# Dansguardian accessdeniedaddress

## mcuddy

I have a computer I intend to use as a firewall and content filter for a school. I have installed guarddog and dansguardian. No proxy or hosting software. When I try to start dansguardian, I get :

# /etc/init.d/dansguardian start

 * Starting DansGuardian ...

Error connecting to parent proxy 

commenting out the accessdeniedaddress line of dansguardian.conf gives me:

# /etc/init.d/dansguardian start

 * Starting DansGuardian ...

accessdeniedaddress setting appears to be wrong.

I changed the line to: 

accessdeniedaddress = '/usr/share/dansguardian/dansguardian.pl'

with the same result. 

What can I do? Do I have to add a proxy and web hosting?

```

# DansGuardian config file for version 2.10

# **NOTE** as of version 2.7.5 most of the list files are now in dansguardianf1.conf

# Web Access Denied Reporting (does not affect logging)

reportinglevel = 2

languagedir = '/usr/share/dansguardian/languages'

language = 'ukenglish'

loglevel = 2

logexceptionhits = 2

logfileformat = 1

filterip =

filterport = 8080

proxyip = 127.0.0.1

proxyport = 3128

#accessdeniedaddress = 'http://YOURSERVER.YOURDOMAIN/cgi-bin/dansguardian.pl'

#accessdeniedaddress = '/usr/share/dansguardian/dansguardian.pl'

nonstandarddelimiter = on

usecustombannedimage = on

custombannedimagefile = '/usr/share/dansguardian/transparent1x1.gif'

filtergroups = 1

filtergroupslist = '/etc/dansguardian/lists/filtergroupslist'

bannediplist = '/etc/dansguardian/lists/bannediplist'

exceptioniplist = '/etc/dansguardian/lists/exceptioniplist'

showweightedfound = on

weightedphrasemode = 2

urlcachenumber = 1000

urlcacheage = 900

scancleancache = on

phrasefiltermode = 2

preservecase = 0

hexdecodecontent = off

forcequicksearch = off

reverseaddresslookups = off

reverseclientiplookups = off

logclienthostnames = off

createlistcachefiles = on

maxuploadsize = -1

maxcontentfiltersize = 256

maxcontentramcachescansize = 2000

filecachedir = '/tmp'

deletedownloadedtempfiles = on

initialtrickledelay = 20

trickledelay = 10

downloadmanager = '/etc/dansguardian/downloadmanagers/fancy.conf'

downloadmanager = '/etc/dansguardian/downloadmanagers/default.conf'

contentscannertimeout = 60

contentscanexceptions = off

recheckreplacedurls = off

forwardedfor = off

usexforwardedfor = off

logconnectionhandlingerrors = on

logchildprocesshandling = off

maxchildren = 120

minchildren = 8

minsparechildren = 4

preforkchildren = 6

maxsparechildren = 32

maxagechildren = 500

maxips = 0

ipcfilename = '/tmp/.dguardianipc'

urlipcfilename = '/tmp/.dguardianurlipc'

ipipcfilename = '/tmp/.dguardianipipc'

nodaemon = off

nologger = off

logadblocks = off

loguseragent = off

softrestart = off

mailer = '/usr/sbin/sendmail -t'

```

----------

## Xanadu

 *mcuddy wrote:*   

> I have a computer I intend to use as a firewall and content filter for a school. I have installed guarddog and dansguardian. No proxy or hosting software.

 

That's the problem right there.  DansGuardian is a "plugin" (if you will, it's more of an "extension" or an "assistant" maybe is a better word) to a proxy server (squid, to name one).  The proxy server does it's fetching and caching then before it sends it out to the user, redirects the requests through DansGuardian THEN out to the user.  I've set it all up successfully in the past, but it was more of crude tests.  It did work as advertised howver.

Hmmm...

Actually you remind me of one of the things on my plate that I have to spiff up.  Now that my Son is getting older enough to get his own computer in his room... (he's 9.5 years)

----------

## mcuddy

Is there another web filter that would be useful on a router/firewall computer? how does a proxy work? Will it take extra setup on the client machines?

----------

## derk

actually squid is a very good choice as it does webpage caching. this can reduce your internet traffic considerably in the case of students accessing the same sites regularly. The only caveat is that it needs enoiugh disk space for  it's cache. you also need to allow for log file space. squid runs on the same machine as Dansguardian.  Just set dansguardian output to squids default 3128 input port.  traffic is passed internally from one to the other. If you are worried about exposing the port externally that can be  firewalled on an ip or nic basis.

Make sure you force proxy port (8080) usage by firewalling port 80 from the internal network. Also firewall squid port 3128 to the interent and to the localnetwork unless you want to provide an unfiltered path for trusted users. squid only needs  localhost access on it'sdefault input port. 

I had this set-up on a firewall/server system used for a small school with about 50 computers. It worked very well.

----------

