Slashdot Mirror

← Back to Stories (view on slashdot.org)

Metered HTTP Proxy?

Posted by Cliff on from the internet-traffic-cop-(and-parent) dept.

Jon asks: "My brother-in-law has three teenage daughters. The only thing that he has to hold over their head is being online. I am trying to find him an HTTP proxy server that has metering built in. I started with Squid which has the authentication stuff in it but we would like something where we could allocate minutes, like some of the WiFi stuff you encounter at a hot spot."

28 of 138 comments (clear)

  1. Got the same problem here... by darnok · · Score: 3, Interesting

    My requirements:
    - need to be able to limit each daughter to e.g. 1Gb of traffic. Once they hit that, bzzt, no more Internet access till next month. After that, they can either experience the joys of 28kb/s downloading or grovel at someone's feet to let them browse under another login id
    - each daughter needs to be able to check how much Internet "allowance" she has left
    - need to be able to limit use to a specific period of the day. With holidays coming up, I don't want them to be sitting in their rooms all day chatting... Ideally, I'd be able to block out individual sites (e.g. MSN) while leaving other stuff untouched
    - need to be able to block out the most noxious sites. For some reason, teenage girls can't seem to resist downloading crapware if it calls itself "PicOfGoodCharlotte.exe" or something similar...

    Yep, I'm aware that I could set up something that does most/all of this, but frankly there's not enough hours in the day at present to do so.

    1. Re:Got the same problem here... by Klowner · · Score: 4, Funny

      ..So as punishment, you force them to browse the internet at speeds I can just barely achieve because I live in the middle of fscking nowhere..

      You sir, have made my day.

    2. Re:Got the same problem here... by christopherfinke · · Score: 2, Funny
      teenage girls can't seem to resist downloading crapware if it calls itself "PicOfGoodCharlotte.exe"
      There's no known remedy for bad taste in music...
    3. Re:Got the same problem here... by The+Clockwork+Troll · · Score: 2
      • punctuate
      • parenthetical
      • </i>
      • go fuck yourself
      --

      There are no karma whores, only moderation johns
  2. Occam's Razor by Jah-Wren+Ryel · · Score: 3, Insightful

    My brother-in-law has three teenage daughters. The only thing that he has to hold over their head is being online.

    I don't think so. There are a lot simpler carrots and sticks available, in order of decreasing importance to the average teenage girl:

    1) Telephone privs - no cell phone for you
    2) Grounding - no hanging out at the mall for you
    3) Allowance - no buying the latest MTV-hyped fad product for you
    4) Television privs - no watching MTV-hyped commercials-as-content for you
    5) Driving privs - no freedom to move about for you
    6) Food - no bulemia practice for you

    --
    When information is power, privacy is freedom.
    1. Re:Occam's Razor by captnitro · · Score: 2, Insightful

      Unless, of course, they're nerd children, in which case all of the above examples make the assumption they have friends to talk to, hang out with, purchase identical sweaters with, be popular with by having seen TRL, drive to, or finally, throw up on.

  3. OpenBSD's Authpf by jhealy1024 · · Score: 2, Informative

    Have you considered OpenBSD's Authpf? Here's the description and man page.

    It runs on an OpenBSD firewall (which may be a pain for you; not sure what you've got installed already).

    Anyway, what it does is it prevents packets from flowing UNLESS the user has authenticated to the firewall via an ssh session. From there, the packets are tagged as belonging to the user, and you can deal with a particular user's packets as you wish (prioritize, block, redirect, etc).

    If you could apply standard login controls (amount of time, time of day, etc), then you can effectively limit access to the internet with the same granularity...

  4. Why? by miyako · · Score: 4, Insightful

    I realize that parents don't want their kid on the internet all the time, and like to encourage other acitivities, but why resort to something like this? It seems to me that the better idea would be to actually talk to the kids when it seems like they've been spending too much time online. Arbitrary rules like this only make kids see parents as a rival, and rules like this as something to try to get around, intstead of a reasonable guideline from people with more life experience.

    --
    Famous Last Words: "hmm...wikipedia says it's edible"
    1. Re:Why? by fuzzybunny · · Score: 2, Interesting

      Good point, actually--you don't even need a good blocking system; just dump a couple of manuals in their room, or at least a Linux/FreeBSD installation CD with a post-it note saying "THE MANUALS ARE IN /USR/SHARE/DOC" and let them figure it out from there. Let them do their homework on a stripped-down Winblows box without a network card; I'm sure the PCs at their local library will give them the net access they need for research on school projects.

