tinyapps.org / docs / Whitelist or blacklist websites in Ubuntu Linux

Purpose

Prevent access to certain sites (blacklisting) or all sites other than those specified (whitelisting) from Mozilla Firefox.

Environment

• EasyPeasy 1.6 (which is built on Ubuntu 10.10 (Maverick Meerkat))
• DansGuardian 2.10.1.1
• TinyProxy 1.8.1
• Mozilla Firefox 13.0.1

Setup DansGuardian

1. sudo apt-get update && sudo apt-get install dansguardian tinyproxy
2. Edit /etc/dansguardian/dansguardian.conf as follows:
   1. Delete or comment out the following line: UNCONFIGURED - Please remove this line after configuration
   2. Change proxyport = 3128 to proxyport = 8888 (8888 is Tinyproxy's default port; 3128 is Squid's default port)
   3. Change weightedphrasemode = 2 to weightedphrasemode = 0 to disable weightedphrasemode if desired
3. Blacklist or whitelist:
   • To blacklist facebook.com and myspace.com, simply add them (one per line) under #List other sites to block in /etc/dansguardian/lists/bannedsitelist.
   • To whitelist tinyapps.org and google.com, blocking all other URLs and IP addresses, remove the octothorp (#) from the following lines in /etc/dansguardian/lists/bannedsitelist:
     #**
     #**s
     #*ip
     #*ips
     and add tinyapps.org and google.com (one per line) to the bottom of /etc/dansguardian/lists/exceptionsitelist.
4. sudo dpkg-reconfigure dansguardian

Setup Firefox

1. Create user.js inside of ~/.mozilla/firefox/randomstring.default/ and insert the following lines:
   lockPref("app.update.enabled", false);
lockPref("network.proxy.http", "localhost");
lockPref("network.proxy.http_port", 8080);
lockPref("network.proxy.type", 1);
lockPref("network.proxy.no_proxies_on", "");
lockPref("network.proxy.share_proxy_settings", true);
2. Prevent user from modifying:
   sudo chmod 644 user.js
sudo chown root:root user.js

Notes

• If you prefer the traditional GNOME desktop environment over EasyPeasy's "Ubuntu Netbook Edition" interface, you can switch between them at the login screen after clicking a username but before entering the password.
• To stop, start, or restart tinyproxy or dansguardian:
  sudo /etc/init.d/tinyproxy stop | start | restart
sudo /etc/init.d/dansguardian stop | start | restart

Updates

• A much simpler approach is to simply install and configure ProCon Latte Content Filter for Firefox.
• Another whitelisting approach:
  1. Add desired IP addresses and their corresponding URLs to /etc/hosts (e.g., "174.143.240.42   tinyapps.org")
  2. In /etc/nsswitch.conf, change the line reading "hosts: files dns" to simply "hosts: files"

Sources

• Web content filtering with DansGuardian
• Servers/DansGuardian
• Dansguardian: Internet filtering software for Linux
• Dans Guardian
• Setting up DansGuardian on a single home PC running Ubuntu
• Blocking websites using Dansguardian
• Install dansguardian, tinyproxy, and firehol
• HOWTO: Install Dansguardian on a single desktop AND for a network
• How to lock Firefox's proxy settings for proxy filters
• Do It Yourself Whitelisting

created: 2012.06.24, updated: 2016.04.22