[squid-users] squidguard not redirecting
hi, did you see this message ? On Fri, May 24, 2013 at 01:49:10PM -0300, Carlos Defoe wrote: Well, it seems that the problem has returned. Now i think it might be caused when logrotate runs, and therefore squid -k rotate. It's just a guess, since rotating is the only action that affects Squid. It didn't has been restarted since last time it was working fine. :?( a squid -k rotate On Mon, May 20, 2013 at 11:47 AM, Carlos Defoe carlosde...@gmail.com wrote: Ok, apparently the problem with squidGuard was related to corrupted databases, causing unpredictably behaviour. I recompiled everything and now is working fine. I'll think about the suggestions (ufdbguard and raw squid), and maybe write down a comparison. thanks guys! On Mon, May 20, 2013 at 8:34 AM, Helmut Hullen hul...@t-online.de wrote: Hallo, Amos, Du meintest am 18.05.13: I have enabled squidGuard within a huge network. [...] What are you using squidGuard for anyway? There are 2 different options/decisions: a) using redirect/rewrite (as squidGuard and ufdbguard do) or using the squid options acl and http_access (as squidblacklist does) b) using a long time maintained blacklist (p.e. shallalist or squidguard.mesd.k12.or.us/blacklists.tgz) or a newer one (as squidblacklist does) and/or using self made lists and/or using lists from some other places Using blacklists is (especially in schools) a job with many legal implications; people who use them should at least have a good feeling. And using something like squidguard gives such a good feeling - even when such a program may be technically ugly. But the teacher who uses it as a helper has to explain this helper to many parents, and sometimes he/she has to epxlain it to a court of justice (but he never has to explain it to programmers etc). Yes - I know how to circumvent (? - please excuse my gerlish) such filters like squidguard. Viele Gruesse! Helmut
Re: [squid-users] squidguard not redirecting
Well, it seems that the problem has returned. Now i think it might be caused when logrotate runs, and therefore squid -k rotate. It's just a guess, since rotating is the only action that affects Squid. It didn't has been restarted since last time it was working fine. :¬( On Mon, May 20, 2013 at 11:47 AM, Carlos Defoe carlosde...@gmail.com wrote: Ok, apparently the problem with squidGuard was related to corrupted databases, causing unpredictably behaviour. I recompiled everything and now is working fine. I'll think about the suggestions (ufdbguard and raw squid), and maybe write down a comparison. thanks guys! On Mon, May 20, 2013 at 8:34 AM, Helmut Hullen hul...@t-online.de wrote: Hallo, Amos, Du meintest am 18.05.13: I have enabled squidGuard within a huge network. [...] What are you using squidGuard for anyway? There are 2 different options/decisions: a) using redirect/rewrite (as squidGuard and ufdbguard do) or using the squid options acl and http_access (as squidblacklist does) b) using a long time maintained blacklist (p.e. shallalist or squidguard.mesd.k12.or.us/blacklists.tgz) or a newer one (as squidblacklist does) and/or using self made lists and/or using lists from some other places Using blacklists is (especially in schools) a job with many legal implications; people who use them should at least have a good feeling. And using something like squidguard gives such a good feeling - even when such a program may be technically ugly. But the teacher who uses it as a helper has to explain this helper to many parents, and sometimes he/she has to epxlain it to a court of justice (but he never has to explain it to programmers etc). Yes - I know how to circumvent (? - please excuse my gerlish) such filters like squidguard. Viele Gruesse! Helmut
Re: [squid-users] squidguard not redirecting
Hallo, Amos, Du meintest am 18.05.13: I have enabled squidGuard within a huge network. [...] What are you using squidGuard for anyway? There are 2 different options/decisions: a) using redirect/rewrite (as squidGuard and ufdbguard do) or using the squid options acl and http_access (as squidblacklist does) b) using a long time maintained blacklist (p.e. shallalist or squidguard.mesd.k12.or.us/blacklists.tgz) or a newer one (as squidblacklist does) and/or using self made lists and/or using lists from some other places Using blacklists is (especially in schools) a job with many legal implications; people who use them should at least have a good feeling. And using something like squidguard gives such a good feeling - even when such a program may be technically ugly. But the teacher who uses it as a helper has to explain this helper to many parents, and sometimes he/she has to epxlain it to a court of justice (but he never has to explain it to programmers etc). Yes - I know how to circumvent (? - please excuse my gerlish) such filters like squidguard. Viele Gruesse! Helmut
