- Learn Linux
- Learn Electronics
- Raspberry Pi
- LPI certification
- News & Reviews
KidSafe is no longer under active development. It is left here for historical reasons and for anyone that is still running the code, but will not have any future updates based on teh current codebase.
This is a guide to configuring a client computer adding new rules to the KidSafe Internet filter software and proxy server onto the Raspberry Pi. For instructions to installing the Kidsafe proxy see: Guide to installing KidSafe family proxy on the Raspberry Pi.
All client computers that are to be protected need to be configured to access through the proxy server. This can be configured on most computers using the general Internet settings, or in this case I've configured it directly within the Firefox settings.
The client needs to be provided with the static IP address of the proxy server and the default port is 3128.
The exclude list needs to include the address of the proxy server or a subnet including the network address range (as in the screenshot). Some browsers do not have the option to exclude network ranges (eg. Midori), in which case it may be necessary to use a different browser to login if using restricted login lists. Once logged in it is possible to go back to using the preferred web browser.
Rules are normally added by using the Website blocked page when the site is first accessed. The parent (username 'admin') would add the rules. It's also possible for another adult user (username 'adult') to be able to provide temporary access to a user without adding a new rule.
The following uses the username: admin password kidsafe. Other username / password combinations are included in the database.txt file.
In this example a child has come access a link to the website www.firstaidquiz.com. The default rules do not allow any sites by default so gives the blocked site page.
At this point the child would call over a parent who can add this to the allow rules.
Using the Add new rule section we add the site to provide access to. This can be a full server address, a domain prefixed with a period '.' to match on any sites in that domain or a regular expression.
The appropriate group should be selected in the "Add to" pull-down list. In this case allow-everyone will allow access to any users without needing to login.
The time can be set to only allow this for a certain period of time, or can be set to 'Always' to add this permanently.
The parent will then use the admin username and password to add the rule.
There will be confirmation that the rule is added and a link to continue to the original website.
The requested website can now be accessed.
In this second example we are going to add a site that needs login authentication. In this case I've chosen the social networking site Facebook, which would not be suitable for younger children, but can be accessed by teenagers and adults.
The blocked page is presented when the user first accesses the site.
Once again we use the "Add new rule" option, but this time I've set the allow field to "allow-teens". I've also included an optional comment.
After confirmation that the site has been added clicking on the link once again shows the blocked.php page.
This is normal behaviour as the user must be logged-in using the teenager or above login.
After logging in the user can now access www.facebook.com, but there appears to be a problem.
We can now access the pages at www.facebook.com, but the page hasn't loaded correctly. This is because like some other websites the site is actually spread across several different pages.
This is a fairly common problem, which can be fixed by looking at the logs and adding the appropriate rule directly. The logs are accessed using
sudo tail -f /var/log/squid3/kidsafe.log
This will view the log file in the follow mode so that you can watch as new entries are added.
From version 0.2.0 or later you can also view the log from the dashboard. Go to the website on the proxy server /kidsafe/index.php and click on the dashboard link.
In this case we can see lots of REJECTs against two servers in the akamaihd.net domain. We can go to the webpage kidsafe/addrule.php to add this rule directly.
In this case I've added to the entire domain using .akamaihd.net as the host entry.
Logged in users (teen and above) can now access Facebook.