Add Web Porn Filtering and Other Content Filtering to Linux Desktops

 in
How to set up the DansGuardian content filter with the lightweight Tinyproxy.

Microsoft users continue to adopt the Linux operating system and naturally expect to find content filters like the ones they used with Windows XP. Often, new Linux converts experiment on their standalone personal computers at home. Because many people object to some information and images readily found on the Internet, a content filtering system is top priority—especially because parents often share computers with kids, and constant adult supervision is not always possible.

Using DansGuardian with Tinyproxy is one way parents can supervise Internet content when they are away from the family computer. A versatile content filter, DansGuardian is open-source software for use in a noncommercial setting. If you want to use DansGuardian in a commercial setting, you can buy a license or buy SmoothGuardian. Working with DansGuardian is Tinyproxy, a small open-source program that understands and evaluates the information passing through the computer. Together they provide administrative controls to block objectionable content from the Internet.

Content Filtering at 5,000 Feet

DansGuardian is a collection of pass-through filters used to stop Internet Web pages with words, phrases and pictures you don't like or want others to see. The filters within DansGuardian act as an intermediary program between a client browser, like Firefox, and the Internet. Firefox makes the information request to DansGuardian. Then, DansGuardian passes the information to Tinyproxy, which communicates with the Internet.

Information coming back from the Internet passes through Tinyproxy and DansGuardian before it gets to the client browser. Only approved information gets through the filter and appears in the browser window. DansGuardian blocks restricted Web pages and replaces the unwanted content with an “access denied” security screen displayed in the browser window.

This has not been a high-level description of the filtering procedure. In fact, the way Tinyproxy and DansGuardian work together is complex and interesting. If you want to explore how this works, check out the DansGuardian “Flow of Events” page (see the on-line Resources). Here, you can find a more thorough discussion of filtering and how data passes between each program and the Internet.

What's important to know is you can define many words, phrases and specific locations you want DansGuardian to block. In addition to Web pages with text, DansGuardian also can filter pictures and prevent the downloading of certain files. This combination of filtering is superior to other methods that block access only to a list of banned sites.

With more than 20 different configuration files, setup of DansGuardian can appear complicated to new Linux users. However, the configuration files contain clear instructions on how to edit them for your needs. In my tests, I didn't need to make a lot of changes, because the default filtering arrangement is almost ideal for family use.

Installation

First, you need to install and configure DansGuardian and Tinyproxy. Second, it's important to adjust your desktop settings to prevent users from easily turning off content filtering.

Before installing, look through the package repository of your distribution to make sure it includes DansGuardian and Tinyproxy. The most simple way to install the programs is with a GUI package manager like Novel SUSE's YaST or Synaptic. For Debian, root users enter apt-get install dansguardian tinyproxy.

If you don't have these applications in your package repository, you can download DansGuardian and Tinyproxy from their respective Web pages (see Resources). After downloading, you will find generic installation instructions in the file named INSTALL.

Configuring DansGuardian and Tinyproxy

The next task is to customize configuration files for both Tinyproxy and DansGuardian. I use Ubuntu Dapper Drake for testing purposes, and so the directory and file illustrations are likely specific to this distribution. Other distributions organize files in a similar way; you just may need to look a little more to find the installation directory. For customizing features, the only tool necessary is a simple text editor, such as GNOME's gedit.

Using your text editor, as root user, open /etc/dansguardian/dansguardian.conf. Review the file and change filterport, proxyip and proxyport to match that shown below. Depending on your distribution, it also may be necessary to comment out the line starting with UNCONFIGURED:

# the port that DansGuardian listens to.
filterport = 8080

# the ip of the proxy—default is the loopback (this server)
proxyip = 127.0.0.1

# the port DansGuardian connects to proxy on
proxyport = 3128

DansGuardian generally connects to port 3128 by default, because that is the port used by the popular proxy called Squid. We can change this to the default port used by Tinyproxy (8888), or we can change the Tinyproxy port. In this case, we do the latter and change the port Tinyproxy uses to match the default Squid port.

For Tinyproxy, edit the file /etc/tinyproxy/tinyproxy.conf as root user. Look through this file, and make sure to change User, Group, Port and ViaProxyName, if necessary. The important thing to change is the port that Tinyproxy will use to match the DansGuardian connect port, which is 3128:

# Port to listen on.
#
Port 3128

Once you've finished with these changes, issue the command tinyproxy in your terminal, or if Ubuntu-based, type sudo /etc/init.d/tinyproxy start. This starts the proxy, and you're now ready to finish off the installation by adjusting your browser preferences. If you want to learn more, look at the DansGuardian documentation links (see Resources) for a description of this process.

______________________

Comments

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.

what is i'm looking :)

MASOKIS's picture

wow..i din't know linux can do this.. nice:)

P-0-R-N

Anonymous's picture

I just wanted to say p-0-r-n.

I've followed the

felixvah's picture

I've followed the instruction as mention above, but I did come a cross a problem. Can someone point me to the right direction. After install danguardians tinyproxy and follow as in mention, but when I get to the point open firefox click on edit - > preference - > General tab→Connection Settings which I did not find the General Tab on my browser. did I do something wrong?

Ohh thats nice

Stalin's picture

may be if i will add this my workers won't browse to sites like http://www.kinkyfox.com and similar review sites, and start working.
i should also close the facebook access for them, it's annoying to see a log full of social network instead of work websites

I believe we have a similar

Jamie Aston's picture

I believe we have a similar situation at my workplace and works fine so far.
Cheers
Jamie

Just what I needed

djmadkins's picture

Excellent article, I just did this on my home ubuntu system which my 13 year old daughter uses for surfing the internet and it works like a charm.

Using the work PORN in comments.

Keith Daniels's picture

If you use the word porn in any of your comments the spam filter will reject it. If I don't keep the filter up we will get swamped by pornographic spam from spammers who noticed we were talking about porn on the site.

If you have to use porn in your comment -- use p o r n, p-o-r-n, p.o.r.n or some variant like that.

Webmaster

"I have always wished that my computer would be as easy to use as my telephone.
My wish has come true. I no longer know how to use my telephone."
-- Bjarne Stroustrup

Webinar
One Click, Universal Protection: Implementing Centralized Security Policies on Linux Systems

As Linux continues to play an ever increasing role in corporate data centers and institutions, ensuring the integrity and protection of these systems must be a priority. With 60% of the world's websites and an increasing share of organization's mission-critical workloads running on Linux, failing to stop malware and other advanced threats on Linux can increasingly impact an organization's reputation and bottom line.

Learn More

Sponsored by Bit9

Webinar
Linux Backup and Recovery Webinar

Most companies incorporate backup procedures for critical data, which can be restored quickly if a loss occurs. However, fewer companies are prepared for catastrophic system failures, in which they lose all data, the entire operating system, applications, settings, patches and more, reducing their system(s) to “bare metal.” After all, before data can be restored to a system, there must be a system to restore it to.

In this one hour webinar, learn how to enhance your existing backup strategies for better disaster recovery preparedness using Storix System Backup Administrator (SBAdmin), a highly flexible bare-metal recovery solution for UNIX and Linux systems.

Learn More

Sponsored by Storix