From owner-freebsd-security Tue Mar 27 22:16:13 2001 Delivered-To: freebsd-security@freebsd.org Received: from athena.za.net (athena.za.net [196.30.167.200]) by hub.freebsd.org (Postfix) with ESMTP id 2701437B718 for ; Tue, 27 Mar 2001 22:16:06 -0800 (PST) (envelope-from jus@athena.za.net) Received: from jus (helo=localhost) by athena.za.net with local-esmtp (Exim 3.13 #1) id 14i9DL-0000GD-00; Wed, 28 Mar 2001 08:13:51 +0200 Date: Wed, 28 Mar 2001 08:13:51 +0200 (SAST) From: Justin Stanford X-Sender: jus@athena.za.net To: Cy Schubert - ITSD Open Systems Group Cc: Olivier Nicole , uknowho@n0mansland.net, freebsd-security@FreeBSD.ORG Subject: Re: Filtering inappropriate content In-Reply-To: <200103280604.f2S648R14405@cwsys.cwsent.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Squid with SquidGuard works amazingly well. (It comes with a *massive* database of offending sites, too.) -- Justin Stanford 082 7402741 jus@security.za.net www.security.za.net IT Security and Solutions On Tue, 27 Mar 2001, Cy Schubert - ITSD Open Systems Group wrote: > In message <200103280405.LAA16283@banyan.cs.ait.ac.th>, Olivier Nicole > writes: > > >The organization is looking to filter web content only. Apolgies for > > >the confusion. > > > > Squid has some rules to do contents filtering I guess. > > I tried it. Squid is not all that effective. For example, matching > expressions can be found in perfectly legitimate URL's, e.g. a sun.com > web page has the character string "sex" in it (I think it was a Virtual > Adrien component called RICHPsex), so my filter blocked it. I'm sure > that operators of web sites that you want to block could name their > files and directories with non-offending names, bypassing your filter. > A squid filter may not have the desired effect. > > The only solution I can think of that works is to subscribe to a > service that maintains a database of offending sites. Cisco routers > are able to query a system that serves data from databases provided by > vendors of this service. Many of these databases block by IP address > rather than FQDN. Some even block by network address because operators > of these sites have been known to move their systems to different IP > addresses on the same network to circumvent filters based on IP address. > > > Regards, Phone: (250)387-8437 > Cy Schubert Fax: (250)387-5766 > Team Leader, Sun/Alpha Team Internet: Cy.Schubert@osg.gov.bc.ca > Open Systems Group, ITSD, ISTA > Province of BC > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message