Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


garvani

1873 posts

Uber Geek

Trusted

#22394 27-May-2008 11:19
Send private message

This isnt a thread asking for help, more of a thread offering a solution to a pesky problem i had, i had a domain blocking nightmare for a few months and i didnt know how i was going to get around it. I made this thread in hope that it may help someone out there, it seems simple upon reading but at the time i was stumped and managed to pull all this together.

Background info:
I am an administrator of a small network of about 20 laptops in a high school boarding house, the manager came to me asking how we could block bebo, facebook, youtube etc (for bandwidth and privacy reasons). Installing ISA clients etc on these laptops wasnt feasible, in fact installing any software wasnt going to work because its there own private laptops and they would unisntall it.

Equipment:
Windows server 2000
Kerio winroute 6.4 - set to transparent proxy, which is also the dhcp server.
3com OfficeConnect ADSL Wireless 11g Firewall Router - 3CRWDR101A-75

At first I set about it pretty naivley, in just the router. Which gives your 20 slots to put in url/keywords to block. Which in itself is quite usefull. So i put bebo youtube etc in there, if they goto bebo.com  they get blocked, if they google bebo it gets blocked because the word bebo appears in the url. However i soon found that the students were more crafty than i had originally thought, along came the proxy sites which let them bypass this url block, before i knew it the 20 slots were full and i couldnt block the thousands of proxy sites they were using, and thats where it stayed for about a month, i was stuck.
One day i stumbled accross www.opendns.com (what a marvellous free service). Basically you point your dns to opendns, you set the filters (a group of websites, such as adult websites, video sharing etc), if you try and goto a blocked website it wont resolve and instead it will show a page stating that you have been blocked. I set social networking sites, porn, warez, and proxy sites to be blocked, all was well.. well atleast for a few days, until i found 2 problems.

1. that students were using random dns servers, and not using opendns.
2. the block page was giving to much away, upon getting the block page it told you that opendns had blocked the page, it was only a matter of time before someone stumbled into the forums and found a way around the block, either by using another dns server or even resolving the ip address manually and adding it to a hosts file.
3. ip address was changing to often and the supplied opendns ip updater tool didnt seem to work, which stopped all website blocking until i manually updated the ip on there website

Solutions:
1. In kerio winroute i set a firewall rule to allow dns to opendns servers and to deny any others, so now kerio handles all dns requests and forwards it through opendns, (the hosts file trick will get around this however)
2. i blocked the word opendns in the router, now they get the routers block page instead of opendns's, pretty crafty really.. now they dont know how im blocking these sites and the solution is no longer a couple of clicks away.
3.Setup homing beacon to automaticaly update my ip adress on opendns servers.

So in conclusion i have a fairly bullet proof domain blocking system, using no software on clients machines. It blocks thousands of websites, video sharing, every porn website i tried was blocked, torrent trackers have been blocked (a very convient way of stopping torrent abuse i might add! i also put .torrent into the url block of the router which stops them from downloading torrent files to begin with, also have .mp3 .avi etc in url block, a pretty crude way of stopping file downloads from http websites such as rapidshare but it works!), and best of all it gets updated daily, thousands of sites are getting added to there database (it passed 1 million websites earlier this month)

This is a pretty long post i didnt mean for it to get this bloated! and im sure ive forgotten some things, if u have any questions, ask away!

Create new topic
SamF
1515 posts

Uber Geek

Trusted

  #133562 27-May-2008 13:53
Send private message

Interesting solution.

However, as there are 10s of billions of webpages out there, I don't believe that any type of 'per page / site' blocking will ever be particularly effective in the long term.  Websites change & are added way too often.

I have recently implemented the exellent (& free) 'Dan's Guardian' Linux based web filter running on Ubuntu.  I thought it would take me days to setup, but it was all done in a few hours thanks to the excellent step by step tutorials around for non-Linux guys like me!

In another life (a few jobs ago) I worked for a Polytechnic and we tested a whole heap of commercial web filtering products.  All of them failed miserably, some were so bad you may as well just block every 2nd site!!  However, after almost giving up, we found Dan's Guardian and it passed with flying colours!!  We only had to make a few minor adjustments to the blocking rules and it was ROCK SOLID!!

Basically the difference between DG and all other web filters out there is that DG is the only one that filters based on word context and weighting.  This means that regardless of the website or page or method used to access, the filtering is always active and relevant.  It works very well.

As I have DG running in a VMWare Server (free) environment, I'd be happy to plunk the VM on a CD and send it to you if you want to give it a go (hell, you can probably even download it from me!).

Create new topic





News and reviews »

InternetNZ Releases Internet Insights 2023
Posted 20-Feb-2024 10:31


Seagate Adds 24TB IronWolf Pro Hard Drives for Multi-user Commercial and Enterprise RAID Storage Solutions
Posted 19-Feb-2024 16:54


Seagate Skyhawk AI 24TB Elevates Edge Security Capacity and Performance
Posted 9-Feb-2024 17:18


GoPro Releases Quik Desktop App for macOS and Introduces Premium+ Subscription Tier
Posted 9-Feb-2024 17:14


Ring Introduces New Ring Battery Video Doorbell Pro
Posted 9-Feb-2024 16:51


Galaxy AI Transforms the new Galaxy S24 Series
Posted 18-Jan-2024 07:00


D-Link launches AI-Powered Aquila Pro M30 Wi-Fi 6 Mesh Systems
Posted 17-Jan-2024 20:02


Newest LG 4K Lifestyle Projector Doubles as Art Objet
Posted 9-Jan-2024 15:50


More LG Smart TV Owners Set To Enjoy the Latest webOS Upgrade
Posted 9-Jan-2024 15:45


Panasonic Announces the Z95A and Z93A With Fire TV Built In
Posted 9-Jan-2024 15:30


Amazon Echo Pop Review
Posted 8-Jan-2024 14:22


Samsung Tab S9 FE Review
Posted 17-Dec-2023 08:26


Year in Search: What Kiwis Searched for in 2023
Posted 12-Dec-2023 08:18


New Air Traffic Management Platform and Resilient Buildings a Milestone for Airways
Posted 6-Dec-2023 05:00


Logitech G Launches New Flagship Console Wireless Gaming Headset Astro A50 X
Posted 5-Dec-2023 21:00



Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.