Re: [squid-users] squidguard not redirecting
Ok, apparently the problem with squidGuard was related to corrupted databases, causing unpredictably behaviour. I recompiled everything and now is working fine. I'll think about the suggestions (ufdbguard and raw squid), and maybe write down a comparison. thanks guys! On Mon, May 20, 2013 at 8:34 AM, Helmut Hullen hul...@t-online.de wrote: Hallo, Amos, Du meintest am 18.05.13: I have enabled squidGuard within a huge network. [...] What are you using squidGuard for anyway? There are 2 different options/decisions: a) using redirect/rewrite (as squidGuard and ufdbguard do) or using the squid options acl and http_access (as squidblacklist does) b) using a long time maintained blacklist (p.e. shallalist or squidguard.mesd.k12.or.us/blacklists.tgz) or a newer one (as squidblacklist does) and/or using self made lists and/or using lists from some other places Using blacklists is (especially in schools) a job with many legal implications; people who use them should at least have a good feeling. And using something like squidguard gives such a good feeling - even when such a program may be technically ugly. But the teacher who uses it as a helper has to explain this helper to many parents, and sometimes he/she has to epxlain it to a court of justice (but he never has to explain it to programmers etc). Yes - I know how to circumvent (? - please excuse my gerlish) such filters like squidguard. Viele Gruesse! Helmut
Re: [squid-users] squidguard not redirecting
Hallo, Amos, Du meintest am 18.05.13: SG has numerous problems which caused it not to do what it's supposed to, including that emergency mode thing. Here are some things to consider: 1) a BIG blacklist is overhyped - when I had a good look at our requirements, there was only a small percentage of those websites we actually wanted to block, the rest were either squatting websites or non-existent, or not relevant. Squid could blacklist (eg ACL DENY) those websites natively with a minimum of fuss. May be - it does a good job even with these unnecessary entries. If the list is that badly out of date it will also be *missing* a great deal of entries. Yes - may be. But updating the list is a really simple job. 2) SG has not been updated for 4 or 5 years, if that's your latest version, you are still out of date. I can't see a big need for updating. Software really doesn't need changes (updates) every month or so. For regular software yes. But security software which has set itself out as enumerating badness/goodness for a control method needs constant updates. May be - but squidguard does a really simple job: it looks into a list of not allowed domains and URLs and then decides wether to allow or to deny. That job doesn't need constant updates. More to the point, you will not find much help now. or anyone to fix it even if you could prove it's a bug. That depends! - I know many colleagues who use squidguard since years; the program doesn't need much help. During which time a lot of things have progressed. Squid has gained a lt of ACL types, better regex handling, better memory management, and an external ACL helpers interface (which most installations of SG should really be using). Which brings me back to my question of what SG was being used for. If it is something which the current Squid are capable of doing without SG then you maybe can gain better traffic performance simply by removing SG from the software chain. Like csn233 found it may be worth it. The squidguard job is working with a really big blacklist. And working with some specialized ACLs. I know squid can do this job too - and I maintain a schoolserver which uses many of these possibilities of squid. But then some other people has to maintain the blacklist. That's no job for the administrator in the school. better traffic performance may be a criteria, but (p.e.) blocking porn URLs is (in schools) a criteria too. Teachers have to look at legal protection for children and young persons too. Please excuse my gerlish. Amos Viele Gruesse! Helmut
Re: [squid-users] squidguard not redirecting
On Sat, 18 May 2013 17:32:02 +1200 Amos Jeffries squ...@treenet.co.nz wrote: On Sat, 18 May 2013 14:58:42 +1200 Amos Jeffries wrote: a BIG blacklist is overhyped For the record that is a mis-attribution. I did not say that. Amos Pardon my bad email etiquette, I'm using a wierd email client. - Signed, Fix Nichols http://www.squidblacklist.org
Re: [squid-users] squidguard not redirecting
