> The best thing is to educate your children instead of trying to
> shelter them from those sites.
"Why choose"
or
"Security in depth"
Stefan
--
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debi
[Please don't top post. Please trim unnecessary content.]
On Thu, Mar 26, 2015 at 02:29:08PM +0100, Peter Viskup wrote:
> It's the way you look at.
> For me it's about prevention...your child can click on some link somewhere
> and see some pictures/videos which will remain in his/her mind (let's
> companies and campuses. I bet you are thinking of those http proxies.
Not "by default" per se, but the UBNT EdgeRouter series has the
capabilities to run the squidguard service from the factory (although
blacklists, etc. are up to the end-user).
$100 for the 3-port ERL model, or ab
Unfortunately we are living in real (not ideal) world and there are cases
where the SSL split is definitely needed or should be considered at least.
For example Squid 3.5 coming with new design of SSLBump allowing to do some
inspection of the connection prior the real SSLSplit. That gives you
possi
Michael Graham wrote:
> Reco wrote:
> > Ow. Exactly which kind of consumer-grade hardware comes with SSL bump
> > preinstalled? That's very interesting to me as I like know which
> > hardware to avoid in the future.
>
> It's way more common than you seem to think. CERT recently did a blog post
> a
On Thu, 26 Mar 2015 17:18 Reco wrote:
>
> Hi.
>
> On Thu, 26 Mar 2015 12:44:11 -0700
> rog...@queernet.org wrote:
>
> > On 3/26/15 12:42 PM, Michael Graham wrote:
> > > On 26 March 2015 at 14:18, Reco wrote:
> > >> Then it's even worse that I thought. I don't know about Germany, but
> > >> wh
rog...@queernet.org wrote:
> Michael Graham wrote:
> > As MITM proxies in school/business seem to be pretty common in the
> > US and the UK.
>
> I bet your proxy firewall does it too.
I bet not! I think you are confusing https with http. We are talking
about https here not http. And even then
Hi.
On Thu, 26 Mar 2015 12:44:11 -0700
rog...@queernet.org wrote:
> On 3/26/15 12:42 PM, Michael Graham wrote:
> > On 26 March 2015 at 14:18, Reco wrote:
> >> Then it's even worse that I thought. I don't know about Germany, but
> >> where I live tampering with public communications is considere
On 3/26/15 12:42 PM, Michael Graham wrote:
On 26 March 2015 at 14:18, Reco wrote:
Then it's even worse that I thought. I don't know about Germany, but
where I live tampering with public communications is considered a
criminal offense. I strongly suggest you to seek a legal advice before
doing a
On 26 March 2015 at 14:18, Reco wrote:
> Then it's even worse that I thought. I don't know about Germany, but
> where I live tampering with public communications is considered a
> criminal offense. I strongly suggest you to seek a legal advice before
> doing anything like SSL bump.
Just out of cu
Reco wrote:
> On Thu, 26 Mar 2015 18:18:24 +0100 "Michael I."
> wrote:
>> for private usage I am think a filter isn't good, children need trust
>> and a filter is the opposite of trust.
>>
>> But in usage for a school I think a filter is better, a teacher can't
>> look on all computers. The ki
Hi.
On Thu, 26 Mar 2015 18:18:24 +0100
"Michael I." wrote:
> Hello,
>
> for private usage I am think a filter isn't good, children need trust
> and a filter is the opposite of trust.
>
> But in usage for a school I think a filter is better, a teacher can't
> look on all computers. The kids
Michael I. wrote:
> This are not my children, the filter is used for a school.
Aha, important information.
Do not proceed any further with breaking encrypted connections or, for
the matter, transparently proxiing _any_ connections until you had a
talk with a) the Justitiar and b) the Datenschut
On Thu, 26 Mar 2015 08:49:37 -0500, John Hasler wrote:
> Why don't you just get rid of the computers?
I tried that route one time ... got looked at like I had 7 heads for even
suggesting that the kids go back to "textbooks and paper".
--
To UNSUBSCRIBE, email to debian-user-requ...@lists.deb
Hello,
for private usage I am think a filter isn't good, children need trust
and a filter is the opposite of trust.
But in usage for a school I think a filter is better, a teacher can't
look on all computers. The kids are trying out thinks in school which is
good but when nobody is there to
Sven Hartge wrote:> Michael I.
wrote:
Sven Hartge wrote:
Michael I. wrote:
But I have a new problem, I want to have a transparent proxy for
http this works fine but when I add the iptables rule for https the
loading won't work.
Of course not. That this is not working is the _whole point
Hi.
On Thu, 26 Mar 2015 16:48:00 +0100
Peter Viskup wrote:
> Hello Reco,
>
> On Thu, Mar 26, 2015 at 4:13 PM, Reco wrote:
>
> > Hi.
