http://www.lsoft.com/images/listserv_64x64.pnghttp://www.lsoft.com/images/listserv_64x64.pngJOEBOX-L ListJOEBOX-L List Archiveshttps://lists.maine.edu/cgi-bin/wa?RSS&L=JOEBOX-L&v=ATOM1.0
This is an Atom-formatted XML feed. It is intended to be viewed in a newsreader. Alternatively, you can view the web archives at: https://lists.maine.edu/cgi-bin/wa?A0=JOEBOX-L.
LISTSERV 17.02024-03-19T01:53:14ZRick Lange2015-06-01T08:26:54-04:002015-06-01T08:26:54-04:00Re: Joebox sunsethttps://lists.maine.edu/cgi-bin/wa?A2=JOEBOX-L;6cc2e127.1506Hi Andrew,<br>We currently have a Joebox in place at Lake Region High School, so if you<br>have not already done so, I would like to have us added to the list to<br>upgrade to an Edgerouter. We also use VPN tunneling from our elementary<br>schools into the HS, and a handful of employee's use a VPN client to<br>connect to the HS LAN. So any information you can send me on OpenVPN would<br>be helpful. [...] Networkmaine2015-05-26T14:02:32-04:002015-05-26T14:02:32-04:00Joebox sunsethttps://lists.maine.edu/cgi-bin/wa?A2=JOEBOX-L;ae8a5fbf.1505Technical Coordinators,<br><br>Please note: if your school or library does **not** currently have a Joebox<br>as your MSLN-provided router, you may disregard the remainder of this<br>message. Otherwise, please read.<br><br>As you are aware from our previous communication on this topic, the Joebox<br>devices are no longer being supported by the manufacturer, and are<br>therefore no longer receiving software updates. In the past this has meant<br>that the MECguard filtering service unique to the Joebox has become<br>unsupportable, though the other functionality continued to be reliable and<br>usable. However, as we continue in to another year with no software<br>updates, [...]Richard Foisy2014-09-17T15:44:41-04:002014-09-17T15:44:41-04:00Re: DOE Data Warehouse timeout issuehttps://lists.maine.edu/cgi-bin/wa?A2=JOEBOX-L;e840d68.1409Is this something you can do for me. I am swamped at the moment?<br>Thanks much.<br>Rich<br><br>Original msg<br>========<br><br>Joebox users,<br><br>There is a known issue that causes login timeout issues with the DOE's<br>data warehouse web site for users going through MECguard. The solution<br>to this issue is to create web filter rules on the Joebox to allow traffic<br>to this site to bypass MECguard. Web filter rules are created by going<br>to Network->Firewall->Web filter on the Joebox. There is more than one<br>way to create web filter rules to accomplish the same result, however one<br>method that [...]Networkmaine2014-09-17T15:37:48-04:002014-09-17T15:37:48-04:00DOE Data Warehouse timeout issuehttps://lists.maine.edu/cgi-bin/wa?A2=JOEBOX-L;7a98c837.1409Joebox users,<br><br>There is a known issue that causes login timeout issues with the DOE's data<br>warehouse web site for users going through MECguard. The solution to this<br>issue is to create web filter rules on the Joebox to allow traffic to this<br>site to bypass MECguard. Web filter rules are created by going to<br>Network->Firewall->Web filter on the Joebox. There is more than one way to<br>create web filter rules to accomplish the same result, however one method<br>that will work is to make rules matching this example: [...]Networkmaine2014-08-12T17:01:15-04:002014-08-12T17:01:15-04:00Re: MECguard support is now limitedhttps://lists.maine.edu/cgi-bin/wa?A2=JOEBOX-L;16e7cd8e.1408Chris,<br>OpenDNS will work on any of the routers we provide, it is not device<br>specific. The only thing that would need to be changed in order to use<br>OpenDNS would be the DNS servers that your devices look to.<br><br>If you currently use our DNS servers(130.111.32.11 and 130.111.130.7), then<br>you would just need to tell your dhcp server to hand out OpenDNS's<br>servers(208.67.222.222 and 208.67.220.220). [...]Chris Murchison2014-08-12T16:13:20-04:002014-08-12T16:13:20-04:00Re: MECguard support is now limitedhttps://lists.maine.edu/cgi-bin/wa?A2=JOEBOX-L;77e8edad.1408Hello<br>I was wondering, will OpenDNS work on the same box that is currently in our<br>district, or will we need to acquire another device?<br><br>Thanks<br>Chris<br><br>On Thu, Aug 7, 2014 at 5:25 PM, Networkmaine <support@maine.edu> wrote:<br><br>> Good afternoon,<br>><br>> This correspondence is directed to Joebox users who are making use of the<br>> MECguard filter on the Joebox; other recipients may disregard.<br>><br>> Several months ago we notified MECguard SSL (MECguard for secure/HTTPS<br>> connections) users that that software product was no longer supported by<br>> the original software vendor, and while it was still [...]Networkmaine2014-08-07T17:25:58-04:002014-08-07T17:25:58-04:00MECguard support is now limitedhttps://lists.maine.edu/cgi-bin/wa?A2=JOEBOX-L;de53d7ad.1408Good afternoon,<br><br>This correspondence is directed to Joebox users who are making use of the<br>MECguard filter on the Joebox; other recipients may disregard.<br><br>Several months ago we notified MECguard SSL (MECguard for secure/HTTPS<br>connections) users that that software product was no longer supported by<br>the original software vendor, and while it was still available for use we<br>would only be able to support it on a "best effort" basis, and could not<br>guarantee that it would perform as originally intended or meet the<br>expectations of users. [...]Networkmaine2013-09-18T09:01:37-04:002013-09-18T09:01:37-04:00Recent Joebox MECguard problemshttps://lists.maine.edu/cgi-bin/wa?A2=JOEBOX-L;1724366e.1309Good morning Joebox MECguard users,<br><br>Many of you experienced web connection problems this morning, as there<br>was a recurrence of a problem we have seen a couple times now in the<br>past few weeks. The cause appears to be a longstanding issue that has<br>yet to be fully isolated by MECnet, and to date there is no official<br>solution. The symptoms of the issue are that suddenly, shortly after<br>midnight, web traffic ceases to pass on the network, although<br>everything else continues to work (i.e. pings, DNS, ftp, telnet, etc).<br>In most cases HTTPS connections continue to work as well, [...] Zachery Schiller2013-06-07T11:49:51-04:002013-06-07T11:49:51-04:00Re: HTTPS filteringhttps://lists.maine.edu/cgi-bin/wa?A2=JOEBOX-L;2c80f203.1306Great. Thank you very much for doing that.<br><br>On Fri, Jun 7, 2013 at 11:31 AM, Ray Soucy <rps@maine.edu> wrote:<br><br>> Judy, Zach: I've updated your email addresses for the list.<br>><br>> James:<br>><br>> If this is the JB at Caribou HS, I noticed you didn't have the most<br>> recent packages installed. The NOC has upgraded your JB and you can<br>> reboot when convenient. The new SSL filtering shouldn't have a<br>> problem with the sites you described.<br>><br>> I see that you have a few items in your global block list that might<br>> [...] Ray Soucy2013-06-07T11:31:59-04:002013-06-07T11:31:59-04:00Re: HTTPS filteringhttps://lists.maine.edu/cgi-bin/wa?A2=JOEBOX-L;8ba3965c.1306Judy, Zach: I've updated your email addresses for the list.<br><br>James:<br><br>If this is the JB at Caribou HS, I noticed you didn't have the most<br>recent packages installed. The NOC has upgraded your JB and you can<br>reboot when convenient. The new SSL filtering shouldn't have a<br>problem with the sites you described.<br><br>I see that you have a few items in your global block list that might<br>have been catching these sites. Once you update you can give the NOC<br>a call and have them take a look if the block is still happening. [...] Zachery Schiller2013-06-07T07:06:38-04:002013-06-07T07:06:38-04:00Re: HTTPS filteringhttps://lists.maine.edu/cgi-bin/wa?A2=JOEBOX-L;27143092.1306Full message available at: <a href="https://lists.maine.edu/cgi-bin/wa?A2=JOEBOX-L;27143092.1306">Re: HTTPS filtering</a>Judy Dorr2013-06-07T07:06:10-04:002013-06-07T07:06:10-04:00Re: HTTPS filteringhttps://lists.maine.edu/cgi-bin/wa?A2=JOEBOX-L;8c8fa2e5.1306As of May 15, 2013 this address will no longer be active. I am now<br>receiving my teaching/professional mail at jdorr@csd3-bres.org and my<br>personal mail at memorgan@gwi.net. Please update your address books and<br>contact lists.James Jalbert2013-06-07T07:03:54-04:002013-06-07T07:03:54-04:00HTTPS filteringhttps://lists.maine.edu/cgi-bin/wa?A2=JOEBOX-L;b95c1024.1306Has anybody enable the force SSL filtering in the new JoeBox update. We just went through to do a test, and here is what happened, just wondering if anyone can point me to what I may have done wrong.<br>Generated the Certificate Authority on the JoeBox<br>Downloaded the certificate to a Windows and Mac machines<br>Enabled Force SSL on the group<br>Went to an SSL site(Norstate Credit Union) and it got blocked(odd cause it is not blocked with SSL filtering off), but was fine after an over ride account was used<br>Went to capitalone site and it was fine.<br>Added [...] richard trusz2013-04-09T10:25:42-04:002013-04-09T10:25:42-04:00Re: Joebox upgrade windowshttps://lists.maine.edu/cgi-bin/wa?A2=JOEBOX-L;a04cadd7.1304Andrew,<br><br>I plan to be on-site on April 26.<br><br>Richard<br><br>> Date: Tue, 9 Apr 2013 09:52:09 -0400<br>> From: awhenry@MAINE.EDU<br>> Subject: Re: Joebox upgrade windows<br>> To: JOEBOX-L@LISTS.MAINE.EDU<br>><br>> Just as an addendum to this, I wanted to note that we advise you be<br>> on-site if possible during the upgrade, or at least be available to go to<br>> the site. We have very rarely encountered an issue where the Joebox does<br>> not reboot properly after the upgrade, and in that case it needs to be<br>> power cycled to correct the problem. Additionally, although [...] Andrew Henry2013-04-09T09:52:09-04:002013-04-09T09:52:09-04:00Re: Joebox upgrade windowshttps://lists.maine.edu/cgi-bin/wa?A2=JOEBOX-L;338daba.1304Just as an addendum to this, I wanted to note that we advise you be<br>on-site if possible during the upgrade, or at least be available to go to<br>the site. We have very rarely encountered an issue where the Joebox does<br>not reboot properly after the upgrade, and in that case it needs to be<br>power cycled to correct the problem. Additionally, although we have not<br>yet experienced any problems with this, it is advisable to test things<br>behind the Joebox after the upgrade to make sure everything continues to<br>work as expected, just to avoid an unhappy surprise [...] richard trusz2013-04-09T07:04:22-04:002013-04-09T07:04:22-04:00Re: Joebox upgrade windowshttps://lists.maine.edu/cgi-bin/wa?A2=JOEBOX-L;ac7aaa3.1304Good morning Andrew,<br><br>We would like to have the new software upgrade loaded onto our Joebox.<br>Because of school vacation and various other needs of our staff,<br>the first day available would be on Friday, April 26, 2013 at 3 PM.<br><br>We hope that day will be satisfactory for you.<br>Thank you for your swift reply to our issue. [...] Ray Soucy2013-04-08T16:08:55-04:002013-04-08T16:08:55-04:00Re: Joebox update notes - version 15https://lists.maine.edu/cgi-bin/wa?A2=JOEBOX-L;9fadba8e.1304Yes, we now consider 15 the production release and recommend an upgrade.<br><br>On Mon, Apr 8, 2013 at 3:54 PM, John Armentrout <jarmentrout@kidsrsu.org>wrote:<br><br>> ** **<br>> So... Andrew, does this mean that the software is out of beta? Was there<br>> a change or edits since our beta release was installed two weeks ago? It<br>> seems to be running fine by the way, and fixed our 404 errors.<br>><br>> John<br>><br>><br>> John Armentrout<br>> KIDSRSU.org<br>> Voice: 207.622.6351 x421<br>> Cell: 207.441.3198<br>> Fax: 207.622.7866<br>> Skype: johnarmentrout<br>> YahooIM: john.armentrout<br>> .mac iChat: johnarmentrout@mac.com<br> [...] John Armentrout2013-04-08T15:54:18-04:002013-04-08T15:54:18-04:00Re: Joebox update notes - version 15https://lists.maine.edu/cgi-bin/wa?A2=JOEBOX-L;5b06298b.1304So... Andrew, does this mean that the software is out of beta? Was there<br>a change or edits since our beta release was installed two weeks ago? It<br>seems to be running fine by the way, and fixed our 404 errors.