Thursday, December 24, 2009

Endian - How to disable flash videos (.flv)

This is a topic which had been annoying me for sometime. As internet resources weren't enough, after all I had to find my own solution.

I have to remark that, not only for Flash video (.flv), this solution can be used for ALL file types which are not to be downloaded. Its quite helpful for stopping users downloading games, mp3s, etc directly from the internet.


Here is the general problem:
After Youtube, Flash Video based sites such as Metacafe, google.video, Dailymotion, Facebook etc started to haunt the internet and its backbones. Its not really a problem for home users, but, for companies with limited bandwith and resources, viewing of online flash videos reduces their connectivity resources drastically. Even with content filtering such as websense or dansguardian, everyday a new site opens up and you just cant keep up with users.

The solution is actually about how to do it instead of "is it possible?". Luckily the creators of Dansguarian (the source system in Endian, Smoothwall etc.), thought of the solution, but preferred to keep it disabled as default.

If you try to disable Flash video MIME, as the MIME standards are rather out of date, it generally disables all flash based activity in pages including .swf,  related bank and other flash integrated web services which is a useless solution.

Here is the firm SOLUTION:
Flash videos are mostly .flv extensioned files which are embeded into the html or java code. There is no separate MIME type for Flash .flv files. But it has an extension called .flv.

Although it doesn't show directly on Endian interface, its underside software Dansguardian, fully supports ban of extensions via a ban list stated deep inside the linux file system. At this point I must warn that although Endian's filters are built on Dansguardian, their folders are in different locations.


Here is how:
For Dansguarian (Linux installations)

1.  Open a telnet connection to your linux server with root access.
2.  Goto /etc/dansguardian/
3.  nano dansguardianf1.conf
4.  Add the line bannedextensionlist = '/etc/dansguardian/profiles/1/bannedextensionlist'
5.  Save the file and exit to prompt
6.  Goto /etc/dansguardian/profiles/1/ and type nano bannedextensionlist to edit the file.
7.  If the file doesn't exist, when you open it with above command, it will allow you to save it with the same name on exist.
8.  As the file is disabled, there is probably no content inside it.
9.  Simply add the line according to the file extension you want to ban such as below:
.flv # Flash Video
.exe # Executable Files
.mp3 # mp3 audio
.wma # wma audio
.asf # asf live audio
.ra # real player audio
10.  Save and exit the file to prompt.
11.  I strongly advise for you to reboot the linux system for the changes to take effect.

For Endian Systems:
1.  Open a telnet connection to your linux server with root access.
2.  Goto /etc/dansguardian/
3.  Type nano dansguardianf1.conf
4.  Add the line bannedextensionlist = '/etc/dansguardian/profiles/1/bannedextensionlist'
5.  Save the file and exit to prompt
6.  Although uptill now, the method is the same, Endian for some reason uses a banlist actually formed at  /var/efw/dansguardian.
7.  So open the file at location by typing nano /var/efw/dansguardian/bannedextensionlist
8.  If the file doesn't exist, when you open it with above command, it will allow you to save it with the same name.
9.  As the file is disabled, there is probably no content inside it.
10.  Simply add the line according to the file extension you want to ban such as below:
.flv # Flash Video
.exe # Executable Files
.mp3 # mp3 audio
.wma # wma audio
.asf # asf live audio
.ra # real player audio
11.  Save and exit the file to prompt.
12.  I strongly advise for you to reboot the linux system for the changes to take effect.

2 comments:

  1. Hello,

    Do you know how to configure VPN in Endian 2.3? I was trying to search on internet but no answer. I was your blog it's really helpful. Thanks for advance when ever you have time to answer. This is my contact tida@computserve.net

    ReplyDelete
  2. I am currently working on configuring VPN section. I must remind that the vpn option is actually an integrated version of Openvpn which can be downloaded from http://openvpn.net

    Note that it does not have to run on Linux, it can even run on Windows.

    ReplyDelete