From a223eead5b455756a158636eba30037a1d173ae6 Mon Sep 17 00:00:00 2001 From: Jason Date: Wed, 16 Feb 2022 17:39:20 -0500 Subject: [PATCH] =?UTF-8?q?=F0=9F=97=83=EF=B8=8F=20modified:=20config/e2gu?= =?UTF-8?q?ardian/e2guardianf1.conf=20=F0=9F=97=83=EF=B8=8F?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- config/e2guardian/e2guardianf1.conf | 404 +--------------------------- 1 file changed, 7 insertions(+), 397 deletions(-) diff --git a/config/e2guardian/e2guardianf1.conf b/config/e2guardian/e2guardianf1.conf index bbd92fb..4092d6d 100644 --- a/config/e2guardian/e2guardianf1.conf +++ b/config/e2guardian/e2guardianf1.conf @@ -1,35 +1,11 @@ # e2guardian filter group config file for version 5.3.1 - -# This file is re-read on gentle restart and any changes actioned - -# Filter group mode IS NOT LONGER SUPPORTED -# Unauthenticated users are treated as being in the default filter group. -# groupmode = 1 #DISABLED - -# Filter group name -# Used to fill in the -FILTERGROUP- placeholder in the HTML template file, and to -# name the group in the access logs -# Defaults to empty string -#groupname = '' -groupname = 'no_name_group' - -# Much logic has moved to storyboard files -storyboard = '/etc/e2guardian/examplef1.story' - -# Enable legacy (DG) ssl logic -# -# The following option is replaced by storyboard logic +groupname = 'ProxyGroup' +storyboard = '/etc/e2guardian/default.story' # ssllegacylogic = off - -# Content filtering files location - bannedphraselist = '/etc/e2guardian/lists/bannedphraselist' weightedphraselist = '/etc/e2guardian/lists/weightedphraselist' exceptionphraselist = '/etc/e2guardian/lists/exceptionphraselist' -### NOTE - New format for all other list definitions in v5.0 -### see notes/V5_list_definition for details - #banned lists sitelist = 'name=banned,messageno=500,path=/etc/e2guardian/lists/bannedsitelist' ipsitelist = 'name=banned,messageno=510,path=/etc/e2guardian/lists/bannedsiteiplist' @@ -92,67 +68,19 @@ sitelist = 'name=localexception,messageno=662,path=/etc/e2guardian/lists/localex #ipsitelist = 'name=localexception,messageno=662,path=/etc/e2guardian/lists/localexceptionsiteiplist' #urllist = 'name=localexception,messageno=663,path=/etc/e2guardian/lists/localexceptionurllist' - -# Filetype filtering -# -# Allow bannedregexpurllist with grey list mode -# -# The following option is replaced by storyboard logic -# bannedregexwithblanketblock = off -# -# The following option is replaced by storyboard logic #blockdownloads = off - -# Phrase filtering additional mime types (by default text/*) -# textmimetypes = 'application/xhtml+xml,application/xml,application/json,application/javascript,application/x-javascript' - -# Uncomment the two lines below if want to only allow extentions/mime types in these lists -# You will also need to uncomment the checkfiletype function in site.story to enable this -#fileextlist = 'name=exceptionextension,path=/etc/e2guardian/lists/exceptionextensionlist' #mimelist = 'name=exceptionmime,path=/etc/e2guardian/lists/exceptionmimelist' -# -# Use the following lists to block specific kinds of file downloads. -# fileextlist = 'name=bannedextension,messageno=900,path=/etc/e2guardian/lists/bannedextensionlist' mimelist = 'name=bannedmime,messageno=800,path=/etc/e2guardian/lists/bannedmimetypelist' # -# In either file filtering mode, the following list can be used to override -# MIME type & extension blocks for particular domains & URLs (trusted download sites). -# sitelist = 'name=exceptionfile,path=/etc/e2guardian/lists/exceptionfilesitelist' ipsitelist = 'name=exceptionfile,path=/etc/e2guardian/lists/exceptionfilesiteiplist' urllist = 'name=exceptionfile,path=/etc/e2guardian/lists/exceptionfileurllist' - -# POST protection (web upload and forms) -# does not block forms without any file upload, i.e. this is just for -# blocking or limiting uploads -# measured in kibibytes after MIME encoding and header bumph -# use 0 for a complete block -# use higher (e.g. 512 = 512Kbytes) for limiting -# use -1 for no blocking -# NOTE: POST PROTECTION IS NOT YET IMPLIMENTED IN V5 -#maxuploadsize = 512 -#maxuploadsize = 0 maxuploadsize = -1 - -# Categorise without