<br><br>John<br><br>John Armentrout<br>KIDSRSU.org<br>Voice: 207.622.6351 x421<br>Cell: 207.441.3198<br>Fax: 207.622.7866<br>Skype: johnarmentrout<br>YahooIM: john.armentrout<br>.mac iChat: johnarmentrout@mac.com<br><br>Joebox User <JOEBOX-L@LISTS.MAINE.EDU> writes:<br>>Andrew,<br>><br>>May we schedule Madawaska Middle/High's Joebox to be upgraded after<br>>school (3pm) on Thursday? <br>><br>>Vincent Vanier, Technology Coordinator<br>>Madawaska School Department<br>>[ mailto:vince@madawaskaschools.org ]vince@madawaskaschools.org<br>>(207)728-3371x408<br>><br>><br>><br>>On Mon, Apr 8, 2013 at [...] Vincent Vanier2013-04-08T14:39:54-04:002013-04-08T14:39:54-04:00Re: Joebox update notes - version 15https://lists.maine.edu/cgi-bin/wa?A2=JOEBOX-L;f6fdd5fc.1304Andrew,<br><br>May we schedule Madawaska Middle/High's Joebox to be upgraded after school<br>(3pm) on Thursday?<br><br>Vincent Vanier, Technology Coordinator<br>Madawaska School Department<br>vince@madawaskaschools.org<br>(207)728-3371x408<br><br>On Mon, Apr 8, 2013 at 11:03 AM, Andrew Henry <awhenry@maine.edu> wrote:<br><br>> A few people have asked for details on what the new upgrade contains. I<br>> had thought there was a post on this list in the past covering that,<br>> however looking back I didn't find one so I'll cover it here. The<br>> majority of changes center around MECguard, the web filtering component.<br>> This is a significant overhaul of that software, [...] Andrew Henry2013-04-08T11:03:31-04:002013-04-08T11:03:31-04:00Joebox update notes - version 15https://lists.maine.edu/cgi-bin/wa?A2=JOEBOX-L;b54dbbba.1304A few people have asked for details on what the new upgrade contains. I<br>had thought there was a post on this list in the past covering that,<br>however looking back I didn't find one so I'll cover it here. The<br>majority of changes center around MECguard, the web filtering component.<br>This is a significant overhaul of that software, and the way HTTPS<br>filtering is handled is vastly improved, among other changes. Details of<br>the changes to that component are available here:<br>http://www.networkmaine.net/msln/joebox/MECguard_SSL-15.0.pdf. In<br>addition to the MECguard improvements, there are some kernel-level changes<br>to improve performance for high-bandwidth and [...] Eric R. Warren2013-04-05T21:38:59+00:002013-04-05T21:38:59+00:00Re: Joebox upgrade windowshttps://lists.maine.edu/cgi-bin/wa?A2=JOEBOX-L;6295039.1304A couple of schools that I work with have found the Firefox/Chrome plugin called "stealthy", and it's creating some havoc. I<br><br>Eric R. Warren<br>207-764-1834 x.7010<br><br>On Apr 5, 2013, at 5:14 PM, "Andrew Henry" <awhenry@MAINE.EDU> wrote:<br><br>> As has been discussed on this list before, there is a new version of the<br>> Joebox software that has been in limited testing. Several sites have been<br>> using the new version successfully now, and we are ready to make it<br>> available for all interested sites. We have reserved some regular time<br>> windows that we can do these upgrades [...] Vincent Vanier2013-04-05T17:30:09-04:002013-04-05T17:30:09-04:00Re: Joebox upgrade windowshttps://lists.maine.edu/cgi-bin/wa?A2=JOEBOX-L;4c770918.1304What does the upgrade give us? We may be interested.<br><br>Vincent Vanier<br>Madawaska School Department<br>On Apr 5, 2013 5:14 PM, "Andrew Henry" <awhenry@maine.edu> wrote:<br><br>> As has been discussed on this list before, there is a new version of the<br>> Joebox software that has been in limited testing. Several sites have been<br>> using the new version successfully now, and we are ready to make it<br>> available for all interested sites. We have reserved some regular time<br>> windows that we can do these upgrades in:<br>><br>> Wednesdays: 3PM to 5PM<br>> Fridays: 3PM to 5PM<br> [...] Andrew Henry2013-04-05T17:01:17-04:002013-04-05T17:01:17-04:00Joebox upgrade windowshttps://lists.maine.edu/cgi-bin/wa?A2=JOEBOX-L;6ac1c30d.1304As has been discussed on this list before, there is a new version of the<br>Joebox software that has been in limited testing. Several sites have been<br>using the new version successfully now, and we are ready to make it<br>available for all interested sites. We have reserved some regular time<br>windows that we can do these upgrades in: [...] Chris Murchison2013-01-09T11:32:19-05:002013-01-09T11:32:19-05:00{Disarmed} Re: Additional Facebook Networkshttps://lists.maine.edu/cgi-bin/wa?A2=JOEBOX-L;f707a2fe.1301Thank you very much for the update, greatly appreciated.<br><br>On Wed, Jan 9, 2013 at 11:29 AM, Networkmaine <support@maine.edu> wrote:<br><br>> For those of you using the Joebox firewall to block Facebook, here are<br>> some additional networks you might need to add:<br>><br>> 31.13.24.0/21<br>> 31.13.64.0/18<br>> 103.4.96.0/22<br>><br>><br>> Our current Facebook network list is now<br>> 103.4.96.0/22<br>> 173.252.64.0/18<br>> 204.15.20.0/22<br>> 31.13.24.0/21<br>> 31.13.64.0/18<br>> 66.220.144.0/20<br>> 69.171.224.0/19<br>> 69.63.176.0/20<br>> 74.119.76.0/22<br>><br>> JasonM<br>> Networkmaine NOC<br>> University of Maine System<br>> Maine School and Library Network<br>> (207) 561-3587<br>> support@maine.edu<br> [...] Networkmaine2013-01-09T11:29:25-05:002013-01-09T11:29:25-05:00Additional Facebook Networkshttps://lists.maine.edu/cgi-bin/wa?A2=JOEBOX-L;44faf6f8.1301For those of you using the Joebox firewall to block Facebook, here are<br>some additional networks you might need to add:<br><br>31.13.24.0/21<br>31.13.64.0/18<br>103.4.96.0/22<br><br>Our current Facebook network list is now<br>103.4.96.0/22<br>173.252.64.0/18<br>204.15.20.0/22<br>31.13.24.0/21<br>31.13.64.0/18<br>66.220.144.0/20<br>69.171.224.0/19<br>69.63.176.0/20<br>74.119.76.0/22<br><br>JasonM<br>Networkmaine NOC<br>University of Maine System<br>Maine School and Library Network<br>(207) 561-3587<br>support@maine.edu Beric Deane2012-12-14T12:47:58-05:002012-12-14T12:47:58-05:00Re: Transparent HTTPS Filtering Trialshttps://lists.maine.edu/cgi-bin/wa?A2=JOEBOX-L;435fa582.1212Full message available at: <a href="https://lists.maine.edu/cgi-bin/wa?A2=JOEBOX-L;435fa582.1212">Re: Transparent HTTPS Filtering Trials</a>Eugene Blake2012-12-12T12:39:29-05:002012-12-12T12:39:29-05:00Re: Transparent HTTPS Filtering Trialshttps://lists.maine.edu/cgi-bin/wa?A2=JOEBOX-L;dfb71a2a.1212Ray,<br><br>Jonesport-Beals High School would like to be updated. Our x-mas break is<br>December 24 - 31.