As a parent, I'm alway concerned about what my children will have access to on the Internet. As a consultant, I work with many clients that are concerned about what their employees can have access to. I use these steps in both situations to set up a content filtering proxy server. I usualy use a didicated server for this purpose and run it on a VM. I'll then block the ports on the firewall and manually configure proxy settings. I've also been asked a few times to set up a “transparent” proxy. Doing that depends on the firewall software and/or network configuration so I don't explain that in this article.
You could use squid for the proxy server, but I think that most of the time it is too complex for most environments. I also find that I don't need all of the features of squid, such as caching and ACLs. Privoyx is easier to configure and has some privacy and ad blocking capabilities as well.
sudo apt-get -y install privoxy dansguardian
To allow all computers on the local network to use the proxy server:
sudo sed -i 's/listen-address localhost:8118/listen-address 127.0.0.1:8118/g' /etc/privoxy/config sudo sed -i 's/UNCONFIGURED - Please remove this line after configuration//g' /etc/dansguardian/dansguardian.conf sudo sed -i 's/proxyport = 3128/proxyport = 8118/g' /etc/dansguardian/dansguardian.conf sudo sed -i 's/hexdecodecontent = off/hexdecodecontent = on/g' /etc/dansguardian/dansguardian.conf sudo sed -i "s/#contentscanner = '\/etc\/dansguardian\/contentscanners\/clamav.conf'/contentscanner = '\/etc\/dansguardian\/contentscanners\/clamav.conf'/g" /etc/dansguardian/dansguardian.conf
After configuration, I like to completely restart the proxy services to make sure they are using the latest configuration:
sudo service privoxy force-reload sudo service dansguardian start