On Thursday, June 30, 2011 at 4:08 PM, Ray Soucy wrote:

Are HTTP proxies (e.g. ones that require browser configuration) a
common problem for you? Have you verified that they're using port 80
and that MecGuard doesn't break them already? If it's not on port 80,
then you might need to look at blocking traffic using Firewall rules.
I wouldn't say I spend hours a day dealing with them, but I know they've been used in the past.  MECGuard might be dealing with most of them through the lists already, but those are rarely up-to-date.  We're not 1:1 and have a lot of student-owned laptops (and iPads and iPod Touches) in our building.

I don't want to block HTTP traffic to ports that aren't 80 because that can break legitimate traffic.
Secondly, you reference a proxy allow list; can you provide an example
of a legitimate proxy? I can't think of one off the top of my head in
a K12 context.
I'd (temporarily) forgotten that the JoeBox is the interface to MSLN.  I was thinking about potential uses of squid or other caching proxy, but that'd be behind JoeBox sending traffic towards it and not between the JoeBox and the internet.

On the other hand, the minute you decide you don't need a capability....
L7 filtering has proven to not be accurate enough for production use
and our recommendation is to disable it on the Joebox. It makes use
the the "L7-Filter" kernel module for Linux which does regex pattern
matching on packet payload, but lacks intelligence to determine packet
progression and thus can quickly lead to a lot of false positives (one
example is that many of the L7 filters on the Joebox will block time
updates to time.apple.com).
L7 filtering might not be accurate enough for production use, but I've done some tweaking of it and MSLN hasn't forwarded me any DMCA takedown notices since I turned it on.  :)  (It used to be one or two a month.) 
The focus, for now at least, is to make sure that MecGuard is
providing a reasonable level of filtering in comparison to other
solutions. Feedback from some would seem to indicate that MecGuard is
currently falling short; and that is something I'm very interested in
and want to have resolved before school starts up again.
I guess I'm in the minority of people who don't have a lot of problems with it.