Web Filtering Options

  • What would you guys recommend for web filtering software that is cheap or free?

    We are a 65 employee firm with two offices and we want to block Facebook etc.
    Our wishlist is:
    A/V scanning
    URL and/or Content Blacklist

    We have pfsense acting as our firewall at both offices.

    Should I install the Dans Guardian module with pfSense?
    How about Network Guardian from smoothwall?
    Safe Squid?

  • Each level = More work for you to do

    low level restriction = OpenDNS
    next level = Squidguard
    next level = add a untangle box

    OpenDNS with a Block DNS Rule on top !Lan address might be enough.
    Remember everybody that can SSH out, can use Facebook

  • SSH to facebook?  I'm sure you mean SSL. . .

    OP: please use the search feature.  This question has been asked and answered repeatedly.

  • @submicron:

    SSH to facebook?  I'm sure you mean SSL. . .

    I think he means that if you allow SSH traffic onto the Internet from the LAN, the users can do whatever they want. It's quite trivial to forward traffic over SSH and use the remote box's Internet link instead of the local one, bypassing any filtering. Like a poor-man's VPN.

    But that's a risk with pretty much any configuration other than blocking all traffic directly to the Internet and only allowing HTTP through a proxy.

  • Its trivial to tunnel traffic over any port that is allowed, it's just odd that he mentioned SSH when SSL is a much more likely to be permitted protocol, and there are already plenty of SSL-enabled proxy sites available for use by people trying to bypass content filtering.

  • I agree with Perry - SSH tunnels out are more likely than SSL proxies.


Log in to reply