Content filtering with granular settings
-
@DustinB3403 said in Content filtering with granular settings:
@CCWTech said in Content filtering with granular settings:
@DustinB3403 said in Content filtering with granular settings:
@CCWTech said in Content filtering with granular settings:
I have a client who wants sites like facebook, instagram, etc. filtered on one computer but not another. They are looking for a very granular solution. I am guessing it's out of their price range to do something like this but they want more than just basic adblocking / Porn filtering (which I use PiHole for)
Any suggestions?
Remotely edit the workstations host file.
That would be a huge task. I need a list or lists based solution.
Okay, well it's free and it would work for just that 1 workstation
Right but they are looking for category based blocking and different blocking on different workstations.
-
Just point every domain to 127.0.0.1 that you want blocked.
Problem solved.
-
@dafyre said in Content filtering with granular settings:
Squid
facebook is just an example. They would want all weapons sites blocked, all social network sites blocked, etc... Can you imagine the size of the host file?
-
@CCWTech said in Content filtering with granular settings:
@dafyre said in Content filtering with granular settings:
Squid
facebook is just an example. They would want all weapons sites blocked, all social network sites blocked, etc... Can you imagine the size of the host file?
Well everything else is going to affect the entire site. . .so
-
@DustinB3403 said in Content filtering with granular settings:
@CCWTech said in Content filtering with granular settings:
@dafyre said in Content filtering with granular settings:
Squid
facebook is just an example. They would want all weapons sites blocked, all social network sites blocked, etc... Can you imagine the size of the host file?
Well everything else is going to affect the entire site. . .so
Unless it's agent based.
-
Why the dumb request to block this content from just 1 workstation?
-
@DustinB3403 said in Content filtering with granular settings:
Why the dumb request to block this content from just 1 workstation?
Not 1 workstation.
40+ workstations, some workstations would be locked down more than others.
My initial post was worded poorly.
-
@CCWTech said in Content filtering with granular settings:
@DustinB3403 said in Content filtering with granular settings:
Why the dumb request to block this content from just 1 workstation?
Not 1 workstation.
40+ workstations, some workstations would be locked down more than others.
Arbitrary requirements are arbitrary.
-
@DustinB3403 said in Content filtering with granular settings:
@CCWTech said in Content filtering with granular settings:
@DustinB3403 said in Content filtering with granular settings:
Why the dumb request to block this content from just 1 workstation?
Not 1 workstation.
40+ workstations, some workstations would be locked down more than others.
Arbitrary requirements are arbitrary.
Not arbitrary in any way.
One group of workstations may be locking down social media sites, other groups may allow them.
This may be cost prohibitive for the client but that's what they want. The ability to assign different groups of computers to different settings.
-
@CCWTech said in Content filtering with granular settings:
@DustinB3403 said in Content filtering with granular settings:
@CCWTech said in Content filtering with granular settings:
@DustinB3403 said in Content filtering with granular settings:
Why the dumb request to block this content from just 1 workstation?
Not 1 workstation.
40+ workstations, some workstations would be locked down more than others.
Arbitrary requirements are arbitrary.
Not arbitrary in any way.
One group of workstations may be locking down social media sites, other groups may allow them.
This may be cost prohibitive for the client but that's what they want. The ability to assign different groups of computers to different settings.
Again, that can be done using a Squid Proxy or some other proxy server.
-
What's the problem? Just put the workstation groups on different vlans and route their traffic differently. Block either in firewall, http proxy or dns.
-
You could try cisco umbrella (previously opendns) https://umbrella.cisco.com/products/packages or mimecast web security https://www.mimecast.com/products/web-security/
I've previously used untangle and clearos for these as well
-
Nxfilter is a decent and inexpensive option. You can be granular by IP address or by username. All filtering is done using dns.
-
@Pete-S said in Content filtering with granular settings:
What's the problem? Just put the workstation groups on different vlans and route their traffic differently. Block either in firewall, http proxy or dns.
Exactly what I am thinking even if it is Squid. @CCWTech what firewall do you have?
-
pfSense with squid and squidguard packages worked well when I last used it.
-
The only reason to do something like this is it these are public computers. If these are users in an office setting then the problem is management needs to discipline employees.
-
@JaredBusch said in Content filtering with granular settings:
The only reason to do something like this is it these are public computers. If these are users in an office setting then the problem is management needs to discipline employees.
I agree. I think they are going to end up with something like PiHole when they hear the cost of doing what they actually want to do.
-
@dbeato said in Content filtering with granular settings:
@Pete-S said in Content filtering with granular settings:
What's the problem? Just put the workstation groups on different vlans and route their traffic differently. Block either in firewall, http proxy or dns.
Exactly what I am thinking even if it is Squid. @CCWTech what firewall do you have?
Unifi USG
-
@CCWTech said in Content filtering with granular settings:
@dbeato said in Content filtering with granular settings:
@Pete-S said in Content filtering with granular settings:
What's the problem? Just put the workstation groups on different vlans and route their traffic differently. Block either in firewall, http proxy or dns.
Exactly what I am thinking even if it is Squid. @CCWTech what firewall do you have?
Unifi USG
Gotcha, that does not do content filtering.
-
I think the Watchguard firewalls can do this, you can create policies per user or per computer with very granular content filtering (even for https connections)