squidguard/config/e2guardian/e2guardianf1.conf

# e2guardian filter group config file for version 5.3.1

# This file is re-read on gentle restart and any changes actioned

# Filter group mode IS NOT LONGER SUPPORTED
# Unauthenticated users are treated as being in the default filter group.
# groupmode = 1 #DISABLED

# Filter group name
# Used to fill in the -FILTERGROUP- placeholder in the HTML template file, and to
# name the group in the access logs
# Defaults to empty string
#groupname = ''
groupname = 'no_name_group'

# Much logic has moved to storyboard files
storyboard = '/etc/e2guardian/examplef1.story'

# Enable legacy (DG) ssl logic
# 
# The following option is replaced by storyboard logic
# ssllegacylogic = off

# Content filtering files location

bannedphraselist = '/etc/e2guardian/lists/bannedphraselist'
weightedphraselist = '/etc/e2guardian/lists/weightedphraselist'
exceptionphraselist = '/etc/e2guardian/lists/exceptionphraselist'

### NOTE - New format for all other list definitions in v5.0 
###        see notes/V5_list_definition for details

#banned lists
sitelist = 'name=banned,messageno=500,path=/etc/e2guardian/lists/bannedsitelist'
ipsitelist = 'name=banned,messageno=510,path=/etc/e2guardian/lists/bannedsiteiplist'
urllist = 'name=banned,messageno=501,path=/etc/e2guardian/lists/bannedurllist'
regexpboollist = 'name=banned,messageno=503,path=/etc/e2guardian/lists/bannedregexpurllist'
regexpboollist = 'name=banneduseragent,messageno=522,path=/etc/e2guardian/lists/bannedregexpuseragentlist'

sitelist = 'name=bannedssl,messageno=520,path=/etc/e2guardian/lists/bannedsslsitelist'
ipsitelist = 'name=bannedssl,messageno=520,path=/etc/e2guardian/lists/bannedsslsiteiplist'

#grey (i.e. content check) lists
sitelist = 'name=grey,path=/etc/e2guardian/lists/greysitelist'
ipsitelist = 'name=grey,path=/etc/e2guardian/lists/greysiteiplist'
urllist = 'name=grey,path=/etc/e2guardian/lists/greyurllist'
sitelist = 'name=greyssl,path=/etc/e2guardian/lists/greysslsitelist'
ipsitelist = 'name=greyssl,path=/etc/e2guardian/lists/greysslsiteiplist'

#exception lists
sitelist = 'name=exception,messageno=602,path=/etc/e2guardian/lists/exceptionsitelist'
ipsitelist = 'name=exception,messageno=602,path=/etc/e2guardian/lists/exceptionsiteiplist'
urllist = 'name=exception,messageno=603,path=/etc/e2guardian/lists/exceptionurllist'
regexpboollist = 'name=exception,messageno=609,path=/etc/e2guardian/lists/exceptionregexpurllist'
regexpboollist = 'name=exceptionuseragent,messageno=610,path=/etc/e2guardian/lists/exceptionregexpuseragentlist'

sitelist = 'name=refererexception,messageno=620,path=/etc/e2guardian/lists/refererexceptionsitelist'
ipsitelist = 'name=refererexception,messageno=620,path=/etc/e2guardian/lists/refererexceptionsiteiplist'
urllist = 'name=refererexception,messageno=620,path=/etc/e2guardian/lists/refererexceptionurllist'
sitelist = 'name=embededreferer,path=/etc/e2guardian/lists/embededreferersitelist'
ipsitelist = 'name=embededreferer,path=/etc/e2guardian/lists/embededreferersiteiplist'
urllist = 'name=embededreferer,path=/etc/e2guardian/lists/embededrefererurllist'

#modification lists
regexpreplacelist = 'name=change,path=/etc/e2guardian/lists/urlregexplist'
regexpreplacelist = 'name=sslreplace,path=/etc/e2guardian/lists/sslsiteregexplist'

