Fred Clark writes:
>
> Last week we started having trouble with our logs filling up with
> requests to windowsupdate.microsoft.com from numerous machines
> across our network. Our guess is that these are XP machines with
> the auto update feature enabled, but while we try tracking them down
> we have blocked access to the site. Unfortunately, we are still
> finding the logs are filling up with requests to the site. Is
> there a way to suppress logging of that URL?
I'm assuming that you are referring to squidGuard logging to
"blocked.log"? If so, here's the easiest way that I can think of:
---- portion of squidGuard.conf ------
dest porn {
domainlist porn/domains
urllist porn/urls
redirect http://yourserver.com/cgi?
log blocked.log
}
dest pornexp {
expressionlist porn/expressions
redirect http://yourserver.com/cgi?
log blocked.log
}
.
.
.
dest windowsupdate {
domainlist windowsupdate/domains
urllist windowsupdate/urls
redirect http://yourserver.com/cgi?
# Note: No log statement
}
-----------------------------------------
Move the windows update domains and urls to the new destination group
and add !windowsupdate to your acl.
Rick
