|
||||||||||
> With squid, you can redirect a web page to a totally different page. I > did help a company redirect specific "blue web sites" to > http://www.sexualrecovery.com/ and http://newlifehabits.com/ It was > kind of twisted, but very funny! :) > > However, squid is a but hard from scratch. I would think > http://dansguardian.org/ or http://www.untangle.com/ would be an easier > setup. Ha! I love Squid for stuff like this. I hope in the future they drop the reverse http accelerator functions and leave that to varnish instead, but I'm not holding my breath. If you setup squid, you get a nice caching proxy too! I haven't tried it, but I would venture to guess that squid can also prevent direct access to IP addresses without a hostname. A potential configuration might block access to example.com as well as the IP address that example.com points to, not because of which IP address it is, but because it is only an IP address. A combination of (squid|dan's guardian|untangle) + ipfw is the best solution I can think of setting up without having to invest (waste?) an inordinate amount of additional work. Was there a question about where to put the filtering proxy? I'd put it anywhere on the lan and set it up as a transparent proxy and use ipfw to route http requests through it. If I had convenient global control of all the workstations, I would have them access a proxy configuration file or specifically configure the proxy settings for each workstation. I prefer keeping configurations like this on the network as opposed to workstations, but that's not always possible for me. Lastly,whenever I setup a proxy server, I view its security and access control configuration of the utmost importance. - Albert -- http://www.docunext.com/ |