North American Network Operators Group|
Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical
Re: Network Level Content Blocking (UK) for people who cant be bothered to read the article..
Sean Donelan wrote:
What we have is a box that takes the IWF feed of dodgy sites and resolves the entries to IP addresses. These are then injected into the network with Quagga's bgpd. The network then obviously routes anything to these IP addresses and therefore those websites to the filter box.
(but not a bad idea....)The filter box runs Squid with the URL list from the IWF. Port 80 traffic is directed through squid and anything appearing on the IWF list that is accessed by anybody returns a page telling them to go away. We thought about the error page stuff but what the heck, it's obvious its being filtered anyway so you may as well put some google ads on the page you return (Joke ;-) In fact you could run upside-down-ternet on it, there's no end to the things you could do to screw with people's heads.
Anything on a virtual host whos URL is not explicitly in the IWF list is passed through squid without being touched.
Since only port 80 is passed through the filter then of course there are all manor of things you could do to circumvent the filter and this will of course always be the case as people will use whatever they can to get what they want. After all, all yuo really need to do in order to get all the dodgy material you want is to subscribe to a decent USENET service and get it all from that.
For what it's worth though it works well for what it is and we certainly get a few hits on it.
-- Leigh Porter