There are lots of programs that small businesses (libraries, internet cafes, etc) can install on local computers to enforce their rules and terms of service when using free resources. These aren't ideal as they require constant updates, and can readily be circumvented. A lot of this stems from three intertwined requirements - preventing over-usage, decreasing liability (illegal internet activity, comply with gov't regulation, etc), while enabling the greatest level of internet access possible.
Assuming the computer cannot be trusted, a proxy appears to be a logical choice. A transparent proxy is nice in that it requires no configuration on the end machine, and would also apply to users that bring their own machines.
- What are good, free proxy servers that can be configured as transparent proxies?
- Is a proxy server good for metering and rate limiting usage, or is different software better for this?
- Are there free/open blacklists available for preventing the usual "bad" access (other proxies, child porn, etc)?
-Adam
The standard FOSS solution is squid with dansguardian or squidguard.
The one thing to keep in mind about the transparent proxies, is that you cannot easily transparently proxy https. These days more and more of the bypass-proxies you find on the internet are using https.
As for blacklists, this link seems to have a good list. It isn't free but we use URLBlacklist.com which is relatively inexpensive. It isn't perfect, but it is usually enough to give people the idea that going to inappropriate sites is not acceptable on your network.
To limit usage in squid you need to use the delay_pools, it is a bit tricky to setup the first time, but it does seem to be pretty effective to limiting the total proxied bandwidth to a certain level, and keeping one individual from using everything. (howto link)
I've used SmoothWall as a gateway and transparent proxy, along with the Dan's Guardian module to implement filtering. Dan's Guardian is particularly nice, because it's out of the box configuration is fairly safe/strict, but doesn't rely on black/white lists (but those are available if you need them).
There's a bandwidthd module that I've used for monitoring usage and it's rather handy.
For rate limiting, you can use the QoS module, but it does not do inbound limiting, only outbound - there's an informative thread on the SmoothWall Community Forum.
Particularly if you're allowing people to use their own computer, I don't know if a proxy is going to be any better from an anti-circumvention standpoint. There are lots of ways to work around proxies. If you want to prevent overuse, I think you're better off doing something at the network hardware level to keep people from connecting for too long in the first place.