User avatar
Posts: 2
Joined: Mon Jan 15, 2018 9:38 pm

using a RPi as a locked WebClient

Mon Jan 15, 2018 9:51 pm

hi All,
i have checked different distros with RPi, and finally stay stuck with my requirements, and no real answer so far.
Let me explain here in more details.

I need to install in a public area, a RPi device, with mouse, keyboard, printer, screen, ethernet attached and USB access with the following constraint:
- the device need to be accessed by different people that have no "userid", as it is whoever that needs to use this device to surf on "selected/filtered/whitelisted" websites. Assuming that those folks can be between 16 to 100 years old.
- when a user browsed to different websites, and potentially printed what makes sense for him, if he forgot to disconnect, after a couple of minutes of inactivity, his session need to be finished, all the data (even, caches) written in the device need to be fully removed (so if another folk is using the device, there is no data left from the previous session)
- all the activity that a user can do is limited to ONLY browsing to "whitelisted" websites. any other website is by default forbidden.
- access to the system using CLI should not be possible (so no possibility to go into /etc/hosts and add FQDNs to browse directly to forbidden websites for example).
- not possible to add any plugins inside the browser.
- if the user disconnects properly, all the caches need to be flushed
- if the user wants to attach files from/to a USB stick to/from the WebClient, this should be doable, but not through the RPi filesystem. The files should go from/to the USB stick, to the destination Web Server (again,; the goal is to avoid any leftover from this user, if someone else uses his session.
- every day, at the same time, a sanity check is run on the device, and replacing all the files with the "default image" files (in case someone found a way to hack the device)

i am thinking about different options with a screen locker, cron commands, and stuff, but if that already exists, it would save me a bunch of work.

thanks for your feedback and help.

User avatar
Posts: 2
Joined: Mon Jan 15, 2018 9:38 pm

Re: using a RPi as a locked WebClient

Thu Jan 18, 2018 7:38 am

hi all,
small update on my journey.
i am trying to make this with Ubuntu MATE on RPi, using the "guest/invite" user.
the URL filtering for WebInterface is not that simple (i am thinking about using SquidGuard potentially, as a filtering proxy for the webclient, but still miss how i can force ONLY squidguard to send traffic externally (while all the other apps are not allowed, except sending HTTP/HTTPS to squidgard on the same device).
i have not yet found a way to clear caches automatically (browser) and also avoid any plugin addition inside the browser, but i assume that this can be done with the credentials and rights, and with the "autodisconnect" when there is no activity.

Return to “Advanced users”