On 01/05/2012 12:58 AM, Marko Vojinovic wrote: > > I am looking at the simplest (implementation-wise) solution to the following > problem (on CentOS 6.2): > > I have a list of web addresses (like http://www.example.com, https://1.2.3.4/, > etc.) that should be "forbidden" to access from a particular host. On access > attempt, the browser should be redirected to a local web page (file on the hard > disk) with the explanation that those addresses are forbidden. The possible > ways of disallowed access include: > > * typing www.example.com or http://1.2.3.4/ in the browser > * typing www.example.com/anyfolder/somefile.html in the browser > * clicking on www.example.com when listed as a link on some other web site > (say, Google search results) > * nothing else. > > The last point above assumes that the users will never try any other method of > accessing the site. These user's knowledge about computers in general is known > to be elementary, so I don't need protection against geniouses who can figure > out some obscure way to circumvent the lockdown (and please don't tell me that > this is an irrational assumption, I know it is...). > > If possible, all this should be on a "per user" basis, but if implementing it > system-wide would be much simpler, I could live with it. :-) > > The point is that I need a simple, easy-to-implement, easy-to-configure and > easy-to-maintain solution for this particular usecase. What I don't need is > some over-engineered solution that covers my usecase along with a whole bunch > of stuff I will never need, and takes two months to configure properly. It > should also be F/OSS, preferably included in CentOS repos or elsewhere. > > Or alternatively I could go along with manually setting up a bogus > httpd/dns/iptables configuration which would do all this, but I have a feeling > that it would not be the easiest thing to maintain... > > I'd appreciate any suggestions. :-) There is squidguard in RepoForge repository. It's a plugin for squid. There is also dansguardian. If you use separate firewall box, you can use ClearOS, it has dansguardian set up. -- Ljubomir Ljubojevic (Love is in the Air) PL Computers Serbia, Europe Google is the Mother, Google is the Father, and traceroute is your trusty Spiderman... StarOS, Mikrotik and CentOS/RHEL/Linux consultant