> > And just as well child can see a naughty picture on TV. Or a phone ad.
> > Or a magazine/newspaper. Anywhere, once you start thinking about it.
> >
>
> An
Hello Reco,
On Thu, Mar 26, 2015 at 4:13 PM, Reco wrote:
> Hi.
> And just as well child can see a naughty picture on TV. Or a phone ad.
> Or a magazine/newspaper. Anywhere, once you start thinking about it.
>
And that's just sad, disturbingly and one of the main reasons of so many
people facin
Hi.
On Thu, 26 Mar 2015 14:29:08 +0100
Peter Viskup wrote:
> It's the way you look at.
> For me it's about prevention...your child can click on some link somewhere
> and see some pictures/videos which will remain in his/her mind (let's say)
> forever and can harm even if it was only seconds the
Why don't you just get rid of the computers?
--
John Hasler
jhas...@newsguy.com
Elmwood, WI USA
--
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/87y4mjswb2@thump
Peter Viskup wrote:
> It's the way you look at. For me it's about prevention...your child
> can click on some link somewhere and see some pictures/videos which
> will remain in his/her mind (let's say) forever and can harm even if
> it was only seconds they were seen...I am speaking about childr
Michael I. wrote:
> Sven Hartge wrote:
>> Michael I. wrote:
>>> But I have a new problem, I want to have a transparent proxy for
>>> http this works fine but when I add the iptables rule for https the
>>> loading won't work.
>>
>> Of course not. That this is not working is the _whole point_ of
> -Ursprüngliche Nachricht-
> Von: Reco [mailto:recovery...@gmail.com]
> Gesendet: Donnerstag, 26. März 2015 13:52
> An: debian-user@lists.debian.org
> Betreff: Re: Redirect HTTPS with Squid3+Squidguard
>
> Hi.
>
> On Thu, 26 Mar 2015 13:21:57 +0100
> Peter Vis
Without the SSL splitting the only option is to install some software on
the client side. Some "endpoint" security software doing the inspection of
the web data transfers on the fly before they pass the TLS tunnel. It's the
same like SSL split on Squid, but let's say more transparent. Unfortunately
will spend your evenings to make your blacklists up2date.
Greetings
Sascha
-Ursprüngliche Nachricht-
Von: Reco [mailto:recovery...@gmail.com]
Gesendet: Donnerstag, 26. März 2015 13:52
An: debian-user@lists.debian.org
Betreff: Re: Redirect HTTPS with Squid3+Squidguard
Hi.
On Thu, 26 Mar
Sven Hartge wrote:
Michael I. wrote:
But I have a new problem, I want to have a transparent proxy for http
this works fine but when I add the iptables rule for https the loading
won't work.
Of course not. That this is not working is the _whole point_ of any
end-to-end encrypted connection.
Hi.
On Thu, 26 Mar 2015 13:21:57 +0100
Peter Viskup wrote:
> Hi,
> just jumped into SSLBump/Split features some months ago. I don't find these
> features harmful. Especially when protecting your children from access of
> YouTube or other possibly harmful sites. Once you are logged with Google
>
Hi,
just jumped into SSLBump/Split features some months ago. I don't find these
features harmful. Especially when protecting your children from access of
YouTube or other possibly harmful sites. Once you are logged with Google
account they redirect your communication to https which makes the
inspec
Michael I. wrote:
> But I have a new problem, I want to have a transparent proxy for http
> this works fine but when I add the iptables rule for https the loading
> won't work.
Of course not. That this is not working is the _whole point_ of any
end-to-end encrypted connection.
What you are ef
is my squid3 config file:
http_port 3128 intercept
url_rewrite_program /usr/bin/squidGuard -c /etc/squidguard/squidGuard.conf
url_rewrite_children 2
cache_mem 32 MB
maximum_object_size 1 KB
maximum_object_size_in_memory 32 KB
cache_replacement_policy heap LFUDA
memory_replacement_policy heap
Sven Hartge wrote:
> Michael I. wrote:
> > I tested around a bit with squid3+squidguard and I found out that the
> > redirect works with the Internet Explorer (IE 11).
>
> > Then I tested some other browser (firefox, chrome, ..) and with all
> > the other browser
Michael I. wrote:
> I tested around a bit with squid3+squidguard and I found out that the
> redirect works with the Internet Explorer (IE 11).
> Then I tested some other browser (firefox, chrome, ..) and with all
> the other browser the redirect didn't work.
> Is there a
Hello again,
I tested around a bit with squid3+squidguard and I found out that the
redirect works with the Internet Explorer (IE 11).
Then I tested some other browser (firefox, chrome, ..) and with all the
other browser the redirect didn't work.
