OVERVIEW

Instead of rudely rejecting HTTP requests, set firewall to respond with a series
of instructions for using the web proxy on your network.

LAYOUT

notice/      HTML files with custom responses for each browser [User-Agent].
             Customize these files to reflect your network's configuration.

proxy-rdr/   Application to be run from inetd that responds with instructions.
             Edit 'config.h' and then run 'make install' in this directory.

static/res/  Style sheets and screen shots included by the notices. These
             folders are served up by the web server of your choice since this
             is not a general-purpose web server.

TUTORIALS

http://eradman.com/article/web-filtering

CONFIGURATION

1. Add a dedicated user:

# useradd -m webaccess
# su - webaccess

2. Unpack tarball, edit config.h, and make program as new user

$ tar -xf proxy-rdr.tar
$ cd proxy-rdr
$ vi config.h
$ make install

3. Edit inetd.conf:

www stream tcp  nowait webaccess /home/webaccess/redirector redirector /home/webaccess/notice

4. Optionally, sset up a web server to provide access to resource files.

thttpd -p 3000 -dd ~/static

5. Redirect all inbound requests requests to port 80. This example uses
   OpenBSD's PF, but there's no reason other packet filters can't be used.

no rdr on $int_if inet proto tcp from any to ($ext_if) port = www
rdr on $int_if proto tcp from any to any port www -> ($ext_if) port www

6. Edit each file under notice to reflect your setup

$ vi notice/*