At present, many schools have built campus networks and connected to the Internet, but there are a lot of bad information on the Internet. How can we filter out websites to prevent the impact of unhealthy websites on students? Based on the principle of zero cost and high efficiency, let's talk about how to implement Internet filtering in free Linux.
Set Proxy Server
The campus network accesses the Internet through Linux and uses Squid to build proxy servers on the gateway.
First, install linux. I use RedHat Linux 7.2, which is easy to install and use. When installing RedHat Linux 7.2, squid has been installed at the same time. You only need to configure it.
After RedHat Linux 7.2 is installed, Apache is not running by default. Therefore, you should enable squid to ensure that the Squid Proxy Server works properly. Modify the/etc/squid. conf configuration file.
Http_port 3128 (defines the port for squid to listen to HTTP client requests)
Cache_mem 10 MB (squid can use an ideal memory value, usually set to 1/3 of the physical memory)
Cache_swap_low 95
Cache_swap_low 90
Maximum_object_size 4096 KB (objects larger than this value will not be stored)
Cache_dir ufs/var/spool/squid/cache 200 16 256 (specify squid to store the swap space of the object and its directory structure)
ACL all SRC 192.168.1.1/24 (defined as 192.168.1.1 network segment)
Http_acceaa allow all (clients in the 192.168.1.1 network segment can use the Squid proxy to access the Internet)
Cache_inclutive_user squid (user and user group used)
Cache_effective_group squid (use the default value for other parameters)
[Root @ squid bin] # chmod 777/var/spool/squid/cache (set the/var/spool/squid/cache directory to a noboay user with write permission)
[Root @ squid bin] # squid-z (manually create the Squid cache directory/var/spool/squid/cache)
[Root @ squid bin] #/etc/rc. d/init. d/squid start (start squid, stop squid with/etc/rc. d/init. d/squid stop)
Test on the client. Take windows as an example. Run IE, click "Tools", click "Internet Options", click the "connection" tab, and click "LAN Settings". In the "LAN Settings" window, fill in the IP address of the squid server in "Address": 192.168.1.16, fill in "3128" in "Port", and then exit. In this case, the client should be able to browse the Internet, indicating that squid is running properly.
Filter configuration
Next, configure the website filtering function. There are two configuration methods.
Method 1
Please go:
The ftp://k12linux.mesd.k12.or.us/pub/squidguard/ downloads the rpm version of The SquidGuard-1.2.0-3.i386.rpm.
Reference:
Squidguard is an auxiliary software for squid to implement filtering, redirection, and access control. It is a free software with powerful functions, easy installation, easy configuration, and fast processing speed. Functions: restrict access by some users based on the Web server or URLs list; block access by some users to the Web server and URLs on the blacklist; some users are blocked from accessing URLs that match regular expressions. In the URL path, domain name access is enhanced, and IP access is prohibited. The blocked URL is redirected to a smart CGI information page; redirects an unauthorized user to a registration page. It has access rules based on the date, Week, and specific time of the day. different user groups have different rules. However, you cannot filter or check the text in the document and the JavaScript or VBScript language in HTML.
# Rpm-IVH squidguard-1.2.0-3.i386.rpm
(After installation, the data directory dbhome:/var/squidguard/blacklists; the log directory logdir:/var/log/squidguard)
Follow the prompts to modify the configuration lines in the/etc/squid. conf file:
Redirect_program/usr/sbin/squidguard-C/etc/squid/squidguard. conf
Redirect_child 5
Restart squid, view/var/log/squidguard. log, and check the last line: 16:13:18 [2237] squidguard ready for requests, which indicates that squidguard is running properly.
Method 2
Go to squidguard. MESD. k12.or. US/squidguard.tar.gzto download squidguard.tar.gz of tardy and put it in the root directory.
