e2guardian: add package

Signed-off-by: Luka Perkov <luka@openwrt.org>

net/e2guardian/Makefile

@@ -0,0 +1,78 @@
+#
+# Copyright (C) 2015 OpenWrt.org
+#
+# This is free software, licensed under the GNU General Public License v2.
+# See /LICENSE for more information.
+#
+
+include $(TOPDIR)/rules.mk
+
+PKG_NAME:=e2guardian
+PKG_VERSION:=3.0.4
+PKG_RELEASE:=1
+
+PKG_LICENSE:=GPL-2.0
+PKG_MAINTAINER:=Luka Perkov <luka@openwrt.org>
+
+PKG_SOURCE:=v$(PKG_VERSION).tar.gz
+PKG_SOURCE_URL:=https://github.com/e2guardian/e2guardian/archive/
+PKG_MD5SUM:=f8ffac7ac4f040b672cc4e62121bf4c5
+
+PKG_BUILD_PARALLEL:=1
+PKG_INSTALL:=1
+
+include $(INCLUDE_DIR)/uclibc++.mk
+include $(INCLUDE_DIR)/package.mk
+
+define Package/e2guardian
+  SECTION:=net
+  DEPENDS:=+libpthread $(CXX_DEPENDS) +zlib +libpcre
+  CATEGORY:=Network
+  SUBMENU:=Web Servers/Proxies
+  TITLE:=E2Guardian
+  URL:=http://e2guardian.org/cms/
+endef
+
+define Package/e2guardian/conffiles
+/etc/e2guardian/e2guardianf1.conf
+/etc/config/e2guardian
+endef
+
+CONFIGURE_VARS += \
+	INCLUDES="" \
+	CXXFLAGS="$$$$CXXFLAGS -fno-rtti" \
+	LIBS="-lpthread"
+
+CONFIGURE_ARGS += \
+		--with-sysconfsubdir=e2guardian \
+		--with-proxyuser=root \
+		--with-proxygroup=root \
+		--enable-pcre=yes
+
+define Build/Configure
+	$(call Build/Configure/Default,$CONFIGURE_ARGS)
+endef
+
+define Package/e2guardian/install
+	$(INSTALL_DIR) $(1)/usr/sbin
+	$(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/sbin/e2guardian $(1)/usr/sbin/
+
+	$(INSTALL_DIR) $(1)/etc
+	$(CP) $(PKG_INSTALL_DIR)/etc/e2guardian $(1)/etc/
+	$(INSTALL_CONF) ./files/e2guardianf1.conf $(1)/etc/e2guardian/e2guardianf1.conf
+
+	$(INSTALL_DIR) $(1)/etc/config
+	$(INSTALL_CONF) ./files/e2guardian.config $(1)/etc/config/e2guardian
+
+	$(INSTALL_DIR) $(1)/usr/share/e2guardian
+	$(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/share/e2guardian/transparent1x1.gif $(1)/usr/share/e2guardian/
+	$(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/share/e2guardian/blockedflash.swf $(1)/usr/share/e2guardian/
+
+	$(INSTALL_DIR) $(1)/usr/share/e2guardian/languages/ukenglish
+	$(CP) $(PKG_INSTALL_DIR)/usr/share/e2guardian/languages/ukenglish/* $(1)/usr/share/e2guardian/languages/ukenglish/
+
+	$(INSTALL_DIR) $(1)/etc/init.d/
+	$(INSTALL_BIN) ./files/e2guardian.init $(1)/etc/init.d/e2guardian
+endef
+
+$(eval $(call BuildPackage,e2guardian))

net/e2guardian/files/e2guardian.config

@@ -0,0 +1,70 @@
+config e2guardian 'e2guardian'
+	option config_file '/etc/e2guardian/e2guardianf1.conf'
+	option languagedir '/usr/share/e2guardian/languages'
+	option language 'ukenglish'
+	option loglevel '2'
+	option logexceptionhits '2'
+	option logfileformat '1'
+	option loglocation '/dev/null'
+	option maxuploadsize '-1'
+	option filterip ''
+	option filterports '8080'
+	option proxyip '127.0.0.1'
+	option proxyport '3128'
+	option proxytimeout '20'
+	option proxyexchange '20'
+	option pcontimeout '55'
+	option accessdeniedaddress 'http://YOURSERVER.YOURDOMAIN/cgi-bin/e2guardian.pl'
+	option usecustombannedimage 'on'
+	option custombannedimagefile '/usr/share/e2guardian/transparent1x1.gif'
+	option usecustombannedflash 'on'
+	option custombannedflashfile '/usr/share/e2guardian/blockedflash.swf'
+	option filtergroups '1'
+	option filtergroupslist '/etc/e2guardian/lists/filtergroupslist'
+	option bannediplist '/etc/e2guardian/lists/bannediplist'
+	option exceptioniplist '/etc/e2guardian/lists/exceptioniplist'