blocking: -# Supply categorised lists here and the category string shall be logged against -# matching requests, but matching these lists does not perform any filtering -# action. #sitelist = 'name=log,path=/etc/e2guardian/lists/logsitelist' #ipsitelist = 'name=log,path=/etc/e2guardian/lists/logsiteiplist' #urllist = 'name=log,path=/etc/e2guardian/lists/logurllist' #regexpboollist = 'name=log,path=/etc/e2guardian/lists/logregexpurllist' - -# Outgoing HTTP header rules: -# Optional lists for blocking based on, and modification of, outgoing HTTP -# request headers. Format for headerregexplist is one modification rule per -# line, similar to content/URL modifications. Format for -# bannedregexpheaderlist is one regular expression per line, with matching -# headers causing a request to be blocked. -# Headers are matched/replaced on a line-by-line basis, not as a contiguous -# block. -# Use for example, to remove cookies or prevent certain user-agents. regexpreplacelist = 'name=headermods,path=/etc/e2guardian/lists/headerregexplist' regexpboollist = 'name=bannedheader,path=/etc/e2guardian/lists/bannedregexpheaderlist' regexpboollist = 'name=exceptionheader,path=/etc/e2guardian/lists/exceptionregexpheaderlist' @@ -165,363 +93,45 @@ regexpreplacelist = 'name=addheader,path=/etc/e2guardian/lists/addheaderregexpli #sitelist = 'name=exceptionvirus,path=/etc/e2guardian/lists/contentscanners/exceptionvirussitelist' #ipsitelist = 'name=exceptionvirus,path=/etc/e2guardian/lists/contentscanners/exceptionvirussiteiplist' #urllist = 'name=exceptionvirus,path=/etc/e2guardian/lists/contentscanners/exceptionvirusurllist' - -# Weighted phrase mode -# Optional; overrides the weightedphrasemode option in e2guardian.conf -# for this particular group. See documentation for supported values in -# that file. #weightedphrasemode = 0 - -# Naughtiness limit -# This the limit over which the page will be blocked. Each weighted phrase is given -# a value either positive or negative and the values added up. Phrases to do with -# good subjects will have negative values, and bad subjects will have positive -# values. See the weightedphraselist file for examples. -# As a guide: -# 50 is for young children, 100 for old children, 160 for young adults. -naughtynesslimit = 50 - -# Search term blocking -# Search terms can be extracted from search URLs and filtered using one or -# both of two different methods. - -# Method 1 is that developed by Protex where specific -# search terms are contained in a bannedsearchlist. -# (localbannedsearchlist and bannedsearchoveridelist can be used to suppliment -# and overide this list as required.) -# These lists contain banned search words combinations on each line. -# Words are separated by '+' and must be in sorted order within a line. -# so to block 'sexy girl' then the list must contain the line -# girl+sexy -# and this will block both 'sexy girl' and 'girl sexy' -# To use this method, the searchregexplist must be enabled and the bannedsearchlist(s) defined - -# Method 2 is uses the -# bannedphraselist, weightedphraselist and exceptionphraselist, with a separate -# threshold for blocking than that used for normal page content. -# To do this, the searchregexplist must be enabled and searchtermlimit -# must be greater than 0. - -# -# Search engine regular expression list (need for both options) -# List of regular expressions for matching search engine URLs. It is assumed -# that the search terms themselves will be contained in the -# of output of each expression. +naughtynesslimit = 100 regexpreplacelist = 'name=searchterms,path=/etc/e2guardian/lists/searchregexplist' -# -# Banned Search Term list(s) for option 1 searchlist = 'name=banned,path=/etc/e2guardian/lists/bannedsearchlist' searchlist = 'name=override,path=/etc/e2guardian/lists/bannedsearchoveridelist' - - -# Search term limit (for Option 2) -# The limit over which requests will be blocked for containing search terms -# which match the weightedphraselist. This should usually be lower than the -# 'naughtynesslimit' value above, because the amount of text being filtered -# is only a few words, rather than a whole page. -# This option must be