« Change your password, folks
More temperature graphs »

Whitelisting

2005-01-02 22:36:51 9 Comments and

Thanks to an article by Skippy, and considerable time staring at Postfix, The Definitive Guide, I've gotten a whitelisting system set up for my daughter. She can now receive email from a very select list of addresses. Anyone else gets rejected.

The second part is to get a whitelisting proxy server set up for her.

The goal is to give her her own computer for her birthday, but to make it completely internet-proofed. I want her to be able to go to her favorite websites, but not to other places.

And, no, I'm not interested in your remarks about how overprotective I am, or how I'm stunting her ability to learn, so don't even bother.

I briefly considered using Squid, but I think I'll try to do it with mod_proxy first. Probably not ideal, but I figure you should eat your own dogfood whenever possible.

9 Responses to Whitelisting

Feed for this Entry
  1. 1104 skippy 2005-01-02 22:50:43

    I'm using Squid on my LEAF/Bering router for my kids' whitelist. I use the following line in /etc/squid/squid.conf:

    acl allowed_dstdomains dstdomain "/etc/squid/ok_domains"

    I don't use Squid for much caching (due in part to the limited resources in my diskless router), so I'm probably using the wrong tool for the job. I fiddled with tinyproxy a little, but it seemed considerably worse than Squid for my needs.

    Someone needs to create a simple non-caching policy-based HTTP proxy server. Preferably said policy-based proxy server would be executable on my LEAF/Bering router.

  2. 1105 DrBacchus 2005-01-03 00:13:59

    Thanks. That's *exactly* the kind of example I have been googling for for the last 2 hours. Simple once you know how.

  3. 1106 DrBacchus 2005-01-03 00:37:18

    ok, for the sake of anyone else looking, particularly anyone who is completely new to Squid, the more complete config example is:

    acl allowed_dstdomains dstdomain "/usr/local/squid/etc/ok_domains"
    http_access allow allowed_dstdomains
    https_access allow allowed_dstdomains

    where "/usr/local/squid/etc/ok_domains" contains entries like

    .pollypocket.com

    If you don't have the leading . apparently it won't work. Maybe that's not true, but I'm too tired to spend any more time on it, and it's working now.

  4. 1111 David 2005-01-03 01:44:33

    True, the leading dot must be there if you want to allow all subdomains. However, I believe you can do something like
    www.pollypocket.com
    to make sure she doesn't go to any other subdomains.

  5. 1110 DrBacchus 2005-01-03 06:57:03

    Well, no. For example, I also needed the leading . to just go to 'rcbowen.com', with no hostname or "subdomain".

  6. 1112 DrBacchus 2005-01-03 08:35:29

    Oh, and, for the record, mod_proxy really isn't cut out for this sort of thing. I'd have to add either a <Proxy> or <ProxyMatch> block for every website I wanted to permit. No chance of that.

  7. 1159 hads 2005-01-22 18:46:05




    I have been playing around with the same sort of thing lately and am currently trying out dansguardian. Looks to be great so far.

  8. 33627 Sam Lesher » Create a “whitelist” content filtering proxy for Firefox 2008-08-02 22:45:44

    ... Firefox so that they can only access a list of approved sites. Here’s how I do it (thanks to DrBacchus and skippy for the assist):
    Install squid (...

  9. 50831 Create a “whitelist” content filtering proxy for Firefox 2009-03-09 16:30:27

    ... Firefox so that they can only access a list of approved sites. Here’s how I do it (thanks to DrBacchus and skippy for the assist):
    Install squid (...

Leave a Reply



About

Some people are heroes. And some people jot down notes. Sometimes, they're the same person. (The Truth. Terry Pratchett)