I am biased but both squid and squidguard requires some action when you
need to update the acls.
If you need a small amount of rules it is fine to use squid otherwise
you better try external tools for filtering.
Eliezer
On 25/11/2015 13:51, Amos Jeffries wrote:
Wait up.
Magic has been fooled by the marketing words into thinking a "deny page"
from SquidGuard actually denies something. It does not.
All SG does. All it ever can do. Is tell Squid where to fetch the URL
from (rewrite), or to tell Squid to tell the client to try somewhere
else (redirect).
What Magic is thinking of as a "deny" is actually just a statement
"here, fetch the data from 127.0.0.1". Then the SG (aka. 127.0.0.1) when
asked responds by dumping out its HTML "error page" text as the reply.
This unexpected response completely breaks whatever the client needed to
fetch. If the client is a browser then it happily displays the HTML
response (as seen in the test described), otherwise it just*breaks*
whatever application was running.
I expect the real clients are seeing lots of very annoying WindowsUpdate
8002something errors, getting pissed off, and then working to bypass the
"that damn proxy" which is breaking their Windows machines.
What this means for Squid (and sarg) is that the lines above get logged.
The server SG told Squid to contact*did* respond and the response*was*
an "HTTP/1.1 200 OK" reply message.
Magic; I suggest you drop SG and use squid.conf ACLs instead. Everything
SG can do so can Squid itself.
Amos
_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users
