boog
Premium
join:2000-07-24
Trenton, OH
| blocking content
I just spent part of today setting up squid and dansguardian to block ads and "questionable" sites. So far I like it, just putting it to the test for a bit before I turn it totally loose with an iptables redirect to port 80. Just to make sure I'm not overly blocking things, the default settings pretty much block the entire web!
This should also come in handy when my kids get old enough to start surfing the web, they "shouldn't" be able to get to the nasty sites while I'm not looking. And by blocking sites, hopefully I'll lower the windows spyware rate on the windows boxes around the house!
In my quest for learning to set this up, I was wondering what kind of setups everyone around the ATU forums use for blocking content, if at all.
Just a general "This is what I use" will work, you don't have to go into great detail, unless your really in the mood to give a free speech!  |
|
Epyon9283
Premium
join:2001-12-26
Dayton, NJ | I use squid + privoxy to block ads. |
|
janizary
@sympatico.ca | reply to boog
I don't do it anymore, but I used to have a privoxy/squid box for storing commonly accessed images and blocking adds and porn. |
|
JohnInSJ
Premium
join:2003-09-22
San Jose, CA
 ·Comcast
| reply to boog
squid + dansguardian here too with a 9 year old surfing away happily. I have it set pretty aggressively, and the block page says "See Dad" - she wanders in and asks to have sites unblocked when she hits this (mostly for too many "girl" words - she likes to visit bratz and other websites for girl products and the weighed phrase list trips often - it also nukes all binary download (movie, exe, etc) stuff which goes a long way towards keeping out virus/trojan junk.
The ad block list is really great - no popups, no banner ads, just little windows with "content blocked" messages 
I also use a port 80 redirect via iptables for all NAT machines, so there is no setup and no way around it. |
|
cob_
1310nm Of Goodness
Premium
join:2003-07-08
Tulsa, OK | If one of you gets bored, would you mind creating a little howto for this? My kids aren't old enough yet to type URLs in (they visit sites I created desktop shortcuts for them to), but one is close to spelling age. |
|
JohnInSJ
Premium
join:2003-09-22
San Jose, CA
·Comcast
| reply to boog
I did a google for squid dansguardian howto and it found several hits, probably any of them would do.
The usual way it goes is to have iptables redirect port 80 outbound to dansguardian
Chain loc_dnat (3 references)
target prot opt source destination
REDIRECT tcp -- anywhere !10.0.0.1 tcp dpt:http redir ports 8080
Something like that
Now, dansguardian gets the request, checks it, and kicks a reject page if it fails any of the tests, otherwise it forwards it to squid.
You can adblock in either, or both. I think I adblock mostly in squid now that I think about it - yep I have an acl deny for a list of hosts.
It's pretty simple to set up - I've got dansgardian logging all requests, so if I wanted to see what she's been surfing it is reasonably easy to do so.
Shorewall is a reasonably easy way to deal with iptables when it comes time to get fancy blocking outbound access (I have not run into this yet, but it may come up in a year or three...) |
|
elboricua
El Subestimado
Premium
join:2001-08-12
Bronx, NY
| reply to boog
In the past I setup a squid proxy for my uncle and his two children. I setup an OpenBSD box with PF, and Squid. At the time the web was not quite as bad as it is now. I setup squidguard to block all web access after a certain hour for the kids IP's. I went with static. I could have used uid's and passwords but I am sure that the kids would have found out the adults password and gotten out on that.
While he didn't want the kids to go to porn sites, my uncle still wanted access himself :/
--
My Blog | Sending script kiddies to /dev/null since 1995! |
|
boog
Premium
join:2000-07-24
Trenton, OH
| reply to cob_
»dansguardian.org/?page=documentation has alot of documentation! it's where I got my info on setting it up.
And thanks to everyone for posting their setups! It gives me more stuff to research. |
|