# Cd/(enter the root directory)
# Tar vzxf squidguard.tar.gz
(Decompress the file to/usr/local/squidguard. The data directory is dbhome:/usr/local/squidguard/dB. The log directory is logdir:/usr/local/squidguard/log)
Modify the/etc/squid/squidguard. conf configuration file:
Redirect_program:/usr/local/bin/squidguard-C/etc/squid/squidguard. conf
Restart squid and check/usr/local/squid guard/log/squidguard. log to ensure that squidguard is running properly.
Try to browse some websites to filter. If the website can be redirected to a specified webpage, it indicates that the filtering function has taken effect.
Data can be increased or decreased when squidguard of the TAR version is used. Go to the Data Directory: porn folder under/usr/local/squidguard/DB and create a new domains. diff file. The content format is (plus sign "+" indicates addition, minus sign "-" indicates removal ):
+ Newsite1 (adds newsite1 to the filter list and cannot be accessed)
+ Newsite2 (adds newsite2 to the filter list and cannot be accessed)
-Site3 (remove site3 from the Filter list for normal access)
-Site4 (remove site4 from the Filter list for normal access)
Then run: #/usr/local/bin/squidguard-C/etc/squid/squidguard. conf-u
View the squidguard. log file, if any:
DB update done
Squidguard stopped (102233.823)
Indicates that the data is updated successfully! Restart squid.
Advantages of this method
The advantage of this method is that it is easy to configure and has low hardware requirements. Generally, 486 and 586 of the retired servers are competent, and the proxy server can work for a long time. All the software is free of charge, and the filter list is updated quickly. You only need to download the latest version of the filter list database at www.squidguard.org to replace the old one. You can also manually add or remove the Filter list.
Squid can also set the time period for accessing the Internet. It can regularly check logs to detect students' bad tendencies on the Internet.
Reference:
Squidguard configuration file/usr/local/squidguard. CONF file: logdir/usr/local/squidguard/logs # log directory definition dbhome/usr/local/squidguard/DB # dB directory definition time testtime {# time rule definition weekly mtwhf-weekly am-Am date *-01 Am-Am date 2001.10.01-2001.10.09} SRC admin {# source Group definition IP 192.168.100.18} SRC client {IP 192.168.100.20 192.168.100.21 192.168.100.22 IP 192.168.200.0/24} dest porn {# Target group definition domainlist porn/domains urllist porn/URLs expressionlist porn/expressions} ACL {# access rule definition admin within testtime {pass! Porn all} else {pass all} client {pass! In-ADDR! Porn all} default {pass none redirect http://admin.foo.com (# You can also redirect to a CGI page containing some information, as shown below: http://admin.foo.com/cgi/blocked? Clientaddr = % A & clientname = % N & clientuser = % I & clientgroup = % S & targetgroup = % T & url = % u )}} # vi dB/porn/domains (domain list file: mainly blocking some defined sites) Co. za sex.com (as shown above, it can block such as hack. co. za, sex.com, www.sex.com, and whatever.sex.com, but different from. * [^.] sex.com, does not match ssex.com) # vi dB/porn/URLs (URL list file, mainly blocking some sites and some columns) qihui.com/sex valen.sohu.com/album Hui.com/sex, etc.) # vi dB/porn/expressions (expression list file, mainly blocking some URL access that matches the expression) (^ | [/? + =/]) (. *) (Girl )(.*)([/? + =/] | $) (The above regular expression can block the access of the Girl website in the URL, such as www.girlzine.com, girl.huabao.net, www.huayu.net/girl?www.universiti.com/girl, etc) |
Note: squidguard has strict syntax requirements on the configuration file. If the Configuration File Syntax is incorrect, squidguard can still run,
However, squidguard has entered the emergency mode. At this time, the proxy service does not have any blocking effect,
All accesses via this proxy can be passed. You can view the log files of logs/squidguard to find errors, for example:
17:08:44 [2430] Parse error in configfile/usr/local/squidguard. conf line 8
17:08:44 [2430] going into emergency mode