Friday, April 20, 2007

Simple whitelist Internet filter

How to limit access to Internet websites so that only specified websites are allowed?

If you have a Linux machine available, you can use squid to setup a whitelist. This is a very effective and easily setup.

Modify squid's /etc/squid.conf as follows:


acl white dstdomain "/etc/squid/whitelist"
http_access deny !white


Create the /etc/squid/whitelist file and add domain names like .pcastl.org one per line.

Setup your router to only allow your Linux box access to the Internet. This is normally done my adding a allow list of MAC addresses. Then configure all other machines on your network to point to the Linux box as there web proxy.

See the following link for detail instructions about setting up the proxy. Note if all you want is a whitelist then you don't need SquidGuard. Also note the config lines in this article are incorrect. Use the ones I show above.

If you want your other machines to be able to access email then use rinetd to redirect some port on the Linux box to your mail server and setup all other machines on the network to point to the Linux box as their mail server. You could alternatively setup iptables rules, but rinetd is much simpler to setup.

6 comments:

Anonymous said...

thank you kevin this information really helped me and i would love for you to continue updating your site with more informational paragraphs

Mike Dargan said...

I'm trying to use the whitelist instructions, but must be doing something wrong. Where in the squid.conf do you place the acl white dstdomain "/etc/squid/whitelist and the http_access deny !whitelist?

Thanks dargan@gmail.com

Heifner said...

Mike - Unfortunately, I don't have access to a linux machine setup like this anymore. Also it appears the article I link to is dead. However, I think this has the equivalent information: http://www.screaming-penguin.com/node/3871

Heifner said...

Also I updated what appeared to be a typo in my original post.

Unknown said...
This comment has been removed by a blog administrator.
Squidblacklist said...

We have recently made our domain whitelist available to the public. It is for general production use, it contains no adult or piracy related sites, so should be
suitable for most networks.

It can be downloaded here

http://www.squidblacklist.org/downloads/whitelist.txt