Setting up a Proxy server on my home router to enable content filtering

7

2

My son has a Nexus 4 and wants to use Google Now. I have k9 web protection enabled on it, which blocks Google Now, as there is no way to force safe search for google images. However, I have found some interesting information, which I would like to put into practice. According to Google, one can:

2) Update the router configuration

To enable SafeSearch throughout a school network, you can use a proxy server to append &safe=active or &safe=on directly to all search URLs. This will enable strict SafeSearch.

Google Sends search queries along URL paths like google.com/search?..., google.com/images?..., google.com/s?... Schools that activate SafeSearch with a proxy should keep their filters updated to include /search, /s, and /images URLs.

So, I would like to do this. I just have an AT&T Wi-Fi router. I am guessing I will need my own computer for this, which is a Mac, OS X 10.8.2, on WiFi.

In summary, I need to know how to set up a proxy server on my router, and enable this change of query, on EVERY device. Actually, if that is too difficult, just the phone. Thanks.

Josiah

Posted 2012-12-23T19:12:07.987

Reputation: 1 674

2The very next day when you accomplish this, your son will pop up in SE site and ask help to bypass it, so the result is we shall help you, and your son!!! – RogUE – 2015-05-23T03:03:00.620

2Not strictly an answer to your question but have you tried OpenDNS - www.opendns.com - the only thing you need to change at your end are the DNS settings on your router. The free (home) service is pretty good and well worth investigating if you have not tried it. As your kids get more technically sophisticated there are ways to route around this solution but kids learn to defeat most solutions eventually. – BJ292 – 2012-12-23T21:32:21.157

Yeah... My kid is going could easily get around that. I have to say he is probably one of the most technically advanced kids I have met. 14 and he is doing all kinds of programming. – Josiah – 2012-12-24T01:37:12.757

So don't give him Admin privileges and that would solves this problem so you use OpenDNS. – EliadTech – 2012-12-24T16:56:10.123

@EliadTech, OpenDNS looks pretty good. You should post that as an answer. – Josiah – 2012-12-24T16:58:25.587

That was BJ292 idea, I've just completed him... – EliadTech – 2012-12-24T17:06:43.843

True. @BJ292, You should post that as an answer. It is a very good idea. – Josiah – 2012-12-24T18:41:27.123

@BJ292, I looked at OpenDNS, and it doesn't work on Uverse routers. – Josiah – 2012-12-28T16:49:14.383

Answers

6

I need to know how to set up a proxy server on my router

First, this isn't possible (in the way you mean). You don't set up proxy servers IN routers. At least, not in a standard DSL/Cable modem/Router that would have been provided.

You set up a proxy server in another device (computer) in the network, and have the router point at it.

I'll use my home network as an example. I have a media converter (changes the DSL/phone line to an Ethernet plug). Next in line is my MacMini Server. It creates the PPPoE connection to my ISP. In the server I am running DHCP (hands out the IP addresses to my network so other computers can connect using WiFi), DNS (handles name services for me), an email server, a VPN server, a caching proxy server, and many other services. The only way to connect to my network through the MacMini is wirelessly. In this way, all clients are forced to go through the services I built.

I mention all this because I am NOT using the stock DSL router that was provided by my ISP.

The process to do all this would be the subject of a book. I did it because I am a network security engineer by trade, and understand the nuances of what I'm doing (and places that I traded off security, speed, and functionality).

I can't recommend this for you, because I don't know all the specifics of your situation. What I can say is that you may want to see about installing something like netnanny on the phone. Other options include researching proxy services that are available commercially and requiring it to use them.

EDIT: Conceivably, you could try and install a version of linux into a modem/router and make this happen. However, you would:

  1. Void warranties
  2. Brick the device if you make a mistake
  3. Potentially cause a problem that gets the attention of your ISP
  4. Not get it to work without compiling a version of Linux to go on it
  5. Have to find a driver to get the modem function to work/write a driver to make this work.

When I say this isn't possible, I mean for a consumer grade situation. If you are an enthusiast and can afford to take all the risks, then it may be the thing for you to try.

