[squid-users] Best way to deny access to URLs in Squid 3.3.x?
Amos Jeffries
squid3 at treenet.co.nz
Thu Oct 16 05:10:05 UTC 2014
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 15/10/2014 8:03 a.m., Mike wrote:
> On 10/14/2014 12:37 PM, Mirza Dedic wrote:
>> Just curious, what are some of you doing in your Squid
>> environment as far as URL filtering goes? It seems there are a
>> few options out there.. squidguard... dansguardian.. plain block
>> lists.
>>
>> What is the best practice to implement some sort of block list
>> into squid? I've found urlblacklist.com that has a pretty good
>> broken down URL block list by category, what would be the best
>> way to go.. use dansguardian with this list or set it up in
>> squid.conf as an "acl dstdomain" and feed in the block list file
>> without calling an external helper application?
>>
>> Thanks.
>>
>
> We have used dansguardian before, but there is a newer updated
> "fork" by some of the original crew called "e2guardian" that can
> also handle some SSL urls via blacklisting (as long as squid is
> also setup with ssl-bump in 3.4.x). Otherwise within squid itself,
> the dstdomain and regex_dstdomain acls are an option, but that does
> not provide much for filtering content of the websites themselves.
Content filtering is a nasty field (both content complexity and legal
minefields). We have explicitly designed the Squid proxy just to proxy
traffic around, not to perform cuch filtering itself.
Squid instead provides ICAP and eCAP adaptation interfaces for
third-party services or plugins to use for content filtering and many
other things:
http://www.squid-cache.org/Misc/icap.html
http://www.icap-forum.org/icap?do=products
Even a NoSQL cache plugin
http://www.squid-cache.org/Misc/ecap.html
Amos
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (MingW32)
iQEcBAEBAgAGBQJUP1MtAAoJELJo5wb/XPRj4e8IAIS8GiLCTdjIPwkR8DCr1Id/
S9PlXJ1l74kGBVJ2l8zOcZS6WQ6lwRjzHDw1zlnXWHNoBsagfHkasX1KNtO7ih1u
tkkBtRlrlmXf3zleWoD2isxy58DmoVFfNbJxhy9UM7jB4HrRn7V4kQYjWRxtX8F+
ZQs/igD4UPAZOkGY8nuyNKVZuMLRr9+ZsOn+qmm5KFFG1xYAOYErzcUiQfhku0d2
Vnt/pMooeYJfAOd3uttfRWWClF1KrbOYebb+jfo5DvMBvLnvjLaLF7WaOa0Ljba6
607NBlyB33dqpW4qIk4503N8P0LMXrSRdrr9NwiJ3AB7xGJzSZb5zG5LUyr3v98=
=WUcV
-----END PGP SIGNATURE-----
More information about the squid-users
mailing list