2012-02-10 - Re: [GRASE-Hotspot] squid and opendns

Header Data

From: Tim White <ti***8@gmail.com>
Message Hash: c5534c0f7df70fbe1bc00fd85fa6dc7bce8b8a3d75387552fdf05ffcf799b02a
Message ID: <4F35B16A.5060508@gmail.com>
Reply To: <4B23A9BD88D745749AA228F86515EADD@PC>
UTC Datetime: 2012-02-10 17:08:10 UTC
Raw Date: Sat, 11 Feb 2012 10:08:10 +1000

Raw message 

On 11/02/12 02:08, Oscar Saiz wrote:
> Hi Tim!
> I have a question for you, perhaps a stupid question.
> I've updated the tree packages that you pushed up recently 
> (grase-conf-squid3 - grase-www-portal - grase-conf-dnsmasq) and I can 
> see that something have happened with my squid.
> I had some ACL to avoid that my users could surfing some pages in the 
> Internet, and to avoid that they could use some words like porn, sex, 
> ...  and it doesn't work now. I've seen that the reason is because my 
> squid3.conf.grase has been renamed and now I have a new squid.conf.grase.
> Then if I try to surfing a porn page I obtain a message from opendns 
> (www.blocked-website.com) which says that I can't visit that page.
> Is it normal? Why is the reason because these filters  are activated? 
> What should I do if I don't want that opendns blocks those pages?
> Regards
Hi Oscar.
Not a stupid question at all.
For now, changes to squid.conf.grase aren't supported, but I hope to be 
able to support them in some way in the future. (If you do make changes, 
backup your changes so when it gets overwritten, you can revert the 
changes you need). Ideally, I'll be making a dansguardian package to do 
the filtering, and let squid just do the proxing. Before I released 
Grase, I did use Dansguardian infront of squid, but took that out before 
the release due to it being difficult to setup Dansguardian and adjust 
its filtering (and some people wouldn't want the strict filtering I was 
using).

The reason the OpenDNS is blocking things, is because the default DNS 
server the Grase Hotspot installs with, is the OpenDNS family filter. 
You can change that in the Admin interface, under network settings. If 
you don't want this filtering, you can change the DNS servers to your 
own ISP servers, or to the OpenDNS normal servers. You can even setup 
OpenDNS so you can customise the filtering it provides.
The 2 reasons I defaulted to OpenDNS family filter, is that firstly it 
provides a reasonable level of filtering out of the box, which is useful 
for people new to setting up any filtering, and secondly, it provides 
"good" DNS servers that we can rely on being stable. It's not uncommon 
to setup a router for a client, and discover that ether the upstream 
modem's DNS server, or the ISP's DNS server, do funky/dodgy things and 
end up causing half your problems! (And this was also the reason for the 
grase-conf-squid package change recently).

I hope that helps.

Thanks

Tim

Thread