Ignoring the dangers implicit with censorship, this guide should offer a simple way to filter what some may consider “objectionable” content from the cesspool that is the internet.
The configuration outlined here may also have the added benefit of caching web requests, which can lead to noticeable performance gains for many home users, most often in the case of frequent accesses to the same site (such as Facebook, which seems popular at the time of this writing).
- Proxy software (we will use Squid in this example)
- Something to filter the content (we will use DansGuardian)
- A blacklist of some sort (Optional)
Why Content Filtering
A blacklist alone is no longer enough to filter web content effectively. Given the rate at which the web is growing: With roughly 334 new domains registered every minute over the last 24 hours (according to Domain Tools). Add the amount of new content being added to existing domains, and we have a lot of sites to filter. Managing a list of it all would not only need a massive amount of human effort (or computational resources), the size of such a list would be ridiculous, even if compressed. If every request to retrieve a site checked against such a list, the verification delay would be very inconvenient (think of feeding a 5GB+ file to grep, looking for a specific address).
Enter Content Filtering, a technology that inspects each page for ‘objectionable’ material, and decides based on the contents of those pages whether or not to allow access to them. A blacklist can supplement this technology to improve performance (if the blacklist is small enough, it is often faster to search than the contents of a large page).
Together, they form an effective means of ‘cleaning’ the content served to users of your system (or network).
Installing and Configuring Squid
First, we need to install and configure a proxy. We will use squid for this example, as it offers robust caching capabilities not found in many competing proxies.
Download Squid and install it.
$ tar xzvf squid-*RELEASE*.tar.gz
$ cd squid-*
# make install
In the case of Debian/Ubuntu users compiling from source, the configure line requires some minor tweaks to accomodate the subtle differences in filesystem layout from what Squid would otherwise expect.
$ ./configure --prefix=/usr --localstatedir=/var --libexecdir=/usr/lib/squid --srcdir=. --datadir=/usr/share/squid --sysconfdir=/etc/squid
While it is technically possible to build and install Squid on a Debian or Ubuntu system without these changes, they will make sure that the installation aligns with the general filesystem layout of those distributions, and should make distribution-specific troubleshooting a bit easier.
Additionally, a minor tweak to ./src/Makefile.am in the directory you extracted to, prior to running make will avoid the need to do silly things. Change this line:
DEFAULT_LOG_PREFIX = $(localstatedir)/logs
To make it look like this:
DEFAULT_LOG_PREFIX = $(localstatedir)/log
Users of Debian-derivatives (such as Ubuntu or MEPIS) who do not wish to compile from source can simply fetch a recent binary from the supported repositories, and install it. This is easily accomplished with the provided package management tools:
$ sudo apt-get install squid
Edit /etc/squid/squid.conf with your editor of choice, paying special attention to the acl/http_access section. Something similar to the following configuration should work (configure according to your network range, of course):
acl local_network src 192.168.0.0/24 192.168.254.0/24
http_access allow local_network
Installing and Configuring DansGuardian
Download DansGuardian and install it:
$ tar xzvf DansGuardian-*
# make install
Debian/Ubuntu users can do the following:
$ sudo apt-get install dansguardian
Edit /etc/dansguardian/dansguardian.conf, commenting out the
UNCONFIGURED line once complete. Things to pay attention to are…
filterport = 8080
proxyip = 127.0.0.1
proxyport = 3128
Configuring Firefox to Filter Content
Setting up a content filtering proxy is effective, but only if it filters information. If requests are not directed through the proxy, it cannot effectively “clean” the “objectionable” material.
- Edit -> Preferences -> General -> Connection Settings -> Manual Proxy Configuration
- Input 127.0.0.1 as the proxy IP
- Input 8080 as the proxy port
- Enable the check box for ‘Use this proxy server for all protocols’
Please note that these settings only affect Firefox. Other web browsers and software will need configuration as well. Configuration steps are similar, but if you would like specific examples, please post your requests in the comments for this article.
Preventing Users from Disabling the Filter
The restrictions created by a content-filtering proxy are easily circumvented by simply not using the proxy. Assuming that the users so restricted do not have administrative access, the following method prevents this:
Edit /usr/lib/firefox/firefox.cfg and add the following entries:
I oppose censorship in all forms (and have written a guide on evading censorship), including self-censorship. I fully understand that if I choose not share this information, it is available elsewhere. I offer it here in the hopes that I may balance the knowledge of how to do it, with the wisdom of why it not to.
Censorship is not a substitute for effective parenting.