Leland J. Steinke wrote:
How hard should it be to combine the web caching function of a Qube3 with an external content-filtering system such as surfwatch/surfcontrol? Our customer wants to avoid configuring proxies on every workstation and we figured that it could be done once for all on the qube. If this is going to be an exercise in IPChains, so be it.
It shouldn't be tough at all, provided there is a Linux version of the filtering software you want to run.
On my own Qube3, I run JunkBuster (a banner blocker -- http://www.junkbuster.com/) and Squid caching together. Junkbuster runs as a proxy service on port 8000; I just had to configure it to point itself at Squid instead of going immediately to the web on port 80.
For very simple blocking, you can use the "built-in" (after installing the multi-lingual patch) "Restricted Access" filter, which allows you to create either an explicit allow or explicit deny list. This actually uses Squid itself as the "filter" by [only|not] retrieving pages from the specified domains. The control page shows up under Web Services on the Qube's Administrative interface when the patch is installed.
Restricted Access also has a field to enter IP addresses of certain workstations, so only designated workstations can even attempt to go through the Qube, and the rest are blocked immediately.
The downside to this (if you are doing explicitly denied sites) is that you have to keep up with the list of domains you want blocked. Explicitly allowed lists are easier: "you can go to *.yahoo.com and *.sun.com sites. All others are blocked."
-- Bruce Timberlake Technology Engineer Sun Cobalt Server Appliances Sun Microsystems, Inc. E: bruce.timberlake@xxxxxxx T: 877-718-3569 U: http://www.sun.com/cobalt/