+ Post New Thread
Page 1 of 2 12 LastLast
Results 1 to 15 of 18
Wireless Networks Thread, Too many proxies in Technical; I use ISA server as a firewall/proxy. This works very well and allows me to do all my wonderful publishing ...
  1. #1

    Ric_'s Avatar
    Join Date
    Jun 2005
    Location
    London
    Posts
    7,590
    Thank Post
    109
    Thanked 762 Times in 593 Posts
    Rep Power
    180

    Too many proxies

    I use ISA server as a firewall/proxy. This works very well and allows me to do all my wonderful publishing stuff and basic web filtering (using squidguard lists imported via a script I acquired).

    My current problem though, is the number of children that would rather play games than do work. It is really getting out of hand and staff are not clamping down on it, despite SLT telling them to.

    My excellent idea was to insert Dansguardian into the mix so that some proper filtering could be performed. A nice quick and dirty solution was Endian Firewall.

    After some tinkering, I found that the best way to do this was to set it up so that any requests went:
    Client -> ISA -> Endian (sitting behind ISA) -> RBC Proxy (All Endian traffic passes straight through ISA)

    This worked very well but has slowed the Internet traffic to a crawl and causes any SSL traffic to timeout. I have had to take the Endian box down and need a better way of doing this ASAP.

    If only MS would open up their APIs for ISA filters then some kind soul could integrate Dansguardian into ISA and I would have the perfect product.

  2. #2

    GrumbleDook's Avatar
    Join Date
    Jul 2005
    Location
    Gosport, Hampshire
    Posts
    9,930
    Thank Post
    1,337
    Thanked 1,781 Times in 1,105 Posts
    Blog Entries
    19
    Rep Power
    594

    Re: Too many proxies

    I am seriously looking at doing whitelist only for some classes ... I am also going to cough up for AB Tutor control now ... and instruct staff on how to manage a class in an ICT suite ... and if they fail to do so they do not get to book the room again.

    I am off today but for the rest of this week I will be in the assemblies having a little one-way conversation with each year group. "Play games or go on chat sites or try to bypass out filtering and you will be restricted to email for a max of 2 hours a day and a specific list of educational websites!"

    After deleting nearly 3 Gig of flash files I am now finding that students are bringing .swf files in on memory stick and building their own websites internally ... and hiding them inside of their ICT or Media work ...

  3. #3

    Geoff's Avatar
    Join Date
    Jun 2005
    Location
    Fylde, Lancs, UK.
    Posts
    11,803
    Thank Post
    110
    Thanked 583 Times in 504 Posts
    Blog Entries
    1
    Rep Power
    224

    Re: Too many proxies

    If your going to put a Squid/Dansguardian machine into the mix doesn't that make ISA rather redundant?

  4. #4

    localzuk's Avatar
    Join Date
    Dec 2006
    Location
    Minehead
    Posts
    17,650
    Thank Post
    516
    Thanked 2,443 Times in 1,891 Posts
    Blog Entries
    24
    Rep Power
    831

    Re: Too many proxies

    Indeed, I would go for a Squid/Dansguardian machine instead of the ISA (and intend to do this at my school asap).

  5. #5

    Ric_'s Avatar
    Join Date
    Jun 2005
    Location
    London
    Posts
    7,590
    Thank Post
    109
    Thanked 762 Times in 593 Posts
    Rep Power
    180

    Re: Too many proxies

    Quote Originally Posted by Geoff
    If your going to put a Squid/Dansguardian machine into the mix doesn't that make ISA rather redundant?
    ISA is VERY flexible as a firewall.... allowing quite complicated publishing rules.

    All I want Dansguardian for is to look at content and go "No... I'm not letting you look at that."

  6. #6

    Geoff's Avatar
    Join Date
    Jun 2005
    Location
    Fylde, Lancs, UK.
    Posts
    11,803
    Thank Post
    110
    Thanked 583 Times in 504 Posts
    Blog Entries
    1
    Rep Power
    224

    Re: Too many proxies

    ISA is VERY flexible as a firewall.
    Linux is more flexible. Have a look at Shorewall if you want an 'easy' way to configure it.

    http://www.shorewall.net/

    All I want Dansguardian for is to look at content and go "No... I'm not letting you look at that."
    Perfectly possible. On the presumption that ISA is doing the right thing:

    1) Speed, I suspect you don't have decent enough hardware. What are you running Dansguardian on? Are you using the AV scanning?

