RE: [squid-users] DNS/Domain Blocklists

> -----Original Message-----
> From: Ben Wylie [mailto:squid@benwylie.co.uk]
> Sent: Saturday, April 16, 2005 5:41 AM
> To: squid-users@squid-cache.org
> Subject: [squid-users] DNS/Domain Blocklists
>
>
> Thanks for all of your advice so far.
>
> Using the latest stable SquidNT 2.5, I've been trying to set up some
content
> filtering. First of all, for advertisements, but then to block porn and
> illegal/undesirable sites for our own network.
>
> I managed to get various lists of domain names, and wrote a perl script to
> convert it into regular expressions, so that blockedsite.com would also
> block www.blockedsite.com. This works for small lists, but it appears that
> when I start the windows service, it loads all of the lists into memory,
so
> some of the large 9mb files of blocked domains cause it to behave very
> strangely - and in fact, fail to start. I just watch the memory usage go
up
> and up, even after it says it has failed to start the service.
>
> I guess that that is what is good about squidguard, that it must query a
> database, rather than keeping the whole database in memory.
>
> Does anyone using SquidNT either have a system for blocking large numbers
of
> domains without having memory consumption going through the roof. Also it
> takes an absolute age checking through 9mbs worth of regular expression,
so
> that isn't really practical anyway.
> If there isn't that kind of local system, is there any kind of domain
lookup
> services which check a domain name against a black list on the internet,
> much like the anti-spam DNSBL lookups which are very effective. The DNSBL
> lists are publicly accessible lists which mailservers can query against ip
> addresses from whom they have received emails, if they are in the
blocklist,
> they reject the email. IS there a similar system where the url can be
> checked against separate remote blacklists of a)advert site b)port
> c)warez...
>
> I'd appreciate any advice on whether there is anything for windows that
> works in either of these two methods.
>
> Thanks
> Ben

Use dstdom acls instead of url_regex. If you put a period in front of the
url (e.g. .blockedsite.com) it will block the domain and any sub-domains.
It's also MUCH better from a performance standpoint, though I have no idea
how it will handle 9mb of domains... It almost sounds like you would be
better off with either a white list, or a service to do the blocking for
you.

Chris
Received on Wed Apr 20 2005 - 11:48:47 MDT