I manage a number of public hotspots, at different sites, with routers running the dd-wrt firmware and I now want to (centrally) control the websites they have access to. So, my idea initially was to implement Squid as a transparent proxy (using iptables to forward router traffic) and set it up for filtering only. The only problem with this (if I understand it correctly?) is the Squid server will have to have sufficient bandwidth to handle both outbound (from routers) and inbound traffic (to routers) – the server will be remote to the routers, on the internet. I have the following server restrictions:
- must be cloud-based, on the internet
- as low as possible bandwidth
- simple (quick) to implement solution
- solution must be scalable (as routers are added)
My first question: is it possible to configure Squid to only intercept, and filter, the outbound data from the routers and allow the inbound traffic to go directly back to the routers, from the websites they requested?
Please note: I have considered using a Captive Portal solution but this will take longer, than I have time for, to implement and will have the same traffic problem!? I have also looked at OpenDNS for filtering, but the logging is not realtime – good, realtime logging is important for me.
Any suggestions on how this can be done using Squid, or any other relevant solutions, would be appreciated…
Best Answer
The fastest way is to make use of OpenDNS service to do the web filtering based on the domain name used.
Disclaimer: I don't work or affiliated to the said company.