Am Sat, 19 Oct 2013 10:36:31 +0200 schrieb Sico Bruins <r...@msh.xs4all.nl>:
> On Sat, Oct 19, 2013 at 12:27:38AM +0200, Stefan Wollny wrote: > > > Hi there, > > Hi Sico! > > having a personal dislike of Facebook (and the MeeToo-systems alike) > > for their impertinent sniffing for private data I tried on my > > laptop to block facebook.com via hosts-file. > > <snip> > > > My question is on the squid-server I have running at home: What > > would make more sense - blocking facebook.com via pf.conf alike or > > are there reasons to use squid's ACL instead? Performance? Being > > ultra-paranoid and implementing both (or even additionally the > > hosts-file-block?)? From my understanding squid should not be able > > to block https-traffic as it is encrypted - or am I wrong here? > > That is a misunderstanding, squid couldn't care less about encryption. Thank you for pointing this out - obviously I was on a wrong track. > > > Curious if there is a particular (Open)BSD solution or simply how > > you 'guys and gals' would do it. > > I am in a similar situation (squid at home) and I simply have a > blacklist with lines like these: > > doubleclick > facebook > scorecardresearch > > Works like a charm for me, and no need to look up IP address blocks > or anything like that. And since I am the only user here there's no > collateral damage. ;-) Well: I am personally liable for what leaves my network so this kind of 'collateral damage' is what I intentionally try to achieve :-) (see the reply to myself a few minutes ago) May I ask a follow-up question: Did you set up the blacklist within squid.conf or did you reference to a separate file? > > > Thank you for sharing your thoughts. > > > > Cheers, > > STEFAN > > CU, Sico. > A big THANK YOU and have a nice sunday! STEFAN Mit freundlichen Grüßen, STEFAN WOLLNY Regulatory Reporting Consultancy Tel.: +49 (0) 177 655 7875 Fax.: +49 (0) 3212 655 7875 Mail: ste...@wollny.de GnuPG-Key ID: 0x9C26F1D0
