Date: Sat, 26 Sep 1998 00:58:10 -0500 (CDT) From: Chris Dillon <cdillon@wolves.k12.mo.us> To: Mike Smith <mike@smith.net.au> Cc: freebsd-chat@FreeBSD.ORG Subject: Re: URL Based Filtering on FreeBSD Message-ID: <Pine.BSF.4.02A.9809260046540.24175-100000@duey.hs.wolves.k12.mo.us> In-Reply-To: <199809260155.SAA02947@dingo.cdrom.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, 25 Sep 1998, Mike Smith wrote: > > Sigh. Looks like Missouri is going to require that all K12 schools > > eventually implement "web-filtering" sometime in the near future. At > > the moment we have a grant, with not much time left to use it, that will > > let us buy what we need to do this. I was _really really_ hoping that I > > could find something that would work with FreeBSD (or BSDi, or Linux, or > > Solaris/x86, but PLEASE for the love of god don't make me use NT!). I > > can't remember if you can do URL based filtering in Squid or not.. If > > so, maybe if I could get a (maintained) plaintext version of "bad" sites > > I could hack it into Squid. :-) > > URL filtering is ineffective; there are trivial ways around it. If you > want to/have to go with this, you'll want to put up firewall machines > and IP blacklists. Wether it is or not is irrelevant, unfortunately. If they say we gotta have it, well, we gotta have it. :-( If, however, they do not specify exactly what type of filtering we need, the IP blacklisting you mention may just be the best way to go about this. Unfortunately, that can create one humungous blacklist and a big burden on the firewall (esp. when one site has 50 servers to keep up with the load.. You know they have to be running NT to need that many <grin>). If I give the job of filtering to the proxy itself, based on either IP-address/domain-name _or_ URL, then that would be just as effective, wouldn't it? Then the firewall can pass all non-http data without any overhead. All http traffic will be blocked at the firewall, of course, except from the proxy. > This is something akin to trying to keep back the tide, but it's a > deployable solutiuon based on free tools. I may have found what I was looking for, though... Someone packaged up some redirector stuff for Squid that would let me stick a list of sites somewhere and Squid would redirect them to a page telling them they've been naughty. The only problem at that point is coming up with a maintained list of the sites. > -- > \\ Sometimes you're ahead, \\ Mike Smith > \\ sometimes you're behind. \\ mike@smith.net.au > \\ The race is long, and in the \\ msmith@freebsd.org > \\ end it's only with yourself. \\ msmith@cdrom.com > > -- Chris Dillon - cdillon@wolves.k12.mo.us - cdillon@inter-linc.net /* FreeBSD: The fastest and most stable server OS on the planet. For Intel x86 and compatibles (SPARC and Alpha under development) (http://www.freebsd.org) */ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-chat" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.02A.9809260046540.24175-100000>