Any Web content filtering for free?

The network is the forum.

Moderators: Steel, notfred

Any Web content filtering for free?

Postposted on Thu Mar 31, 2011 10:04 am

Hi all, I work for a small company and we are very strapped for cash right now as I'm sure a lot of people are. My boss has noticed several people while walking by with their facebook/myspace/whatever open rather than working. He has tasked me with finding a free way of blocking all access to the internet except for approved "whitelist" websites.

I've searched and found a way of doing it using the built in "Internet Content Adviser" by using a filter that blocks out everything, then allowing sites. It works, but not very cleanly. Its a per workstation thing and requires manually editing each workstation. It also breaks IE for every user that logs into the restricted PC, not just a single specific user.

Does anyone know of anything free out there that I can use as a "block all/allow specific" web filter based on user? I've never set up anything like this so something with instructions or a nice GUI would be nice. I have almost zero Linux experience but would be willing to try to learn enough to get something like this up and going if it wasn't extremely difficult.

If there's really not anything out there I'll probably just end up using the built in IE Internet Content Adviser but wondered if there was a better, more elegant way of doing it.
Image
Shinare
Gerbil XP
 
Posts: 352
Joined: Wed Jul 06, 2005 12:48 pm

Re: Any Web content filtering for free?

Postposted on Thu Mar 31, 2011 10:18 am

Blue Coat K9 is pretty reasonable: $18.49/user/year.
Think for yourself, schmuck!
i5-2500K@4.3|Asus P8P67-LE|8GB DDR3-1600|Powercolor R7850 2G|1.5TB 7200.11|1988 Model M|Saitek X-45 & P880|Logitech MX 518|Dell 2209WA|Sennheiser PC151|Asus Xonar DX
bthylafh
Grand Gerbil Poohbah
 
Posts: 3234
Joined: Mon Dec 29, 2003 11:55 pm
Location: Southwest Missouri, USA

Re: Any Web content filtering for free?

Postposted on Thu Mar 31, 2011 10:45 am

Open DNS has this capability and its free.


It is not perfect, but it is fairly decent.
mackintire
Gerbil
 
Posts: 18
Joined: Wed Jan 17, 2007 4:23 pm

Re: Any Web content filtering for free?

Postposted on Thu Mar 31, 2011 11:01 am

Shinare wrote:I've searched and found a way of doing it using the built in "Internet Content Adviser" by using a filter that blocks out everything, then allowing sites. It works, but not very cleanly. Its a per workstation thing and requires manually editing each workstation. It also breaks IE for every user that logs into the restricted PC, not just a single specific user.
IE = almost anything under that can be controlled via Group Policy if you have an Active Directory domain - per user, per computer, you name it.

Shinare wrote:Does anyone know of anything free out there that I can use as a "block all/allow specific" web filter based on user? I've never set up anything like this so something with instructions or a nice GUI would be nice. I have almost zero Linux experience but would be willing to try to learn enough to get something like this up and going if it wasn't extremely difficult.

If there's really not anything out there I'll probably just end up using the built in IE Internet Content Adviser but wondered if there was a better, more elegant way of doing it.
IMO, blocking != elegant already. When someone goes to a site and snap(!), it is already not a smooth experience and it has been documented that, especially for knowledge-based workers, pissing them off is just going to reduce productivity and make for a worse workspace environment overall. It is a hotly contested topic and let's not get too much into that. TR forums usually refer to it as the Nazi Content Filter (NCF) so it shows the feelings among some of the gerbils. For a really destructive "block", there is always the hosts file you can mess with your users like that. :o Granted, if you still have your user being an admin on their systems, there are almost always workarounds.
Image
The Model M is not for the faint of heart. You either like them or hate them.

Gerbils unite! Fold for UnitedGerbilNation, team 2630.
Flying Fox
Gerbil God
 
Posts: 24582
Joined: Mon May 24, 2004 2:19 am

Re: Any Web content filtering for free?

Postposted on Thu Mar 31, 2011 11:29 am

I work as an IT higher-up and have run into this issue as well. It's actually not a good solution to block outright, because as we have found sometimes people ARE using these sites for legitimate means.

What we do instead is generate a report of time / bandwidth used per site per user, and then give the user visibility into that data so they are aware of how much time they are spending, as well as aware of the fact that their manager(s) are aware.

People generally don't want to be screwing the company and will adjust their personal habits once made aware.

In a broader sense, part of your problem could be a lack of reasonable deadlines / touchpoints. If there is a ton of "downtime" with no apparent deadlines, people of course are going to slack off. Your organization can minimize this by creating more frequent iterations / touchpoints so your employees will be aware of the work to be done and stay on top of things. If managed properly your overall efficiency and quality of work will increase as well.
JdL
286DX > Pentium Pro 200 > Athlon 1000 @ 1.4 GHz > Athlon 64 2.2 GHz > Athlon XP 3200+ > Core 2 Duo 3300 @ 4.0 GHz > Core 2 Quad 6600 G0 @ 3.2 > Core i7 3770 @ stock
JdL
Graphmaster Gerbil
 
Posts: 1020
Joined: Thu Aug 29, 2002 11:45 am
Location: United States of America

Re: Any Web content filtering for free?

