Tips for building a root server?

[Brian Salomaki]

I'm almost certain that you could do what you're looking to with Squid, yes.  
If the included documentation isn't enough, you can probably find some 
knowledgable people on a Squid mailing list.  Another option may be to 
configure firewall rules, if you're already using one.  You could disable 
port 80 access by default, and then allow it on a site-by-site basis.

On Friday 05 October 2001 11:48 am, Mike wrote:
> > Setting up internal roots is not that tricky.
> >
> > Byt if the only reason is to prevent Internet abuse i think
> > you are on the wong track.
>
> It's not about abuse, it's about specific web sites offering a technology
> that is an extreme security risk for my company.  We feel that it is time
> to start allowing only certain sites, and not allowing any other sites.
>
> > Step 1 is to establish and publish a "Policy" step 2 is
> > making this policy known and followed by whatever methods needed.
> > Step 3 is tracing and firing the ones that does not follow corporate
>
> rules.
>
> We have a policy, and everyone knows about it and has signed off on it.
> Yes, abuse continues, but no has been fired, yet.  We would rather restrict
> access than fire people mainly because security can be more easily enforced
> through the computers rather than through people...I don't know if I like
> that, but that's the way things are going right now.
>
> > Tinkering with DNS only stops the casual abusers.
>
> Okay, so I will build a proxy server, but which one should I use, Squid?
> Can I use it to allow only certain domains to pass through to users, e.g.
> allow cnn.com ??  I want to be able to build a list of domains that can be
> accessed, and not worry about any other domains.
>
> Mike

-- 
Brian Salomaki
Gambit Design Internet Services
110 E. State St., Suite 18, Kennett Square, PA 19348
DNSbox: http://gambitdesign.com