+	option perroomdirectory '/etc/e2guardian/lists/bannedrooms/'
+	option showweightedfound 'on'
+	option weightedphrasemode '2'
+	option urlcachenumber '1000'
+	option urlcacheage '900'
+	option scancleancache 'on'
+	option phrasefiltermode '2'
+	option preservecase '0'
+	option hexdecodecontent 'off'
+	option forcequicksearch 'off'
+	option reverseaddresslookups 'off'
+	option reverseclientiplookups 'off'
+	option logclienthostnames 'off'
+	option createlistcachefiles 'on'
+	option prefercachedlists 'off'
+	option maxcontentfiltersize '256'
+	option maxcontentramcachescansize '2000'
+	option maxcontentfilecachescansize '20000'
+	option filecachedir '/tmp'
+	option deletedownloadedtempfiles 'on'
+	option initialtrickledelay '20'
+	option trickledelay '10'
+	option downloadmanager '/etc/e2guardian/downloadmanagers/default.conf'
+	option contentscannertimeout '60'
+	option contentscanexceptions 'off'
+	option recheckreplacedurls 'off'
+	option forwardedfor 'off'
+	option usexforwardedfor 'off'
+	option logconnectionhandlingerrors 'on'
+	option logchildprocesshandling 'off'
+	option maxchildren '180'
+	option minchildren '20'
+	option minsparechildren '16'
+	option preforkchildren '10'
+	option maxsparechildren '32'
+	option maxagechildren '500'
+	option maxips '0'
+	option ipcfilename '/tmp/.dguardianipc'
+	option urlipcfilename '/tmp/.dguardianurlipc'
+	option ipipcfilename '/tmp/.dguardianipipc'
+	option nodaemon 'off'
+	option nologger 'off'
+	option logadblocks 'off'
+	option loguseragent 'off'
+	option softrestart 'off'

net/e2guardian/files/e2guardian.init

@@ -0,0 +1,192 @@
+#!/bin/sh /etc/rc.common
+# Copyright (C) 2015 OpenWrt.org
+
+START=90
+STOP=10
+
+USE_PROCD=1
+PROG=/usr/sbin/e2guardian
+CONFIGFILE="/tmp/e2guardian/e2guardian.conf"
+
+validate_e2guardian_section() {
+	uci_validate_section e2guardian e2guardian "${1}" \
+		'config_file:string' \
+		'accessdeniedaddress:string' \
+		'bannediplist:string' \
+		'contentscanexceptions:string' \
+		'contentscannertimeout:uinteger' \
+		'createlistcachefiles:string' \
+		'custombannedflashfile:string' \
+		'custombannedimagefile:string' \
+		'deletedownloadedtempfiles:string' \
+		'downloadmanager:string' \
+		'exceptioniplist:string' \
+		'filecachedir:string' \
+		'filtergroups:uinteger' \
+		'filtergroupslist:string' \
+		'filterip:ipaddr' \
+		'filterports:port:8080' \
+		'forcequicksearch:string' \
+		'forwardedfor:string' \
+		'hexdecodecontent:string' \
+		'initialtrickledelay:uinteger' \
+		'ipcfilename:string' \
+		'ipipcfilename:string' \
+		'languagedir:string' \
+		'language:string' \
+		'logadblocks:string' \
+		'logchildprocesshandling:string' \
+		'logclienthostnames:string' \
+		'logconnectionhandlingerrors:string' \
+		'logexceptionhits:range(0,2)' \
+		'logfileformat:range(1,6)' \
+		'loglevel:range(0,3)' \
+		'loglocation:string' \
+		'loguseragent:string' \
+		'maxagechildren:uinteger' \
+		'maxchildren:uinteger' \
+		'maxcontentfilecachescansize:uinteger' \
+		'maxcontentfiltersize:uinteger' \
+		'maxcontentramcachescansize:uinteger' \
+		'maxips:uinteger' \
+		'maxsparechildren:uinteger' \
+		'maxuploadsize:integer' \
+		'minchildren:uinteger' \
+		'minsparechildren:uinteger' \
+		'nodaemon:string' \
+		'nologger:string' \
+		'pcontimeout:range(5,300)' \
+		'perroomdirectory:string' \
+		'phrasefiltermode:range(0,3)' \
+		'prefercachedlists:string' \
+		'preforkchildren:uinteger' \
+		'preservecase:range(0,2)' \