      You wouldn't literally be forcing them to code something up from binary, but they might actually learn something in the process. As in "You wanted a car. Here's a 1974 Monte Carlo. It's not running. Here's the Time-Life book of the family car and a toolkit, have fun. Oh, and don't forget that you'll need gas & insurance money."

      As for having Internet access as the only means of control over your kids, I don't have any myself but ffs, that makes about as little sense as anything I've ever heard about child psychology.

      --
      Cole's Law: Thinly sliced cabbage
    2. Re:Why? by St.+Arbirix · · Score: 2, Informative

      When I was growing up there were no arbitrary rules and no metering. I basically had 150 hours a month of internet. Did my parents try to get me off? Yes. How hard was it for them to actually get me off it without me seeing them as rivals against my wants, impossible. All the kind pleas we're easily countered with "Yeah, hold on." and "Oh, wait, lemme finish this." They held and it never finished. In the end I'd spend hours on end on the computer, sometimes so much that people couldn't call the house. If only my parents had resorted to something like that. I could have done all my truly useful internetting in metered time. Everything past the first couple hours was waste.

      Quite simply, I'm sick of seeing so much of the temperance s*** going around. I feel all kinds of regret and spite because no one ever forced me to get off of my ass and do something towards my grades or my friends or some sort of hobby. I'm having to learn all of that stuff the hard way now that I'm in college and I see so many other people growing up just like me totally unprepared to stop f***ing around and get things done.

      --
      Direct away from face when opening.
    3. Re:Why? by miyako · · Score: 4, Insightful

      I guess it depends a lot on the kid, there is no one size fits all style of parenting. I have to admit I have no experience with having kids, having quite recently been one myself, however I have the following experience to share:
      My parents divorced when I was very young, and shareed equal custody. They both had very different parenting styles. My father was very strict, trying to micro-manage every aspect of my and my step-siblings lives. We were allowed 20 minutes a day on the computer, not one second left. We were allowed exactly 3 phone calls a night, each one up to 10 minutes in length, not one second over. We were not allowed to talk to anyone on the phone, visit and internet sites, or read any books without his review and approval. The list goes on.
      My mother, on the other hand, took a much more "live and let live" style of parenting. If I wanted to do something, then I did it, and if I made a bad decision then I had to deal with the consequences, she was there to help guide me and to grow up and find my own sence of what was right and wrong, and to learn the difference between good and bad decisions, but she left it up to me in the end. If I wanted to watch some violent or sex filled movie, or play some violent video game, or read some edgy book, then I could- of course she was also there to talk to me about it and provide a context for what I was seeing.
      Of course, when I was with my father I never cared about his rules, other than as something to get around. When I was with my mom on the other hand, I genuinely tried to make decisions that would not dissapoint her. Sure if I were talking on the phone for a minute longer than I was supposed to at my fathers I would be grounded for a month, and I think I could have gotten arrested and my mother wouldn't have done anything other than have a talk with me, but I cared that my mother was dissapointed in me, and that's what made the difference.
      Sure I might have developed a few bad habbits because my mom would let me do what I wanted, but in the end I think that I am much better off for her style of parenting.

      --
      Famous Last Words: "hmm...wikipedia says it's edible"
  5. "The only thing..." by eric.t.f.bat · · Score: 2, Insightful

    Dude - has your brother-in-law considered a non-technological alternative? He could try (drum-roll please) treating his daughters like human beings. Because if he's concentrating his efforts on how to control and punish them, maybe he should leave home and get a dog.

    --
    I have discovered a truly remarkable .sig block which this margin is too small to conta
    1. Re:"The only thing..." by stienman · · Score: 3, Insightful

      He could try (drum-roll please) treating his daughters like human beings.

      I'm glad we have such an expert on how to treat people like human beings.

      So please enlighten us. How is limiting access to the internet to a reasonable amount of time (depending on the PARENT's standards/values/beliefs) not treating them like human beings?

      If your child sat in front of the TV every waking moment they weren't forced to do something else, you would, I hope, limit their access. It's the same situation with computers in many cases. It's interactive, and possible to do many different things with the computer where the TV may be more limited, but if they're on the computer 8 hours a day and you don't consider it a problem then it will become a huge problem for them later in life.

      Guaranteed.

      As far as using the internet as a 'carrot', what about that do you really object to? Do you believe that children always make good choices with no parental influence? Do you believe choices children make don't affect their entire life? I certianly believe in letting them make their own decisions, but I'm going to curb them if they start going down a path I disagree strongly with, and I'll especially block them as much as possible if they start making decisions which will change their lives in a bad way.