#redirection lists
regexpreplacelist = 'name=redirect,path=/etc/e2guardian/lists/urlredirectregexplist'

contentregexplist = '/etc/e2guardian/lists/contentregexplist'

# local versions of lists 

#local banned
sitelist = 'name=localbanned,messageno=560,path=/etc/e2guardian/lists/localbannedsitelist'
#ipsitelist = 'name=localbanned,messageno=560,path=/etc/e2guardian/lists/localbannedsiteiplist'
#urllist = 'name=localbanned,messageno=561,path=/etc/e2guardian/lists/localbannedurllist'
#sitelist = 'name=localbannedssl,messageno=580,path=/etc/e2guardian/lists/localbannedsslsitelist'
#ipsitelist = 'name=localbannedssl,messageno=580,path=/etc/e2guardian/lists/localbannedsslsiteiplist'
searchlist = 'name=localbanned,messageno=581,path=/etc/e2guardian/lists/localbannedsearchlist'

#local grey lists
sitelist = 'name=localgrey,path=/etc/e2guardian/lists/localgreysitelist'
#ipsitelist = 'name=localgrey,path=/etc/e2guardian/lists/localgreysiteiplist'
#urllist = 'name=localgrey,path=/etc/e2guardian/lists/localgreyurllist'
sitelist = 'name=localgreyssl,path=/etc/e2guardian/lists/localgreysslsitelist'
#ipsitelist = 'name=localgreyssl,path=/etc/e2guardian/lists/localgreysslsiteiplist'

#local exception lists
sitelist = 'name=localexception,messageno=662,path=/etc/e2guardian/lists/localexceptionsitelist'
#ipsitelist = 'name=localexception,messageno=662,path=/etc/e2guardian/lists/localexceptionsiteiplist'
#urllist = 'name=localexception,messageno=663,path=/etc/e2guardian/lists/localexceptionurllist'


# Filetype filtering
#
# Allow bannedregexpurllist with grey list mode
#
# The following option is replaced by storyboard logic
# bannedregexwithblanketblock = off
#
# The following option is replaced by storyboard logic
#blockdownloads = off

# Phrase filtering additional mime types (by default text/*)
# textmimetypes = 'application/xhtml+xml,application/xml,application/json,application/javascript,application/x-javascript'

# Uncomment the two lines below if want to only allow extentions/mime types in these lists
# You will also need to uncomment the checkfiletype function in site.story to enable this
#fileextlist = 'name=exceptionextension,path=/etc/e2guardian/lists/exceptionextensionlist'
#mimelist = 'name=exceptionmime,path=/etc/e2guardian/lists/exceptionmimelist'
#
# Use the following lists to block specific kinds of file downloads.
#
fileextlist = 'name=bannedextension,messageno=900,path=/etc/e2guardian/lists/bannedextensionlist'
mimelist = 'name=bannedmime,messageno=800,path=/etc/e2guardian/lists/bannedmimetypelist'
#
# In either file filtering mode, the following list can be used to override
# MIME type & extension blocks for particular domains & URLs (trusted download sites).
#
sitelist = 'name=exceptionfile,path=/etc/e2guardian/lists/exceptionfilesitelist'
ipsitelist = 'name=exceptionfile,path=/etc/e2guardian/lists/exceptionfilesiteiplist'
urllist = 'name=exceptionfile,path=/etc/e2guardian/lists/exceptionfileurllist'

# POST protection (web upload and forms)
# does not block forms without any file upload, i.e. this is just for
# blocking or limiting uploads
# measured in kibibytes after MIME encoding and header bumph
# use 0 for a complete block
# use higher (e.g. 512 = 512Kbytes) for limiting
# use -1 for no blocking
# NOTE: POST PROTECTION IS NOT YET IMPLIMENTED IN V5
#maxuploadsize = 512
#maxuploadsize = 0
maxuploadsize = -1

