Re: parental software

Sun, 10 May 1998 17:19:27 -0400 

On Sun, 10 May 1998, Bill Nottingham wrote:

> Marco Shaw ([EMAIL PROTECTED]) said: 
> > > this with somesort ipfwadm command, or is there something else I can use
> > > as a filter,  either internel to RedHat or an extra daemon?
> > 
> > I think ipfwadm is cool, but a hell of a pain to configure from the
> > command line at least.  I'm very interested in learning how this would be
> > done...relatively easily (without changing OS :)
> 
> Well... if you use a proxy server such as squid, you can restrict access
> to both particular sites, and sites that hve a particular phrase/regexp
> in the URL. I don't think you can make it restrict based on the
> *content* of the sites, though.  Plus, you can use the kernel's
> transparent proxy support to redirect all WWW requests to the proxy
> server, even if the browser's don't set the proxy. (I'm pretty sure
> you need to use ipfwadm to configure it, though.)
> 
> Bill
> 

That's what I do, and it works quite well. Even better, squid can redirect
denied accesses to some other url. Our squid setup redirects would-be
on-the-job voyeurs to a page on our server telling them their access has
been logged and that they'd better not do it again. :) Plus, since squid
logs all urls, it's trivial to look through the log and see what's slipped
through the cracks and make appropriate adjustments. The logs are also
very helpful in gathering all sorts of statistical information. Squid is a
wonderful program.

Since our network is set up with a private number block anyway, I don't
masquerade HTTP requests, so the users are forced to go through the proxy
if they want to get anywhere. You do use ipfwadm to set all that stuff up.


Ryan

----------------------------------------------------------------------------
Ryan McCowan                        Cookeville Regional Medical Center
 [EMAIL PROTECTED]                 Webmaster-Internet/Intranet Admin
 [EMAIL PROTECTED]                 http://www.cghospital.org/              
----------------------------------------------------------------------------


-- 
  PLEASE read the Red Hat FAQ, Tips, Errata and the MAILING LIST ARCHIVES!
http://www.redhat.com/RedHat-FAQ /RedHat-Errata /RedHat-Tips /mailing-lists
         To unsubscribe: mail [EMAIL PROTECTED] with 
                       "unsubscribe" as the Subject.

Reply via email to