Re: Huge Deny-Lists

From: Chris Foote <>
Date: Wed, 25 Mar 1998 09:49:54 +1030 (CST)

On Tue, 24 Mar 1998, Jens Frank wrote:

> We have a network of about 15 schools. Most of them are sitting behind our
> firewall. The firewall hosts a squid, which has about 10000 sites blocked.
> We are using this approach since there is no NetNanny-alike available for
> Unix. We are also working together with some schools not connected to our
> firewall. At the moment, we distribute squid.conf to these sites. The
> problem is, that this file is
> a) growing constantly, and adding sites requires the restart of squid
> or the reload of the config file, both resulting in the proxy being
> not available for some minutes.
> b) plain text. This file is rather ,,explicit'' itself, and pupils being
> admin on some of our servers shouldn't be able to make use of this list.
> And thinking of the passwords teachers use to ,,secure'' their server
> makes me feel even worse.
> Are there any means by which we could easily change the configuration
> without the server being unavailable? And is there some way to dump the
> tree squid creates outof our acl's in some binary, not trivial readable
> form ? Using some binary deny-list would allow to distribute our list to
> other schools we don't have direct contact to. (This would be security by
> obscurity, but better than nothing)

Hello Jens.

You may find that a redirector would be more suitable. i.e. You
can redirect matches for the blocked URLs to a local "access has
been blocked" web page.

Squirm can do this (see but I
haven't ever tried it with quite that many URLs :)

There is a commercial product available in the form of a squid
redirector for which they keep an updated list of banned URLs for
you, saving you quite a bit of work - I haven't tried it, but the
info looks quite good: SmartFilter:

Hope this helps,

Chris Foote SE Net
Technical Manager 222 Grote Street
SE Network Access Adelaide SA 5000
e-mail Australia
phone : (08) 8221 5221 PGP Public Key available from
fax: (08) 8221 5220
support: (08) 8221 5792
Received on Tue Mar 24 1998 - 15:25:18 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:39:27 MST