Restricting web access with a proxy server
Q I manage a small network on a residential site, which is looking to restrict staff use of the internet (especially out of hours) to 30-minute sessions per user. The network is a Windows 2000 domain, but the internet area could be on its own subnet linked directly to the router. At the moment we are looking at cheap solutions like Internet Caffe from Antamedia, but I wondered if there was something that could be done through Linux. Perhaps some form of LDAP terminal server using a MySQL database? The transport layer security protocol project (TLSP) makes me think that someone else must have asked this question at least once, but the web discussions all seem to head back towards MS servers, which seems a pity. The machines are all low-spec P400/800s, with 128-256 RAM, which could possibly be increased. Access to a common shared drive (via CIFS or NFS) and a shared printer (networked Brother) would also be useful. Obviously, all the programmes that you might want are there - MPlayer, RealPlayer, Firefox, Thunderbird, Xpdf, OpenOffice.org, Gaim/Kopete etc. Any suggestions would be greatly appreciated, as the Windows options seem to require fairly careful running.
A Proxy software such as Squid would be ideal for this, as you can configure it to require authentication and time out after a given duration. You will know exactly who is accessing sites and what they are doing. You can find Squid at www.squid-cache.org, and there are plenty of example configurations in the documentation. The hardware you're using sounds more than adequate, and nearly all current Linux distributions provide the tools and programs you list. Mandriva, Ubuntu, Fedora or even SUSE are great options for desktop systems as an alternative to Microsoft Windows.
- Force all web traffic to go through a proxy server
- Ubuntu APT package caching with a proxy server
- Open source streaming media server to access videos on a NAS
- Connect securely with encrypted access to Dovecot email server
- Block attempts to use Apache as a proxy server