# Detecting and Blocking Sites

## Crimson Rider

Now to the other end of the spectrum, a few posts ago I asked for a solution on stealthed internet. Using OpenVPN and a few pointers I made that happen. Thank you.

Now, in yet another capacity, that of sysadmin, I need to be able to detect what sites my users are surfing to, and block access to these sites if management deems them inappropiate for work.

All the users use internet via a central Gentoo firewall, I am mostly interested in blocking MSN and maintaining a list of sites visited. I am not interested in who visited what, only in what sites where visited. And of course, I need to somehow maintain a list of blocked sites, and block those sites.

Any tips?

Thanx.

----------

## nx12

Check the squid web-cache. There's plenty of docs on there page.

Also you can configure iptables on your firewall box to dump all the http requests your users do as well as put some rules to block whatever you feel like to block. Google is your best friend here

----------

## think4urs11

1) only allow internet access through a proxy - NO outgoing nat

2a) squid, blocking via acls in the config

2b) squid combined with either squidguard or dansguardian plus a good URL database (ads, porn, violence, whatever)

3) calamaris for the reporting

doesn't stop all your users completely but most of them (tunneling through proxy to an external 'free' proxy etc.)

----------

## Antimatter

 *Think4UrS11 wrote:*   

> 
> 
> doesn't stop all your users completely but most of them (tunneling through proxy to an external 'free' proxy etc.)

 

is it possiable to block tunneling though the proxy to an exterial proxy?

----------

## think4urs11

depends on the knowledge of your users

one way would be to use a white list instead of a black list of sites but that gives a huge adminstrative burden...

----------

## jdmulloy

While dansguardian has a black list it also checks the pages so that if the filter deems it inappropriate even an external proxy won't work.Last edited by jdmulloy on Sun Apr 09, 2006 6:41 pm; edited 1 time in total

----------

## HeXiLeD

A very good way of blocking access to certain sites/ip's/domains is using a hosts file.

Take a look here

----------