      Some decisions, made as children, have major lifelong consequences. It's better, in my opinion (and far easier!), to have lots of little nudges in the right direction constantly than to try to force several huge changes occasionally.

      Personnally I prefer the carrot approach, rather than the stick, in helping my children make good choices.

      Lastly, are you suggesting that animal mistreatment is acceptable? Why would you suggest that instead of parenting classes, if you honestly thought there was a problem?

      -Adam

    2. Re:"The only thing..." by Tanktalus · · Score: 2, Interesting

      I can kind of see your point - you're saying that it is better that a kid has the ability to break the rules without actually being limited to following the rules. That kind of makes sense.

      So the follow up question is ... exactly as the original question, except that rather than limiting, just tallying and reporting?

      Note that part of a parent's job is to socialise their child(ren) as to how the world works. Since it was originally pointed out how some WiFi hotspots already do this, then that's how the world works, and the kids need to learn this. Also, an employer may have net access - but may monitor their employee's net usage. Regardless of whether this crowd agrees with the employer in doing so or not, it's still the way the world works, and you'll need to learn how to work within it or you'll be out of a job. (Much better to leave employment on your own terms when you have a new job than to be fired and be without paycheck for a while...)

  6. KISS by vasqzr · · Score: 5, Funny

    Here's what my parents used for me, back in my BBS days:

    "Get off the computer. Now."

    If you were on the computer when you weren't supposed to, the phone cord from the computer to the wall would dissappear. Eventually they found the phone cord I bought at the hardware store, then the damn wall jack dissappeared.

  7. The only thing that he has to hold over their head by FFFish · · Score: 2, Insightful

    ...is being online.

    Wow. That's quite the predicament. The only thing he can do as reward/punishment is control their net access. The. Only. Thing.

    Makes one yearn for the good old days, when a parent was able to say "no" to borrowing the car, going on a date, purchasing the latest trendy thing, watching television, or assigning extra chores.

    --

    --
    Don't like it? Respond with words, not karma.
  8. He will do much better by acquiring a vertabra by gorim · · Score: 2, Funny

    It can't be bought in stores, it can only be evolved from within, but its the best thing for building character within oneself and one's children.

  9. Suggestion by Geoffreyerffoeg · · Score: 3, Informative

    Enough other posters have said that the principle behind this is a bad idea, so instead of reiterating that, I'm going to comment on the technical method of metering HTTP usage.

    First, if it's just time restrictions, you can probably use your router's features. My router's setup page lets me block access from an IP range to a port range between a time range; I've used this to block a spam daemon on my mom's computer from getting to port 25 [yes, this blocked normal e-mail], or to block myself from wasting time past 7PM.

    Barring that, I'd suggest writing your own server, or getting someone to do so for you. An HTTP server and a client are not hard to write; I wrote them in about a week of classtime each (got bored in my programming class). Or you can simply put a Perl script together that uses standard modules. Once you have a client and a server, it's a simple matter to tie them together, totaling the number of bytes transferred into a variable/disk file.

    On a completely unrelated and stupid-sounding idea: does Apache stop serving when it can't write to log files? If so, just make it log proxy requests to a floppy disk.

  10. Why metering? by Ropati · · Score: 2, Insightful

    I too, use access to the internet as a carrot (or stick) over my kids head. It works well. They want to be on line 14 hrs a day, which I feel is unreasonable.

    However, metering them x hours per day of usage or x GBs of IO doesn't seem practical. It could lead to many arguments and hair splitting about how much they were really on.

    I mean, how do you measure it? Do I measure the time a socket is connected? If they open the NYtimes and walk away from their desk, they will eat up their meter. Do I measure bandwidth usage. Say they download 2 movies one day, poof metering over. All this would lead to mush complaining and gnashing of teeth. It would also lead to them using the internet when I don't want them to.

    Instead, I set my router to disconnect them by script during the hours I don't want them on the internet.

    My kids loose the internet 1 hour before bed, and during weekend days. During the summer, I limit them to different hours.

    If they give me grief, I take an hour off at night . Surprisingly, even an hour is plenty of stick to get my kids to behave.

    If you don't have a router, make a cheap one out of an old PC with Linux. Easy to setup and script. (I'm actually using W2K Ad. Server as a router and scripting their access using netsh.)

    I have no qualms about using the internet to keep my kids in line, and I sleep better at night knowing they can't get up and start surfing instead of getting a good nights sleep.

    --
    machinator omnis sine licentia
  11. What if they are not just wasting time? by priceb · · Score: 2, Insightful

    What if they are not just waisting time using IM, Chat, etc.? What if they are working on a project. When I was in high school I had many projects that required me to pull late nites on the computer using the internet for research. It is not fair to set a static limit for internet access. Just be a parent. How hard is it to say turn off the computer? If that is too hard just unplug it. Just because they don't have internet access doesn't mean they are going to abandon the computer, games are a great distraction.

