> With squid, you can redirect a web page to a totally different page. I
> did help a company redirect specific "blue web sites" to
> http://www.sexualrecovery.com/ and http://newlifehabits.com/ It was
> kind of twisted, but very funny! :)
> However, squid is a but hard from scratch. I would think
> http://dansguardian.org/ or http://www.untangle.com/ would be an easier
Ha! I love Squid for stuff like this. I hope in the future they drop the
reverse http accelerator functions and leave that to varnish instead, but
I'm not holding my breath.
If you setup squid, you get a nice caching proxy too!
I haven't tried it, but I would venture to guess that squid can also
prevent direct access to IP addresses without a hostname. A potential
configuration might block access to example.com as well as the IP address
that example.com points to, not because of which IP address it is, but
because it is only an IP address.
A combination of (squid|dan's guardian|untangle) + ipfw is the best
solution I can think of setting up without having to invest (waste?) an
inordinate amount of additional work.
Was there a question about where to put the filtering proxy? I'd put it
anywhere on the lan and set it up as a transparent proxy and use ipfw to
route http requests through it. If I had convenient global control of all
the workstations, I would have them access a proxy configuration file or
specifically configure the proxy settings for each workstation.
I prefer keeping configurations like this on the network as opposed to
workstations, but that's not always possible for me.
Lastly,whenever I setup a proxy server, I view its security and access
control configuration of the utmost importance.