I was wondering if anyone could share with me what sort of changes they have made to their smoothwall system for their school (13-18 age group).
It seems that the default is causing a few problems. Some sites are just the pupil's complaining but some are actually usefull sites that are blocked, mostly I believe by the adaptave content checking.
I've just upped the trip limit to "160" but I was wondering if any of the experienced people out there had any suggestions for configuration changes.
In my setup I have actually got it at 100 for the filtering and don't find it a major issue, I do have a well established allow list for educational sites, especially flash interactive ones which get caught up in the Flash Filter, but have done very little other modifications to the product. I think I've only got 3 or 4 expressions added in and that's just to adjust the weighting of one or two words which are problematic words.
Yeah - allowing known good sites that we need and moaning at nile_c whenever a particular category is being retarded seems to work for us.
OK so I've been playing and whilst I've sort of improved it a bit I've come accross something I couldn't get round.
"Allowing" news sites to stop them being blocked by the adaptive filtering. This then enables the whole of sky.com including the Skyplayer, which I don't want. But I can't block it as the allow overrides the block.
If I turn off the allow news then it blocks some news sites (even with the "good content" news fiter turned on) on certain pages.
Stuart - as pete says - talk to nile on monday, we may be able to tweak your config.
John - if you could send us any exceptions/mods you have...
We will be making some big changes to the engine soon, and news sites are one of the areas which will benefit from this.
It would be nice to apply custom exception list changes without restarting the proxy. In NTLM auth mode it can take up to 2 minutes for guardian to restart which is a bit too long during the day.
Oh, testing the new auth module atm and it now works fine with our 2008 R2 native domain (with default domain policies - no reduction in signing etc). I think 3.2m web requests in 2 days was probably a reasonable volume for the test :p
Dave - if you are talking about your custom white/black lists, that's one of the core design decisions in the new engine. Some data will be considered volatile - this means it should be able to be changed with no restart at all. Custom URL lists will fall into this category. If you're talking do-not-auth-for these domains, that will certainly see some improvement, as right now, auth is split between squid and guardian, depending on your method, so a change to dnaf means - yep, you guessed it - bumping squid. Yuck. Anyway, new guardian will be taking over all frontend auth duties, which will mean a shorter reload or none at all. I'll ask the devs what the plan is.
Thanks very much for being one of our testers. Your proximity to the development team there is always re-assuring as we can get bodies on-site in hours if it goes wrong! Sounds like you've had a good chunk of activity through it as well - that's really great news - i have been out of the office a couple of days so haven't been keeping up with newauth recently. Remind me I owe you a beer or 3 next BETT.
Did I read somewhere that you would be ably to modify the order in which block/apply rules appear in the list? Will that mean that I could leave my custom block rules near the top and have them always blocked even if the categories are allowed further down?
@Stuart - presently that isn't an option, that's added with an update in October.
There options to do what you need however... I'll get Nile on the case.