Squid Proxy Filter

Wednesday, November 10th

Squid proxy server and Squidguard URL redirector work together to filter out content and sites you do not want your users to go to.

Squid is actually a proxy server — that is, it will intercept a client's request for a page, fetch the page and deliver it to the client. It also keeps a copy of the page, and the next time a client requests the page, it will check the original for changes, and if there are none, serve the cached copy. This saves both time and bandwidth for frequently accessed pages.

A proxy server can also be used to improve the performance of webservers &mdash by caching pages, the server does not need to access databases, load files and regenerate the page. The proxy can also redirect client requests to server farms and distribute the load.

Squidguard can redirect URL's based on certain rules. The most basic are whitelists and blacklists - sites that are white listed are allowed, all others are blocked. Blacklists just block certain sites and allow all others. Be aware - if using a blacklist, services such as translate.google.com can be used to get around it.

On a more sophisticated level, the content of the pages can be filtered and if certain conditions are met, the page can be blocked or allowed. E.g, pages and URLs containing sex could be blocked. Unfortunatly, this can lead to sites about Middlesex, for example, being blocked. A page of mine was blocked by the library's filters because of a typo while writing Touch Rugby. This phenomonon is now called the Scunthorp Problem

Other rules can be based on the time of day, the user, the computer being used and so on.

With the increased use of secure sockets (https), the ethics of content filtering come into play. To filter the secure content, the server has to perform what is essentially a man in the middle attack &mdash pretending to the client it is the, for example, bank site, and pretending to the site it is a client. How legal this is may depend on your juristiction.

Squid and Squidguard are still usefull, though, if you are just wanting to blacklist certain domains or sites, or to block access for periods of time. I, for example, use the Nethserver Web Content Filtering module to limit James' use of the internet to certain times of day &mdash he is not allowed on the internet after bed time, for example.


Internet veteran, was a geek until it became cool, general technophile. Knows the difference between pressurised and pressured, possible and potential, etc.

Older Post Home Newer Post