Ask Slashdot: Best Way To Block Web Content? 282
First time accepted submitter willoughby writes "Many routers today have the capability to block web content. And you all know about browser addons like noscript & adblock. But where is the 'proper' place for such content blocking? Is it best to have the router only route packets & do the content blocking on each machine? If using the content blocking feature in the router, will performance degrade if the list of blocked content grows large? Where is the best place to filter/block web content?"
At the proxy. (Score:5, Informative)
Re:Upstream (Score:5, Informative)
Filtered DNS does this already if you choose to use it.
http://www.opendns.com/ [opendns.com]
http://www.scrubit.com/ [scrubit.com]
Re:What about SSL? (Score:5, Informative)
How would you like to filter out SSL traffic on a intermediate device? Do you have access to fake CA certificates recognized by the majority of web browsers?
No problem if you use active directory group policies and a squid proxy with ssl-bump and dynamic generated certificates.
Simply use a group policy to push the proxies cert out to the workstations as a trusted root certificate. Problem solved.
Now you can filter out naughty HTTPS sites. Also anyone with root access to the squid proxy can extract all kinds of interesting info from the users HTTPS sessions and manipulate them in interesting ways. And the only way the users would know is by manually checking the certificate. "Whats this Google certificate doing being signed by '*'?"
When you do this using Microsoft TMG theres a big red warning "You may want to check the legal implications of what you are about to do".
Re:Nice Try China! (Score:5, Informative)
This is one of the things the internet was built upon.
This is patently false. The internet, and before it the countless BBS services, was built on freedom and idealism. A server operator would pay out of pocket for their hobby and users would either access it for free, pay membership fees, or pay 900-number dial-in fees. The early internet had no ads because it was a hobbyist driven system. Not until the mid 90's did the internet monetize.
Re:Best way to filter web content: (Score:5, Informative)
The CLOUD!
No but real. SMB, use EasyDNS.
Big shop? Z-Scaler and similar.
Actually, EasyDNS is better. It blocks specific bloggers and tumblrs, that many "Enterprise" solutions give a pass.
But for EasyDNS, you HAVE to be able to control the resolv.conf of your clients, or it is bypassed.
Re:Nice Try China! (Score:2, Informative)
Lol! Silly romantic. You think the Internet infrastructure was paid for by dial-up users?
Most of it, including the high-speed backbones, was paid for by universities, the military, and telecoms. But it's cute that you think it was "hobbyists."
Re:Nice Try China! (Score:4, Informative)
Adblock used to have an option to do just that. It disappeared many versions ago.
Pity, because it was a good idea if you really wanted to stick it to the advertisers. You'd lose the bandwidth savings as the ad content would still download, but if you're unmetered and sporting a vendetta against marketroids it was a great option to use.