From owner-freebsd-security  Tue Mar 27 22: 6: 6 2001
Delivered-To: freebsd-security@freebsd.org
Received: from point.osg.gov.bc.ca (point.osg.gov.bc.ca [142.32.102.44])
	by hub.freebsd.org (Postfix) with ESMTP id E656137B71A
	for <freebsd-security@FreeBSD.ORG>; Tue, 27 Mar 2001 22:06:03 -0800 (PST)
	(envelope-from Cy.Schubert@uumail.gov.bc.ca)
Received: (from daemon@localhost)
	by point.osg.gov.bc.ca (8.8.7/8.8.8) id WAA14183;
	Tue, 27 Mar 2001 22:04:55 -0800
Received: from passer.osg.gov.bc.ca(142.32.110.29)
 via SMTP by point.osg.gov.bc.ca, id smtpda14181; Tue Mar 27 22:04:45 2001
Received: (from uucp@localhost)
	by passer.osg.gov.bc.ca (8.11.2/8.9.1) id f2S64ZJ72995;
	Tue, 27 Mar 2001 22:04:35 -0800 (PST)
Received: from cwsys9.cwsent.com(10.2.2.1), claiming to be "cwsys.cwsent.com"
 via SMTP by passer9.cwsent.com, id smtpdz72987; Tue Mar 27 22:04:13 2001
Received: (from uucp@localhost)
	by cwsys.cwsent.com (8.11.3/8.9.1) id f2S648R14405;
	Tue, 27 Mar 2001 22:04:08 -0800 (PST)
Message-Id: <200103280604.f2S648R14405@cwsys.cwsent.com>
Received: from localhost.cwsent.com(127.0.0.1), claiming to be "cwsys"
 via SMTP by localhost.cwsent.com, id smtpdc14400; Tue Mar 27 22:03:37 2001
X-Mailer: exmh version 2.3.1 01/18/2001 with nmh-1.0.4
Reply-To: Cy Schubert - ITSD Open Systems Group <Cy.Schubert@uumail.gov.bc.ca>
From: Cy Schubert - ITSD Open Systems Group <Cy.Schubert@uumail.gov.bc.ca>
X-Sender: schubert
To: Olivier Nicole <on@cs.ait.ac.th>
Cc: uknowho@n0mansland.net, freebsd-security@FreeBSD.ORG
Subject: Re: Filtering inappropriate content 
In-reply-to: Your message of "Wed, 28 Mar 2001 11:05:52 +0700."
             <200103280405.LAA16283@banyan.cs.ait.ac.th> 
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Date: Tue, 27 Mar 2001 22:03:36 -0800
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

In message <200103280405.LAA16283@banyan.cs.ait.ac.th>, Olivier Nicole 
writes:
> >The organization is looking to filter web content only.  Apolgies for
> >the confusion.
> 
> Squid has some rules to do contents filtering I guess.

I tried it.  Squid is not all that effective.  For example, matching 
expressions can be found in perfectly legitimate URL's, e.g. a sun.com 
web page has the character string "sex" in it (I think it was a Virtual 
Adrien component called RICHPsex), so my filter blocked it.  I'm sure 
that operators of web sites that you want to block could name their 
files and directories with non-offending names, bypassing your filter.  
A squid filter may not have the desired effect.

The only solution I can think of that works is to subscribe to a 
service that maintains a database of offending sites.  Cisco routers 
are able to query a system that serves data from databases provided by 
vendors of this service.  Many of these databases block by IP address 
rather than FQDN.  Some even block by network address because operators 
of these sites have been known to move their systems to different IP 
addresses on the same network to circumvent filters based on IP address.


Regards,                         Phone:  (250)387-8437
Cy Schubert                        Fax:  (250)387-5766
Team Leader, Sun/Alpha Team   Internet:  Cy.Schubert@osg.gov.bc.ca
Open Systems Group, ITSD, ISTA
Province of BC




To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message