https://lists.maine.edu/cgi-bin/wa?RSS&L=JOEBOX-L&v=1.0JOEBOX-L List
https://lists.maine.edu/cgi-bin/wa?A0=JOEBOX-L
JOEBOX-L List Archives2024-03-19T09:12:31ZPowered by L-Soft's LISTSERV email list software
http://www.lsoft.com/products/listserv-powered.asp
http://www.lsoft.com/images/listserv_64x64.pngRe: Joebox sunset
https://lists.maine.edu/cgi-bin/wa?A2=JOEBOX-L;6cc2e127.1506
Hi Andrew,<br>We currently have a Joebox in place at Lake Region High School, so if you<br>have not already done so, I would like to have us added to the list to<br>upgrade to an Edgerouter. We also use VPN tunneling from our elementary<br>schools into the HS, and a handful of employee's use a VPN client to<br>connect to the HS LAN. So any information you can send me on OpenVPN would<br>be helpful. [...]
2015-06-01T08:26:54-04:00Rick Langehttps://lists.maine.edu/cgi-bin/wa?A2=JOEBOX-L;6cc2e127.1506Joebox sunset
https://lists.maine.edu/cgi-bin/wa?A2=JOEBOX-L;ae8a5fbf.1505
Technical Coordinators,<br><br>Please note: if your school or library does **not** currently have a Joebox<br>as your MSLN-provided router, you may disregard the remainder of this<br>message. Otherwise, please read.<br><br>As you are aware from our previous communication on this topic, the Joebox<br>devices are no longer being supported by the manufacturer, and are<br>therefore no longer receiving software updates. In the past this has meant<br>that the MECguard filtering service unique to the Joebox has become<br>unsupportable, though the other functionality continued to be reliable and<br>usable. However, as we continue in to another year with no software<br>updates, [...]
2015-05-26T14:02:32-04:00Networkmainehttps://lists.maine.edu/cgi-bin/wa?A2=JOEBOX-L;ae8a5fbf.1505Re: DOE Data Warehouse timeout issue
https://lists.maine.edu/cgi-bin/wa?A2=JOEBOX-L;e840d68.1409
Is this something you can do for me. I am swamped at the moment?<br>Thanks much.<br>Rich<br><br>Original msg<br>========<br><br>Joebox users,<br><br>There is a known issue that causes login timeout issues with the DOE's<br>data warehouse web site for users going through MECguard. The solution<br>to this issue is to create web filter rules on the Joebox to allow traffic<br>to this site to bypass MECguard. Web filter rules are created by going<br>to Network->Firewall->Web filter on the Joebox. There is more than one<br>way to create web filter rules to accomplish the same result, however one<br>method that [...]
2014-09-17T15:44:41-04:00Richard Foisyhttps://lists.maine.edu/cgi-bin/wa?A2=JOEBOX-L;e840d68.1409DOE Data Warehouse timeout issue
https://lists.maine.edu/cgi-bin/wa?A2=JOEBOX-L;7a98c837.1409
Joebox users,<br><br>There is a known issue that causes login timeout issues with the DOE's data<br>warehouse web site for users going through MECguard. The solution to this<br>issue is to create web filter rules on the Joebox to allow traffic to this<br>site to bypass MECguard. Web filter rules are created by going to<br>Network->Firewall->Web filter on the Joebox. There is more than one way to<br>create web filter rules to accomplish the same result, however one method<br>that will work is to make rules matching this example: [...]
2014-09-17T15:37:48-04:00Networkmainehttps://lists.maine.edu/cgi-bin/wa?A2=JOEBOX-L;7a98c837.1409Re: MECguard support is now limited
https://lists.maine.edu/cgi-bin/wa?A2=JOEBOX-L;16e7cd8e.1408
Chris,<br>OpenDNS will work on any of the routers we provide, it is not device<br>specific. The only thing that would need to be changed in order to use<br>OpenDNS would be the DNS servers that your devices look to.<br><br>If you currently use our DNS servers(130.111.32.11 and 130.111.130.7), then<br>you would just need to tell your dhcp server to hand out OpenDNS's<br>servers(208.67.222.222 and 208.67.220.220). [...]
2014-08-12T17:01:15-04:00Networkmainehttps://lists.maine.edu/cgi-bin/wa?A2=JOEBOX-L;16e7cd8e.1408Re: MECguard support is now limited
https://lists.maine.edu/cgi-bin/wa?A2=JOEBOX-L;77e8edad.1408
Hello<br>I was wondering, will OpenDNS work on the same box that is currently in our<br>district, or will we need to acquire another device?<br><br>Thanks<br>Chris<br><br>On Thu, Aug 7, 2014 at 5:25 PM, Networkmaine <support@maine.edu> wrote:<br><br>> Good afternoon,<br>><br>> This correspondence is directed to Joebox users who are making use of the<br>> MECguard filter on the Joebox; other recipients may disregard.<br>><br>> Several months ago we notified MECguard SSL (MECguard for secure/HTTPS<br>> connections) users that that software product was no longer supported by<br>> the original software vendor, and while it was still [...]
2014-08-12T16:13:20-04:00Chris Murchisonhttps://lists.maine.edu/cgi-bin/wa?A2=JOEBOX-L;77e8edad.1408MECguard support is now limited
https://lists.maine.edu/cgi-bin/wa?A2=JOEBOX-L;de53d7ad.1408
Good afternoon,<br><br>This correspondence is directed to Joebox users who are making use of the<br>MECguard filter on the Joebox; other recipients may disregard.<br><br>Several months ago we notified MECguard SSL (MECguard for secure/HTTPS<br>connections) users that that software product was no longer supported by<br>the original software vendor, and while it was still available for use we<br>would only be able to support it on a "best effort" basis, and could not<br>guarantee that it would perform as originally intended or meet the<br>expectations of users. [...]
2014-08-07T17:25:58-04:00Networkmainehttps://lists.maine.edu/cgi-bin/wa?A2=JOEBOX-L;de53d7ad.1408Recent Joebox MECguard problems
https://lists.maine.edu/cgi-bin/wa?A2=JOEBOX-L;1724366e.1309
Good morning Joebox MECguard users,<br><br>Many of you experienced web connection problems this morning, as there<br>was a recurrence of a problem we have seen a couple times now in the<br>past few weeks. The cause appears to be a longstanding issue that has<br>yet to be fully isolated by MECnet, and to date there is no official<br>solution. The symptoms of the issue are that suddenly, shortly after<br>midnight, web traffic ceases to pass on the network, although<br>everything else continues to work (i.e. pings, DNS, ftp, telnet, etc).<br>In most cases HTTPS connections continue to work as well, [...]
2013-09-18T09:01:37-04:00Networkmainehttps://lists.maine.edu/cgi-bin/wa?A2=JOEBOX-L;1724366e.1309Re: HTTPS filtering
https://lists.maine.edu/cgi-bin/wa?A2=JOEBOX-L;2c80f203.1306
Great. Thank you very much for doing that.<br><br>On Fri, Jun 7, 2013 at 11:31 AM, Ray Soucy <rps@maine.edu> wrote:<br><br>> Judy, Zach: I've updated your email addresses for the list.<br>><br>> James:<br>><br>> If this is the JB at Caribou HS, I noticed you didn't have the most<br>> recent packages installed. The NOC has upgraded your JB and you can<br>> reboot when convenient. The new SSL filtering shouldn't have a<br>> problem with the sites you described.<br>><br>> I see that you have a few items in your global block list that might<br>> [...]
2013-06-07T11:49:51-04:00Zachery Schillerhttps://lists.maine.edu/cgi-bin/wa?A2=JOEBOX-L;2c80f203.1306Re: HTTPS filtering
https://lists.maine.edu/cgi-bin/wa?A2=JOEBOX-L;8ba3965c.1306
Judy, Zach: I've updated your email addresses for the list.<br><br>James:<br><br>If this is the JB at Caribou HS, I noticed you didn't have the most<br>recent packages installed. The NOC has upgraded your JB and you can<br>reboot when convenient. The new SSL filtering shouldn't have a<br>problem with the sites you described.<br><br>I see that you have a few items in your global block list that might<br>have been catching these sites. Once you update you can give the NOC<br>a call and have them take a look if the block is still happening. [...]
2013-06-07T11:31:59-04:00Ray Soucyhttps://lists.maine.edu/cgi-bin/wa?A2=JOEBOX-L;8ba3965c.1306Re: HTTPS filtering
https://lists.maine.edu/cgi-bin/wa?A2=JOEBOX-L;27143092.1306
Full message available at: <a href="https://lists.maine.edu/cgi-bin/wa?A2=JOEBOX-L;27143092.1306">Re: HTTPS filtering</a>2013-06-07T07:06:38-04:00Zachery Schillerhttps://lists.maine.edu/cgi-bin/wa?A2=JOEBOX-L;27143092.1306Re: HTTPS filtering
https://lists.maine.edu/cgi-bin/wa?A2=JOEBOX-L;8c8fa2e5.1306
As of May 15, 2013 this address will no longer be active. I am now<br>receiving my teaching/professional mail at jdorr@csd3-bres.org and my<br>personal mail at memorgan@gwi.net. Please update your address books and<br>contact lists.
2013-06-07T07:06:10-04:00Judy Dorrhttps://lists.maine.edu/cgi-bin/wa?A2=JOEBOX-L;8c8fa2e5.1306HTTPS filtering
https://lists.maine.edu/cgi-bin/wa?A2=JOEBOX-L;b95c1024.1306
Has anybody enable the force SSL filtering in the new JoeBox update. We just went through to do a test, and here is what happened, just wondering if anyone can point me to what I may have done wrong.<br>Generated the Certificate Authority on the JoeBox<br>Downloaded the certificate to a Windows and Mac machines<br>Enabled Force SSL on the group<br>Went to an SSL site(Norstate Credit Union) and it got blocked(odd cause it is not blocked with SSL filtering off), but was fine after an over ride account was used<br>Went to capitalone site and it was fine.<br>Added [...]
