Catch up on stories from the past week (and beyond) at the Slashdot story archive

 


Forgot your password?
Close
typodupeerror
×
The Internet

Filtering Based on TLD? 14

Posted by Cliff from the searching-for-a-better-option dept.
nelomolen asks: "The school year is upon us, and I'm sure there's more than one school network administrator out there who is facing the same problem I am... web filtering (loud hissing ensues). Most administrators are stuck without a solution, with administration breathing down the back of their neck for a workable one. Put aside for a second that almost everyone hates the idea, we need something to tide us over until these laws are overturned (optimism). Does anyone know of any filtering solutions (client or server-side) that will strictly allow access based on TLD *then* domain name? For the sake of weathering out these laws, the easiest solution is to give unlimited access to .gov, .int, .us, .edu, .mil, etc, and explicit access to the handful of useful .com, .net, and .org domains that are out there. Has this option been explored by anyone? It seems to be a reasonable temporary fix. Is there currently any open-source software that can do this?"
This discussion has been archived. No new comments can be posted.

Filtering Based on TLD? More

Filtering Based on TLD?

Comments Filter:

  • SquidGuard (Score:2, Informative)

    by matrix0040 ( 516176 )
    I think you can use Squidguard [squidguard.org] for this purpose. I'm not sure but they've wildcard support so you can configure the filter based on that.

    However in my opinion it would be difficult to pick out those handful of useful .com, .net, and .org domains. Cuz there are many more than just a handful. However you can use the available blacklist database available from squidguard's site to do the blocking.

  • Squid with SquidGuard is the bomb (Score:3, Informative)

    by waa ( 159514 ) on Friday September 07, 2001 @09:36PM (#2265951) Homepage
    As previously stated, SquidGuard [squidguard.org] on top of Squid Cache [squid-cache.org] is a probable good solution. SquidGuard is HIGHLY configurable for rule-sets, and Squid is a fantastic web-caching proxy server.

    I have recently configured such a web-filtering beast at a private middle school that requires web filtering for students. I am VERY happy with the speed of Squid and the configurability of SquidGuard.

    FYI, I simply created two lists "adult" and "student", and configured SquidGuard to pass ALL adult user requests on through unchecked, but check for and block 'bad stuff' when a student is making an attempt.

    Client is happy, I am happy (and paid). Chalk another one up for censorship!

    Kidding aside, this is a middle school and the children's Internet/computer access is monitored by staff/faculty members as well. Squid & SquidGuard are an added assitance. YMMV

  • Filtering is bad (Score:2, Insightful)

    by epsalon ( 518482 )
    It is bad because you can either filter too many or too little. Usually both.
    For example, Google's cache or altavista's babelfish, and many other loopholes alike (there was a link about this in a previous post). If you allow access to these resources - You've allowed access to all. If not, you've shut down a useful service.
    Moreover, I can create my own site that can serve as an open proxy and locate it in the .edu domain (I'm a student), and all your security falls. Heck - one of the students could ask a friend in college to build such a site for him.
    Either you enable Internet access to all sites, or disable it altogether, except for some previously downloaded pages. Otherwise - there is now way to do so.
    What you may consider however, is a strict accounting system and monitoring (which may be automated) of access to illegal material. That way, you can surf to pr0n sites, but you'll be called to the principal's office once you do.
    • For example, Google's cache or altavista's babelfish, and many other loopholes alike (there was a link about this in a previous post). If you allow access to these resources - You've allowed access to all.

      Not necessarily- google only caches text, so pr0n images are still blocked. However, you'd still need to block moore comprenhensive services like SilentSurf or the Anonymizer in order to work.

      • Sure, but what about pr0n text or pr0n ascii art? Also, there are other types 'obejctionable' content such as drugs, anarchists, and such, that can be expressed as text.
  • At my school they gave up on trying to censor us, there was just way to much stuff..

    So, what they have now is a few simple log checkers. Basically it checks the logs for common words that are in porn urls. like "sex", "fuck", "slut", "teen", "porn", "cunt" etc.. It then tallies up the total bandwidth used by EACH USER and forward it to the sysadmin, daily.

    They give each kid a porn-limit (yes, its true) - nothing official. But they understand kids will look at porn, theres no stopping them, but if its getting obsessive OR using to much bandwith (~more than 40mb a week): they get the psychologist to talk to them.. easy :-).

    (this is the unofficial pollicy, but it seems to work well)
    and for the record: no, i dont bother using the net at school, its only a 50K link for several hundred kids.
  • Squirm for Squid-cache is a fast & configurable redirector for the Squid Internet Object Cache.

    Basically it redirects (possibly to a local apache server, if you want) URL requests that match reg-exp's.

    So you could have it redirect to a notice saying "sorry, this website is banned" to anything but the checkin's that you have made available.

    its smaller and ligher than Squidguard - but squidguard gets useful when you have MANY MANY MANY regexps to match (like 1000's) since it uses a database.

    hope that helps
  • Squidguard [squidguard.org] comes with a blockfile for porn sites. I don't know how comprehensive it is, but it will probably satisfy the law and be restrictive than blocking all .com, .org, and .net domains.
  • Speaking as a high school student, which I currently am, in a Florida school, our school district uses Squid software off of Novell something or other to provide internet filtering. Everything is for null, however, due to a very nifty web site that I discovered, that uses a secure proxy to circumvent the filtering and firewalls.

    Using this tool, I can go to that web site, and type the address into it, and it uses a secure proxy server on a different port. It currently has school officials stumped on how to block it.

    Is there any way to restrict access to HTTPS:// connections? (I don't want to have to set my home connection up as a secure proxy...but I might have to if they block it.)

Slashdot Top Deals

Always draw your curves, then plot your reading.

Close