I am looking at the simplest (implementation-wise) solution to the following problem (on CentOS 6.2):
I have a list of web addresses (like http://www.example.com, https://1.2.3.4/, etc.) that should be "forbidden" to access from a particular host. On access attempt, the browser should be redirected to a local web page (file on the hard disk) with the explanation that those addresses are forbidden. The possible ways of disallowed access include:
* typing www.example.com or http://1.2.3.4/ in the browser * typing www.example.com/anyfolder/somefile.html in the browser * clicking on www.example.com when listed as a link on some other web site (say, Google search results) * nothing else.
The last point above assumes that the users will never try any other method of accessing the site. These user's knowledge about computers in general is known to be elementary, so I don't need protection against geniouses who can figure out some obscure way to circumvent the lockdown (and please don't tell me that this is an irrational assumption, I know it is...).
If possible, all this should be on a "per user" basis, but if implementing it system-wide would be much simpler, I could live with it. :-)
The point is that I need a simple, easy-to-implement, easy-to-configure and easy-to-maintain solution for this particular usecase. What I don't need is some over-engineered solution that covers my usecase along with a whole bunch of stuff I will never need, and takes two months to configure properly. It should also be F/OSS, preferably included in CentOS repos or elsewhere.
Or alternatively I could go along with manually setting up a bogus httpd/dns/iptables configuration which would do all this, but I have a feeling that it would not be the easiest thing to maintain...
I'd appreciate any suggestions. :-)
Best, :-) Marko
On 01/05/2012 12:58 AM, Marko Vojinovic wrote:
I am looking at the simplest (implementation-wise) solution to the following problem (on CentOS 6.2):
I have a list of web addresses (like http://www.example.com, https://1.2.3.4/, etc.) that should be "forbidden" to access from a particular host. On access attempt, the browser should be redirected to a local web page (file on the hard disk) with the explanation that those addresses are forbidden. The possible ways of disallowed access include:
- typing www.example.com or http://1.2.3.4/ in the browser
- typing www.example.com/anyfolder/somefile.html in the browser
- clicking on www.example.com when listed as a link on some other web site
(say, Google search results)
- nothing else.
The last point above assumes that the users will never try any other method of accessing the site. These user's knowledge about computers in general is known to be elementary, so I don't need protection against geniouses who can figure out some obscure way to circumvent the lockdown (and please don't tell me that this is an irrational assumption, I know it is...).
If possible, all this should be on a "per user" basis, but if implementing it system-wide would be much simpler, I could live with it. :-)
The point is that I need a simple, easy-to-implement, easy-to-configure and easy-to-maintain solution for this particular usecase. What I don't need is some over-engineered solution that covers my usecase along with a whole bunch of stuff I will never need, and takes two months to configure properly. It should also be F/OSS, preferably included in CentOS repos or elsewhere.
Or alternatively I could go along with manually setting up a bogus httpd/dns/iptables configuration which would do all this, but I have a feeling that it would not be the easiest thing to maintain...
I'd appreciate any suggestions. :-)
There is squidguard in RepoForge repository. It's a plugin for squid. There is also dansguardian.
If you use separate firewall box, you can use ClearOS, it has dansguardian set up.
On Thursday 05 January 2012 01:39:49 Ljubomir Ljubojevic wrote:
On 01/05/2012 12:58 AM, Marko Vojinovic wrote:
I am looking at the simplest (implementation-wise) solution to the following problem (on CentOS 6.2):
I have a list of web addresses (like http://www.example.com, https://1.2.3.4/, etc.) that should be "forbidden" to access from a particular host. On access attempt, the browser should be redirected to a local web page (file on the hard disk) with the explanation that those addresses are forbidden. The possible ways of disallowed access include:
- typing www.example.com or http://1.2.3.4/ in the browser
- typing www.example.com/anyfolder/somefile.html in the browser
- clicking on www.example.com when listed as a link on some other web
site (say, Google search results)
- nothing else.
The last point above assumes that the users will never try any other method of accessing the site. These user's knowledge about computers in general is known to be elementary, so I don't need protection against geniouses who can figure out some obscure way to circumvent the lockdown (and please don't tell me that this is an irrational assumption, I know it is...).
If possible, all this should be on a "per user" basis, but if implementing it system-wide would be much simpler, I could live with it. :-)
The point is that I need a simple, easy-to-implement, easy-to-configure and easy-to-maintain solution for this particular usecase. What I don't need is some over-engineered solution that covers my usecase along with a whole bunch of stuff I will never need, and takes two months to configure properly. It should also be F/OSS, preferably included in CentOS repos or elsewhere.
Or alternatively I could go along with manually setting up a bogus httpd/dns/iptables configuration which would do all this, but I have a feeling that it would not be the easiest thing to maintain...
I'd appreciate any suggestions. :-)
There is squidguard in RepoForge repository. It's a plugin for squid. There is also dansguardian.
I'll take a look at both of these, thanks! :-)
If you use separate firewall box, you can use ClearOS, it has dansguardian set up.
No, the machine is already installed with CentOS. Furthermore, I am supposed to set up all this remotely (via ssh), since I don't have physical access to the box itself...
Best, :-) Marko
It won't help more than /etc/hosts entries, but I've found using OpenDNS with a free account and a script / client to keep the IP in sync to be very effective. DNS redirects can be applied categorically or with a per domain blacklist. The metrics and charts are interesting too, on a nicely basis or to check on what's slipping through the filters.
--Pete On Jan 5, 2012 7:47 AM, "Marko Vojinovic" vvmarko@gmail.com wrote:
On Thursday 05 January 2012 01:39:49 Ljubomir Ljubojevic wrote:
On 01/05/2012 12:58 AM, Marko Vojinovic wrote:
I am looking at the simplest (implementation-wise) solution to the following problem (on CentOS 6.2):
I have a list of web addresses (like http://www.example.com, https://1.2.3.4/, etc.) that should be "forbidden" to access from a particular host. On access attempt, the browser should be redirected to a local web page (file on the hard disk) with the explanation that those addresses are forbidden. The possible ways of disallowed access include:
- typing www.example.com or http://1.2.3.4/ in the browser
- typing www.example.com/anyfolder/somefile.html in the browser
- clicking on www.example.com when listed as a link on some other web
site (say, Google search results)
- nothing else.
The last point above assumes that the users will never try any other method of accessing the site. These user's knowledge about computers in general is known to be elementary, so I don't need protection against geniouses who can figure out some obscure way to circumvent the lockdown (and please don't tell me that this is an irrational assumption, I know it is...).
If possible, all this should be on a "per user" basis, but if implementing it system-wide would be much simpler, I could live with it. :-)
The point is that I need a simple, easy-to-implement, easy-to-configure and easy-to-maintain solution for this particular usecase. What I don't need is some over-engineered solution that covers my usecase along with a whole bunch of stuff I will never need, and takes two months to configure properly. It should also be F/OSS, preferably included in CentOS repos or elsewhere.
Or alternatively I could go along with manually setting up a bogus httpd/dns/iptables configuration which would do all this, but I have a feeling that it would not be the easiest thing to maintain...
I'd appreciate any suggestions. :-)
There is squidguard in RepoForge repository. It's a plugin for squid. There is also dansguardian.
I'll take a look at both of these, thanks! :-)
If you use separate firewall box, you can use ClearOS, it has dansguardian set up.
No, the machine is already installed with CentOS. Furthermore, I am supposed to set up all this remotely (via ssh), since I don't have physical access to the box itself...
Best, :-) Marko
CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
-
Ljubomir Ljubojevic -
Marko Vojinovic -
Pete Travis