Everett

Posted 2012-12-23T19:12:07.987

Reputation: 5 425

So, it would appear that this is not going to be fairly simple. Netnanny does not help, as it is like K9, where it uses it's own browser, and blocks others. That is not what I want, all I need to be able to do is change any search results and add the safe search tag to them on the phone. – Josiah – 2012-12-23T20:29:41.370

Yes, this is not a simple download and install. My system works because I am using a computer as a router (and a server). It's VERY difficult to make a router a computer, add a proxy, AND make it a router again. The kind of thing that you have to have in depth knowledge of command line functions, flashing devices with new ROM's (screw this up and you brick the device), and know how to configure everything PLUS do your own troubleshooting. – Everett – 2012-12-23T20:39:17.340

1It's probably impossible to set up a proxy on a consumer-grade router, but if you have an old PC that you can install linux and squid on, it's not that difficult. There's no technical reason the proxy has to be running on the router. – user55325 – 2012-12-23T21:12:20.060

user55325 is 100% correct. – Everett – 2012-12-23T21:14:54.327

You could even set it up on your Mac with SquidMan: http://squidman.net/squidman/

– user55325 – 2012-12-23T21:15:43.410

Actually squidman is a caching proxy (it's what I use on my MacMini). It won't make modifications to the headers (the search URL's) like what the OP is asking for. – Everett – 2012-12-23T21:18:20.973

1

Actually, you can use squid to rewrite URLs using the url_rewrite_program directive in the config file. If you don't want to write the code yourself, you can use something like Squirm also: http://squirm.foote.com.au/

– user55325 – 2012-12-23T21:48:56.700

1@user55325, if you could write an answer showing how to do that, I would really appreciate it! In two days I'll even throw in a bounty to you, although it is not much. – Josiah – 2012-12-23T22:05:43.387

@user55325 - Where were you 3 months ago? Thanks for this. I like being corrected (when it's in my best interest). Hope you get the answer and some upvotes (I'll give you mine if you write the answer). – Everett – 2012-12-24T03:29:22.540

1@Everett, Your answer is a good one +1, and I'm sure it will help some people, but User55325 and BJ both had good answers. – Josiah – 2012-12-24T18:43:02.117

I've been kind of busy lately, but I'll try to get something tested and written. – user55325 – 2013-01-02T04:14:35.470

4

You could accomplish this task by setting your DNS servers to opendns.com addresses, 208.67.222.222 and 208.67.220.220 and then sign up for an account there to manage your public IP address, then specifically disable all requests to google.com, or to http://www.google.com/imghp, and all other image areas in order to block out those requests. It's not a perfect solution.

I also do IT for a living and there are solutions that can use a proxy inside the router.

First, you could try installing DD-WRT with squid on your home router, but that is a complicated process and not what I would recommend.

A better option is to look at a Buffalo WZR-1750 router that has DD-WRT installed.

A third option is to use an old PC, add a second network card into it and then download and install the IPCop router solution. IPCop takes some work to set up, but it's online, it's very reliable and you can do all sorts of things with it such as restricting what devices can get online, blocking certain IP addresses, certain MAC addresses, or you can restrict access to the internet to certain times of the day (such as from 5PM - 8PM when there's family accountability, and the kids can't search porn when their in the family room with you.

I would recommend going with either the buffalo router or with the IPCop solution. You can get cheap PCs from many computer shops or check your local school or university for PCs that they sell off as they replace their computers in the classrooms.

Chris

Posted 2012-12-23T19:12:07.987

Reputation: 41

0

This does't answer the request on how to setup a proxy server, but is responding to OP's question regarding how to force google safe search on all computers on network. See this answer to a similar question https://superuser.com/a/1520877/973180 - it provides specific steps on how to force Google Safe Search for all computers on network by modifying the router's DNS lookups. It only works if your router uses DDWRT firmware (but similar concepts may apply to other routers if they allow bootup commands and/or DNSMasq).

CoderBlue

Posted 2012-12-23T19:12:07.987

Reputation: 51

0

I would suggest that you use the Untangle gateway ISO. There is a free version and pay version. I suspect the free version will likely do what you need it to do.

Untangle Gateway is a KNOPPIX-based network gateway with pluggable modules for network applications like spam blocking, web filtering, anti-virus, anti-spyware, intrusion prevention, VPN, SSL VPN, firewall, and more.

For your home use, you can install it on your own computer. For larger installations, they make pay versions that can be purchased on network devices.

http://iso.linuxquestions.org/untangle/untangle-gateway-10.0/

gr8spirit

Posted 2012-12-23T19:12:07.987

Reputation: 1

Asked: 2012-12-23T19:12:07.987

Viewed: 115 050 times

Active: 2020-01-28T17:21:46.813