Re: [squid-users] Can this be done ?

From: Christoph Haas <email@dont-contact.us>
Date: Mon, 23 Jan 2006 17:15:33 +0100

On Monday 23 January 2006 15:36, S t i n g r a y wrote:
> i am planning to build a Linux based firewall+proxy
> server, currently i am using windows 2003 ISA 2000
> with surfcontrol webfilter, which works fine except
> for the performance point of view.
> now cause this is my first time with linux firewall i
> have chossen MNF firewall from mandiva, mandiva uses
> squid for proxy caching, now i want to know, is it
> possible to do these things with squid or one of its
> plugins ?
>
> 1. block specific catagory related websites ?
> "porn,advertiesments,sports,games etc etc ..."

Rumors say that redirectors like SquidGuard can do this. But it's not
reliably IMHO because the quality of the URL lists is too bad to really be
useful in production. Serious porn surfers will probably only need seconds
to cirumvent your security. And think of public anonymizing proxies. I
could not yet reliably block such categories with free software.
Maintaining the URL lists needs a lot of manpower. So don't expect too
much. Many administrators are happy enough with it though.

> 2. give quota to certian webcontent to everyuser, for
> example allow single to download 100MB worth .mp3 or
> .zip files ?

You would need to write your own external scripts that trace Squid's
access.log and block access for a certain user - perhaps based on external
ACLs doing a database lookup. But that's not trivial.

Additional problem: you can't reliably tell whether a file is ZIP or MP3
because Squid doesn't look at the content to determine the correct MIME
type. You could of course parse the URL with url_regex ACLs and try to
detect such files.

 Christoph (yes, I have a real name)

-- 
Never trust a system administrator who wears a tie and suit.
Received on Mon Jan 23 2006 - 09:15:41 MST

This archive was generated by hypermail pre-2.1.9 : Wed Feb 01 2006 - 12:00:01 MST