Skip to main content
Welcome guest. | Register | Login | Post

Using Tinyproxy To Clean Up Children's Web Surfing

13 replies [Last post]
supermike's picture
Offline
Joined: 2006-02-17

At my house, I'm a dad who uses Linux. I have some kids. They're starting to grow up and go to more questionable sites on the Internet (on urging from friends) and it's my job to police it. I am one of these dads who think that kids get enough exposure to bad stuff from TV, movies, and the public schools, and I don't think they need any more influences until their minds are mature enough to handle it. I also limit the kinds of movies they watch and the kinds of TV shows too. With my oldest child, I have let her watch a bit more than her younger brother, so I mean to say that I'm not the meanest dad in the world. I really do let a kid grow up -- I just try to wait until I think their minds are mature enough to wrap around certain concepts and strong enough to fend off peer pressure.

Anyway, I had to secure their Internet surfing. I needed to introduce a proxy. At my office, I spent a lot of time learning Squid proxy and it was frustrating but possible to get it going. That's when I discovered tinyproxy. With this, I was able to get going much, much faster. It's not as robust, but it's got just enough features to get you going.

Here's my cheat sheet on getting tinyproxy going at your home. Note that I recommend you stick with Squid if you plan on controlling more than 50 people with a proxy, and even at that, I recommend multiple network cards and/or multiple proxy servers behind a load balancer device for some real performance gains. But for average household use, tinyproxy is probably the tool for you.

1. From your home Linux system, type:

sudo gedit /etc/apt/sources.list &

2. Uncomment the universe options (temporarily) and save and quit editor.

3. Type:

sudo apt-get update

(WARNING: Ignore if Ubuntu pops open a window asking you to update your system -- if you update, you might end up pulling from the universe source and it could make your system more unstable. We'll undo this in a moment.)

sudo apt-get install tinyproxy
sudo gedit /etc/apt/sources.list &

4. Comment the universe options and save and quit the editor.

5. Type:

sudo apt-get update
sudo gedit /etc/tiny*/*.conf &

6. Uncomment these lines:

Filter "/etc/tinyproxy/filter"
FilterURLs On

7. Don't close your editor just yet. Think about your home subnet. Is it "192.168.0.x"? (In many cases this is the case if you are using Windows or are behind a Cable\DSL router. See what IP addresses your home PCs use and that should help you define your subnet. If you don't have a subnet, then that's beyond the discussion here about how to set up your own home subnet. Look elsewhere in Ubuntu Forums for that.)

8. In your tinyproxy.conf file that you're still editing, add a line like this for your current subnet, assuming it's "192.168.0.x":

Allow 192.168.0.0/24

9. The /24 stands for the "netmask". The short of it is that it allows 0-255 on the last part of the IP address, meaning, usually, your entire home subnet. I've got you going with a shortcut. If you want more help on netmasks, that's beyond the discussion here. I had to Google for it with keywords "squid and netmask" because tinyproxy and Squid use the same kind of "Allow" statement.

10. Now save your tinyproxy.conf file.

11. Type:

sudo cp /usr/share/tinyproxy/default.html /usr/share/tinyproxy/default.html.ORIGINAL
sudo gedit /usr/share/tinyproxy/default.html &

12. Now you see an HTML page. The reason I took you here is because this is the template page one sees when they have violated the proxy and gone somewhere they should not have. By default, this page is fairly ugly, and, frankly, confusing for young eyes to see. If you know a little HTML, edit this file to make it less confusing for children. Just note that this HTML is special in that it cannot load images -- it's just text you can put in here. Also watch out for the {} statements -- these are fillers that get filled in by the proxy. Now save the file when done.

13. Type:

sudo gedit /etc/tiny*/filter &

14. Now you're editing the filter file. In this part, it's actually pretty hillarious. I don't recommend you let anyone see you type this. You have to think up all the vile keywords on the planet that are not part of another word. For instance, if you look closely at the word "grapes", there's a vile word in there. The same with "advertisement" if you look close enough. So you can't filter on those kinds of vile words (that are inside "advertisement" and "grapes".) However, you can filter on other vile words. So, you can only use keywords that are not part of some other word. That discussion is beyond the discussion of this forum. And hey, if you don't have to type this vile list, but can find it on the Internet and download it, then that's your choice and will probably save you the hassle. You can also put in stuff like "http://www.dontgohere.com" for sites like "dontgohere.com" when you don't want users going there. When done, save the file.

I also want to add that you put each word or phrase on a separate line, like:

blockme
blockmetoo
andblockmetoo

Also, if you know a little about URLs, you can sometimes catch some things by doing this like using symbols before and after the word. This permits you to catch certain bad words (like the bad word inside "grapes") without blocking normal content. For example:

+block=
-block=
/block/
&block=
+block&
...and so on...

