filtering proxy server

[Bappy]

Hello,

I want to set up a proxy server at home to filter out *dodgy* websites. I found what looks to be a good free product to use :

http://safesquid.com/

but need an O/S to run it on. This 'server' will be little more than an appliance, it only needs to support 1 or 2 clients. The hardware I intend to use is extremely limited, it's an AMD GEODE 300Mhz processor with 256MB SDRAM at 133 MHz. The 'disk' will be a 200x 4GB compact flash card connected to an ATA33 interface which should allow throughput of 30MB/s. reason for using this hardware is power consumption below 12 watts so I can leave it on pretty much permanently without running up a big electricity bill.

I like the look of Tiny Core as it is so light weight, leaving plenty of RAM available to cache the filtering data in memory and I should be able to leave a good 3GB of flash memory available for caching page views.

What are your opinions? Can I achieve this with Tiny Core?

According to the safesquid website any i386 cpu should work ok and 128MB ram is the minimum.

I have successfully used this hardware (well, similar hardware, had a 4.36gb ide hdd not a fast cf card) to run squid through puppy linux but that struggled to filter out didgy websites when there was a large list of websites to block. I think this is because puppy didnt leave enough ram free and the hdd was too slow.

Could someone please look at the software requirements:

http://www.safesquid.com/html/portal.php?page=7

and advise if Tiny Core supports these features? if not any advise or help to get it running would be most appreciated. I'll be looking to write a how-to for this project and will of course add credit to anyone who wishes to assist me.

Thanks,
Ben

[tinypoodle]

I like the look of Tiny Core as it is so light weight, leaving plenty of RAM available to cache the filtering data in memory and I should be able to leave a good 3GB of flash memory available for caching page views.

Not sure if that would be the best of all ideas, depending on limitation of write cycles for specific hardware.

[tinypoodle]

Could someone please look at the software requirements:

http://www.safesquid.com/html/portal.php?page=7

After attempting to do so, finding the site of commercial proprietary software with the purpose of controlling webaccess being totally FUBAR, I can't help the thought of affinity to putting the wolf in charge of guarding the sheep...

 

[danielibarnes]

The hardware I intend to use is extremely limited, it's an AMD GEODE 300Mhz processor with 256MB SDRAM at 133 MHz.

Is that your Neoware Capio 800?

I am suprised that squid is not in the repository. There is a polipo package, which is a "small and fast caching web proxy." Try it out and see if it works for you.

[tinypoodle]

FWIW, polipo can work without disk cache.

[Bappy]

yup thats a neoware capio alright

Reason for looking at safesquid was because it filters out . - thats the main focus on the project, to protect young users from stumbling upon nasties.

write cycles might give an issue in terms of device longevity, but at £10 for a new cf card I dont really care lol

is this polipo thing capable of filtering? the nice thing about a free version of a propriety product is that commercial funding results in regular updates! I can get a nice up to date list of naughty words to make sure the filtering stays abreast (for want of a better expression!) of the stuff thats out there regularly.

thoughts?
cheers,
Ben

[danielibarnes]

Sounds like we need a squid and/or DansGuardian extension. If I didn't have so many extensions queued up already, I'd take a look at it.

[Bappy]

ah yes dansguardian sounds like an awesome idea!

looking at polipo source, it might be possible to squidge the 2 programs together.... would take a lot of fiddling though, I might investigate that possibilty later - poliguard it could be called lol.

As im very new to the whole tiny core system I dont think I could pull off a dansguardian extension just yet

I guess i'd better go post in the extensions request section...

[danielibarnes]

looking at polipo source, it might be possible to squidge the 2 programs together.... would take a lot of fiddling though, I might investigate that possibilty later - poliguard it could be called lol.

According an Arch Linux page on the subject, it seems a simple configuration.

[holiday42]

An alternative approach would be use something lightweight like dnsmasq and only resolve for addresses you want.  Like here: http://www.teknynja.com/2009/06/to-protect-and-surf-dnsmasq-and.html  I use this for my kids' computer... until they figure it out of course

[danielibarnes]

An alternative approach would be use something lightweight like dnsmasq and only resolve for addresses you want.  Like here: http://www.teknynja.com/2009/06/to-protect-and-surf-dnsmasq-and.html  I use this for my kids' computer... until they figure it out of course

A whitelist like this is a good idea. Much easier to maintain than a blacklist.

[gutmensch]

I like the p.graphic image filter at http://www.safesquid.com/html/portal.php?page=98. It seems to prevent users from getting a real disturbing experience and it looks to me like some kind of magic, how it recognizes p.graphic stuff

But honestly: safesquid seems to be a company selling some squid mod. If you find that intriguing, you should maybe try their products and ask your support questions there as well. Otherwise (if you know how to do it), you can simply install a debian linux, run "aptitude install squid3" and you have a running proxy for your office, it doesn't only sound that easy - it really is. And what do you mean with "measures"?

Would be good to have squid in our repo, I'll have a look...