> -----Original Message----- > From: Ben Wylie [mailto:squid@xxxxxxxxxxxxxx] > Sent: Saturday, April 16, 2005 5:41 AM > To: squid-users@xxxxxxxxxxxxxxx > Subject: [squid-users] DNS/Domain Blocklists > > > Thanks for all of your advice so far. > > Using the latest stable SquidNT 2.5, I've been trying to set up some content > filtering. First of all, for advertisements, but then to block porn and > illegal/undesirable sites for our own network. > > I managed to get various lists of domain names, and wrote a perl script to > convert it into regular expressions, so that blockedsite.com would also > block www.blockedsite.com. This works for small lists, but it appears that > when I start the windows service, it loads all of the lists into memory, so > some of the large 9mb files of blocked domains cause it to behave very > strangely - and in fact, fail to start. I just watch the memory usage go up > and up, even after it says it has failed to start the service. > > I guess that that is what is good about squidguard, that it must query a > database, rather than keeping the whole database in memory. > > Does anyone using SquidNT either have a system for blocking large numbers of > domains without having memory consumption going through the roof. Also it > takes an absolute age checking through 9mbs worth of regular expression, so > that isn't really practical anyway. > If there isn't that kind of local system, is there any kind of domain lookup > services which check a domain name against a black list on the internet, > much like the anti-spam DNSBL lookups which are very effective. The DNSBL > lists are publicly accessible lists which mailservers can query against ip > addresses from whom they have received emails, if they are in the blocklist, > they reject the email. IS there a similar system where the url can be > checked against separate remote blacklists of a)advert site b)port > c)warez... > > I'd appreciate any advice on whether there is anything for windows that > works in either of these two methods. > > Thanks > Ben Use dstdom acls instead of url_regex. If you put a period in front of the url (e.g. .blockedsite.com) it will block the domain and any sub-domains. It's also MUCH better from a performance standpoint, though I have no idea how it will handle 9mb of domains... It almost sounds like you would be better off with either a white list, or a service to do the blocking for you. Chris
