# Anti Porn solution at ISP level



## brahmaparush (Feb 24, 2009)

Hi. I work in large ISP company. And I have a question: is there any possibility to introduce the filter of a porno-contents at ISP level ? I wish to introduce this possibility as a service.


----------



## hydra (Feb 24, 2009)

Sure, with a proxy. Either you do URI based filtering (or IP maybe), or you check the content (that really takes a lot resources, so it's highly unprobable at the ISP level).


----------



## alie (Feb 25, 2009)

i have small ISP with 100+ clients and i used IP/URI based filtering to filter porn site. this is the fastest way to filter porn content/uri


----------



## DutchDaemon (Feb 25, 2009)

You could look into OpenDNS, which can filter based on DNS lookups. Filters can be switched on and off using the web interface, and you can blacklist/whitelist. It's entirely free.


----------



## alie (Feb 25, 2009)

@DutchDaemon: but we need to use their DNS. am i right ?


----------



## DutchDaemon (Feb 25, 2009)

Yes, but you can put forwarders in your own nameservers, so clients can just continue to use those. Your nameservers will serve their local zones as usual; only recursive queries will be forwarded to and handled by OpenDNS.


----------



## mfaridi (Feb 25, 2009)

Use squid , I think is good way


----------



## tuck (Feb 25, 2009)

I wouldn't want my ISP to filtern anything!
It's ok to filter porn at home if you have kids surfing around but what if I want to surf this sites?


----------



## DutchDaemon (Feb 25, 2009)

Try being an ISP in Singapore ..


----------



## Mel_Flynn (Feb 27, 2009)

tuck said:
			
		

> I wouldn't want my ISP to filtern anything!
> It's ok to filter porn at home if you have kids surfing around but what if I want to surf this sites?



He said he wants to offer it as a service, whether that service is optional or forced, he didn't state and as such, no need to jump to conclusions.

Secondly, in the case it's an optional service, many small to midsized business would welcome it, since browsing porn on the job is still a major source of productivity problems.

@brahmaparush
For ISP-level content filtering you will need several large machines and heuristics don't work well. I remember an anti-porn filter a fiew years ago, that was circumvented within days, by reversing the colorization of pornographic images and the receiver would do the same. DNS doesn't work for email delivered content between peers, encryption is another way of circumventing content filters. All in all, you need to make clear in the service agreement, that content may slip through and possibly a way for consumers of the service to report them.


----------



## paulfrottawa (Mar 1, 2009)

brahmaparush said:
			
		

> Hi. I work in large ISP company. And I have a question: is there any possibility to introduce the filter of a porno-contents at ISP level ? I wish to introduce this possibility as a service.



Here's a look at my working squid on the subject.


acl pornsite url_regex  "/home/squid.pornlist"
acl localnet src 192.168.0.0/255.255.0.0    
#############block-porn
http_access deny pornsite
http_access allow localnet
# And finally deny all other access to this proxy
http_access deny all

put one line at a time in porn.list
xxx.com
smut.com


----------

