I manage a guest WiFi network that sees several thousand users each day. We're tasked with implementing content filters, particularly to block certain types of pornography and illegal sites due to legal obligations. However, the guidelines are pretty vague, and most businesses seem to take a "best effort" approach.
Currently, we've taken a few measures:
1. Blocking major public IP ranges like Google and Cloudflare at the IP level.
2. Heavily filtering domains through our DNS resolver provided via DHCP.
3. Using Palo Alto's IP lists to block certain sites directly, but this method is becoming less effective lately.
I'm wondering if there are any additional strategies or techniques I've overlooked to enhance our filtering while maintaining a smooth user experience for our guests?
5 Answers
One effective strategy is to block new domains for a certain period—like 7 to 30 days—as they could be less reliable and possibly harmful.
For good filtering solutions, check out DNSFilter for public WiFi. I personally use their roaming client, but for something free, Quad9 works too!
Consider blocking port 853 completely, which helps prevent tools like DoH on Android. It won’t catch custom ports, but it reduces the chances of oversight.
Absolutely, we definitely filter our guest WiFi too! We try to keep it minimal to avoid frustration, but it’s crucial to protect our IPs from appearing on inappropriate sites.
We stick to simple blocking: just the basics like porn, malware, and some piracy sites. Our internal filtering is more robust, but we try to keep guest access smoother.
Related Questions
Can't Load PhpMyadmin On After Server Update
Redirect www to non-www in Apache Conf
How To Check If Your SSL Cert Is SHA 1
Windows TrackPad Gestures