Blocking iPlayer
in [UK Linux]
|
From: Chris Davies on 10 Nov 2009 18:48 Geoffrey Clements <geoffrey.clementsNO(a)spambaesystems.com> wrote: > I remember looking into this a few years back and the combination of squid > and dansguardian looked promising. Yes, it would work. > However I was > never sure how I would stop squid from being redirected to itself. It gets rather complicated if you have the browser on the same machine as squid. The ideal situation is that your browser on a PC (somewhere) is required to use a web proxy on your bastion server. The bastion trusts itself but blocks all 80/443 traffic from any other device. > The other problem is that *I* don't want to use the proxy and AFAIK > there's no way to identify users in iptables. If you're running the browser on the bastion box itself, there's --uid-owner and --gid-owner, but I have a feeling they are deprecated. Otherwise, could you configure your instance of the browser to use (say) port 63128 but for everyone else's to use 3128? Security through obscurity, as they say. Alternatively, configure squid to require authentication (I speak from bitter experience when I say this is horrible). > Setting up the browsers to use a proxy always seemed like a non-starter as > it's easily defeated. Not if it's the only way off the network. Just don't forget to block TOR and similar beasties. Chris
From: Mike Civil on 10 Nov 2009 18:36 In article <sO6dnfWOSri-F2XXnZ2dnUVZ8uWdnZ2d(a)brightview.com>, Simon J. Rowe <srowe(a)mose.org.uk> wrote: >Anyone got a suggestion how I can limit access? 1. Set them up with separate user a/cs and change their browser config file(s) so they can't change them. Point their browsers at a squid proxy setup somewhere and use something simple like squirm to redirect undesirable URLs to a page of your own making. Eg for iplayer :- regexi ^http://www\.bbc\.co\.uk/iplayer/.* http://localserver/DontMessWivDad.html and/or 2. Use a bit of parental discipline backed up with a metal edged ruler. They'll soon get the message.
From: Ivor Jones on 10 Nov 2009 19:30 On 10/11/09 23:36, Mike Civil wrote: > In article<sO6dnfWOSri-F2XXnZ2dnUVZ8uWdnZ2d(a)brightview.com>, > Simon J. Rowe<srowe(a)mose.org.uk> wrote: >> Anyone got a suggestion how I can limit access? > > 1. Set them up with separate user a/cs and change their browser config > file(s) so they can't change them. Point their browsers at a squid proxy > setup somewhere and use something simple like squirm to redirect > undesirable URLs to a page of your own making. Eg for iplayer :- > regexi ^http://www\.bbc\.co\.uk/iplayer/.* http://localserver/DontMessWivDad.html > > and/or > > 2. Use a bit of parental discipline backed up with a metal edged ruler. > > They'll soon get the message. Then you end up in court on an assault charge. Ivor
From: charlie on 11 Nov 2009 07:55 On Mon, 09 Nov 2009 21:31:54 +0000, "Simon J. Rowe" <srowe(a)mose.org.uk> wrote: >My darling children are very good at burning my 20Gb bandwidth limit in a >week. I've dealt with youtube by redirecting youtube.com in my DNS cache but >iPlayer is proving more difficult. > >Anyone got a suggestion how I can limit access? > Simon > Bend them over and give them a damned good spanking every time they access it.
From: Chris on 11 Nov 2009 09:06
Simon J. Rowe wrote: > Chris wrote: > >> My children are still a bit young, but in preparation I've done a >> little background reading. From what I've seen, things like squid >> and/or dansguardian should be able to do what you want. >> http://www.squid-cache.org/ >> http://dansguardian.org/ > > I had considered installing squid and catching it that way. > DansGuardian seems to be some sort of frontend but all the links to > documentation I try 404. Looks like the wiki is a better option: http://wiki.contribs.org/Dansguardian -- The email address is a spam trap. I rarely use it. |