I dont know what to do. have Just been told that instead on just the one filtered proxy we now have 3 one for staff (unfiltered)i need to set up logins, 2 windows upate will not filter microsoft site. 3 student filter. what a pain i sopose the best thing to do now it to install wsus but i dont know have only got one server and is a primary school i need some idears. did not think i had enough to do it but to log in change proxy update then log out is going to be a pain in the A$$.
not sure what you're after here...
it sounds like you need an authenticating proxy that reads your user data (solving the login issue) and has an exception so that traffic from your server doesn't get filtered.
i'd find an oldish box and install a pre-packaged solution such as IPCop, Smoothwall or Censornet.
So.......
proxy - a) for staff unfiltered
proxy - b) for Windows updates
proxy - c) filtered for students
If you are running group policies, create a gpo for staff - and set this to use proxy a. Create a gpo for students - and set this to use proxy c.
If your pc's are set to run windows updates directly, you may need to reconfig this by setting up a wsus server - as you have suggested, setting this to use proxy b. The other 2 proxies may block updates - why else setup a third just for updates?
proxy - a) for staff unfiltered
proxy - b) for Windows updates
proxy - c) filtered for students
You don't need 3 servers to do this - run the cache on one port 3128 and the filter on another eg 8080 or set wsus to bypass the proxy altogether Dansguardian/Squid does this- probably you could even setup NTLM authentication on another port.
Also i find the switchproxy plugin for firefox a great deal of help when I need to switch between proxy servers fast.
https://addons.mozilla.org/firefox/125/
I've already solved this with Dansguardian. I'll post my config(s) tomorrow when I'm in school.
sounds to me like you're on the south west grid for learning. they have just changed their filters for the staff you need to setup users in the safety net interface you need to tell them the address of your servers so updates continue to work. i don't have web address i'm at home on pda if i remember i'll take a look in the am. i have to do this too
I'm on SWGfL as well, and have heard nothing of this for either school.
When did you hear about it?
I don't think it's a good idea to give staff unfiltered access anyway especially because they might inlclude a site in their lesson planning that they want the students to use and then find its filtered for the students.
Ben
These are the sections of the Squid.conf that allow windows updates to work without any authentication.
For differing filter settings for staff/students I just use dansguardians filter groups.Code:#For windows updates acl windowsupdates dstdomain .microsoft.com .windowsupdate.com #Allow windows updates with no authentication (dam M$ buggy junk) http_access allow windowsupdates
this is right thay have just changed there filtering policy sorry i have taken so long to get back had personal problems. i seem to have solved it i have had to install wsus and set that proxy as the update one and everyone else stays on the filtered proxy noone has unfiltered access. the other thing that has changed i have heard is the fact that swgfl now does not inform school of illegal activity it goes straight to the policethe first we know is when the police knock on the school do but what i cant find out is what they class as illegal. Have had a new aup for one of the girlfriend boys and went to a meeting when i asked his school what they beleved to be illegal the said other than the obvious they did not know.sounds to me like you're on the south west grid for learning. they have just changed their filters for the staff you need to setup users in the safety net interface you need to tell them the address of your servers so updates continue to work.
here are the updates but there are more which they told me about what arnt listed yet swgfl update
I went to a SWGFL internet safety update in gloucs last week where it was referred to... and that is how I found out!!!
when they say they let the Police know about illegal activity... they mean illegal... ie child porn... not anything else. (such as inappropriate material.. adult porn)... just attempts to access sites on the IWFs list..
Witch if you’re in Gloucs... I have an email address of the person who sends out updates works for the County Council I can pm you....
what about 'new' illegal activity from the 2006 Police and Justice Bill?when they say they let the Police know about illegal activity... they mean illegal
Aparrently this bill will outlaw commonly used diagnostic tools that 'could' be used for illegal activity such as nmap, ethereal,tcpdump. Law seems such a vague 'chatch all' it could even prohibit scripting languages and entire *nix distributions. http://news.zdnet.co.uk/security/0,1...9284750,00.htm
i was also told about racial activity and if they see any that will also be reported to the police unless you tell them that a class is doing a project on itsounds good but when will a teacher tell you what they are doing.Users shall not:
Visit Internet sites, make, post, download, upload or
pass on, material, remarks, proposals or comments
that contain or relate to:
pornography (including child pornography)
promoting discrimination of any kind
promoting racial or religious hatred
promoting illegal acts
any other information which may be offensive
to colleagues
SWGfL acknowledges that in certain planned curricular
activities, access to otherwise deemed inappropriate
sites may be beneficial for educational use (for example
investigating racial issues). Any such access should be
preplanned and recorded so that it can be justified
if required.
Sounds like its time to split off from them onto your own system which you deal with.
not allowed its a lea thing i beleve all sw schools have got be be on swgfl.
Its not that it is a bad thing it is fast very fast and reletive cheap its just getting more confusing.
There are currently 1 users browsing this thread. (0 members and 1 guests)
Posting Permissions
LinkBack URL
About LinkBacks
Reply With Quote