+		'proxyexchange:range(20,300)' \
+		'proxyip:ipaddr' \
+		'proxyport:port:3128' \
+		'proxytimeout:range(5,100)' \
+		'recheckreplacedurls:string' \
+		'reverseaddresslookups:string' \
+		'reverseclientiplookups:string' \
+		'scancleancache:string' \
+		'showweightedfound:string' \
+		'softrestart:string' \
+		'trickledelay:uinteger' \
+		'urlcacheage:uinteger' \
+		'urlcachenumber:uinteger' \
+		'urlipcfilename:string' \
+		'usecustombannedflash:string' \
+		'usecustombannedimage:string' \
+		'usexforwardedfor:string' \
+		'weightedphrasemode:range(0,2)'
+}
+
+start_service() {
+
+	local config_file accessdeniedaddress bannediplist contentscanexceptions contentscannertimeout \
+		createlistcachefiles custombannedflashfile custombannedimagefile deletedownloadedtempfiles \
+		downloadmanager exceptioniplist filecachedir loglocation \
+		filtergroups filtergroupslist filterip filterports forcequicksearch forwardedfor hexdecodecontent \
+		initialtrickledelay ipcfilename ipipcfilename language languagedir logadblocks logchildprocesshandling \
+		logclienthostnames logconnectionhandlingerrors logexceptionhits logfileformat loglevel loguseragent \
+		maxagechildren maxchildren maxcontentfilecachescansize maxcontentfiltersize maxcontentramcachescansize \
+		maxips maxsparechildren maxuploadsize minchildren minsparechildren nodaemon nologger \
+		pcontimeout perroomdirectory phrasefiltermode prefercachedlists preforkchildren preservecase proxyexchange \
+		proxyip proxyport proxytimeout recheckreplacedurls reverseaddresslookups reverseclientiplookups scancleancache \
+		showweightedfound softrestart trickledelay urlcacheage urlcachenumber urlipcfilename usecustombannedflash \
+		usecustombannedimage usexforwardedfor weightedphrasemode
+
+	validate_e2guardian_section e2guardian || {
+		echo "validation failed"
+		return 1
+	}
+
+	mkdir -p $(dirname $CONFIGFILE)
+	ln -sf $config_file $(dirname $CONFIGFILE)
+
+	echo "accessdeniedaddress = " $accessdeniedaddress > $CONFIGFILE
+	echo "bannediplist = " $bannediplist >> $CONFIGFILE
+	echo "contentscanexceptions = " $contentscanexceptions >> $CONFIGFILE
+	echo "contentscannertimeout = " $contentscannertimeout >> $CONFIGFILE
+	echo "createlistcachefiles = " $createlistcachefiles >> $CONFIGFILE
+	echo "custombannedflashfile = " $custombannedflashfile >> $CONFIGFILE
+	echo "custombannedimagefile = " $custombannedimagefile >> $CONFIGFILE
+	echo "deletedownloadedtempfiles = " $deletedownloadedtempfiles >> $CONFIGFILE
+	echo "downloadmanager = " $downloadmanager >> $CONFIGFILE
+	echo "exceptioniplist = " $exceptioniplist >> $CONFIGFILE
+	echo "filecachedir = " $filecachedir >> $CONFIGFILE
+	echo "filtergroups = " $filtergroups >> $CONFIGFILE
+	echo "filtergroupslist = " $filtergroupslist >> $CONFIGFILE
+	echo "filterip = " $filterip >> $CONFIGFILE
+	echo "filterports = " $filterports >> $CONFIGFILE
+	echo "forcequicksearch = " $forcequicksearch >> $CONFIGFILE
+	echo "forwardedfor = " $forwardedfor >> $CONFIGFILE
+	echo "hexdecodecontent = " $hexdecodecontent >> $CONFIGFILE
+	echo "initialtrickledelay = " $initialtrickledelay >> $CONFIGFILE
+	echo "ipcfilename = " $ipcfilename >> $CONFIGFILE
+	echo "ipipcfilename = " $ipipcfilename >> $CONFIGFILE
+	echo "language = " $language >> $CONFIGFILE
+	echo "languagedir = " $languagedir >> $CONFIGFILE
+	echo "logadblocks = " $logadblocks >> $CONFIGFILE
+	echo "logchildprocesshandling = " $logchildprocesshandling >> $CONFIGFILE
