[Server-devel] web filtering

Martin Langhoff martin.langhoff at gmail.com
Sat Aug 1 00:46:33 EDT 2009 

Our current recommendation is to

= Use OpenDNS if possible =

Set it in a forwarders line in /etc/named-xs.conf.in , and then

    cd /etc
    make -f xs-config.make named-xs.conf
    /etc/init.d/named restart

OpenDNS is good, and for simple deployments it may be enough. Many
schools use it and users can report urls for blocking, so its wide
usage makes the filtering better.

= For multiple school deployments - run a filter at the ISP, or at the MoE =

Avoid running the filter on the XS itself. It is serious burden on the
XS memory, cpu and internet bandwidth. And administration on a
per-school basis is awkward and inefficient.

Instead, get a machine co-located at the ISP, run a filtering proxy
there (don't forget to tighten the rules to avoid running an open
proxy). And on the XSs at schools, enable Squid and point it to the
"upstream" proxy.

This means the filter is in one place, and there is only one blacklist
(and whitelist) to maintain.

= Running a local filter on the XS =

Possible, but not recommended. Filters are not particularly smart, so
they have to be complemented with human users reporting filtering
errors. The amount and quality of that feedback makes the filtering
better -- a local filter never gets enough input to get any good.


 - wiki material?

cheers,



m

On Fri, Jul 31, 2009 at 7:54 PM, Joshua N Pritikin<jpritikin at pobox.com> wrote:
> On Fri, Jul 31, 2009 at 08:50:45PM -0430, Faaez Ul Haq wrote:
>> Could you refer me to the article? It might be another olpcorps team
>> that does.
>
> This freaks me out. We are giving unfiltered internet access to
> elementary school children? Is this wise?
> _______________________________________________
> Server-devel mailing list
> Server-devel at lists.laptop.org
> http://lists.laptop.org/listinfo/server-devel
>



-- 
 martin.langhoff at gmail.com
 martin at laptop.org -- School Server Architect
 - ask interesting questions
 - don't get distracted with shiny stuff  - working code first
 - http://wiki.laptop.org/go/User:Martinlanghoff

More information about the Server-devel mailing list