Having being discussing this at least partially with Galway on the bing.com thread in security, I thought I would explain how the YHGfL filtering is configured on individual schools, and how you can use or change various settings to enable websites to be accessed.
For general internet use we have a set of user settings for school pupils. These work on a word score system, with individual bad and good words being given negative and positive scores. While "breast" may have a high score, it having cancer also on a page, will have a minus score, allowing these websites to pass the filtering. This is content filtering, which we use in addition to our black and white lists.
There is a progressive scale for these, starting at primary schools, going all the way through secondary, sixth form and ending at the admin level. All of these use the same black listed website list, in addition to the word score, so websites like facebook, myspace etc are all blocked as standard.
Individual schools, local authorities and a global level exist for blocking and unblocking websites, allowing an individual school to tailor their web access to their own needs.
The other, parallel filtering system we use is the lib-proxy, which some of you may use in your school. Our social caste also uses this filter list. It does not block websites like myspace, facebook etc, but is otherwise based on the same list of banned websites. They also use word scores to block on words.
In addition to this, we also have an unfiltered setting, which bypasses all our blocked lists.
A school can change its filtering level, by going to login.yhgfl.net and using usernames and passwords available from their local authority helpdesk. This can allow a teacher to access youtube, while the class is restricted. This is cleared once a user closes his browser. This is often a better approach than us unblocking the website, especially if it is needed at the last minute, as it works straight away, and does not need to wait for our systems to restart and copy the configuration changes over.
Hope that is some interest for people.
For further details, you can take a look at our wiki page;
FilteringAndSecurity < YHPublic < TWiki
Here we have all staff on libproxy, so that they can use the sites it allows to teach.
Students are on secondary proxy, and cant access the social networking sites
The above works very well, and dont want to change that.
If I gave the staff a logon to access restricted sites, this would be pinned on the wall next to the computer and half the school would know about it in no time at all.
Any changes I want in regards to blocking or unblocking I have to email the LEA and request the changes that this can take a few days to filter through. If I need to access a sites thats banned, I use libproxy and if that wont let me though use wak-pub crededtials to get access.
The diagrams you posted are most usefull, and I have them printed out and on the wall.
If nothing else if anyone has any problems I can show them the chart on how complicated it is. Its next to a light switch and I have put a note next to it saying internet on / off ... im just waiting for the lights to off first time a student clocks it.
Having checked the link myself, some of the diagrams are quite old, and are outdated, specifically the one with the filtering boxes and proxies as that was drawn in 2007.
We now have 9 proxies and 15 filters, but they system is configured the same with them being load balanced by our 6 load balancers.
How you have things set up seems like a good way of doing things, as it allows the teachers access to useful materials, without enabling the students to spend all day on youtube watching videos.
Lib-proxy is still restricted quite heavily on banned websites. I think bing is the first website we have not automatically blocked outright on both school and library proxies, because we think it is potentially quite a useful website for libraries.
Provided we receive a block or unblock request by 6pm on a Monday-Friday, the website will be added to a list and it should be then blocked or unblocked by the next day. Our systems do a full back up and copy data across during the night, so that is when our changes occur, typically finishing around 4am.
It is possible, for any website that has illegal or pornographic content to be blocked on the spot, for every user throughout the grid. We usually only do this for pornography, violence, drugs etc websites, as it is possible that others may want access to other websites for reasons of their own.
If you have any questions on filtering, I will be happy to try to answer them.
Thanks for that Information Marc its very useful. Its a bit of a shame that I don't think we can use you direct with our LEA, we are in North Yorkshire and seem to be at the helm of Serendipity filtering over the YHGFL so guess that we cannot get to the systems direct to use them
I don't know anything about lib-proxy - we use primary-proxy for everyone, pupil, teacher or admin. It would perhaps be useful for the teachers to be able to use lib-proxy as they keep moaning about not being able to access sites they have been shown at training courses etc.
I'll email the LEA to ask about it, thanks Marc
It is my understanding Bull provide services for North Yorkshire at the moment? I know we at YHGfL only provide a few services such as video conferencing, but not filtering.
Your local authority help team should have a list of all passwords. If they do not, you can ask them to ask us for them for you. We have to use this process, because you could be a student requesting access to our unfiltered internet passwords otherwise :)
Originally Posted by john
Marc is correct in what he says here. North Yorkshire are a member of the consortium and they have a 100 meg link into our Grid network from the Bull site in Barnsley, but they don't take any Internet feed from us. They use us for connecting to JANET and the NEN for stuff like Video Conferencing, Audio Networks and for our own content and services like Loc8 and share-it. As you will know some authorities use us for more than others. That is the beauty of the way we operate I suppose. As we are a not-for-profit entity that was set up by 12 LAs in the Yorkshire region, they can choose which services they wish to take. Some take our full suite, some use is for what we would term a "raw" internet feed and do their own filtering, some just use us for webmail hosting and other periphery. All of this is pretty much on a pay as you go basis and we are sufficiently scalable that should other authorities wish to take more services from us as I understand may be the case with some in the future, we will be able to manage that. Our ISP services will soon be BECTA accredited which will be an added bonus as under the Byron review that is now government policy, ALL schools should be using a BECTA accredited ISP.
Thanks Marc & Andrew for that :) It confirms what I thought was the case, but only a 100MB connection thats tiny IMHO!!!! There are a lot of schools in North Yorkshire!!!
Indeed there are, but I don't think you have more users than Sheffield, and 100MB has been adequate for them. They are just starting to max it out and so we are deploying edge of network caches for them to reduce traffic on the Grid. At our next reprocurement which we are starting very soon, we will have 1 gig connections for everyone on the grid and a big fat pipe into JANET :)
Originally Posted by john
Nice - I like the sound of that one:D
Originally Posted by ayoward
Leco ... you might want to ask about the wak-pub credentials so that you can access banned sites.
There are times when, in search of drivers or researching a complaint, that you need to access those sites. It lets the majority though and has really helped me and the school.
I use firefox on secondary proxy, and IE on libproxy. It works quite well for me.
I assume only JANEt / YHGFL specific deemed traffic then goes down it and general browsing goes via the Bull stuff.
Originally Posted by ayoward
Can I ask if the YHGFL would implement an off-site backup facility?
With the amount of schools going up in smoke, and the vast amounts of unused bandwidth at night, I think most schools would jump at the chance of a secure backup storage area.
I'd like to second that one. Secure off site storage would certainly be of interest.
Originally Posted by Galway
Thanks also for the heads up Galway on the differing credentials, I'll make enquiries about those as well.
The public internet access, wak-pub, hull-pub etc should be totally unfiltered. There is be a handful of illegal websites you can't access, but that is it.
YHGfL are in the process of investigating various backup options for schools. If anyone wishes to participate, we would like to hear from you.