[Lias] Content filtering: how we do it.

[John]

It's not exactly _content_ filtering, we block sites and parts of sites 
which we think objectionable.

Last year, someone bragged to me that they could get through our 
firewall. I was a bit skeptical, assumed the student was trying to get 
some reaction from me. They do that. I rarely bite.

However, I found it to be true.

We're using squid and squidguard and shorewall on Debian, and some 
trickery of our own.


Now we have a new list, if any computer infringes on that list, they get 
a response and their internet gets cut off. Hits on proxy lists also get 
the user cut off.

On the first day, four computers got cut off. Since then, there's not 
been more than two in a day.

We also front-end google, so we can force safe-search and apply a test 
of our own. It's pretty simple at the moment, I will sharpen it as 
needed. I egrep for a match on this:
'unblock|unlock|unlocker|unblocker|porn|mar.*na|coke'

The worst offence is seeking an external proxy. We also have a regex 
list for squidguard:
16:20:15 root at mail.office.lan /var/lib/squidguard/db/coco # cat killexpr
(school|work|web|myspace|youtube|facebook|twitter).*(unblock|unlock)
(unlock|unblock).*(school|work|web|myspace|youtube|facebook|twitter)
proxy
\bbebo\b

bebo is flavour of the month here. We don't like myspace, facebook, 
youtube and the like either.

Cutting the internet off is a key part, it makes it _much_ harder to 
test new ideas.

Normally, the Internet is blocked most of the day. It comes on at a 
regular time, and teachers can enable it at any time. Enabling the 
internet also unblocks any blocked computers.

The new plan has held up pretty well so far. There have been some 
incidental blockings - addthis.com for example, but I've not found a 
reason to allow that.

Ours is a small school. I imagine larger schools, if they wanted to 
adopt the plan, might want to tie it into group policy.

If there's any interest, I could publish the materials someplace.