# Categorise without blocking:
# Supply categorised lists here and the category string shall be logged against
# matching requests, but matching these lists does not perform any filtering
# action.
#sitelist = 'name=log,path=/etc/e2guardian/lists/logsitelist'
#ipsitelist = 'name=log,path=/etc/e2guardian/lists/logsiteiplist'
#urllist = 'name=log,path=/etc/e2guardian/lists/logurllist'
#regexpboollist = 'name=log,path=/etc/e2guardian/lists/logregexpurllist'

# Outgoing HTTP header rules:
# Optional lists for blocking based on, and modification of, outgoing HTTP
# request headers.  Format for headerregexplist is one modification rule per
# line, similar to content/URL modifications.  Format for
# bannedregexpheaderlist is one regular expression per line, with matching
# headers causing a request to be blocked.
# Headers are matched/replaced on a line-by-line basis, not as a contiguous
# block.
# Use for example, to remove cookies or prevent certain user-agents.
regexpreplacelist = 'name=headermods,path=/etc/e2guardian/lists/headerregexplist'
regexpboollist = 'name=bannedheader,path=/etc/e2guardian/lists/bannedregexpheaderlist'
regexpboollist = 'name=exceptionheader,path=/etc/e2guardian/lists/exceptionregexpheaderlist'
# used for Youtube add cookies etc
regexpreplacelist = 'name=addheader,path=/etc/e2guardian/lists/addheaderregexplist'

#Virus checking exceptions - matched urls will not be virus checked
#mimelist = 'name=exceptionvirus,path=/etc/e2guardian/lists/contentscanners/exceptionvirusmimetypelist'
#fileextlist = 'name=exceptionvirus,path=/etc/e2guardian/lists/contentscanners/exceptionvirusextensionlist'
#sitelist = 'name=exceptionvirus,path=/etc/e2guardian/lists/contentscanners/exceptionvirussitelist'
#ipsitelist = 'name=exceptionvirus,path=/etc/e2guardian/lists/contentscanners/exceptionvirussiteiplist'
#urllist = 'name=exceptionvirus,path=/etc/e2guardian/lists/contentscanners/exceptionvirusurllist'

# Weighted phrase mode
# Optional; overrides the weightedphrasemode option in e2guardian.conf
# for this particular group.  See documentation for supported values in
# that file.
#weightedphrasemode = 0

# Naughtiness limit
# This the limit over which the page will be blocked.  Each weighted phrase is given
# a value either positive or negative and the values added up.  Phrases to do with
# good subjects will have negative values, and bad subjects will have positive
# values.  See the weightedphraselist file for examples.
# As a guide:
# 50 is for young children,  100 for old children,  160 for young adults.
naughtynesslimit = 50

# Search term blocking
# Search terms can be extracted from search URLs and filtered using one or 
# both of two different methods.

# Method 1 is that developed by Protex where specific 
# search terms are contained in a bannedsearchlist.  
# (localbannedsearchlist and bannedsearchoveridelist can be used to suppliment 
# and overide this list as required.)  
# These lists contain banned search words combinations on each line.  
# Words are separated by '+' and must be in sorted order within a line.
#    so to block 'sexy girl' then the list must contain the line
#      girl+sexy
#    and this will block both 'sexy girl' and 'girl sexy'
# To use this method, the searchregexplist must be enabled and the bannedsearchlist(s) defined

# Method 2 is uses the 
# bannedphraselist, weightedphraselist and exceptionphraselist, with a separate
# threshold for blocking than that used for normal page content.
# To do this, the searchregexplist must be enabled and searchtermlimit 
# must be greater than 0.
 
#
# Search engine regular expression list (need for both options)
# List of regular expressions for matching search engine URLs.  It is assumed
# that the search terms themselves will be contained in the 
# of output of each expression.
regexpreplacelist = 'name=searchterms,path=/etc/e2guardian/lists/searchregexplist'
#
# Banned Search Term list(s) for option 1
searchlist = 'name=banned,path=/etc/e2guardian/lists/bannedsearchlist'
searchlist = 'name=override,path=/etc/e2guardian/lists/bannedsearchoveridelist'


