Cool Solution - Shallalist Downloader

From Univention Wiki

Jump to: navigation, search
Produktlogo UCS Version 4.3
Produktlogo UCS@School Version 4.3

Note: Cool Solutions are articles documenting additional functionality based on Univention products. Packages provided by a Cool Solutions Repository are built by Univention, but will not be maintained. Not all of the shown steps in the article are covered by Univention Support. For questions about your support coverage contact your contact person at Univention before you want to implement one of the shown steps.

Also regard the legal notes at Terms of Service.

The Shalla Blacklists provided by Shalla Secure Services are a collection of URL and Domain lists grouped in several categories, which are intended to be used with web filters. This Cool Solution describes the installation and usage of an automatic downloader which implements the blacklists into the Webproxy provided by UCS@school and another DNS Server blacklist solution.

Please note: Usage of the Shalla Blacklists may not be free of charge for your kind of application. To acknowledge the license, please read the following web page: shallalist.de/licence.html

Installation

Install the shalla-list downloader package:

univention-install univention-shalla-list-downloader

After installing the package, the downloader is ready to be configured.

Configuration

Without any further configuration, the script won't do anything besides regularly downloading the newest shalla lists into the following local folder:

/usr/local/share/univention-shalla-list-downloader/

The downloader cronjob can be configured with the UCR variables cron/shalla-list-downloader/command, cron/shalla-list-downloader/time and cron/shalla-list-downloader/description. Follow the descriptions below to automatically integrate the lists into different services.

Integrate the Shalla lists into the proxy server

Starting with UCS@school version 4.0 R2, it is possible to automatically integrate the blacklists into the proxy server provided. More information about this proxy can be found in the Documentation (German only).

Only the following UCR variables have to be set to achieve this. Everything else will be done automatically:

UCR Variable Description Example
proxy/filter/global/blacklists/domains Space separated list of text files that will be included as blacklist for domains within the UCS@school proxy configuration shallalists/adv/domains shallalists/hacking/domains shallalists/gamble/domains
proxy/filter/global/blacklists/urls Space separated list of text files that will be included as blacklist for URLs within the UCS@school proxy configuration shallalists/adv/urls shallalists/hacking/urls shallalists/gamble/urls

Important is the correct format of these space separated lists. The first part of each entry for shalla lists is the prefix shallalists/. This is followed by the category name. All valid category names can be found in Shalla's Blacklists - Category description. Each entry should be finished by the type name of the list. Valid values are /domains and /urls (each type should only be used in their according variable).
Examples can be found in the table above.

Integrate the Shalla lists into the DNS server

It is possible to block certain websites through the UCS DNS Server. This can be helpful in situations, in which it isn't possible to force clients to use your proxy server.

The following UCR variable has to be set after installing the Cool Solution - Simple domain blacklisting with DNS. A detailed description on how DNS blacklisting works and all its possibilities and restrictions can be found in the linked Cool Solution.

UCR Variable Description Example
dns/blacklist/record/domains Space separated list of text files that will be included as blacklist for domains within the UCS DNS configuration shallalists/adv/domains shallalists/hacking/domains shallalists/gamble/domains

Important for this UCR space separated list is the correct format. The first part of each entry for shalla lists is the prefix shallalists/. This is followed by the category name. All valid category names can be found in Shalla's Blacklists - Category description. Each entry should be finished by the type name /domains.
Examples can be found in the table above.

Personal tools