Cool Solution - Shallalist Downloader

The Shalla Blacklists provided by Shalla Secure Services are a collection of URL and Domain lists grouped in several categories, which are intended to be used with web filters. This Cool Solution describes the installation and usage of an automatic downloader which implements the blacklists into the Webproxy provided by UCS@school and another DNS Server blacklist solution.

Please note: Usage of the Shalla Blacklists may not be free of charge for your kind of application. To acknowledge the license, please read the following web page.

Installation

This solution needs special packages build by Univention. These packages are provided in a Cool Solutions Repository. To integrate the Cool Solutions Repository execute the following command:

ucr set repository/online/component/cool-solutions=yes \
repository/online/component/cool-solutions/version="current" \
repository/online/component/cool-solutions/unmaintained=yes

Now install the shalla-list downloader package:

univention-install univention-shalla-list-downloader

After installing the package, the downloader is ready to be configured.

Configuration

Without any further configuration, the script won’t do anything besides regularly downloading the newest shalla lists into the following local folder:

/usr/local/share/univention-shalla-list-downloader/

The downloader cronjob can be configured with the UCR variables

cron/shalla-list-downloader/command
cron/shalla-list-downloader/time
cron/shalla-list-downloader/description

Follow the descriptions below to automatically integrate the lists into different services.

Integrate the Shalla lists into the proxy server

Starting with UCS@school version 4.0 R2, it is possible to automatically integrate the blacklists into the proxy server provided. More information about this proxy can be found in the Documentation (German only).

Only the following UCR variables have to be set to achieve this. Everything else will be done automatically:

UCR Variable Description Example
proxy/filter/global/blacklists/domains Space separated list of text files that will be included as blacklist for domains within the UCS@school proxy configuration shallalists/adv/domains shallalists/hacking/domains shallalists/gamble/domains
proxy/filter/global/blacklists/urls Space separated list of text files that will be included as blacklist for URLs within the UCS@school proxy configuration shallalists/adv/urls shallalists/hacking/urls shallalists/gamble/urls

Important is the correct format of these space separated lists. The first part of each entry for shalla lists is the prefix shallalists/. This is followed by the category name. All valid category names can be found in Shalla’s Blacklists - Category description. Each entry should be finished by the type name of the list. Valid values are /domains and /urls (each type should only be used in their according variable).

Examples can be found in the table above.

Integrate the Shalla lists into the DNS server

It is possible to block certain websites through the UCS DNS Server. This can be helpful in situations, in which it isn’t possible to force clients to use your proxy server.

The following UCR variable has to be set after installing the Cool Solution - Simple domain blacklisting with DNS. A detailed description on how DNS blacklisting works and all its possibilities and restrictions can be found in the linked Cool Solution.

UCR Variable Description Example
dns/blacklist/record/domains Space separated list of text files that will be included as blacklist for domains within the UCS DNS configuration shallalists/adv/domains shallalists/hacking/domains shallalists/gamble/domains

Important for this UCR space separated list is the correct format. The first part of each entry for shalla lists is the prefix shallalists/. This is followed by the category name. All valid category names can be found in Shalla’s Blacklists - Category description. Each entry should be finished by the type name /domains.

Examples can be found in the table above.