Log (not block) porn, time-wasting sites



  • I need to log, not block porn, gambling, facebook, and related (i.e. "time-wasting sites" as our management calls them) websites. We want to know WHO (reverse IP is fine) is viewing them and WHEN (squid). We already have pfsense, squid, and lighttpd running. These forums seem to recommend openDns or squidguard. However those products, while excellent, appear to block, not simply log such sites. lighttpd is also excellent, but it returns too many websites, since we're not interested in employees' visiting our already approved sites, including gmail, yahoo, google, etc, which represent 95% or more of the traffic.

    In short, how can we simply log, not block, such sites?


  • Rebel Alliance Developer Netgate

    You'd just use squid's current access log, but you'd need to write some code (perl, php, python, or just some shell commands) to parse that log and print out only the sites you want.

    I'm not sure if there is a way to hack that into lightsquid or not. It may already have some filtering built-in.

    Be aware, however, that only tracks HTTP sites unless you have the proxy settings hardcoded in the users' browser.



  • thanks jimp. yes, parsing squid's logs would work, but you're right, I'd probably need some way to parse each line (or unique URL) against a downloaded blacklist. Maybe I'll take this question over to Experts-Exchange.com for some of the sed, awk, and/or perl experts…


  • Rebel Alliance Developer Netgate

    Given that squid is pretty common, there may be an existing set of scripts out there somewhere. A squid guru would probably have some pointers.



  • Hi
    You should be able to do your desired config with squidguard. Squidguard can be configured to bypass traffic and log only, and in logs should be something like below :

    2006-09-22 08:18:19 [8764] Request(default/porn/-) http://www.playboy.com/
    xxx.xxx.xxx.180/myhostname userid GET

    I do not know only if pfsense can be configured like this "out of the installed packed"  ;)
    But if no, you always can modify .inc files to meet your needs
    Hope it helps



  • I do something similar with ntop. In fact the boss just fired someone for viewing and distrbuting porn during work. Ntop told showed me the IP, the sites, and how much bandwidth the guy was using.

    That's how we tracked him. One day the interent was extremely slow. I checked the graphs and we were pegged (we just have a T1) I loaded up ntop to see who/what was taking all the bandwidth. Low and behold it was him.



  • @mellow-yellow:

    I need to log, not block porn, gambling, facebook, and related (i.e. "time-wasting sites" as our management calls them) websites. We want to know WHO (reverse IP is fine) is viewing them and WHEN (squid). We already have pfsense, squid, and lighttpd running. These forums seem to recommend openDns or squidguard. However those products, while excellent, appear to block, not simply log such sites. lighttpd is also excellent, but it returns too many websites, since we're not interested in employees' visiting our already approved sites, including gmail, yahoo, google, etc, which represent 95% or more of the traffic.

    In short, how can we simply log, not block, such sites?

    There are specific software applications that can do that…
    One of them is: MyPornBlocker. Which has many options and can log access to time wasting sites and even take screenshots.



  • @hugo:

    @mellow-yellow:

    I need to log, not block porn, gambling, facebook, and related (i.e. "time-wasting sites" as our management calls them) websites. We want to know WHO (reverse IP is fine) is viewing them and WHEN (squid). We already have pfsense, squid, and lighttpd running. These forums seem to recommend openDns or squidguard. However those products, while excellent, appear to block, not simply log such sites. lighttpd is also excellent, but it returns too many websites, since we're not interested in employees' visiting our already approved sites, including gmail, yahoo, google, etc, which represent 95% or more of the traffic.

    In short, how can we simply log, not block, such sites?

    There are specific software applications that can do that…
    One of them is: MyPornBlocker. Which has many options and can log access to time wasting sites and even take screenshots.

    That site and software sounds like a scam site or something that are trying to sell useless software to a high price to protective parents and that tip is also useless because the topic is about a BSD firewall, not a Windows client.

    // rancor


Log in to reply