2013-06-07T07:03:54-04:00James Jalberthttps://lists.maine.edu/cgi-bin/wa?A2=JOEBOX-L;b95c1024.1306Re: Joebox upgrade windows
https://lists.maine.edu/cgi-bin/wa?A2=JOEBOX-L;a04cadd7.1304
Andrew,<br><br>I plan to be on-site on April 26.<br><br>Richard<br><br>> Date: Tue, 9 Apr 2013 09:52:09 -0400<br>> From: awhenry@MAINE.EDU<br>> Subject: Re: Joebox upgrade windows<br>> To: JOEBOX-L@LISTS.MAINE.EDU<br>><br>> Just as an addendum to this, I wanted to note that we advise you be<br>> on-site if possible during the upgrade, or at least be available to go to<br>> the site. We have very rarely encountered an issue where the Joebox does<br>> not reboot properly after the upgrade, and in that case it needs to be<br>> power cycled to correct the problem. Additionally, although [...]
2013-04-09T10:25:42-04:00richard truszhttps://lists.maine.edu/cgi-bin/wa?A2=JOEBOX-L;a04cadd7.1304Re: Joebox upgrade windows
https://lists.maine.edu/cgi-bin/wa?A2=JOEBOX-L;338daba.1304
Just as an addendum to this, I wanted to note that we advise you be<br>on-site if possible during the upgrade, or at least be available to go to<br>the site. We have very rarely encountered an issue where the Joebox does<br>not reboot properly after the upgrade, and in that case it needs to be<br>power cycled to correct the problem. Additionally, although we have not<br>yet experienced any problems with this, it is advisable to test things<br>behind the Joebox after the upgrade to make sure everything continues to<br>work as expected, just to avoid an unhappy surprise [...]
2013-04-09T09:52:09-04:00Andrew Henryhttps://lists.maine.edu/cgi-bin/wa?A2=JOEBOX-L;338daba.1304Re: Joebox upgrade windows
https://lists.maine.edu/cgi-bin/wa?A2=JOEBOX-L;ac7aaa3.1304
Good morning Andrew,<br><br>We would like to have the new software upgrade loaded onto our Joebox.<br>Because of school vacation and various other needs of our staff,<br>the first day available would be on Friday, April 26, 2013 at 3 PM.<br><br>We hope that day will be satisfactory for you.<br>Thank you for your swift reply to our issue. [...]
2013-04-09T07:04:22-04:00richard truszhttps://lists.maine.edu/cgi-bin/wa?A2=JOEBOX-L;ac7aaa3.1304Re: Joebox update notes - version 15
https://lists.maine.edu/cgi-bin/wa?A2=JOEBOX-L;9fadba8e.1304
Yes, we now consider 15 the production release and recommend an upgrade.<br><br>On Mon, Apr 8, 2013 at 3:54 PM, John Armentrout <jarmentrout@kidsrsu.org>wrote:<br><br>> ** **<br>> So... Andrew, does this mean that the software is out of beta? Was there<br>> a change or edits since our beta release was installed two weeks ago? It<br>> seems to be running fine by the way, and fixed our 404 errors.<br>><br>> John<br>><br>><br>> John Armentrout<br>> KIDSRSU.org<br>> Voice: 207.622.6351 x421<br>> Cell: 207.441.3198<br>> Fax: 207.622.7866<br>> Skype: johnarmentrout<br>> YahooIM: john.armentrout<br>> .mac iChat: johnarmentrout@mac.com<br> [...]
2013-04-08T16:08:55-04:00Ray Soucyhttps://lists.maine.edu/cgi-bin/wa?A2=JOEBOX-L;9fadba8e.1304Re: Joebox update notes - version 15
https://lists.maine.edu/cgi-bin/wa?A2=JOEBOX-L;5b06298b.1304
So... Andrew, does this mean that the software is out of beta? Was there<br>a change or edits since our beta release was installed two weeks ago? It<br>seems to be running fine by the way, and fixed our 404 errors.<br><br>John<br><br>John Armentrout<br>KIDSRSU.org<br>Voice: 207.622.6351 x421<br>Cell: 207.441.3198<br>Fax: 207.622.7866<br>Skype: johnarmentrout<br>YahooIM: john.armentrout<br>.mac iChat: johnarmentrout@mac.com<br><br>Joebox User <JOEBOX-L@LISTS.MAINE.EDU> writes:<br>>Andrew,<br>><br>>May we schedule Madawaska Middle/High's Joebox to be upgraded after<br>>school (3pm) on Thursday? <br>><br>>Vincent Vanier, Technology Coordinator<br>>Madawaska School Department<br>>[ mailto:vince@madawaskaschools.org ]vince@madawaskaschools.org<br>>(207)728-3371x408<br>><br>><br>><br>>On Mon, Apr 8, 2013 at [...]
2013-04-08T15:54:18-04:00John Armentrouthttps://lists.maine.edu/cgi-bin/wa?A2=JOEBOX-L;5b06298b.1304Re: Joebox update notes - version 15
https://lists.maine.edu/cgi-bin/wa?A2=JOEBOX-L;f6fdd5fc.1304
Andrew,<br><br>May we schedule Madawaska Middle/High's Joebox to be upgraded after school<br>(3pm) on Thursday?<br><br>Vincent Vanier, Technology Coordinator<br>Madawaska School Department<br>vince@madawaskaschools.org<br>(207)728-3371x408<br><br>On Mon, Apr 8, 2013 at 11:03 AM, Andrew Henry <awhenry@maine.edu> wrote:<br><br>> A few people have asked for details on what the new upgrade contains. I<br>> had thought there was a post on this list in the past covering that,<br>> however looking back I didn't find one so I'll cover it here. The<br>> majority of changes center around MECguard, the web filtering component.<br>> This is a significant overhaul of that software, [...]
2013-04-08T14:39:54-04:00Vincent Vanierhttps://lists.maine.edu/cgi-bin/wa?A2=JOEBOX-L;f6fdd5fc.1304Joebox update notes - version 15
https://lists.maine.edu/cgi-bin/wa?A2=JOEBOX-L;b54dbbba.1304
A few people have asked for details on what the new upgrade contains. I<br>had thought there was a post on this list in the past covering that,<br>however looking back I didn't find one so I'll cover it here. The<br>majority of changes center around MECguard, the web filtering component.<br>This is a significant overhaul of that software, and the way HTTPS<br>filtering is handled is vastly improved, among other changes. Details of<br>the changes to that component are available here:<br>http://www.networkmaine.net/msln/joebox/MECguard_SSL-15.0.pdf. In<br>addition to the MECguard improvements, there are some kernel-level changes<br>to improve performance for high-bandwidth and [...]
2013-04-08T11:03:31-04:00Andrew Henryhttps://lists.maine.edu/cgi-bin/wa?A2=JOEBOX-L;b54dbbba.1304Re: Joebox upgrade windows
https://lists.maine.edu/cgi-bin/wa?A2=JOEBOX-L;6295039.1304
A couple of schools that I work with have found the Firefox/Chrome plugin called "stealthy", and it's creating some havoc. I<br><br>Eric R. Warren<br>207-764-1834 x.7010<br><br>On Apr 5, 2013, at 5:14 PM, "Andrew Henry" <awhenry@MAINE.EDU> wrote:<br><br>> As has been discussed on this list before, there is a new version of the<br>> Joebox software that has been in limited testing. Several sites have been<br>> using the new version successfully now, and we are ready to make it<br>> available for all interested sites. We have reserved some regular time<br>> windows that we can do these upgrades [...]
2013-04-05T21:38:59+00:00Eric R. Warrenhttps://lists.maine.edu/cgi-bin/wa?A2=JOEBOX-L;6295039.1304Re: Joebox upgrade windows
https://lists.maine.edu/cgi-bin/wa?A2=JOEBOX-L;4c770918.1304
What does the upgrade give us? We may be interested.<br><br>Vincent Vanier<br>Madawaska School Department<br>On Apr 5, 2013 5:14 PM, "Andrew Henry" <awhenry@maine.edu> wrote:<br><br>> As has been discussed on this list before, there is a new version of the<br>> Joebox software that has been in limited testing. Several sites have been<br>> using the new version successfully now, and we are ready to make it<br>> available for all interested sites. We have reserved some regular time<br>> windows that we can do these upgrades in:<br>><br>> Wednesdays: 3PM to 5PM<br>> Fridays: 3PM to 5PM<br> [...]
2013-04-05T17:30:09-04:00Vincent Vanierhttps://lists.maine.edu/cgi-bin/wa?A2=JOEBOX-L;4c770918.1304Joebox upgrade windows
https://lists.maine.edu/cgi-bin/wa?A2=JOEBOX-L;6ac1c30d.1304
As has been discussed on this list before, there is a new version of the<br>Joebox software that has been in limited testing. Several sites have been<br>using the new version successfully now, and we are ready to make it<br>available for all interested sites. We have reserved some regular time<br>windows that we can do these upgrades in: [...]
2013-04-05T17:01:17-04:00Andrew Henryhttps://lists.maine.edu/cgi-bin/wa?A2=JOEBOX-L;6ac1c30d.1304{Disarmed} Re: Additional Facebook Networks
https://lists.maine.edu/cgi-bin/wa?A2=JOEBOX-L;f707a2fe.1301
Thank you very much for the update, greatly appreciated.<br><br>On Wed, Jan 9, 2013 at 11:29 AM, Networkmaine <support@maine.edu> wrote:<br><br>> For those of you using the Joebox firewall to block Facebook, here are<br>> some additional networks you might need to add:<br>><br>> 31.13.24.0/21<br>> 31.13.64.0/18<br>> 103.4.96.0/22<br>><br>><br>> Our current Facebook network list is now<br>> 103.4.96.0/22<br>> 173.252.64.0/18<br>> 204.15.20.0/22<br>> 31.13.24.0/21<br>> 31.13.64.0/18<br>> 66.220.144.0/20<br>> 69.171.224.0/19<br>> 69.63.176.0/20<br>> 74.119.76.0/22<br>><br>> JasonM<br>> Networkmaine NOC<br>> University of Maine System<br>> Maine School and Library Network<br>> (207) 561-3587<br>> support@maine.edu<br> [...]