# Search term limit (for Option 2)
# The limit over which requests will be blocked for containing search terms
# which match the weightedphraselist.  This should usually be lower than the
# 'naughtynesslimit' value above, because the amount of text being filtered
# is only a few words, rather than a whole page.
# This option must be uncommented if searchregexplist is uncommented.
# A value of 0 here indicates that search terms should be extracted,
# but no phrase filtering should be performed on the resulting text.
#searchtermlimit = 0
#
# Search term phrase lists (for Option 2) 
# If the three lines below are uncommented, search term blocking will use
# the banned, weighted & exception phrases from these lists, instead of using
# the same phrase lists as for page content.  This is optional but recommended,
# as weights for individual phrases in the "normal" lists may not be
# appropriate for blocking when those phrases appear in a much smaller block
# of text.
# Please note that all or none of the below should be uncommented, not a
# mixture.
# NOTE: these are phrase lists and still use the old style defines
#bannedsearchtermlist = '/etc/e2guardian/lists/bannedsearchtermlist'
#weightedsearchtermlist = '/etc/e2guardian/lists/weightedsearchtermlist'
#exceptionsearchtermlist = '/etc/e2guardian/lists/exceptionsearchtermlist'

# Category display threshold
# This option only applies to pages blocked by weighted phrase filtering.
# Defines the minimum score that must be accumulated within a particular
# category in order for it to show up on the block pages' category list.
# All categories under which the page scores positively will be logged; those
# that were not displayed to the user appear in brackets.
#
# -1 = display only the highest scoring category
# 0 = display all categories (default)
# > 0 = minimum score for a category to be displayed
categorydisplaythreshold = 0

# Embedded URL weighting
# When set to something greater than zero, this option causes URLs embedded within a
# page's HTML (from links, image tags, etc.) to be extracted and checked against the
# bannedsitelist and bannedurllist. Each link to a banned page causes the amount set
# here to be added to the page's weighting.
# The behaviour of this option with regards to multiple occurrences of a site/URL is
# affected by the weightedphrasemode setting.
#
# NB: Currently, this feature uses regular expressions that require the PCRE library.
# As such, it is only available if you compiled e2guardian with '--enable-pcre=yes'.
# You can check compile-time options by running 'e2guardian -v'.
#
# Set to 0 to disable.
# Defaults to 0.
# WARNING: This option is highly CPU intensive!
embeddedurlweight = 0

# Temporary Denied Page Bypass
# This provides a link on the denied page to bypass the ban for a few minutes.  To be
# secure it uses a random hashed secret generated at daemon startup.  You define the
# number of seconds the bypass will function for before the deny will appear again.
# To allow the link on the denied page to appear you will need to edit the template.html
# or e2guardian.pl file for your language.
# 300 = enable for 5 minutes
# 0 = disable ( defaults to 0 )
# -1 - depreciated - for backward compatability enables cgibypass with bypassversion 1
bypass = 0

# Byapss version 2 is experimental, provide a secure cgi communication (see notes/cgi_bypass documentation)
# 

# Bypass version
# can be 1 or 2
# Always use v2 unless you have old style cgi hash generation in use
# Default is 1
# bypassversion = 2

# cgibypass - Use a separate program/CGI to (in v1 generate) or (in v2 validate) link
# 'on' or 'off' (default)
# cgibypass = 'off'

# Temporary Denied Page Bypass Secret Key
# Rather than generating a random key you can specify one.  It must be more than 8 chars.
# '' = generate a random one (recommended and default)
# 'Mary had a little lamb.' = an example
# '76b42abc1cd0fdcaf6e943dcbc93b826' = an example
bypasskey = ''

# magic key for cgi bypass v2 - used to sign communications between e2g and cgi
# default is blank
#cgikey = 'you must change this text in order to be secure'

#  Users will not be able to bypass sites/urls in these lists
sitelist = 'name=bannedbypass,messageno=500,path=/etc/e2guardian/lists/bannedsitelistwithbypass'
#ipsitelist = 'name=bannedbypass,messageno=500,path=/etc/e2guardian/lists/bannedsiteiplistwithbypass'
#urllist = 'name=bannedbypass,messageno=501,path=/etc/e2guardian/lists/bannedurllistwithbypass'

