Comment Re:DansGuardian (Score 1) 384
Agreed on DansGuardian. You'd want all ports closed for all users in the organization, including 80 and 443, then you'd want to create an exception for the Dansguardian box.
Also, even if it's on older hardware, consider setting up a second box to serve as backup. Look into proxy autoconfiguration files. You can return two proxy addresses in an autoconfig file, and if your main proxy is down, your clients will silently fail over to the other box. The config files also allow your internal traffic to skip the proxy for things like your intranet site.
Also, consider putting
On squid (DansGuardian is often used with squid) look at your http_safe_ports (I might have that variable a little munged, as I'm not in the config right now) to make sure it's right for your org, and that it matches what your firewall is allowing out.