Filtering Based on TLD? 14
nelomolen asks: "The school year is upon us, and I'm sure there's more than one school network administrator out there who is facing the same problem I am... web filtering (loud hissing ensues). Most administrators are stuck without a solution, with administration breathing down the back of their neck for a workable one. Put aside for a second that almost everyone hates the idea, we need something to tide us over until these laws are overturned (optimism). Does anyone know of any filtering solutions (client or server-side) that will strictly allow access based on TLD *then* domain name? For the sake of weathering out these laws, the easiest solution is to give unlimited access to .gov, .int, .us, .edu, .mil, etc, and explicit access to the handful of useful .com, .net, and .org domains that are out there. Has this option been explored by anyone? It seems to be a reasonable temporary fix. Is there currently any open-source software that can do this?"
SquidGuard (Score:2, Informative)
However in my opinion it would be difficult to pick out those handful of useful .com, .net, and .org domains. Cuz there are many more than just a handful. However you can use the available blacklist database available from squidguard's site to do the blocking.
Re:Rewrite IE (Score:1)
and besides anyone can goto google.com and type in the URL and get a hyperlink to it in one second (or write the link in a file)
So have a linux box as your proxy server, run squid proxy with squidguard and you should be done.
Squid with SquidGuard is the bomb (Score:3, Informative)
I have recently configured such a web-filtering beast at a private middle school that requires web filtering for students. I am VERY happy with the speed of Squid and the configurability of SquidGuard.
FYI, I simply created two lists "adult" and "student", and configured SquidGuard to pass ALL adult user requests on through unchecked, but check for and block 'bad stuff' when a student is making an attempt.
Client is happy, I am happy (and paid). Chalk another one up for censorship!
Kidding aside, this is a middle school and the children's Internet/computer access is monitored by staff/faculty members as well. Squid & SquidGuard are an added assitance. YMMV
Filtering is bad (Score:2, Insightful)
For example, Google's cache or altavista's babelfish, and many other loopholes alike (there was a link about this in a previous post). If you allow access to these resources - You've allowed access to all. If not, you've shut down a useful service.
Moreover, I can create my own site that can serve as an open proxy and locate it in the
Either you enable Internet access to all sites, or disable it altogether, except for some previously downloaded pages. Otherwise - there is now way to do so.
What you may consider however, is a strict accounting system and monitoring (which may be automated) of access to illegal material. That way, you can surf to pr0n sites, but you'll be called to the principal's office once you do.
Re:Filtering is bad (Score:1)
Not necessarily- google only caches text, so pr0n images are still blocked. However, you'd still need to block moore comprenhensive services like SilentSurf or the Anonymizer in order to work.
Re:Filtering is bad (Score:1)
censorship... (Score:1)
So, what they have now is a few simple log checkers. Basically it checks the logs for common words that are in porn urls. like "sex", "fuck", "slut", "teen", "porn", "cunt" etc.. It then tallies up the total bandwidth used by EACH USER and forward it to the sysadmin, daily.
They give each kid a porn-limit (yes, its true) - nothing official. But they understand kids will look at porn, theres no stopping them, but if its getting obsessive OR using to much bandwith (~more than 40mb a week): they get the psychologist to talk to them.. easy
(this is the unofficial pollicy, but it seems to work well)
and for the record: no, i dont bother using the net at school, its only a 50K link for several hundred kids.
squirm.. (Score:1)
Basically it redirects (possibly to a local apache server, if you want) URL requests that match reg-exp's.
So you could have it redirect to a notice saying "sorry, this website is banned" to anything but the checkin's that you have made available.
its smaller and ligher than Squidguard - but squidguard gets useful when you have MANY MANY MANY regexps to match (like 1000's) since it uses a database.
hope that helps
Qquidguard (Score:1)
Filtering secure connections (Score:1)
Using this tool, I can go to that web site, and type the address into it, and it uses a secure proxy server on a different port. It currently has school officials stumped on how to block it.
Is there any way to restrict access to HTTPS:// connections? (I don't want to have to set my home connection up as a secure proxy...but I might have to if they block it.)