Where can I find public, updated deny-dom lists. There is liste avaliable for spam (spamassassin), relays.ordb.org etc. so why not for web-servers.
I'm not so much concerned about users accessing XXX-sites, but more about servers that are known to contain malicius code, or may contain other none-mainstream things (whatever that could be). I don't think that you can really control this that way. You are probably talking about IE vulnerabilities. You have two choices:
a) an application layer firewall that filters out malicious javascript, etc. (something like a virus scanner for web pages). I don't believe in virus scanners, because they don't cure the cause for illness. MS software is just too insecure for being used in the net ... Even the CERT says so! [1] Your other choice is b) Do it like my company did: Completely block IE using squid [2] and offer Mozilla Firefox instead [3]. Even MS sponsored Sites are now spreading the word :) [4] Markus [1] http://www.kb.cert.org/vuls/id/713878#solution http://www.theregister.co.uk/2004/06/28/cert_ditch_explorer/ [2] http://gaugusch.at/squid.shtml [3] http://gaugusch.at/firefox.shtml [4] http://slate.msn.com/id/2103152/ -- __________________ /"\ Markus Gaugusch \ / ASCII Ribbon Campaign markus(at)gaugusch.at X Against HTML Mail / \