000000#listcategory: "Pornography (Danish)" # # Danish Porn Weighted Phrases # Taken from translations done by Charlie Grosvenor # <80> #slut <80> #slut < luder><40> #slut <80> #slut <40> #faggot <80> #faggot <40> #faggot <80> #faggot <75> #hooker ad keywords <40> #bitch <40> #asshole <60> #cunt/pussy <60> #cunt/pussy <60> #fuck < pik ><60> #dick/cock - JMH - original < pik> overblocked. #< patter><20> #tits - overblock - pattern e.g. < lort><20> #shit <15> #sexual <15> #erotic <15> #sensual ,<50> #hooker/massage girl bureau ,,,<75> #hooker ad keywords ,,<75> #hooker ad keywords ,,<75> #hooker ad keywords <75> #hooker ad keywords ,,<75> #hooker ad keywords ,,<75> #hooker ad keywords ,,<75> #hooker ad keywords <75> #hooker ad keywords <75> #hooker ad keywords <75> #hooker ad keywords <75> #hooker ad keywords ,<75> #hooker ad keywords ,<75> #hooker ad keywords ,<75> #hooker ad keywords ,<50> #hooker ad keywords ,<50> #hooker ad keywords <50> #hooker ad keywords <50> #hooker ad keywords ,<50> #hooker ad keywords ,<50> #hooker ad keywords <50> #hooker ad keywords <50> #hooker ad keywords <50> #hooker ad keywords <50> #hooker ad keywords ,<25> #hooker ad keywords ,<25> #hooker ad keywords ,<25> #hooker ad keywords ,<25> #hooker ad keywords ,<25> #hooker ad keywords e2guardian-5.3.4/configs/lists/newphraselists/dutch/000077500000000000000000000000001361351710700225205ustar00rootroot00000000000000e2guardian-5.3.4/configs/lists/newphraselists/dutch/badwords/000077500000000000000000000000001361351710700243255ustar00rootroot00000000000000e2guardian-5.3.4/configs/lists/newphraselists/dutch/badwords/weighted000077500000000000000000000021031361351710700260470ustar00rootroot00000000000000#listcategory: "Badwords (Dutch)" # # Dutch Swear Words Weighted Phrases # Taken from swif.zip from dansguardian website # < apenaaier ><75> #monkey-fucker < bruinweker ><50> #literally: brown-creeper = fagget < droogkloot ><25> #literally: dry-nut (as in: testicle) < flikker ><50> #fagget/sissy < hoer ><25> #hooker < hoerenjong ><65> #son-of-bitch < hondelul ><50> #cock-of-a-dog (commonly used, also by kids) < kak ><10> #shit < klootzak ><50> #ass-hole < kut ><50> #cunt/pussy < kutwijf ><90> #fucking bitch < lul ><50> #dick/cock < moederneuker ><75> #motherfucker < nauwe gaatje ><50> #literally: ass-hole < paardenlul ><50> #horse-cock < pik omhoog ><80> #boner < reetneuker ><70> #literally: ass-fucker < rukker ><50> #jerk-off < schijt ><50> #shit < schijtlul ><50> #literally: shit-cock; commonly used for a chicken-shit < slet ><50> #slut < smerige kankerhoer ><75> #fucking whore (bad..) < spast ><50> #spastic < stront ><25> #shit < sufkut ><75> #literally; sleepy-cunt < sukkel ><20> #dumbo < vuile kankerlijer ><75> #fucking ass-hole (bad one) < zakkewasser ><42> #ass-hole e2guardian-5.3.4/configs/lists/newphraselists/dutch/goodphrases/000077500000000000000000000000001361351710700250365ustar00rootroot00000000000000e2guardian-5.3.4/configs/lists/newphraselists/dutch/goodphrases/weighted_general000077500000000000000000000001311361351710700302540ustar00rootroot00000000000000#listcategory: "GoodPhrases (Dutch)" # # Good phrases in Dutch # < kerk ><-60> #church