+ Post New Thread
Results 1 to 14 of 14
Windows Thread, block specific websites via proxy in Technical; Hi, there are a few sites that children use which we're not too keen on, but the county proxy lets ...
  1. #1
    rocknrollstar's Avatar
    Join Date
    Jun 2008
    Location
    Hampshire
    Posts
    435
    Thank Post
    387
    Thanked 28 Times in 24 Posts
    Rep Power
    20

    block specific websites via proxy

    Hi, there are a few sites that children use which we're not too keen on, but the county proxy lets them through ok. They aren't dodgy, but are pretty much social networking stuff, and we are keen to disallow these site (causing exlcusion/inclusion issues).

    Is there any way that I can set up an intermediate proxy? Some simple free software would be great that means I change the IE proxy settings to point to that machine, and then the proxy software on that machine checks against an editable list, and either disallows or forwards on to the county proxy? I'm not hugely knowledgeable in *nix, but will have a go. We have a ubuntu machine hosting FOG, which isn't in constant use ( it's P4 2.8Ghz though).

    Also, will this have a huge hit on performance, and will I need a really high powered spec machine?

    Many thanks.

  2. #2

    SYNACK's Avatar
    Join Date
    Oct 2007
    Posts
    11,204
    Thank Post
    876
    Thanked 2,729 Times in 2,308 Posts
    Blog Entries
    11
    Rep Power
    782
    If it is just certain sites that you want to block you could look at adding DNS entries to your local DNS server that redirected them to either a blocked page or google. This way when they attempted to load the site it would load from the location/site that you choose. This is probably the easiest way to implement this without a secondary proxy/blocking system setup.

    Just add a new authorative zone to DNS with the address you want to block and have a * record pointing to where you want it to go instead.

    Quote Originally Posted by SYNACK View Post
    You need to do as below because as soon as you set it as a record on your DNS it is authorotive:

    Re: Non authoritative domain on Windows Server 2003
    You could create a zone called "hostname.domainname.com" and then within
    that zone create a blank host A record (same as parent) pointing to the
    relevant internal IP

    Then your server would only be authorative for the zone "hostname.domainname.
    com"and any records within that zone (such as the same as parent host record
    you need)

    Only drawback to this is you have to create a separate DNS zone for each host
    and a same as parent record but it works
    Last edited by SYNACK; 2nd June 2009 at 07:26 AM.

  3. Thanks to SYNACK from:

    rocknrollstar (3rd June 2009)

  4. #3
    bio
    bio is offline
    bio's Avatar
    Join Date
    Apr 2008
    Location
    netherlands
    Posts
    520
    Thank Post
    16
    Thanked 130 Times in 102 Posts
    Rep Power
    38
    I would give opendns.com a try

    bio..

  5. Thanks to bio from:

    rocknrollstar (3rd June 2009)

  6. #4

    FN-GM's Avatar
    Join Date
    Jun 2007
    Location
    UK
    Posts
    16,092
    Thank Post
    891
    Thanked 1,742 Times in 1,502 Posts
    Blog Entries
    12
    Rep Power
    456
    The problem with openDNS he might have to froward DNS requests to an upstream DNS server and the county

  7. Thanks to FN-GM from:

    rocknrollstar (3rd June 2009)

  8. #5


    tom_newton's Avatar
    Join Date
    Sep 2006
    Location
    Leeds
    Posts
    4,479
    Thank Post
    867
    Thanked 851 Times in 673 Posts
    Rep Power
    197
    Also, DNS requests when using a proxy are generally handled by the proxy, so you may not get anywhere.

    To answer the OP - if you have a bit of linux knowledge, squid will get you by just for blocking a few extra sites.
    Last edited by tom_newton; 2nd June 2009 at 07:49 AM. Reason: tyop

  9. Thanks to tom_newton from:

    rocknrollstar (3rd June 2009)

  10. #6

    Join Date
    Apr 2007
    Location
    Christchurch
    Posts
    420
    Thank Post
    41
    Thanked 64 Times in 62 Posts
    Rep Power
    26
    Hi ... we are on the SWGFL and its possible access our schools filtering settings and permit or deny any sites that we wish ....
    We accesss the following and input our user name and password

    http://admin.filtering.dn.swgfl.org.uk




    Maybe the SEGFL has the same facility?

    If so you will have to write to them and request your user name and password ...
    After that its easy !!! ban or open up any site of your choosing !!!!

    Hope this helps
    Cheers
    Brian

  11. Thanks to Brpilot99 from:

    rocknrollstar (3rd June 2009)

  12. #7

    Join Date
    Feb 2007
    Location
    East Sussex
    Posts
    468
    Thank Post
    16
    Thanked 87 Times in 79 Posts
    Rep Power
    30
    SEGFL do have the same option, the address is admin.safetynet.rmplc.co.uk you'll just need to request a usernme and password.

    Steve

  13. Thanks to steveg from:

    rocknrollstar (3rd June 2009)

  14. #8
    Galway's Avatar
    Join Date
    Jun 2007
    Location
    West Yorkshire
    Posts
    1,374
    Thank Post
    9
    Thanked 311 Times in 219 Posts
    Rep Power
    101
    If its just the odd site, configure the sites you want to be blocked like you would internal servers. This would mean for those sites the proxy wouldn't be used ... and wouldn't be shown.

