Content filter for a hotspot?

[pyromaster114]

Okay so my friend owns a coffee shop. She has attracted many customers by offering free wifi in her shop.

Lately though, as usual, someone had to go and ruin it for everyone else, and start using that as their porn surfing location... so now my friend wants to implement some sort of content filter box so that she doesn't have to deal with people doing that.

So does anyone have any experience with this type of thing?
Could anyone recommend anything?

We're also interested in adding a Terms of Service page that you have to click 'I Agree' on before surfing.

Currently the only equipment in use is the cable modem and the aging Linksys wireless router... so I assume we're going to need some more equipment.

EDIT: Some people on my other favorite tech site have recommended that I look into something called OpenDNS... does anyone know anything about it?

 

[DelJo63]

OpenDNS is a controlled DNS so that junk doesn't get in and redirections are not possible.

Trivial to implement.

1) you need the login/password for your router
2) access the router address using your browser & login
3) set the OpenDNS addresses into the DNS settings

208.67.222.222 AND
208.67.220.220​

4) save the settings which will restart the router​

after that, every system will use the OpenDNS addresses when then connect to that router.

From any system connected, you can prove this is working with run->cmd and enter

ipconfig /all​

you will see

DNS Servers . . . . . . . . . . . : 208.67.222.222​

will follow-up on the porn issue ...

 

[DelJo63]

Content Filtering

depending upon the Linksys model, you can FILTER URLS

login with user/password for that router

set Keyword Fliters; eg:

porn
xxx
.....​

which will deny access to any URL containing the fragment pron or xxx
of course you can add several other phrases, but limit to word fragments not whole words
eg porn and not pornography

 

[DelJo63]

We're also interested in adding a Terms of Service page that you have to click 'I Agree' on before surfing

Yea, that requires a server on the back end

Hotels frequently use that technique

wifi ==> connection ==> forward everything t0 ==>server
<===== terms of service display
======>accept conditions
<===== reset forward condition
wifi ====> next input ===> to router & not the server

 

[DelJo63]

Cafe control

here's and example of the software

 

[pyromaster114]

Thanks for your help.

Since I won't be able to convince them to have a server to do the "I Agree" thing... we'll scrap that idea for now, but the openDNS thing seems to be something that would work for the content filter aspect... so hopefully that will solve the main problem... and she can simply post a sign in the shop if she wants to post a terms of service thing. (A sheet of paper is so much cheaper than a computer. lol)

 

[DelJo63]

I was going to suggest that path :wave:
After all, it can't be enforced either :sigh: and it gets expensive

btw: PLEASE PLEASE PLEASE, change the login password
unless you would like someone like me to visit the site and take control of the router
(naaa, I would not but there those that would just love to!).

Make the password complex (Upper, Lower, numbers & '#&*_+=' chars)
but also related to the site

eg:
#BusinessNameNNN-MMM*
where NNN is the street Address
& MMM is the suite number

easy to document and/or remember

 

[pyromaster114]

I will instruct her to change the password, and if at all possible, enforce that she does it. (She goes "oh no one will mess with it..." but I'll point out she said "Oh no one will look at porn..." and look where we are now)

 

[DelJo63]

btw: OpenDNS only ensures that the DNS does not get highjacked.

Placing four-letter keywords into the router KeyWord Filtering is how to stop the porn.

 

[pyromaster114]

OpenDNS also offers a service for content filtering now if you enable it.
It only requires that you have a static IP, which the shop does oddly enough.

 

[DelJo63]

Superb :wave:

If at all possible, go onsite and help out.

PS: see PM for keyword filtering ...

 

[pyromaster114]

Having a problem... the linksys router is not letting me block keywords... or website URLs for that matter.
It's just letting them through. I have the access restriction policy enabled and everything. I even set the range of IPs in there to everyone (all IPs that are possible on the class C network lol)

It just doesn't want to work.

 

[DelJo63]

hmm; get me the model number of the Linsys please; it should be there - - do you see the page for keyword restrictions?

 

[pyromaster114]

Okay I figured out what was wrong.

URLS must be entered www.site.com. Not http://www.site.com
Keywords must have NO punctuation in them and be only one word per box

Also, it doesn't let me restrict a certain section of a site. I really would like to have that capability. (example: www.site.com/section1/ should be allowed, and www.site.com/section2/ could be blocked.)

Now, if I enter that, it doesn't block any part of the site. Just lets it through.
OpenDNS only blocks domains, so again it can't help with that.

 

[DelJo63]

imo; stick with keyword blocking and don't use the OpenNDS feature:

• porn sites move domain name frequently
• too many to be effectively controlled anyhow
• blocking a keyword is more generic (ie can be anywhere in the URL)
• doesn't care about the domain name(s)
• few KWs then manage many possible urls

 

[pyromaster114]

The OpenDNS feature is working marvalously actually for our purposes.

It's very thorough, and hasn't blocked anything stupid yet, with one exception, which I totally understand why it did it.

It blocked my other favorite technology board... 4chan /g/. (Usually it's actually quite good... despite the occasional onslaught of spam posts... I like the battlestation threads... if no one knows what I'm talking about, ignore me I guess...)
Well I totally understand why it did that... it's on the same server/domain as the REST of 4chan... which isn't so nice.
Now, no one here besides me knows 4chan exists (silly hick town...)... so I just whitelisted it for now.

I would like to eventually have the capability to block sections of sites though.

It will work for now like this, but I was wondering if anyone had an idea how to do that.

 

[DelJo63]

I believe that the OpenDNS implementation is for DOMAINS and not full-ulr-page-references,
so it will be all or nothing.