e2guardian-5.3.4/configs/lists/newphraselists/dutch/pornography/000077500000000000000000000000001361351710700250705ustar00rootroot00000000000000e2guardian-5.3.4/configs/lists/newphraselists/dutch/pornography/weighted000077500000000000000000000012211361351710700266120ustar00rootroot00000000000000#listcategory: "Pornography (Dutch)" # # dutch porn weighted phrases # originally created by fernand jonker # <80> <80> ,<30> <30> <30> <20> < neuken ><50> #< pik ><5> < hoer ><25> < eikel ><5> < seks ><5> <10> <20> <20> <50> <50> <10> <20> <20> <18 jarige sletjes><20> <20> <20> <20> <20> <20> <20> <20> <20> <20> <20> <20> <20> e2guardian-5.3.4/configs/lists/newphraselists/french/000077500000000000000000000000001361351710700226565ustar00rootroot00000000000000e2guardian-5.3.4/configs/lists/newphraselists/french/badwords/000077500000000000000000000000001361351710700244635ustar00rootroot00000000000000e2guardian-5.3.4/configs/lists/newphraselists/french/badwords/weighted000077500000000000000000000016401361351710700262120ustar00rootroot00000000000000#listcategory: "Badwords (French)" # # French Swear Words Weighted Phrases # < merde ><50> < tu m'emmerdes ><80> < tu me fais chier ><50> # you are pissing me off < retourne enculer ><80> # go and fuck yourself < encul ><70> < salope ><60> < conasse ><40> < poufiasse ><40> < ordure ><20> # mess / rubbish < chier ><50> # to shit < faire foutre ><80> < fils de pute ><90> # son of a whore < branler ><50> < bique ><50> # cock < trou du cul ><80> # literally hole of arse < le con ><60> < la chatte ><90> # pussy < baiser ><60> < conneries ><30> < fait moi jouir ><80> # make me cum < tte moi le dard ><80> < tte moi le noeud ><80> < pd ><40> < tantouze ><50> < couilles ><60> # balls < putain ><60> # whore < pute ><60> < cul ><40> < pauvre con ><60> # poor bastard < pisser dans ><50> < fils de pute ><90> < salope ><60> < Va te branler ><70> < Va te tripoter ><80> < Va te faire enculer ><90> < choleque de merde ><60> e2guardian-5.3.4/configs/lists/newphraselists/french/pornography/000077500000000000000000000000001361351710700252265ustar00rootroot00000000000000e2guardian-5.3.4/configs/lists/newphraselists/french/pornography/weighted000077500000000000000000000057421361351710700267640ustar00rootroot00000000000000#listcategory: "Pornography (French)" # # French Pornography Weighted Phrases # Original data Cedric Foll # Data mined by Daniel Barron # < pornographique ><20> #< gratuit ><10># Fernand Overblock #< vidéos ><15># Fernand Overblock < des mineurs ><15> < Je certifie ><10> < amateurs ><10> #< organisme ><15># Fernand Overblock < sodomie ><20> < un mineur ><10> #< femme ><5> #< filles ><10> #< femmes ><5> < de poursuivre ><10> < majeur et ><10> < img sexe ><10> < titre personnel ><10> < vigueur ><10> < seins ><10> #< gratuites ><10># Fernand Overblock < pornographie ><20> < action judiciaire ><10> #< peuvent ><10> # Fernand Overblock < sperme ><10> < lingerie ><10> < contient des ><10> < public majeur ><10> < Sexe ><10> < réservé ><10> < ci-dessus ><10> < censure ><10> < accéder ><10> < adultes ><10> < l'honneur ><10> < du caractère ><10> < permettant ><10> < penetration ><10> < m'autorisent ><10> < sur honneur ><10> < m'interdit ><10> < choquantes ><10> #< auquel ><10> # Fernand Overblock < lesbiennes ><15> #< plusieurs ><10> # Fernand Overblock < des textes ><10> < contenu des ><10> < erotique ><10> < fellation ><15> < rencontre ><10> < consulter ><10> < charme ><10> < responsabilité si ><10> < partouze ><10> < fellation ><10> < rencontre ><10> < Mesurez ><10> #< ou plusieurs ><10># Fernand Overblock < choqué ><10> < a xiti ><10> < érotique ><10> #< un organisme ><15># Fernand Overblock < de censure ><10> < caractère pornographique ><10> < manière ><10> < lesbienne ><10> < sexualité ><10> < censure divulgation ><10> < lu attentivement ><10> < erotisme ><10> < rencontres ><10> < lesbiennes ><15> < transmettre ><15> < transmettre de ><10> < vagin ><10> < quelque manière ><10> #< adulte ><10> < de sexe ><10> < voyeur ><10> < galerie ><10> < mineur assumer ><15> < j'accède ><10> < sexe gratuit ><10> < privée ><10> < erotiques ><10> < erotisme ><10> < de sexualité ><10> < lesbienne ><10> < fellations ><10> < éditrice ><10> < echangisme ><10> < pornographiques ><10> < homosexuel ><15> < permettant empécher ><10> < sodomies ><15> < echangisme ><10> #< adulte ><10> < defloration ><10> < travestis ><10> < pour adultes ><10> < photo sexe ><15> < sexe photo ><15> < meta amatrice ><10> < jouir ><5> < travesti ><15> < fetichisme ><15> < érotiques ><10> < caractere pornographique ><10> < cochonne ><10> < transexuels ><10> < transsexuel ><10> < aux mineurs ><10> < aucun organisme ><15> < analeclate ><10> < asiatrique ><10> < mineur accede ><10> < caractère érotique ><10> < annuaire sexe ><10> < érotisme ><10> < bisexuel ><10> < godemichets ><10> < vibro ><10> < personnes mineures ><10> < videos gratuites ><10> < photos classees ><10> < photos femmes ><10> < photos pornos ><15> < nudité ><10> < Sexe gratuit ><15> < Transexuels ><10> < photo gratuite ><10> < organisme Etat ><10> < sadomaso ><15> < pénétration ><10> #< francophone ><10> #Fernand overblock < hermaphrodites ><10> <80> <80> # < nu ><20> # Overblock < nue ><20> e2guardian-5.3.4/configs/lists/newphraselists/german/000077500000000000000000000000001361351710700226625ustar00rootroot00000000000000e2guardian-5.3.4/configs/lists/newphraselists/german/badwords/000077500000000000000000000000001361351710700244675ustar00rootroot00000000000000e2guardian-5.3.4/configs/lists/newphraselists/german/badwords/weighted000077500000000000000000000013501361351710700262140ustar00rootroot00000000000000#listcategory: "Badwords (German)" # # German Swear Words Weighted Phrases # Taken from swif.zip from dansguardian website # < arschloch ><20> < scheiss ><20> < scheisse ><20> < fotze ><20> < schwuchtl ><20> < lesbe ><20> < mutterficker ><20> < hurensohn ><20> < hure ><20> < arschgesicht ><20> < fick ><20> < scheissdreck ><20> < arschficker ><20> < arsch ><20> < scheisskopf ><20> < schnoodle noodle ><20> < verpiss dich ><20> < wichser ><20> < arschgeige ><20> < hosenscheisser ><20> < schwanz ><20> < affenschwanz ><20> #Schlampe - tramp or slut #Schweinebacke - double crossing so and so #Dumpfbacke - idiot (mainly for female) #Arschkriecher - person who kisses bosses arse e2guardian-5.3.4/configs/lists/newphraselists/german/pornography/000077500000000000000000000000001361351710700252325ustar00rootroot00000000000000e2guardian-5.3.4/configs/lists/newphraselists/german/pornography/weighted000077500000000000000000000031671361351710700267670ustar00rootroot00000000000000#listcategory: "Pornography (German)" #thomas jarosch <24 