uncommented if searchregexplist is uncommented. -# A value of 0 here indicates that search terms should be extracted, -# but no phrase filtering should be performed on the resulting text. -#searchtermlimit = 0 -# -# Search term phrase lists (for Option 2) -# If the three lines below are uncommented, search term blocking will use -# the banned, weighted & exception phrases from these lists, instead of using -# the same phrase lists as for page content. This is optional but recommended, -# as weights for individual phrases in the "normal" lists may not be -# appropriate for blocking when those phrases appear in a much smaller block -# of text. -# Please note that all or none of the below should be uncommented, not a -# mixture. -# NOTE: these are phrase lists and still use the old style defines -#bannedsearchtermlist = '/etc/e2guardian/lists/bannedsearchtermlist' -#weightedsearchtermlist = '/etc/e2guardian/lists/weightedsearchtermlist' -#exceptionsearchtermlist = '/etc/e2guardian/lists/exceptionsearchtermlist' - -# Category display threshold -# This option only applies to pages blocked by weighted phrase filtering. -# Defines the minimum score that must be accumulated within a particular -# category in order for it to show up on the block pages' category list. -# All categories under which the page scores positively will be logged; those -# that were not displayed to the user appear in brackets. -# -# -1 = display only the highest scoring category -# 0 = display all categories (default) -# > 0 = minimum score for a category to be displayed categorydisplaythreshold = 0 - -# Embedded URL weighting -# When set to something greater than zero, this option causes URLs embedded within a -# page's HTML (from links, image tags, etc.) to be extracted and checked against the -# bannedsitelist and bannedurllist. Each link to a banned page causes the amount set -# here to be added to the page's weighting. -# The behaviour of this option with regards to multiple occurrences of a site/URL is -# affected by the weightedphrasemode setting. -# -# NB: Currently, this feature uses regular expressions that require the PCRE library. -# As such, it is only available if you compiled e2guardian with '--enable-pcre=yes'. -# You can check compile-time options by running 'e2guardian -v'. -# -# Set to 0 to disable. -# Defaults to 0. -# WARNING: This option is highly CPU intensive! embeddedurlweight = 0 - -# Temporary Denied Page Bypass -# This provides a link on the denied page to bypass the ban for a few minutes. To be -# secure it uses a random hashed secret generated at daemon startup. You define the -# number of seconds the bypass will function for before the deny will appear again. -# To allow the link on the denied page to appear you will need to edit the template.html -# or e2guardian.pl file for your language. -# 300 = enable for 5 minutes -# 0 = disable ( defaults to 0 ) -# -1 - depreciated - for backward compatability enables cgibypass with bypassversion 1 bypass = 0 - -# Byapss version 2 is experimental, provide a secure cgi communication (see notes/cgi_bypass documentation) -# - -# Bypass version -# can be 1 or 2 -# Always use v2 unless you have old style cgi hash generation in use -# Default is 1 -# bypassversion = 2 - -# cgibypass - Use a separate program/CGI to (in v1 generate) or (in v2 validate) link -# 'on' or 'off' (default) -# cgibypass = 'off' - -# Temporary Denied Page Bypass Secret Key -# Rather than generating a random key you can specify one. It must be more than 8 chars. -# '' = generate a random one (recommended and default) -# 'Mary had a little lamb.' = an example -# '76b42abc1cd0fdcaf6e943dcbc93b826' = an example bypasskey = '' - -# magic key for cgi bypass v2 - used to sign communications between e2g and cgi -# default is blank -#cgikey = 'you must change this text in order to be secure' - -# Users will not be able to bypass sites/urls in these lists sitelist = 'name=bannedbypass,messageno=500,path=/etc/e2guardian/lists/bannedsitelistwithbypass' #ipsitelist = 'name=bannedbypass,messageno=500,path=/etc/e2guardian/lists/bannedsiteiplistwithbypass' #urllist = 