Internet Related/Filtering/Firewall Thread, Websence & Squid 2.5 = Filtering workaround?? in Technical; Ok a bit of background info.
Our LA has recently moved to an ISA 2006 box from 2000. At the ...
2nd February 2010, 12:22 AM #1
Websence & Squid 2.5 = Filtering workaround??
Ok a bit of background info.
Our LA has recently moved to an ISA 2006 box from 2000. At the same time they ditched surfcontrol and have implemented Websense.
As the schools have a silly UID&Pass to authenticate to the ISA box for authentication I wanted to use one of my servers as a transparent proxy to authenticate for all my users. I used to use Python (ntlmapps) but it doesnt like the new isa box.
So I started playing with Squid 2.5 (For windows)
Installed this on one of my Server 2003 box's , configured it and away to go..... or so I thought.
I wandered into one of my IT suites today to find a group of Year 4 kids on Youtube, on closer inspection (good job they hadn't noticed) the internet was totally unfiltered
My 1st call was to county to ask if Websense had fallen over etc but nope it was local to my school. It seems that if I point a Browser directly at the ISA server and give the correct credentials when prompted I can get on the internet fine and Youtube/pron etc is all blocked.
Websense Filtered content
If I configure squid (with the same credentials) set it running and then point my browser to squid, it works as a transparent proxy but also manages to bypass the whole filtering system.
On the ISA server logs you can see it making the "handshake" and agreeing that the Username/credentials are correct and looks like its working,but then decides not to filter any content.
Obviously I have turned off Squid and am not going back, but I would love to know how squid is being so clever at getting around the filtering. Its a massive security hole as is.
Any Squid masters out there got any advice/info ?
IDG Tech News
2nd February 2010, 12:39 AM #2
Its actually a websense thing i think. There is something you can do to make it filter. Im sure you simply put a text file into a directory. I will see if i can find it.
Try this on the websense server:
1. make a file called ignore.txt into Windows > System32
2. in the file put the hostname of the ISA firewall that the websense filtering plug-in is installed on
3. Reboot server
Last edited by FN-GM; 2nd February 2010 at 12:52 AM.
2nd February 2010, 12:54 AM #3
Thanks mate, I assume this needs to be done on the ISA server not my local server running squid.
I will ask the LA to "Take a look" in the morning.
2nd February 2010, 12:56 AM #4
You will get round it if you set the default gateway to the ISA server as well.
I have setup many Websense and ISA setups in schools in rochdale. Done that a few times and it will allow you set the clients default gateway to ISA and then websense will filter it instead of ignoring the traffic.
2nd February 2010, 01:02 AM #5
Hmm our Default gateway is currently our main switch, not sure of the consequences of changing it to county ISA
2nd February 2010, 01:06 AM #6
Still quite worrying if Websense default condition allows Squid to bypass all filteringunless there is a txt file saying not to ??
2nd February 2010, 01:08 AM #7
i think its because it will be using NAT. The steps above should have been taken.
Try pointing a machine to ISA as the DG and see what happens.
2nd February 2010, 01:25 AM #8
Thanks, I will pass on what you have said in the morning (later on today even)
Set the default gateway to the ISA server but it had no effect either way on the filtering. Not sure what that means lol
2nd February 2010, 05:06 PM #9
WE had this problem with some of our schools and the problem lay with a change needing to be made to one of the websense ini files.
There were problems with the case sensitivity of the commands. Websense were able to fix this with changes to the ini files.
Will try to find the details of this if I can
It is wrth noting that this is not specifically a squid issue as schools that had an ISA server setup were experiencing the same issue.
Last edited by Mcshammer_dj; 2nd February 2010 at 05:11 PM.
By jmair in forum Office Software
Last Post: 28th September 2010, 10:24 AM
By goodhead in forum Windows
Last Post: 5th March 2009, 04:22 PM
By towen in forum Network and Classroom Management
Last Post: 6th February 2008, 06:12 PM
By Maltese_Wizard in forum Hardware
Last Post: 3rd November 2006, 06:31 PM
Last Post: 30th July 2006, 09:20 AM
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)