stunden live><20> <20> <80> <80> <20> <20> <30> <20> <20> < dildo ><50> <80> <40> <40> <40> < erotik ><60> <60> <60> < fick ><30> <30> <40> <40> <40> <10> <20> <20> <20> <40> <20> <40> <80> <10> <10> <40> <80> #<20> overblock - Karla Homolka as example #<40> overblock? <10> <10> <20> <40> <80> <20> <10> <20> < luder ><40> <10> <10> <40> <40> <80> <10> <20> <80> <40> ,<40> <20> <20> <10> <20> <40> <80> <80> <20> <5> <10> <60> <40> <80> <80> <80> <40> <20> <40> <40> #<40> <40> <40> <40> <40> <80> <80> <20> <40> <40> <40> <20> < wichse ><40> <40> <40> <10> <60> <20> e2guardian-5.3.4/configs/lists/newphraselists/italian/000077500000000000000000000000001361351710700230325ustar00rootroot00000000000000e2guardian-5.3.4/configs/lists/newphraselists/italian/badwords/000077500000000000000000000000001361351710700246375ustar00rootroot00000000000000e2guardian-5.3.4/configs/lists/newphraselists/italian/badwords/weighted000077500000000000000000000235701361351710700263740ustar00rootroot00000000000000#listcategory: "Badwords (Italian)" # # porn site # # parole < arrapa><100> < sborra><170> < pompin><170> < ditalin><170> < sperma><10> < fetic><40> < culo><20> < culi><40> < inculat><170> < lesbic><20> < capezzol><20> < vergin><20> < lucirosse><20> < vietatissim><20> < proibitissim><20> < vibrator><50> < sesso ><10> < erotic><20> < guardon><20> < chiapp><10> < tette><30> < cazzo ><40> < cazzi ><40> < cazzon><40> < troia ><50> < troie><50> < fica ><80> < figa ><80> < fiche ><80> < fighe ><80> < strafighe ><80> < strafiga ><80> < fichetta ><40> < fregna ><80> < fregne ><80> < porca ><10> < porche ><100> < porcate ><20> < anale ><10> < anali ><40> < incest><20> < masturba><30> < oscen><5> < pedofil><40> < spogliarell><10> < orgia><20> < succhiacazz><170> < minchia ><30> < trombare ><40> < scopare ><40> < scopata ><100> < troiona ><100> < troione ><100> < porcona ><100> < porcone ><100> < puttanona ><100> < puttanone ><100> < puttanaccia ><100> < maialaccia ><100> < maialacce ><100> < perversion><20> < pervertit><20> # parole non offensive ma legate a porn site < ragazza ><5> < ragazze ><5> < donna ><5> < donne ><5> < studentesse><5> < modell><5> < adult><10> < soggetti ><5> < maturo ><5> < pubblico ><5> < maggiorenn><5> < minorenn><5> < visione ><5> < sconsigliata ><5> < sensibil><5> < offensivo ><5> < erotic><10> < materiale ><5> <5> < severamente ><5> < proibito ><10> < penetrare ><10> < penetra ><10> < voglios><10> < materiale ><5> < film ><5> < filmati ><5> < foto ><5> < contenuto ><5> < sexy ><10> < webcam ><10> < live ><10> < riprese><5> < rapporto><5> < rapporti><5> < coppie><5> < ninfoman><30> < accompagnatric><10> < prestazion><5> < trasgression><10> < case chiuse><10> < bordell><10> < appuntament><5> < in posa><10> < in calore><40> < pecorina><30> < bocchin ><20> # porn site: parole con aggettivo <170> <170> <170> <170> <170> <170> <170> <70> <170> <170> <170> <170> <170> <170> <170> <170> <170> <170> <170> <170> <170> <70> <70> <70> <170> <170> <50> <40> <50> <170> <170> <170> <170> <170> <170> <30> <80> <70> <80> <80> <60> <170> <170> <170> <170> <10> <60> <60> # porn site: frasi tipiche < di cazzo><150> < di cazzi><150> <70> <70> <70> <70> <70> <70> <70> <70> <70> <70> <70> < destinat>,<70> < destinat>,<70> < dichiari >,< di non sentirti