Hi,

First up, if this is the wrong forum, please advise!

Ok, I have a home network that the whole family uses. I have a variety of clients from Winoze to iPads to PS3 to XBOX. I also have a linux (Ubuntu 12.04) based server as my firewall.

I want to put some content filtering in to place to protect the internet from my children (or should that be the other way around?) and plan to go for a Squid / Dans Guardian system.

So far, so good. I want transparent proxying in place (some of the devices also get used elsewhere and I don't want to have to turn on and off a manual proxy) which I can (relatively) easily do.

Now for the difficult part, I don't want to have to authenticate each time someone hits the 'net, but IF a website gets blocked, I'd like a link on the blocking page that allows a user to log in and (if appropriate) bypass the filter. When this happens though, I want to make sure it's logged.

All the helpfiles I have seen suggest that:

1. I need to use Ident as I am transparent proxying
2. I have to either authenticate or not, I can't ONLY authenticate if a bypass is requested.

Anyone have any thoughts?

Thanks!

I went down this road probably a year or more ago and got a similar setup working. I used the Dansguardian plugin for IPCop which made it quite easy to setup and configure. I had initially used the transparent proxy but changed it to a normal proxy after having problems and then reading info around that browsers work better when they are aware there is a proxy. So I switched to 8080 and then blocked access to 80.

This didn't go over too well with devices that did not have proxy support, mainly the directv receivers. I also ran into trouble allowing overrides for restricted content. This involves creating logins for the proxy but the ipod devices did not support the security model (don't recall what it was exactly), so I could not use that. Without this, I was adding exceptions every day to the site list, mainly the reality sites my wife chooses to visit. Also, many of the ipod app game servers show up on the restrict list as well. Some of the iphone/ipod apps are not written correctly to use the proxy server either, they flat out don't work even if the proxy is configured in the iPhone.

The content filter is quite nice, it does a good job of blocking based on black, grey and site content, but I had too much trouble allowing exceptions. I've since opened port 80 back up, but keep the kids laptops configured to use the proxy. One day I'll get back to looking at this again.