2013-01-09T11:32:19-05:00Chris Murchisonhttps://lists.maine.edu/cgi-bin/wa?A2=JOEBOX-L;f707a2fe.1301Additional Facebook Networks
https://lists.maine.edu/cgi-bin/wa?A2=JOEBOX-L;44faf6f8.1301
For those of you using the Joebox firewall to block Facebook, here are<br>some additional networks you might need to add:<br><br>31.13.24.0/21<br>31.13.64.0/18<br>103.4.96.0/22<br><br>Our current Facebook network list is now<br>103.4.96.0/22<br>173.252.64.0/18<br>204.15.20.0/22<br>31.13.24.0/21<br>31.13.64.0/18<br>66.220.144.0/20<br>69.171.224.0/19<br>69.63.176.0/20<br>74.119.76.0/22<br><br>JasonM<br>Networkmaine NOC<br>University of Maine System<br>Maine School and Library Network<br>(207) 561-3587<br>support@maine.edu
2013-01-09T11:29:25-05:00Networkmainehttps://lists.maine.edu/cgi-bin/wa?A2=JOEBOX-L;44faf6f8.1301Re: Transparent HTTPS Filtering Trials
https://lists.maine.edu/cgi-bin/wa?A2=JOEBOX-L;435fa582.1212
Full message available at: <a href="https://lists.maine.edu/cgi-bin/wa?A2=JOEBOX-L;435fa582.1212">Re: Transparent HTTPS Filtering Trials</a>2012-12-14T12:47:58-05:00Beric Deanehttps://lists.maine.edu/cgi-bin/wa?A2=JOEBOX-L;435fa582.1212Re: Transparent HTTPS Filtering Trials
https://lists.maine.edu/cgi-bin/wa?A2=JOEBOX-L;dfb71a2a.1212
Ray,<br><br>Jonesport-Beals High School would like to be updated. Our x-mas break is<br>December 24 - 31.<br><br>Thank You,<br><br>Eugene Blake<br>Technology Coordinator<br>MCSD 917/SU 103<br>Jonesport, ME 04649<br>207.497.5454<br><br>-----Original Message-----<br>From: Joebox User [mailto:JOEBOX-L@LISTS.MAINE.EDU] On Behalf Of Ray Soucy<br>Sent: Wednesday, December 12, 2012 12:26 PM<br>To: JOEBOX-L@LISTS.MAINE.EDU<br>Subject: Re: Transparent HTTPS Filtering Trials<br><br>It took us the majority of November working with MECnet to resolve some<br>issues keeping us from testing in production. [...]
2012-12-12T12:39:29-05:00Eugene Blakehttps://lists.maine.edu/cgi-bin/wa?A2=JOEBOX-L;dfb71a2a.1212Re: Transparent HTTPS Filtering Trials
https://lists.maine.edu/cgi-bin/wa?A2=JOEBOX-L;12f0583.1212
It took us the majority of November working with MECnet to resolve<br>some issues keeping us from testing in production.<br><br>Sorry for the delay on that.<br><br>The good news is that we appear to have a stable release now, so if<br>there are sites looking to upgrade over holiday breaks please let us<br>know.<br><br>A short PDF explaining the changes to MECguard and an idea of<br>what to expect is available on the web at: [...]
2012-12-12T12:26:16-05:00Ray Soucyhttps://lists.maine.edu/cgi-bin/wa?A2=JOEBOX-L;12f0583.1212Software Update
https://lists.maine.edu/cgi-bin/wa?A2=JOEBOX-L;92dec2a8.1211
A quick note about updates that now show on the software update page:<br><br>Two minor software updates have been posted for Joebox 12 users:<br><br>xorp_maine 12.1<br>netttools 12.1<br><br>These updates are minor and optional.<br><br>The upgrade to XORP is a migration to the newer version of the routing<br>engine that will be used in the next major release. It resolves a rare<br>OSPF timer bug which only affects intradistrict MSLN networks (all schools<br>connecting through a Joebox). [...]
2012-11-30T13:25:41-05:00Ray Soucyhttps://lists.maine.edu/cgi-bin/wa?A2=JOEBOX-L;92dec2a8.1211Re: Transparent HTTPS Filtering Trials
https://lists.maine.edu/cgi-bin/wa?A2=JOEBOX-L;f8f8de23.1211
Sorry for the delay,<br><br>No, you can't buy an SSL cert for this. The Joebox is using a<br>certificate authority and generating certificates on the fly that are<br>signed by that authority.<br><br>On Thu, Nov 1, 2012 at 5:11 PM, Eric Chellis <e.chellis@msad60.org> wrote:<br>> If this option pans out to work as it should, could we buy an SSL cert for<br>> the joebox so we wouldn't have to install the private one on every computer?<br>><br>> Eric Chellis<br>><br>> Network Manager<br>> MSAD #60<br>><br>> 388 Somersworth Rd.<br>><br>> North Berwick, ME 03906<br>><br> [...]
2012-11-06T09:28:37-05:00Ray Soucyhttps://lists.maine.edu/cgi-bin/wa?A2=JOEBOX-L;f8f8de23.1211Re: Transparent HTTPS Filtering Trials
https://lists.maine.edu/cgi-bin/wa?A2=JOEBOX-L;e8190429.1211
Ray,<br>I have not played in the Joe Box a whole lot. But right now are we able to<br>block https traffic? If so can you remind me how to do that?<br>Thanks<br>Lori<br><br>Keep the faith; its all about the climb!<br>征馬辰漫征馬辰漫征馬辰漫征馬辰漫征馬辰漫征馬辰漫<br>Lori Faulkner<br>Technology Director<br>(207) 453-4200 ext. 2219<br>School Administrative District #49<br>mailto: lfaulkner@msad49.org<br>-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=<br><br>-----Original Message-----<br>From: Joebox User [mailto:JOEBOX-L@LISTS.MAINE.EDU] On Behalf Of Ray Soucy<br>Sent: Thursday, October 25, 2012 11:48 AM<br>To: JOEBOX-L@LISTS.MAINE.EDU<br>Subject: Re: Transparent HTTPS Filtering Trials [...]
2012-11-02T12:01:00-04:00Lori Faulknerhttps://lists.maine.edu/cgi-bin/wa?A2=JOEBOX-L;e8190429.1211Re: Transparent HTTPS Filtering Trials
https://lists.maine.edu/cgi-bin/wa?A2=JOEBOX-L;8770b48d.1211
If this option pans out to work as it should, could we buy an SSL cert for<br>the joebox so we wouldn't have to install the private one on every computer?<br><br>Eric Chellis<br><br>Network Manager<br>MSAD #60<br><br>388 Somersworth Rd.<br><br>North Berwick, ME 03906<br><br>207.676.2234 x302 (Voice)<br>207.451.3296 (Cell)<br><br>On Thu, Oct 25, 2012 at 11:47 AM, Ray Soucy <rps@maine.edu> wrote: [...]
2012-11-01T17:11:34-04:00Eric Chellishttps://lists.maine.edu/cgi-bin/wa?A2=JOEBOX-L;8770b48d.1211Re: Transparent HTTPS Filtering Trials
https://lists.maine.edu/cgi-bin/wa?A2=JOEBOX-L;e333a93e.1210
Thanks to all those who responded on- and off-list.<br><br>We will be only testing with 1 or 2 sites for the first week, but if<br>everything looks good we will expand to those interested.<br><br>On Thu, Oct 25, 2012 at 11:29 AM, Judy Dorr <jdorr@csd3.org> wrote:<br>> Hi Ray, we would be interested in being a volunteer site.<br>><br>><br>> Judy Dorr<br>> K-8 Technology Coordinator<br>> Boothbay Region Elementary School<br>> jdorr@csd3.org<br>> (207)633-5097<br>> "Computer tech people: We don't believe in miracles, we rely upon them."<br>> This email and any files transmitted with it are confidential [...]
2012-10-25T11:47:44-04:00Ray Soucyhttps://lists.maine.edu/cgi-bin/wa?A2=JOEBOX-L;e333a93e.1210Re: Transparent HTTPS Filtering Trials
https://lists.maine.edu/cgi-bin/wa?A2=JOEBOX-L;87d85fe2.1210
Hi Ray, we would be interested in being a volunteer site.<br><br>Judy Dorr<br>K-8 Technology Coordinator<br>Boothbay Region Elementary School<br>jdorr@csd3.org<br>(207)633-5097<br>"Computer tech people: We don't believe in miracles, we rely upon them."<br>This email and any files transmitted with it are confidential and<br>intended solely for the use of the individual or entity to which they are<br>addressed. If you have received this email in error please notify the<br>sender immediately and promptly destroy the email. Please note that any<br>views do not necessarily represent those of Boothbay Region Elementary<br>School. Finally, the recipient should check this email [...]
2012-10-25T11:29:36-04:00Judy Dorrhttps://lists.maine.edu/cgi-bin/wa?A2=JOEBOX-L;87d85fe2.1210Re: Transparent HTTPS Filtering Trials
https://lists.maine.edu/cgi-bin/wa?A2=JOEBOX-L;8cea0a8.1210
The Joebox does not have configurable local DNS. We do provide a<br>state-wide OpenDNS license for DNS-based filtering as an alternative<br>to the Joebox, though.<br><br>On Thu, Oct 25, 2012 at 10:17 AM, Swift, Randy <randy.swift@rsu52.us> wrote:<br>> I do not use the joebox for filtering/firewall. I am curious as to if the<br>> joebox has dns forwarding cababilities? In my firewall I just dns forward<br>> facebook.com to 10.1.0.0 and they cannot get to facebook using http or<br>> https. Thanks<br>><br>> On Thu, Oct 25, 2012 at 8:22 AM, Rick Lange<br>> <rick.lange@lakeregionschools.org> wrote:<br>>><br>>> Hi [...]