+	echo "logclienthostnames = " $logclienthostnames >> $CONFIGFILE
+	echo "logconnectionhandlingerrors = " $logconnectionhandlingerrors >> $CONFIGFILE
+	echo "logexceptionhits = " $logexceptionhits >> $CONFIGFILE
+	echo "logfileformat = " $logfileformat >> $CONFIGFILE
+	echo "loglevel = " $loglevel >> $CONFIGFILE
+	echo "loglocation = " $loglocation >> $CONFIGFILE
+	echo "loguseragent = " $loguseragent >> $CONFIGFILE
+	echo "maxagechildren = " $maxagechildren >> $CONFIGFILE
+	echo "maxchildren = " $maxchildren >> $CONFIGFILE
+	echo "maxcontentfilecachescansize = " $maxcontentfilecachescansize >> $CONFIGFILE
+	echo "maxcontentfiltersize = " $maxcontentfiltersize >> $CONFIGFILE
+	echo "maxcontentramcachescansize = " $maxcontentramcachescansize >> $CONFIGFILE
+	echo "maxips = " $maxips >> $CONFIGFILE
+	echo "maxsparechildren = " $maxsparechildren >> $CONFIGFILE
+	echo "maxuploadsize = " $maxuploadsize >> $CONFIGFILE
+	echo "minchildren = " $minchildren >> $CONFIGFILE
+	echo "minsparechildren = " $minsparechildren >> $CONFIGFILE
+	echo "nodaemon = " $nodaemon >> $CONFIGFILE
+	echo "nologger = " $nologger >> $CONFIGFILE
+	echo "pcontimeout = " $pcontimeout >> $CONFIGFILE
+	echo "perroomdirectory = " $perroomdirectory >> $CONFIGFILE
+	echo "phrasefiltermode = " $phrasefiltermode >> $CONFIGFILE
+	echo "prefercachedlists = " $prefercachedlists >> $CONFIGFILE
+	echo "preforkchildren = " $preforkchildren >> $CONFIGFILE
+	echo "preservecase = " $preservecase >> $CONFIGFILE
+	echo "proxyexchange = " $proxyexchange >> $CONFIGFILE
+	echo "proxyip = " $proxyip >> $CONFIGFILE
+	echo "proxyport = " $proxyport >> $CONFIGFILE
+	echo "proxytimeout = " $proxytimeout >> $CONFIGFILE
+	echo "recheckreplacedurls = " $recheckreplacedurls >> $CONFIGFILE
+	echo "reverseaddresslookups = " $reverseaddresslookups >> $CONFIGFILE
+	echo "reverseclientiplookups = " $reverseclientiplookups >> $CONFIGFILE
+	echo "scancleancache = " $scancleancache >> $CONFIGFILE
+	echo "showweightedfound = " $showweightedfound >> $CONFIGFILE
+	echo "softrestart = " $softrestart >> $CONFIGFILE
+	echo "trickledelay = " $trickledelay >> $CONFIGFILE
+	echo "urlcacheage = " $urlcacheage >> $CONFIGFILE
+	echo "urlcachenumber = " $urlcachenumber >> $CONFIGFILE
+	echo "urlipcfilename = " $urlipcfilename >> $CONFIGFILE
+	echo "usecustombannedflash = " $usecustombannedflash >> $CONFIGFILE
+	echo "usecustombannedimage = " $usecustombannedimage >> $CONFIGFILE
+	echo "usexforwardedfor = " $usexforwardedfor >> $CONFIGFILE
+	echo "weightedphrasemode = " $weightedphrasemode >> $CONFIGFILE
+
+	procd_open_instance
+	procd_set_param command $PROG -N -c "$CONFIGFILE"
+	procd_set_param file $CONFIGFILE
+	procd_set_param respawn
+	procd_close_instance
+}
+
+stop_service()
+{
+	e2guardian -s | awk -F':' '{ print $2}' | xargs kill -9
+}
+
+service_triggers()
+{
+	procd_add_reload_trigger "e2guardian"
+	procd_add_validation validate_e2guardian_section
+}

net/e2guardian/files/e2guardianf1.conf

@@ -0,0 +1,426 @@
+# e2guardian filter group config file for version 3.0.4
+
+
+# Filter group mode
+# This option determines whether members of this group have their web access
+# unfiltered, filtered, or banned.
+#
+# 0 = banned
+# 1 = filtered
+# 2 = unfiltered (exception)
+#
+# Only filter groups with a mode of 1 need to define phrase, URL, site, extension,
+# mimetype and PICS lists; in other modes, these options are ignored to conserve
+# memory.
