RE: [squid-users] Websense with Squid

From: Ward, John (GroupWare) <>
Date: Wed, 20 Feb 2002 09:24:05 +0200

hey fellers .... didn't one version of fwtk support CVP ? or was it a gauntlet version...
that way at least, you could install a proxy type connector to make the squid forward its connections to....

-----Original Message-----
From: Simon White []
Sent: 19 February 2002 10:50
To: Squid Support (Henrik Nordstrom)
Subject: Re: [squid-users] Websense with Squid

I think a commercial program like WebSense is shooting itself in the foot
by not allowing me to integrate it with Open Source projects. I work in
Africa and Open Source is a Good Thing here. Microsoft products are no
cheaper in Africa, and as they close in with the BSA and start, in 2002,
their war on piracy, then many businesses are going to be forced to think
Open Source so that they can have a solid network without huge annual fees
for upgrades and such.

One thing that is an issue for us here is bandwidth cost, and thus web
filters / spam filters / caches are an excellent way for us to acheive
more with limited resources. I have checked, configured and in some cases
installed Squid at African ISPs in Tunisia, Morocco and Malawi, and it was
always present even on networks where commercial software had been part of
the initial investment, Cobalt CacheRaqs and Qubes run an albeit less from
perfect version of Squid which we have deployed in Educational projects.
Whole schools run, if they have internet at all, at 64 or 128 kbps and
then that's only those that are privately funded by fee paying students.

The one thing that a commercial product like Websense can do is improve
productivity. 128kbps pipes get saturated quickly if an efficient filter
is not in place, and for all the great efforts of something like Squid
Block, it is, as described on the web site:

"some general catchall rules that filter out sites, and a second
list of sites that would be blocked by this list, but are in reality
legitimate web sites."

which is a far cry from a human database which is updated on a regular
basis. Lot of false positives can come out of general rules. You cannot
expect the open source community, with all due respect, to come up with a
full-on database of sites in competition with a commercial product which
is clearly in a market with few competitors, and will win because its
efficiency can save a company a lot more money in lower bandwidth, higher
cost situations.

So, I was hoping to include Websense in an integration with Squid and can
even get packets to the Websense machine on whatever port it likes
transparently, but I can't use it because they have developed a
proprietary protocol, possibly aimed at forcing us all to buy specific
hardware or commercial firewalls in order to keep the investment in the
"club" including Microsoft, Cisco, Check Point, and Inktomi...

Well anyway enough politics, thanks for the responses I have had. I will
have to go install an old licence of Microsoft Proxy I have hanging around
on the network to get packets back from Websense.

|-Simon White
|-Internet Services Manager
|-tel +212.3.767.4861
|-fax +212.3.767.4863
|-14, rue 16 novembre
|-Rabat, Kingdom of Morocco
On Tue, 19 Feb 2002, Squid Support (Henrik Nordstrom) wrote:
> Not a good progress.
> There are others who are more open on the subject.
> Regards
> Henrik
> On Tuesday 19 February 2002 09:48, Simon White wrote:
> > Yes. Their official reply to me 12 months ago was "Squid
> > integration by June 2001", now it's "No integration with Squid". I
> > wrote them and told them to get up and support it, open up the WISP
> > protocol, give it to some Squid hackers... have it integrated in no
> > time at all.
This message contains privileged and confidential information intended 
only for the person or entity to which it is addressed.
Any review, retransmission, dissemination, copy or other use of, or
taking of any action in reliance upon this information by persons or
entities other than the intended recipient, is prohibited.
If you received this message in error, please notify the sender
immediately by e-mail, facsimile or telephone and thereafter delete the
material from any computer.
The New Africa Capital Group, its subsidiaries or associates do not accept liability for any
personal views expressed in this message.
Received on Wed Feb 20 2002 - 00:25:02 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:06:26 MST