Geekzone: technology news, blogs, forums
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.

1874 posts

Uber Geek


#22394 27-May-2008 11:19
Send private message

This isnt a thread asking for help, more of a thread offering a solution to a pesky problem i had, i had a domain blocking nightmare for a few months and i didnt know how i was going to get around it. I made this thread in hope that it may help someone out there, it seems simple upon reading but at the time i was stumped and managed to pull all this together.

Background info:
I am an administrator of a small network of about 20 laptops in a high school boarding house, the manager came to me asking how we could block bebo, facebook, youtube etc (for bandwidth and privacy reasons). Installing ISA clients etc on these laptops wasnt feasible, in fact installing any software wasnt going to work because its there own private laptops and they would unisntall it.

Windows server 2000
Kerio winroute 6.4 - set to transparent proxy, which is also the dhcp server.
3com OfficeConnect ADSL Wireless 11g Firewall Router - 3CRWDR101A-75

At first I set about it pretty naivley, in just the router. Which gives your 20 slots to put in url/keywords to block. Which in itself is quite usefull. So i put bebo youtube etc in there, if they goto  they get blocked, if they google bebo it gets blocked because the word bebo appears in the url. However i soon found that the students were more crafty than i had originally thought, along came the proxy sites which let them bypass this url block, before i knew it the 20 slots were full and i couldnt block the thousands of proxy sites they were using, and thats where it stayed for about a month, i was stuck.
One day i stumbled accross (what a marvellous free service). Basically you point your dns to opendns, you set the filters (a group of websites, such as adult websites, video sharing etc), if you try and goto a blocked website it wont resolve and instead it will show a page stating that you have been blocked. I set social networking sites, porn, warez, and proxy sites to be blocked, all was well.. well atleast for a few days, until i found 2 problems.

1. that students were using random dns servers, and not using opendns.
2. the block page was giving to much away, upon getting the block page it told you that opendns had blocked the page, it was only a matter of time before someone stumbled into the forums and found a way around the block, either by using another dns server or even resolving the ip address manually and adding it to a hosts file.
3. ip address was changing to often and the supplied opendns ip updater tool didnt seem to work, which stopped all website blocking until i manually updated the ip on there website

1. In kerio winroute i set a firewall rule to allow dns to opendns servers and to deny any others, so now kerio handles all dns requests and forwards it through opendns, (the hosts file trick will get around this however)
2. i blocked the word opendns in the router, now they get the routers block page instead of opendns's, pretty crafty really.. now they dont know how im blocking these sites and the solution is no longer a couple of clicks away.
3.Setup homing beacon to automaticaly update my ip adress on opendns servers.

So in conclusion i have a fairly bullet proof domain blocking system, using no software on clients machines. It blocks thousands of websites, video sharing, every porn website i tried was blocked, torrent trackers have been blocked (a very convient way of stopping torrent abuse i might add! i also put .torrent into the url block of the router which stops them from downloading torrent files to begin with, also have .mp3 .avi etc in url block, a pretty crude way of stopping file downloads from http websites such as rapidshare but it works!), and best of all it gets updated daily, thousands of sites are getting added to there database (it passed 1 million websites earlier this month)

This is a pretty long post i didnt mean for it to get this bloated! and im sure ive forgotten some things, if u have any questions, ask away!

Create new topic
1465 posts

Uber Geek


  #133562 27-May-2008 13:53
Send private message

Interesting solution.

However, as there are 10s of billions of webpages out there, I don't believe that any type of 'per page / site' blocking will ever be particularly effective in the long term.  Websites change & are added way too often.

I have recently implemented the exellent (& free) 'Dan's Guardian' Linux based web filter running on Ubuntu.  I thought it would take me days to setup, but it was all done in a few hours thanks to the excellent step by step tutorials around for non-Linux guys like me!

In another life (a few jobs ago) I worked for a Polytechnic and we tested a whole heap of commercial web filtering products.  All of them failed miserably, some were so bad you may as well just block every 2nd site!!  However, after almost giving up, we found Dan's Guardian and it passed with flying colours!!  We only had to make a few minor adjustments to the blocking rules and it was ROCK SOLID!!

Basically the difference between DG and all other web filters out there is that DG is the only one that filters based on word context and weighting.  This means that regardless of the website or page or method used to access, the filtering is always active and relevant.  It works very well.

As I have DG running in a VMWare Server (free) environment, I'd be happy to plunk the VM on a CD and send it to you if you want to give it a go (hell, you can probably even download it from me!).

Create new topic

Twitter and LinkedIn »

Follow us to receive Twitter updates when new discussions are posted in our forums:

Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:

Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:

News »

New Vodafone mobile data plans with unlimited data
Posted 26-Feb-2020 06:55

Vodafone launches innovation initiatives to help businesses use 5G
Posted 26-Feb-2020 05:00

Ultimate Ears HYPERBOOM brings massive sound and extreme bass
Posted 25-Feb-2020 09:00

Withings launches three new devices to help monitor heart health from home
Posted 13-Feb-2020 20:05

Auckland start-up Yourcar matches new car buyers with dealerships
Posted 13-Feb-2020 18:05

School gardens go high tech to teach kids the importance of technology
Posted 13-Feb-2020 11:10

Malwarebytes finds Mac threats outpace Windows for the first time
Posted 13-Feb-2020 08:01

Amazon launches Echo Show 8 in Australia and New Zealand
Posted 8-Feb-2020 20:36

Vodafone New Zealand starts two year partnership with LetsPlay.Live
Posted 28-Jan-2020 11:24

Ring launches indoor-only security camera
Posted 23-Jan-2020 17:26

New report findings will help schools implement the digital technologies curriculum content
Posted 23-Jan-2020 17:25

N4L to upgrade & support wireless internet inside schools
Posted 23-Jan-2020 17:22

Netflix releases 21 Studio Ghibli works
Posted 22-Jan-2020 11:42

Vodafone integrates eSIM into device and wearable roadmap
Posted 17-Jan-2020 09:45

Do you need this camera app? Group investigates privacy implications
Posted 16-Jan-2020 03:30

Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.

Support Geekzone »

Our community of supporters help make Geekzone possible. Click the button below to join them.

Support Geezone on PressPatron

Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.