Disclaimer: as shallalists aren’t available anymore, this cool solution is deprecated.
The Shalla Blacklists provided by Shalla Secure Services are a collection of URL and Domain lists grouped in several categories, which are intended to be used with web filters. This Cool Solution describes the installation and usage of an automatic downloader which implements the blacklists into the Webproxy provided by UCS@school and another DNS Server blacklist solution.
Please note: Usage of the Shalla Blacklists may not be free of charge for your kind of application. To acknowledge the license, please read the following web page.
Installation
This solution needs special packages build by Univention. These packages are provided in a Cool Solutions Repository. To integrate the Cool Solutions Repository execute the following command:
ucr set repository/online/component/cool-solutions=yes \ repository/online/component/cool-solutions/version="current" \ repository/online/component/cool-solutions/unmaintained=yes
Now install the shalla-list downloader package:
univention-install univention-shalla-list-downloader
After installing the package, the downloader is ready to be configured.
Configuration
Without any further configuration, the script won’t do anything besides regularly downloading the newest shalla lists into the following local folder:
/usr/local/share/univention-shalla-list-downloader/
The downloader cronjob can be configured with the UCR variables
cron/shalla-list-downloader/command
cron/shalla-list-downloader/time
cron/shalla-list-downloader/description
Follow the descriptions below to automatically integrate the lists into different services.
Integrate the Shalla lists into the proxy server
Starting with UCS@school version 4.0 R2, it is possible to automatically integrate the blacklists into the proxy server provided. More information about this proxy can be found in the Documentation (German only).
Only the following UCR variables have to be set to achieve this. Everything else will be done automatically:
| UCR Variable | Description | Example |
|---|---|---|
proxy/filter/global/blacklists/domains |
Space separated list of text files that will be included as blacklist for domains within the UCS@school proxy configuration | shallalists/adv/domains shallalists/hacking/domains shallalists/gamble/domains |
proxy/filter/global/blacklists/urls |
Space separated list of text files that will be included as blacklist for URLs within the UCS@school proxy configuration | shallalists/adv/urls shallalists/hacking/urls shallalists/gamble/urls |
Important is the correct format of these space separated lists. The first part of each entry for shalla lists is the prefix shallalists/. This is followed by the category name. All valid category names can be found in Shalla’s Blacklists - Category description. Each entry should be finished by the type name of the list. Valid values are /domains and /urls (each type should only be used in their according variable).
Examples can be found in the table above.
Integrate the Shalla lists into the DNS server
It is possible to block certain websites through the UCS DNS Server. This can be helpful in situations, in which it isn’t possible to force clients to use your proxy server.
The following UCR variable has to be set after installing the Cool Solution - Simple domain blacklisting with DNS. A detailed description on how DNS blacklisting works and all its possibilities and restrictions can be found in the linked Cool Solution.
| UCR Variable | Description | Example |
|---|---|---|
dns/blacklist/record/domains |
Space separated list of text files that will be included as blacklist for domains within the UCS DNS configuration | shallalists/adv/domains shallalists/hacking/domains shallalists/gamble/domains |
Important for this UCR space separated list is the correct format. The first part of each entry for shalla lists is the prefix shallalists/. This is followed by the category name. All valid category names can be found in Shalla’s Blacklists - Category description. Each entry should be finished by the type name /domains.
Examples can be found in the table above.