Re: [squid-users] Can this be done ?

If you use the canned lists from SquidGuard, you're good to go.

3rd party blacklists have a tendency to be illegitimate. I found one
person that had geocities.com in the blacklist.
I strongly disagree with that entry.

However, this does not belittle the effectiveness of redirectors. They
work and they're reliable.

Christoph Haas <email@christoph-haas.de>
01/23/2006 11:15 AM

To
squid-users@squid-cache.org
cc

Subject
Re: [squid-users] Can this be done ?

On Monday 23 January 2006 15:36, S t i n g r a y wrote:
> i am planning to build a Linux based firewall+proxy
> server, currently i am using windows 2003 ISA 2000
> with surfcontrol webfilter, which works fine except
> for the performance point of view.
> now cause this is my first time with linux firewall i
> have chossen MNF firewall from mandiva, mandiva uses
> squid for proxy caching, now i want to know, is it
> possible to do these things with squid or one of its
> plugins ?
>
> 1. block specific catagory related websites ?
> "porn,advertiesments,sports,games etc etc ..."

Rumors say that redirectors like SquidGuard can do this. But it's not
reliably IMHO because the quality of the URL lists is too bad to really be

useful in production. Serious porn surfers will probably only need seconds

to cirumvent your security. And think of public anonymizing proxies. I
could not yet reliably block such categories with free software.
Maintaining the URL lists needs a lot of manpower. So don't expect too
much. Many administrators are happy enough with it though.

> 2. give quota to certian webcontent to everyuser, for
> example allow single to download 100MB worth .mp3 or
> .zip files ?

You would need to write your own external scripts that trace Squid's
access.log and block access for a certain user - perhaps based on external

ACLs doing a database lookup. But that's not trivial.

Additional problem: you can't reliably tell whether a file is ZIP or MP3
because Squid doesn't look at the content to determine the correct MIME
type. You could of course parse the URL with url_regex ACLs and try to
detect such files.

 Christoph (yes, I have a real name)

-- 
Never trust a system administrator who wears a tie and suit.