By Keith Winston on March 01, 2007 (8:00:00 AM)
Content filtering for the Web can be a messy proposition. A business may need to block only the most objectionable Web sites, while schools may be required by law to follow a more thorough process. Whatever your needs, you can build a solution with only open source pieces: squid, squidGuard, and blacklists.
The squid server acts as an intermediary between a Web browser and Web server. As a proxy, it receives a URL request from the browser, connects to the server on behalf of the browser, downloads content, then provides it to the browser. It also saves the content to disk so it can provide it more quickly to another browser if the same URL is requested in the near future. Generally, this leads to more efficient utilization of an Internet connection and faster response times for Web browsers.
A typical hardware setup uses physical two network cards on the proxy server. One connects to the internal network, where squid listens for incoming HTTP requests on the default port 3128. The other connects to the Internet, from which it downloads content.
Squid is available for most Linux distributions as a standard package. I was able to get squid running on Red Hat Linux with sane defaults by simply installing the RPM and setting a few options in the /etc/squid/squid.conf configuration file:
acl our_networks src 192.168.0.0/16
http_access allow our_networks
http_access deny all
The visible_hostname tells squid the name of the server. The acl is an access control list used in the http_access rule to allow internal clients to connect to squid. For security reasons, it is important to ensure that users outside your network can’t use squid; this is achieved by adding a deny rule near the bottom of your configuration.