Postposted on Thu Mar 31, 2011 11:42 am

Another option is dansguardian, or pfsense. Pfsense can run off a CD, if you wanted to do a quick test.

At school here we use Fortigate network appliances, and we have certain categories blocked, so regular browsing is allowed, but not Facebook, Myspace, Web e-mail, and video sites (youtube, vimeo, etc).

I personally would suggest blacklisting certain sites rather than whitelisting a small subset - there are so many headaches you get into when you whitelist.
[ - THIS SPACE FOR RENT - ]
highlandr
Gerbil Elite
 
Posts: 543
Joined: Thu Dec 27, 2001 7:00 pm
Location: Somewhere in downstate IL

Re: Any Web content filtering for free?

Postposted on Thu Mar 31, 2011 12:32 pm

highlandr wrote:Another option is dansguardian, or pfsense. Pfsense can run off a CD, if you wanted to do a quick test.

DansGuardian appears to be very flexible, but setting it up is likely to be a rather formidable undertaking if you don't have prior Linux experience.

If your employer isn't willing to pay for your time while you come up the Linux learning curve, you may want to ask yourself whether it is something you're willing to learn on your own time. You'll pick up some valuable job skills, and be able to set up a cheap/free (depending on whether you've got any spare hardware sitting around that you can use for the proxy box) filtering web proxy for your workplace. Everyone wins.
(this space intentionally left blank)
just brew it!
Administrator
Gold subscriber
 
 
Posts: 38103
Joined: Tue Aug 20, 2002 10:51 pm
Location: Somewhere, having a beer

Re: Any Web content filtering for free?

Postposted on Thu Mar 31, 2011 12:41 pm

Another vote for OpenDNS. It will do what you want for free. We use it on our vendor network and block everything except a few select IPs for VPN software to connect. It has been working great. A couple of the guys here use it at home and utilize the site category blocking to keep their kids off pr0n sites, gambling sites, etc.
"I take sibling rivalry to the whole next level, if it doesn't require minor sugery or atleast a trip to the ER, you don't love her." - pete_roth
"Yeah, I see why you'd want a good gas whacker then." - VRock
dextrous
Gerbil Elite
 
Posts: 563
Joined: Mon Nov 22, 2004 1:49 pm
Location: Ooooooooooklahoma

Re: Any Web content filtering for free?

Postposted on Thu Mar 31, 2011 1:02 pm

The main caveat with OpenDNS is that (I am assuming) it isn't really a proxy; it just filters DNS requests. This should be sufficient to stop your non-technical users, but won't block anyone who knows how to use a numerical IP address or is able to mess with their own network settings (they can just point at a different DNS server to get around the filter). I also have no idea how flexible OpenDNS is with regards to setting different filters per user (not sure how important that is, but you did mention it in the first post).

Of course if you're dealing with an office full of computer geeks, even the proxy probably won't be much of a deterrent... but I'm assuming this is not the case. :wink:
(this space intentionally left blank)
just brew it!
Administrator
Gold subscriber
 
 
Posts: 38103
Joined: Tue Aug 20, 2002 10:51 pm
Location: Somewhere, having a beer

Re: Any Web content filtering for free?

Postposted on Thu Mar 31, 2011 1:27 pm

I've had a few years experience with the various iterations of Smoothwall and I really like it for it's simplicity, this falls squarely alongside the class of functionality you will see with other solutions like IPCop.
You don't need any linux knowledge to make effective use of this solution. I highly recommend it.

http://www.smoothwall.org/
-Playing shooters on a console is like doing brain surgery with an ice-cream scoop-
Jon
Gerbil Elite
 
Posts: 968
Joined: Sat Feb 14, 2004 7:44 pm
Location: -Canada-

Re: Any Web content filtering for free?

Postposted on Thu Mar 31, 2011 1:30 pm

Hey thank you everyone for your input, keep 'em coming!

What I envision is a PC with single nic with this "filtering software" running on it and we just point the users who need it to it with proxy settings via GPO and lock it down.

I hear all the arguments against white list only filtering but the boss wants what the boss wants, and we have zero spending right now, so even a cheap $18/year price tag is out of the question. I will look into the suggestions made here so far. Keep 'em coming!
Image
Shinare
Gerbil XP
 
Posts: 352
Joined: Wed Jul 06, 2005 12:48 pm

Re: Any Web content filtering for free?

Postposted on Thu Mar 31, 2011 2:22 pm

I've enjoyed OpenDNS, and it works relatively well for a free product. Again, your more savvy users might get around it, but for free you can't complain too much. I use it at home, and I've used it for work on a small Class C subnet with Windows Server 2003 domain controllers doubling as the internal DNS servers. In the latter case, it's just a matter of configuring the DNS forwarders on the appropriate servers to forward requests to OpenDNS's DNS servers. Flush the DNS resolver cache after making the changes and you should be good to go. You can block most proxy sites with OpenDNS, but I've found they don't always catch them all.

The shop I'm at now uses Websense, but it's a much bigger shop with 20 branch offices, so they can justify the expense.
Pagey
Graphmaster Gerbil
 
Posts: 1419
Joined: Thu Dec 29, 2005 10:29 am
Location: Middle TN


Return to Networking

Who is online

Users browsing this forum: No registered users and 2 guests