JOEBOX-L Archives

Joebox User

JOEBOX-L@LISTS.MAINE.EDU

Options: Use Forum View

Use Monospaced Font
Show Text Part by Default
Show All Mail Headers

Message: [<< First] [< Prev] [Next >] [Last >>]
Topic: [<< First] [< Prev] [Next >] [Last >>]
Author: [<< First] [< Prev] [Next >] [Last >>]

Print Reply
Subject:
From:
Ray Soucy <[log in to unmask]>
Reply To:
Joebox User <[log in to unmask]>
Date:
Wed, 13 Oct 2010 09:20:31 -0400
Content-Type:
text/plain
Parts/Attachments:
text/plain (130 lines)
When you use the Override in MECguard it will ask you if you want it
to override filtering for just you or everyone on your network (if you
grant the user permission to do so).  You can also select to override
only the page, the entire website, or all websites (though you can not
override all websites for everyone).

We have a handful of sites using their own firewall behind the Joebox.
 It's not something we recommend.  When the Joebox is acting as the
firewall for your site it has visibility of your private IPs and can
provide per-host override functionality even when private addressing
is used.  Of course, if you are using a firewall- an override will
effect everyone just like Bess did.

Note that the current override system does interrupt web traffic
briefly for other users.  This will be fixed with an upgrade due in a
few weeks.

The only sites you need to use IP addresses to block are SSL websites
(same as with Bess).  To block SSL you must block it in the firewall
rather than through MECguard since SSL can't be transparently filtered
without breaking the security chain.

For normal HTTP websites, you have an allow list and block list of
URLs that can be configured on the Joebox.  The groups are there to
facilitate more advanced filtering, but nothing prevents you from just
using one group for everyone.

On Wed, Oct 13, 2010 at 8:07 AM, Dana Rioux
<[log in to unmask]> wrote:
> I just got the new Joebox hooked up yesterday, I don't work much with HTML
> and I think your block hosting idea centrally is a good idea, we do have a
> few faculty people that want an override option at times.  Can you detail
> your directions a bit more to do this?
>
> Since we assign IP's locally, an individual override opens it up for
> everyone within our network...It must work that way as well with this new
> filter.Creating IP groups is good idea but not if we are assigning
> dynamically...
>
> I use my own Firewall so I was also wondering where to list the allow and
> blocked sites in MecGuard, I had a long block list in the smartfilter that
> worked well.  It wouldn't be wise to use the Joebox firewall if I already
> have one that works well.  If that is where the white and blacklist must be,
> then I'll have to put them in my own firewall.....Smartfilter had a an allow
> and blocked option...
>
> Dana Rioux/MSAD25
> Stacyville, Me
>
> ----- Original Message -----
> From: "Ray Soucy" <[log in to unmask]>
> To: <[log in to unmask]>
> Sent: Thursday, October 07, 2010 4:51 PM
> Subject: MECguard block page broken?
>
>
>> Recently MECnet modified their website and no longer has the images
>> referenced by the default block page available.
>>
>> We've had a few requests to fix this.
>>
>> The intension of the block page is that it would be replaced with a
>> custom block page for your school.  A few of you already have.
>>
>> This can be done by uploading an HTML file using the "upload
>> customized page" button in MECguard options on the Joebox.
>>
>> The important components of the block page are the following variables
>> (which get replaced when the page is presented to the user):
>>
>> The URL of the page blocked: %u
>> The client IP: %i
>> The email address of the MECguard administrator: %w
>>
>> If you make use of the override ability, you should include a link to
>> the login page which should be written as
>> "http://172.31.255.1:10001/index.php?URL='%u'&Client=%i".
>>
>> One of the comments we received is that the email link for review
>> doesn't do much good since most PCs don't have an email client
>> configured.  One option here is to make an HTML form on your block
>> page and submit it to a web server where you could process the request
>> how you see fit.
>>
>> Another solution we're considering is hosting the form target
>> centrally on Networkmaine.net, and then sending out email notification
>> to you from here, bug logging the request at the same time.
>>
>> The advantage would be for us to see review requests centrally (for
>> those who opt-in) and perhaps come up with a better default whitelist.
>>  Is there any interest in this sort of service?
>>
>> I have something mocked up if anyone would like to give it a try.
>>
>> Please note that the "download page" button is broken (it's on the
>> list of things to fix).  As a workaround, you can get the same result
>> by clicking on "display current page" and then viewing the page
>> source.
>>
>> Maybe to have a little fun, if you create a custom page that you think
>> is pretty good, why not provide a link to a screenshot (no attachments
>> please) so we can have a contest to see who has the nicest block page?
>>  I think I'll go ahead and say there is a free Networkmaine t-shirt in
>> it for the winner.
>>
>> As always, if you need help our support staff is ready to give you a hand.
>>
>> --
>> Ray Soucy
>>
>> Epic Communications Specialist
>>
>> Phone: +1 (207) 561-3526
>>
>> Networkmaine, a Unit of the University of Maine System
>> http://www.networkmaine.net/
>



-- 
Ray Soucy

Epic Communications Specialist

Phone: +1 (207) 561-3526

Networkmaine, a Unit of the University of Maine System
http://www.networkmaine.net/

ATOM RSS1 RSS2