From owner-freebsd-security  Tue Mar 27 22:16:13 2001
Delivered-To: freebsd-security@freebsd.org
Received: from athena.za.net (athena.za.net [196.30.167.200])
	by hub.freebsd.org (Postfix) with ESMTP id 2701437B718
	for <freebsd-security@freebsd.org>; Tue, 27 Mar 2001 22:16:06 -0800 (PST)
	(envelope-from jus@athena.za.net)
Received: from jus (helo=localhost)
	by athena.za.net with local-esmtp (Exim 3.13 #1)
	id 14i9DL-0000GD-00; Wed, 28 Mar 2001 08:13:51 +0200
Date: Wed, 28 Mar 2001 08:13:51 +0200 (SAST)
From: Justin Stanford <jus@security.za.net>
X-Sender: jus@athena.za.net
To: Cy Schubert - ITSD Open Systems Group <Cy.Schubert@uumail.gov.bc.ca>
Cc: Olivier Nicole <on@cs.ait.ac.th>, uknowho@n0mansland.net,
	freebsd-security@FreeBSD.ORG
Subject: Re: Filtering inappropriate content 
In-Reply-To: <200103280604.f2S648R14405@cwsys.cwsent.com>
Message-ID: <Pine.BSF.4.21.0103280813360.646-100000@athena.za.net>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

Squid with SquidGuard works amazingly well. (It comes with a *massive*
database of offending sites, too.)

--
Justin Stanford
082 7402741
jus@security.za.net
www.security.za.net
IT Security and Solutions


On Tue, 27 Mar 2001, Cy Schubert - ITSD Open Systems Group wrote:

> In message <200103280405.LAA16283@banyan.cs.ait.ac.th>, Olivier Nicole 
> writes:
> > >The organization is looking to filter web content only.  Apolgies for
> > >the confusion.
> > 
> > Squid has some rules to do contents filtering I guess.
> 
> I tried it.  Squid is not all that effective.  For example, matching 
> expressions can be found in perfectly legitimate URL's, e.g. a sun.com 
> web page has the character string "sex" in it (I think it was a Virtual 
> Adrien component called RICHPsex), so my filter blocked it.  I'm sure 
> that operators of web sites that you want to block could name their 
> files and directories with non-offending names, bypassing your filter.  
> A squid filter may not have the desired effect.
> 
> The only solution I can think of that works is to subscribe to a 
> service that maintains a database of offending sites.  Cisco routers 
> are able to query a system that serves data from databases provided by 
> vendors of this service.  Many of these databases block by IP address 
> rather than FQDN.  Some even block by network address because operators 
> of these sites have been known to move their systems to different IP 
> addresses on the same network to circumvent filters based on IP address.
> 
> 
> Regards,                         Phone:  (250)387-8437
> Cy Schubert                        Fax:  (250)387-5766
> Team Leader, Sun/Alpha Team   Internet:  Cy.Schubert@osg.gov.bc.ca
> Open Systems Group, ITSD, ISTA
> Province of BC
> 
> 
> 
> 
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-security" in the body of the message
> 


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message