On 01/05/2012 12:58 AM, Marko Vojinovic wrote:>
> I am looking at the simplest (implementation-wise) solution to the
following
> problem (on CentOS 6.2):
>
> I have a list of web addresses (like http://www.example.com,
https://1.2.3.4/,
> etc.) that should be "forbidden" to access from a particular
host. On access
> attempt, the browser should be redirected to a local web page (file on the
hard
> disk) with the explanation that those addresses are forbidden. The possible
> ways of disallowed access include:
>
> * typing www.example.com or http://1.2.3.4/ in the browser
> * typing www.example.com/anyfolder/somefile.html in the browser
> * clicking on www.example.com when listed as a link on some other web site
> (say, Google search results)
> * nothing else.
>
> The last point above assumes that the users will never try any other method
of
> accessing the site. These user's knowledge about computers in general
is known
> to be elementary, so I don't need protection against geniouses who can
figure
> out some obscure way to circumvent the lockdown (and please don't tell
me that
> this is an irrational assumption, I know it is...).
>
> If possible, all this should be on a "per user" basis, but if
implementing it
> system-wide would be much simpler, I could live with it. :-)
>
> The point is that I need a simple, easy-to-implement, easy-to-configure and
> easy-to-maintain solution for this particular usecase. What I don't
need is
> some over-engineered solution that covers my usecase along with a whole
bunch
> of stuff I will never need, and takes two months to configure properly. It
> should also be F/OSS, preferably included in CentOS repos or elsewhere.
>
> Or alternatively I could go along with manually setting up a bogus
> httpd/dns/iptables configuration which would do all this, but I have a
feeling
> that it would not be the easiest thing to maintain...
>
> I'd appreciate any suggestions. :-)
There is squidguard in RepoForge repository. It's a plugin for squid.
There is also dansguardian.
If you use separate firewall box, you can use ClearOS, it has
dansguardian set up.
--
Ljubomir Ljubojevic
(Love is in the Air)
PL Computers
Serbia, Europe
Google is the Mother, Google is the Father, and traceroute is your
trusty Spiderman...
StarOS, Mikrotik and CentOS/RHEL/Linux consultant