[K12OSN] RE: OT: Limiting to a specific proxy to prevent getting around it

Bert Rolston bert.rolston at clear.net.nz
Wed Jan 17 22:52:50 UTC 2007 

Hey all,

I've been keeping an eye on IPCop development.

I'm not sure if this is exactly what is needed, but suspect it could fit
the bill.

Block Out Traffic

BlockOutTraffic (in short BOT) is an addon for IPCop v1.4.x.
BOT will block all traffic that is allowed in a normal IPCop
installation. For example Green -> Red is blocked after installation of
BOT.
Rules must be created to allow traffic, which means (hard) work but
allows for more influence on traffic to and through your firewall.

BOT Rules are created by using a very intuitive extension to the IPCop
WebGUI.

The URL is 
http://blockouttraffic.de/index.php

I'm pretty sure this issue has been discussed on the IPCop mail-list.


There are a heap of good addons for IPCop at this website

http://firewalladdons.sourceforge.net/


Even though IPCop says it is targeted at the home user, small business,
I know it is being used on some LARGE sites.

HTH.

Cheers,
Bert

> 
> Message: 3
> Date: Tue, 16 Jan 2007 22:23:44 -0500
> From: "David Trask" <dtrask at vcsvikings.org>
> Subject: [K12OSN] OT: Limiting to a specific proxy to prevent getting
> 	around	it
> To: K12OSN at redhat.com
> Message-ID:
> 	<fc.004c57de002580a9004c57de002580a9.2580af at vcsvikings.org>
> Content-Type: text/plain; charset=ISO-8859-1
> 
> Hi all,
> 
> I'm probably going to confuse even myself before I'm done.  I'm using an
> SME server (based on CentOS) running DansGuardian for content
> filtering/proxing...etc.  I'm also running proxy auth.  So the way it
> works now....if the user has the proxy server (10.0.0.1 port 8080) set in
> their browser, then they get challenged to log in the moment they try to
> open a browser.  They log in and then surf from there....and are filtered
> according to the group that they are a member of (in other words students
> are filtered more harshly than staff....etc).  If the browser does not
> have the proxy set, then they are transparently proxied and are filtered
> at the default level (which is pretty harsh in our case to encourage
> logging in).  Now my dilemma.  I still need to play with this more, but at
> the moment if I enter a different proxy, such as 195.179.62.1 or something
> like that I may have found on the Internet, I can essentially bypass the
> filter.  What I want to do is to find a way to ONLY accept either no proxy
> setting (thus transparent) or 10.0.0.1 on port 8080....and nothing else. 
> If a kid enters any other proxy in their browser....it simply doesn't go
> or gets dropped.  Any ideas?
> 
> I'm not desperate here as I'm in a middle school and the kids know that I
> know more than they do and can monitor most of what they do, I'm just
> thinking ahead and trying to solve somthing before it becomes an issue. 
> Anonymizers and proxyfiers are causing major issues in other schools and I
> want to help them out.  I'm open to all sorts of ideas.....even other
> firewall/content filters like IPCop and the like (FOSS only please)  ;-)  
> Can you help?
> 
> David N. Trask
> Technology Teacher/Director
> Vassalboro Community School
> dtrask at vcsvikings.org
> (207)923-3100
>

More information about the K12OSN mailing list