  15. Thanks to Galway from:

    rocknrollstar (3rd June 2009)

  16. #9
    rocknrollstar's Avatar
    Join Date
    Jun 2008
    Location
    Hampshire
    Posts
    435
    Thank Post
    387
    Thanked 28 Times in 24 Posts
    Rep Power
    20
    Thanks for your replies everyone.

    Galway, what do you mean by:
    configure the sites you want to be blocked like you would internal servers
    How do you do this on a win2k server xp client network?

    Brpilot99 & SteveG- I have phone RM who sent me to SEGFL who sent me to the LEA IT people, who logged a call and still haven't got back to me. Seems like a good way to go, if we can get a username and password sorted out...

    Thanks.

  17. #10
    rocknrollstar's Avatar
    Join Date
    Jun 2008
    Location
    Hampshire
    Posts
    435
    Thank Post
    387
    Thanked 28 Times in 24 Posts
    Rep Power
    20

    Proxy and Hosts File - override?

    Further to my original post, I've been investigating the use of the hosts file in c:\windows\system32\drivers\etc\. This is one way to set blocked sites on a local machine. I like this method as it should be quick and is easy to update.

    The idea would be to have a master hosts file on the server, and then update the remote machines hosts file on startup.

    However, I've read that the proxy server takes first pick for DNS, so the hosts file will not get a look in.

    Anyway know a way around this? Want the host file to take presidence over the proxy.

    Thanks.

  18. #11
    Galway's Avatar
    Join Date
    Jun 2007
    Location
    West Yorkshire
    Posts
    1,374
    Thank Post
    9
    Thanked 311 Times in 219 Posts
    Rep Power
    101
    We configure the proxy via GPO. Under those settings you can enter IP's and addresses not to be used by the proxy, so that your not going though the proxy to get to them. If you setup an address in there, hotmail.com for example, it wont use the proxy and because of this will time out or say page not found.

    Dont add too many sites in there, but it does serve to block sites while the authority can ban them.

  19. #12


    tom_newton's Avatar
    Join Date
    Sep 2006
    Location
    Leeds
    Posts
    4,479
    Thank Post
    867
    Thanked 851 Times in 673 Posts
    Rep Power
    197
    Quote Originally Posted by rocknrollstar View Post
    Further to my original post, I've been investigating the use of the hosts file in c:\windows\system32\drivers\etc\. This is one way to set blocked sites on a local machine. I like this method as it should be quick and is easy to update.

    The idea would be to have a master hosts file on the server, and then update the remote machines hosts file on startup.

    However, I've read that the proxy server takes first pick for DNS, so the hosts file will not get a look in.

    Anyway know a way around this? Want the host file to take presidence over the proxy.

    Thanks.
    AFAIK this is *generally* not possible - as when a browser has a proxy it will just say "oi, proxy, go fetch me www.edugeek.net" and never worry about DNS - if the proxy was asked to fetch an IP instead, it would foul up vhosts etc. and you'd still have to append a URL.

    The only way I can see to avoid this is if you deliver proxy config via proxy.pac - you could write a rule in to point requests for your "banned" sites to go to (say) a proxy that didn't exist.

    If you really want more control over your filtering though, I would avoid the "bodgit" route - you will only run into issues down the line. Two best suggestions are: work with *GFL to get custom filters, or take filtering totally "in house".

    HTH.

  20. #13

    Join Date
    Oct 2008
    Posts
    30
    Thank Post
    3
    Thanked 2 Times in 2 Posts
    Rep Power
    13
    If all your net access is provided by RM, don't you have a Smartcache 2 server on site?

    You can set up all sorts of filtering lists on that and have different filtering policies for staff/pupils etc.

    The alternative may be to use Smoothwall express - I use this at home but don't have a need to run it in school here so haven't really looked in to what is possible with it in this environment.

    You could point all your machines at the smoothwall (or squid, or whatever local proxy you like) using group policy (or if your an RM school using the RM Management Console) and then do your filtering on the local proxy.

  21. #14
    philterx's Avatar
    Join Date
    Jun 2009
    Location
    Gold Coast
    Posts
    14
    Thank Post
    0
    Thanked 2 Times in 2 Posts
    Blog Entries
    1
    Rep Power
    11
    A good free solution I customised for Northern Territory Catholic Education Schools back in the day was made using Smoothwall. They have a VM Image for VMWare ready and ISO for CD install.

    Cheers,

    Phil

SHARE:
+ Post New Thread

Similar Threads

  1. Proxy Websites
    By robert.mabbutt in forum Wireless Networks
    Replies: 14
    Last Post: 12th June 2008, 12:37 PM
  2. Allow teachers to block websites using Websense
    By FN-GM in forum How do you do....it?
    Replies: 17
    Last Post: 6th May 2008, 06:02 PM
  3. Proxy Bypass Websites
    By ticker in forum Windows
    Replies: 13
    Last Post: 24th May 2006, 09:28 AM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •