Re: [squid-users] squidguard not redirecting

From: Helmut Hullen <Hullen_at_t-online.de>
Date: 18 May 2013 08:23:00 +0200

Hallo, Amos,

Du meintest am 18.05.13:

>>> SG has numerous problems which caused it not to do what it's
>>> supposed to, including that "emergency" mode thing. Here are some
>>> things to consider:

>>> 1) a BIG blacklist is overhyped - when I had a good look at our
>>> requirements, there was only a small percentage of those websites
>>> we actually wanted to block, the rest were either squatting
>>> websites or non-existent, or not relevant. Squid could blacklist
>>> (eg ACL DENY) those websites natively with a minimum of fuss.

>> May be - it does a good job even with these unnecessary entries.

> If the list is that badly out of date it will also be *missing* a
> great deal of entries.

Yes - may be. But updating the list is a really simple job.

>>
>>> 2) SG has not been updated for 4 or 5 years, if that's your latest
>>> version, you are still out of date.
>> I can't see a big need for updating. Software really doesn't need
>> changes ("updates") every month or so.

> For regular software yes. But security software which has set itself
> out as enumerating badness/goodness for a control method needs
> constant updates.

May be - but "squidguard" does a really simple job: it looks into a list
of not allowed domains and URLs and then decides wether to allow or to
deny. That job doesn't need "constant updates".

>>> More to the point, you will not find much help now. or anyone to
>>> fix it even if you could prove it's a bug.

>> "That depends!" - I know many colleagues who use "squidguard" since
>> years; the program doesn't need much help.

> During which time a lot of things have progressed. Squid has gained a
> lt of ACL types, better regex handling, better memory management, and
> an external ACL helpers interface (which most installations of SG
> should really be using).

> Which brings me back to my question of what SG was being used for. If
> it is something which the current Squid are capable of doing without
> SG then you maybe can gain better traffic performance simply by
> removing SG from the software chain. Like csn233 found it may be
> worth it.

The squidguard job is working with a really big blacklist. And working
with some specialized ACLs.

I know "squid" can do this job too - and I maintain a schoolserver which
uses many of these possibilities of "squid". But then some other people
has to maintain the blacklist. That's no job for the administrator in
the school.

"better traffic performance" may be a criteria, but (p.e.) blocking porn
URLs is (in schools) a criteria too.
Teachers have to look at "legal protection for children and young
persons" too.

Please excuse my gerlish.

> Amos

Viele Gruesse!
Helmut
Received on Sat May 18 2013 - 06:28:42 MDT

This archive was generated by hypermail 2.2.0 : Sat May 18 2013 - 12:00:17 MDT