# Infection/Scan Error Bypass
# Similar to the 'bypass' setting, but specifically for bypassing files scanned and found
# to be infected, or files that trigger scanner errors - for example, archive types with
# recognised but unsupported compression schemes, or corrupt archives.
# The option specifies the number of seconds for which the bypass link will be valid.
# 300 = enable for 5 minutes
# 0 = disable (default)
# -1 - depreciated - for backward compatability enables cgiinfectionbypass with bypassversion 1
infectionbypass = 0

# cgiinfectionbypass - Use a separate program/CGI to (v1 generate) or (v2 validate) link
# 'on' or 'off' (default)
# cgiinfectionbypass = 'off'

# Infection/Scan Error Bypass Secret Key
# Same as the 'bypasskey' option, but used for infection bypass mode.
infectionbypasskey = ''

# Infection/Scan Error Bypass on Scan Errors Only
# Enable this option to allow infectionbypass links only when virus scanning fails,
# not when a file is found to contain a virus.
# on = enable (default and highly recommended)
# off = disable
infectionbypasserrorsonly = on

# Disable content scanning
# If you enable this option you will disable content scanning for this group.
# Content scanning primarily is AV scanning (if enabled) but could include
# other types.
# (on|off) default = off.
disablecontentscan = off  

# Disable content scanning with error (timeout, AV crash, etc)
# If you enable this option you will allow object with an unexpected result
# Content scanning primarily is AV scanning (if enabled) but could include
# other types.
# With "on" you can allow INFECTED objects 
# (on|off) default = off. (default and highly recommended)
disablecontentscanerror = off

# If 'on' exception sites, urls, users etc will be scanned
# This is probably not desirable behavour as exceptions are
# supposed to be trusted and will increase load.
# Correct use of grey lists are a better idea.
# (on|off) default = off
contentscanexceptions = off

# Auth plugins
# Enable Deep URL Analysis
# When enabled, DG looks for URLs within URLs, checking against the bannedsitelist and
# bannedurllist. This can be used, for example, to block images originating from banned
# sites from appearing in Google Images search results, as the original URLs are
# embedded in the thumbnail GET requests.
# (on|off) default = off
deepurlanalysis = off

# reportinglevel
#
# -1 = log, but do not block - Stealth mode
#  0 = just say 'Access Denied'
#  1 = report why but not what denied phrase
#  2 = report fully
#  3 = use HTML template file (accessdeniedaddress ignored) - recommended
#
# If defined, this overrides the global setting in e2guardian.conf for
# members of this filter group.
#
reportinglevel = 3

# accessdeniedaddress is the address of your web server to which the cgi
# e2guardian reporting script was copied. Only used in reporting levels
# 1 and 2.
#
# This webserver must be either:
#  1. Non-proxied. Either a machine on the local network, or listed as an
#     exception in your browser's proxy configuration.
#  2. Added to the exceptionsitelist. Option 1 is preferable; this option is
#     only for users using both transparent proxying and a non-local server
#     to host this script.
#
#accessdeniedaddress = 'http://YOURSERVER.YOURDOMAIN/cgi-bin/e2guardian.pl'

# HTML Template override
# If defined, this specifies a custom HTML template file for members of this
# filter group, overriding the global setting in e2guardian.conf. This is
# only used in reporting level 3.
#
# The default template file path is <languagedir>/<language>/template.html
# e.g. /usr/share/e2guardian/languages/ukenglish/template.html when using 'ukenglish'
# language.
#
# This option generates a file path of the form:
# <languagedir>/<language>/<htmltemplate>
# e.g. /usr/share/e2guardian/languages/ukenglish/custom.html
#
#htmltemplate = 'custom.html'

#Template for use to report network issues and sites which are not responding
# The default template file path is <languagedir>/<language>/neterr_template.html
# e.g. /usr/share/e2guardian/languages/ukenglish/neterr_template.html when using 'ukenglish'
# language.
#neterrtemplate = 'custom_neterr_template.html' 

# Non standard delimiter (only used with accessdeniedaddress)
# To help preserve the full banned URL, including parameters, the variables
# passed into the access denied CGI are separated using non-standard
# delimiters. This can be useful to ensure correct operation of the filter
# bypass modes. Parameters are split using "::" in place of "&", and "==" in
# place of "=".
# Default is enabled, but to go back to the standard mode, disable it.

