Content filtering with granular settings
-
@dafyre said in Content filtering with granular settings:
Squid
facebook is just an example. They would want all weapons sites blocked, all social network sites blocked, etc... Can you imagine the size of the host file?
-
@CCWTech said in Content filtering with granular settings:
@dafyre said in Content filtering with granular settings:
Squid
facebook is just an example. They would want all weapons sites blocked, all social network sites blocked, etc... Can you imagine the size of the host file?
Well everything else is going to affect the entire site. . .so
-
@DustinB3403 said in Content filtering with granular settings:
@CCWTech said in Content filtering with granular settings:
@dafyre said in Content filtering with granular settings:
Squid
facebook is just an example. They would want all weapons sites blocked, all social network sites blocked, etc... Can you imagine the size of the host file?
Well everything else is going to affect the entire site. . .so
Unless it's agent based.
-
Why the dumb request to block this content from just 1 workstation?
-
@DustinB3403 said in Content filtering with granular settings:
Why the dumb request to block this content from just 1 workstation?
Not 1 workstation.
40+ workstations, some workstations would be locked down more than others.
My initial post was worded poorly.
-
@CCWTech said in Content filtering with granular settings:
@DustinB3403 said in Content filtering with granular settings:
Why the dumb request to block this content from just 1 workstation?
Not 1 workstation.
40+ workstations, some workstations would be locked down more than others.
Arbitrary requirements are arbitrary.
-
@DustinB3403 said in Content filtering with granular settings:
@CCWTech said in Content filtering with granular settings:
@DustinB3403 said in Content filtering with granular settings:
Why the dumb request to block this content from just 1 workstation?
Not 1 workstation.
40+ workstations, some workstations would be locked down more than others.
Arbitrary requirements are arbitrary.
Not arbitrary in any way.
One group of workstations may be locking down social media sites, other groups may allow them.
This may be cost prohibitive for the client but that's what they want. The ability to assign different groups of computers to different settings.
-
@CCWTech said in Content filtering with granular settings:
@DustinB3403 said in Content filtering with granular settings:
@CCWTech said in Content filtering with granular settings:
@DustinB3403 said in Content filtering with granular settings:
Why the dumb request to block this content from just 1 workstation?
Not 1 workstation.
40+ workstations, some workstations would be locked down more than others.
Arbitrary requirements are arbitrary.
Not arbitrary in any way.
One group of workstations may be locking down social media sites, other groups may allow them.
This may be cost prohibitive for the client but that's what they want. The ability to assign different groups of computers to different settings.
Again, that can be done using a Squid Proxy or some other proxy server.
-
What's the problem? Just put the workstation groups on different vlans and route their traffic differently. Block either in firewall, http proxy or dns.
-
You could try cisco umbrella (previously opendns) https://umbrella.cisco.com/products/packages or mimecast web security https://www.mimecast.com/products/web-security/
I've previously used untangle and clearos for these as well
-
Nxfilter is a decent and inexpensive option. You can be granular by IP address or by username. All filtering is done using dns.
-
@Pete-S said in Content filtering with granular settings:
What's the problem? Just put the workstation groups on different vlans and route their traffic differently. Block either in firewall, http proxy or dns.
Exactly what I am thinking even if it is Squid. @CCWTech what firewall do you have?
-
pfSense with squid and squidguard packages worked well when I last used it.
-
The only reason to do something like this is it these are public computers. If these are users in an office setting then the problem is management needs to discipline employees.
-
@JaredBusch said in Content filtering with granular settings:
The only reason to do something like this is it these are public computers. If these are users in an office setting then the problem is management needs to discipline employees.
I agree. I think they are going to end up with something like PiHole when they hear the cost of doing what they actually want to do.
-
@dbeato said in Content filtering with granular settings:
@Pete-S said in Content filtering with granular settings:
What's the problem? Just put the workstation groups on different vlans and route their traffic differently. Block either in firewall, http proxy or dns.
Exactly what I am thinking even if it is Squid. @CCWTech what firewall do you have?
Unifi USG
-
@CCWTech said in Content filtering with granular settings:
@dbeato said in Content filtering with granular settings:
@Pete-S said in Content filtering with granular settings:
What's the problem? Just put the workstation groups on different vlans and route their traffic differently. Block either in firewall, http proxy or dns.
Exactly what I am thinking even if it is Squid. @CCWTech what firewall do you have?
Unifi USG
Gotcha, that does not do content filtering.
-
I think the Watchguard firewalls can do this, you can create policies per user or per computer with very granular content filtering (even for https connections)
-
@davide-bonavita said in Content filtering with granular settings:
I think the Watchguard firewalls can do this, you can create policies per user or per computer with very granular content filtering (even for https connections)
Watchguard purchased Strongarm.io (a competitor to Cisco Umbrella) to get this functionality.
-
@davide-bonavita said in Content filtering with granular settings:
I think the Watchguard firewalls can do this, you can create policies per user or per computer with very granular content filtering (even for https connections)
They do, but content filtering requires an additional yearly subscription to use it.