2012-10-25T11:24:15-04:00Ray Soucyhttps://lists.maine.edu/cgi-bin/wa?A2=JOEBOX-L;8cea0a8.1210Re: Transparent HTTPS Filtering Trials
https://lists.maine.edu/cgi-bin/wa?A2=JOEBOX-L;f7c02e42.1210
I am also thinking like Ray. I would like to find a way to implement some<br>filtering on the mlti laptops that give them the same restrictions at home<br>that they have here at school. I think it is coming to the point that we<br>are providing the technology and we need to start doing a CYA campaign for<br>that program. [...]
2012-10-25T10:24:30-04:00Lori Faulknerhttps://lists.maine.edu/cgi-bin/wa?A2=JOEBOX-L;f7c02e42.1210Re: Transparent HTTPS Filtering Trials
https://lists.maine.edu/cgi-bin/wa?A2=JOEBOX-L;9b60d3c8.1210
I do not use the joebox for filtering/firewall. I am curious as to if the<br>joebox has dns forwarding cababilities? In my firewall I just dns forward<br>facebook.com to 10.1.0.0 and they cannot get to facebook using http or<br>https. Thanks<br><br>On Thu, Oct 25, 2012 at 8:22 AM, Rick Lange <<br>rick.lange@lakeregionschools.org> wrote:<br><br>> Hi Ray,<br>> I am the Network Manager for MSAD-61, and I am definitely interested in<br>> testing this filtering method. HTTPS (in particular<br>> https://www.facebook.com) is a loophole that our students quickly found<br>> out about, to circumvent the filter. We have a JoeBox [...]
2012-10-25T10:17:02-04:00Swift, Randyhttps://lists.maine.edu/cgi-bin/wa?A2=JOEBOX-L;9b60d3c8.1210Re: Transparent HTTPS Filtering Trials
https://lists.maine.edu/cgi-bin/wa?A2=JOEBOX-L;e3932697.1210
Pls add me to the list...<br><br>Bruce Johnson<br>RSU13<br><br>-----Original Message-----<br>From: Joebox User [mailto:JOEBOX-L@LISTS.MAINE.EDU] On Behalf Of Ray Soucy<br>Sent: Wednesday, October 24, 2012 12:43 PM<br>To: JOEBOX-L@LISTS.MAINE.EDU<br>Subject: Transparent HTTPS Filtering Trials<br><br>After months of development with MECnet, we're finally ready to start testing the new Joebox code base that introduces transparent HTTPS filtering for MECguard. [...]
2012-10-25T14:03:04+00:00Bruce Johnsonhttps://lists.maine.edu/cgi-bin/wa?A2=JOEBOX-L;e3932697.1210Re: Transparent HTTPS Filtering Trials
https://lists.maine.edu/cgi-bin/wa?A2=JOEBOX-L;b9f2fdb9.1210
Ray, MSAD/RSU #60 would be willing to be a test site for this.<br><br>Eric Chellis<br><br>Network Manager<br>MSAD #60<br><br>388 Somersworth Rd.<br><br>North Berwick, ME 03906<br><br>207.676.2234 x302 (Voice)<br>207.451.3296 (Cell)<br><br>On Thu, Oct 25, 2012 at 8:22 AM, Rick Lange <<br>rick.lange@lakeregionschools.org> wrote:<br><br>> Hi Ray,<br>> I am the Network Manager for MSAD-61, and I am definitely interested in<br>> testing this filtering method. HTTPS (in particular<br>> https://www.facebook.com) is a loophole that our students quickly found<br>> out about, to circumvent the filter. We have a JoeBox and MecGuard<br>> enabled at the HS/MS. Please feel free [...]
2012-10-25T09:37:27-04:00Eric Chellishttps://lists.maine.edu/cgi-bin/wa?A2=JOEBOX-L;b9f2fdb9.1210Re: Transparent HTTPS Filtering Trials
https://lists.maine.edu/cgi-bin/wa?A2=JOEBOX-L;c9c5dd1f.1210
Hi Ray,<br>I am the Network Manager for MSAD-61, and I am definitely interested in<br>testing this filtering method. HTTPS (in particular<br>https://www.facebook.com) is a loophole that our students quickly found out<br>about, to circumvent the filter. We have a JoeBox and MecGuard enabled at<br>the HS/MS. Please feel free to contact me at the address below so we can<br>discuss the details.<br>Thank You,<br>Rick Lange<br>IS Network Manager<br>Maine School Administrative District 61<br>900 Portland Rd.<br>Bridgton, ME 04009<br>rick.lange@lakeregionschools.org
2012-10-25T08:22:35-04:00Rick Langehttps://lists.maine.edu/cgi-bin/wa?A2=JOEBOX-L;c9c5dd1f.1210Re: Transparent HTTPS Filtering Trials
https://lists.maine.edu/cgi-bin/wa?A2=JOEBOX-L;b8fb1242.1210
As usual, my friend, we are willing. This would be a perfect time to do the internet cut over as well...kill two birds with one stone.<br><br>Ray Soucy <rps@MAINE.EDU> wrote:<br><br>After months of development with MECnet, we're finally ready to start<br>testing the new Joebox code base that introduces transparent HTTPS<br>filtering for MECguard. [...]
2012-10-24T14:49:25-04:00Jef H. HamLinhttps://lists.maine.edu/cgi-bin/wa?A2=JOEBOX-L;b8fb1242.1210Transparent HTTPS Filtering Trials
https://lists.maine.edu/cgi-bin/wa?A2=JOEBOX-L;2cc11cc2.1210
After months of development with MECnet, we're finally ready to start<br>testing the new Joebox code base that introduces transparent HTTPS<br>filtering for MECguard.<br><br>I'm currently looking for a volunteer site (or two) to test this new<br>filtering method. Ideally this would be a site that does not<br>currently filter HTTPS so it could be enabled or disabled on a<br>per-group basis without having to make sweeping changes to your<br>existing environment. [...]
2012-10-24T12:43:06-04:00Ray Soucyhttps://lists.maine.edu/cgi-bin/wa?A2=JOEBOX-L;2cc11cc2.1210Re: Filtering subdomains
https://lists.maine.edu/cgi-bin/wa?A2=JOEBOX-L;c298b11d.1204
Hey!<br><br>I found the issue, and I believe it goes all the way back to the original<br>installation. We had copied some settings over from Bess.<br><br>I usually enter all my URL's that I want to blacklist or whitelist into the<br>Filtering Lists under the Groups section of the MECguard tab. I rarely if<br>ever use the Global URL Keywords tab. Sure enough, inside the Global URL<br>keywords tab, I had whitelisted the domain "yahoo.com" so everything was<br>permitted to flow through. [...]
2012-04-06T08:34:25-04:00Vincent Vanierhttps://lists.maine.edu/cgi-bin/wa?A2=JOEBOX-L;c298b11d.1204Re: Filtering subdomains
https://lists.maine.edu/cgi-bin/wa?A2=JOEBOX-L;2aedbd26.1204
The Joebox does "string in string" comparison on URLs, so if you type in ".<br>yahoo.com" instead of "yahoo.com" for your block list, "yahoo.com" won't<br>match because it doesn't have a "." but "anything.yahoo.com" will match.<br><br>You shouldn't need to allow yahoo.com explicitly, if it's getting blocked<br>try a "Soft Allow" for yahoo.com and a block for "messenger.yahoo.com". [...]
2012-04-05T15:28:55-04:00Ray Soucyhttps://lists.maine.edu/cgi-bin/wa?A2=JOEBOX-L;2aedbd26.1204Re: Filtering subdomains
https://lists.maine.edu/cgi-bin/wa?A2=JOEBOX-L;590e1460.1204
Try this one...<br><br>Www.www.www.www.www.www.www.www.www.www.www.facebook.com<br><br>Sent from FirstClass with my iPad<br><br>Joebox User <JOEBOX-L@LISTS.MAINE.EDU> writes:<br>>Hi,<br>><br>>Any chance the new and improved version of the Joebox software will be<br>>able to filter subdomains? I'd love to allow access to [<br>>http://yahoo.com ]yahoo.com but cut off access to [<br>>http://messenger.yahoo.com ]messenger.yahoo.com as an example. Will this<br>>be possible with the new upgrade to MECguard?<br>><br>>Vince<br>><br>>Vincent Vanier, Technology Coordinator<br>>Madawaska School Department<br>>[ mailto:vince@madawaskaschools.org ]vince@madawaskaschools.org<br>>(207)728-3371x408<br>><br>>
2012-04-05T09:37:35-04:00John Armentrouthttps://lists.maine.edu/cgi-bin/wa?A2=JOEBOX-L;590e1460.1204Filtering subdomains
https://lists.maine.edu/cgi-bin/wa?A2=JOEBOX-L;33205b1a.1204
Hi,<br><br>Any chance the new and improved version of the Joebox software will be able<br>to filter subdomains? I'd love to allow access to yahoo.com but cut off<br>access to messenger.yahoo.com as an example. Will this be possible with<br>the new upgrade to MECguard?<br><br>Vince<br><br>Vincent Vanier, Technology Coordinator<br>Madawaska School Department<br>vince@madawaskaschools.org<br>(207)728-3371x408
2012-04-05T08:39:02-04:00Vincent Vanierhttps://lists.maine.edu/cgi-bin/wa?A2=JOEBOX-L;33205b1a.1204Re: SSL filtering
https://lists.maine.edu/cgi-bin/wa?A2=JOEBOX-L;f2fda951.1201
I would also like to point out that since I finally have the JoeBox filtering... Both encrypted and non-encrypted working perfectly.. I would be very disgruntled if I had to switch to a different method. :)<br><br>Sent from my iPhone<br><br>On Jan 26, 2012, at 4:08 PM, David Consalvi <dconsalvi@SHEAD.ORG> wrote:<br><br>> I am at Shead High School and have pretty good luck with the SSL filtering. I have to individually touch each computer running the MLTI image in order to auto detect proxies for Safari; however, users can set it themselves with Firefox.<br>><br>> A request that I [...]
2012-01-26T17:06:46-05:00Tim Levesquehttps://lists.maine.edu/cgi-bin/wa?A2=JOEBOX-L;f2fda951.1201Re: SSL filtering
https://lists.maine.edu/cgi-bin/wa?A2=JOEBOX-L;54d20a07.1201
For the record this set up works really well and I've had no complaints from users. The only difficult part was ensuring that the correct clients were in the correct groups in mecguard as we do not use ssl filtering for our staff.<br><br>Sent from my iPhone<br><br>On Jan 26, 2012, at 4:08 PM, David Consalvi <dconsalvi@SHEAD.ORG> wrote: [...]
2012-01-26T17:04:24-05:00Tim Levesquehttps://lists.maine.edu/cgi-bin/wa?A2=JOEBOX-L;54d20a07.1201Re: SSL filtering
https://lists.maine.edu/cgi-bin/wa?A2=JOEBOX-L;2a898a63.1201
You can set the operating system to auto detect the proxy settings and then tell the browsers to use the system settings if you have wpad configured. This would eliminate issues when students bring laptops home. I've also locked these settings down in Firefox as well as our Mac OS X network settings so that they can not be changed. I'm not sure how to do it with windows but I can shoot a package to our task manager to configure the proxy settings to each client automagically. [...]
2012-01-26T17:01:07-05:00Tim Levesquehttps://lists.maine.edu/cgi-bin/wa?A2=JOEBOX-L;2a898a63.1201Re: SSL filtering
https://lists.maine.edu/cgi-bin/wa?A2=JOEBOX-L;948207cc.1201
I am at Shead High School and have pretty good luck with the SSL filtering. I have to individually touch each computer running the MLTI image in order to auto detect proxies for Safari; however, users can set it themselves with Firefox.<br><br>A request that I believe is fairly simple but which would make things very handy is the inclusion of a sorting feature at the tops of pages with lists. For example, the DHCP Static IP page. I use static IPs to limit our connectivity of non-authorized devices. In essence, users must register their device with the tech department [...]
2012-01-26T16:08:26-05:00David Consalvihttps://lists.maine.edu/cgi-bin/wa?A2=JOEBOX-L;948207cc.1201Re: SSL filtering
https://lists.maine.edu/cgi-bin/wa?A2=JOEBOX-L;f535dd98.1201
Thankfully, custom root CAs are nothing new. They have been widely used<br>for enterprise networking for well over a decade now, and I haven't<br>encountered a device that doesn't allow you to add one.<br><br>On Thu, Jan 26, 2012 at 2:26 PM, Kyle Green <kyle.green@rsu35.org> wrote:<br><br>> On Thu, Jan 26, 2012 at 2:20 PM, Eric R. Warren <eric@greenmarkit.com>wrote:<br>><br>>> Keep in mind that there are a lot of IOS devices out there now, in some<br>>> places they represent 30% of the total machines in use. Can you even<br>>> install a root CA on them?<br>>><br>><br> [...]
2012-01-26T14:35:14-05:00Ray Soucyhttps://lists.maine.edu/cgi-bin/wa?A2=JOEBOX-L;f535dd98.1201Re: SSL filtering
https://lists.maine.edu/cgi-bin/wa?A2=JOEBOX-L;2ec21154.1201
On Thu, Jan 26, 2012 at 2:20 PM, Eric R. Warren <eric@greenmarkit.com>wrote:<br><br>> Keep in mind that there are a lot of IOS devices out there now, in some<br>> places they represent 30% of the total machines in use. Can you even<br>> install a root CA on them?<br>><br><br>Yes.<br><br>http://images.apple.com/iphone/business/docs/iPhone_Digital_Certificates.pdf
2012-01-26T14:26:35-05:00Kyle Greenhttps://lists.maine.edu/cgi-bin/wa?A2=JOEBOX-L;2ec21154.1201Re: SSL filtering
https://lists.maine.edu/cgi-bin/wa?A2=JOEBOX-L;fc569cb3.1201
On Thu, Jan 26, 2012 at 2:04 PM, Kyle Green <kyle.green@rsu35.org> wrote:<br><br>> On Thu, Jan 26, 2012 at 1:57 PM, Ray Soucy <rps@maine.edu> wrote:<br>><br>>> Question:<br>>><br>>> Is the requirement of having to install a custom root CA a show stopper?<br>>> If so, for what reasons (too much work to deploy; privacy or ethical<br>>> concerns; etc)<br>>><br>><br>> It is for us; we simply have too many non-school-owned machines (we rely<br>> heavily on BYOD) on our network.<br>> [...]
2012-01-26T14:21:40-05:00Ray Soucyhttps://lists.maine.edu/cgi-bin/wa?A2=JOEBOX-L;fc569cb3.1201Re: SSL filtering
https://lists.maine.edu/cgi-bin/wa?A2=JOEBOX-L;8bf7691c.1201
Keep in mind that there are a lot of IOS devices out there now, in some places they represent 30% of the total machines in use. Can you even install a root CA on them?<br><br>Eric Warren<br>Greenmark IT<br><br>From: Joebox User [mailto:JOEBOX-L@LISTS.MAINE.EDU] On Behalf Of Ray Soucy<br>Sent: Thursday, January 26, 2012 1:57 PM<br>To: JOEBOX-L@LISTS.MAINE.EDU<br>Subject: SSL filtering [...]
2012-01-26T19:20:14+00:00Eric R. Warrenhttps://lists.maine.edu/cgi-bin/wa?A2=JOEBOX-L;8bf7691c.1201Re: SSL filtering
https://lists.maine.edu/cgi-bin/wa?A2=JOEBOX-L;e385bd88.1201
On Thu, Jan 26, 2012 at 1:57 PM, Ray Soucy <rps@maine.edu> wrote:<br><br>> Question:<br>><br>> Is the requirement of having to install a custom root CA a show stopper?<br>> If so, for what reasons (too much work to deploy; privacy or ethical<br>> concerns; etc)<br>><br><br>It is for us; we simply have too many non-school-owned machines (we rely<br>heavily on BYOD) on our network. [...]
2012-01-26T14:04:53-05:00Kyle Greenhttps://lists.maine.edu/cgi-bin/wa?A2=JOEBOX-L;e385bd88.1201SSL filtering
https://lists.maine.edu/cgi-bin/wa?A2=JOEBOX-L;4210ee2a.1201
Hi All,<br><br>I apologize in advance for the length.<br><br>This isn't urgent so please take some time to read it and provide feedback<br>over the next few weeks.<br><br>As we work with MECnet on the next release of the Joebox (targeted to be<br>ready for the fall) one of the things we're focus on is SSL filtering for<br>MECguard. We haven't see much adoption of the proxy-based method for SSL<br>filtering, so we're looking into the problems with that and how to make it<br>better. [...]
2012-01-26T13:57:10-05:00Ray Soucyhttps://lists.maine.edu/cgi-bin/wa?A2=JOEBOX-L;4210ee2a.1201Re: Question on Groups, Firewall, and Filtering
https://lists.maine.edu/cgi-bin/wa?A2=JOEBOX-L;b7186d0e.1201
Well, it "should" work on LOW. In fact we had MECnet explicitly fix<br>that at one point, but it apparently isn't working that way anymore.<br><br>I'm not sure if it will work on MED, either. It appears to have<br>reverted to applying Open Port rules after Closed Port rules (which<br>doesn't seem very useful). [...]
2012-01-09T15:06:19-05:00Ray Soucyhttps://lists.maine.edu/cgi-bin/wa?A2=JOEBOX-L;b7186d0e.1201Re: Question on Groups, Firewall, and Filtering
https://lists.maine.edu/cgi-bin/wa?A2=JOEBOX-L;a582d4b4.1201
Thanks Ray,<br><br>I was prety sure about how the filter worked, I have set up a group to do different filtering, and remember that was my issue was i did not move it above private lan.<br><br>Here is my question<br>If you block Facebook by blocking its IP networks in the firewall,<br>then you will also need to create a rule to bypass that block for a<br>specific group. [...]
2012-01-09T14:53:03-05:00James Jalberthttps://lists.maine.edu/cgi-bin/wa?A2=JOEBOX-L;a582d4b4.1201Re: Question on Groups, Firewall, and Filtering
https://lists.maine.edu/cgi-bin/wa?A2=JOEBOX-L;b2a23995.1201
Hi James, (responses inline).<br><br>On Mon, Jan 9, 2012 at 2:08 PM, James Jalbert <jjalbert@rsu39.org> wrote:<br>> I am in hopes that someone out there can help me with this, here is the<br>> issue<br>><br>> First off the easy one, I have a group that I would like completely open on<br>> both filtering and firewall. This network has its own filter, and firewall<br>> in place, and I want to make sure that NOTHING is blocked to or from this<br>> site? I am assuming that an open port rule of Everyone Else to "this Group"<br>> allowing [...]
2012-01-09T14:44:30-05:00Ray Soucyhttps://lists.maine.edu/cgi-bin/wa?A2=JOEBOX-L;b2a23995.1201Re: Question on Groups, Firewall, and Filtering
https://lists.maine.edu/cgi-bin/wa?A2=JOEBOX-L;7ed34c81.1201
Vince,<br><br>I have tried with the group all the way to the top, and all the way to the bottom, the only thing that changes is if I need my over-ride or not<br><br>James Jalbert<br>Network Administrator<br>Eastern Aroostook RSU #39<br>Phone: 207-493-4246<br>E-Mail: jjalbert@rsu39.org<br><br>>>> Vincent Vanier <vince@MADAWASKASCHOOLS.ORG> 1/9/2012 2:30 PM >>><br>Check the order of your Groups. It sounds like you have them backwords if it's blocking a group that shouldn't be denied access to those ports. [...]
