It won't help more than /etc/hosts entries, but I've found using OpenDNS with a free account and a script / client to keep the IP in sync to be very effective. DNS redirects can be applied categorically or with a per domain blacklist. The metrics and charts are interesting too, on a nicely basis or to check on what's slipping through the filters. --Pete On Jan 5, 2012 7:47 AM, "Marko Vojinovic" <vvmarko@xxxxxxxxx> wrote: > On Thursday 05 January 2012 01:39:49 Ljubomir Ljubojevic wrote: > > On 01/05/2012 12:58 AM, Marko Vojinovic wrote: > > > I am looking at the simplest (implementation-wise) solution to the > > > following problem (on CentOS 6.2): > > > > > > I have a list of web addresses (like http://www.example.com, > > > https://1.2.3.4/, etc.) that should be "forbidden" to access from a > > > particular host. On access attempt, the browser should be redirected to > > > a local web page (file on the hard disk) with the explanation that > > > those addresses are forbidden. The possible ways of disallowed access > > > include: > > > > > > * typing www.example.com or http://1.2.3.4/ in the browser > > > * typing www.example.com/anyfolder/somefile.html in the browser > > > * clicking on www.example.com when listed as a link on some other web > > > site (say, Google search results) > > > * nothing else. > > > > > > The last point above assumes that the users will never try any other > > > method of accessing the site. These user's knowledge about computers in > > > general is known to be elementary, so I don't need protection against > > > geniouses who can figure out some obscure way to circumvent the > > > lockdown (and please don't tell me that this is an irrational > > > assumption, I know it is...). > > > > > > If possible, all this should be on a "per user" basis, but if > > > implementing it system-wide would be much simpler, I could live with > > > it. :-) > > > > > > The point is that I need a simple, easy-to-implement, easy-to-configure > > > and easy-to-maintain solution for this particular usecase. What I don't > > > need is some over-engineered solution that covers my usecase along with > > > a whole bunch of stuff I will never need, and takes two months to > > > configure properly. It should also be F/OSS, preferably included in > > > CentOS repos or elsewhere. > > > > > > Or alternatively I could go along with manually setting up a bogus > > > httpd/dns/iptables configuration which would do all this, but I have a > > > feeling that it would not be the easiest thing to maintain... > > > > > > I'd appreciate any suggestions. :-) > > > > There is squidguard in RepoForge repository. It's a plugin for squid. > > There is also dansguardian. > > I'll take a look at both of these, thanks! :-) > > > If you use separate firewall box, you can use ClearOS, it has > > dansguardian set up. > > No, the machine is already installed with CentOS. Furthermore, I am > supposed > to set up all this remotely (via ssh), since I don't have physical access > to > the box itself... > > Best, :-) > Marko > > > > > > > _______________________________________________ > CentOS mailing list > CentOS@xxxxxxxxxx > http://lists.centos.org/mailman/listinfo/centos > _______________________________________________ CentOS mailing list CentOS@xxxxxxxxxx http://lists.centos.org/mailman/listinfo/centos