On 18/05/2013 6:23 p.m., Helmut Hullen wrote: Hallo, Amos, Du meintest am 18.05.13: SG has numerous problems which caused it not to do what it's supposed to, including that emergency mode thing. Here are some things to consider: 1) a BIG blacklist is overhyped - when I had a good look at our requirements, there was only a small percentage of those websites we actually wanted to block, the rest were either squatting websites or non-existent, or not relevant. Squid could blacklist (eg ACL DENY) those websites natively with a minimum of fuss. May be - it does a good job even with these unnecessary entries. If the list is that badly out of date it will also be *missing* a great deal of entries. Yes - may be. But updating the list is a really simple job. 2) SG has not been updated for 4 or 5 years, if that's your latest version, you are still out of date. I can't see a big need for updating. Software really doesn't need changes (updates) every month or so. For regular software yes. But security software which has set itself out as enumerating badness/goodness for a control method needs constant updates. May be - but squidguard does a really simple job: it looks into a list of not allowed domains and URLs and then decides wether to allow or to deny. That job doesn't need constant updates. Unfortunately it does so by forcing all the compications into Squid. In order for SG to do that really simple job. Squid is required to: * manage a group of sub-processes, including all error handling when they fail or hang. * generate and process requests and responses in a protocol to communicate with those sub-processes * schedule client request handling around the delay from external processing, including recovery on SG errors * clone the HTTP request and perform a sub-request when redirected-to URL is presented by SG. Much better to have Squid doing the simple ACL task and drop all of the above complications. Not to mention that Markus fed back a lot of the ufdbGuard improvements into Squid-3.2 and we now have ACLs which operate reasonably fast over big lists of regex. Not that using big lists of regex is a great idea anyway. More to the point, you will not find much help now. or anyone to fix it even if you could prove it's a bug. That depends! - I know many colleagues who use squidguard since years; the program doesn't need much help. During which time a lot of things have progressed. Squid has gained a lt of ACL types, better regex handling, better memory management, and an external ACL helpers interface (which most installations of SG should really be using). Which brings me back to my question of what SG was being used for. If it is something which the current Squid are capable of doing without SG then you maybe can gain better traffic performance simply by removing SG from the software chain. Like csn233 found it may be worth it. The squidguard job is working with a really big blacklist. And working with some specialized ACLs. Which apart from the list files, is all based on received information sent to it by Squid. I know squid can do this job too - and I maintain a schoolserver which uses many of these possibilities of squid. But then some other people has to maintain the blacklist. That's no job for the administrator in the school. You are the first to mention that change of job. The proposal was to: * make Squid load the blacklist * remove SG from the software chain * watch response time improve ? Nowhere in that sequence does it require any change of who is creating the list. At most the administrator may need to run a tool to convert from some strange format to one Squid can load. (FWIW: both squidblacklists.org and Shalla provide lists which have already been converted to Squid-compatible formats). better traffic performance may be a criteria, but (p.e.) blocking porn URLs is (in schools) a criteria too. Teachers have to look at legal protection for children and young persons too. I'm just talking about shifting the checks to the place where they can be tested most effecctively. Not removing them. Squid already has the information about user login, IP address, MAC address, URL. No doubt Squid is already doing allow/deny access based on login and IP which users are trying to get access with. Making Squid load the blocklist and usie it in the http_access controls is relatively simple. So what is left for SG to do? in most cases you will find the answer is nothing. Note that we have not even got near discussing the content of those regex lists. I've seen many SquidGuard installations where the rationale for holding onto SG was that squid can't handle this many regex. Listing 5 million domain names in a file with some 1% having a /something path tacked on the end does not make it a regex list. ** split the fie into domains and domain+path entries. Suddenly you have a small file of url_regex, a small file of dstdom_regex and a long
Re: [squid-users] squidguard not redirecting
