On Thursday 05 January 2012 01:39:49 Ljubomir Ljubojevic wrote: > On 01/05/2012 12:58 AM, Marko Vojinovic wrote: > > I am looking at the simplest (implementation-wise) solution to the > > following problem (on CentOS 6.2): > > > > I have a list of web addresses (like http://www.example.com, > > https://1.2.3.4/, etc.) that should be "forbidden" to access from a > > particular host. On access attempt, the browser should be redirected to > > a local web page (file on the hard disk) with the explanation that > > those addresses are forbidden. The possible ways of disallowed access > > include: > > > > * typing www.example.com or http://1.2.3.4/ in the browser > > * typing www.example.com/anyfolder/somefile.html in the browser > > * clicking on www.example.com when listed as a link on some other web > > site (say, Google search results) > > * nothing else. > > > > The last point above assumes that the users will never try any other > > method of accessing the site. These user's knowledge about computers in > > general is known to be elementary, so I don't need protection against > > geniouses who can figure out some obscure way to circumvent the > > lockdown (and please don't tell me that this is an irrational > > assumption, I know it is...). > > > > If possible, all this should be on a "per user" basis, but if > > implementing it system-wide would be much simpler, I could live with > > it. :-) > > > > The point is that I need a simple, easy-to-implement, easy-to-configure > > and easy-to-maintain solution for this particular usecase. What I don't > > need is some over-engineered solution that covers my usecase along with > > a whole bunch of stuff I will never need, and takes two months to > > configure properly. It should also be F/OSS, preferably included in > > CentOS repos or elsewhere. > > > > Or alternatively I could go along with manually setting up a bogus > > httpd/dns/iptables configuration which would do all this, but I have a > > feeling that it would not be the easiest thing to maintain... > > > > I'd appreciate any suggestions. :-) > > There is squidguard in RepoForge repository. It's a plugin for squid. > There is also dansguardian. I'll take a look at both of these, thanks! :-) > If you use separate firewall box, you can use ClearOS, it has > dansguardian set up. No, the machine is already installed with CentOS. Furthermore, I am supposed to set up all this remotely (via ssh), since I don't have physical access to the box itself... Best, :-) Marko