----- Original Message -----
From: "Rick Matthews" <[EMAIL PROTECTED]>
To: "Squidguard Mailing List" <[EMAIL PROTECTED]>; "Jerry Murdock"
<[EMAIL PROTECTED]>
Sent: Wednesday, November 07, 2001 1:04 PM
Subject: RE: squidGuard Module for Webmin
> The module has created limitations and conventions that do not exist in
> squidGuard. The module and documentation are also completely silent
> about those limitations and conventions.
>
What documentation? Nothing talks about abilities/features/limitations at
all. Whenever I see something like that, I take it upon myself to do a little
testing. You made assumptions it would work with your configuration "out of
the box."
> --------------------------------------
> dbhome /usr/local/squidGuard/db
>
> dest porn {
> domainlist block/blacklists/porn/domains
> urllist block/blacklists/porn/urls
> }
> --------------------------------------
> The documentation says you will then find the porn domains file here:
> </usr/local/squidGuard/db/block/blacklists/porn/domains>
> And that's where squidGuard looks for it, and all is right with the
> world.
>
> The module was written to look for that porn domains file here, instead:
> </usr/local/squidGuard/db/blacklists/porn/domains>
>
Where in the docs does it say you should put them in a "block" subdirectory?
If you don't update dbhome to reflect this, how is the module to know where
the blacklists live? Change the dbhome to /usr/local/squidGuard/db/block.
Easily accomplished through the module.
> Are you telling me that it was written this way to allow for automated
> updates? Or are you saying that he saved time doing this way? Even if
> both of these statements are true (they're both false), what was gained
> by not communicating this fact to the user?
>
I thought you were complaining about the assumption that the lists live in a
"blacklists" subdirectory under dbhome. You had it buried an extra dir
deeper. If I missed that in the previous post, I stand corrected.
> Wow, would you please re-read your comment? Would you say that Squid and
> its 2,000+ line configuration file is more or less complex than
> squidGuard?
The squid conf file has more volume, but is much simpler to deal with. It is
just a bunch if "option_name=option_value" lines(without the "="). It has no
multi-line constructs, no if-then-else logic, no context to resolve . The
squidguard conf file really has only two lines that equate - dbhome and
logdir.
> Even after squidGuard is up and running, here's a list of the tasks that
> a squidGuard administrator will face:
>
> - Regularly download blacklists (from two or more sites for better porn
> coverage)
> - Maintain local list of sites to be added (2 files per category)
> - Maintain local list of sites to be deleted (2 files per category)
> - Merge multiple lists, include local_adds, remove local_deletes and
> dedupe resulting file (without getting your hands crossed and without
> stepping on the production files)
But how is he supposed to implement this? I doubt any two admins do it the
same way. No one would be happy.
I manage this through separate lists, never modifying the downloaded
files(which are checked nightly for updates). Where I have two "porn" lists,
the update script handles renaming the directories. I have a "whitelist" that
all allowed sites go in, and separate local porn/mail/proxy/ads blacklists.
The approach has served me well, and is exceedingly easy to maintain. The
rules then become something like "pass whitelist !porn !porn2 !localporn !ads
... all."
> - Create new databases using the -C command
> - Update the databases from diff files using the -u command
> - Move new files into production with squid -k reconfigure (or
> stop/start)
> - Review squid and squidGuard log files for errors
Would be nice, but hardly a necessity. For myself it's all automated. I
can't remember the last time I manually tweaked a downloaded blacklist.
> - Occasionally will need to revert to a previous set of files
Does any webmin module do this?
