[squid-users] squidguard and windows update

Eliezer Croitoru eliezer at ngtech.co.il
Wed Nov 25 13:30:28 UTC 2015

I am biased but both squid and squidguard requires some action when you 
need to update the acls.
If you need a small amount of rules it is fine to use squid otherwise 
you better try external tools for filtering.


On 25/11/2015 13:51, Amos Jeffries wrote:
> Wait up.
> Magic has been fooled by the marketing words into thinking a "deny page"
> from SquidGuard actually denies something. It does not.
> All SG does. All it ever can do. Is tell Squid where to fetch the URL
> from (rewrite), or to tell Squid to tell the client to try somewhere
> else (redirect).
> What Magic is thinking of as a "deny" is actually just a statement
> "here, fetch the data from". Then the SG (aka. when
> asked responds by dumping out its HTML "error page" text as the reply.
> This unexpected response completely breaks whatever the client needed to
> fetch. If the client is a browser then it happily displays the HTML
> response (as seen in the test described), otherwise it just*breaks*
> whatever application was running.
> I expect the real clients are seeing lots of very annoying WindowsUpdate
> 8002something errors, getting pissed off, and then working to bypass the
> "that damn proxy" which is breaking their Windows machines.
> What this means for Squid (and sarg) is that the lines above get logged.
> The server SG told Squid to contact*did*  respond and the response*was*
> an "HTTP/1.1 200 OK" reply message.
> Magic; I suggest you drop SG and use squid.conf ACLs instead. Everything
> SG can do so can Squid itself.
> Amos

More information about the squid-users mailing list