offeso><70> < dichiari >,< di non ritenerti offeso><70> < salvaguarda>,< bambini>,< software ><20> < salvaguarda>,< minori>,< software ><20> < proteggere>,< bambini>,< software ><20> < proteggere>,< minori>,< software ><20> < tutela>,< bambini>,< software ><20> < tutela>,< minori>,< software ><20> ,< impressionabili>,< soggetti ><70> ,< impressionabili>,< persone > <70> ,< sensibili>,< soggetti ><70> ,< sensibili>,< persone ><70> < sconsiglia la visione >,< impressionabili>,< soggetti ><70> < sconsiglia la visione >,< impressionabili>,< persone ><70> < sconsiglia la visione >,< sensibili>,< soggetti ><70> < sconsiglia la visione >,< sensibili>,< persone ><70> < consentita >,< solo se hai compiuto il >,< anno ><70> ,< esplicit>,< porno><170> ,< esplicit>,< hard><170> ,< esplicit>,< sessuale ><170> ,< a sfondo >,< sessuale ><170> ,< a sfondo >,< porno><170> < adult>, < esplicit>,< offensiv><170> < offes>,< visione >, < materiale >,< hard><170> < offes>,< visione >, < materiale >,< porn><170> < vietato >,< minori di ><40> ,<100> ,< avviso ><100> ,<100> ,< avvisa ><100> ,<100> ,<100> ,< informa ><100> ,<100> ,<100> ,<100> ,<100> ,< avvisa ><100> ,<100> ,<100> ,< informa ><100> ,<100> ,<100> ,<100> ,<100> ,<100> ,< avvisa ><100> ,<100> ,<100> ,< informa ><100> ,<100> ,<100> ,<100> ,<100> ,< avvisa ><100> ,<100> ,<100> ,< informa ><100> ,<100> < offendere >,< sensibilit><40> < offendere >,< sensibilita'><40> < offende >,< sensibilit><40> < offende >,< sensibilita'><40> ,< maggiore >,< et><100> ,< maggiore >,< eta'><100> < essere maggiorenne>,< entrare><100> < essere maggiorenne>,< visitare ><100> < essere maggiorenne>,< visionare ><100> < essere maggiorenne>,< accedere><100> < essere maggiorenne>,< dichiaro ><170> < essere maggiorenne>,< dichiari ><170> < essere maggiorenne>,< accerti ><100> < essere maggiorenne>,< certifichi ><100> < non essere minorenne>,< dichiaro ><170> < non essere minorenne>,< dichiari ><170> < non essere un minorenne>,< dichiaro ><170> < non essere un minorenne>,< dichiari ><170> < non essere un minorenne>,< accerti ><100> < non essere un minorenne>,< certifichi ><100> ,< proibito >,< minori><100> ,< proibito >,< minore et><100> ,< proibito >,< minore eta'><100> ,< proibito >,< minorenni><100> < uscire>,< non sei maggiorenne ><170> < non entrare>,< minorenne ><170> < tutti >,< modelli >,< maggiore >,< et><170> < tutti >,< modelli >,< maggiore >,< eta'><170> < tutti >,< modelli >,< sono maggiorenni><170> < tutte >,< modelle >,< maggiore >,< et><170> < tutte >,< modelle >,< maggiore >,< eta'><170> < tutte >,< modelle >,< sono maggiorenni><170> < uscire immediatamente >,< invitato ><100> < uscire immediatamente >,< invitiamo ><100> < consigliata ad un pubblico maggiorenne >,<100> < consigliata ad un pubblico maturo >,<100> < consigliata ad un pubblico adulto >,<100> < orientato >,< pubblico maturo><40> < orientato >,< pubblico maggiorenne><40> <40> <20> <100% >,< anonim><40> <20> < sesso esplicito >,<170> < sesso esplicito >,<170> < sesso esplicito >,<170> < sesso esplicito >,<170> < sesso estremo >,<170> < sesso estremo >,<170> < sesso estremo >,<170> < sesso estremo >,<170> < hardcore estremo>,<170> < hardcore estremo>,<170> < hardcore estremo>,<170> < hardcore estremo>,<170> < hardcore estremo>,<170> < hardcore estremo>,