2012-01-09T14:42:37-05:00James Jalberthttps://lists.maine.edu/cgi-bin/wa?A2=JOEBOX-L;7ed34c81.1201Re: Question on Groups, Firewall, and Filtering
https://lists.maine.edu/cgi-bin/wa?A2=JOEBOX-L;e6705681.1201
Check the order of your Groups. It sounds like you have them backwords if<br>it's blocking a group that shouldn't be denied access to those ports.<br><br>Vincent Vanier, Technology Coordinator<br>Madawaska School Department<br>vince@madawaskaschools.org<br>(207)728-3371x408<br><br>On Mon, Jan 9, 2012 at 2:08 PM, James Jalbert <jjalbert@rsu39.org> wrote:<br><br>> I am in hopes that someone out there can help me with this, here is the<br>> issue<br>><br>> First off the easy one, I have a group that I would like completely open<br>> on both filtering and firewall. This network has its own filter, and<br>> firewall in place, [...]
2012-01-09T14:30:17-05:00Vincent Vanierhttps://lists.maine.edu/cgi-bin/wa?A2=JOEBOX-L;e6705681.1201Question on Groups, Firewall, and Filtering
https://lists.maine.edu/cgi-bin/wa?A2=JOEBOX-L;d863eaa1.1201
I am in hopes that someone out there can help me with this, here is the issue<br><br>First off the easy one, I have a group that I would like completely open on both filtering and firewall. This network has its own filter, and firewall in place, and I want to make sure that NOTHING is blocked to or from this site? I am assuming that an open port rule of Everyone Else to "this Group" allowing all protocols is what I want? I also assume that I will need one for "this Group" to Everyone Else to allow all [...]
2012-01-09T14:08:01-05:00James Jalberthttps://lists.maine.edu/cgi-bin/wa?A2=JOEBOX-L;d863eaa1.1201Re: MECguard Domain Restrictions
https://lists.maine.edu/cgi-bin/wa?A2=JOEBOX-L;a8b9b8fb.1112
The only issue we've found with different filters for teachers and students<br>was that teachers assume that students will be able to access everything<br>they can access, so when they plan lessons they sometimes get into trouble<br>when using resources that students can't get to.<br><br>Double edged swords cut both ways.<br><br>Vincent Vanier, Technology Coordinator<br>Madawaska School Department<br>vince@madawaskaschools.org<br>(207)728-3371x408 [...]
2011-12-23T10:56:22-05:00Vincent Vanierhttps://lists.maine.edu/cgi-bin/wa?A2=JOEBOX-L;a8b9b8fb.1112Re: MECguard Domain Restrictions
https://lists.maine.edu/cgi-bin/wa?A2=JOEBOX-L;3f971ce1.1112
No. We have found that it is more trouble than it is worth. We have a different filter for staff and students and that takes care of most issues.<br><br>H<br><br>From: Joebox User [mailto:JOEBOX-L@LISTS.MAINE.EDU] On Behalf Of Eric R. Warren<br>Sent: Friday, December 23, 2011 7:40 AM<br>To: JOEBOX-L@LISTS.MAINE.EDU<br>Subject: Re: MECguard Domain Restrictions<br><br>Do you provide override credentials to your teachers? [...]
2011-12-23T10:48:12-05:00Jef H. HamLinhttps://lists.maine.edu/cgi-bin/wa?A2=JOEBOX-L;3f971ce1.1112Re: MECguard Domain Restrictions
https://lists.maine.edu/cgi-bin/wa?A2=JOEBOX-L;269f27a2.1112
You could certainly allow youtube.com/teachers and block youtube.com;<br>the problem is that they don't actually separate the content under<br>those structures, so even if you allow youtube.com/teachers, all the<br>video links still go to youtube.com/watch?v=, and all the image links<br>on the page still point to other random URLs.<br><br>Only blocking or unblocking by subdomain is for HTTPS, for normal HTTP<br>the full specific URL can be used. [...]
2011-12-23T08:39:53-05:00Ray Soucyhttps://lists.maine.edu/cgi-bin/wa?A2=JOEBOX-L;269f27a2.1112Re: MECguard Domain Restrictions
https://lists.maine.edu/cgi-bin/wa?A2=JOEBOX-L;610d6627.1112
Why don't you upload them to www.schooltube.com<http://www.schooltube.com> instead?<br><br>Eric R. Warren<br>Greenmark IT<br>207-764-1834 x.7014<br><br>On Dec 23, 2011, at 7:48 AM, "Vincent Vanier" <vince@MADAWASKASCHOOLS.ORG<mailto:vince@MADAWASKASCHOOLS.ORG>> wrote:<br><br>On Fri, Dec 23, 2011 at 7:40 AM, Eric R. Warren <eric@greenmarkit.com<mailto:eric@greenmarkit.com>> wrote:<br>Do you provide override credentials to your teachers?<br><br>Yeah, we provide override credentials to our teachers, but we've also got quite a bit of content that we generate that we would like students to be able to access. I know that this is one of those conundrums, but I want my cake and I want to eat it too!
2011-12-23T12:51:56+00:00Eric R. Warrenhttps://lists.maine.edu/cgi-bin/wa?A2=JOEBOX-L;610d6627.1112Re: MECguard Domain Restrictions
https://lists.maine.edu/cgi-bin/wa?A2=JOEBOX-L;22091687.1112
On Fri, Dec 23, 2011 at 7:40 AM, Eric R. Warren <eric@greenmarkit.com>wrote:<br><br>> Do you provide override credentials to your teachers?<br>><br>> Yeah, we provide override credentials to our teachers, but we've also got<br>quite a bit of content that we generate that we would like students to be<br>able to access. I know that this is one of those conundrums, but I want my<br>cake and I want to eat it too!
2011-12-23T07:46:08-05:00Vincent Vanierhttps://lists.maine.edu/cgi-bin/wa?A2=JOEBOX-L;22091687.1112Re: MECguard Domain Restrictions
https://lists.maine.edu/cgi-bin/wa?A2=JOEBOX-L;bfcc6fec.1112
Do you provide override credentials to your teachers?<br><br>Eric R. Warren<br>Greenmark IT<br>207-764-1834 x.7014<br><br>On Dec 23, 2011, at 7:38 AM, "Vincent Vanier" <vince@MADAWASKASCHOOLS.ORG<mailto:vince@MADAWASKASCHOOLS.ORG>> wrote:<br><br>I'm hoping that someone has an idea that can help us. We're currently blocking the domain youtube.com<http://youtube.com> at our school. While we acknowledge that there is a great deal of good material there, it also has way too much material that has been deemed inappropriate for our school environment. [...]
2011-12-23T12:40:19+00:00Eric R. Warrenhttps://lists.maine.edu/cgi-bin/wa?A2=JOEBOX-L;bfcc6fec.1112MECguard Domain Restrictions
https://lists.maine.edu/cgi-bin/wa?A2=JOEBOX-L;660a81be.1112
I'm hoping that someone has an idea that can help us. We're currently<br>blocking the domain youtube.com at our school. While we acknowledge that<br>there is a great deal of good material there, it also has way too much<br>material that has been deemed inappropriate for our school environment.<br><br>That being said, the folks at YouTube have created a whole pile of school<br>appropriate content and placed it in their YouTube Teachers area.<br>Unfortunately they just placed it in a subdomain of the original YouTube<br>domain. (youtube.com/teachers) [...]
2011-12-23T07:35:04-05:00Vincent Vanierhttps://lists.maine.edu/cgi-bin/wa?A2=JOEBOX-L;660a81be.1112Re: MecGuard Log Files
https://lists.maine.edu/cgi-bin/wa?A2=JOEBOX-L;f030a810.1112
Those MYD files are MySQL data files. If you have a MySQL server<br>available, you can start a new database by creating an empty folder in the<br>MySQL data folder and dumping the MYD files in to that folder. This is<br>what I do when I need to keep logs around for an indefinite time period.<br>You can then use PHPMyAdmin or a home grown application to browse the files<br>at a later date. [...]
2011-12-20T07:24:18-05:00Scott Bodeenhttps://lists.maine.edu/cgi-bin/wa?A2=JOEBOX-L;f030a810.1112MecGuard Log Files
https://lists.maine.edu/cgi-bin/wa?A2=JOEBOX-L;2fe704d3.1112
I am looking for a way to download the archived MECguard log files to my local machine, were I can then run a grep or awk command to search for specific text. Does anyone have any idea as to how this can be done. I have tried to export from the MECguard stats/Log page, but only get information back to 11-30-2011, however if I search for specific text I have activity back from 11-16-2011. I have also tried to download the files from the System Logs Page, but they are a .MYD file and can not be opened with anything [...]
2011-12-19T14:43:39-05:00James Jalberthttps://lists.maine.edu/cgi-bin/wa?A2=JOEBOX-L;2fe704d3.1112New .XXX TLD for Adult Content
https://lists.maine.edu/cgi-bin/wa?A2=JOEBOX-L;41b7ac57.1112
In case you didn't see the news about it already,<br><br>The new ".xxx" TLD, which is for Adult Content, is now open for<br>registration. We will no doubt start to see this TLD used for<br>websites inappropriate for children.<br><br>It is advisable to add ".xxx" to your Global URL Block List in<br>MECguard to prohibit these sites. [...]
