Slashdot Mirror
Filtering Based on TLD?
nelomolen asks: "The school year is upon us, and I'm sure there's more than one school network administrator out there who is facing the same problem I am... web filtering (loud hissing ensues). Most administrators are stuck without a solution, with administration breathing down the back of their neck for a workable one. Put aside for a second that almost everyone hates the idea, we need something to tide us over until these laws are overturned (optimism). Does anyone know of any filtering solutions (client or server-side) that will strictly allow access based on TLD *then* domain name? For the sake of weathering out these laws, the easiest solution is to give unlimited access to .gov, .int, .us, .edu, .mil, etc, and explicit access to the handful of useful .com, .net, and .org domains that are out there. Has this option been explored by anyone? It seems to be a reasonable temporary fix. Is there currently any open-source software that can do this?"
Just a Friday night FUCK YOU to all of the LambdaMOOers.
However in my opinion it would be difficult to pick out those handful of useful .com, .net, and .org domains. Cuz there are many more than just a handful. However you can use the available blacklist database available from squidguard's site to do the blocking.
It's not that hard, actually. Just create a large dialog box and include the IE browser component in there. Anytime someone types in a URL to link to, check it against your filter criteria. If it doesn't match, don't allow it.
Of course, it would be difficult to prohibit hyperlinking from sites on the accepted URLs to banned sites.
I have recently configured such a web-filtering beast at a private middle school that requires web filtering for students. I am VERY happy with the speed of Squid and the configurability of SquidGuard.
FYI, I simply created two lists "adult" and "student", and configured SquidGuard to pass ALL adult user requests on through unchecked, but check for and block 'bad stuff' when a student is making an attempt.
Client is happy, I am happy (and paid). Chalk another one up for censorship!
Kidding aside, this is a middle school and the children's Internet/computer access is monitored by staff/faculty members as well. Squid & SquidGuard are an added assitance. YMMV
Windows is not the answer.
Windows is the question.
The answer is "NO."
It is bad because you can either filter too many or too little. Usually both. .edu domain (I'm a student), and all your security falls. Heck - one of the students could ask a friend in college to build such a site for him.
For example, Google's cache or altavista's babelfish, and many other loopholes alike (there was a link about this in a previous post). If you allow access to these resources - You've allowed access to all. If not, you've shut down a useful service.
Moreover, I can create my own site that can serve as an open proxy and locate it in the
Either you enable Internet access to all sites, or disable it altogether, except for some previously downloaded pages. Otherwise - there is now way to do so.
What you may consider however, is a strict accounting system and monitoring (which may be automated) of access to illegal material. That way, you can surf to pr0n sites, but you'll be called to the principal's office once you do.
Make even shorter URLs - 8LN.org
At my school they gave up on trying to censor us, there was just way to much stuff..
:-).
So, what they have now is a few simple log checkers. Basically it checks the logs for common words that are in porn urls. like "sex", "fuck", "slut", "teen", "porn", "cunt" etc.. It then tallies up the total bandwidth used by EACH USER and forward it to the sysadmin, daily.
They give each kid a porn-limit (yes, its true) - nothing official. But they understand kids will look at porn, theres no stopping them, but if its getting obsessive OR using to much bandwith (~more than 40mb a week): they get the psychologist to talk to them.. easy
(this is the unofficial pollicy, but it seems to work well)
and for the record: no, i dont bother using the net at school, its only a 50K link for several hundred kids.
stuff
Squirm for Squid-cache is a fast & configurable redirector for the Squid Internet Object Cache.
Basically it redirects (possibly to a local apache server, if you want) URL requests that match reg-exp's.
So you could have it redirect to a notice saying "sorry, this website is banned" to anything but the checkin's that you have made available.
its smaller and ligher than Squidguard - but squidguard gets useful when you have MANY MANY MANY regexps to match (like 1000's) since it uses a database.
hope that helps
stuff
Squidguard comes with a blockfile for porn sites. I don't know how comprehensive it is, but it will probably satisfy the law and be restrictive than blocking all .com, .org, and .net domains.
It's hard to be religious when certain people are never incinerated by bolts of lightning.
Speaking as a high school student, which I currently am, in a Florida school, our school district uses Squid software off of Novell something or other to provide internet filtering. Everything is for null, however, due to a very nifty web site that I discovered, that uses a secure proxy to circumvent the filtering and firewalls.
Using this tool, I can go to that web site, and type the address into it, and it uses a secure proxy server on a different port. It currently has school officials stumped on how to block it.
Is there any way to restrict access to HTTPS:// connections? (I don't want to have to set my home connection up as a secure proxy...but I might have to if they block it.)