JOEBOX-L Archives

Joebox User

JOEBOX-L@LISTS.MAINE.EDU

Options: Use Forum View

Use Monospaced Font
Show Text Part by Default
Show All Mail Headers

Message: [<< First] [< Prev] [Next >] [Last >>]
Topic: [<< First] [< Prev] [Next >] [Last >>]
Author: [<< First] [< Prev] [Next >] [Last >>]

Print Reply
Subject:
From:
Dana Rioux <[log in to unmask]>
Reply To:
Joebox User <[log in to unmask]>
Date:
Wed, 13 Oct 2010 10:50:00 -0400
Content-Type:
text/plain
Parts/Attachments:
text/plain (157 lines)
My firewall provides antivirus/spyware protection for my network and 2 years
of configuration work, going with Joebox firewall now creates a lot of
problems that are better solved during the summer.  Overrides at the moment
do not take place during school hours at all, which will have to continue I
guess for now.  I'd rather have the same rules and policies for everyone
anyway.....Not all networks are the same, this device will provide better
security for some, so far, I don't see it as being a significant improvement
unless I make some network changes.  It does work faster, that's a big
plus.....

thanks,
Dana
----- Original Message ----- 
From: "Ray Soucy" <[log in to unmask]>
To: <[log in to unmask]>
Sent: Wednesday, October 13, 2010 9:20 AM
Subject: Re: MECguard block page broken?


> When you use the Override in MECguard it will ask you if you want it
> to override filtering for just you or everyone on your network (if you
> grant the user permission to do so).  You can also select to override
> only the page, the entire website, or all websites (though you can not
> override all websites for everyone).
>
> We have a handful of sites using their own firewall behind the Joebox.
>  It's not something we recommend.  When the Joebox is acting as the
> firewall for your site it has visibility of your private IPs and can
> provide per-host override functionality even when private addressing
> is used.  Of course, if you are using a firewall- an override will
> effect everyone just like Bess did.
>
> Note that the current override system does interrupt web traffic
> briefly for other users.  This will be fixed with an upgrade due in a
> few weeks.
>
> The only sites you need to use IP addresses to block are SSL websites
> (same as with Bess).  To block SSL you must block it in the firewall
> rather than through MECguard since SSL can't be transparently filtered
> without breaking the security chain.
>
> For normal HTTP websites, you have an allow list and block list of
> URLs that can be configured on the Joebox.  The groups are there to
> facilitate more advanced filtering, but nothing prevents you from just
> using one group for everyone.
>
> On Wed, Oct 13, 2010 at 8:07 AM, Dana Rioux
> <[log in to unmask]> wrote:
> > I just got the new Joebox hooked up yesterday, I don't work much with
HTML
> > and I think your block hosting idea centrally is a good idea, we do have
a
> > few faculty people that want an override option at times. Can you detail
> > your directions a bit more to do this?
> >
> > Since we assign IP's locally, an individual override opens it up for
> > everyone within our network...It must work that way as well with this
new
> > filter.Creating IP groups is good idea but not if we are assigning
> > dynamically...
> >
> > I use my own Firewall so I was also wondering where to list the allow
and
> > blocked sites in MecGuard, I had a long block list in the smartfilter
that
> > worked well. It wouldn't be wise to use the Joebox firewall if I already
> > have one that works well. If that is where the white and blacklist must
be,
> > then I'll have to put them in my own firewall.....Smartfilter had a an
allow
> > and blocked option...
> >
> > Dana Rioux/MSAD25
> > Stacyville, Me
> >
> > ----- Original Message -----
> > From: "Ray Soucy" <[log in to unmask]>
> > To: <[log in to unmask]>
> > Sent: Thursday, October 07, 2010 4:51 PM
> > Subject: MECguard block page broken?
> >
> >
> >> Recently MECnet modified their website and no longer has the images
> >> referenced by the default block page available.
> >>
> >> We've had a few requests to fix this.
> >>
> >> The intension of the block page is that it would be replaced with a
> >> custom block page for your school. A few of you already have.
> >>
> >> This can be done by uploading an HTML file using the "upload
> >> customized page" button in MECguard options on the Joebox.
> >>
> >> The important components of the block page are the following variables
> >> (which get replaced when the page is presented to the user):
> >>
> >> The URL of the page blocked: %u
> >> The client IP: %i
> >> The email address of the MECguard administrator: %w
> >>
> >> If you make use of the override ability, you should include a link to
> >> the login page which should be written as
> >> "http://172.31.255.1:10001/index.php?URL='%u'&Client=%i".
> >>
> >> One of the comments we received is that the email link for review
> >> doesn't do much good since most PCs don't have an email client
> >> configured. One option here is to make an HTML form on your block
> >> page and submit it to a web server where you could process the request
> >> how you see fit.
> >>
> >> Another solution we're considering is hosting the form target
> >> centrally on Networkmaine.net, and then sending out email notification
> >> to you from here, bug logging the request at the same time.
> >>
> >> The advantage would be for us to see review requests centrally (for
> >> those who opt-in) and perhaps come up with a better default whitelist.
> >> Is there any interest in this sort of service?
> >>
> >> I have something mocked up if anyone would like to give it a try.
> >>
> >> Please note that the "download page" button is broken (it's on the
> >> list of things to fix). As a workaround, you can get the same result
> >> by clicking on "display current page" and then viewing the page
> >> source.
> >>
> >> Maybe to have a little fun, if you create a custom page that you think
> >> is pretty good, why not provide a link to a screenshot (no attachments
> >> please) so we can have a contest to see who has the nicest block page?
> >> I think I'll go ahead and say there is a free Networkmaine t-shirt in
> >> it for the winner.
> >>
> >> As always, if you need help our support staff is ready to give you a
hand.
> >>
> >> --
> >> Ray Soucy
> >>
> >> Epic Communications Specialist
> >>
> >> Phone: +1 (207) 561-3526
> >>
> >> Networkmaine, a Unit of the University of Maine System
> >> http://www.networkmaine.net/
> >
>
>
>
> -- 
> Ray Soucy
>
> Epic Communications Specialist
>
> Phone: +1 (207) 561-3526
>
> Networkmaine, a Unit of the University of Maine System
> http://www.networkmaine.net/

ATOM RSS1 RSS2