Is there a bug in the Internet Explor
Liam O'Toole wrote:
> On 2015-03-23, linux-michae...@abwesend.de
> wrote:
>> I thought there is a simple and secure way to redirect to an 'This
>> Site has been blocked' Page for HTTP and HTTPS. But when I must
>> destroy the safety from HTTPS this isn't an option.
> [SNIP}
> You could simply
Hello Liam,
thanks for the hint, but the error page I get is a browser error page (it's the
connection failed error page) and not a squid error page.
--
Michael
> "Liam O'Toole" wrote:
>
> On 2015-03-23, linux-michae...@abwesend.de
> wrote:
> > Hello Sven and the other,
> >
> > thanks for he
On 2015-03-23, linux-michae...@abwesend.de
wrote:
> Hello Sven and the other,
>
> thanks for help.
>
> I thought there is a simple and secure way to redirect to an 'This
> Site has been blocked' Page for HTTP and HTTPS. But when I must
> destroy the safety from HTTPS this isn't an option.
[SNIP}
y to redirect https request to an errorpage
> >>> with squid3+squidguard?
>
> >> Long answer: The only way is to setup a transparent proxy,
> >> intercepting any outbound connection and terminating the encryption
> >> on the proxy. You will need a fake CA certifica
Bob Proulx wrote:
> Sven Hartge wrote:
>> Michael I. wrote:
>>> Is there really no way to redirect https request to an errorpage
>>> with squid3+squidguard?
>> Long answer: The only way is to setup a transparent proxy,
>> intercepting any outbound connecti
Sven Hartge wrote:
> Michael I. wrote:
> > Is there really no way to redirect https request to an errorpage with
> > squid3+squidguard?
>
> Short answer: No, there is not.
+1, No there is not for the reasons Sven described.
> Long answer: The only way is to s
Michael I. wrote:
> I have a problem with my squid3 + squidguard. I can't redirect https
> requests to an errorpage. When I request a blocked https page it
> always says the site isn't available.
> I searched on the internet an there it says, it is an problem with the
&g
Hello list,
I have a problem with my squid3 + squidguard. I can't redirect https
requests to an errorpage. When I request a blocked https page it always
says the site isn't available.
I searched on the internet an there it says, it is an problem with the
https protocol becaus
On Saturday 10 July 2004 08:06 pm, Paul Johnson wrote:
> > (I hear Bill Gates has a lot of money. I should look him up and see
> > if he wants to fund the development of a simple-to-use p0rn filter for
> > Linux. :)
>
> It already exists. It's called squidguar
up and see
> if he wants to fund the development of a simple-to-use p0rn filter for
> Linux. :)
It already exists. It's called squidguard.
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
> > Are there any idiot friendly docs for this sort of thing yet? The last
> If you want a *caching* proxy, then an out-of-the-box Squid install, with
> _very_ few (if any) tweaks, works great.
>
> If you wnat a *filtering* proxy, dansguardian seems to be the way to go,
> again, very few tweaks
on Sat, Jul 10, 2004 at 01:39:45AM -0400, Silvan ([EMAIL PROTECTED]) wrote:
> On Friday 09 July 2004 03:05 am, Karsten M. Self wrote:
>
> > I'm running a computer lab for a kids/teen center, and am using both
> > Squid and Dansguardian. I've got Squidguard installed
On Friday 09 July 2004 03:05 am, Karsten M. Self wrote:
> I'm running a computer lab for a kids/teen center, and am using both
> Squid and Dansguardian. I've got Squidguard installed but not
> configured, more to follow. And I use iptables for some stuff.
Are there any idio
My thanks to all of you for your input. I'm going to play with
squidguardian for the moment, until I find a slightly newer computer in
a garbage can somewhere and pull in the other filters as well. That
and/or more memory (almost more expensive than current stuff
locally).
New project, new stuff
o a reasonable job knocking out obvious problem sites
> > for my kids as they use the Web. So far I've seen mentions of
> > squidguard and dansguardian, but don't know of others to consider,
> > if there are any.
> >
> > Does anyone have thoughts about either of
on Thu, Jul 08, 2004 at 07:55:41PM -0700, Kenward Vaughan ([EMAIL PROTECTED]) wrote:
> I'm searching for a good system (squid + add on) for my firewall which
> will do a reasonable job knocking out obvious problem sites for my kids
> as they use the Web. So far I've seen men
Kenward Vaughan <[EMAIL PROTECTED]> writes:
> I'm searching for a good system (squid + add on) for my firewall which
> will do a reasonable job knocking out obvious problem sites for my kids
> as they use the Web. So far I've seen mentions of squidguard and
> dan
--- Kenward Vaughan <[EMAIL PROTECTED]> wrote:
> I'm searching for a good system (squid + add on) for my firewall which
> will do a reasonable job knocking out obvious problem sites for my kids
> as they use the Web. So far I've seen mentions of squidguard and
> dan
I'm searching for a good system (squid + add on) for my firewall which
will do a reasonable job knocking out obvious problem sites for my kids
as they use the Web. So far I've seen mentions of squidguard and
dansguardian, but don't know of others to consider, if there are any.
