Re: [squid-users] Websense with Squid

From: Joe Cooper <>
Date: Wed, 20 Feb 2002 02:01:30 -0600

There is a new company called Cerberian that I've spoken with recently
who offer what appears to be a pretty interesting content filtering
system. The reason I was talking with them is because they have
developed a Squid-redirector for their system--I've got a beta test copy
of it here, so I know it is working pretty well with Squid. I believe
they plan to make it their primary proxy platform, in fact, even going
so far as to suggest clients switch to Squid.

I also know that X-Stop plays friendly with a Squid network (a couple of
our clients are using X Stop machines on their networks).

There are others...But these two I am sure will work with Squid.

I don't know pricing of either solution.

And finally, a SquidGuard based solution is entirely possible--just not
easily implemented, and no one has gone to the trouble to build and
maintain a human edited and up to date set of black lists (this is on my
agenda to take up some of my Copious Free Time(tm) somtime in the future).

WebSense probably just hasn't run the numbers...Squid has 70% or more of
the worldwide installations of web caching servers, depending on who you
believe (I've heard numbers from some analysts placing it in the 90's
everywhere except the US, where it is acknowledged to be only about
60-70%). Good luck to them, if they want to compete with the companies
who do play nicely with the most popular proxy on the planet while /not/
playing nicely.

C. Jon Larsen wrote:

> I second this opinion. The k-12 education market requires proxy content
> filters to receive e-rate funding. Running websense on squid would make a
> lot of sense for these schools.
> On Tue, 19 Feb 2002, Simon White wrote:
>>I think a commercial program like WebSense is shooting itself in the foot
>>by not allowing me to integrate it with Open Source projects. I work in
>>Africa and Open Source is a Good Thing here. Microsoft products are no
>>cheaper in Africa, and as they close in with the BSA and start, in 2002,
>>their war on piracy, then many businesses are going to be forced to think
>>Open Source so that they can have a solid network without huge annual fees
>>for upgrades and such.
>>One thing that is an issue for us here is bandwidth cost, and thus web
>>filters / spam filters / caches are an excellent way for us to acheive
>>more with limited resources. I have checked, configured and in some cases
>>installed Squid at African ISPs in Tunisia, Morocco and Malawi, and it was
>>always present even on networks where commercial software had been part of
>>the initial investment, Cobalt CacheRaqs and Qubes run an albeit less from
>>perfect version of Squid which we have deployed in Educational projects.
>>Whole schools run, if they have internet at all, at 64 or 128 kbps and
>>then that's only those that are privately funded by fee paying students.
>>The one thing that a commercial product like Websense can do is improve
>>productivity. 128kbps pipes get saturated quickly if an efficient filter
>>is not in place, and for all the great efforts of something like Squid
>>Block, it is, as described on the web site:
>>"some general catchall rules that filter out sites, and a second
>>list of sites that would be blocked by this list, but are in reality
>>legitimate web sites."
>>which is a far cry from a human database which is updated on a regular
>>basis. Lot of false positives can come out of general rules. You cannot
>>expect the open source community, with all due respect, to come up with a
>>full-on database of sites in competition with a commercial product which
>>is clearly in a market with few competitors, and will win because its
>>efficiency can save a company a lot more money in lower bandwidth, higher
>>cost situations.
>>So, I was hoping to include Websense in an integration with Squid and can
>>even get packets to the Websense machine on whatever port it likes
>>transparently, but I can't use it because they have developed a
>>proprietary protocol, possibly aimed at forcing us all to buy specific
>>hardware or commercial firewalls in order to keep the investment in the
>>"club" including Microsoft, Cisco, Check Point, and Inktomi...
>>Well anyway enough politics, thanks for the responses I have had. I will
>>have to go install an old licence of Microsoft Proxy I have hanging around
>>on the network to get packets back from Websense.

Joe Cooper <>
Web Caching Appliances and Support
Received on Wed Feb 20 2002 - 01:02:06 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:06:26 MST