[K12OSN] Public Proxy server needed or advice

David Whitmer thewhitmers at gmail.com
Thu Feb 1 13:03:33 UTC 2007 

On 2/1/07, David Trask <dtrask at vcsvikings.org> wrote:
> This is essentially a Windows question brought on by some cool stuff I did
> in Linux   ;-)  Yesterday I upgraded my SME/DansGuardian server.  I ended
> up with a tighter system then I had previously.  I am doing PAM
> authentication so that when a user wants to use the Internet they must
> authenticate with their web browser (clicking on any browser pops up a
> login screen) before surfing.  This helps track activity, but has the
> added benefit of allowing me to filter by groups and also give the staff
> the ability to bypass the filter when they run into a blocked site.
> Before the upgrade....if you had browser settings....you had to
> authenticate.....if you did not have browser settings....then you were
> transparently proxied and thus filtered at the default (and much harsher)
> level.  Now....if you have browser settings....fine....if not...you ain't
> going nowhere!  Ports 80 and 3128 are blocked....only 8080 is allowed for
> DG.  Now....my problem is this.....
>
> Due to the fact that I have to authenticate to the proxy before I can
> access the outside world, this poses a problem for things like Windows
> Update.  Many programs allow me to enter a proxy and the
> username/password.  AVG does a great job with this.  It'll try the proxy
> first and then try direct.  Windows Update depends on the proxy settings
> in Internet Explorer.  Unfortunately there is no way (that I can find) to
> embed the username and password in the Connection Settings.  To make life
> easier I have written a proxy.pac file to auto-configure the proxy for IE
> and firefox, but alas I am unable to find a way to authenticate IE so that
> Windows Defender and windows update will work properly.  I'm basically
> trying to get some staff laptops squared away with this.  The desktops are
> fine....and everything else is either Linux or OS X....and thus easier to
> work with in this regard.  My only other hope at this point is to use an
> outside Proxy server on port 8080 (or other non-standard port) just for IE
> (which we never use as a browser)  IE is only enabled on these particular
> staff laptops....otherwise we use Firefox and Safari all around.    I
> either need a good solid external proxy server (preferably on port 8080)
> or some advice on how to either rewrite my proxy.pac file so that I can
> embed the username and password....or some other Windows magic.  Any ideas?
>
> My proxy.pac file is below:
>
> function FindProxyForURL(url, host)
> {
>  if (isInNet(myIpAddress(), "10.0.0.0", "255.255.240.0"))
>  return "PROXY 10.0.0.1:8080";
>  else
>  return "DIRECT";
> }
>
>
> (this file basically tests to see if it is on my LAN and if so...use the
> proxy....otherwise (if at home or whatever) use a direct connection)
>
> David N. Trask
> Technology Teacher/Director
> Vassalboro Community School
> dtrask at vcsvikings.org
> (207)923-3100
>
>

David,

This doesn't answer your question about public proxies, but may help
you nonetheless.

Our school ran into a similar problem with Windows Update on all our
Windows XP computers when we implemented CensorNet a few years ago.
(It uses Dansguardian and Squid, and I think.)  The solution that
worked for us was two-part:

1) add ".microsoft.com" and ".windowsupdate.com" to CensorNet's list
of authentication exceptions

2) instruct Windows Update to use Internet Explorer's proxy settings.
To do this:
- open a command window (Start | Run | cmd)
- enter the following: proxycfg -u

Step one removed the need to supply a username & password when running
Windows Update, though going through our proxy server (port 8080) was
still required.

Step two sets the default proxy settings in Windows by copying those
settings from the current user's Internet Explorer setup.  (We have
the proxy IP address and port entered directly in IE settings rather
than using proxy.pac.)  Windows Update uses the default proxy settings
rather than those for any specific user, as I understand it.

I'm not sure how exactly you could implement step one in your specific
setup, though I assume its possible.  (I've only ever worked with
Dansguardian as part of CensorNet and not in any other context.)

David Whitmer
Director of Media & Technology
Calvary Schools of Holland (Michigan)
web: www.calvaryschoolsholland.org
email: the.whitmers at gmail.com

More information about the K12OSN mailing list