<br><br>Thank You,<br><br>Eugene Blake<br>Technology Coordinator<br>MCSD 917/SU 103<br>Jonesport, ME 04649<br>207.497.5454<br><br>-----Original Message-----<br>From: Joebox User [mailto:JOEBOX-L@LISTS.MAINE.EDU] On Behalf Of Ray Soucy<br>Sent: Wednesday, December 12, 2012 12:26 PM<br>To: JOEBOX-L@LISTS.MAINE.EDU<br>Subject: Re: Transparent HTTPS Filtering Trials<br><br>It took us the majority of November working with MECnet to resolve some<br>issues keeping us from testing in production. [...] Ray Soucy2012-12-12T12:26:16-05:002012-12-12T12:26:16-05:00Re: Transparent HTTPS Filtering Trialshttps://lists.maine.edu/cgi-bin/wa?A2=JOEBOX-L;12f0583.1212It took us the majority of November working with MECnet to resolve<br>some issues keeping us from testing in production.<br><br>Sorry for the delay on that.<br><br>The good news is that we appear to have a stable release now, so if<br>there are sites looking to upgrade over holiday breaks please let us<br>know.<br><br>A short PDF explaining the changes to MECguard and an idea of<br>what to expect is available on the web at: [...] Ray Soucy2012-11-30T13:25:41-05:002012-11-30T13:25:41-05:00Software Updatehttps://lists.maine.edu/cgi-bin/wa?A2=JOEBOX-L;92dec2a8.1211A quick note about updates that now show on the software update page:<br><br>Two minor software updates have been posted for Joebox 12 users:<br><br>xorp_maine 12.1<br>netttools 12.1<br><br>These updates are minor and optional.<br><br>The upgrade to XORP is a migration to the newer version of the routing<br>engine that will be used in the next major release. It resolves a rare<br>OSPF timer bug which only affects intradistrict MSLN networks (all schools<br>connecting through a Joebox). [...] Ray Soucy2012-11-06T09:28:37-05:002012-11-06T09:28:37-05:00Re: Transparent HTTPS Filtering Trialshttps://lists.maine.edu/cgi-bin/wa?A2=JOEBOX-L;f8f8de23.1211Sorry for the delay,<br><br>No, you can't buy an SSL cert for this. The Joebox is using a<br>certificate authority and generating certificates on the fly that are<br>signed by that authority.<br><br>On Thu, Nov 1, 2012 at 5:11 PM, Eric Chellis <e.chellis@msad60.org> wrote:<br>> If this option pans out to work as it should, could we buy an SSL cert for<br>> the joebox so we wouldn't have to install the private one on every computer?<br>><br>> Eric Chellis<br>><br>> Network Manager<br>> MSAD #60<br>><br>> 388 Somersworth Rd.<br>><br>> North Berwick, ME 03906<br>><br> [...] Lori Faulkner2012-11-02T12:01:00-04:002012-11-02T12:01:00-04:00Re: Transparent HTTPS Filtering Trialshttps://lists.maine.edu/cgi-bin/wa?A2=JOEBOX-L;e8190429.1211Ray,<br>I have not played in the Joe Box a whole lot. But right now are we able to<br>block https traffic? If so can you remind me how to do that?<br>Thanks<br>Lori<br><br>Keep the faith; its all about the climb!<br>征馬辰漫征馬辰漫征馬辰漫征馬辰漫征馬辰漫征馬辰漫<br>Lori Faulkner<br>Technology Director<br>(207) 453-4200 ext. 2219<br>School Administrative District #49<br>mailto: lfaulkner@msad49.org<br>-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=<br><br>-----Original Message-----<br>From: Joebox User [mailto:JOEBOX-L@LISTS.MAINE.EDU] On Behalf Of Ray Soucy<br>Sent: Thursday, October 25, 2012 11:48 AM<br>To: JOEBOX-L@LISTS.MAINE.EDU<br>Subject: Re: Transparent HTTPS Filtering Trials [...] Eric Chellis2012-11-01T17:11:34-04:002012-11-01T17:11:34-04:00Re: Transparent HTTPS Filtering Trialshttps://lists.maine.edu/cgi-bin/wa?A2=JOEBOX-L;8770b48d.1211If this option pans out to work as it should, could we buy an SSL cert for<br>the joebox so we wouldn't have to install the private one on every computer?<br><br>Eric Chellis<br><br>Network Manager<br>MSAD #60<br><br>388 Somersworth Rd.<br><br>North Berwick, ME 03906<br><br>207.676.2234 x302 (Voice)<br>207.451.3296 (Cell)<br><br>On Thu, Oct 25, 2012 at 11:47 AM, Ray Soucy <rps@maine.edu> wrote: [...] Ray Soucy2012-10-25T11:47:44-04:002012-10-25T11:47:44-04:00Re: Transparent HTTPS Filtering Trialshttps://lists.maine.edu/cgi-bin/wa?A2=JOEBOX-L;e333a93e.1210Thanks to all those who responded on- and off-list.<br><br>We will be only testing with 1 or 2 sites for the first week, but if<br>everything looks good we will expand to those interested.<br><br>On Thu, Oct 25, 2012 at 11:29 AM, Judy Dorr <jdorr@csd3.org> wrote:<br>> Hi Ray, we would be interested in being a volunteer site.<br>><br>><br>> Judy Dorr<br>> K-8 Technology Coordinator<br>> Boothbay Region Elementary School<br>> jdorr@csd3.org<br>> (207)633-5097<br>> "Computer tech people: We don't believe in miracles, we rely upon them."<br>> This email and any files transmitted with it are confidential [...] Judy Dorr2012-10-25T11:29:36-04:002012-10-25T11:29:36-04:00Re: Transparent HTTPS Filtering Trialshttps://lists.maine.edu/cgi-bin/wa?A2=JOEBOX-L;87d85fe2.1210Hi Ray, we would be interested in being a volunteer site.<br><br>Judy Dorr<br>K-8 Technology Coordinator<br>Boothbay Region Elementary School<br>jdorr@csd3.org<br>(207)633-5097<br>"Computer tech people: We don't believe in miracles, we rely upon them."<br>This email and any files transmitted with it are confidential and<br>intended solely for the use of the individual or entity to which they are<br>addressed. If you have received this email in error please notify the<br>sender immediately and promptly destroy the email. Please note that any<br>views do not necessarily represent those of Boothbay Region Elementary<br>School. Finally, the recipient should check this email [...] Ray Soucy2012-10-25T11:24:15-04:002012-10-25T11:24:15-04:00Re: Transparent HTTPS Filtering Trialshttps://lists.maine.edu/cgi-bin/wa?A2=JOEBOX-L;8cea0a8.1210The Joebox does not have configurable local DNS. We do provide a<br>state-wide OpenDNS license for DNS-based filtering as an alternative<br>to the Joebox, though.