[KLUG Members] Bogus header for Squid

[Bruce Smith]

>>>> That's great!  How big of a machine are you running it on?
>>> Dual Xeon 2.8GHz, 2 GB RAM, two 72 GB 10k RPM SCSI drives. Swap is
>>> barely touched, if ever. All of that in 1U.
>> Gee, why don't you get a REAL computer for this job? :)
>> But maybe this one will doo.. what sort of load are you seeing?
>
> I checked this morning with top during peak usage and I think it was
> around 30%...I'd have to check again tomorrow to be sure.

That's not overkill for 4000 users (no matter what Bob implies).
If anything, I'd go larger!

I've found that a fast squid box makes a noticeable improvement
in performance for the users.

>>> Which filtering software are you using?  Squidguard or something 
>>> else?
>>> http://dansguardian.org/  It's realtime content filtering, not a
>>> database lookup.
>> Is this an IPCop box? If so, what version?
>
> Nope, not IPCop, but I thought I read somewhere recently that IPCop
> supports Danguardian. I'm using a readily available distribution of
> Linux, fully patched and hardened as best as I know how.

If you really want a hardened Linux box, Devil-Linux works great as a
squid server.  It's hard to 'root' a CDR, plus it has a lot of hardening
kernel and library patches, plus _everything_ is compiled with the gcc
stack smashing protector, and gcc is set to enable Position Independent
Executables (Grsecurity PAX stuff).

I run my company's squid server from a DL box.  I don't run any filters,
but some people on the the DL mailing list are using Dan's Guardian.
(and it comes with squidguard, FWIW)

  - BS