I use ISA server as a firewall/proxy. This works very well and allows me to do all my wonderful publishing stuff and basic web filtering (using squidguard lists imported via a script I acquired).
My current problem though, is the number of children that would rather play games than do work. It is really getting out of hand and staff are not clamping down on it, despite SLT telling them to.
My excellent idea was to insert Dansguardian into the mix so that some proper filtering could be performed. A nice quick and dirty solution was Endian Firewall.
After some tinkering, I found that the best way to do this was to set it up so that any requests went:
Client -> ISA -> Endian (sitting behind ISA) -> RBC Proxy (All Endian traffic passes straight through ISA)
This worked very well but has slowed the Internet traffic to a crawl and causes any SSL traffic to timeout. I have had to take the Endian box down and need a better way of doing this ASAP.
If only MS would open up their APIs for ISA filters then some kind soul could integrate Dansguardian into ISA and I would have the perfect product.
I am seriously looking at doing whitelist only for some classes ... I am also going to cough up for AB Tutor control now ... and instruct staff on how to manage a class in an ICT suite ... and if they fail to do so they do not get to book the room again.
I am off today but for the rest of this week I will be in the assemblies having a little one-way conversation with each year group. "Play games or go on chat sites or try to bypass out filtering and you will be restricted to email for a max of 2 hours a day and a specific list of educational websites!"
After deleting nearly 3 Gig of flash files I am now finding that students are bringing .swf files in on memory stick and building their own websites internally ... and hiding them inside of their ICT or Media work ...
If anyone has any interesting proxy sites that are causing them trouble, I am researching the software used in these so SmoothWall can have a better chance of blocking them. We already know about phproxy & cgiproxy as common ones... but what about the rest?