2011-12-07T21:35:13-05:00Ray Soucyhttps://lists.maine.edu/cgi-bin/wa?A2=JOEBOX-L;41b7ac57.1112Update Status
https://lists.maine.edu/cgi-bin/wa?A2=JOEBOX-L;36cf8321.1109
23.8% of Joeboxes have been upgraded to the latest code.<br><br>These updates fix an issue with DNS services crashing intermittently<br>and potentially disrupting service.<br><br>For those of you who haven't upgraded yet this is just a remind that<br>in addition to doing the upgrade manually, you can always call our<br>support line 1-888-367-6756 and ask us to perform a scheduled upgrade<br>for you between 8:00 AM and 10:00 PM weekdays, or 8:00 AM to 5:00 PM<br>on Saturdays.
2011-09-27T11:20:11-04:00Ray Soucyhttps://lists.maine.edu/cgi-bin/wa?A2=JOEBOX-L;36cf8321.1109Re: Update
https://lists.maine.edu/cgi-bin/wa?A2=JOEBOX-L;6774419.1109
I am not in my office. I will get back to you as soon I return.
2011-09-16T11:48:48-04:00Randy Easterhttps://lists.maine.edu/cgi-bin/wa?A2=JOEBOX-L;6774419.1109Update
https://lists.maine.edu/cgi-bin/wa?A2=JOEBOX-L;aac274f9.1109
We have a small software update for the Joebox to upgrade DNS and DHCP<br>services to new software. This is to resolve outstanding issues with<br>DNS sometimes crashing on the Joebox and backup DHCP services failing<br>to start for sites making use of public IP addressing.<br><br>Please take a moment and run the Software Update on your Joebox and<br>reboot when convenient.
2011-09-16T11:46:21-04:00Ray Soucyhttps://lists.maine.edu/cgi-bin/wa?A2=JOEBOX-L;aac274f9.1109Re: Question about some oddities
https://lists.maine.edu/cgi-bin/wa?A2=JOEBOX-L;917ce87b.1109
Took a quick look.<br><br>You do have a firewall rule dropping the majority of traffic for an IP<br>address (you can see it in the Firewall Log). The thing to keep in<br>mind, though, is that that filtering happens after traffic is<br>redirected to MECguard, so web traffic will work (but other traffic<br>will not). [...]
2011-09-13T12:03:41-04:00Ray Soucyhttps://lists.maine.edu/cgi-bin/wa?A2=JOEBOX-L;917ce87b.1109Re: Question about some oddities
https://lists.maine.edu/cgi-bin/wa?A2=JOEBOX-L;ebd228ed.1109
James,<br><br>A few thoughts about the three items you posted yesterday:<br><br>1. First sounds like a DHCP choice. We're using NetworkMaine to do DHCP.<br>One advantage of that is that when it does DHCP, it looks at the MAC<br>address, and if the MAC address is in the address table, it gives it the<br>matching IP address. I'm not sure if the JoeBox is the tool for the job<br>there. [...]
2011-09-13T10:59:38-04:00Vincent Vanierhttps://lists.maine.edu/cgi-bin/wa?A2=JOEBOX-L;ebd228ed.1109Question about some oddities
https://lists.maine.edu/cgi-bin/wa?A2=JOEBOX-L;fb4bf13c.1109
I am wondering if anyone has seen or has any information on any of the following issues my district has seen now that we are using the Joebox as our router/firewall/filter.<br><br>1. The old firewall that we were using, I was able to go into the firewall settings, and block a single IP address completely. We have had issues with students hard coding IPs into their personal devices, and using them on our network. I have in the past been able to trace the IP address to an unknown device(one that is NOT ours), then go to my old firewall(PFSense) [...]
2011-09-12T11:20:06-04:00James Jalberthttps://lists.maine.edu/cgi-bin/wa?A2=JOEBOX-L;fb4bf13c.1109Re: proxy list setting for mecguard
https://lists.maine.edu/cgi-bin/wa?A2=JOEBOX-L;b8476699.1106
I would think just by nature of going through MecGuard this type of<br>traffic would break anyway. MecGuard won't pass through content that<br>doesn't conform to HTTP from what I understand.<br><br>Can you give an example application?<br><br>If we can determine the protocol used, and it's encased within HTTP,<br>and it's going through MecGuard, we can probably block it with RTF, or<br>look into making a more intelligent filter. But we would need to be<br>able to know what pattern to look for, and it wouldn't work for<br>encrypted (SSL) traffic, as you can't inspect the content of SSL<br>without [...]
2011-06-30T16:59:12-04:00Ray Soucyhttps://lists.maine.edu/cgi-bin/wa?A2=JOEBOX-L;b8476699.1106Re: proxy list setting for mecguard
https://lists.maine.edu/cgi-bin/wa?A2=JOEBOX-L;f8c3944f.1106
"air-proxy.com" is one of the sites included in the proxy URL list<br>(even before the update). Are you making use of it?<br><br>I'd need to look into the Sonicwall thing; but from what I understand<br>Sonicwall does 100% of it's web filtering using databases, such as URL<br>lists; though I believe that Sonicwall recently moved to a model where<br>the database is hosted by them instead of on the Firewall to reduce<br>load on the appliance. [...]
2011-06-30T16:35:10-04:00Ray Soucyhttps://lists.maine.edu/cgi-bin/wa?A2=JOEBOX-L;f8c3944f.1106Re: proxy list setting for mecguard
https://lists.maine.edu/cgi-bin/wa?A2=JOEBOX-L;d7f38bc0.1106
On Thursday, June 30, 2011 at 4:28 PM, Eric R. Warren wrote:<br><br>> Kyle's idea is excellent, and has been implemented in the content filtering<br>> module built into Sonicwall firewalls. Just check off "Proxy/Avoidance<br>> Websites" and the device loads a big list of known proxies and starts<br>> blocking them. If you want to allow one, just whitelist it.<br>Actually, my idea goes a step farther and has the JoeBox actively determining if the remote host is an open proxy.
2011-06-30T16:35:10-04:00Kyle Greenhttps://lists.maine.edu/cgi-bin/wa?A2=JOEBOX-L;d7f38bc0.1106Re: proxy list setting for mecguard
https://lists.maine.edu/cgi-bin/wa?A2=JOEBOX-L;7076a04f.1106
It's sites like http://www.air-proxy.com that are causing issues for the<br>schools that I work at; sites that don't require browser configuration of<br>any kind. If you block one, the kids will find another one. It's just a<br>Google search away.<br><br>Kyle's idea is excellent, and has been implemented in the content filtering<br>module built into Sonicwall firewalls. Just check off "Proxy/Avoidance<br>Websites" and the device loads a big list of known proxies and starts<br>blocking them. If you want to allow one, just whitelist it. [...]
2011-06-30T16:28:31-04:00Eric R. Warrenhttps://lists.maine.edu/cgi-bin/wa?A2=JOEBOX-L;7076a04f.1106Re: proxy list setting for mecguard
https://lists.maine.edu/cgi-bin/wa?A2=JOEBOX-L;4b9e8346.1106
On Thursday, June 30, 2011 at 4:08 PM, Ray Soucy wrote:<br><br>> Are HTTP proxies (e.g. ones that require browser configuration) a<br>> common problem for you? Have you verified that they're using port 80<br>> and that MecGuard doesn't break them already? If it's not on port 80,<br>> then you might need to look at blocking traffic using Firewall rules.<br>I wouldn't say I spend hours a day dealing with them, but I know they've been used in the past. MECGuard might be dealing with most of them through the lists already, but those are rarely up-to-date. We're [...]
2011-06-30T16:21:33-04:00Kyle Greenhttps://lists.maine.edu/cgi-bin/wa?A2=JOEBOX-L;4b9e8346.1106Re: proxy list setting for mecguard
https://lists.maine.edu/cgi-bin/wa?A2=JOEBOX-L;e5722fdc.1106
It does seem to be better. Camolist.com still gets through.<br><br>i'm planning to try SSL filtering this fall. I haven't worked out the<br>details yet but I'd like to give this a shot. It seems like our best bet for<br>reliable filtering.<br><br>Thanks,<br>Seth<br><br>On Thu, Jun 30, 2011 at 1:47 PM, Ray Soucy <rps@maine.edu> wrote: [...]
2011-06-30T16:14:31-04:00Seth Thompsonhttps://lists.maine.edu/cgi-bin/wa?A2=JOEBOX-L;e5722fdc.1106Re: proxy list setting for mecguard
https://lists.maine.edu/cgi-bin/wa?A2=JOEBOX-L;8ea8e8fa.1106
Are HTTP proxies (e.g. ones that require browser configuration) a<br>common problem for you? Have you verified that they're using port 80<br>and that MecGuard doesn't break them already? If it's not on port 80,<br>then you might need to look at blocking traffic using Firewall rules.<br><br>Secondly, you reference a proxy allow list; can you provide an example<br>of a legitimate proxy? I can't think of one off the top of my head in<br>a K12 context. [...]
2011-06-30T16:08:53-04:00Ray Soucyhttps://lists.maine.edu/cgi-bin/wa?A2=JOEBOX-L;8ea8e8fa.1106Re: proxy list setting for mecguard
https://lists.maine.edu/cgi-bin/wa?A2=JOEBOX-L;6176e65a.1106
Not everything everything--I'm looking for whitelist/blacklist filtering for /proxies alone/ to be added.<br><br>In this scenario, every time JoeBox processes an outbound HTTP request (as determined by L7 filtering), it looks to see if the request is to a whitelisted proxy. If it is, it's allowed to proceed to the destination. [...]
2011-06-30T15:47:52-04:00Kyle Greenhttps://lists.maine.edu/cgi-bin/wa?A2=JOEBOX-L;6176e65a.1106Re: proxy list setting for mecguard
https://lists.maine.edu/cgi-bin/wa?A2=JOEBOX-L;920ca851.1106
I'm not exactly clear on what you're asking.<br><br>Are you suggesting that we block everything by default and only use<br>allow lists to permit access?<br><br>You can effectively do this by placing a "." on a line by itself in<br>your global block list, then creating entries for the sites you want<br>to allow in your allow list. [...]
