firewall url filter
Bruno Wolff III
bruno at wolff.to
Thu Jan 22 13:46:03 UTC 2009
On Fri, Jan 23, 2009 at 00:08:28 +1030,
Tim <ignored_mailbox at yahoo.com.au> wrote:
> On Thu, 2009-01-22 at 09:38 +0100, roland wrote:
> > The client wants to prevent users to connect to sex sites.
> >
> > Can I use the fedora-box as a firewall, filtering several url's or
> > filtering several keywords?
>
> You can do that sort of thing. A simplistic overview of how is:
>
> Use the firewall to block direct the browsers directly connecting to any
> website (i.e. all outgoing connections to port 80). That'll stop nearly
> all web browsing, other than sites on other unusual ports. It's not a
> 100% catchall, but probably 99%.
That doesn't catch https connections. Of course the firewall wouldn't
be able to check URLs in that case anyways.
Depending on the requirements it may be best to block all direct access
to the outside from the clients machines and only allow access through
a proxy.
If there is a know set of web pages they should have access to then they
can use a whitelist to only allow connections to those web sites. If not,
trying to block undesirable sites isn't an easy problem to solve in
general.
More information about the fedora-list
mailing list