[Gllug] Proxy Server
Mark Lowes
hamster at korenwolf.net
Tue Nov 12 12:13:57 UTC 2002
On Tue, 2002-11-12 at 10:49, Ian Baillie wrote:
[...]
> My Understanding:
> >From previous emails, I seem to recall that I should use Squid for the
> proxy/caching server, with squid-guard to perform the filtering and
> iptables for firewalling.
Yup.
> Questions:
> Can this setup be used in conjunction with a database e.g. mySQL to lookup
> unsuitable sites, and redirect to a admin page stating the site is barred?
Bastard perl scripts looking for patterns in logs then feeding into a db
of some form from which another bastard perl script rebuilds your
firewall on a regular basis.
Of course some hostile could use this automation against you and cause
your system to firewall the whole internet :)
> Does anyone know of a suitable ban list?
Google is your friend, there are also block lists for squidguard linked
from the homepage.
As for ip blocking, no, it all depends on your local policy, what I
consider to be too aggressive in my lists might be considered wide open
from your POV.
> Is it okay to have the proxy/caching/firewall/database/filtering all on the
> same machine?
For certain values of ok, yes.
> with filtering using cyberNot. This is a school enviorment, so the
> filtering needs to be pretty good.
*sigh*
Easy.
Block all incoming connections, punch holes incoming for the mail
server.
Block all websites, allow trusted admins to add sites to the allow list,
when email goes live hook in spamassassin and make sure there's a strong
AUP for the students to abide by or lose their access.
In this situation go for 'tight as a ducks arse' filtering.
--
The Flying Hamster <hamster at korenwolf.net>
http://www.korenwolf.net/
IRISH DIPLOMACY: The ability to tell a man to go to Hell in such a way
that he looks forward to the trip.
--
Gllug mailing list - Gllug at linux.co.uk
http://list.ftech.net/mailman/listinfo/gllug
More information about the GLLUG
mailing list