[K12OSN] OT: Limiting to a specific proxy to prevent getting aroundit

Steven Santos steven at simplycircus.com
Wed Jan 17 15:23:04 UTC 2007


I think you can virtually eliminate the issue using a few simple URL filters
along with RBL's of open proxy servers.

Take a look at the common proxy servers that are freely available and can be
set up easily by students at home.  Then create rules to filter (for
example, proxy.php).

http.dnsbl.sorbs.net List of Open HTTP Proxy Servers.
socks.dnsbl.sorbs.net List of Open SOCKS Proxy Servers.
misc.dnsbl.sorbs.net List of open Proxy Servers not listed in the SOCKS or
HTTP lists.

(many others exist, these were just easy to access)

In my area, the town library makes a number of online databases available
over the net that we don't /can't afford to buy ourselves.  Unfortunatly you
must use the libraries proxy server to access it.  My point is that while
you are doing this, you should also create a list of approved (white listed)
proxy servers that your students or staff may need to access.

----------------------------------------------------------------------
Steven Santos
Director, Simply Circus, Inc.
Email: Steven at SimplyCircus.com
 Mail: PO BOX 620753
       Newton, MA 02462
Phone: 781-799-4938
 eFax: 309-214-0899
  Web: www.SimplyCircus.com

> -----Original Message-----
> From: k12osn-bounces at redhat.com [mailto:k12osn-bounces at redhat.com]On
> Behalf Of David Trask
> Sent: Tuesday, January 16, 2007 10:24 PM
> To: K12OSN at redhat.com
> Subject: [K12OSN] OT: Limiting to a specific proxy to prevent getting
> aroundit
>
>
> Hi all,
>
> I'm probably going to confuse even myself before I'm done.  I'm using an
> SME server (based on CentOS) running DansGuardian for content
> filtering/proxing...etc.  I'm also running proxy auth.  So the way it
> works now....if the user has the proxy server (10.0.0.1 port 8080) set in
> their browser, then they get challenged to log in the moment they try to
> open a browser.  They log in and then surf from there....and are filtered
> according to the group that they are a member of (in other words students
> are filtered more harshly than staff....etc).  If the browser does not
> have the proxy set, then they are transparently proxied and are filtered
> at the default level (which is pretty harsh in our case to encourage
> logging in).  Now my dilemma.  I still need to play with this more, but at
> the moment if I enter a different proxy, such as 195.179.62.1 or something
> like that I may have found on the Internet, I can essentially bypass the
> filter.  What I want to do is to find a way to ONLY accept either no proxy
> setting (thus transparent) or 10.0.0.1 on port 8080....and nothing else.
> If a kid enters any other proxy in their browser....it simply doesn't go
> or gets dropped.  Any ideas?
>
> I'm not desperate here as I'm in a middle school and the kids know that I
> know more than they do and can monitor most of what they do, I'm just
> thinking ahead and trying to solve somthing before it becomes an issue.
> Anonymizers and proxyfiers are causing major issues in other schools and I
> want to help them out.  I'm open to all sorts of ideas.....even other
> firewall/content filters like IPCop and the like (FOSS only please)  ;-)
> Can you help?
>
> David N. Trask
> Technology Teacher/Director
> Vassalboro Community School
> dtrask at vcsvikings.org
> (207)923-3100
>
>
> _______________________________________________
> K12OSN mailing list
> K12OSN at redhat.com
> https://www.redhat.com/mailman/listinfo/k12osn
> For more info see <http://www.k12os.org>
>
>




More information about the K12OSN mailing list