    2) SSL timeouts. Probably down to a misconfiguration in the Squid rules. Please post the relevant sections of your Squid.conf

  7. #7


    tom_newton's Avatar
    Join Date
    Sep 2006
    Location
    Leeds
    Posts
    4,463
    Thank Post
    866
    Thanked 845 Times in 667 Posts
    Rep Power
    195

    Re: Too many proxies

    If anyone has any interesting proxy sites that are causing them trouble, I am researching the software used in these so SmoothWall can have a better chance of blocking them. We already know about phproxy & cgiproxy as common ones... but what about the rest?

    Tom

  8. #8

    plexer's Avatar
    Join Date
    Dec 2005
    Location
    Norfolk
    Posts
    13,343
    Thank Post
    624
    Thanked 1,584 Times in 1,421 Posts
    Rep Power
    414

    Re: Too many proxies

    I would take your endian cd and throw it as far away as yo ucan or failing that set fire to it.

    Then get something like School Guardian or Corporate Guardian instead.

    Ben

  9. #9

    Ric_'s Avatar
    Join Date
    Jun 2005
    Location
    London
    Posts
    7,590
    Thank Post
    109
    Thanked 762 Times in 593 Posts
    Rep Power
    180

    Re: Too many proxies

    Quote Originally Posted by plexer
    I would take your endian cd and throw it as far away as yo ucan or failing that set fire to it.

    Then get something like School Guardian or Corporate Guardian instead.
    Like I said... I wanted a quick and dirty proof of concept which meant spending as little as possible (i.e. nothing).

    I suspected that it might be hardware related (being a PIII with a mere 256MB RAM) but the utilisation statistics don't back this up.

    BTW - I am looking into building my own box just for Dansguardian stuff. This should gety rid of all the gumpf from a distro. In the meantime I need to just get (Not so)SmartFilter up and running.

  10. #10

    Geoff's Avatar
    Join Date
    Jun 2005
    Location
    Fylde, Lancs, UK.
    Posts
    11,803
    Thank Post
    110
    Thanked 583 Times in 504 Posts
    Blog Entries
    1
    Rep Power
    224

    Re: Too many proxies

    I suspected that it might be hardware related (being a PIII with a mere 256MB RAM) but the utilisation statistics don't back this up.
    Yes that's exactly why. You need better hardware. I'm using a P4 2.5Ghz Celeron with 1.5Gb of ram here.

  11. #11
    apeo's Avatar
    Join Date
    Sep 2005
    Location
    Lost
    Posts
    1,612
    Thank Post
    95
    Thanked 115 Times in 111 Posts
    Rep Power
    42

    Re: Too many proxies

    Quote Originally Posted by Ric_
    BTW - I am looking into building my own box just for Dansguardian stuff. This should gety rid of all the gumpf from a distro. In the meantime I need to just get (Not so)SmartFilter up and running.
    If and when you get round to could you tell us/me how you did it as im in the middle of it right now and its going slow.

  12. #12

    Ric_'s Avatar
    Join Date
    Jun 2005
    Location
    London
    Posts
    7,590
    Thank Post
    109
    Thanked 762 Times in 593 Posts
    Rep Power
    180

    Re: Too many proxies

    @apeo: There is a Debian package and a special GUI script knocking about for Ubuntu. There is also a webmin module.

    In the meantime, I have b0rked the firewall service on my ISA box! God only knows how I have done this! Will have to wait until tomorrow since the b0rkage means I cannot remote in

  13. #13

    Join Date
    Jan 2006
    Location
    Surburbia
    Posts
    2,178
    Thank Post
    74
    Thanked 307 Times in 243 Posts
    Rep Power
    115

    Re: Too many proxies

    If only MS would open up their APIs for ISA filters
    They did.

  14. #14

    Ric_'s Avatar
    Join Date
    Jun 2005
    Location
    London
    Posts
    7,590
    Thank Post
    109
    Thanked 762 Times in 593 Posts
    Rep Power
    180

    Re: Too many proxies

    Quote Originally Posted by PiqueABoo
    If only MS would open up their APIs for ISA filters
    They did.
    That's me told! Now we just need Dan to do the other bit

  15. #15
    ChrisH's Avatar
    Join Date
    Jun 2005
    Location
    East Lancs
    Posts
    4,999
    Thank Post
    120
    Thanked 280 Times in 258 Posts
    Rep Power
    106

    Re: Too many proxies

    Yeah but Dan works with Tom :/

SHARE:
+ Post New Thread
Page 1 of 2 12 LastLast

Similar Threads

  1. PLease Help GPO and Proxies
    By d1551 in forum School ICT Policies
    Replies: 10
    Last Post: 6th February 2007, 10:28 PM
  2. Squid and RM proxies
    By HodgeHi in forum Wireless Networks
    Replies: 6
    Last Post: 1st November 2006, 11:02 AM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •