Slashdot Mirror

← Back to Stories (view on slashdot.org)

Filtering Based on TLD?

Posted by Cliff on from the searching-for-a-better-option dept.

nelomolen asks: "The school year is upon us, and I'm sure there's more than one school network administrator out there who is facing the same problem I am... web filtering (loud hissing ensues). Most administrators are stuck without a solution, with administration breathing down the back of their neck for a workable one. Put aside for a second that almost everyone hates the idea, we need something to tide us over until these laws are overturned (optimism). Does anyone know of any filtering solutions (client or server-side) that will strictly allow access based on TLD *then* domain name? For the sake of weathering out these laws, the easiest solution is to give unlimited access to .gov, .int, .us, .edu, .mil, etc, and explicit access to the handful of useful .com, .net, and .org domains that are out there. Has this option been explored by anyone? It seems to be a reasonable temporary fix. Is there currently any open-source software that can do this?"

3 of 14 comments (clear)

  1. SquidGuard by matrix0040 · · Score: 2, Informative
    I think you can use Squidguard for this purpose. I'm not sure but they've wildcard support so you can configure the filter based on that.

    However in my opinion it would be difficult to pick out those handful of useful .com, .net, and .org domains. Cuz there are many more than just a handful. However you can use the available blacklist database available from squidguard's site to do the blocking.

  2. Squid with SquidGuard is the bomb by waa · · Score: 3, Informative
    As previously stated, SquidGuard on top of Squid Cache is a probable good solution. SquidGuard is HIGHLY configurable for rule-sets, and Squid is a fantastic web-caching proxy server.

    I have recently configured such a web-filtering beast at a private middle school that requires web filtering for students. I am VERY happy with the speed of Squid and the configurability of SquidGuard.

    FYI, I simply created two lists "adult" and "student", and configured SquidGuard to pass ALL adult user requests on through unchecked, but check for and block 'bad stuff' when a student is making an attempt.

    Client is happy, I am happy (and paid). Chalk another one up for censorship!

    Kidding aside, this is a middle school and the children's Internet/computer access is monitored by staff/faculty members as well. Squid & SquidGuard are an added assitance. YMMV

    --
    Windows is not the answer.
    Windows is the question.
    The answer is "NO."
  3. Filtering is bad by epsalon · · Score: 2, Insightful

    It is bad because you can either filter too many or too little. Usually both.
    For example, Google's cache or altavista's babelfish, and many other loopholes alike (there was a link about this in a previous post). If you allow access to these resources - You've allowed access to all. If not, you've shut down a useful service.
    Moreover, I can create my own site that can serve as an open proxy and locate it in the .edu domain (I'm a student), and all your security falls. Heck - one of the students could ask a friend in college to build such a site for him.
    Either you enable Internet access to all sites, or disable it altogether, except for some previously downloaded pages. Otherwise - there is now way to do so.
    What you may consider however, is a strict accounting system and monitoring (which may be automated) of access to illegal material. That way, you can surf to pr0n sites, but you'll be called to the principal's office once you do.

    --

    Make even shorter URLs - 8LN.org