  12. perhaps not perfect by kayen_telva · · Score: 2, Informative

    http://www.softforyou.com/ip-index.html
    http://www.akrontech.com/

  13. Re:OpenBSD's Authpf or an equivalent by jazman_777 · · Score: 2, Informative
    And on and on.

    So if OpenBSD is a firewall box, you control the incoming packets on the internal NIC--redirect all incoming port 80 to 3128: squid as transparent proxy. http://www.benzedrine.cx/transquid.html

    --
    Slashdot: Failed Car Analogies. Amateur Lawyering. Anecdote Battles.
  14. in that case... by 1eyedhive · · Score: 2, Insightful

    Static time restrictions make sense. If they REALLY need access after hours for a school project: Demand documentation: i.e. a project outline from a teacher (including a due date, so extended hours will cease on that date, if they go overtime, tough). If sufficient documentation isn't available, tell them "tough luck, better off researching rather than IM'ing"

    --
    Logistical Chaos Officer http://www.slagg.org - LAN Gaming in Sarasota FL,USA
  15. who's fault is that? by Suppafly · · Score: 2, Insightful

    The only thing that he has to hold over their head is being online.

  16. How about plain old fashioned parenting? by Pig+Hogger · · Score: 2, Insightful

    That is, parenting where you actually CHECK what the kids do, and keep track within your head how long they've been sitting on their boxen???

  17. Teenagers aren't dumb. by sho-gun · · Score: 2, Funny

    They know how to take my router off the network and reboot the cable modem to clear its MAC limit if they ever needed to bypass any protection I've set up on the router.

    Dont put anything past teenagers. They're alot
    smarter than most people give them credit for.
    My oldest will have CCNA before he graduates HS.

  18. Same need here, too... by nick_danger · · Score: 2, Insightful
    Except it isn't teenage girls. It's my father in law.

    I work from home semi-regularly, and my broadband connection is my lifeblood at those times. For a variety of reasons, the in-laws visit fairly regularly. My father-in-law doesn't travel anywhere without his laptop, and since he's without broadband where he lives, he takes every opportunity to suck my connection dry by downloading every latest Linux ISO image he can find -- which really blows when I'm trying to get serious work done. I'd really love to be able to throttle his bandwidth down to sub dial-up speeds during my normal working hours.

    (Ok, before everyone starts pinging me for not to him about it: I DID. HE DIDN'T GET IT.)

    1. Re:Same need here, too... by TheLink · · Score: 2, Informative

      1) transparent HTTP proxying. e.g. Use squid as the web proxy and delay pools. squid -k reconfigure reconfigures squid.

      2) Use bandwidth control on your firewall (My internet gateway runs FreeBSD, IPFW, pipe and queue, and I give small outbound packets priority over outbound large ones, AND limit the outbound large packets to a certain bandwidth so that externals downloading stuff from my machine don't affect MY downloads and other network stuff much - this is because many of the important outbound packets related to my Internet experience are small - e.g. DNS, TCP-ACKs, TCP-SYNs, quake UDP packets ;). Of course this does clamp stuff a bit when sending mail or uploading files, I could tweak the rules a bit, but so far nobody's seems to mind (including me ;) ).

      For incoming traffic, I give my computer 4 x the weighting compared to other PCs ;). That said, since my ISP's router decides what to stuff down my internet connection to my firewall and my firewall only gets to decide what to pass to the rest, I can only control TCP traffic somewhat - by dropping packets inbound TCP connections will tend to use less bandwidth. This isn't as effective for high latency connections. Other connectionless traffic like typical UDP/ICMP packets will fill my pipe at whatever rate the ISP's router decides to send them.

      I also have transparent web proxying active on the gateway as per 1) - the caching helps when updating windows on the various machines at home. To do that I configure squid to cache files that are up to a few hundred MB in size. The LFUDA caching policy might be helpful.

      In your father in-laws case you probably would have to clamp his bandwidth to say half or quarter of your total download bandwidth. It'll still affect the interactivity and other latency dependent stuff like online games (since you don't have control over the ISP's router), but his TCP downloads should end up about whatever you set. If he's using something like UDP for downloading then I'm not sure what you can do about it - it does depend on whether the app has something "TCP like" at higher layers - e.g. doesn't keep blasting at max rate if there's no acknowledgement - not sure if all P2P apps are well behaved if using UDP.

      --