<br><br>On Thu, Oct 25, 2012 at 10:17 AM, Swift, Randy <randy.swift@rsu52.us> wrote:<br>> I do not use the joebox for filtering/firewall. I am curious as to if the<br>> joebox has dns forwarding cababilities? In my firewall I just dns forward<br>> facebook.com to 10.1.0.0 and they cannot get to facebook using http or<br>> https. Thanks<br>><br>> On Thu, Oct 25, 2012 at 8:22 AM, Rick Lange<br>> <rick.lange@lakeregionschools.org> wrote:<br>>><br>>> Hi [...] Lori Faulkner2012-10-25T10:24:30-04:002012-10-25T10:24:30-04:00Re: Transparent HTTPS Filtering Trialshttps://lists.maine.edu/cgi-bin/wa?A2=JOEBOX-L;f7c02e42.1210I am also thinking like Ray. I would like to find a way to implement some<br>filtering on the mlti laptops that give them the same restrictions at home<br>that they have here at school. I think it is coming to the point that we<br>are providing the technology and we need to start doing a CYA campaign for<br>that program. [...] Swift, Randy2012-10-25T10:17:02-04:002012-10-25T10:17:02-04:00Re: Transparent HTTPS Filtering Trialshttps://lists.maine.edu/cgi-bin/wa?A2=JOEBOX-L;9b60d3c8.1210I do not use the joebox for filtering/firewall. I am curious as to if the<br>joebox has dns forwarding cababilities? In my firewall I just dns forward<br>facebook.com to 10.1.0.0 and they cannot get to facebook using http or<br>https. Thanks<br><br>On Thu, Oct 25, 2012 at 8:22 AM, Rick Lange <<br>rick.lange@lakeregionschools.org> wrote:<br><br>> Hi Ray,<br>> I am the Network Manager for MSAD-61, and I am definitely interested in<br>> testing this filtering method. HTTPS (in particular<br>> https://www.facebook.com) is a loophole that our students quickly found<br>> out about, to circumvent the filter. We have a JoeBox [...] Bruce Johnson2012-10-25T14:03:04+00:002012-10-25T14:03:04+00:00Re: Transparent HTTPS Filtering Trialshttps://lists.maine.edu/cgi-bin/wa?A2=JOEBOX-L;e3932697.1210Pls add me to the list...<br><br>Bruce Johnson<br>RSU13<br><br>-----Original Message-----<br>From: Joebox User [mailto:JOEBOX-L@LISTS.MAINE.EDU] On Behalf Of Ray Soucy<br>Sent: Wednesday, October 24, 2012 12:43 PM<br>To: JOEBOX-L@LISTS.MAINE.EDU<br>Subject: Transparent HTTPS Filtering Trials<br><br>After months of development with MECnet, we're finally ready to start testing the new Joebox code base that introduces transparent HTTPS filtering for MECguard. [...] Eric Chellis2012-10-25T09:37:27-04:002012-10-25T09:37:27-04:00Re: Transparent HTTPS Filtering Trialshttps://lists.maine.edu/cgi-bin/wa?A2=JOEBOX-L;b9f2fdb9.1210Ray, MSAD/RSU #60 would be willing to be a test site for this.<br><br>Eric Chellis<br><br>Network Manager<br>MSAD #60<br><br>388 Somersworth Rd.<br><br>North Berwick, ME 03906<br><br>207.676.2234 x302 (Voice)<br>207.451.3296 (Cell)<br><br>On Thu, Oct 25, 2012 at 8:22 AM, Rick Lange <<br>rick.lange@lakeregionschools.org> wrote:<br><br>> Hi Ray,<br>> I am the Network Manager for MSAD-61, and I am definitely interested in<br>> testing this filtering method. HTTPS (in particular<br>> https://www.facebook.com) is a loophole that our students quickly found<br>> out about, to circumvent the filter. We have a JoeBox and MecGuard<br>> enabled at the HS/MS. Please feel free [...] Rick Lange2012-10-25T08:22:35-04:002012-10-25T08:22:35-04:00Re: Transparent HTTPS Filtering Trialshttps://lists.maine.edu/cgi-bin/wa?A2=JOEBOX-L;c9c5dd1f.1210Hi Ray,<br>I am the Network Manager for MSAD-61, and I am definitely interested in<br>testing this filtering method. HTTPS (in particular<br>https://www.facebook.com) is a loophole that our students quickly found out<br>about, to circumvent the filter. We have a JoeBox and MecGuard enabled at<br>the HS/MS. Please feel free to contact me at the address below so we can<br>discuss the details.<br>Thank You,<br>Rick Lange<br>IS Network Manager<br>Maine School Administrative District 61<br>900 Portland Rd.<br>Bridgton, ME 04009<br>rick.lange@lakeregionschools.org Jef H. HamLin2012-10-24T14:49:25-04:002012-10-24T14:49:25-04:00Re: Transparent HTTPS Filtering Trialshttps://lists.maine.edu/cgi-bin/wa?A2=JOEBOX-L;b8fb1242.1210As usual, my friend, we are willing. This would be a perfect time to do the internet cut over as well...kill two birds with one stone.<br><br>Ray Soucy <rps@MAINE.EDU> wrote:<br><br>After months of development with MECnet, we're finally ready to start<br>testing the new Joebox code base that introduces transparent HTTPS<br>filtering for MECguard. [...] Ray Soucy2012-10-24T12:43:06-04:002012-10-24T12:43:06-04:00Transparent HTTPS Filtering Trialshttps://lists.maine.edu/cgi-bin/wa?A2=JOEBOX-L;2cc11cc2.1210After months of development with MECnet, we're finally ready to start<br>testing the new Joebox code base that introduces transparent HTTPS<br>filtering for MECguard.<br><br>I'm currently looking for a volunteer site (or two) to test this new<br>filtering method. Ideally this would be a site that does not<br>currently filter HTTPS so it could be enabled or disabled on a<br>per-group basis without having to make sweeping changes to your<br>existing environment. [...] Vincent Vanier2012-04-06T08:34:25-04:002012-04-06T08:34:25-04:00Re: Filtering subdomainshttps://lists.maine.edu/cgi-bin/wa?A2=JOEBOX-L;c298b11d.1204Hey!<br><br>I found the issue, and I believe it goes all the way back to the original<br>installation. We had copied some settings over from Bess.