+#
+# Defaults to 0 if unspecified.
+# Unauthenticated users are treated as being in the first filter group.
+groupmode = 1
+
+# Filter group name
+# Used to fill in the -FILTERGROUP- placeholder in the HTML template file, and to
+# name the group in the access logs
+# Defaults to empty string
+#groupname = ''
+groupname = ''
+
+# Content filtering files location
+bannedphraselist = 'etc/e2guardian/lists/bannedphraselist'
+weightedphraselist = 'etc/e2guardian/lists/weightedphraselist'
+exceptionphraselist = 'etc/e2guardian/lists/exceptionphraselist'
+bannedsitelist = 'etc/e2guardian/lists/bannedsitelist'
+greysitelist = 'etc/e2guardian/lists/greysitelist'
+bannedsslsitelist = 'etc/e2guardian/lists/bannedsslsitelist'
+greysslsitelist = 'etc/e2guardian/lists/greysslsitelist'
+exceptionsitelist = 'etc/e2guardian/lists/exceptionsitelist'
+bannedurllist = 'etc/e2guardian/lists/bannedurllist'
+greyurllist = 'etc/e2guardian/lists/greyurllist'
+exceptionurllist = 'etc/e2guardian/lists/exceptionurllist'
+exceptionregexpurllist = 'etc/e2guardian/lists/exceptionregexpurllist'
+bannedregexpurllist = 'etc/e2guardian/lists/bannedregexpurllist'
+picsfile = 'etc/e2guardian/lists/pics'
+contentregexplist = 'etc/e2guardian/lists/contentregexplist'
+urlregexplist = 'etc/e2guardian/lists/urlregexplist'
+refererexceptionsitelist = 'etc/e2guardian/lists/refererexceptionsitelist'
+refererexceptionurllist = 'etc/e2guardian/lists/refererexceptionurllist'
+embededreferersitelist = 'etc/e2guardian/lists/embededreferersitelist'
+embededrefererurllist = 'etc/e2guardian/lists/embededrefererurllist'
+urlredirectregexplist = 'etc/e2guardian/lists/urlredirectregexplist'
+
+# local versions of lists (where LOCAL_LISTS enabled)
+#localbannedsitelist = 'etc/e2guardian/lists/localbannedsitelist'
+#localgreysitelist = 'etc/e2guardian/lists/localgreysitelist'
+#localexceptionsitelist = 'etc/e2guardian/lists/localexceptionsitelist'
+#localbannedurllist = 'etc/e2guardian/lists/localbannedurllist'
+#localgreyurllist = 'etc/e2guardian/lists/localgreyurllist'
+#localexceptionurllist = 'etc/e2guardian/lists/localexceptionurllist'
+#localbannedsslsitelist = 'etc/e2guardian/lists/localbannedsslsitelist'
+#localgreysslsitelist = 'etc/e2guardian/lists/localgreysslsitelist'
+#localbannedsearchlist = 'etc/e2guardian/lists/localbannedsearchlist'
+
+!! Not compiled !! authexceptionsitelist = 'etc/e2guardian/lists/authexceptionsitelist'
+!! Not compiled !! authexceptionurllist = 'etc/e2guardian/lists/authexceptionurllist'
+
+# Filetype filtering
+#
+# Allow bannedregexpurllist with grey list mode
+# bannedregexpheaderlist and bannedregexpurllist
+#
+# bannedregexwithblanketblock = off
+#
+# Blanket download blocking
+# If enabled, all files will be blocked, unless they match the
+# exceptionextensionlist or exceptionmimetypelist.
+# These lists do not override virus scanning.
+# Exception lists defined above override all types of filtering, including
+# the blanket download block.
+# Defaults to disabled.
+# (on | off)
+#
+blockdownloads = off
+exceptionextensionlist = 'etc/e2guardian/lists/exceptionextensionlist'
+exceptionmimetypelist = 'etc/e2guardian/lists/exceptionmimetypelist'
+#
+# Use the following lists to block specific kinds of file downloads.
+# The two exception lists above can be used to override these.
+#
+bannedextensionlist = 'etc/e2guardian/lists/bannedextensionlist'
+bannedmimetypelist = 'etc/e2guardian/lists/bannedmimetypelist'
+#
+# In either file filtering mode, the following list can be used to override
+# MIME type & extension blocks for particular domains & URLs (trusted download sites).
