Web filter how to?

[mindwave]

hey guys,

 

my 2 y/o's grandma is bringing him a new "pc interactive gaming extraveganza etc" this weekend as a belated xmas gift.

 

it of course requires a windows pc to run, and an internet connection.

 

now i know he's only 2 (not even actually about 20 months), but he is VERY smart.

 

he has already mastered every remote control in the house.

 

so i have no doubt that web surfing will be pretty simple and fascinating to him after a while.

 

his pc will be setup next to his moms in her home office so in THEORY there shouldnt be an issue, but we all know how sneaky kids are.

 

the GOOD news is that, moms mandriva pc sits right next to his and could EASILY be put to use as a web filter.

 

YEARS ago I used to use FREESCO as my router/firewall and LOVED IT!

 

but that pretty much requires a dedicated pc,

 

so i was hoping someone might recommend some software that I could load on her MDV pc and then a "how to" that would allow me to direct it at HIS ip address (I could set his to static inside my network) and have his content filtered.

 

the more I type the more ideas I get, so please someone stop my insanity and toss me a bone!

 

any and all input welcome!

 

j

 

 

[moved from Software by spinynorman]

[ianw1974]

Two products you need:

 

dansguardian

squid

 

Dansguardian will be configured on port 8080. This is what you'll use for the browser proxy configuration. Danguardian then looks at port 3128 on the same machine which is where squid runs. Squid will then cache all content it downloads. Dansguardian will filter the content before it arrives at the PC in question. The proxy machine will require a static IP address, so that the browser can be configured to have the proxy config directed to the machine providing the filtering.

 

Of course, if he figures to disable the proxy config in Firefox or whatever browser you're using, then he'll bypass all the filtering. The only way you can get around this is ensuring you have a transparent proxy. However, this then means that the default gateway for the internet connection would have to be the machine running iptables, and then it would pass everything else out to the internet. So might not be so simple. But at least you know just in case.

[mindwave]

Excellent jump off point thanks

 

BTW by the time he figures out how to get around this I hope to have a hardware solution installed (and locked in my closet)

 

thanks

 

j

[pindakoe]

Have a look at this on how to setup DG with squid in a transparent proxy setup. Have been using it since end 2004 and works like a charm without being overly resource heavy. If you want I can provide a script to automatically update blocklists from a trusted repository that is frequently updated (4-7 times a week) and uses same structure as DG for its blocklists. Having used it so long I am aware of a few shortcomings of this approach:

 

* This is for one machine which is used for browsing. It doesn't address how to set up that machine as gateway with proxying & filtering

* The phraselists are sometimes overly restrictive if your language is something else than english (but you do visit websites in languages as dutch, danish etc). It is surprising what innocent words may mean in other languages

* You may want to have different filter rules for different users. DG can do this, but will need to know which user it is filtering for. My best understanding is that this is incompatible with transparent proxying. It is possible with non-transparent setups where users log on to the proxy or where client PCs can identify themselves via and ident server (available for Linux and Windows). I prefer the simplicity of transparent proxying for now.

* DG can also filter ads by using list of ads-sites and URLs and replace this by a 1x1 empty GIF. I have never been able to get this to work so tend to see the block-page I have set instead.

Edited January 4, 2008 by pindakoe

[mindwave]

EXCELLENT

 

great information, thanks!

 

j

[arctic]

In the future, things might even be easier. AFAIK, Mandriva plans- by popular demand - to ship 2008.1 with a web-filter application in order to protect children from visiting nasty sites. See also http://qa.mandriva.com/show_bug.cgi?id=17250

[iphitus]

Don't use a filter, they're generally simple to bypass, and don't block everything.

 

Further, the filter should be redundant, if he's 2 years old he should be under CONSTANT supervision anyway -- no excuses. The computer is not a babysitter. (why on earth would you give a 2 year old his own computer anyway)

[aioshin]

Does the kid really have to connect to then internet? If this PC is meant for the kid, then just put some kiddie software on it and disable internet access. Just a suggestion though. :D