D
> Hmm.. Ok... Are you sure your squidGuard ACLs are set correctly and that
in
> squid.conf squidGuard is using the correct config file?
> >From my squid.conf:
> redirect_program /usr/bin/squidGuard -c
> /etc/chastity/squidGuard-chastity.conf
>From mine :
redirect_program /
> Well, I compiled the .db files using squidGuard -C all and
> everything runs
> *much* quicker now - no slowdowns at all, and system load is
> negligable -
Excellent :-)
> trouble is, nothing gets blocked!
> Any further ideas?? possibly something I've missed?
Hmm..
Hi there,
Well, I compiled the .db files using squidGuard -C all and everything runs
*much* quicker now - no slowdowns at all, and system load is negligable -
trouble is, nothing gets blocked!
Any further ideas?? possibly something I've missed?
Cheers,
Pete.
--
To UNSUBSCRIBE, ema
> But your as well not to. SquidGuard doesn't look at them - we keep ours
> around so we can verify blocked urls, rebuild the db files if necessary
etc.
> etc.
:-) sorry - my reply should have gone to the list, not to you personally..
Thanks for the input - I will convert the files
> Our blacklists dir totals to about 24MB - I'd suggest that squidGuard
rather
> than squid could be your problem.
I concur .. when I disable squidGuard everything flies...
> Have the blacklists converted into dbm format?
They are, I believe, still in the plaintext format
Heya,
> I have decided it's a good option) and started with squidGuard.
> The problem with that is that as soon as it starts, it consumes 100%
> of all resources (CPU and disk thrash like crazy) making the system
> unresponsive and eventually requiring a reboot just to be
ly or wrongly -
I have decided it's a good option) and started with squidGuard.
The problem with that is that as soon as it starts, it consumes 100% of all
resources (CPU and disk thrash like crazy) making the system unresponsive
and eventually requiring a reboot just to be able to log into the cons
On Thu, Oct 31, 2002 at 04:15:47PM +0700, Oki DZ wrote:
> I have just installed SquidGuard.
> I'm wondering whether the config file of the guard could be reloaded
> without restarting Squid; i.e.: rebuilding its database. Could it, or
> not?
You might try
/etc/init.d/squid rel
Hi,
I have just installed SquidGuard.
I'm wondering whether the config file of the guard could be reloaded
without restarting Squid; i.e.: rebuilding its database. Could it, or
not?
Thanks in advance,
Oki
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "u
On Thursday 29 November 2001 02:56, martin f krafft wrote:
> * Nigel Pauli <[EMAIL PROTECTED]> [2001.11.28 15:47:10+]:
> > I am just about to install squidGuard from testing. I've done
> > 'apt-get install squidguard' and in the list of new packages that
&g
* Nigel Pauli <[EMAIL PROTECTED]> [2001.11.28 15:47:10+]:
> I am just about to install squidGuard from testing. I've done 'apt-get
> install squidguard' and in the list of new packages that will be
> installed is squid - which I already have installed and runn
I am just about to install squidGuard from testing. I've done 'apt-get
install squidguard' and in the list of new packages that will be
installed is squid - which I already have installed and running.
Will apt-get realise this and work around or is it rather risky for me
to c
said:
> I'd like to set up some sort of filtering to make it easier to
> keep adult content out of my home and away from the kids. It
> looks like squid and squidguard will almost do it for me. Almost
> in that, at first skimming of the docs, it looks like squid needs
&g
I'd like to set up some sort of filtering to make it easier to
keep adult content out of my home and away from the kids. It
looks like squid and squidguard will almost do it for me. Almost
in that, at first skimming of the docs, it looks like squid needs
to be run through external har
I get an odd error when compiling squidGuard. I had to change the -ldb to
-ldb2 in the configure script to make it recognize BerkeleyDB 2.6.4
(Debian), but now it's giving me an odd error that I don't get.
Here's the info:
make:
making all in src
gcc -I.. -I. -I. -I/usr/local/Ber
I'm trying to build squidguard but am running into a little problem. It
depends on libdb2, but the congigure script fails on Debian's libdb2 and
libdb2-dev packages installed, saying the berkley DB package isn't
installed.
I'd like to build squidguard without having to hav
68 matches
Mail list logo