'name=bannedbypass,messageno=501,path=/etc/e2guardian/lists/bannedurllistwithbypass' - -# Infection/Scan Error Bypass -# Similar to the 'bypass' setting, but specifically for bypassing files scanned and found -# to be infected, or files that trigger scanner errors - for example, archive types with -# recognised but unsupported compression schemes, or corrupt archives. -# The option specifies the number of seconds for which the bypass link will be valid. -# 300 = enable for 5 minutes -# 0 = disable (default) -# -1 - depreciated - for backward compatability enables cgiinfectionbypass with bypassversion 1 infectionbypass = 0 - -# cgiinfectionbypass - Use a separate program/CGI to (v1 generate) or (v2 validate) link -# 'on' or 'off' (default) -# cgiinfectionbypass = 'off' - -# Infection/Scan Error Bypass Secret Key -# Same as the 'bypasskey' option, but used for infection bypass mode. infectionbypasskey = '' - -# Infection/Scan Error Bypass on Scan Errors Only -# Enable this option to allow infectionbypass links only when virus scanning fails, -# not when a file is found to contain a virus. -# on = enable (default and highly recommended) -# off = disable infectionbypasserrorsonly = on - -# Disable content scanning -# If you enable this option you will disable content scanning for this group. -# Content scanning primarily is AV scanning (if enabled) but could include -# other types. -# (on|off) default = off. disablecontentscan = off - -# Disable content scanning with error (timeout, AV crash, etc) -# If you enable this option you will allow object with an unexpected result -# Content scanning primarily is AV scanning (if enabled) but could include -# other types. -# With "on" you can allow INFECTED objects -# (on|off) default = off. (default and highly recommended) disablecontentscanerror = off - -# If 'on' exception sites, urls, users etc will be scanned -# This is probably not desirable behavour as exceptions are -# supposed to be trusted and will increase load. -# Correct use of grey lists are a better idea. -# (on|off) default = off contentscanexceptions = off - -# Auth plugins -# Enable Deep URL Analysis -# When enabled, DG looks for URLs within URLs, checking against the bannedsitelist and -# bannedurllist. This can be used, for example, to block images originating from banned -# sites from appearing in Google Images search results, as the original URLs are -# embedded in the thumbnail GET requests. -# (on|off) default = off deepurlanalysis = off - -# reportinglevel -# -# -1 = log, but do not block - Stealth mode -# 0 = just say 'Access Denied' -# 1 = report why but not what denied phrase -# 2 = report fully -# 3 = use HTML template file (accessdeniedaddress ignored) - recommended -# -# If defined, this overrides the global setting in e2guardian.conf for -# members of this filter group. -# reportinglevel = 3 - -# accessdeniedaddress is the address of your web server to which the cgi -# e2guardian reporting script was copied. Only used in reporting levels -# 1 and 2. -# -# This webserver must be either: -# 1. Non-proxied. Either a machine on the local network, or listed as an -# exception in your browser's proxy configuration. -# 2. Added to the exceptionsitelist. Option 1 is preferable; this option is -# only for users using both transparent proxying and a non-local server -# to host this script. -# #accessdeniedaddress = 'http://YOURSERVER.YOURDOMAIN/cgi-bin/e2guardian.pl' - -# HTML Template override -# If defined, this specifies a custom HTML template file for members of this -# filter group, overriding the global setting in e2guardian.conf. This is -# only used in reporting level 3. -# -# The default template file path is //template.html -# e.g. /usr/share/e2guardian/languages/ukenglish/template.html when using 'ukenglish' -# language. -# -# This option generates a file path of the form: -# // -# e.g. /usr/share/e2guardian/languages/ukenglish/custom.html -# #htmltemplate = 'custom.html' - -#Template for use to report network issues and sites which are not responding -# The default template file path is //neterr_template.html -# e.g. /usr/share/e2guardian/languages/ukenglish/neterr_template.html when using 'ukenglish' -# language. #neterrtemplate = 'custom_neterr_template.html' - -# Non standard delimiter (only used with accessdeniedaddress) -# To help preserve the full banned URL, including parameters, the variables -# passed into the access denied CGI are separated using non-standard -# delimiters. This can be useful to ensure correct operation of the filter -# bypass modes. Parameters are split using "::" in place of "&", and "==" in -# place of "=". -# Default is enabled, but to go back to the standard mode, disable it. - #nonstandarddelimiter = off - -# Email reporting - original patch by J. Gauthier - -# Use SMTP -# If on, will enable system wide events to be reported by email. -# need to configure mail program (see 'mailer' in global config) -# and email recipients -# default usesmtp = off -usesmtp = off #NOT YET TESTED - -# mailfrom -# who the email would come from -# example: mailfrom = 'e2guardian@mycompany.com' -mailfrom = '' - -# avadmin -# who the virus emails go to (if notify av is on) -# example: avadmin = 'admin@mycompany.com' -avadmin = '' - -# contentdmin -# who the content emails go to (when thresholds are exceeded) -# and contentnotify is on -# example: contentadmin = 'admin@mycompany.com' -contentadmin = '' - -# avsubject -# Subject of the email sent when a virus is caught. -# only applicable if notifyav is on -# default avsubject = 'e2guardian virus block' +mailfrom = 'proxy-admin' +avadmin = 'virus-admin' +contentadmin = 'content-admin' avsubject = 'e2guardian virus block' - -# content -# Subject of the email sent when violation thresholds are exceeded -# default contentsubject = 'e2guardian violation' contentsubject = 'e2guardian violation' - -# notifyAV -# This will send a notification, if usesmtp/notifyav is on, any time an -# infection is found. -# Important: If this option is off, viruses will still be recorded like a -# content infraction. notifyav = off - -# notifycontent -# This will send a notification, if usesmtp is on, based on thresholds -# below notifycontent = off - -# thresholdbyuser -# results are only predictable with user authenticated configs -# if enabled the violation/threshold count is kept track of by the user thresholdbyuser = off - -#violations -# number of violations before notification -# setting to 0 will never trigger a notification violations = 0 - -#threshold -# this is in seconds. If 'violations' occur in 'threshold' seconds, then -# a notification is made. -# if this is set to 0, then whenever the set number of violations are made a -# notifaction will be sent. threshold = 0 - -#NOTE to enable SSL MITM or NON-MITM SSL CERT checking -# enablessl must be defined as 'yes' in e2guardian.conf - -#SSL certificate checking -# Check that ssl certificates for servers on https connections are valid -# and signed by a ca in the configured path -# ONLY for connections that are NOT MITM #sslcertcheck = off - NOT implimented in V5 yet - -#SSL man in the middle -# Forge ssl certificates for all non-exception sites, decrypt the data then re encrypt it -# using a different private key. Used to filter ssl sites sslmitm = off - -#Limit SSL MITM to sites in greysslsitelist(s) -# ignored if sslmitm is off -# SSL sites not matching greysslsitelist will be treat as if sslmitm is off. -# The following option is replaced by storyboard logic #onlymitmsslgrey = off - ignored in V5 - -# Enable MITM site certificate checking -# ignored if sslmitm is off -# default (recommended) is 'on' mitmcheckcert = on - -#Do not check ssl certificates for sites listed -# Can be used to allow sites with self-signed or invalid certificates -# or to reduced CPU load by not checking certs on heavily used sites (e.g. Google, Bing) -# Use with caution! -# Ignored if mitmcheckcert is 'off' #nocheckcertsitelist = '/etc/e2guardian/lists/nocheckcertsitelist' sitelist = 'name=nocheckcert,path=/etc/e2guardian/lists/nocheckcertsitelist' ipsitelist = 'name=nocheckcert,path=/etc/e2guardian/lists/nocheckcertsiteiplist' -# - -# Auto switch to MITM with upstream connection error or to deliver block page -# ignored if sslmitm is off -# To revert to v4 type behavour switch this off -# Default is 'on' -# automitm = on +#automitm = on