Blocked Domain Reporting with Ntop



  • Hi Guys,

    Some background info:
    I was looking for a way to block malicious and adult domains visited by the users behind a small form pc that I use for pfsense 2.4.3 . Also, the local admin on-site wanted to have a way of seeing domains blocked whenever necessary -compliance reasons I believe.

    So I first tried squid with some open source blacklists that I found but was not really with the result, because the machine I use is small and not acting good with proxy and second, the lists were not good..

    Next, I tried looking for some DNS solutions and tried public resolvers of Norton Connect Safe and OpenDNS where I use DHCP server and block rest of tcp/53 traffic so that people have to stick to my dns. The issue was, even tough Norton's DNS was more appropriate for me they wouldn't allow it to be used in commercial manner and I think the same for OpenDNS , so today I've seen an ad for a similar public dns provider called nsafe dns and decided to give it a try..

    Here comes the question,

    whenever nsafe blocks a domain it redirects users to a page with following uri

    http://block.nsafe.io/?uri=
    

    when I go to ntop, I can list the websites based on above and can see what are blocked from the ?uri="" part.

    But I could not find a way to create a custom report -like pie chart- so that whenever the admin on site goes in, he could see a custom list created of "http://block.nsafe.io/?uri=domains"s

    e.g http://block.nsafe.io/?uri=pornhub.com , http://block.nsafe.io/?uri=xxx.com so that when I list them I can understand which one is getting blocked by the most and by whom..

    Is this something achievable using ntop ? like creating a custom table that shows webites visited contains custom url and then creating charts with those ?

    Any other tools you would recommend to list "websites visited" in charts and such would be welcomed as well.


Log in to reply