When you’ve got lots of young internet users, a filter is the best way to allow access while keeping alot of the questionable content out. Such systems are expensive and difficult to setup and administer.
dansguardian aims to change that. This open source content filter and web proxy is quite effective at filtering questionable content and even ads. It can even be setup to use external anti-virus programs to scan content as its being accessed.
How does a content filter work?
The filter gets in the middle of the conversation between you and the web server.
Your browser asks the proxy/filter server for a website. The proxy server scans the request and the response for questionable content and viruses. If everything is clean, the content is returned to your browser from the proxy. If there is a problem with the content, then it is blocked.
Zero to filter in 10 minutes flat:
Assumptions: You have access to an ubuntu server and said server has access to the internet.
- Open a command prompt and type:
“sudo apt-get install tinyproxy dansguardian“
This will install tinyproxy, a web proxy server and dansguardian – a content filtering system.
Ubuntu will also recommend ‘ClamAv’. Accept the defaults and install.
- Configure dansguardian.
Edit the /etc/dansguardian/dansguardian.conf file
- Place a pound sign in front of the line with the word ‘UNCONFIGURED’
- Remove the pound sign in front of the line that starts with:
contentscanner = ‘/etc/dansguardian/contentscanners/clamav.conf’
This will enable clam av scanning of content.
- Next edit the conf file for tiny proxy located here:
- Around line 15, You should see a line ‘Port=8888‘. Change that to ‘Port=3128‘
- Start it up. You’ll need to start the proxy first, then the filter.
sudo /etc/init.d/tinyproxy start
sudo /etc/init.d/dansguardian start
- Configure you client computers to use the proxy.
In firefox for example, go to Tools->Options->Advanced->Network-Tab
Click on the ‘settings’ button.
Click on the ‘Manual proxy settings’
in the HTTP proxy settings, enter the address of your proxy server. In the port box, enter 8080.
- In your internet router, block access to the internet from all addresses except the proxy server.
- If the firewall on the proxy server is off or allowing direct connections to the proxy server, your filter can be bypassed by connecting to port 3128. Make sure only localhost can connect to this port.
- Anyone with SSH access can subvert your proxy. Using port-forwarding and connecting directly to the proxy on port 3128, your proxy can be bypassed.
- If the firewall on the proxy server is not allowing connections to port 8080, then no one will be able to use your new content filter.
- Dans guardian has a perl gui, but mod perl is disabled on my server. I wrote a quick php script to replace it. You’ll need to modify your dansguardian.conf file to enable it.
- Webmin provides a gui for this system. If your not comfortable editing text files on a linux system, webmin is the way to go. It provides a web gui to make changes to a linux system.
- While it is possible to install this on an ubuntu desktop, its best to do this to a computer/server with limited physical access. This makes bypassing the filter much more difficult.