#nonstandarddelimiter = off

# Email reporting - original patch by J. Gauthier

# Use SMTP
# If on, will enable system wide events to be reported by email.
# need to configure mail program (see 'mailer' in global config)
# and email recipients
# default usesmtp = off
usesmtp = off   #NOT YET TESTED

# mailfrom
# who the email would come from
# example: mailfrom = 'e2guardian@mycompany.com'
mailfrom = ''

# avadmin
# who the virus emails go to (if notify av is on)
# example: avadmin = 'admin@mycompany.com'
avadmin = ''

# contentdmin
# who the content emails go to (when thresholds are exceeded)
# and contentnotify is on
# example: contentadmin = 'admin@mycompany.com'
contentadmin = ''

# avsubject
# Subject of the email sent when a virus is caught.
# only applicable if notifyav is on
# default avsubject = 'e2guardian virus block'
avsubject = 'e2guardian virus block'

# content
# Subject of the email sent when violation thresholds are exceeded
# default contentsubject = 'e2guardian violation'
contentsubject = 'e2guardian violation'

# notifyAV
# This will send a notification, if usesmtp/notifyav is on, any time an
# infection is found.
# Important: If this option is off, viruses will still be recorded like a
# content infraction.
notifyav = off

# notifycontent
# This will send a notification, if usesmtp is on, based on thresholds
# below
notifycontent = off

# thresholdbyuser
# results are only predictable with user authenticated configs
# if enabled the violation/threshold count is kept track of by the user
thresholdbyuser = off

#violations
# number of violations before notification
# setting to 0 will never trigger a notification
violations = 0

#threshold
# this is in seconds. If 'violations' occur in 'threshold' seconds, then
# a notification is made.
# if this is set to 0, then whenever the set number of violations are made a 
# notifaction will be sent.
threshold = 0

#NOTE to enable SSL MITM or NON-MITM SSL CERT checking
# enablessl must be defined as 'yes' in e2guardian.conf

#SSL certificate checking
# Check that ssl certificates for servers on https connections are valid
# and signed by a ca in the configured path
# ONLY for connections that are NOT MITM
#sslcertcheck = off - NOT implimented in V5 yet

#SSL man in the middle
# Forge ssl certificates for all non-exception sites, decrypt the data then re encrypt it
# using a different private key. Used to filter ssl sites
sslmitm = off

#Limit SSL MITM to sites in greysslsitelist(s)
# ignored if  sslmitm is off
# SSL sites not matching greysslsitelist will be treat as if sslmitm is off.
# The following option is replaced by storyboard logic
#onlymitmsslgrey = off  - ignored in V5

# Enable MITM site certificate checking
# ignored if  sslmitm is off
# default (recommended) is 'on'
mitmcheckcert = on

#Do not check ssl certificates for sites listed
# Can be used to allow sites with self-signed or invalid certificates
# or to reduced CPU load by not checking certs on heavily used sites (e.g. Google, Bing)
# Use with caution!
# Ignored if mitmcheckcert is 'off'
#nocheckcertsitelist = '/etc/e2guardian/lists/nocheckcertsitelist'
sitelist = 'name=nocheckcert,path=/etc/e2guardian/lists/nocheckcertsitelist'
ipsitelist = 'name=nocheckcert,path=/etc/e2guardian/lists/nocheckcertsiteiplist'
#

# Auto switch to MITM with upstream connection error or to deliver block page
# ignored if  sslmitm is off
# To revert to v4 type behavour switch this off
# Default is 'on'
# automitm = on