2011-06-30T15:15:00-04:00Ray Soucyhttps://lists.maine.edu/cgi-bin/wa?A2=JOEBOX-L;920ca851.1106Re: proxy list setting for mecguard
https://lists.maine.edu/cgi-bin/wa?A2=JOEBOX-L;25535004.1106
It'd be nice if the JoeBox to be configured such that we can whitelist<br>acceptable proxies (for legitimate uses of squid or dansguardian or<br>whatever), and then it checks every further HTTP request to see if<br>it's an open proxy (and caches the result for a day or so).<br><br>Can that get put on the feature wish list? It just seems to me that<br>relying on set blacklists for this is going to result in us<br>perpetually being three steps behind. [...]
2011-06-30T14:00:59-04:00Kyle Greenhttps://lists.maine.edu/cgi-bin/wa?A2=JOEBOX-L;25535004.1106Re: proxy list setting for mecguard
https://lists.maine.edu/cgi-bin/wa?A2=JOEBOX-L;dc68b2a9.1106
Seth,<br><br>I contacted MecNet to see if they could look at additional sources for<br>their URL lists, and they have made an update. I've applied the<br>update on your Joebox (the rest of users will get the update<br>overnight).<br><br>Do you notice any change? Or is it still letting most through?<br><br>On Thu, Jun 30, 2011 at 7:47 AM, Seth Thompson <thompsons@rsu5.org> wrote:<br>> I have this enabled and the majority of proxies are still available.<br>> Seth<br>><br>> On Mon, Jun 27, 2011 at 2:14 PM, Ray Soucy <rps@maine.edu> wrote:<br>>><br>>> "Sites with proxies to bypass filters" [...]
2011-06-30T13:47:15-04:00Ray Soucyhttps://lists.maine.edu/cgi-bin/wa?A2=JOEBOX-L;dc68b2a9.1106Re: proxies
https://lists.maine.edu/cgi-bin/wa?A2=JOEBOX-L;577bacef.1106
Thanks Ray, when you check the proxy box and then check the details, there is a list of proxies that it blocks. Do you know where that list comes from? I guess what I'm asking is, is it a regularly maintained/updated list by a third party? If so, who and how often? If not, what could we do to get to a list that is updated regularly? Thanks,,Ed [...]
2011-06-30T10:23:09-04:00Ed Bourdeauhttps://lists.maine.edu/cgi-bin/wa?A2=JOEBOX-L;577bacef.1106Re: proxy list setting for mecguard
https://lists.maine.edu/cgi-bin/wa?A2=JOEBOX-L;a8fbaf25.1106
I have this enabled and the majority of proxies are still available.<br><br>Seth<br><br>On Mon, Jun 27, 2011 at 2:14 PM, Ray Soucy <rps@maine.edu> wrote:<br><br>> "Sites with proxies to bypass filters" would be the MECguard category.<br>> Have you tried enabling this for your group filter lists? I'm not<br>> sure how comprehensive the list is...<br>><br>> On Mon, Jun 27, 2011 at 1:48 PM, Ed Bourdeau<br>> <ebourdeau@erskineacademy.org> wrote:<br>> > Overall I am very happy with the JoeBox/MecGuard setup. My number 1<br>> input<br>> > for future change is that you add a Proxy settings [...]
2011-06-30T07:47:52-04:00Seth Thompsonhttps://lists.maine.edu/cgi-bin/wa?A2=JOEBOX-L;a8fbaf25.1106Re: proxies
https://lists.maine.edu/cgi-bin/wa?A2=JOEBOX-L;fe512bd1.1106
Sorry for the X-Post. Want to make sure we catch everyone.<br><br>If you're a Joebox user and not on the Joebox List drop a note to<br>support@maine.edu to get added.<br><br>A lot of confusion around MecGuard (the web filter on the Joebox).<br><br>From what I've seen to date, it seems that the vast majority of<br>problems with MecGuard come down to two issues: [...]
2011-06-29T14:21:51-04:00Ray Soucyhttps://lists.maine.edu/cgi-bin/wa?A2=JOEBOX-L;fe512bd1.1106Re: proxy list setting for mecguard
https://lists.maine.edu/cgi-bin/wa?A2=JOEBOX-L;ca46e0cd.1106
"Sites with proxies to bypass filters" would be the MECguard category.<br>Have you tried enabling this for your group filter lists? I'm not<br>sure how comprehensive the list is...<br><br>On Mon, Jun 27, 2011 at 1:48 PM, Ed Bourdeau<br><ebourdeau@erskineacademy.org> wrote:<br>> Overall I am very happy with the JoeBox/MecGuard setup. My number 1 input<br>> for future change is that you add a Proxy settings option to MecGuard. By<br>> this I mean a more automated method to block proxies. If you could check a<br>> box, and have your choice of black lists that you could subscribe to [...]
2011-06-27T14:14:23-04:00Ray Soucyhttps://lists.maine.edu/cgi-bin/wa?A2=JOEBOX-L;ca46e0cd.1106proxy list setting for mecguard
https://lists.maine.edu/cgi-bin/wa?A2=JOEBOX-L;af8fb9f7.1106
Overall I am very happy with the JoeBox/MecGuard setup. My number 1<br>input for future change is that you add a Proxy settings option to<br>MecGuard. By this I mean a more automated method to block proxies. If<br>you could check a box, and have your choice of black lists that you<br>could subscribe to this would make the filtering much more manageable.<br>Right now this is my #1 hole. [...]
2011-06-27T13:48:58-04:00Ed Bourdeauhttps://lists.maine.edu/cgi-bin/wa?A2=JOEBOX-L;af8fb9f7.1106Are you using MECguard SSL?
https://lists.maine.edu/cgi-bin/wa?A2=JOEBOX-L;11356b3c.1106
I would be interested in finding out how many of you are making use of<br>the proxy-server MECguard SSL method for HTTPS filtering.<br><br>If you're using it please drop me a note.
2011-06-21T15:35:54-04:00Ray Soucyhttps://lists.maine.edu/cgi-bin/wa?A2=JOEBOX-L;11356b3c.1106Joebox Software Update
https://lists.maine.edu/cgi-bin/wa?A2=JOEBOX-L;ca499ca3.1106
Two new Joebox updates are available using the Software Update tool.<br><br>mecguard_maine 12.4<br>webgui_maine 12.3<br><br>Please update these at your convenience.<br><br>mecguard_maine 12.4<br>* Fixed a bug where URL filtering was case sensitive; A block for<br>Boston.com wouldn't catch boston.com.<br>* Workaround for a problem with X-Forwarded-For HTTP headers and CDN<br>load balancers; MECguard wil no longer provide X-Forwarded-For<br>headers. [...]
2011-06-21T11:00:15-04:00Ray Soucyhttps://lists.maine.edu/cgi-bin/wa?A2=JOEBOX-L;ca499ca3.1106Safari Bug with MECguard SSL
https://lists.maine.edu/cgi-bin/wa?A2=JOEBOX-L;c0601cf5.1106
Freeport HS discovered an odd bug with Safari not blocking HTTPS sites<br>under the following conditions:<br><br>1. System is configured to automatically detect proxy settings using<br>WPAD or manually configured to use a WPAD script.<br>2. Force MECguard SSL is not checked<br><br>The issue was hard to track down because the HTTPS requests will get<br>logged by MECguard as blocked, but go through fine on the host. [...]
2011-06-02T13:04:00-04:00Ray Soucyhttps://lists.maine.edu/cgi-bin/wa?A2=JOEBOX-L;c0601cf5.1106Re: MECguard Update
https://lists.maine.edu/cgi-bin/wa?A2=JOEBOX-L;279c0a75.1105
I'm also seeing an issue where JoeBox RTF filtering breaks some<br>streaming services (like Netflix).<br><br>The first chunk loads fine, but subsequent chunks are blocked by the<br>RTF. I've whitelisted the CDN for right now, but it'd be nice to know<br>why this is happening and if there's a way to adjust the RTF's<br>heuristics. [...]
2011-05-26T15:50:00-04:00Kyle Greenhttps://lists.maine.edu/cgi-bin/wa?A2=JOEBOX-L;279c0a75.1105MECguard Update
https://lists.maine.edu/cgi-bin/wa?A2=JOEBOX-L;339b39d1.1105
All,<br><br>We have found an issue with some CDN (Content Delivery Network)<br>provides when X-Forwarded-For headers are included (as is done with<br>most proxy servers, including Bess) for private (RFC 1918) IP<br>addresses. The CDNs in question would see the RFC 1918 address and<br>default to directing traffic to data-centers that are often not the<br>closest or fastest for content. [...]
2011-05-26T15:26:44-04:00Ray Soucyhttps://lists.maine.edu/cgi-bin/wa?A2=JOEBOX-L;339b39d1.1105Re: Can't load Google doc presentations
https://lists.maine.edu/cgi-bin/wa?A2=JOEBOX-L;2af71525.1105
Working fine on our network as well.<br><br>Tim Levesque<br>MCP, A+, NET+<br>Technology Director<br>Easton School Department<br>207-488-7702 ext 18<br>www.eastonschooldistrict.org<br><br>On May 4, 2011, at 7:08 AM, William Lowell wrote:<br><br>> google presentations and all of google docs is working fine here. Ran a google presentation yesterday in class in fact.<br>><br>> Bill<br>><br>> On Tue, May 3, 2011 at 8:45 PM, Eric R. Warren <eric@greenmarkit.com> wrote:<br>> Hello,<br>><br>> Has anyone experienced any problems loading a Google Docs presentation after the last Joebox update? All we can get is a blank white screen, doesn’t matter [...]
2011-05-04T07:43:15-04:00Tim Levesquehttps://lists.maine.edu/cgi-bin/wa?A2=JOEBOX-L;2af71525.1105