The Joebox does not have configurable local DNS. We do provide a state-wide OpenDNS license for DNS-based filtering as an alternative to the Joebox, though. On Thu, Oct 25, 2012 at 10:17 AM, Swift, Randy <[log in to unmask]> wrote: > I do not use the joebox for filtering/firewall. I am curious as to if the > joebox has dns forwarding cababilities? In my firewall I just dns forward > facebook.com to 10.1.0.0 and they cannot get to facebook using http or > https. Thanks > > On Thu, Oct 25, 2012 at 8:22 AM, Rick Lange > <[log in to unmask]> wrote: >> >> Hi Ray, >> I am the Network Manager for MSAD-61, and I am definitely interested in >> testing this filtering method. HTTPS (in particular >> https://www.facebook.com) is a loophole that our students quickly found out >> about, to circumvent the filter. We have a JoeBox and MecGuard enabled at >> the HS/MS. Please feel free to contact me at the address below so we can >> discuss the details. >> Thank You, >> Rick Lange >> IS Network Manager >> Maine School Administrative District 61 >> 900 Portland Rd. >> Bridgton, ME 04009 >> [log in to unmask] >> __________________________________ >> >> >> On Wed, Oct 24, 2012 at 12:43 PM, Ray Soucy <[log in to unmask]> wrote: >>> >>> After months of development with MECnet, we're finally ready to start >>> testing the new Joebox code base that introduces transparent HTTPS >>> filtering for MECguard. >>> >>> I'm currently looking for a volunteer site (or two) to test this new >>> filtering method. Ideally this would be a site that does not >>> currently filter HTTPS so it could be enabled or disabled on a >>> per-group basis without having to make sweeping changes to your >>> existing environment. >>> >>> >>> >>> Here are the details on the new release of MECguard SSL: >>> >>> - Transparent process, when enabled for a group the Joebox intercepts >>> HTTPS traffic for clients the same way it does for HTTP. >>> >>> - The Joebox establishes separate SSL sessions between the requested >>> site and the client, decrypting and scanning page content, then >>> re-encrypting and delivering to the client. This process is isolated >>> within the MECguard process and there is no way to log or sniff data >>> in the brief time it is unencrypted to preserve user privacy. >>> >>> - Because the Joebox now decrypts HTTPS requests to scan them, >>> MECguard is able to filter HTTP and HTTPS using the same methods. >>> This means a simpler configuration, and full support for HTTP >>> filtering features, including full URL block/allow support, filter >>> bypass/override support, and features such as "Force Google Safe >>> Search". >>> >>> - The Joebox generates SSL certificates of its own on-demand. This >>> means that users who navigate to an HTTPS website will see a prompt to >>> accept the SSL certificate the same way they would if using a >>> self-signed certificate. This certificate can be remembered by the >>> browser to avoid future warnings. To avoid SSL warnings completely >>> and provide a seamless user experience, you can download and import >>> the private SSL certificate authority generated by the Joebox which >>> will allow clients to trust the SSL certificates generated by the >>> Joebox (this actually works very, very nicely) >>> >>> - Because both HTTP and HTTPS are filtered in the same way, blocking >>> sites like Facebook will actually work without the previous >>> work-arounds of using firewall rules or having to setup proxy servers >>> for HTTPS. >>> >>> >>> >>> >>> New features have been added to MECguard for both HTTP and HTTPS: >>> >>> - A new feature has been added to force Youtube Safety Mode similar to >>> the Force Google Safe Search feature. >>> >>> - Support for Youtube School ID has been added. >>> >>> - The log viewer has been re-designed to be more responsive. Full >>> URLs are now logged for HTTPS like they are for HTTP. >>> >>> - MECguard Anti-Virus scanning has been added (still experimental), >>> this feature is powered by ClamAV. >>> >>> >>> >>> >>> If you're interested in becoming a test site in the next few weeks, >>> please drop me a note. >>> >>> >>> >>> >>> -- >>> Ray Patrick Soucy >>> Network Engineer >>> University of Maine System >>> >>> T: 207-561-3526 >>> F: 207-561-3531 >>> >>> MaineREN, Maine's Research and Education Network >>> www.maineren.net >> >> >> >> >> > > > > -- > Randy Swift > Network Administrator > RSU#52 IT Dept. > 21 Matthews Way > Turner, ME 04282 > [log in to unmask] > -- Ray Patrick Soucy Network Engineer University of Maine System T: 207-561-3526 F: 207-561-3531 MaineREN, Maine's Research and Education Network www.maineren.net