Huge Deny-Lists

From: Jens Frank <>
Date: Tue, 24 Mar 1998 19:25:00 +0100 (MET)


We have a network of about 15 schools. Most of them are sitting behind our
firewall. The firewall hosts a squid, which has about 10000 sites blocked.
We are using this approach since there is no NetNanny-alike available for
Unix. We are also working together with some schools not connected to our
firewall. At the moment, we distribute squid.conf to these sites. The
problem is, that this file is
  a) growing constantly, and adding sites requires the restart of squid
     or the reload of the config file, both resulting in the proxy being
     not available for some minutes.
  b) plain text. This file is rather ,,explicit'' itself, and pupils being
     admin on some of our servers shouldn't be able to make use of this list.
     And thinking of the passwords teachers use to ,,secure'' their server
     makes me feel even worse.

Are there any means by which we could easily change the configuration
without the server being unavailable? And is there some way to dump the
tree squid creates outof our acl's in some binary, not trivial readable
form ? Using some binary deny-list would allow to distribute our list to
other schools we don't have direct contact to. (This would be security by
obscurity, but better than nothing)

                                Thanks for your help,

                                        jens frank

Jens Frank
StadtSchulNetz Goettingen
Received on Tue Mar 24 1998 - 10:29:50 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:39:26 MST