[Bug 165689] Review Request: SquidGuard: filter, redirector and access controller plugin for squid

Thu Sep 15 03:13:42 UTC 2005

Please do not reply directly to this email. All additional
comments should be made in the comments box of this bug report.

Summary: Review Request: SquidGuard: filter, redirector and access controller plugin for squid

https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=165689

------- Additional Comments From eharrison at mesd.k12.or.us  2005-09-14 23:13 EST -------
Thanks for the heads up! This package will indeed require some changes to the
K12LTSP packaging.

There are a number of differences between the FC package and the one included in
K12LTSP. Pretty much all of these differences, except the first one, could be
moved into a supplementary package for K12LTSP. You may or may not want to
include them in the Fedora package.

* K12LTSP includes a patch
(ftp://k12linux.mesd.k12.or.us/pub/squidGuard/source/squidguard-sed.patch) that
enables full sed-compatible regular expressions in the config file. The primary
use of this is to force Google's "Safe Search" feature to always be on (see
ftp://k12linux.mesd.k12.or.us/pub/squidGuard/source/squidGuard.conf). VERY
USEFUL feature in my environment!

* I have not had good experiences with the "official" blacklists at
http://ftp.teledanmark.no/pub/www/proxy/squidguard/contrib/, I no longer
included these in the K12LTSP update cron job. The blacklists at
ftp://ftp.univ-tlse1.fr/pub/reseau/cache/squidguard_contrib/ are included in the
K12LTSP update cron job. K12LTSP also generates blacklists that are available
via either http or rsync (see
ftp://k12linux.mesd.k12.or.us/pub/squidGuard/source/update_squidguard_blacklists)

* the K12LTSP package includes an initscript and squid.conf file so that users
don't have to edit /etc/squid.conf to enable squidGuard (see
ftp://k12linux.mesd.k12.or.us/pub/squidGuard/source/squid-squidGuard.conf and 
ftp://k12linux.mesd.k12.or.us/pub/squidGuard/source/squidguard). "chkconfig
squidguard on ; service squidguard start" works with the K12LTSP package.

* the K12LTSP package includes a script
(ftp://k12linux.mesd.k12.or.us/pub/squidGuard/source/transparent-proxying) that
redirects all port 80 traffic to squid/squidGuard. This is a "CIPA-compliance"
feature for schools, allowing them to easily force filtering if the box is
installed as a gateway.

General comments on the FC package:

* the FC package requires direct editing of /etc/cron.daily/squidGuard for it to
be enabled. The "ENABLED=0" setting should be moved to /etc/sysconfig/squidGuard
& that file sourced in the cron script.

* You may want to consider turning on logging in squidGuard.conf and add the
relevant entries in the logrotate config

-- 
Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.