[Gllug] Proxy Server

Ian Baillie ian.baillie at westminster.org.uk
Tue Nov 12 14:41:20 UTC 2002 

Would that be the November Issue, I can't find anything on that in here
:-(


On Tue, 2002-11-12 at 12:13, Xander D Harkness wrote:
> 
> 
> Ian Baillie wrote:
> 
> >Hi All,
> >
> >I posted a similar email, a while back (probably at the beginning of the
> >year), but the time has come to implement a solution.
> >
> >What I want:
> >A proxy server, with web caching capabilities, firewall and filtering.
> >Ideally, the filtering will look up entries in a database, so it can be
> >dynamically updated, as and when unsuitable sites are found and added.
> >Later on, I may want to add EMail services, Anti-Virus and Intranet server.
> >
> >My Understanding:
> >>From previous emails, I seem to recall that I should use Squid for the
> >proxy/caching server, with squid-guard to perform the filtering and
> >iptables for firewalling.
> >
> >Questions:
> >Can this setup be used in conjunction with a database e.g. mySQL to lookup
> >unsuitable sites, and redirect to a admin page stating the site is barred?
> >Does anyone know of a suitable ban list?
> >Is it okay to have the proxy/caching/firewall/database/filtering all on the
> >same machine?
> >
> You can block all sites using a wildcard such as *.bl.harkness.co.uk 
> within squidguard
> 
> In addition I use a dns database for exim (the same as the RBL but self 
> maintained) at bl.harkness.co.uk.  Exim allows this to contain email 
> addresses, domains or IPs and will look up a host 
> nasty at person.com.bl.harkness.co.uk.
> 
> If you were looking to block a site such as msn then 
> msn.bl.harkness.co.uk would not be a million miles away from what you 
> may need.
> 
> If you want to take this further in Linux Journal this month there was a 
> name server that runs from a MySQL database with a PHP front end to 
> configure it.  I believe it was hosted on sourceforge.
> 
> You could start with bind to see how it operates and grow it from there.
> 
> squidguard provides an updated list of block sites (weekly list with 
> diffs)  I think the porn list had about 30,000 sites before updates 
> (Yes, that kept me busy browsing for a while - Not ;-)  It is astounding 
> looking through the list at the sheer creativity!
> 
> If you list sites by domain in the iptables I am sure you could also tie 
> that into dns too.
> 
> Depending upon your requirements you might also like to have a look at 
> the squid authentication too.  The modules provided include smb_auth and 
> pam_auth so it is really quite flexible and allows you to monitor who 
> goes where, how much bandwidth each person uses and which computers the 
> users are logging into.
> 
> KInd regards
> Xander
> 
> >
> >Other info:
> >The clients are a mixture of Mac OS 9, Mac OS X, Win 98, Win 2K and Win XP.
> > Currently, there is an OS 9 server running VicomServer (proxy software)
> >with filtering using cyberNot.  This is a school enviorment, so the
> >filtering needs to be pretty good.
> >
> >Thanks in advance...
> >
> >
> >Ian
> >
> >  
> >
> 
> 
> -- 
> Gllug mailing list  -  Gllug at linux.co.uk
> http://list.ftech.net/mailman/listinfo/gllug



-- 
Gllug mailing list  -  Gllug at linux.co.uk
http://list.ftech.net/mailman/listinfo/gllug

More information about the GLLUG mailing list