[plug] Porn blocker

Travis Read travisr at rave.iinet.net.au
Mon Sep 10 07:24:40 WST 2001 

Hey,

I wouldn't use any 3rd party software:

in your squid.conf file insert:

acl localnets dstdomain myschool.wa.edu.au
acl all src 0.0.0.0/0.0.0.0
never_direct deny localnets
never_direct allow all
cache_peer hymn.iinet.net.au parent 8000 7 no-query weight=100
cache_peer proxy.m.iinet.net.au parent 80 7 no-query weight=1 proxy-only

This will force all web traffic to go via the parent proxy servers. With
the above lines, all traffic will go via hymn.iinet.net.au and get
filtered by webtrack. In the event that the webtrack server doesn't
respond it'll then try proxy.m.iinet.net.au. proxy.m.iinet.net.au is set
to proxy-only so it wont cache anything. By doing this you can really
reduce the amount of porn students are able to access whilst still having 
a level of redundancy incase webtrack dies.

The other lines you may be interested in are:

acl denied_url url_regex "/usr/local/squid/etc/denied_url"
acl allowed_url url_regex "/usr/local/squid/etc/allowed_url"
http_access allow allowed_url
http_access deny denied_url

stick a list of URL's that you want rejected into
/usr/local/squid/etc/denied_url and a list of URL's you *never* want to
rejected into /usr/local/squid/etc/allowed_url, by doing this you can
filter out things that webtrack doesn't. i.e. hotmail

I'm not sure how much you want to filter but I also use these lines:
acl filter urlpath_regex \.zip$
acl filter urlpath_regex \.mpeg$
acl filter urlpath_regex \.exe$
acl filter urlpath_regex \.mpg$
acl filter urlpath_regex \.mp3$
acl filter urlpath_regex \.avi$
acl filter urlpath_regex \.mov$
acl filter urlpath_regex \.ram$
acl filter urlpath_regex \.rm$
acl filter urlpath_regex \.asx$
http_access deny filter

To block the downloading of any file ending in the above extention.

Trav

On Sun, 9 Sep 2001, Andrew Francis wrote:

> On Sun, 9 Sep 2001, Jason Jordan wrote:
> 
> > On Sun, 9 Sep 2001 12:04:43 +0800 (WST), Jonathon Bates wrote:
> > Instead of wasting time trying to decided if "breast" was in the context of "breast 
> > cancer".  Or whether "www.thisisscunthorpe.co.uk" should be allowed, I coded 
> > some perl script that simply grepped through the daily logs for inappropriate key
> > words and let a real person make the call.  I created a list of sites that could
> > be excluded from the pattern match... such as www.virginairlines.com.au and
> > *.gov.au and so on.
> 
> Not excluding things can help remind people what's going on :)
> 
> For instance, at one place I worked, if someone visited
> www.<containsvulgarword>.com, they'd receive an email from the support
> email address along these lines:
> 
>   Hi <real name>
> 
>   On <date/time>, you visited <site>. The content or name of the site 
>   triggered our automatic filters, so this has been logged for futher
>   investigation as per our policy at <http://whatever...>.
> 
>   Please note that the filter only makes broad judgments and refers 
>   websites to staff for further investigation. If the site is appropriate
>   under the Acceptable Use Policy, then no further action will be taken.
> 
>   This is an automated message.
> 
> 
> 
> By the way, if the school's on an iinet Voyager they're probably worried
> about traffic - so the first site I'd block would be www.hotmail.com.
> 
> 

-- 
Kind regards,

Travis Read

iiNet Senior Support            | Ph +61 8 9214 2222 Fx +61 8 9214 2211
travisr at corporate.iinet.net.au  | 250 St Georges Terrace, Perth WA 6000

" there is a war going on, it's not about who has the most bullets,
         it's about who controls the information " - SNEAKERS

More information about the plug mailing list