+ Post New Thread
Page 1 of 2 12 LastLast
Results 1 to 15 of 26
Network and Classroom Management Thread, Something I've been working on in Technical; Hi Guys, I've been working on this project for approximately 2 months now; NetBlocker. It's basically a network/classroom management tool ...
  1. #1
    TheMan100's Avatar
    Join Date
    Dec 2010
    Posts
    156
    Thank Post
    8
    Thanked 15 Times in 15 Posts
    Rep Power
    10

    Something I've been working on

    Hi Guys,
    I've been working on this project for approximately 2 months now; NetBlocker. It's basically a network/classroom management tool which allows administrators/staff to block internet access to groups of computers (such as rooms) and to individual accounts, it also makes use of Active Directory to easily allow you to import the computer groups based on your already existing OUs. You also have the option to modify groups, create your own groups, create exempt lists etc. When blocking users/groups, you can either permanently block them, or set a time at which they'll automatically be unblocked. The software will be free of charge, and is aimed as schools/organisations who can't afford to buy the well-known network/classroom management tools, it's not aimed at replacing what already exists. I've also tried to make sure that it's as easy as possible to setup, deploy and remove from computers.

    This is only a brief post describing the software, I will provide more information nearer to the release (hopefully within a month).
    Screenshot of the administration tool (there's also a separate tool which can be deployed to staff, which is a basic version of the administration tool):


    If you have any suggestions/queries post them here, or send me a pm
    Thanks,
    TheMan100

  2. Thanks to TheMan100 from:

    TheScarfedOne (8th January 2012)

  3. #2

    witch's Avatar
    Join Date
    Nov 2005
    Location
    Dorset
    Posts
    11,111
    Thank Post
    1,367
    Thanked 2,374 Times in 1,671 Posts
    Rep Power
    703
    Sounds VERY interesting!

  4. #3

    Join Date
    Aug 2009
    Posts
    246
    Thank Post
    19
    Thanked 15 Times in 14 Posts
    Rep Power
    13
    How's it blocking the internet access?

  5. #4
    TheMan100's Avatar
    Join Date
    Dec 2010
    Posts
    156
    Thank Post
    8
    Thanked 15 Times in 15 Posts
    Rep Power
    10
    Quote Originally Posted by Blue_Cookeh View Post
    How's it blocking the internet access?
    Good question .
    To put it simply, there'll be a 'client' service running on the computer in question, that will find what group the computer is in, and will then check the status of that group at a set interval. If the group (or user) is flagged as being blocked, the client service will block ports 80 and 443, and will force the user to use a non-existent proxy.

  6. #5

    nephilim's Avatar
    Join Date
    Nov 2008
    Location
    Dunstable
    Posts
    11,783
    Thank Post
    1,623
    Thanked 1,877 Times in 1,395 Posts
    Blog Entries
    2
    Rep Power
    422
    blocking port 80 and 443 wont do much...port 8080, 8081 do the same job as those 2 and if 80 and 443 are blocked, most (if not all since W7) machines default to the next available ports for surfing

    You would need to blanket block all ports except TCP and UDP

    However the proxy is a different issue, how is it doing this to a live user?

  7. #6
    TheMan100's Avatar
    Join Date
    Dec 2010
    Posts
    156
    Thank Post
    8
    Thanked 15 Times in 15 Posts
    Rep Power
    10
    Quote Originally Posted by nephilim View Post
    blocking port 80 and 443 wont do much...port 8080, 8081 do the same job as those 2 and if 80 and 443 are blocked, most (if not all since W7) machines default to the next available ports for surfing

    You would need to blanket block all ports except TCP and UDP

    However the proxy is a different issue, how is it doing this to a live user?
    Thanks for bringing that to my attention I'm still not sure as to if it's even worth blocking the ports, as I would've thought that redirecting the user to a non-existent proxy would be enough. But when I've been testing it, when port 80 and 443 were blocked, it didn't try to access the site on another port, and consequently didn't load.

    I'm not quite sure what you mean by a live user, I'm guessing you're on about when a user is actually using the computer? Well, when the service detects that the user/group has been flagged as 'blocked', a copy of that user's proxy settings will be stored locally (this is so if the user/group is unblocked during the same session, the settings will be restored without having to have the user log back in and out). The user's proxy settings (stored in the registry), will then be overwritten with a non existent proxy server. The user's browsing session will then be killed.

  8. #7

    nephilim's Avatar
    Join Date
    Nov 2008
    Location
    Dunstable
    Posts
    11,783
    Thank Post
    1,623
    Thanked 1,877 Times in 1,395 Posts
    Blog Entries
    2
    Rep Power
    422
    By a live user I mean if someone is browsing and then it is decided to block access, how will it do it then? By the way you have it, they could leave their browser open and have no issues, so you would need some way of remote killing iexplore.exe or firefox.exe or whatever at the same time the button is clicked for the access to the internet to be blocked.

