Easily implement Internet filtering under Linux

At present, many schools have built campus networks and connected to the Internet, but there are so many bad information on the Internet. How to filter websites to prevent unhealthy websites from affecting students? The following is based on the principle of zero cost and high efficiency, and talk about how to implement the Internet filtering function under free Linux.

Setting up a proxy server

The campus network accesses the Internet through Linux, and uses Squid to set up a proxy server on the gateway.

First of all, you need to install Linux. I use RedHat Linux 7.2 which is easy to install and use. When installing RedHat Linux 7.2, Squid has been installed at the same time, we can use it with a simple configuration.

After RedHat Linux 7.2 is installed, Apache is not running by default. Therefore, Squid should be enabled first to ensure that the Squid proxy server works properly. Modify the /etc/squid/squid.conf configuration file.

http_port 3128 (Define the port that Squid listens for HTTP client requests)

cache_mem 10 MB (The ideal memory value that Squid can use, usually 1/3 of physical memory)

cache_swap_low 95

cache_swap_low 90

maximum_object_size 4096 KB (objects larger than this value will not be stored)

cache_dir ufs /var/spool/squid/cache 200 16 256 (Specify the size of the swap space used by Squid to store objects and its directory structure)

acl all src 192.168.1.1/24 (Define All is 192.168.1.1)

http_acceaa allow all (The client on the network segment of 192.168.1.1 can use the Squid proxy to access the Internet)

cache_effective_user squid (user and user group used)

cache_effective_group squid (the rest of the parameters can be used by default)

[root@squid bin]# chmod 777 /var/spool/squid/cache (make the /var/spool/squid/cache directory a Noboay user with write access)

[root@squid Bin]# squid -z (manually create Squid's cache directory /var/spool/squid/cache)

[root@sq Uid bin]# /etc/rc.d/init.d/squid start (start Squid, stop Squid with /etc/rc.d/init.d/squid stop)

Test on the client, Take Windows as an example. Run IE, click "Tools", then click "Internet Options", then click "Connection" tab, click "LAN Settings"; in the "LAN Settings" window, fill in the "Address" at the Squid server IP address: 192.168.1.16, fill in "3128" at the "port", and then exit after confirming. At this point, the client should be able to browse the Internet, indicating that Squid is running normally.

Configuration of Filtering Function

The next step is to configure the website filtering function. There are two ways to configure it.

Method 1

Please download the RPM version of SquidGuard-1.2.0-3.i386.rpm from ftp://k12linux.mesd.k12.or.us/pub/squidguard/.

#rpm -ivh squidguard-1.2.0-3.i386.rpm

(Data directory Dbhome:/var/squidguard/blacklists after installation; Logdir: /var/log/Squidguard)

Modify the relevant configuration line in the /etc/squid/squid.conf file as prompted:

redirect_program /usr/sbin/squidgua-

rd -c /Etc/squid/squidguard.conf

redirect_child 5

Restart Squid, look at /var/log/squidguard/squidguard.log, see the last line: 2002-06-23 16:13:18 [2237] Squidguard ready for requests indicates that Squidguard is up and running.

Method 2

Please download the TAR version of SquidGuard.tar.gz from squidguard.mesd.k12.or.us/squidguard.tar.gz and save it in the root directory.

#cd /(Enter the root directory)

#tar vzxf squidguard.tar.gz

(Unzip the file to /usr/local/squidguard, the data directory Dbhome :/usr/local/squidguard/db;Log directory Logdir:/usr/local/squidguard/log)

Modify the /etc/squid/squidguard.conf configuration file:

redirect_program: /Usr/local/bin/squidguard -c /etc/squid/squidguard.conf

Restart Squid and check /usr/local/squid guard/log/squidguard.log to make sure SquidGuard is up and running.

Try browsing some websites that want to be filtered. If you can be redirected to the specified page, the filtering function is working.

Increase or decrease data when using the TAR version of SquidGuard. Go to the data directory: /usr/local/squidguard/db in the Porn folder, create a new Domains.diff file, the content format is (plus sign "+" means increase, minus "-" means remove):

+newsite1 (add newsite1 to the filter list, can't access)

+newsite2(Add newsite2 to the filter list, can't access)

-site3(Remove site3 from the filter list, you can Normal access)

-site4 (remove site4 from the filter list, it can be accessed normally)

Then execute: #/usr/local/bin/squidguard -c /etc/squid/squidguard. Conf -u

View the SquidGuard.log file, if any:

db update done

squidguard stopped(102233.823)

Indicates that the data update was successful! Then restart Squid.

Advantages of this method

The advantage of this method is that it is easy to configure and has low hardware requirements. Generally, 486 and 586 are fully qualified, and the proxy server can work for a long time. And all the software is free, the filter list is updated quickly, just go to www.squidGuard.org to download the latest version of the filter list database to replace the old one, you can also manually increase or decrease the filter list.

Squid can also set the time period for online access; you can check the logs regularly to find out the bad tendencies of students online.