Gidday dude. (cc'd to the list because your email address is poked.) I run squid as the sole cache for a medium sized school network (100 PCs in an NT domain with a satellite dish at about 400 kbit/s)
We need to censor (or be seen to make an effort to censor) web content. First we used Cyberpatrol and MS Proxy on the NT server, but a twin PII 350 NT server could not keep up with it. So I used squidGuard (with a G) and squid to filter. squidGuard is an external redirector - squid will spawn X copies of it and use them to check a URL. squidGuard can have a million URLs and will only take a second to scan, or about 10 to 12 regular expressions will add a second too. I simply use the regexp /ad/|/ads/|/chat/|/irc/|/mail/ and that blocks 50 % of sites we don't want (chat rooms and web based email) When I see a site flit past on the console or see a student using one that should be blocked I simply add it to a raw text file, which is then compiled into a berkley DB and squid gets reconfigured. Squid ACLs are messy and not really intended for filtering based on URLs - rather they seem to be for controlling what machines can access your squid cache, and which domains your clients get direct (uncached) access to. Yell out if you want a copy of my filter files. ---------- From: [EMAIL PROTECTED]:[EMAIL PROTECTED] Sent: Friday, 24 March 2000 10:13 AM To: debian-user@lists.debian.org Subject: Squid ACLs does not work Hi, I have some problems with squid and its ACLs. I'm using Debian 2.2 with Kernel 2.2.13 and squid 2.2STABLE5. My ACL section in /etc/squid.conf looks like the following. acl all src 0.0.0.0/0.0.0.0 acl manager proto cache_object acl localhost src 127.0.0.1/255.255.255.255 acl SSL_ports port 443 563 acl Safe_ports port 80 21 443 563 70 210 1025-65535 acl purge method PURGE acl CONNECT method CONNECT acl BanDomains dstdomain "/etc/ban_domains.squid" acl localdomain srcdomain localdomain.own : http_access allow localdomain http_access deny BanDomains http_access allow manager localhost http_access deny manager http_access allow purge localhost http_access deny purge http_access deny !Safe_ports http_access deny CONNECT !SSL_ports And the file /etc/ban_domains.squid looks like... netscape.com microsoft.com msdn.com realnetworks.com But when I try connect to www.microsoft.com the proxy rersolves the hostname and connects. (My browser is configured to use the proxy, of course...). Does anyone have an idea where I made a mistake? Thanks. Sven ---------------------------------- Please reply only to [EMAIL PROTECTED] ---------------------------------- Date: 23-Mar-2000 Time: 23:07:15 ---------------------------------- -- Unsubscribe? mail -s unsubscribe [EMAIL PROTECTED] < /dev/null
