[Gllug] Proxy Server
Xander D Harkness
xander at harkness.co.uk
Tue Nov 12 12:13:03 UTC 2002
Ian Baillie wrote:
>Hi All,
>
>I posted a similar email, a while back (probably at the beginning of the
>year), but the time has come to implement a solution.
>
>What I want:
>A proxy server, with web caching capabilities, firewall and filtering.
>Ideally, the filtering will look up entries in a database, so it can be
>dynamically updated, as and when unsuitable sites are found and added.
>Later on, I may want to add EMail services, Anti-Virus and Intranet server.
>
>My Understanding:
>>From previous emails, I seem to recall that I should use Squid for the
>proxy/caching server, with squid-guard to perform the filtering and
>iptables for firewalling.
>
>Questions:
>Can this setup be used in conjunction with a database e.g. mySQL to lookup
>unsuitable sites, and redirect to a admin page stating the site is barred?
>Does anyone know of a suitable ban list?
>Is it okay to have the proxy/caching/firewall/database/filtering all on the
>same machine?
>
You can block all sites using a wildcard such as *.bl.harkness.co.uk
within squidguard
In addition I use a dns database for exim (the same as the RBL but self
maintained) at bl.harkness.co.uk. Exim allows this to contain email
addresses, domains or IPs and will look up a host
nasty at person.com.bl.harkness.co.uk.
If you were looking to block a site such as msn then
msn.bl.harkness.co.uk would not be a million miles away from what you
may need.
If you want to take this further in Linux Journal this month there was a
name server that runs from a MySQL database with a PHP front end to
configure it. I believe it was hosted on sourceforge.
You could start with bind to see how it operates and grow it from there.
squidguard provides an updated list of block sites (weekly list with
diffs) I think the porn list had about 30,000 sites before updates
(Yes, that kept me busy browsing for a while - Not ;-) It is astounding
looking through the list at the sheer creativity!
If you list sites by domain in the iptables I am sure you could also tie
that into dns too.
Depending upon your requirements you might also like to have a look at
the squid authentication too. The modules provided include smb_auth and
pam_auth so it is really quite flexible and allows you to monitor who
goes where, how much bandwidth each person uses and which computers the
users are logging into.
KInd regards
Xander
>
>Other info:
>The clients are a mixture of Mac OS 9, Mac OS X, Win 98, Win 2K and Win XP.
> Currently, there is an OS 9 server running VicomServer (proxy software)
>with filtering using cyberNot. This is a school enviorment, so the
>filtering needs to be pretty good.
>
>Thanks in advance...
>
>
>Ian
>
>
>
--
Gllug mailing list - Gllug at linux.co.uk
http://list.ftech.net/mailman/listinfo/gllug
More information about the GLLUG
mailing list