+ Post New Thread
Results 1 to 9 of 9
Internet Related/Filtering/Firewall Thread, Websence & Squid 2.5 = Filtering workaround?? in Technical; Ok a bit of background info. Our LA has recently moved to an ISA 2006 box from 2000. At the ...
  1. #1
    pooley's Avatar
    Join Date
    Sep 2005
    Location
    S Wales
    Posts
    1,191
    Thank Post
    86
    Thanked 139 Times in 115 Posts
    Rep Power
    70

    Websence & Squid 2.5 = Filtering workaround??

    Ok a bit of background info.

    Our LA has recently moved to an ISA 2006 box from 2000. At the same time they ditched surfcontrol and have implemented Websense.

    As the schools have a silly UID&Pass to authenticate to the ISA box for authentication I wanted to use one of my servers as a transparent proxy to authenticate for all my users. I used to use Python (ntlmapps) but it doesnt like the new isa box.

    So I started playing with Squid 2.5 (For windows)

    Installed this on one of my Server 2003 box's , configured it and away to go..... or so I thought.

    I wandered into one of my IT suites today to find a group of Year 4 kids on Youtube, on closer inspection (good job they hadn't noticed) the internet was totally unfiltered

    My 1st call was to county to ask if Websense had fallen over etc but nope it was local to my school. It seems that if I point a Browser directly at the ISA server and give the correct credentials when prompted I can get on the internet fine and Youtube/pron etc is all blocked.

    Browser
    |
    LA ISA
    |
    Websense Filtered content


    If I configure squid (with the same credentials) set it running and then point my browser to squid, it works as a transparent proxy but also manages to bypass the whole filtering system.

    Browser
    |
    Squid instance
    |
    LA ISA
    |
    Unfiltered content


    On the ISA server logs you can see it making the "handshake" and agreeing that the Username/credentials are correct and looks like its working,but then decides not to filter any content.

    Obviously I have turned off Squid and am not going back, but I would love to know how squid is being so clever at getting around the filtering. Its a massive security hole as is.

    Any Squid masters out there got any advice/info ?

    Cheers

    Si

  2. #2

    FN-GM's Avatar
    Join Date
    Jun 2007
    Location
    UK
    Posts
    16,374
    Thank Post
    906
    Thanked 1,811 Times in 1,559 Posts
    Blog Entries
    12
    Rep Power
    468
    Its actually a websense thing i think. There is something you can do to make it filter. Im sure you simply put a text file into a directory. I will see if i can find it.

    EDIT:

    Try this on the websense server:

    1. make a file called ignore.txt into Windows > System32
    2. in the file put the hostname of the ISA firewall that the websense filtering plug-in is installed on
    3. Reboot server
    Last edited by FN-GM; 2nd February 2010 at 12:52 AM.

  3. Thanks to FN-GM from:

    SYNACK (1st June 2010)

  4. #3
    pooley's Avatar
    Join Date
    Sep 2005
    Location
    S Wales
    Posts
    1,191
    Thank Post
    86
    Thanked 139 Times in 115 Posts
    Rep Power
    70
    Thanks mate, I assume this needs to be done on the ISA server not my local server running squid.
    I will ask the LA to "Take a look" in the morning.

  5. #4

    FN-GM's Avatar
    Join Date
    Jun 2007
    Location
    UK
    Posts
    16,374
    Thank Post
    906
    Thanked 1,811 Times in 1,559 Posts
    Blog Entries
    12
    Rep Power
    468
    You will get round it if you set the default gateway to the ISA server as well.

    I have setup many Websense and ISA setups in schools in rochdale. Done that a few times and it will allow you set the clients default gateway to ISA and then websense will filter it instead of ignoring the traffic.

  6. #5
    pooley's Avatar
    Join Date
    Sep 2005
    Location
    S Wales
    Posts
    1,191
    Thank Post
    86
    Thanked 139 Times in 115 Posts
    Rep Power
    70
    Hmm our Default gateway is currently our main switch, not sure of the consequences of changing it to county ISA

  7. #6
    pooley's Avatar
    Join Date
    Sep 2005
    Location
    S Wales
    Posts
    1,191
    Thank Post
    86
    Thanked 139 Times in 115 Posts
    Rep Power
    70
    Still quite worrying if Websense default condition allows Squid to bypass all filteringunless there is a txt file saying not to ??

  8. #7

    FN-GM's Avatar
    Join Date
    Jun 2007
    Location
    UK
    Posts
    16,374
    Thank Post
    906
    Thanked 1,811 Times in 1,559 Posts
    Blog Entries
    12
    Rep Power
    468
    i think its because it will be using NAT. The steps above should have been taken.

    Try pointing a machine to ISA as the DG and see what happens.

  9. #8
    pooley's Avatar
    Join Date
    Sep 2005
    Location
    S Wales
    Posts
    1,191
    Thank Post
    86
    Thanked 139 Times in 115 Posts
    Rep Power
    70
    Thanks, I will pass on what you have said in the morning (later on today even)

    Set the default gateway to the ISA server but it had no effect either way on the filtering. Not sure what that means lol

  10. #9
    Mcshammer_dj's Avatar
    Join Date
    Feb 2007
    Location
    Portsmouth
    Posts
    991
    Thank Post
    39
    Thanked 180 Times in 145 Posts
    Rep Power
    98
    WE had this problem with some of our schools and the problem lay with a change needing to be made to one of the websense ini files.

    There were problems with the case sensitivity of the commands. Websense were able to fix this with changes to the ini files.

    Will try to find the details of this if I can

    It is wrth noting that this is not specifically a squid issue as schools that had an ISA server setup were experiencing the same issue.
    Last edited by Mcshammer_dj; 2nd February 2010 at 05:11 PM.



SHARE:
+ Post New Thread

Similar Threads

  1. [MS Office - 2007] DOCX as ZIP , workaround?
    By jmair in forum Office Software
    Replies: 10
    Last Post: 28th September 2010, 10:24 AM
  2. Replies: 1
    Last Post: 5th March 2009, 04:22 PM
  3. Web & e-Mail Filtering...
    By towen in forum Network and Classroom Management
    Replies: 11
    Last Post: 6th February 2008, 06:12 PM
  4. INTERNET & FILTERING
    By Maltese_Wizard in forum Hardware
    Replies: 11
    Last Post: 3rd November 2006, 06:31 PM
  5. yourOS.com - filter workaround
    By pooley in forum Links
    Replies: 15
    Last Post: 30th July 2006, 09:20 AM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •