Jump to content

Web filter how to?


Recommended Posts

hey guys,


my 2 y/o's grandma is bringing him a new "pc interactive gaming extraveganza etc" this weekend as a belated xmas gift.


it of course requires a windows pc to run, and an internet connection.


now i know he's only 2 (not even actually about 20 months), but he is VERY smart.


he has already mastered every remote control in the house.


so i have no doubt that web surfing will be pretty simple and fascinating to him after a while.


his pc will be setup next to his moms in her home office so in THEORY there shouldnt be an issue, but we all know how sneaky kids are.


the GOOD news is that, moms mandriva pc sits right next to his and could EASILY be put to use as a web filter.


YEARS ago I used to use FREESCO as my router/firewall and LOVED IT!


but that pretty much requires a dedicated pc,


so i was hoping someone might recommend some software that I could load on her MDV pc and then a "how to" that would allow me to direct it at HIS ip address (I could set his to static inside my network) and have his content filtered.


the more I type the more ideas I get, so please someone stop my insanity and toss me a bone!


any and all input welcome!





[moved from Software by spinynorman]

Link to comment
Share on other sites

Two products you need:





Dansguardian will be configured on port 8080. This is what you'll use for the browser proxy configuration. Danguardian then looks at port 3128 on the same machine which is where squid runs. Squid will then cache all content it downloads. Dansguardian will filter the content before it arrives at the PC in question. The proxy machine will require a static IP address, so that the browser can be configured to have the proxy config directed to the machine providing the filtering.


Of course, if he figures to disable the proxy config in Firefox or whatever browser you're using, then he'll bypass all the filtering. The only way you can get around this is ensuring you have a transparent proxy. However, this then means that the default gateway for the internet connection would have to be the machine running iptables, and then it would pass everything else out to the internet. So might not be so simple. But at least you know just in case.

Link to comment
Share on other sites

Have a look at this on how to setup DG with squid in a transparent proxy setup. Have been using it since end 2004 and works like a charm without being overly resource heavy. If you want I can provide a script to automatically update blocklists from a trusted repository that is frequently updated (4-7 times a week) and uses same structure as DG for its blocklists. Having used it so long I am aware of a few shortcomings of this approach:


* This is for one machine which is used for browsing. It doesn't address how to set up that machine as gateway with proxying & filtering

* The phraselists are sometimes overly restrictive if your language is something else than english (but you do visit websites in languages as dutch, danish etc). It is surprising what innocent words may mean in other languages

* You may want to have different filter rules for different users. DG can do this, but will need to know which user it is filtering for. My best understanding is that this is incompatible with transparent proxying. It is possible with non-transparent setups where users log on to the proxy or where client PCs can identify themselves via and ident server (available for Linux and Windows). I prefer the simplicity of transparent proxying for now.

* DG can also filter ads by using list of ads-sites and URLs and replace this by a 1x1 empty GIF. I have never been able to get this to work so tend to see the block-page I have set instead.

Edited by pindakoe
Link to comment
Share on other sites

Don't use a filter, they're generally simple to bypass, and don't block everything.


Further, the filter should be redundant, if he's 2 years old he should be under CONSTANT supervision anyway -- no excuses. The computer is not a babysitter. (why on earth would you give a 2 year old his own computer anyway)

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


  • Create New...