[K12OSN] OT: Limiting to a specific proxy to prevent getting around it

[David Trask]

Hi all,

I'm probably going to confuse even myself before I'm done.  I'm using an
SME server (based on CentOS) running DansGuardian for content
filtering/proxing...etc.  I'm also running proxy auth.  So the way it
works now....if the user has the proxy server (10.0.0.1 port 8080) set in
their browser, then they get challenged to log in the moment they try to
open a browser.  They log in and then surf from there....and are filtered
according to the group that they are a member of (in other words students
are filtered more harshly than staff....etc).  If the browser does not
have the proxy set, then they are transparently proxied and are filtered
at the default level (which is pretty harsh in our case to encourage
logging in).  Now my dilemma.  I still need to play with this more, but at
the moment if I enter a different proxy, such as 195.179.62.1 or something
like that I may have found on the Internet, I can essentially bypass the
filter.  What I want to do is to find a way to ONLY accept either no proxy
setting (thus transparent) or 10.0.0.1 on port 8080....and nothing else. 
If a kid enters any other proxy in their browser....it simply doesn't go
or gets dropped.  Any ideas?

I'm not desperate here as I'm in a middle school and the kids know that I
know more than they do and can monitor most of what they do, I'm just
thinking ahead and trying to solve somthing before it becomes an issue. 
Anonymizers and proxyfiers are causing major issues in other schools and I
want to help them out.  I'm open to all sorts of ideas.....even other
firewall/content filters like IPCop and the like (FOSS only please)  ;-)  
Can you help?

David N. Trask
Technology Teacher/Director
Vassalboro Community School
dtrask at vcsvikings.org
(207)923-3100