Feature requests - alexium/internet-filter GitHub Wiki

Here is a list of features that would make this more of an enterprise-grade system.

Content and URL filtering

Configure the Squid Proxy to bump connections by mimicking the destination server certificate. This requires that clients trust the Certificate Authority used by the Squid Proxy. Requests to hosts that are not in the whitelist can be filtered based on the URL and content. Performance testing would need to be done.

DNS filtering

DNS filtering would provide defense in depth. A great solution would be dnscrypt-proxy.

High availability

Provide a high availability configuration for the Squid Proxy and Captive Portal service. High Availability for the router is not within scope, given that this will depend on the design of the local network.

Remote administration

Enable the local administrator to set up an SSH tunnel from the Captive Portal server to a bastion host. This will allow remote administration of the system.

Blacklists

Allow use of blacklists to filter by host name. Frank Denis' blog post on using machine learning to build DNS blacklists is an excellent resource.

Unfiltered internet access

Allow an administrator to grant unfiltered internet access to an end user IP address for a specified period of time with a dummy session in the Captive Portal.

Monitoring, logging, reporting

Production quality monitoring, logging and reporting.

Free monitoring and alerting using UptimeRobot heartbeat monitoring which can be called via a health check script.

User authentication

Ability to plug in to existing authentication systems like Google Sign-In or OpenID Connect.

Safe search

Configure to ensure safe search only.

Security review

Perform a security review and implement any recommendations for hardening.

Session keep-alive

Provide a less obtrusive way to keep-alive the user's session with the Captive Portal than having a tab open with a meta refresh. The Chrome Keep-alive extension may offer some ideas.

User groups

Allow user groups that can access different whitelists/blacklists.

Appliance

Easy installation with something like apt-get install. Package up the system onto a simple appliance that could be installed by non-tech-savvy parents on a home network. You could also configure a virtual appliance to run in the cloud.

Docker

Installing Squid in a Docker container would make it easier to test when using intercept mode. Diladele provided a sample Dockerfile.