Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


garvani

1873 posts

Uber Geek

Trusted

#22394 27-May-2008 11:19
Send private message

This isnt a thread asking for help, more of a thread offering a solution to a pesky problem i had, i had a domain blocking nightmare for a few months and i didnt know how i was going to get around it. I made this thread in hope that it may help someone out there, it seems simple upon reading but at the time i was stumped and managed to pull all this together.

Background info:
I am an administrator of a small network of about 20 laptops in a high school boarding house, the manager came to me asking how we could block bebo, facebook, youtube etc (for bandwidth and privacy reasons). Installing ISA clients etc on these laptops wasnt feasible, in fact installing any software wasnt going to work because its there own private laptops and they would unisntall it.

Equipment:
Windows server 2000
Kerio winroute 6.4 - set to transparent proxy, which is also the dhcp server.
3com OfficeConnect ADSL Wireless 11g Firewall Router - 3CRWDR101A-75

At first I set about it pretty naivley, in just the router. Which gives your 20 slots to put in url/keywords to block. Which in itself is quite usefull. So i put bebo youtube etc in there, if they goto bebo.com  they get blocked, if they google bebo it gets blocked because the word bebo appears in the url. However i soon found that the students were more crafty than i had originally thought, along came the proxy sites which let them bypass this url block, before i knew it the 20 slots were full and i couldnt block the thousands of proxy sites they were using, and thats where it stayed for about a month, i was stuck.
One day i stumbled accross www.opendns.com (what a marvellous free service). Basically you point your dns to opendns, you set the filters (a group of websites, such as adult websites, video sharing etc), if you try and goto a blocked website it wont resolve and instead it will show a page stating that you have been blocked. I set social networking sites, porn, warez, and proxy sites to be blocked, all was well.. well atleast for a few days, until i found 2 problems.

1. that students were using random dns servers, and not using opendns.
2. the block page was giving to much away, upon getting the block page it told you that opendns had blocked the page, it was only a matter of time before someone stumbled into the forums and found a way around the block, either by using another dns server or even resolving the ip address manually and adding it to a hosts file.
3. ip address was changing to often and the supplied opendns ip updater tool didnt seem to work, which stopped all website blocking until i manually updated the ip on there website

Solutions:
1. In kerio winroute i set a firewall rule to allow dns to opendns servers and to deny any others, so now kerio handles all dns requests and forwards it through opendns, (the hosts file trick will get around this however)
2. i blocked the word opendns in the router, now they get the routers block page instead of opendns's, pretty crafty really.. now they dont know how im blocking these sites and the solution is no longer a couple of clicks away.
3.Setup homing beacon to automaticaly update my ip adress on opendns servers.

So in conclusion i have a fairly bullet proof domain blocking system, using no software on clients machines. It blocks thousands of websites, video sharing, every porn website i tried was blocked, torrent trackers have been blocked (a very convient way of stopping torrent abuse i might add! i also put .torrent into the url block of the router which stops them from downloading torrent files to begin with, also have .mp3 .avi etc in url block, a pretty crude way of stopping file downloads from http websites such as rapidshare but it works!), and best of all it gets updated daily, thousands of sites are getting added to there database (it passed 1 million websites earlier this month)

This is a pretty long post i didnt mean for it to get this bloated! and im sure ive forgotten some things, if u have any questions, ask away!

Create new topic
SamF
1578 posts

Uber Geek

Trusted

  #133562 27-May-2008 13:53
Send private message

Interesting solution.

However, as there are 10s of billions of webpages out there, I don't believe that any type of 'per page / site' blocking will ever be particularly effective in the long term.  Websites change & are added way too often.

I have recently implemented the exellent (& free) 'Dan's Guardian' Linux based web filter running on Ubuntu.  I thought it would take me days to setup, but it was all done in a few hours thanks to the excellent step by step tutorials around for non-Linux guys like me!

In another life (a few jobs ago) I worked for a Polytechnic and we tested a whole heap of commercial web filtering products.  All of them failed miserably, some were so bad you may as well just block every 2nd site!!  However, after almost giving up, we found Dan's Guardian and it passed with flying colours!!  We only had to make a few minor adjustments to the blocking rules and it was ROCK SOLID!!

Basically the difference between DG and all other web filters out there is that DG is the only one that filters based on word context and weighting.  This means that regardless of the website or page or method used to access, the filtering is always active and relevant.  It works very well.

As I have DG running in a VMWare Server (free) environment, I'd be happy to plunk the VM on a CD and send it to you if you want to give it a go (hell, you can probably even download it from me!).

Create new topic





News and reviews »

Air New Zealand Starts AI adoption with OpenAI
Posted 24-Jul-2025 16:00


eero Pro 7 Review
Posted 23-Jul-2025 12:07


BeeStation Plus Review
Posted 21-Jul-2025 14:21


eero Unveils New Wi-Fi 7 Products in New Zealand
Posted 21-Jul-2025 00:01


WiZ Introduces HDMI Sync Box and other Light Devices
Posted 20-Jul-2025 17:32


RedShield Enhances DDoS and Bot Attack Protection
Posted 20-Jul-2025 17:26


Seagate Ships 30TB Drives
Posted 17-Jul-2025 11:24


Oclean AirPump A10 Water Flosser Review
Posted 13-Jul-2025 11:05


Samsung Galaxy Z Fold7: Raising the Bar for Smartphones
Posted 10-Jul-2025 02:01


Samsung Galaxy Z Flip7 Brings New Edge-To-Edge FlexWindow
Posted 10-Jul-2025 02:01


Epson Launches New AM-C550Z WorkForce Enterprise printer
Posted 9-Jul-2025 18:22


Samsung Releases Smart Monitor M9
Posted 9-Jul-2025 17:46


Nearly Half of Older Kiwis Still Write their Passwords on Paper
Posted 9-Jul-2025 08:42


D-Link 4G+ Cat6 Wi-Fi 6 DWR-933M Mobile Hotspot Review
Posted 1-Jul-2025 11:34


Oppo A5 Series Launches With New Levels of Durability
Posted 30-Jun-2025 10:15



Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.