Cheap Content Filtering?

W

wizdum

[H]ard|Gawd
Joined
Sep 22, 2010
Messages
1,943
We are currently in the process of overhauling a private school's network. I posted some pictures in the network gallery thread a while ago....its bad. They have been surviving on donated consumer Linksys wireless routers and switches. They don't even have a shoestring budget, they have no budget.

They currently have a JoeBox doing their routing, its part of an old program that you can see here: http://networkmaine.net/msln/joebox/ . It has 3 interfaces, WAN, LAN1 (172.16.1.x to school 1), LAN2 (172.16.2.x to school 2). It hands out DHCP addresses and does content filtering. It is currently failing and needs to be restarted daily.

We picked up a ubiquiti EdgeRouter Lite for them, to give them relatively fast routing between the two schools, but it does not do any kind of content filtering.

For filtering they need to be able to block URLs, partial URLs, terms, and enforce "SafeSearch". The ability to import public blocklists would also be nice.

We need something that can sit in front of the EdgeRouter Lite so it can filter traffic for both schools, or some other configuration that achieves the same thing. I have investigated OpenDNS filtering and Untangle Lite, but neither of those appear to allow the enforcement of SafeSearch or search term filtering.

Any suggestions? We have a couple servers with dual intel NICs in them that we could use, along with a XenServer host.
 
For a school you really need a commercial filter so there is someone to point too if something doesn't get blocked. Anything else has way to much liability.
 
I agree with the FreeBSD with squid and then squidguard or Danguardian for filtering. I use a pfsense install at home with squid and Dansguardian to filter internet content. I think Dansguardian does a good job and I think you can even customize the block screen if you would like?

Dansguardian is free to use for non commercial use and does what you would like. You would need to use squid3 in order to setup ssl filtering on the network though.
 
Herushan said:
I agree with the FreeBSD with squid and then squidguard or Danguardian for filtering. I use a pfsense install at home with squid and Dansguardian to filter internet content. I think Dansguardian does a good job and I think you can even customize the block screen if you would like?

Dansguardian is free to use for non commercial use and does what you would like. You would need to use squid3 in order to setup ssl filtering on the network though.
Click to expand...

I'm fairly certain that their existing solution doesn't filter SSL, so I wasn't planning on filtering that anyway. I found out that the EdgeRouter does support squidguard, and squid, but running squid3 on the small CPU in the ER-Lite would most likely not work very well.
 
ClearOS... using it here and works great. The filtering is a "paid" feature... but not expensive.(maybe $100/year??)
 
Have you looked to see if somebody like Websense does a cheap version for .edu?
 
QwertyJuan said:
ClearOS... using it here and works great. The filtering is a "paid" feature... but not expensive.(maybe $100/year??)
Click to expand...

I might be able to sell them on the ClearOS one if it can be set up as a transparent bridge, like Untangle can be.

I haven't looked into Websense, but I really don't think they would have anything in this price range. I'm going to have a hard enough time selling them on a $100 a year ClearOS filter.
 
QwertyJuan said:
Where in Maine are you that they won't even allow you to spend $100?? :eek:
Click to expand...

Its a private Catholic school in Bangor. I actually work for a public school in a small town near Bangor, i'm just helping them out as part of a college project. I don't have access to their financials, but for whatever reason, they have no money. They were using sheets of paper with keyboard layouts on them to teach typing not too long ago.

They do consistently rank fairly high when compared to other schools, so they have the teaching thing down, just not the accounting thing, I guess.
 
What wrong with using something like OpenDNS. It's not free, but sometimes you get what you pay for.
 
wizdum said:
Its a private Catholic school in Bangor. I actually work for a public school in a small town near Bangor, i'm just helping them out as part of a college project. I don't have access to their financials, but for whatever reason, they have no money. They were using sheets of paper with keyboard layouts on them to teach typing not too long ago.

They do consistently rank fairly high when compared to other schools, so they have the teaching thing down, just not the accounting thing, I guess.
Click to expand...

I'm not too far from Bangor myself... was just there a few weeks ago actually. That really sucks to be that strapped for cash. :(
 
WesM63 said:
What wrong with using something like OpenDNS. It's not free, but sometimes you get what you pay for.
Click to expand...

As far as I could tell, OpenDNS wouldn't allow them to enforce safesearch, or specify sites to block. Now that I think of it though, their existing Safe Search filter might not be working anyway, since Google uses SSL by default.
 
You can specify sites as well as categories to block with OpenDNS.

 
ciggwin said:
You can specify sites as well as categories to block with OpenDNS.

Click to expand...

I am guessing he is wanting to allow Google, but yet force safe search, which does cut down on the amount of smut you would get in your results. Considering this is a school, that would probably be a good idea.
 
QwertyJuan said:
I am guessing he is wanting to allow Google, but yet force safe search, which does cut down on the amount of smut you would get in your results. Considering this is a school, that would probably be a good idea.
Click to expand...