<br><br>I usually enter all my URL's that I want to blacklist or whitelist into the<br>Filtering Lists under the Groups section of the MECguard tab. I rarely if<br>ever use the Global URL Keywords tab. Sure enough, inside the Global URL<br>keywords tab, I had whitelisted the domain "yahoo.com" so everything was<br>permitted to flow through. [...] Ray Soucy2012-04-05T15:28:55-04:002012-04-05T15:28:55-04:00Re: Filtering subdomainshttps://lists.maine.edu/cgi-bin/wa?A2=JOEBOX-L;2aedbd26.1204The Joebox does "string in string" comparison on URLs, so if you type in ".<br>yahoo.com" instead of "yahoo.com" for your block list, "yahoo.com" won't<br>match because it doesn't have a "." but "anything.yahoo.com" will match.<br><br>You shouldn't need to allow yahoo.com explicitly, if it's getting blocked<br>try a "Soft Allow" for yahoo.com and a block for "messenger.yahoo.com". [...] John Armentrout2012-04-05T09:37:35-04:002012-04-05T09:37:35-04:00Re: Filtering subdomainshttps://lists.maine.edu/cgi-bin/wa?A2=JOEBOX-L;590e1460.1204Try this one...<br><br>Www.www.www.www.www.www.www.www.www.www.www.facebook.com<br><br>Sent from FirstClass with my iPad<br><br>Joebox User <JOEBOX-L@LISTS.MAINE.EDU> writes:<br>>Hi,<br>><br>>Any chance the new and improved version of the Joebox software will be<br>>able to filter subdomains? I'd love to allow access to [<br>>http://yahoo.com ]yahoo.com but cut off access to [<br>>http://messenger.yahoo.com ]messenger.yahoo.com as an example. Will this<br>>be possible with the new upgrade to MECguard?<br>><br>>Vince<br>><br>>Vincent Vanier, Technology Coordinator<br>>Madawaska School Department<br>>[ mailto:vince@madawaskaschools.org ]vince@madawaskaschools.org<br>>(207)728-3371x408<br>><br>>Vincent Vanier2012-04-05T08:39:02-04:002012-04-05T08:39:02-04:00Filtering subdomainshttps://lists.maine.edu/cgi-bin/wa?A2=JOEBOX-L;33205b1a.1204Hi,<br><br>Any chance the new and improved version of the Joebox software will be able<br>to filter subdomains? I'd love to allow access to yahoo.com but cut off<br>access to messenger.yahoo.com as an example. Will this be possible with<br>the new upgrade to MECguard?<br><br>Vince<br><br>Vincent Vanier, Technology Coordinator<br>Madawaska School Department<br>vince@madawaskaschools.org<br>(207)728-3371x408 Tim Levesque2012-01-26T17:06:46-05:002012-01-26T17:06:46-05:00Re: SSL filteringhttps://lists.maine.edu/cgi-bin/wa?A2=JOEBOX-L;f2fda951.1201I would also like to point out that since I finally have the JoeBox filtering... Both encrypted and non-encrypted working perfectly.. I would be very disgruntled if I had to switch to a different method. :)<br><br>Sent from my iPhone<br><br>On Jan 26, 2012, at 4:08 PM, David Consalvi <dconsalvi@SHEAD.ORG> wrote:<br><br>> I am at Shead High School and have pretty good luck with the SSL filtering. I have to individually touch each computer running the MLTI image in order to auto detect proxies for Safari; however, users can set it themselves with Firefox.<br>><br>> A request that I [...] Tim Levesque2012-01-26T17:04:24-05:002012-01-26T17:04:24-05:00Re: SSL filteringhttps://lists.maine.edu/cgi-bin/wa?A2=JOEBOX-L;54d20a07.1201For the record this set up works really well and I've had no complaints from users. The only difficult part was ensuring that the correct clients were in the correct groups in mecguard as we do not use ssl filtering for our staff.<br><br>Sent from my iPhone<br><br>On Jan 26, 2012, at 4:08 PM, David Consalvi <dconsalvi@SHEAD.ORG> wrote: [...] Tim Levesque2012-01-26T17:01:07-05:002012-01-26T17:01:07-05:00Re: SSL filteringhttps://lists.maine.edu/cgi-bin/wa?A2=JOEBOX-L;2a898a63.1201You can set the operating system to auto detect the proxy settings and then tell the browsers to use the system settings if you have wpad configured. This would eliminate issues when students bring laptops home. I've also locked these settings down in Firefox as well as our Mac OS X network settings so that they can not be changed. I'm not sure how to do it with windows but I can shoot a package to our task manager to configure the proxy settings to each client automagically. [...] David Consalvi2012-01-26T16:08:26-05:002012-01-26T16:08:26-05:00Re: SSL filteringhttps://lists.maine.edu/cgi-bin/wa?A2=JOEBOX-L;948207cc.1201I am at Shead High School and have pretty good luck with the SSL filtering. I have to individually touch each computer running the MLTI image in order to auto detect proxies for Safari; however, users can set it themselves with Firefox.<br><br>A request that I believe is fairly simple but which would make things very handy is the inclusion of a sorting feature at the tops of pages with lists. For example, the DHCP Static IP page. I use static IPs to limit our connectivity of non-authorized devices. In essence, users must register their device with the tech department [...] Ray Soucy2012-01-26T14:35:14-05:002012-01-26T14:35:14-05:00Re: SSL filteringhttps://lists.maine.edu/cgi-bin/wa?A2=JOEBOX-L;f535dd98.1201Thankfully, custom root CAs are nothing new. They have been widely used<br>for enterprise networking for well over a decade now, and I haven't<br>encountered a device that doesn't allow you to add one.<br><br>On Thu, Jan 26, 2012 at 2:26 PM, Kyle Green <kyle.green@rsu35.org> wrote:<br><br>> On Thu, Jan 26, 2012 at 2:20 PM, Eric R. Warren <eric@greenmarkit.com>wrote:<br>><br>>> Keep in mind that there are a lot of IOS devices out there now, in some<br>>> places they represent 30% of the total machines in use. Can you even<br>>> install a root CA on them?<br>>><br>><br> [...] Kyle Green2012-01-26T14:26:35-05:002012-01-26T14:26:35-05:00Re: SSL filteringhttps://lists.maine.edu/cgi-bin/wa?A2=JOEBOX-L;2ec21154.1201On Thu, Jan 26, 2012 at 2:20 PM, Eric R. Warren <eric@greenmarkit.com>wrote:<br><br>> Keep in mind that there are a lot of IOS devices out there now, in some<br>> places they represent 30% of the total machines in use. Can you even<br>> install a root CA on them?<br>><br><br>Yes.<br><br>http://images.apple.com/iphone/business/docs/iPhone_Digital_Certificates.pdf Ray Soucy2012-01-26T14:21:40-05:002012-01-26T14:21:40-05:00Re: SSL filteringhttps://lists.maine.edu/cgi-bin/wa?A2=JOEBOX-L;fc569cb3.1201On Thu, Jan 26, 2012 at 2:04 PM, Kyle Green <kyle.green@rsu35.org> wrote:<br><br>> On Thu, Jan 26, 2012 at 1:57 PM, Ray Soucy <rps@maine.edu> wrote:<br>><br>>> Question:<br>>><br>>> Is the requirement of having to install a custom root CA a show stopper?