Hallo, Amos, Du meintest am 18.05.13: [...] The squidguard job is working with a really big blacklist. And working with some specialized ACLs. Which apart from the list files, is all based on received information sent to it by Squid. I know squid can do this job too - and I maintain a schoolserver which uses many of these possibilities of squid. But then some other people has to maintain the blacklist. That's no job for the administrator in the school. You are the first to mention that change of job. The proposal was to: * make Squid load the blacklist * remove SG from the software chain * watch response time improve ? Nowhere in that sequence does it require any change of who is creating the list. But that's one of the major problems for a user of any blacklist: who maintains this blacklist. That's no squid job, of course. At most the administrator may need to run a tool to convert from some strange format to one Squid can load. (FWIW: both squidblacklists.org and Shalla provide lists which have already been converted to Squid-compatible formats). Hmmm - sounds interesting. [...] Note that we have not even got near discussing the content of those regex lists. I've seen many SquidGuard installations where the rationale for holding onto SG was that squid can't handle this many regex. And at least for such purpose as a schoolserver that's a valid objection ... A teacher has to teach pupils, not to build regular expressions for a machine. Listing 5 million domain names in a file with some 1% having a /something path tacked on the end does not make it a regex list. ** split the fie into domains and domain+path entries. Suddenly you have a small file of url_regex, a small file of dstdom_regex and a long list of dstdomain ... which Squid can handle. Yes - I know. But that sounds more like a theory, not like a downloadable solution. And again: who maintains this solution? Viele Gruesse! Helmut
Re: [squid-users] squidguard not redirecting
On 05/17/2013 11:40 PM, csn233 wrote: You can use ufdbGuard free. So it's the filter DB component that's not free. Thanks for clarifying. No. ufdbGuard is free software, the same as squidguard. ufdbGuard works with free databases or your own URL blacklist, just like squidguard. ufdbGuard has additional features: - also works with a commercial grade URL database - enforces safesearch - enforces safer HTTPS - blocks HTTPS tunnels - detects popular chat protocols over HTTPS - is 3x faster that squidguard - and a lot more Marcus
Re: [squid-users] squidguard not redirecting
So it's the filter DB component that's not free. Thanks for clarifying. No. ufdbGuard is free software, the same as squidguard. I was refering to URLfilterDB which is the paid component by the looks of it: The license is both for use of URLfilterDB and subscription to regular content updates for URLFilterDB.
Re: [squid-users] squidguard not redirecting
a BIG blacklist is overhyped Nonsense, porn blacklists are big by nature have you tried squid-porn.acl lately? Squidblacklist.org is the new kid on the blacklist block, and our porn blacklist is fantastic. If you actually read what I said, which was there was only a small percentage of those websites we actually wanted to block, the rest were either squatting websites or non-existent, or not relevant. The key word is relevance, I don't care how big it is if the vast of majority of sites in there don't exist (or no longer exists), or don't consume enough bandwidth to waste our time on, or our users don't even visit. Or we end up blocking sites we don't want to block. Or sites that we wanted to block that were not in the list. Size alone is not useful if what's in there is mostly not relevant. If you are blocking a lot of sites which doesn't need to be blocked you are actually wasting server resources. I don't know about other people, but I prefer quality over quantity.
[squid-users] squidguard not redirecting
Hello, I have enabled squidGuard within a huge network. Problem is that most of the matches to my acls are logged (a block.log file), but the site is still accessible. When i press F5 to reload, multiple times, one time it got blocked (redirected to my local block page, published with apache httpd in the same server as squid + squidGuard). Ex: at block.log (from squidguard) 2013-05-16 10:04:43 [3807] Request(mydest/myblock/-) http://www.your-freedom.net/media/flags/flag_fr.gif 10.150.150.22/- testu...@domain.com GET REDIRECT at httpd.log 10.10.10.254 - - [16/May/2013:10:04:43 -0300] GET /index.php HTTP/1.1 200 295 http://www.your-freedom.net/; Mozilla/5.0 (Windows NT 5.1; rv:20.0) Gecko/20100101 Firefox/20.0 Then squid opens http://www.your-freedom.net/ normally. I don't know if the problem is squidGuard accessing content on apache httpd, or if squid is not receiving the correct return from squidGuard. I think that, even if squidGuard is not getting the right content from apache, squid should not display the page, as squidGuard should have rewrited te URL. Has anyone experienced this? thanks!
Re: [squid-users] squidguard not redirecting
On 18/05/2013 1:14 a.m., Carlos Defoe wrote: Hello, I have enabled squidGuard within a huge network. Problem is that most of the matches to my acls are logged (a block.log file), but the site is still accessible. When i press F5 to reload, multiple times, one time it got blocked (redirected to my local block page, published with apache httpd in the same server as squid + squidGuard). Ex: at block.log (from squidguard) 2013-05-16 10:04:43 [3807] Request(mydest/myblock/-) http://www.your-freedom.net/media/flags/flag_fr.gif 10.150.150.22/- testu...@domain.com GET REDIRECT at httpd.log 10.10.10.254 - - [16/May/2013:10:04:43 -0300] GET /index.php HTTP/1.1 200 295 http://www.your-freedom.net/; Mozilla/5.0 (Windows NT 5.1; rv:20.0) Gecko/20100101 Firefox/20.0 Then squid opens http://www.your-freedom.net/ normally. I don't know if the problem is squidGuard accessing content on apache httpd, or if squid is not receiving the correct return from squidGuard. I think that, even if squidGuard is not getting the right content from apache, squid should not display the page, as squidGuard should have rewrited te URL. Has anyone experienced this? If SG is not producing a correct response Squid will simply ignore it ... and open the original page. What are you using squidGuard for anyway? Amos
Re: [squid-users] squidguard not redirecting
Hi Amos, One big blacklist. Secondarily, it matches ads on each page to change it to our logo, so it reduces bandwitdh usage, stops annoying ads and makes our marketing thing. Do you think squidGuard is not working properly, then? Redirector Statistics: program: /usr/local/squidGuard/bin/squidGuard number active: 31 of 80 (0 shutting down) requests sent: 2899413 replies received: 2899412 queue length: 0 avg service time: 0 msec Above we can see that all request are being replied. I have the latest version of both squid and sg. On Fri, May 17, 2013 at 11:15 AM, Amos Jeffries squ...@treenet.co.nz wrote: On 18/05/2013 1:14 a.m., Carlos Defoe wrote: Hello, I have enabled squidGuard within a huge network. Problem is that most of the matches to my acls are logged (a block.log file), but the site is still accessible. When i press F5 to reload, multiple times, one time it got blocked (redirected to my local block page, published with apache httpd in the same server as squid + squidGuard). Ex: at block.log (from squidguard) 2013-05-16 10:04:43 [3807] Request(mydest/myblock/-) http://www.your-freedom.net/media/flags/flag_fr.gif 10.150.150.22/- testu...@domain.com GET REDIRECT at httpd.log 10.10.10.254 - - [16/May/2013:10:04:43 -0300] GET /index.php HTTP/1.1 200 295 http://www.your-freedom.net/; Mozilla/5.0 (Windows NT 5.1; rv:20.0) Gecko/20100101 Firefox/20.0 Then squid opens http://www.your-freedom.net/ normally. I don't know if the problem is squidGuard accessing content on apache httpd, or if squid is not receiving the correct return from squidGuard. I think that, even if squidGuard is not getting the right content from apache, squid should not display the page, as squidGuard should have rewrited te URL. Has anyone experienced this? If SG is not producing a correct response Squid will simply ignore it ... and open the original page. What are you using squidGuard for anyway? Amos
Re: [squid-users] squidguard not redirecting
Has anyone experienced this? SG has numerous problems which caused it not to do what it's supposed to, including that emergency mode thing. Here are some things to consider: 1) a BIG blacklist is overhyped - when I had a good look at our requirements, there was only a small percentage of those websites we actually wanted to block, the rest were either squatting websites or non-existent, or not relevant. Squid could blacklist (eg ACL DENY) those websites natively with a minimum of fuss. 2) SG has not been updated for 4 or 5 years, if that's your latest version, you are still out of date. More to the point, you will not find much help now. or anyone to fix it even if you could prove it's a bug. 3) It has some quirks in how it handles hosts/domains in the blacklist, which may not be how you think it is. I didn't bother spending any more time on it.
Re: [squid-users] squidguard not redirecting
On Sat, May 18, 2013 at 12:28:20AM +0800, csn233 wrote: Has anyone experienced this? SG has numerous problems which caused it not to do what it's supposed to, including that emergency mode thing. Here are some things to consider: 1) a BIG blacklist is overhyped - when I had a good look at our requirements, there was only a small percentage of those websites we actually wanted to block, the rest were either squatting websites or non-existent, or not relevant. Squid could blacklist (eg ACL DENY) those websites natively with a minimum of fuss. 2) SG has not been updated for 4 or 5 years, if that's your latest version, you are still out of date. More to the point, you will not find much help now. or anyone to fix it even if you could prove it's a bug. 3) It has some quirks in how it handles hosts/domains in the blacklist, which may not be how you think it is. I didn't bother spending any more time on it. ufdbGuard is a more powerful substitute of squidGuard. Has regular updates and even free support. Marcus
Re: [squid-users] squidguard not redirecting
On Sat, May 18, 2013 at 1:09 AM, csn233 csn...@gmail.com wrote: I didn't bother spending any more time on it. ufdbGuard is a more powerful substitute of squidGuard. Has regular updates and even free support. Marcus Sure. You forgot to mention though, squidGuard is free whereas ufdbGuard is a licensed product. Small point I know, but relevant.