+#
+exceptionfilesitelist = 'etc/e2guardian/lists/exceptionfilesitelist'
+exceptionfileurllist = 'etc/e2guardian/lists/exceptionfileurllist'
+
+# POST protection (web upload and forms)
+# does not block forms without any file upload, i.e. this is just for
+# blocking or limiting uploads
+# measured in kibibytes after MIME encoding and header bumph
+# use 0 for a complete block
+# use higher (e.g. 512 = 512Kbytes) for limiting
+# use -1 for no blocking
+#maxuploadsize = 512
+#maxuploadsize = 0
+maxuploadsize = -1
+
+# Categorise without blocking:
+# Supply categorised lists here and the category string shall be logged against
+# matching requests, but matching these lists does not perform any filtering
+# action.
+#logsitelist = 'etc/e2guardian/lists/logsitelist'
+#logurllist = 'etc/e2guardian/lists/logurllist'
+#logregexpurllist = 'etc/e2guardian/lists/logregexpurllist'
+
+# Outgoing HTTP header rules:
+# Optional lists for blocking based on, and modification of, outgoing HTTP
+# request headers.  Format for headerregexplist is one modification rule per
+# line, similar to content/URL modifications.  Format for
+# bannedregexpheaderlist is one regular expression per line, with matching
+# headers causing a request to be blocked.
+# Headers are matched/replaced on a line-by-line basis, not as a contiguous
+# block.
+# Use for example, to remove cookies or prevent certain user-agents.
+headerregexplist = 'etc/e2guardian/lists/headerregexplist'
+bannedregexpheaderlist = 'etc/e2guardian/lists/bannedregexpheaderlist'
+addheaderregexplist = 'etc/e2guardian/lists/addheaderregexplist'
+
+# Weighted phrase mode
+# Optional; overrides the weightedphrasemode option in e2guardian.conf
+# for this particular group.  See documentation for supported values in
+# that file.
+#weightedphrasemode = 0
+
+# Naughtiness limit
+# This the limit over which the page will be blocked.  Each weighted phrase is given
+# a value either positive or negative and the values added up.  Phrases to do with
+# good subjects will have negative values, and bad subjects will have positive
+# values.  See the weightedphraselist file for examples.
+# As a guide:
+# 50 is for young children,  100 for old children,  160 for young adults.
+naughtynesslimit = 50
+
+# Search term blocking
+# Search terms can be extracted from search URLs and filtered using one or
+# both of two different methods.
+
+# Method 1 is that developed by Protex where specific
+# search terms are contained in a bannedsearchlist.
+# (localbannedsearchlist and bannedsearchoveridelist can be used to suppliment
+# and overide this list as required.)
+# These lists contain banned search words combinations on each line.
+# Words are separated by '+' and must be in sorted order within a line.
+#    so to block 'sexy girl' then the list must contain the line
+#    	girl+sexy
+#    and this will block both 'sexy girl' and 'girl sexy'
+# To use this method, the searchregexplist must be enabled and the bannedsearchlist(s) defined
+
+# Method 2 is uses the
+# bannedphraselist, weightedphraselist and exceptionphraselist, with a separate
+# threshold for blocking than that used for normal page content.
+# To do this, the searchregexplist must be enabled and searchtermlimit
+# must be grater than 0.
+
+#
+# Search engine regular expression list (need for both options)
+# List of regular expressions for matching search engine URLs.  It is assumed
+# that the search terms themselves will be contained in the
+# of output of each expression.
+#searchregexplist = 'etc/e2guardian/lists/searchregexplist'
+#
+# Banned Search Term list(s) for option 1
+#bannedsearchlist = 'etc/e2guardian/lists/bannedsearchlist'
+#bannedsearchoveridelist = 'etc/e2guardian/lists/bannedsearchoveridelist'
+
+
+# Search term limit (for Option 2)
+# The limit over which requests will be blocked for containing search terms
+# which match the weightedphraselist.  This should usually be lower than the
+# 'naughtynesslimit' value above, because the amount of text being filtered
+# is only a few words, rather than a whole page.
+# This option must be uncommented if searchregexplist is uncommented.
+# A value of 0 here indicates that search terms should be extracted,
+# but no phrase filtering should be performed on the resulting text.
+#searchtermlimit = 0
+#
+# Search term phrase lists (for Option 2)
+# If the three lines below are uncommented, search term blocking will use
+# the banned, weighted & exception phrases from these lists, instead of using
+# the same phrase lists as for page content.  This is optional but recommended,
+# as weights for individual phrases in the "normal" lists may not be
+# appropriate for blocking when those phrases appear in a much smaller block
+# of text.
+# Please note that all or none of the below should be uncommented, not a
+# mixture.
