views:

40

answers:

1

I am interested in writing a parental control filter that can be used to monitor and/or redirect all outbound internet requests on a Window desktop OS (Vista or higher). I'd like the filter itself to have unrestricted internet access so it can access a web service on the internet during application/browser requests. For approved traffic, I'd like to simply pass the request through. For denied traffic, I'd like to redirect to a custom response page. The steps would look like:

  1. Filter URL receives request.
  2. Filter passes URL to web service for approval.
  3. Approved request is passed on to the internet gateway.
  4. Denied requests are redirected to a custom error page. The error page would most likely be online.

My question is, exactly where should I implement this filter in the Windows networking stack? I can see in the articles on Windows Filtering Platform that there is a place for implementing a third party parental control, but will that filter be able to initiate and receive its own network traffic as long as it can recognize its own requests and avoid getting stuck in an infinite recursion situation? It's possible I could store filters locally, but I'd prefer to look at storing them online where they can be shared among multiple clients and it's less susceptible to tampering.

If this third party parental control block is not the correct location, is there another location in the WFP architecture that would allow me to implement the filter I've described?

+1  A: 

I would use a Squid plugin to do this. Which is an application layer, or OSI layer 7. Now you now have 2 options. You can force all browsers on the machine to use a proxy server. The other option is using the router to do transparent redirection to force all HTTP requests though squid, this is Network Layer, OSI layer 3 solution. (Home routers probably can't do a transparent redirect. I know that shorewall can do this.)

And yes, all of this works with Windows or any other strange OS you like using.

Rook