Create filter groups via the webgui

open '/etc/dansguardian-av/dansguardian.conf'

uncomment the following line
#authplugin = '/etc/dansguardian-av/authplugins/ip.conf'

Modify the 'usexforwardedfor' value to 'on' (see bellow)
usexforwardedfor = on

open '/etc/dansguardian-av/lists/authplugins/ipgroups'
use the examples provided to set up

Make sure you restart the dansguardian-av service after changing the config files.

Thanks a lot

I'm going to try this Now

Best regards,

Carlos Chiriboga Calderon

Hello everybody

I am trying to block some sites from some IPs, or users, but i can´t becouse when i declare a user it don´t have an IP parameter and the users, i believe, are just for the clarckonnect use.

I need for example:

For range 192.168.1.10 - 192.168.1.50 block from porn pages and social pages like myspace, hi5, facebook..... and let the rest.

For range 192.168.1.51-192-168.1.100 block from anly porn pages and let the rest

Thanks, I expect someone can help me

Should the proxy be set to transparent mode or not? Or does it not matter?

Hi Bryan,

Ok ... so what part of the answers I gave you earlier, didn't you understand ... or read ... ?!?
#7042

Here is the answer:
#7036

In case you will not read this either ... my advise is to use transparent mode.
Just don't ask me why ... :woohoo:

Good luck,

John

I have to admit, I didn't read all the details of your reply.
Most of your reply applies to the content filter, not the protocol filter (which is what I was asking about.)
http://www.clearfoundation.com/docs/user_guide/clearos_enterprise_5.1/protocol_filter
Reading about the content filter wouldn’t help me much with the protocol filter.
The one link that did apply to the protocol filter linked me back to the post I was posting on.
So, it was a bit confusing.

My question here (about the content filter) was… when trying to content filter by a users IP, does it matter if running in transparent mode or not.
But, I now realize that it doesn’t matter.
Filtering users by their IP address works in both transparent and non-transparent mode.
The authentication method (ip or username) doesn't matter.

Thanks…
:silly:

Angus Warren wrote:

Create filter groups via the webgui

open '/etc/dansguardian-av/dansguardian.conf'

uncomment the following line
#authplugin = '/etc/dansguardian-av/authplugins/ip.conf'

Modify the 'usexforwardedfor' value to 'on' (see bellow)
usexforwardedfor = on

open '/etc/dansguardian-av/lists/authplugins/ipgroups'
use the examples provided to set up

Make sure you restart the dansguardian-av service after changing the config files.

Sorry to rez an old thread, but followed the above instructions and in the ipgroups I added

10.0.1.23 = BusinessTest

Now how do I use it? I tried adding BusinessTest to the global banned user, but there was no change. I added a filter group using that name, and tried to go to a site white-listed in the default, but blocked before i white-listed it. still had access to everything.
SO I set up a group, but can't use it? the documentation also states to set up groups, but does not state how to use it.

The below is in reference to the banned user section, which I honestly don't want to use, i want to be able to block different groups differently. I do not see why this seems so hard in ClearOS.

5.1 documentation

Banned User IP List / Exempt User IP List

If you have some or all of your workstations configured to use static IP addresses, you can configure individual workstations' access to the web.

Banned User IP List

Here you can configure LAN IP addresses that will be completely blocked from accessing the web. You can either add IP addresses individually or add groups as defined below.

Exempt User IP List

Here you can configure LAN IP addresses that will be granted free access to the web. You can either add IP addresses individually or add groups as defined below. When you configure an exempt IP, the web request still goes through the filter and proxy, but nothing is ever blocked. If you need to completely bypass the content filter / web proxy system, you can use the web site bypass in the proxy feature.

Groups

You can configure groups of IP addresses to simplify and organize workstation access to the web. For example in an educational environment you can add all administrator/staff IP addresses to a Staff group and add them to the Exempt User IP List.

no answers here so i added it to the wishlist....

http://www.clearfoundation.com/Wishlist/comment/778-Apply-Content-Filter-Rules-by-IP-Address-not-just-User.html

Hi! I'm also setting up dansguardian with multiple filters,, I tried to create filter2 and on dansguardian.conf uncomment authplugin = '/etc/dansguardian/authplugins/ip.conf', I set my client's ip address to static(192.168.5.2) and add it to /etc/dansguardian/authplugins/ipgroups (192.168.5.2 = filter2) and to /etc/dansguardian/lists/filtergroupslist (192.168.5.2=filter2).

But, when i checked the logs 192.168.5.2 is still assigned to default filter 1. What might cause it? Thanks for your help.