Open Source Content Filter

When you’ve got lots of young internet users, a filter is the best way to allow access while keeping alot of the questionable content out. Such systems are expensive and difficult to setup and administer.

dansguardian aims to change that. This open source content filter and web proxy is quite effective at filtering questionable content and even ads. It can even be setup to use external anti-virus programs to scan content as its being accessed.

How does a content filter work?

The filter gets in the middle of the conversation between you and the web server.

Web proxy/filter diagram

Web proxy/filter diagram

Your browser asks the proxy/filter server for a website. The proxy server scans the request and the response for questionable content and viruses. If everything is clean, the content is returned to your browser from the proxy. If there is a problem with the content, then it is blocked.

Zero to filter in 10 minutes flat:

Assumptions: You have access to an ubuntu server and said server has access to the internet.

  1. Open a command prompt and type:
    sudo apt-get install tinyproxy dansguardian
    This will install tinyproxy, a web proxy server and dansguardian – a content filtering system.
    Ubuntu will also recommend ‘ClamAv’. Accept the defaults and install.
  2. Configure dansguardian.
    Edit the /etc/dansguardian/dansguardian.conf file
  3. Place a pound sign in front of the line with the word ‘UNCONFIGURED’
  4. Remove the pound sign in front of the line that starts with:
    contentscanner = ‘/etc/dansguardian/contentscanners/clamav.conf’
    This will enable clam av scanning of content.
  5. Next edit the conf file for tiny proxy located here:
    /etc/tinyproxy/tinyproxy.conf
  6. Around line 15, You should see a line ‘Port=8888‘. Change that to ‘Port=3128
  7. Start it up. You’ll need to start the proxy first, then the filter.
    sudo /etc/init.d/tinyproxy start
    sudo /etc/init.d/dansguardian start
  8. Configure you client computers to use the proxy.
    In firefox for example, go to Tools->Options->Advanced->Network-Tab
    Click on the ‘settings’ button.
    Click on the ‘Manual proxy settings’
    in the HTTP proxy settings, enter the address of your proxy server. In the port box, enter 8080.
  9. In your internet router, block access to the internet from all addresses except the proxy server.

Done!

Gotchas:

  • If the firewall on the proxy server is off or allowing direct connections to the proxy server, your filter can be bypassed by connecting to port 3128. Make sure only localhost can connect to this port.
  • Anyone with SSH access can subvert your proxy. Using port-forwarding and connecting directly to the proxy on port 3128, your proxy can be bypassed.
  • If the firewall on the proxy server is not allowing connections to port 8080, then no one will be able to use your new content filter.
  • Dans guardian has a perl gui, but mod perl is disabled on my server. I wrote a quick php script to replace it. You’ll need to modify your dansguardian.conf file to enable it.
  • Webmin provides  a gui for this system. If your not comfortable editing text files on a linux system, webmin is the way to go. It provides a web gui to make changes to a linux system.
  • While it is possible to install this on an ubuntu desktop, its best to do this to a computer/server with limited physical access. This makes bypassing the filter much more difficult.
 

derak

 

5 thoughts on “Open Source Content Filter

  1. Thank you for this info. I am considering my solutions for my network, as I have found Barracuda Networks web filter solution great, however it is quite expensive to maintain. Does anyone have any feedback to the comparison of the two?

  2. I absolutely love your website.. Pleasant colors & theme.
    Did you create this amazing site yourself? Please reply back as I’m trying to create my very own site and would like to know where you got this from or what the theme is named. Thanks!

Leave a Reply

Your email address will not be published. Required fields are marked *