Unsolved content filter for small school?
-
I have a small school that is looking at renewing the Barracuda content filter for about $500 for the next year. (They already own the appliance.) Are there any other content filters I should consider? They probably filter 50-100 devices.
Since they have a Ubiquiti EdgeRouter, I considered the SquidProxy, but from what I read, it doesn't filter https traffic. I also have to wonder how they can keep to date with the list of blocked sites.
-
Squid is just the filter, you supply the block list separately.
-
Most of the lists are freely available too.
-
What about one of the DNS based filtering services? At our church I set up Dyn's Internet Guide and it works very well:
http://dyn.com/labs/dyn-internet-guide/
As you are probably aware, there are also services available from OpenDNS and Symantec. -
I've heard good things about pfSense with DansGuardian
-
@Shuey said in content filter for small school?:
I've heard good things about pfSense with DansGuardian
pfSense is just Squid. You should not be using pfSense for filtering, that's your firewall, don't put your filtering in your firewall (trying to make it a UTM). Use pfSense as a router, that's fine. But don't do the UTM thing.
If you want what pfSense to do your filtering, just use Squid in a Linux VM.
I used Squid with Dansguardian for a school back in 2004.
-
@scottalanmiller said in content filter for small school?:
@Shuey said in content filter for small school?:
I've heard good things about pfSense with DansGuardian
pfSense is just Squid. You should not be using pfSense for filtering, that's your firewall, don't put your filtering in your firewall (trying to make it a UTM). Use pfSense as a router, that's fine. But don't do the UTM thing.
If you want what pfSense to do your filtering, just use Squid in a Linux VM.
I used Squid with Dansguardian for a school back in 2004.
I thought I loosely conveyed that pfSense would be the router and DansGuardian would be a module you install inside it for the filtering, lol.
-
@Shuey said in content filter for small school?:
I thought I loosely conveyed that pfSense would be the router and DansGuardian would be a module you install inside it for the filtering, lol.
Well that's incorrect, then
pfSense is the router and it has a module that is Squid. Squid inside of pfSense does the filtering. Dansguarding is the set of filter rules for Squid. In all cases, Squid is what does the filtering.My original point was that if you wanted DansGuardian and Squid that it should not be run on your router, like pfSense. It should be on a VM running Linux (or FreeBSD), but not on your router.
-
Squid can filter HTTPS if you configure it too.. intercepting HTTPS imo is a bad Idea
use a DNS filter like Nxfilter http://www.nxfilter.org/p2/?page_id=16
-
@Jason said in content filter for small school?:
intercepting HTTPS imo is a bad Idea
I generally agree, especially in a school. Your requirement to filter is far less than your requirement not to spy.
-
@scottalanmiller said in content filter for small school?:
@Shuey said in content filter for small school?:
I thought I loosely conveyed that pfSense would be the router and DansGuardian would be a module you install inside it for the filtering, lol.
Well that's incorrect, then
pfSense is the router and it has a module that is Squid. Squid inside of pfSense does the filtering. Dansguarding is the set of filter rules for Squid. In all cases, Squid is what does the filtering.My original point was that if you wanted DansGuardian and Squid that it should not be run on your router, like pfSense. It should be on a VM running Linux (or FreeBSD), but not on your router.
Ah, I see - thanks for clarifying. I mean this with all sincerity Scott: I've only had a handful of virtual interactions with you in the relatively short amount of time I've known you, but I really enjoy it and look forward to learning a lot more. You remind me a lot of one of my other IT friends (Joseph Granneman); both of you guys possess a mind-blowing amount of knowledge and skills!
-
@Shuey Thanks