+#bannedsearchtermlist = 'etc/e2guardian/lists/bannedsearchtermlist'
+#weightedsearchtermlist = 'etc/e2guardian/lists/weightedsearchtermlist'
+#exceptionsearchtermlist = 'etc/e2guardian/lists/exceptionsearchtermlist'
+
+# Category display threshold
+# This option only applies to pages blocked by weighted phrase filtering.
+# Defines the minimum score that must be accumulated within a particular
+# category in order for it to show up on the block pages' category list.
+# All categories under which the page scores positively will be logged; those
+# that were not displayed to the user appear in brackets.
+#
+# -1 = display only the highest scoring category
+# 0 = display all categories (default)
+# > 0 = minimum score for a category to be displayed
+categorydisplaythreshold = 0
+
+# Embedded URL weighting
+# When set to something greater than zero, this option causes URLs embedded within a
+# page's HTML (from links, image tags, etc.) to be extracted and checked against the
+# bannedsitelist and bannedurllist. Each link to a banned page causes the amount set
+# here to be added to the page's weighting.
+# The behaviour of this option with regards to multiple occurrences of a site/URL is
+# affected by the weightedphrasemode setting.
+#
+# NB: Currently, this feature uses regular expressions that require the PCRE library.
+# As such, it is only available if you compiled DansGuardian with '--enable-pcre=yes'.
+# You can check compile-time options by running 'e2guardian -v'.
+#
+# Set to 0 to disable.
+# Defaults to 0.
+# WARNING: This option is highly CPU intensive!
+embeddedurlweight = 0
+
+# Enable PICS rating support
+#
+# Defaults to disabled
+# (on | off)
+enablepics = off
+
+# Temporary Denied Page Bypass
+# This provides a link on the denied page to bypass the ban for a few minutes.  To be
+# secure it uses a random hashed secret generated at daemon startup.  You define the
+# number of seconds the bypass will function for before the deny will appear again.
+# To allow the link on the denied page to appear you will need to edit the template.html
+# or e2guardian.pl file for your language.
+# 300 = enable for 5 minutes
+# 0 = disable ( defaults to 0 )
+# -1 = enable but you require a separate program/CGI to generate a valid link
+bypass = 0
+
+# Temporary Denied Page Bypass Secret Key
+# Rather than generating a random key you can specify one.  It must be more than 8 chars.
+# '' = generate a random one (recommended and default)
+# 'Mary had a little lamb.' = an example
+# '76b42abc1cd0fdcaf6e943dcbc93b826' = an example
+bypasskey = ''
+
+# Infection/Scan Error Bypass
+# Similar to the 'bypass' setting, but specifically for bypassing files scanned and found
+# to be infected, or files that trigger scanner errors - for example, archive types with
+# recognised but unsupported compression schemes, or corrupt archives.
+# The option specifies the number of seconds for which the bypass link will be valid.
+# 300 = enable for 5 minutes
+# 0 = disable (default)
+# -1 = enable, but require a separate program/CGI to generate a valid link
+infectionbypass = 0
+
+# Infection/Scan Error Bypass Secret Key
+# Same as the 'bypasskey' option, but used for infection bypass mode.
+infectionbypasskey = ''
+
+# Infection/Scan Error Bypass on Scan Errors Only
+# Enable this option to allow infectionbypass links only when virus scanning fails,
+# not when a file is found to contain a virus.
+# on = enable (default and highly recommended)
+# off = disable
+infectionbypasserrorsonly = on
+
+# Disable content scanning
+# If you enable this option you will disable content scanning for this group.
+# Content scanning primarily is AV scanning (if enabled) but could include
+# other types.
+# (on|off) default = off.
+disablecontentscan = off
+
+# Enable Deep URL Analysis
+# When enabled, DG looks for URLs within URLs, checking against the bannedsitelist and
+# bannedurllist. This can be used, for example, to block images originating from banned
+# sites from appearing in Google Images search results, as the original URLs are
+# embedded in the thumbnail GET requests.
+# (on|off) default = off
+deepurlanalysis = off
+
+# reportinglevel
+#
+# -1 = log, but do not block - Stealth mode
+#  0 = just say 'Access Denied'
+#  1 = report why but not what denied phrase
+#  2 = report fully
+#  3 = use HTML template file (accessdeniedaddress ignored) - recommended
+#
+# If defined, this overrides the global setting in e2guardian.conf for
+# members of this filter group.
+#
+reportinglevel = 3
+
+# accessdeniedaddress is the address of your web server to which the cgi
+# e2guardian reporting script was copied. Only used in reporting levels
+# 1 and 2.
