Tips & Enhancements
Multiple DG Filter Groups
Dansguardian supports multiple filtering groups. (i.e.
Teachers get
one set of restrictions, students get a different set.) The GUI in
copplus does not support setting up multiple groups. however, if you
use WinSCP to setup a few extra text files on IPCop it will work!
Beware -
This requires even more RAM in your system.
Futuragts has a good
writeup on their wiki here:
http://contentfilter.futuragts.com/wiki/index.php?title=Group_Configuration
Use your Windows Domain controller to authenticate
You can have IPCop talk to your domain controller and require a domain username and password before folks can web browse. This doesn't stop email, ftp or most P2P programs etc. , only web browsers using the normal port 80.
If you haven't already done so, install WinSCP
and use it to connect to IPCop on port 222.
Username is root and whatever password you setup.
- Browse to and edit the file:
/home/httpd/cgi-bin/proxz.cgi
- Find the line:
auth_param basic program /usr/lib/squid/ncsa_auth $passwordfile
change it to:
auth_param basic program /usr/lib/squid/msnt_auth
- Save that file than go find:
/etc/squid/msntauth.conf
Edit it to show your primary and backup domain controller names and your domain name. Comment out everything but one line. (A # at the beginning of a line makes it a comment.)
In my case the line looks like this:
server server-i server-n cpnet
My PDC is server-i my BDC is server-n and the domain name is cpnet. - After saving both files, go to IPCop's GUI under services - proxy. Make sure transparent is off and "require authentication" is on and hit the save button.
Now it should ignore the user list you created on IPCop and instead accept usernames and passwords from your windows domain controllers. People will still be prompted each time they startup their web browser before they can get to the internet. The dansguardian and squid logs on IPCop will show usernames now.