You'll have to think of every permutation of the word along with the symbols: ?, +, =, -, /, and &. Go to this extreme only if you want to do this. You don't have to go to this extreme. In my case, I did and it was tedious.

15. Now we bounce the tinyproxy by doing:

sudo /etc/init.d/tinyproxy restart
sudo gedit /etc/crontab &

(Note it's a space after "tinyproxy" and before "restart".)

16. In crontab, add this line to bounce the tinyproxy at night so that you can kill any chance of a memory leak and make it run faster:

0 22 * * * root /etc/init.d/tinyproxy restart

Note that I did a <TAB KEY> after 22 and after the last * and after "root". Also, make certain there's a line wrap at the end of the line after "restart" or it probably won't "take". Note also I have a space between "tinyproxy" and "restart". Now save this file.

17. Now go to your kid's home PCs and change the settings in them so that they use this proxy. In my firefox, that's under a button in the Preferences dialog called "Connection Settings". Just point it to your IP address of the Linux proxy and set the port to 8888. I wouldn't bother with anything except HTTP proxy. Don't bother with SSL, FTP, all SOCKS, etc. Test this with yourself, first, of course, and see how it works. Note that your spouse might not like this proxy with amazon.com, ebay.com, or her banking sites, so you might want to put exceptions in the browser settings to not use the proxy when visiting these sites.

18. Note when you have to change your filter file, you have to restart the tinyproxy by doing:

sudo /etc/init.d/tinyproxy restart

19. When you want to debug what's going on, or simply to check up on your kids browsing habits, look in:

sudo /var/log/tinyproxy.log

20. Note that you can edit the log level to make it less verbose -- just read the info on that in your tinyproxy.conf file.

Enjoy!

a thing's picture
Offline
Joined: 2005-12-20

Very nice. Just want to add that to get your IP on your home network, use ifconfig (/sbin/ifconfig if /sbin/ isn't in your $PATH).

EDIT: Also, to avoid the thing with the spouse, just apply the proxy for the kids' accounts. Unix is a multiuser system.

Offline
Joined: 2005-12-21

Very nicely written. Useful I bet to a lot of people. :smiling:

As for blocking kids... hehe. I always find this a somewhat amusing topic. My personal experience thus far with friends and whatnot is that they have a habbit of trying out stuff their parents do not wish them to do/stop them from doing first chance they have to violate it, without being caught. My parents are very lenient in this entire regard. I'm a teen and I have my own Ubuntu box, within about a foot and a half beside my bed in my room (I can pretty much boot it up without having to get out of bed in the morning :smiling: ), with no proxy/filtering in regards to the net connection.

But I'm not about to question someone else's parenting, what do I know about it? :bigsmile:

Lovely tutorial though. Handy to know if you want to admin half a household.

Cheers,
Pascal

tbuitenh's picture
Offline
Joined: 2005-12-21

I think setting up filters like these is very good for your children. It encourages them to develop their computer skills, and the experience will be very useful for them to communicate freely with good privacy in the future super-censored world.

Laughing Laughing Laughing Laughing Laughing

libervisco's picture
Offline
Joined: 2006-05-04
"tbuitenh" wrote:

I think setting up filters like these is very good for your children. It encourages them to develop their computer skills, and the experience will be very useful for them to communicate freely with good privacy in the future super-censored world.

Laughing Laughing Laughing Laughing Laughing

Indeed Laughing

We ought to makes sure it doesn't get to become a super-censored world though. Smiling

But of course, I understand the need to employ some of this "censoring" as part of parenting. When done right, it's really not a restriction of what children can experience or learn, but rather a protection from what they just may not be yet ready to experience and could actually be somewhat harmful for them I suppose.

That said, great tutorial supermike. Smiling

Thanks

tbuitenh's picture
Offline
Joined: 2005-12-21

I think it only offers a false sense of security, and occasional annoyance when a site gets blocked that shouldn't have been.
There are thousands of sites out there that you just can't block without also blocking lots of "safe" stuff.
The result may be that the kids go to friends who don't have parents who are skilled enough to install a filter (or perhaps more permissive), and then they'll see the bad stuff there.
And what about the kids chatting online? Lots of awful stuff can happen to them there. You know the stories. Proxies won't help against that.

I know, if you love your children, you want to protect them. The only real protection is to teach them to protect themselves. :-k

Oh well, what do I know. Maybe your kids are six years old and very interested in cats... In that case, do filter the other type of "pussy"!

Allright, back to tech support!

Offline
Joined: 2005-12-21

It is possible to block chat to a fair extent by blocking the ports it uses. For example IRC uses 6667. Just find out what MSN, ICQ/AIM, Yahoo IM and Jabber use and you're set. I doubt most young kids know how to proxy tunnel or change the port that a chat program uses, so that ought to do it.