+#
+# This webserver must be either:
+#  1. Non-proxied. Either a machine on the local network, or listed as an
+#     exception in your browser's proxy configuration.
+#  2. Added to the exceptionsitelist. Option 1 is preferable; this option is
+#     only for users using both transparent proxying and a non-local server
+#     to host this script.
+#
+# If defined, this overrides the global setting in e2guardian.conf for
+# members of this filter group.
+#
+#accessdeniedaddress = 'http://YOURSERVER.YOURDOMAIN/cgi-bin/e2guardian.pl'
+
+# sslaccessdeniedaddress is the address of your web server to which the static page
+# e2guardian reporting was copied. Only used in reporting levels 3 (avoid blank page)
+# Work only in firefox with ssldeniedrewrite off
+
+# sslaccessdeniedaddress = 'http://YOURSERVER.YOURDOMAIN/denyssl.htm'
+
+# Break SSL protocol and redirect to another HTTPS website for denied page (sslaccessdeniedaddress url)
+
+#ssldeniedrewrite = 'on'
+
+# HTML Template override
+# If defined, this specifies a custom HTML template file for members of this
+# filter group, overriding the global setting in e2guardian.conf. This is
+# only used in reporting level 3.
+#
+# The default template file path is <languagedir>/<language>/template.h
+# e.g. share/e2guardian/languages/ukenglish/template.html when using 'ukenglish'
+# language.
+#
+# This option generates a file path of the form:
+# <languagedir>/<language>/<htmltemplate>
+# e.g. share/e2guardian/languages/ukenglish/custom.html
+#
+#htmltemplate = 'custom.html'
+
+# Non standard delimiter (only used with accessdeniedaddress)
+# To help preserve the full banned URL, including parameters, the variables
+# passed into the access denied CGI are separated using non-standard
+# delimiters. This can be useful to ensure correct operation of the filter
+# bypass modes. Parameters are split using "::" in place of "&", and "==" in
+# place of "=".
+# Default is enabled, but to go back to the standard mode, disable it.
+
+#nonstandarddelimiter = off
+
+# Email reporting - original patch by J. Gauthier
+
+# Use SMTP
+# If on, will enable system wide events to be reported by email.
+# need to configure mail program (see 'mailer' in global config)
+# and email recipients
+# default usesmtp = off
+#!! Not compiled !!usesmtp = off
+
+# mailfrom
+# who the email would come from
+# example: mailfrom = 'e2guardian@mycompany.com'
+#!! Not compiled !!mailfrom = ''
+
+# avadmin
+# who the virus emails go to (if notify av is on)
+# example: avadmin = 'admin@mycompany.com'
+#!! Not compiled !!avadmin = ''
+
+# contentdmin
+# who the content emails go to (when thresholds are exceeded)
+# and contentnotify is on
+# example: contentadmin = 'admin@mycompany.com'
+#!! Not compiled !!contentadmin = ''
+
+# avsubject
+# Subject of the email sent when a virus is caught.
+# only applicable if notifyav is on
+# default avsubject = 'e2guardian virus block'
+#!! Not compiled !!avsubject = 'e2guardian virus block'
+
+# content
+# Subject of the email sent when violation thresholds are exceeded
+# default contentsubject = 'e2guardian violation'
+#!! Not compiled !!contentsubject = 'e2guardian violation'
+
+# notifyAV
+# This will send a notification, if usesmtp/notifyav is on, any time an
+# infection is found.
+# Important: If this option is off, viruses will still be recorded like a
+# content infraction.
+#!! Not compiled !!notifyav = off
+
+# notifycontent
+# This will send a notification, if usesmtp is on, based on thresholds
+# below
+#!! Not compiled !!notifycontent = off
+
+# thresholdbyuser
+# results are only predictable with user authenticated configs
+# if enabled the violation/threshold count is kept track of by the user
+#!! Not compiled !!thresholdbyuser = off
+
+#violations
+# number of violations before notification
+# setting to 0 will never trigger a notification
+#!! Not compiled !!violations = 0
+
+#threshold
+# this is in seconds. If 'violations' occur in 'threshold' seconds, then
+# a notification is made.
+# if this is set to 0, then whenever the set number of violations are made a
+# notifaction will be sent.
+#!! Not compiled !!threshold = 0
+
+#SSL certificate checking
+# Check that ssl certificates for servers on https connections are valid
+# and signed by a ca in the configured path
+sslcertcheck = off
+
+#SSL man in the middle
+# Forge ssl certificates for all sites, decrypt the data then re encrypt it
+# using a different private key. Used to filter ssl sites
+sslmitm = off
+