Yeah, and they have like 4 pages worth of words that students aren't allowed to search for.
 
wizdum said:
Yeah, and they have like 4 pages worth of words that students aren't allowed to search for.
Click to expand...

I think ClearOS is going to be your answer. I am pretty sure you can run the proxy service to actually scan the page before it's displayed for bad words.
 
I agree with sc0tty8, Untangle is a good option, but to get the most out of it's features (e.g. HTTPS filtering) you will have to pay a subscription.

You can check out this tutorial to build a content filter that includes HTTPS filtering using pfSense, Squid, and qlproxy.
 
How many computers are there, you could just install K9 Content filter on each PC. its free and does a pretty good job. No central managment though.
 
k1pp3r said:
How many computers are there, you could just install K9 Content filter on each PC. its free and does a pretty good job. No central managment though.
Click to expand...

I guess if he is talking a dozen computers, yeah... something like that would work.
 
Both ClearOS and Untangle uses Squid-proxy which I suggested in post #2.
//Danne
 
diizzy said:
Both ClearOS and Untangle uses Squid-proxy which I suggested in post #2.
//Danne
Click to expand...

This is something that will end up being managed by a computer teacher when I leave, not an IT department. Plain old Squid-proxy is a little too complicated for them.

As for the number of computers, theres about 25 EdUbuntu LTSP terminals and probably 100 Macbooks and 3 iMacs..
 
k1pp3r said:
Are these macs donated? just wondering.
Click to expand...

I think I see what you did there...

OP is up creek without a paddle on this one. If you get something that will be easy for a non-IT person to use... good luck on the price. If you want to build your own using Squid and such, good luck to them when the law comes asking for a report that a student accessed pornography while at school to show that it was blocked.

EDIT: Slight issue.
 
k1pp3r said:
Are these macs donated? just wondering.
Click to expand...

I'm not 100% sure, but I think the student Macbooks were either donated by the state or purchased from the state. Our state has a program called MLTI that gave Macbooks to public school students. They just switched over to HP laptops running windows 7 (seriously, these are the best laptops I have ever seen manufactured by HP in the consumer market) and sold off the 2007-2008 generation Macbooks for $45 a piece to schools that wanted them.

As for where the shiny new iMacs and Macbook Pros came from, I have no idea. It kind of pisses me off to see teachers using these expensive machines. The amount of money they spent on ONE of those would have been enough for me to get one LTSP terminal for every student. As it stands now, students have to share computers.

I have been sick, so I haven't been over to check yet, but I know the firmware on that JoeBox is pre-2009 (before Google and everyone switched to HTTPS by default). I don't think those "Enforce SafeSearch" or search result filtering options are doing anything at all right now except making them feel better. My goal for the cheap content filtering system was simply to give them everything they already had. If those options aren't working, i'd be fine setting them up with OpenDNS filtering.

For OpenDNS filtering, which version do you use? The "OpenDNS Home" or "Family Shield"?
 
With all that being said lol.

Untangle I believe has a great educational non profit pricing, they could sell an imac and fund untangle for a decade lol
 
I wish I could help more on the OpenDNS front. I know it's a great product as we use it, but i'm not in charge of it, so my knowledge is limited. I'm sure someone here can help more.

Also, There are tons of grants school districts can get. Usually, it just comes down to someone taking the time to apply. I was on the tech team in high school and we always had mac's that were "free" as part of a grant. IT didn't want them, but they were free, so it's hard to complain. I don't know if private schools are eligible for those sorts of things or not, but really worth looking into.
 
wizdum said:
I'm not 100% sure, but I think the student Macbooks were either donated by the state or purchased from the state. Our state has a program called MLTI that gave Macbooks to public school students. They just switched over to HP laptops running windows 7 (seriously, these are the best laptops I have ever seen manufactured by HP in the consumer market) and sold off the 2007-2008 generation Macbooks for $45 a piece to schools that wanted them.

As for where the shiny new iMacs and Macbook Pros came from, I have no idea. It kind of pisses me off to see teachers using these expensive machines. The amount of money they spent on ONE of those would have been enough for me to get one LTSP terminal for every student. As it stands now, students have to share computers.

I have been sick, so I haven't been over to check yet, but I know the firmware on that JoeBox is pre-2009 (before Google and everyone switched to HTTPS by default). I don't think those "Enforce SafeSearch" or search result filtering options are doing anything at all right now except making them feel better. My goal for the cheap content filtering system was simply to give them everything they already had. If those options aren't working, i'd be fine setting them up with OpenDNS filtering.

For OpenDNS filtering, which version do you use? The "OpenDNS Home" or "Family Shield"?
Click to expand...

Family Shield works "ok", however there is NO configuration. You just get blocked what they block for you. On the whole it works ok.... but no fine-tuning. For that you need the OpenDNS Home. VERY easy to setup.
 
You must log in or register to reply here.
Back
Top