restricting website access from local machine

Stridier · 04-10-2005, 10:27 AM

Hi there,

I have set up my SuSE linux box, and now I want to restrict the machine from accessing particular websites. Is there any way i can do that? is there any extensions for the firefox browser?

Thanks,

david_ross · 04-10-2005, 10:42 AM

I can't think of any extensions but since you could easily use another browser I'm not sure that is the best way to do it. A transparent proxy with squid and a blacklist would probably work better.

whansard · 04-10-2005, 10:57 AM

depending on who you're trying to keep the sites from, you could add them to your /etc/hosts file with the loopbackaddress.
127.0.0.1 www.msn.com

linuxxed · 04-11-2005, 07:19 AM

Quote:

Originally posted by Stridier
Hi there,

I have set up my SuSE linux box, and now I want to restrict the machine from accessing particular websites. Is there any way i can do that? is there any extensions for the firefox browser?

Thanks,

Squid is ideal for this kind of stuff but you can also use IPTables to restrict the OUTPUT chain and deny packets to particular websites.

david_ross · 04-11-2005, 12:19 PM

You'll also need to take into account the fact that external proxies could be used.

Another advantage of squid is that you can block by hostname and even regular expressions these are not available with iptables.

DaveG · 04-12-2005, 08:17 PM

Try privoxy (http://www.privoxy.org/).

Supports site blocking, image file handling, cookie blocking, header filtering, HTML and Java abuse etc.

Once set up you just need to configure the client browsers to use your privoxy server as a web proxy. Simple to do manually but complicated to automate. Once it's working you can block browsers from bypassing the proxy at the Internet gateway - either your Suse box or your router.

P.S. Tell your users what's happening BEFORE you cut off their unrestricted access - they tend to get rather upset!

Stridier · 04-17-2005, 02:55 AM

Thanks for all your information, I am trying to install squid and dan's guardian.

Stridier · 04-17-2005, 09:35 AM

Quote:

Originally posted by DaveG
Try privoxy (http://www.privoxy.org/).

Supports site blocking, image file handling, cookie blocking, header filtering, HTML and Java abuse etc.

Once set up you just need to configure the client browsers to use your privoxy server as a web proxy. Simple to do manually but complicated to automate. Once it's working you can block browsers from bypassing the proxy at the Internet gateway - either your Suse box or your router.

P.S. Tell your users what's happening BEFORE you cut off their unrestricted access - they tend to get rather upset!

I tried to install both from suse rpm and source, neither is successful.

below is an error message with source install:

linux:/local/download/privoxy-3.0.3-stable # make install
Creating directories, and preparing Privoxy 3.0.3 installation
chmod 0755 ./mkinstalldirs
mkdir /usr/local/etc
mkdir /usr/local/etc/privoxy
mkdir /usr/local/etc/privoxy/templates
mkdir /var/log/privoxy
Installing privoxy executable to /usr/local/sbin
/usr/bin/install -c -m 0755 privoxy /usr/local/sbin
mkdir /usr/local/share/doc
mkdir /usr/local/share/doc/privoxy
mkdir /usr/local/share/doc/privoxy/user-manual
mkdir /usr/local/share/doc/privoxy/faq
mkdir /usr/local/share/doc/privoxy/developer-manual
mkdir /usr/local/share/doc/privoxy/man-page
mkdir /usr/local/share/doc/privoxy/images
Installing FAQ, Manual, and other docs to /usr/local/share/doc/privoxy
Installing man page to /usr/local/man/man1/privoxy.1
/usr/bin/install -c -m 0664 privoxy.1 /usr/local/man/man1/privoxy.1
Rewriting config for this installation
sed 's+confdir .+confdir /usr/local/etc/privoxy+' config | \
sed 's+logdir .+logdir /var/log/privoxy+' >config.updated
mv config config.base
mv config.updated config
Installing templates to /usr/local/etc/privoxy/templates
id: privoxy: No such user
******************************************************************
WARNING! WARNING! installing config files as root!
It is strongly recommended to run privoxy as a non-root user,
and to install the config files as that user and/or group!
Please read INSTALL, and create a privoxy user and group!
*******************************************************************
make: *** [install] Error 1
linux:/local/download/privoxy-3.0.3-stable # ls /usr/local/etc/privoxy/
. .. templates
linux:/local/download/privoxy-3.0.3-stable #

DaveG · 04-17-2005, 04:55 PM

Looks like the installation is expecting a separate account to own the configuration files and run the service. The binary RPM should take care of that during installation but you can do it manually, as root:
# groupadd -g 73 privoxy
# useradd -u 73 -g 73 -d /usr/local/etc/privoxy -r -s "/sbin/nologin" privoxy
and run make install again.
Another option would be to rebuild from the source RPM - download the latest privoxy/SuSE source package and run:
# rpm --rebuild privoxy-*.src.rpm
That should build a new binary RPM for you using the libraries installed on your machine. That binary should install OK.

I'm not sure how SuSE controls services (FC3 uses chkconfig and /sbin/service) but you will need to check how to start and stop privoxy and set up firewall access.
The privoxy configuration files have LOTS of comments and advice on how to customise the blocking and privacy options plus a pretty good on-line manual.

Have fun,

-- DaveG

jschiwal · 01-30-2006, 04:26 AM

Here is a link on controlling internet access. The controlled host has to go through a squid proxy server. The content is controlled by the DansGuardian program.

http://www.cecea.org/jojo/cleanweb/