<br>>> If so, for what reasons (too much work to deploy; privacy or ethical<br>>> concerns; etc)<br>>><br>><br>> It is for us; we simply have too many non-school-owned machines (we rely<br>> heavily on BYOD) on our network.<br>> [...] Eric R. Warren2012-01-26T19:20:14+00:002012-01-26T19:20:14+00:00Re: SSL filteringhttps://lists.maine.edu/cgi-bin/wa?A2=JOEBOX-L;8bf7691c.1201Keep in mind that there are a lot of IOS devices out there now, in some places they represent 30% of the total machines in use. Can you even install a root CA on them?<br><br>Eric Warren<br>Greenmark IT<br><br>From: Joebox User [mailto:JOEBOX-L@LISTS.MAINE.EDU] On Behalf Of Ray Soucy<br>Sent: Thursday, January 26, 2012 1:57 PM<br>To: JOEBOX-L@LISTS.MAINE.EDU<br>Subject: SSL filtering [...] Kyle Green2012-01-26T14:04:53-05:002012-01-26T14:04:53-05:00Re: SSL filteringhttps://lists.maine.edu/cgi-bin/wa?A2=JOEBOX-L;e385bd88.1201On Thu, Jan 26, 2012 at 1:57 PM, Ray Soucy <rps@maine.edu> wrote:<br><br>> Question:<br>><br>> Is the requirement of having to install a custom root CA a show stopper?<br>> If so, for what reasons (too much work to deploy; privacy or ethical<br>> concerns; etc)<br>><br><br>It is for us; we simply have too many non-school-owned machines (we rely<br>heavily on BYOD) on our network. [...] Ray Soucy2012-01-26T13:57:10-05:002012-01-26T13:57:10-05:00SSL filteringhttps://lists.maine.edu/cgi-bin/wa?A2=JOEBOX-L;4210ee2a.1201Hi All,<br><br>I apologize in advance for the length.<br><br>This isn't urgent so please take some time to read it and provide feedback<br>over the next few weeks.<br><br>As we work with MECnet on the next release of the Joebox (targeted to be<br>ready for the fall) one of the things we're focus on is SSL filtering for<br>MECguard. We haven't see much adoption of the proxy-based method for SSL<br>filtering, so we're looking into the problems with that and how to make it<br>better. [...] Ray Soucy2012-01-09T15:06:19-05:002012-01-09T15:06:19-05:00Re: Question on Groups, Firewall, and Filteringhttps://lists.maine.edu/cgi-bin/wa?A2=JOEBOX-L;b7186d0e.1201Well, it "should" work on LOW. In fact we had MECnet explicitly fix<br>that at one point, but it apparently isn't working that way anymore.<br><br>I'm not sure if it will work on MED, either. It appears to have<br>reverted to applying Open Port rules after Closed Port rules (which<br>doesn't seem very useful). [...] James Jalbert2012-01-09T14:53:03-05:002012-01-09T14:53:03-05:00Re: Question on Groups, Firewall, and Filteringhttps://lists.maine.edu/cgi-bin/wa?A2=JOEBOX-L;a582d4b4.1201Thanks Ray,<br><br>I was prety sure about how the filter worked, I have set up a group to do different filtering, and remember that was my issue was i did not move it above private lan.<br><br>Here is my question<br>If you block Facebook by blocking its IP networks in the firewall,<br>then you will also need to create a rule to bypass that block for a<br>specific group. [...] Ray Soucy2012-01-09T14:44:30-05:002012-01-09T14:44:30-05:00Re: Question on Groups, Firewall, and Filteringhttps://lists.maine.edu/cgi-bin/wa?A2=JOEBOX-L;b2a23995.1201Hi James, (responses inline).<br><br>On Mon, Jan 9, 2012 at 2:08 PM, James Jalbert <jjalbert@rsu39.org> wrote:<br>> I am in hopes that someone out there can help me with this, here is the<br>> issue<br>><br>> First off the easy one, I have a group that I would like completely open on<br>> both filtering and firewall. This network has its own filter, and firewall<br>> in place, and I want to make sure that NOTHING is blocked to or from this<br>> site? I am assuming that an open port rule of Everyone Else to "this Group"<br>> allowing [...] James Jalbert2012-01-09T14:42:37-05:002012-01-09T14:42:37-05:00Re: Question on Groups, Firewall, and Filteringhttps://lists.maine.edu/cgi-bin/wa?A2=JOEBOX-L;7ed34c81.1201Vince,<br><br>I have tried with the group all the way to the top, and all the way to the bottom, the only thing that changes is if I need my over-ride or not<br><br>James Jalbert<br>Network Administrator<br>Eastern Aroostook RSU #39<br>Phone: 207-493-4246<br>E-Mail: jjalbert@rsu39.org<br><br>>>> Vincent Vanier <vince@MADAWASKASCHOOLS.ORG> 1/9/2012 2:30 PM >>><br>Check the order of your Groups. It sounds like you have them backwords if it's blocking a group that shouldn't be denied access to those ports. [...] Vincent Vanier2012-01-09T14:30:17-05:002012-01-09T14:30:17-05:00Re: Question on Groups, Firewall, and Filteringhttps://lists.maine.edu/cgi-bin/wa?A2=JOEBOX-L;e6705681.1201Check the order of your Groups. It sounds like you have them backwords if<br>it's blocking a group that shouldn't be denied access to those ports.<br><br>Vincent Vanier, Technology Coordinator<br>Madawaska School Department<br>vince@madawaskaschools.org<br>(207)728-3371x408<br><br>On Mon, Jan 9, 2012 at 2:08 PM, James Jalbert <jjalbert@rsu39.org> wrote:<br><br>> I am in hopes that someone out there can help me with this, here is the<br>> issue<br>><br>> First off the easy one, I have a group that I would like completely open<br>> on both filtering and firewall. This network has its own filter, and<br>> firewall in place, [...] James Jalbert2012-01-09T14:08:01-05:002012-01-09T14:08:01-05:00Question on Groups, Firewall, and Filteringhttps://lists.maine.edu/cgi-bin/wa?A2=JOEBOX-L;d863eaa1.1201I am in hopes that someone out there can help me with this, here is the issue<br><br>First off the easy one, I have a group that I would like completely open on both filtering and firewall. This network has its own filter, and firewall in place, and I want to make sure that NOTHING is blocked to or from this site? I am assuming that an open port rule of Everyone Else to "this Group" allowing all protocols is what I want? I also assume that I will need one for "this Group" to Everyone Else to allow all [...] Vincent Vanier2011-12-23T10:56:22-05:002011-12-23T10:56:22-05:00Re: MECguard Domain Restrictionshttps://lists.maine.edu/cgi-bin/wa?A2=JOEBOX-L;a8b9b8fb.1112The only issue we've found with different filters for teachers and students<br>was that teachers assume that students will be able to access everything<br>they can access, so when they plan lessons they sometimes get into trouble<br>when using resources that students can't get to.