Cheers.

tbuitenh's picture
Offline
Joined: 2005-12-21

Blocking all chat is not an option, you'll be the "obsessive protective father". What you want to do is make sure they only chat with other kids and trustworthy adults. One solution is to only let them use chat systems that have moderators watching everything. The other solution is to teach them to protect themselves.

Offline
Joined: 2005-12-21
"tbuitenh" wrote:

Blocking all chat is not an option, you'll be the "obsessive protective father". What you want to do is make sure they only chat with other kids and trustworthy adults. One solution is to only let them use chat systems that have moderators watching everything. The other solution is to teach them to protect themselves.

Well of course it depends what they are into. For example if they are computer savvy blocking IRC actually cuts them off from a great resource and communication method. In general though, Jabber is nice. :smiling:

Personally, if and when it comes to the time that I need to worry about parenting I wouldn't block anything really. I'd try and spend as much time as possible with my kid(s), especially while on the net. Teach them about the net so they can think for themselves. I think that is what my parents did and that's why I bought my own computer and now sit behind it, without any restrictions, whether curfew, filter or whatever. I make those decisions myself and I am content I am making the right ones. :smiling:

Have a good one,
Pascal

tbuitenh's picture
Offline
Joined: 2005-12-21
"klepas" wrote:

Personally, if and when it comes to the time that I need to worry about parenting I wouldn't block anything really. I'd try and spend as much time as possible with my kid(s), especially while on the net. Teach them about the net so they can think for themselves.

I agree. However I also think very small children need *some* protection, but then perhaps it's better not to leave them alone with the computer instead of relying on a filter protecting them.
(so many emoticons, and not a single one that nods...)

supermike's picture
Offline
Joined: 2006-02-17
More 2 Cents

I'd also like to add that it really comes down to the 80/20 rule. We can't control everything they experience. The media outlets are too powerful in their desire to squeeze out every ounce of cash out of consumers.

I think censorship of children is a good thing when they are children. When they are teenagers, after about 15, then I'm more open to letting them come out from under my protection a little. Still, my efforts here are not part of an effort to jump on the bandwagon of a super-censored world. I hate traffic cameras and other kinds of Big Brother stuff. This isn't about that, for me. It's about fighting a variety of media outlets who want to shove mature topics into the minds of little children that have not grown the capacity to be mature enough to handle this material, such as watching a real beheading on the national news.

I think most media outlets have gone off the deep-end and frankly I'm quite mad at them about it. Capitalism and liberty run amuck, if you ask me. And unfortunately I'm fans of both to a certain degree.

I can't even drive down the freeway now without some nightclub or adult video billboard putting questions into little kid's heads. I can't watch a movie with the kids anymore without finding I must censor about 25% of it or more. And the G and PG movies are so boring that only the 5-7 year olds like them. I have to filter the news, the TV shows, the radio. Many of these outlets have caused my children to be sad by my actions or for me to get up and walk away from it with them. Hollywood has no idea the pain they cause me as a father.

Besides the rare but extremely grotesque and realistic Vietnam footage that I had to face in the 1970s, and even then I could have done without it because I was just a little, immature kid, the 1970s were so much better with the balance of liberty in the media, and simply good parenting.

I will hope that we are seeing an epogee here where the excesses of liberty have worked their course and good common sense and ethics will return to capitalism. I'm voting with my wallet and good parenting and I wish other parents would do the same.

Offline
Joined: 2005-12-21

Though leading somewhat astray from topic, I just wanted to mention the way I was brought up about this whole thing. My parents, as mentioned afore are quite lenient. I learnt about the whole sex, violence, drugs and so forth thing between the ages of 8-12, not that I understood or cared much about it. Though now in retrospect I am happy they did. I feel comfortable when these subjects are raised, I can talk about the issues and not be ashamed or worried.

To be honest, my parents don't mind what I download from the internet (so long as it doesn't interfer with the speed, otherwise dad gets annoyed... :bigsmile: ), simply because they know I'm not out to download exceedingly violent films or something along those lines. As for pornography, they wouldn't mind either. I like not having anyone constantly looking over my back or making sure I don't do this or that. Allows me to trust my parents and visa versa. :smiling:

Cheers,
Pascal

Offline
Joined: 2006-02-20

I would suggest using SQUID and DANSGUARDIAN -- the latter comes with already configured blacklists, and not only for sex & porno, but for gambling, violence, and other similar themes too; you can specify which lists to allow and which to forbid.

Offline
Joined: 2006-01-29

Excellent post! I hope you don't mind, but I linked to this from DebCentral. I know I, as a parent myself, found it very informative. Thanks!

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.