Re: [squid-users] squidguard not redirecting
Hallo, csn233, Du meintest am 18.05.13: SG has numerous problems which caused it not to do what it's supposed to, including that emergency mode thing. Here are some things to consider: 1) a BIG blacklist is overhyped - when I had a good look at our requirements, there was only a small percentage of those websites we actually wanted to block, the rest were either squatting websites or non-existent, or not relevant. Squid could blacklist (eg ACL DENY) those websites natively with a minimum of fuss. May be - it does a good job even with these unnecessary entries. 2) SG has not been updated for 4 or 5 years, if that's your latest version, you are still out of date. I can't see a big need for updating. Software really doesn't need changes (updates) every month or so. More to the point, you will not find much help now. or anyone to fix it even if you could prove it's a bug. That depends! - I know many colleagues who use squidguard since years; the program doesn't need much help. Viele Gruesse! Helmut
Re: [squid-users] squidguard not redirecting
On Sat, 18 May 2013 01:27:36 +0800 csn233 csn...@gmail.com wrote: On Sat, May 18, 2013 at 1:09 AM, csn233 csn...@gmail.com wrote: I didn't bother spending any more time on it. ufdbGuard is a more powerful substitute of squidGuard. Has regular updates and even free support. Marcus Sure. You forgot to mention though, squidGuard is free whereas ufdbGuard is a licensed product. Small point I know, but relevant. ^ You guys crack me up. - Signed, Fix Nichols http://www.squidblacklist.org
Re: [squid-users] squidguard not redirecting
Hallo, csn233, Du meintest am 18.05.13: I can't see a big need for updating. Software really doesn't need changes (updates) every month or so. No, it doesn't - until you have a problem. That depends! - I know many colleagues who use squidguard since years; the program doesn't need much help. Great! Why are you posting here then? Because I can. Viele Gruesse! Helmut
Re: [squid-users] squidguard not redirecting
Because I can. Sorry, more relevant question would be - do you have an answer for the original poster?
Re: [squid-users] squidguard not redirecting
On Sat, May 18, 2013 at 01:27:36AM +0800, csn233 wrote: On Sat, May 18, 2013 at 1:09 AM, csn233 csn...@gmail.com wrote: I didn't bother spending any more time on it. ufdbGuard is a more powerful substitute of squidGuard. Has regular updates and even free support. Marcus Sure. You forgot to mention though, squidGuard is free whereas ufdbGuard is a licensed product. Small point I know, but relevant. ufdbGuard is a *free* product with a GPL2 license and squidguard also has a GPL2 license. Important to know is what the GPL2 license is used for: the GPL2 license is only there to protect free software. You can use ufdbGuard free. ufdbGuard works with any text based URL database (free!) and also with a commercial URL database. Marcus
Re: [squid-users] squidguard not redirecting
Hallo, csn233, Du meintest am 18.05.13: Because I can. Sorry, more relevant question would be - do you have an answer for the original poster? No. I don't run a huge network with the problem he has described. I only run networks with about 50 ... 200 clients, and there I never had this problem. Viele Gruesse! Helmut
Re: [squid-users] squidguard not redirecting
I'll run some more tests before getting rid of squidguard. I think the idea of the rewriter sounds good. Also the use of berkeleydb to read blacklists. I've used squidguard in the past, in small networks, without any problems. If it were running properly now, then i would have a great opportunity to compare the performances with or without using the rewriter. On Fri, May 17, 2013 at 5:10 PM, Helmut Hullen hul...@t-online.de wrote: Hallo, csn233, Du meintest am 18.05.13: Because I can. Sorry, more relevant question would be - do you have an answer for the original poster? No. I don't run a huge network with the problem he has described. I only run networks with about 50 ... 200 clients, and there I never had this problem. Viele Gruesse! Helmut
Re: [squid-users] squidguard not redirecting
You can use ufdbGuard free. So it's the filter DB component that's not free. Thanks for clarifying.
