Open Source URL Filtering Software? 8
hated asks: "I work for the government, and because of our stringent policy on not allowing 'personal' use from work computers we have been given a requirement from management to restrict certain types of Web pages...mainly porn. Now I am opposed to censor-ware as the next guy, but I don't make policy, just figure out how to implement it. I would really rather not use commercial URL filtering because of the price and because of the secretive blocked lists. Is there any sort of module that would work with squid? I am looking for a proxy based tools as opposed to host based...obviously far easier to implement. I hope /. readers can provide some insight."
Squid (Score:1)
Squid, SquidGuard, SquidBlock, Squirm... (Score:2)
Perhaps the ideal choice if site blocking is your primary concern is Squid Guard with the freely available block list available from the Squid Guard site.
http://www.squidguard.org [squidguard.org]
Squid Guard is a redirector that works with Squid to provide a wide array of blocking and access control features. Pretty much anything you can envision doing (short of filtering the actual content) can be done with Squid and Squid Guard.
You provide it with a list of regular expressions or distinct URL's and it will block them according to rules you provide (i.e. executives have unlimited access, employess have no porn or games access, janitors only have acces to intranet sites, etc.).
Squid alone can provide URL based blocking and it works quite well. It's the method we recommend for most of our clients who need blocking simply because it's so easy. It's already built in, and you can download a pretty good blocklist called SquidBlock from here:
http://www.hklc.com/squidblock/ [hklc.com]
It's a little rough and the list requires a little hand tuning to make it really effective, but generally just plugs right in using the directions provided on the site.
Another option is Squirm, which is another redirector. I don't have any direct experience with it, but I assume it works pretty similar to Squid Guard above.
http://www.senet.com.au/squirm/ [senet.com.au]
Any one of these should do the job. If it's the most important part of your proxies job, go the extra mile and install Squid Guard and hand tune the black list (or better still create a second user defined list, so you can install new downloaded blacklists periodically). It will do the job admirably.
If it's just a matter of being able to say to management, "Yes, we've got porn blocking in place...it works pretty well, and we're logging all accesses anyway...blah, blah, blah" you could use Squid alone with the SquidBlock list and keep an eye on your logs. This requires you to inform your users they may be watched though. But generally, we've found that a policy that clearly states the permissable uses (and the promise of log analysis) works better in most environments than blocking. Block lists just can't keep up with the number of porn sites. And it tends to keep the internet use more strictly focused on work rather than seeing what sites can be found that aren't yet blocked.
I guess I should point out that even if you use the better method (Squid Guard) and find it satisfactory, you will still need to monitor logs (although you can do so without caring about who is accessing what) to find any new sites that are being accessed that aren't yet blocked. Babysitting internet access is a pretty big job. You should do what you can to prevent users from even trying to circumvent the blocking to minimize you own labor.
Hope this helps. I'm available for questioning on this stuff (it's my job, so I know my way around Squid pretty good).
Re:Squid, SquidGuard, SquidBlock, Squirm... (Score:1)
Re:Squid, SquidGuard, SquidBlock, Squirm... (Score:2)
We always tell our clients to inform their users of just what kind of log monitoring they will be doing. Most network managers I've spoken to opt to not translate the IP addresses listed in access logs or even pay any attention to them, thus allowing action to be taken without pointing fingers or violating privacy. They just scan the logs for a few minutes each day to see if any obvious porno sites are being visited. If so, they block them and move on. This is what we recommend to folks if log analysis must be done for content control purposes. It saves you from worrying about legal concerns, and allows you to look your co-workers in the face without laughing at the thought of them staring slackjawed at Big Beautiful Hirsute Women.
There is really no good reason to go snooping on an individuals browsing habits, IMHO. If you don't feel they are doing their job, fire them. Don't worry about trying to babysit them into doing the job you hired them for.
Nonetheless, focusing on blocking alone can be a win if a business does find that non-network-literate users show a penchant for seeking out all that the net has to offer, even when there is a policy in place against it. I suppose this is common in low-wage, mostly manual labor businesses where job security doesn't mean so much.
Junkbuster (Score:2)
--
Re:Squid, SquidGuard, SquidBlock, Squirm... (Score:1)
Re:Squid, SquidGuard, SquidBlock, Squirm... (Score:1)
I onced worked for a nosy private company, and it sucked. I don't like being watched. It's distracting, and it's more than a little demoralizing. But you gotta do what the boss says (or hit the road, I guess), so good luck to the original poster.
Re:Squid, SquidGuard, SquidBlock, Squirm... (Score:1)