Re: [squid-users] auto blacklist users

From: ian j hart <ianjhart@dont-contact.us>
Date: Thu, 6 Dec 2007 19:26:08 +0000

On Wednesday 05 December 2007 17:04:09 ian j hart wrote:
> Hello.
>
> [sorry, slightly off topic]
>
> I'm the ICT technician of a school. I have squid running to make the most
> of our bandwidth. Our ISP provides some content blocking but this is
> proving ineffective against the proliferation of proxy sites.
>
> I've started to monitor and block sites with squid ACLs. This is also not
> so effective as there are 1200 users looking for new sites and only 1 user
> trying to block them.
>
> Since there is no punishment for hitting any DENY ACL there's no reason
> for them to stop.
>
> What I need is to apply some back pressure, i.e. automatically block
> persistant offenders.
>
> Does anyone have anything like this?
>
> N.B. This has to be user based. Host/IP based will not work due to the
> hot seating.
>
> Thanks

Okay, plan B it is then.

I'll try and run up a proof of concept implementation so I can see if it has
the desired affect on the users.

The minimum info I need is the aclname and user for each deny match. Other
stuff may be useful later (e.g. url).

Debug statements should be okay. I'll just parse the cache.log.

What I need help with is where to put the code.

clientAccessCheckDone looked promising but seems to be called several times
i.e. proxy auth, blocked url, error page

Somewhere near the error page generation should be about right.

Can someone who knows the code lend me their clue stick.

Cheers

-- 
ian j hart
Received on Thu Dec 06 2007 - 12:26:20 MST

This archive was generated by hypermail pre-2.1.9 : Tue Jan 01 2008 - 12:00:01 MST