The Mac Orchard - HomeHelpFAQALEMIAForumsDrew's Picks

Server Applications

DansGuardian

Home Page Release Notes Screen Shots License:
See text.

Current Version: 2.10.1.1 (June 8, 2009)

DansGuardian is an award winning web content filtering proxy for Linux, FreeBSD, OpenBSD, NetBSD, Mac OS X, HP-UX, and Solaris that uses Squid to do all the fetching. It filters using multiple methods. These methods include URL and domain filtering, content phrase filtering, PICS filtering, MIME filtering, file extension filtering, POST limiting. The content phrase filtering will check for pages that contain profanities and phrases often associated with pornography and other undesirable content. The POST filtering allows you to block or limit web upload. The URL and domain filtering is able to handle huge lists and is significantly faster than squidGuard. The filtering has configurable domain, user and source ip exception lists. SSL Tunneling is supported. The configurable logging produces a log in an easy to read format which has the option to only log the text-based pages, thus significantly reducing redundant information such as every image on a page. Pretty much all parts of DansGuardian are configurable thus giving the end administrator user total control over what is filtered and not some third-party company.

DansGuardian 2 is:

  • free for non-commercial use
  • not free for installation by 3rd parties charging for installation or support
  • not free for commercial use
  • licensed under the GPL

Version 2.10 is the first new "stable" release since August 2005, and includes a host of changes from the 2.8 series. Here are the highlights:

  • Built-in content scanner plugin system which includes AV scanning
  • NTLM and persistent connection support
  • Header analysis and manipulation so you can manipulate cookies
  • Large file (2GB+) download & scanning support
  • Autotools build system
  • URL regular expression replacement so you can force safe search in Google
  • Deep URL scanning to spot URLs in URLs to for example block images in Google images
  • Advanced advert blocking
  • Many performance improvements
  • Updates to handle all current web technology trends
  • Blanket SSL blocking so you can block SSL anonymous proxies and allow access to legitimate SSL sites such as banking by whitelisting

Version 2.10.1.1 is a bugfix release that makes the following additional changes:

  • Add "originalip" option to dansguardian.conf, for determining the original destination IP in transparent proxy set-ups, and ensuring that the destination domain of the request resolves to that IP. This can help to address a particular transparent proxy security vulnerability (US-CERT VU#435052), but because of certain limitations - only implemented on Linux/Netfilter; potential breakage of websites using round-robin DNS - the code is not enabled by default. Enable by passing "--enable-orig-ip" to the configure script.
  • Fix a crash which could occur when dealing with simultaneous incoming connections in configurations using more than one listening socket.
  • Fix a crash when checking time limits on item lists.
  • Fix potential usage of uninitialised memory during phrase filtering.

User Reviews

Currently, no user reviews have been submitted. Send me yours!

Download the Mac OS X (Darwin) version.

Also See . . .

Can't find what you're looking for? Try a search:

Also, if you have an older Mac, be sure to check out the "Classic" applications page for more options.

Finally, take a look at ALEMIA if you think you know that name of an application, but aren't quite sure.

Built Into Mac OS X

Mac OS X has a huge amount of TCP/IP-based server software built into it that I don't specifically cover here. Your "Sharing" Preference Pane allows you to enable and disable these services with a click of the mouse. The software running behind the scenes to provide many of these services is generally of the open source variety. The standard release of Mac OS X includes, among many others:

  • Apache httpd (web server; enabled via the Sharing Preference Pane).
  • Postfix (mail server; see Mac OS X Hints for more information).
  • tnftpd (FTP server; enabled via the Sharing Preference Pane).
  • OpenSSH (Secure Shell server; enabled via the Sharing Preference Pane via "Remote Login" but additionally configurable via selected applications listed on this page).
  • BIND (Domain Name System server; see Mac OS X Hints for more information).
  • Samba (Windows file sharing; enabled via the Sharing Preference Pane).
  • XFree86 (X Window server; enabled via the "X11" application in your "Utilities" folder, if you elected to install it with Mac OS X).

Of course, Mac OS X Server includes many more, in addition to offering more recent versions of many of the above servers.

Related Links

Graham Orndorff has written a superb collection of articles on setting up email servers and secure email clients on Mac OS X.

Also Consider . . .

These are applications that are newer and of potential interest, but which I haven't yet selected for permanent inclusion. Have a look, and let me know if you think they deserve to be part of the permanent collection!