[Tfug] A question for somebody else...

Paul Steinbach MIS at samlevitz.com
Mon Aug 11 10:08:42 MST 2008 

If you use IpCop for your squid transparent proxy, there is 
documentation on DansGuardian which seems to way to update blacklists 
aimed at protecting children.

tfug-request at tfug.org wrote:
> Send tfug mailing list submissions to
> 	tfug at tfug.org
>
> To subscribe or unsubscribe via the World Wide Web, visit
> 	http://www.tfug.org/mailman/listinfo/tfug_tfug.org
> or, via email, send a message with subject or body 'help' to
> 	tfug-request at tfug.org
>
> You can reach the person managing the list at
> 	tfug-owner at tfug.org
>
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of tfug digest..."
>
>
> Today's Topics:
>
>    1. Re: A question for somebody else... (Rich)
>    2. Re: A question for somebody else... (Tim Ottinger)
>    3. Re: A question for somebody else... (Ian McEwen)
>    4. Re: T-shirts - time to actually order! (christopher)
>
>
> ----------------------------------------------------------------------
>
> Message: 1
> Date: Mon, 11 Aug 2008 06:52:49 -0700
> From: Rich <r-lists at studiosprocket.com>
> Subject: Re: [Tfug] A question for somebody else...
> To: Tucson Free Unix Group <tfug at tfug.org>
> Message-ID: <848CC252-9A55-495A-8202-0B9A7B33E0CC at studiosprocket.com>
> Content-Type: text/plain; charset=US-ASCII; delsp=yes; format=flowed
>
>
> On Aug 11, 2008, at 6:33 am, Tim Ottinger wrote:
>
>   
>> I once installed squid as transparent proxy for a church,
>>     
>
> <insert witty joke about porn filters and churches>
>
>   
>> and I remember pulling a blacklist from somewhere.  I think that  
>> it's a tough game, and you have to continually review logs for  
>> false positives and non-rejected sites.
>>     
>
> Or set up a cron job to keep pulling a blacklist you trust.  
> Obviously, you'll want to test it first, and check things like  
> breastfeeding or breast cancer sites aren't blocked.
>
>   
>> Blacklisting isn't going to be your best option.   We did some  
>> filtering on regex, though I don't remember how that worked.
>>     
>
> From: http://www.squid-cache.org/mail-archive/squid-users/ 
> 200301/0507.html
>
>   
>> If you use regex lists, try to have them as short as possible. The  
>> regex based acl types are farily CPU intensive compared to other  
>> fixed matches.
>>
>> Do not use url_regex for matching domains unless you have a strong  
>> reason to as url_regex matches anywhere in the url (including query  
>> strings), and this can give quite surprising results from time to  
>> time if the regex list is not very carefully crafted.
>>     
>
>
> You might want to search/ask that mailing list for advice.
>
> R.
>
>
>
>
>
> ------------------------------
>
> Message: 2
> Date: Mon, 11 Aug 2008 09:27:25 -0500
> From: Tim Ottinger <tottinge at gmail.com>
> Subject: Re: [Tfug] A question for somebody else...
> To: Tucson Free Unix Group <tfug at tfug.org>
> Message-ID: <48A04C4D.9060503 at gmail.com>
> Content-Type: text/plain; charset=ISO-8859-1; format=flowed
>
> Rich wrote:
>   
>> On Aug 11, 2008, at 6:33 am, Tim Ottinger wrote:
>>   
>>     
>>> I once installed squid as transparent proxy for a church,
>>>     
>>>       
>> <insert witty joke about porn filters and churches>
>>   
>>     
>
> <grins>
>
> They had computers in the youth and children's areas for "hang time" and 
> games.  They wanted to make sure that the fun and games were not going 
> to go wrong.
>   
>>> and I remember pulling a blacklist from somewhere.  I think that  
>>> it's a tough game, and you have to continually review logs for  
>>> false positives and non-rejected sites.
>>>     
>>>       
>> Or set up a cron job to keep pulling a blacklist you trust.  
>> Obviously, you'll want to test it first, and check things like  
>> breastfeeding or breast cancer sites aren't blocked.
>>   
>>     
> Right.  I had done just that.  They had funny ideas also about what 
> constituted "violence".
>
>
>
>
>
> ------------------------------
>
> Message: 3
> Date: Mon, 11 Aug 2008 08:35:42 -0700
> From: "Ian McEwen" <mcewen.ian at gmail.com>
> Subject: Re: [Tfug] A question for somebody else...
> To: "Tucson Free Unix Group" <tfug at tfug.org>
> Message-ID:
> 	<d787b90a0808110835t77d91129ued3da347fe9472a3 at mail.gmail.com>
> Content-Type: text/plain; charset="iso-8859-1"
>
> One option you might consider is DNS-based filtering; OpenDNS provides a
> service that blocks sites based on content, where the manager of DNS for a
> subnet can choose what is allowed/disallowed; I've seen this used at one
> airport I visited, that wanted to block various non-work-related sites from
> their employees' use. Not to mention, OpenDNS has had the DNS hole blocked
> (as best it can be, anyway) for longer than almost anybody, which is always
> a good sign.
>
> Blocklists and the (rather easy for a user of reasonable prowess) hole
> inherent in proxying will always be a problem when trying to block off
> anything, though. Just ask anyone who's gone through TUSD :)
>
> --
> Ian McEwen
>
> On Mon, Aug 11, 2008 at 7:27 AM, Tim Ottinger <tottinge at gmail.com> wrote:
>
>   
>> Rich wrote:
>>     
>>> On Aug 11, 2008, at 6:33 am, Tim Ottinger wrote:
>>>
>>>       
>>>> I once installed squid as transparent proxy for a church,
>>>>
>>>>         
>>> <insert witty joke about porn filters and churches>
>>>
>>>       
>> <grins>
>>
>> They had computers in the youth and children's areas for "hang time" and
>> games.  They wanted to make sure that the fun and games were not going
>> to go wrong.
>>     
>>>> and I remember pulling a blacklist from somewhere.  I think that
>>>> it's a tough game, and you have to continually review logs for
>>>> false positives and non-rejected sites.
>>>>
>>>>         
>>> Or set up a cron job to keep pulling a blacklist you trust.
>>> Obviously, you'll want to test it first, and check things like
>>> breastfeeding or breast cancer sites aren't blocked.
>>>
>>>       
>> Right.  I had done just that.  They had funny ideas also about what
>> constituted "violence".
>>
>>
>>
>> _______________________________________________
>> Tucson Free Unix Group - tfug at tfug.org
>> Subscription Options:
>> http://www.tfug.org/mailman/listinfo/tfug_tfug.org
>>
>>     
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL: http://www.tfug.org/pipermail/tfug_tfug.org/attachments/20080811/06d3e9be/attachment-0001.html 
>
> ------------------------------
>
> Message: 4
> Date: Mon, 11 Aug 2008 09:56:15 -0700
> From: christopher <skeptikos at gmail.com>
> Subject: Re: [Tfug] T-shirts - time to actually order!
> To: tfug at tfug.org
> Message-ID: <20080811095615.0dcae7e3.skeptikos at gmail.com>
> Content-Type: text/plain; charset=US-ASCII
>
> Ok, I'm in. I can prepay. Do you prefer me to drop off
> at your office or to mail it. I work on campus, so
> either way won't be a problem ~ Chris
>   


-- 
Paul Steinbach
MIS Manager
Sam Levitz Furniture

E-mail: MIS at samlevitz.com
Phone:  520.624.7443 X2571
Cell:   520.247.5730

More information about the tfug mailing list