DansGuardian

DansGuardian is an award winning web content filtering proxy(1) for Linux, FreeBSD, OpenBSD, NetBSD, Mac OS X, HP-UX, and Solaris that uses Squid(2) to do all the fetching. It filters using multiple methods. These methods include URL and domain filtering, content phrase filtering, PICS filtering, MIME filtering, file extension filtering, POST limiting.
The content phrase filtering will check for pages that contain profanities and phrases often associated with pornography and other undesirable content. The POST filtering allows you to block or limit web upload. The URL and domain filtering is able to handle huge lists and is significantly faster than squidGuard.
The filtering has configurable domain, user and source ip exception lists. SSL Tunneling is supported.
The configurable logging produces a log in an easy to read format which has the option to only log the text-based pages, thus significantly reducing redundant information such as every image on a page.
Pretty much all parts of DansGuardian are configurable thus giving the end administrator user total control over what is filtered and not some third-party company.
(1) Technically DansGuardian is more of a filtering pass-through than a true proxy - but don't let that worry you!

(2) DansGuardian should work with any proxy, not just Squid. For example, it is known to work with Oops



The main features of DansGuardian are as follows:


*Significantly cheaper than IGear (one of the best commercial filters).
*Can block adverts by the use of an advert URL block list.
*Can filter text and HTML pages for obscene (sexual, racial, violent, etc) content.
*Uses an advanced phrase weighting system to reduce over or under blocking.
*Can filter sites using the PICS labeling system.
*Can filter according to MIME type and file extension.
*Can filter according to URLs including Regular Expression URLs.
*URL filtering is compatible with squidGuard black lists.
*The URL filtering is able to filter https requests.
*Can work in a 'whitelist' mode where all sites except those listed are blocked.
*Can block all IP based URLs.
*Is able to block sites when users try using the IP address of the site instead.
*Produces a log in a very human readable format.
*Optionally produces a log in CSV format for easy import into databases etc.
*Is able to log the username using either Ident or basic proxy authentication.
*It has the ability to switch off filtering for specified sites, parts of sites, browser IPs and usernames.
*Can block specified source IPs and usernames.
*Can block or limit web uploading (e.g. attachments in Hotmail).
*Has the ability to work in a stealth mode where it logs sites that would have been blocked, but does not block them. This allows you to monitor your users without them knowing.
*Uses a very intelligent algorithm to match phrases in web pages mixed in with HTML code and white space.
*Big5, Unicode and top-bit set characters can be used in search phrases.
*URL filtering is significantly faster than squidGuard.
*The configuration lists use the same incredibly fast code that allows them all to be hundreds of thousands of entries long.
*100% C++ and can compile on GCC 3.
*Can be made to re-read config files with a HUP signal.
*Works perfectly in conjunction with Squid and Oops. Also see this important information.
*Has no 3rd party library requirements (no nb++ as was used in version 1) so can be installed much easier and so is also provided as an RPM.
*Supports (adds) the squid X-Forwarded-For header line.
*Supports compressed (Content-Encoding gzip and deflate) HTML.
*Can be made to only listen on 1 IP.