Windows Thread, ISA 2000 vs Facebook Uploads in Technical; Hi All,
Would anyone know how to block uploads on facebook, as of last-night, we've had enough, we're averaging around ...
18th June 2008, 04:15 PM #1
ISA 2000 vs Facebook Uploads
Would anyone know how to block uploads on facebook, as of last-night, we've had enough, we're averaging around 4.5GB into facebook a night, due to being a very large independent boarding school.
We have a deny access between 8am-4pm, however after its open. I cant seem to get my head around it.
RM Safteynet ignores my ban on http://facebook.com/editalbum.php (where photos go in)
Any one have any luck doing this on an ISA server?
18th June 2008, 04:28 PM #2
Not to be a stick in the mud here but why are you wanting to remove this access? Is it costing you per gig or something?
18th June 2008, 04:33 PM #3
With SmoothWall you'd be able to block a specific URL at set times, or limit bandwidth per URL(!). However, our next feature pack (not the one currently in test... the next one) is "about" outgoing filtering.
Certainly HTTP get/post will come under scrutiny - quite how much is TBC - if you have any ideas i would like to hear them... certainly a "top uploaders" report would be cool to nobble the worst offending users, no?
18th June 2008, 04:34 PM #4
RM 2MB non-lease lined 20/1 contention, our incoming/outgoing email line, after 5p.m. you cannot access mail externally due to the lack of speed on the line.
Our Fundraising database also accesses various things out of school on the same line (We are Independent), which in turn slows this down.
18th June 2008, 04:36 PM #5
You mean my daily ban list? Sure, at present with ISA reporting there are some variables that go a-miss. I.e. "requires authentication" however most of the time through some genius method only an IP address is shown, rather than student.
Originally Posted by tom_newton
Any chance of usage per NETBIOS name? or associated an account with NB name?
18th June 2008, 05:14 PM #6
Hmm, interesting - so these being boarders you haven't got them auth'd against AD, so the name of the PC might be useful... afraid we only log the (reverse-dns looked-up) hostname at present.
18th June 2008, 05:29 PM #7
Oh, they are auth'd against AD, ISA ties all its groups and authentication through the DC's. However, "quirck, bug, general annoyance" it doesn't always authenticate properly.
Originally Posted by tom_newton
I remember an instance a while ago where specific boarders were using "Your Freedom" a paid SSL tunnel to get through ISA, and I still cant figure out why, the only reason they were caught, was the IP address showing massive traffic in logs, upon tracerting, and resolving the IP's we found them to be proxies.
How a java based applet running on machine could instantly bypass ISA authentication (required) via SSL is beyond me.
And now as per post... another major point is trying to limit traffic through facebook uploads, another point to add, with upcoming VLE implementation, traffic limitation is now a key priorty to providing a quality QOS inside and outside school
(If our lease line bid goes through, everythings going to go through a debian squid box, tied into AD, and specific delay_pools setup to limit facebook traffic to around 100kb/s down, 15kb/s up at most. Which would resolve all these issues, but can't guarntee its going to be approved)
Last edited by ahuxham; 18th June 2008 at 05:32 PM.
19th June 2008, 09:58 AM #8
Well, delay pools is what we use to throttle traffic - and in a BECTA approved manner so may be easier to get approval!
By SYSMAN_MK in forum Windows
Last Post: 3rd May 2008, 01:24 AM
By dan400007 in forum Coding
Last Post: 11th December 2007, 12:23 PM
By katem in forum Web Development
Last Post: 15th November 2007, 02:33 PM
By gwendes in forum General Chat
Last Post: 16th October 2007, 08:44 AM
By GrumbleDook in forum Jokes/Interweb Things
Last Post: 13th October 2007, 03:03 AM
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)