[H-GEN] Restricting web site access

Peter Arnold arnoldpj at optushome.com.au
Mon Mar 28 05:07:53 EST 2005



David Duffy wrote:
> [ Humbug *General* list - semi-serious discussions about Humbug and     ]
> [ Unix-related topics. Posts from non-subscribed addresses will vanish. ]
> 
> Hi everyone,
> What is the best way to restrict web site access on a "per user"
> basis with Windows XP machines going through a Debian proxy?

What do you mean by "Debian Proxy"? Is it NATing or doues it have a 
caching proxy like squid?

> 
> The browsers used are both IE and Firefox. IE can have settings
> to approve or block certain sites but Firefox doesn't seem to.
> 
> Googling gives the impression that the Debian box is suitable for
> this for of use but I'm not sure of how to start off. Blocking based
> on the domain name may be usable but can this be done per user?

Squid has quit good user/site ACLs that you could apply but that could 
be a lot of work unless you want to just allow/deny access for a few 
people to a few sites.

> 
> Another thing I'm considering is content based internet filtering.
> Does anyone have any pointers on this? Something that's proxy
> based would be good so that it can't be disabled by Win users.
> David...

In another post you mentioned you can't pass on usernames... AFAIK you 
can make this work. Development on SquidGuard has now stopped so you 
might want to look at alternatives. Also the black list leaves a bit to 
be desired and is rather eratic.

The only viable alternative that I know of is www.dansguardian.org. It's 
not totally free but is open source and you can get the blacklists 
free... once....

HTH

-- 
Peter Arnold
+-----------------------------------+-----------------+
| mailto:arnoldpj at optushome.com.au  | To err is human |
| Brisbane, Qld, Australia          | To moo bovine.  |
+-----------------------------------+-----------------+




More information about the General mailing list