Open Source URL Filtering Software?

← Back to Stories (view on slashdot.org)

Open Source URL Filtering Software?

Posted by Cliff on Saturday May 13, 2000 @08:02AM from the when-you-absolutely-posivitely-have-to-block-sites dept.

hated asks: "I work for the government, and because of our stringent policy on not allowing 'personal' use from work computers we have been given a requirement from management to restrict certain types of Web pages...mainly porn. Now I am opposed to censor-ware as the next guy, but I don't make policy, just figure out how to implement it. I would really rather not use commercial URL filtering because of the price and because of the secretive blocked lists. Is there any sort of module that would work with squid? I am looking for a proxy based tools as opposed to host based...obviously far easier to implement. I hope /. readers can provide some insight."

8 comments

Min score:

Reason:

Sort:

Squid by penguinboy · 2000-05-13 10:17 · Score: 1

Check it out. It may be what you need.
Squid, SquidGuard, SquidBlock, Squirm... by SwellJoe · 2000-05-13 11:25 · Score: 2

There are numerous options!
Perhaps the ideal choice if site blocking is your primary concern is Squid Guard with the freely available block list available from the Squid Guard site.
http://www.squidguard.org
Squid Guard is a redirector that works with Squid to provide a wide array of blocking and access control features. Pretty much anything you can envision doing (short of filtering the actual content) can be done with Squid and Squid Guard.
You provide it with a list of regular expressions or distinct URL's and it will block them according to rules you provide (i.e. executives have unlimited access, employess have no porn or games access, janitors only have acces to intranet sites, etc.).
Squid alone can provide URL based blocking and it works quite well. It's the method we recommend for most of our clients who need blocking simply because it's so easy. It's already built in, and you can download a pretty good blocklist called SquidBlock from here:
http://www.hklc.com/squidblock/
It's a little rough and the list requires a little hand tuning to make it really effective, but generally just plugs right in using the directions provided on the site.
Another option is Squirm, which is another redirector. I don't have any direct experience with it, but I assume it works pretty similar to Squid Guard above.
http://www.senet.com.au/squirm/
Any one of these should do the job. If it's the most important part of your proxies job, go the extra mile and install Squid Guard and hand tune the black list (or better still create a second user defined list, so you can install new downloaded blacklists periodically). It will do the job admirably.
If it's just a matter of being able to say to management, "Yes, we've got porn blocking in place...it works pretty well, and we're logging all accesses anyway...blah, blah, blah" you could use Squid alone with the SquidBlock list and keep an eye on your logs. This requires you to inform your users they may be watched though. But generally, we've found that a policy that clearly states the permissable uses (and the promise of log analysis) works better in most environments than blocking. Block lists just can't keep up with the number of porn sites. And it tends to keep the internet use more strictly focused on work rather than seeing what sites can be found that aren't yet blocked.
I guess I should point out that even if you use the better method (Squid Guard) and find it satisfactory, you will still need to monitor logs (although you can do so without caring about who is accessing what) to find any new sites that are being accessed that aren't yet blocked. Babysitting internet access is a pretty big job. You should do what you can to prevent users from even trying to circumvent the blocking to minimize you own labor.
Hope this helps. I'm available for questioning on this stuff (it's my job, so I know my way around Squid pretty good).
1. Re:Squid, SquidGuard, SquidBlock, Squirm... by extra88 · 2000-05-13 14:07 · Score: 1
  
  This requires you to inform your users they may be watched though.
  Unfortunately, employers do not have to inform their employees that they may be monitored. It is the right thing to do tho' and makes for less trouble.
2. Re:Squid, SquidGuard, SquidBlock, Squirm... by SwellJoe · 2000-05-13 15:54 · Score: 2
  
  The law isn't entirely clear on whether you must or must not inform users, and it is different depending on the state you're in. Some states do hold that businesses own their networks absolutely and can do anything they want with the data passing through, but many states maintain a right to privacy. But most have not had any sort of case to test this, nor do they have laws that enumerate the rights of businesses and employees.
  We always tell our clients to inform their users of just what kind of log monitoring they will be doing. Most network managers I've spoken to opt to not translate the IP addresses listed in access logs or even pay any attention to them, thus allowing action to be taken without pointing fingers or violating privacy. They just scan the logs for a few minutes each day to see if any obvious porno sites are being visited. If so, they block them and move on. This is what we recommend to folks if log analysis must be done for content control purposes. It saves you from worrying about legal concerns, and allows you to look your co-workers in the face without laughing at the thought of them staring slackjawed at Big Beautiful Hirsute Women.
  There is really no good reason to go snooping on an individuals browsing habits, IMHO. If you don't feel they are doing their job, fire them. Don't worry about trying to babysit them into doing the job you hired them for.
  Nonetheless, focusing on blocking alone can be a win if a business does find that non-network-literate users show a penchant for seeking out all that the net has to offer, even when there is a policy in place against it. I suppose this is common in low-wage, mostly manual labor businesses where job security doesn't mean so much.
3. Re:Squid, SquidGuard, SquidBlock, Squirm... by hated · 2000-05-14 00:21 · Score: 1
  
  heh...i actually found squidguard yesterday just before this post went up. i intend on taking it to management tomorrow, fortunately unlike some other government agencies we embrace open source and stay as far away as possible to closed source solutions. -- hated
4. Re:Squid, SquidGuard, SquidBlock, Squirm... by Paranoid+Diatribe · 2000-05-15 04:50 · Score: 1
  
  I was under the impression that all government employees (the original post said he worked for the government) had more rights to privacy than those in the private sector. Check with a lawyer if you're gonna hand-monitor people.
  I onced worked for a nosy private company, and it sucked. I don't like being watched. It's distracting, and it's more than a little demoralizing. But you gotta do what the boss says (or hit the road, I guess), so good luck to the original poster.
5. Re:Squid, SquidGuard, SquidBlock, Squirm... by FredThompson · 2000-05-17 13:38 · Score: 1
  
  Where did you ever come up with that idea?!?!?! The legal system of the US holds that under many circumstances it is completely impossible to hold the federal government accountabile the way a private entity could be so held. Federal employees have far fewer so-called "rights" or legal protections than those in the private sector. There is no right to privacy on federal property outside of things like monitoring in bathrooms and the like. Any use of federal resources, by default, is completely open to full monitoring. The law stipulates that any use of federal resources for private gain is illegal. (Why do you think the VP is in trouble for making political fund-raising calls on a government phone?)
Junkbuster by SIGBUS · 2000-05-13 20:50 · Score: 2

Although they don't recommend using it for such purposes, Junkbuster can also be used for blocking.

--

--
Oh, no! You have walked into the slavering fangs of a lurking grue!