[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Using squidguard blacklists in skolelinux(.de)

Hi Dirk,

Am Sonntag, 16. Januar 2005 23:51 schrieb Dirk Gómez:
> Using squidguard blacklists in skolelinux
> Hello there, I am looking into putting squidguard blacklists into use
> for for the German version of skolelinux.

thank you for dedicating some time into this feature which is mainly 
desired by German teachers (and laws) - and therefore has been 
discussed vehemently on user@skolelinux.de . One could argue to move 
this debate there - if it is about users' view. As for "technical" 
stuff, this is definitely the right place.

> There's a few blacklists out there
> (http://ftp.teledanmark.no/pub/www/proxy/squidGuard/contrib/blacklist
>s.tar.gz, http://www.linugen.com/contentfilter/,
> http://cache.univ-tlse1.fr/documentations/cache/squidguard_en.html#co

Some people I know would squeak now: "how dare you publish dangerous 
URLs on an open list like this" :) As a matter of fact, secretaries who 
are paid for collecting such URLs wouldn't hand them out - in the fear 
of abuse. But this is not the topic here.


> A better approach imho is to create a blacklist which is available
> from the skolelinux.de site. It should just be a copy from the
> teledanmark blacklist with possible postprocessing (e.g. removal of
> sites that are known to be ok or adding of sites which are known to
> not be ok).

We should consider delivering the hash codes only - to evade potential 
juristical consequences (INAL)
> Skolelinux installations would fetch the blacklist periodically
> (which time intervals make sense?) and then there will be some

like once a week? once a day? differences versus whole lists?

> postprocessing as well: teachers can add whitelist and blacklist
> entries through the webmin interface.

this interface has to quote out rexexpression stuff:
- A teacher bans "kol.de" which would ban everything with "kolade", too
  => this has to be translated to kol\.de if not to \.kol\.de$
- If such entry is to be corrected later on, it has to be shown as 

Otherwise some regexp-editor could be used, showing verbose meanings of 
used symbols.

We should consider the definition of a set of black-/whitelists that can 
be activated one by one. Blacklists you find on the web often are 
ckassified into
- adult 
- violence
- illegal
We could add a group "chat" and "mail" to disallow such services for 
special occasions. In praxis, teachers shouldn't tweak around with 
singular selcetions, but select one of a a list of predefined profiles
(allow everything / ban adult stuff / kids only / ...)

There had been further discussions to combine squidguard with cronjob to 
use strict settings in the morning and less strict in the evening 
(external classes). This feauture is not really necessary, as the usage 
of your squidmin gets really intuitive...
> What do you folks think of this approach?

Good :)

Let me cite some locations where suggestions had been made before:

internet only for selected users / no filters for adult people:

Hilaire: "I will work on a tiny skolelinux-squid package to provide 
automatic update of the Squid blacklists."

Thread: Comments on the "Skolelinux - User Requirements Specification"

Wishlist in Bugzilla:

> -- Dirk

Reply to: