[squid-users] squidguard and windows update
Eliezer Croitoru
eliezer at ngtech.co.il
Wed Nov 25 13:30:28 UTC 2015
I am biased but both squid and squidguard requires some action when you
need to update the acls.
If you need a small amount of rules it is fine to use squid otherwise
you better try external tools for filtering.
Eliezer
On 25/11/2015 13:51, Amos Jeffries wrote:
> Wait up.
>
> Magic has been fooled by the marketing words into thinking a "deny page"
> from SquidGuard actually denies something. It does not.
>
> All SG does. All it ever can do. Is tell Squid where to fetch the URL
> from (rewrite), or to tell Squid to tell the client to try somewhere
> else (redirect).
>
> What Magic is thinking of as a "deny" is actually just a statement
> "here, fetch the data from 127.0.0.1". Then the SG (aka. 127.0.0.1) when
> asked responds by dumping out its HTML "error page" text as the reply.
> This unexpected response completely breaks whatever the client needed to
> fetch. If the client is a browser then it happily displays the HTML
> response (as seen in the test described), otherwise it just*breaks*
> whatever application was running.
>
> I expect the real clients are seeing lots of very annoying WindowsUpdate
> 8002something errors, getting pissed off, and then working to bypass the
> "that damn proxy" which is breaking their Windows machines.
>
> What this means for Squid (and sarg) is that the lines above get logged.
> The server SG told Squid to contact*did* respond and the response*was*
> an "HTTP/1.1 200 OK" reply message.
>
>
>
> Magic; I suggest you drop SG and use squid.conf ACLs instead. Everything
> SG can do so can Squid itself.
>
> Amos
More information about the squid-users
mailing list