Re: [squid-users] squidguard not redirecting
On 18/05/2013 5:53 a.m., Helmut Hullen wrote: Hallo, csn233, Du meintest am 18.05.13: SG has numerous problems which caused it not to do what it's supposed to, including that emergency mode thing. Here are some things to consider: 1) a BIG blacklist is overhyped - when I had a good look at our requirements, there was only a small percentage of those websites we actually wanted to block, the rest were either squatting websites or non-existent, or not relevant. Squid could blacklist (eg ACL DENY) those websites natively with a minimum of fuss. May be - it does a good job even with these unnecessary entries. If the list is that badly out of date it will also be *missing* a great deal of entries. 2) SG has not been updated for 4 or 5 years, if that's your latest version, you are still out of date. I can't see a big need for updating. Software really doesn't need changes (updates) every month or so. For regular software yes. But security software which has set itself out as enumerating badness/goodness for a control method needs constant updates. More to the point, you will not find much help now. or anyone to fix it even if you could prove it's a bug. That depends! - I know many colleagues who use squidguard since years; the program doesn't need much help. During which time a lot of things have progressed. Squid has gained a lt of ACL types, better regex handling, better memory management, and an external ACL helpers interface (which most installations of SG should really be using). Which brings me back to my question of what SG was being used for. If it is something which the current Squid are capable of doing without SG then you maybe can gain better traffic performance simply by removing SG from the software chain. Like csn233 found it may be worth it. Amos
Re: [squid-users] squidguard not redirecting
On Sat, 18 May 2013 14:58:42 +1200 Amos Jeffries squ...@treenet.co.nz wrote: a BIG blacklist is overhyped Nonsense, porn blacklists are big by nature have you tried squid-porn.acl lately? Squidblacklist.org is the new kid on the blacklist block, and our porn blacklist is fantastic. - Signed, Fix Nichols http://www.squidblacklist.org
Re: [squid-users] squidguard not redirecting
On Sat, 18 May 2013 14:58:42 +1200 Amos Jeffries squ...@treenet.co.nz wrote: On 18/05/2013 5:53 a.m., Helmut Hullen wrote: Hallo, csn233, Du meintest am 18.05.13: SG has numerous problems which caused it not to do what it's supposed to, including that emergency mode thing. Here are some things to consider: 1) a BIG blacklist is overhyped - when I had a good look at our requirements, there was only a small percentage of those websites we actually wanted to block, the rest were either squatting websites or non-existent, or not relevant. Squid could blacklist (eg ACL DENY) those websites natively with a minimum of fuss. May be - it does a good job even with these unnecessary entries. If the list is that badly out of date it will also be *missing* a great deal of entries. 2) SG has not been updated for 4 or 5 years, if that's your latest version, you are still out of date. I can't see a big need for updating. Software really doesn't need changes (updates) every month or so. For regular software yes. But security software which has set itself out as enumerating badness/goodness for a control method needs constant updates. More to the point, you will not find much help now. or anyone to fix it even if you could prove it's a bug. That depends! - I know many colleagues who use squidguard since years; the program doesn't need much help. During which time a lot of things have progressed. Squid has gained a lt of ACL types, better regex handling, better memory management, and an external ACL helpers interface (which most installations of SG should really be using). Which brings me back to my question of what SG was being used for. If it is something which the current Squid are capable of doing without SG then you maybe can gain better traffic performance simply by removing SG from the software chain. Like csn233 found it may be worth it. Amos I agree with Mr. Jeffries , and allow me to also add that squidblacklist.org offers acl blacklists that work fine with squid, without the use of third party add ons, if you want less complications due to excessive setups with third party add ons, come check it out. (shameless self promotion) http://squidblacklist.org So long as you are using squid3.x and not some ancient version of squid, you should have no issues with large blacklists in squid. And the reasoning is that a more recently released versions of squid is not bound by the issues with large acl lists that affected earlier versions, these issues are as I understand the primary reason people were using third party add ons for large blacklists, so correct me if I am wrong, but, you might not need bother with any of them, depending on your needs. - Signed, Fix Nichols http://www.squidblacklist.org
Re: [squid-users] squidguard not redirecting
On 18/05/2013 4:52 p.m., Squidblacklist wrote: On Sat, 18 May 2013 14:58:42 +1200 Amos Jeffries wrote: a BIG blacklist is overhyped For the record that is a mis-attribution. I did not say that. Amos