Web Filtering Primer. Caveat Right Up Front: GPLS is offering a primer here. The following will describe what filtering is, how it works and some suggested products. This is by no means a complete list. There are many many approaches to filtering, depending on what you want to accomplish.
Spectrum of Filtering: Baseline CIPA compliant———- Cadillac filtering of anything you don’t want. The best way to describe filtering is to say that in order to filter content from the internet there must be a proxy device in line (often an appliance placed at the “edge” of a building’s LAN).Wikipedia has a good entry on proxy servers. Basic filters just block connection attempts to websites that fall into blocked categories (URL filtering). More advanced network security devices or software will additionally attempt to block other types of traffic (example: hacking attempts, torrents/p2p, games).
So It Looks Like This: Internet ——- Filter ——- Local Network
See the document: CIPA requirements for web filtering. Devices often employ categorized lists of web sites: users pay to subscribe to these lists from which they choose which categories to block according to local policy. Public blacklist databases are also available for open source platforms, often at no charge to non-profits There are many devices out there that can be made compliant depending on how they are configured, but there really are no devices that are compliant “right out of the box”. In order to be CIPA compliant, every device will require some setup. Some devices we have tried or heard good things about:
- Sonicwall – several systems already using this
- pfSense – open source firewall
- squidGuard – open source URL redirector (package available in pfSense – see screencast below)
- Dans Guardian
- Smoothwall Express – a DIY opensource firewall, analogous to pfSense
Keep in mind that you should, per CIPA, provide for a method to temporarily disable filtering on request by adults. Reminder: Look at your existing firewalls to see if web filtering plugins are already available!
Screencast on using the squidGuard web filtering package on a pfSense firewall (recommend viewing full-screen):