« Contrôle Parental » : différence entre les versions
Ligne 26 : | Ligne 26 : | ||
http://wiki.squid-cache.org/ConfigExamples/Intercept/AtSource | http://wiki.squid-cache.org/ConfigExamples/Intercept/AtSource | ||
Editer /etc/squid3/squid.conf | |||
Editer /etc/squid3/squid.conf avec les trois lignes suivantes | |||
acl localnet src 192.168.0.0/24 | |||
http_access allow localnet | |||
http_port 3129 intercept | http_port 3129 intercept | ||
Ce qui donne le fichier de conf suivant: | |||
acl localnet src 192.168.0.0/24 | |||
acl SSL_ports port 443 | |||
acl Safe_ports port 80 # http | |||
acl Safe_ports port 21 # ftp | |||
acl Safe_ports port 443 # https | |||
acl Safe_ports port 70 # gopher | |||
acl Safe_ports port 210 # wais | |||
acl Safe_ports port 1025-65535 # unregistered ports | |||
acl Safe_ports port 280 # http-mgmt | |||
acl Safe_ports port 488 # gss-http | |||
acl Safe_ports port 591 # filemaker | |||
acl Safe_ports port 777 # multiling http | |||
acl CONNECT method CONNECT | |||
http_access deny !Safe_ports | |||
http_access deny CONNECT !SSL_ports | |||
http_access allow localhost manager | |||
http_access deny manager | |||
http_access deny to_localhost | |||
http_access allow localhost | |||
http_access allow localnet | |||
http_access deny all | |||
http_port 3129 intercept | |||
coredump_dir /var/spool/squid3 | |||
refresh_pattern ^ftp: 1440 20% 10080 | |||
refresh_pattern ^gopher: 1440 0% 1440 | |||
refresh_pattern -i (/cgi-bin/|\?) 0 0% 0 | |||
refresh_pattern (Release|Packages(.gz)*)$ 0 20% 2880 | |||
refresh_pattern . 0 20% 4320 | |||
Version du 13 février 2016 à 11:57
http://doc.ubuntu-fr.org/tutoriel/comment_mettre_en_place_un_controle_parental
OpenDNS
Familyshield
Les serveurs DNS
208.67.222.123 208.67.220.123
Le plus simple est de les configurer sur la box familiale.
Squid
installation
https://doc.ubuntu-fr.org/squid
#sudo apt-get install squid #sudo service squid3 start
rendre squid transparent (et obligatoire)
http://wiki.squid-cache.org/ConfigExamples/Intercept/AtSource
Editer /etc/squid3/squid.conf avec les trois lignes suivantes
acl localnet src 192.168.0.0/24 http_access allow localnet http_port 3129 intercept
Ce qui donne le fichier de conf suivant:
acl localnet src 192.168.0.0/24 acl SSL_ports port 443
acl Safe_ports port 80 # http acl Safe_ports port 21 # ftp acl Safe_ports port 443 # https acl Safe_ports port 70 # gopher acl Safe_ports port 210 # wais acl Safe_ports port 1025-65535 # unregistered ports acl Safe_ports port 280 # http-mgmt acl Safe_ports port 488 # gss-http acl Safe_ports port 591 # filemaker acl Safe_ports port 777 # multiling http acl CONNECT method CONNECT
http_access deny !Safe_ports http_access deny CONNECT !SSL_ports http_access allow localhost manager http_access deny manager http_access deny to_localhost http_access allow localhost http_access allow localnet
http_access deny all
http_port 3129 intercept
coredump_dir /var/spool/squid3
refresh_pattern ^ftp: 1440 20% 10080 refresh_pattern ^gopher: 1440 0% 1440 refresh_pattern -i (/cgi-bin/|\?) 0 0% 0 refresh_pattern (Release|Packages(.gz)*)$ 0 20% 2880 refresh_pattern . 0 20% 4320
Relancer squid
#sudo squid3 -k reconfigure
Configurer le firewall pour laisser passer les requêtes de squid vers le port 80 et rediriger les autres
#sudo iptables -t nat -A OUTPUT --match owner --uid-owner proxy -p tcp --dport 80 -j ACCEPT #sudo iptables -t nat -A OUTPUT -p tcp --dport 80 -j REDIRECT --to-ports 3129