  9. #8
    TheMan100's Avatar
    Join Date
    Dec 2010
    Posts
    156
    Thank Post
    8
    Thanked 15 Times in 15 Posts
    Rep Power
    10
    Quote Originally Posted by nephilim View Post
    By a live user I mean if someone is browsing and then it is decided to block access, how will it do it then? By the way you have it, they could leave their browser open and have no issues, so you would need some way of remote killing iexplore.exe or firefox.exe or whatever at the same time the button is clicked for the access to the internet to be blocked.
    Yes, iexplore.exe along with various other well-known browser processor names will be killed at the time the block is 'processed' by the service.

  10. #9


    Join Date
    Jan 2006
    Posts
    8,202
    Thank Post
    442
    Thanked 1,032 Times in 812 Posts
    Rep Power
    339
    Sounds like a fantastic idea - but why not do all the processing on the proxy server itself? this way you don't need to worry about; the browser type, operating system, whether you have admin rights on the device or even writing a client side application at all.

  11. #10
    TheMan100's Avatar
    Join Date
    Dec 2010
    Posts
    156
    Thank Post
    8
    Thanked 15 Times in 15 Posts
    Rep Power
    10
    Quote Originally Posted by CyberNerd View Post
    Sounds like a fantastic idea - but why not do all the processing on the proxy server itself? this way you don't need to worry about; the browser type, operating system, whether you have admin rights on the device or even writing a client side application at all.
    Yeah, that would be a better way of doing it, but I wouldn't have a clue where to start. I'm guessing I'd need some sort of API to the application running the proxy, in order to process it on the proxy.

    Thanks for the suggestion though

  12. #11


    Join Date
    Jan 2006
    Posts
    8,202
    Thank Post
    442
    Thanked 1,032 Times in 812 Posts
    Rep Power
    339
    Quote Originally Posted by TheMan100 View Post
    Yeah, that would be a better way of doing it, but I wouldn't have a clue where to start. I'm guessing I'd need some sort of API to the application running the proxy, in order to process it on the proxy.

    Thanks for the suggestion though
    yeah - it should be quite doable and you could use the existing console panel, many proxy servers use squid (free), which has Active Directory authentication and hte config files are text files. I think you'dneed to change the ident_lookup in squid to block people from your banned user groups.
    I guess the api would just be an ssh access

  13. #12
    TheMan100's Avatar
    Join Date
    Dec 2010
    Posts
    156
    Thank Post
    8
    Thanked 15 Times in 15 Posts
    Rep Power
    10
    Quote Originally Posted by CyberNerd View Post
    yeah - it should be quite doable and you could use the existing console panel, many proxy servers use squid (free), which has Active Directory authentication and hte config files are text files. I think you'dneed to change the ident_lookup in squid to block people from your banned user groups.
    I guess the api would just be an ssh access
    Okay, thanks for the information, I'll look in to it further when I have some extra free time.

  14. #13

    dhicks's Avatar
    Join Date
    Aug 2005
    Location
    Knightsbridge
    Posts
    5,622
    Thank Post
    1,240
    Thanked 777 Times in 674 Posts
    Rep Power
    235
    Quote Originally Posted by TheMan100 View Post
    I wouldn't have a clue where to start. I'm guessing I'd need some sort of API to the application running the proxy, in order to process it on the proxy.
    If you use Squid as an HTTP proxy it will pass each URL to a "helper" script for re-writing. The "API" involved is simply a bunch of URLs being written to the stdin of a script, with new the URL being written on stdout. If the script wants to allow the URL it simply returns the original URL, otherwise it returns the URL of a this-page-is-blocked page somewhere. You just need to write the rewrite script part of things. I have something part finished, if it's any help, it just needs a nice interface adding for people to add URLs to block.

  15. #14
    TheMan100's Avatar
    Join Date
    Dec 2010
    Posts
    156
    Thank Post
    8
    Thanked 15 Times in 15 Posts
    Rep Power
    10
    Quote Originally Posted by dhicks View Post
    If you use Squid as an HTTP proxy it will pass each URL to a "helper" script for re-writing. The "API" involved is simply a bunch of URLs being written to the stdin of a script, with new the URL being written on stdout. If the script wants to allow the URL it simply returns the original URL, otherwise it returns the URL of a this-page-is-blocked page somewhere. You just need to write the rewrite script part of things. I have something part finished, if it's any help, it just needs a nice interface adding for people to add URLs to block.
    Sounds interesting, although I think I'm going to focus on proxy specific projects in my extra free time.

  16. #15
    TheMan100's Avatar
    Join Date
    Dec 2010
    Posts
    156
    Thank Post
    8
    Thanked 15 Times in 15 Posts
    Rep Power
    10
    P.S I haven't forgotten about this I've just got other commitments at the moment (Battlefield 3 *cough*).

SHARE:
+ Post New Thread
Page 1 of 2 12 LastLast

Similar Threads

  1. Replies: 4
    Last Post: 7th February 2010, 01:27 PM
  2. Largest project you've worked on...
    By stratisphere in forum Coding
    Replies: 43
    Last Post: 11th January 2010, 01:58 PM
  3. Think I've been stung on Ebay
    By park_bench in forum General Chat
    Replies: 18
    Last Post: 4th July 2007, 11:18 AM
  4. will tjis work on mac
    By russdev in forum Mac
    Replies: 9
    Last Post: 4th January 2006, 11:57 AM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •