How do you test your porn filter

For testing antivirus we have EICAR, for SPAM, we have GTUBE.

Is there a standard site that is or should be included in blacklists that you can use for testing instead of going to your favorite porn site in front of your boss, the CEO, or someone else who feels that seeing such a site is an excuse for a sexual harassment suit?


Update

This is less about getting permission for me to test, though that answer is useful. I do have both permission and responsibility to actually make sure the filter is running. I am able test the filter is functioning with a netcat.

Instead, I am hoping there is a standard domain name that is blocked by most/all filters for testing. I need to be able to share this with my boss and users.

I need to be able to demonstrate what happens when someone go to a filtered page. I need to have a way to quickly prove to others that the filter is working without asking them to go to some site that will not cause grief if for some reason the filter is not working.

If there isn't already a good domain for this purpose I may simply have to register a domain myself, and then add the domain to all the filters I am responsible for.


Solution 1:

If there isn't, there should be. RFC2606 reserves several top level domains for test purposes with the understanding that they will never be assigned. It also reserves three second level names for use in documentation examples. The reservations are:

  • .test (testing of DNS related code)
  • .example (documentation and examples)
  • .invalid (known and obviously invalid)
  • .localhost (127.0.0.1 by any other name)
  • example.com, example.net, example.org (documentation)

From their described intended uses, it makes sense to me to use something like pr0n.test as a defined positive. You could arrange for that name to resolve to something benign (BANG!) so that on failure of the filter you get something more interesting to happen than just a failed DNS lookup.

Solution 2:

Explain to your boss and HR that you either have to hope the porn filter is working or will need to test it by going to inappropriate sites. Make sure you tell them when you're doing the test, and how long it will take so they know you're not "testing" the filter all day every day. Then they can decide whether they want to let you try and visit sites like that at work or hope the filters work by default.

The second option is to install it at home without telling your teenage son and see how long it takes him to get angry and ask why the internet isn't working like it used to.

Solution 3:

We (at Smoothwall) have a "daily" URL in the lists to test the filter - with the date of list in the URL so you can tell you are up to date. Your vendor may provide a similar feature. It may well not be documented - ask them!

Alternatively, I like playboy.com. Should be blocked, but the homepage is always fairly benign - girls in bikinis etc. so low HR riskfactor if you just hit /.