<br><br>Double edged swords cut both ways.<br><br>Vincent Vanier, Technology Coordinator<br>Madawaska School Department<br>vince@madawaskaschools.org<br>(207)728-3371x408 [...] Jef H. HamLin2011-12-23T10:48:12-05:002011-12-23T10:48:12-05:00Re: MECguard Domain Restrictionshttps://lists.maine.edu/cgi-bin/wa?A2=JOEBOX-L;3f971ce1.1112No. We have found that it is more trouble than it is worth. We have a different filter for staff and students and that takes care of most issues.<br><br>H<br><br>From: Joebox User [mailto:JOEBOX-L@LISTS.MAINE.EDU] On Behalf Of Eric R. Warren<br>Sent: Friday, December 23, 2011 7:40 AM<br>To: JOEBOX-L@LISTS.MAINE.EDU<br>Subject: Re: MECguard Domain Restrictions<br><br>Do you provide override credentials to your teachers? [...] Ray Soucy2011-12-23T08:39:53-05:002011-12-23T08:39:53-05:00Re: MECguard Domain Restrictionshttps://lists.maine.edu/cgi-bin/wa?A2=JOEBOX-L;269f27a2.1112You could certainly allow youtube.com/teachers and block youtube.com;<br>the problem is that they don't actually separate the content under<br>those structures, so even if you allow youtube.com/teachers, all the<br>video links still go to youtube.com/watch?v=, and all the image links<br>on the page still point to other random URLs.<br><br>Only blocking or unblocking by subdomain is for HTTPS, for normal HTTP<br>the full specific URL can be used. [...] Eric R. Warren2011-12-23T12:51:56+00:002011-12-23T12:51:56+00:00Re: MECguard Domain Restrictionshttps://lists.maine.edu/cgi-bin/wa?A2=JOEBOX-L;610d6627.1112Why don't you upload them to www.schooltube.com<http://www.schooltube.com> instead?<br><br>Eric R. Warren<br>Greenmark IT<br>207-764-1834 x.7014<br><br>On Dec 23, 2011, at 7:48 AM, "Vincent Vanier" <vince@MADAWASKASCHOOLS.ORG<mailto:vince@MADAWASKASCHOOLS.ORG>> wrote:<br><br>On Fri, Dec 23, 2011 at 7:40 AM, Eric R. Warren <eric@greenmarkit.com<mailto:eric@greenmarkit.com>> wrote:<br>Do you provide override credentials to your teachers?<br><br>Yeah, we provide override credentials to our teachers, but we've also got quite a bit of content that we generate that we would like students to be able to access. I know that this is one of those conundrums, but I want my cake and I want to eat it too! Vincent Vanier2011-12-23T07:46:08-05:002011-12-23T07:46:08-05:00Re: MECguard Domain Restrictionshttps://lists.maine.edu/cgi-bin/wa?A2=JOEBOX-L;22091687.1112On Fri, Dec 23, 2011 at 7:40 AM, Eric R. Warren <eric@greenmarkit.com>wrote:<br><br>> Do you provide override credentials to your teachers?<br>><br>> Yeah, we provide override credentials to our teachers, but we've also got<br>quite a bit of content that we generate that we would like students to be<br>able to access. I know that this is one of those conundrums, but I want my<br>cake and I want to eat it too! Eric R. Warren2011-12-23T12:40:19+00:002011-12-23T12:40:19+00:00Re: MECguard Domain Restrictionshttps://lists.maine.edu/cgi-bin/wa?A2=JOEBOX-L;bfcc6fec.1112Do you provide override credentials to your teachers?<br><br>Eric R. Warren<br>Greenmark IT<br>207-764-1834 x.7014<br><br>On Dec 23, 2011, at 7:38 AM, "Vincent Vanier" <vince@MADAWASKASCHOOLS.ORG<mailto:vince@MADAWASKASCHOOLS.ORG>> wrote:<br><br>I'm hoping that someone has an idea that can help us. We're currently blocking the domain youtube.com<http://youtube.com> at our school. While we acknowledge that there is a great deal of good material there, it also has way too much material that has been deemed inappropriate for our school environment. [...] Vincent Vanier2011-12-23T07:35:04-05:002011-12-23T07:35:04-05:00MECguard Domain Restrictionshttps://lists.maine.edu/cgi-bin/wa?A2=JOEBOX-L;660a81be.1112I'm hoping that someone has an idea that can help us. We're currently<br>blocking the domain youtube.com at our school. While we acknowledge that<br>there is a great deal of good material there, it also has way too much<br>material that has been deemed inappropriate for our school environment.<br><br>That being said, the folks at YouTube have created a whole pile of school<br>appropriate content and placed it in their YouTube Teachers area.<br>Unfortunately they just placed it in a subdomain of the original YouTube<br>domain. (youtube.com/teachers) [...] Scott Bodeen2011-12-20T07:24:18-05:002011-12-20T07:24:18-05:00Re: MecGuard Log Fileshttps://lists.maine.edu/cgi-bin/wa?A2=JOEBOX-L;f030a810.1112Those MYD files are MySQL data files. If you have a MySQL server<br>available, you can start a new database by creating an empty folder in the<br>MySQL data folder and dumping the MYD files in to that folder. This is<br>what I do when I need to keep logs around for an indefinite time period.<br>You can then use PHPMyAdmin or a home grown application to browse the files<br>at a later date. [...] James Jalbert2011-12-19T14:43:39-05:002011-12-19T14:43:39-05:00MecGuard Log Fileshttps://lists.maine.edu/cgi-bin/wa?A2=JOEBOX-L;2fe704d3.1112I am looking for a way to download the archived MECguard log files to my local machine, were I can then run a grep or awk command to search for specific text. Does anyone have any idea as to how this can be done. I have tried to export from the MECguard stats/Log page, but only get information back to 11-30-2011, however if I search for specific text I have activity back from 11-16-2011. I have also tried to download the files from the System Logs Page, but they are a .MYD file and can not be opened with anything [...] Ray Soucy2011-12-07T21:35:13-05:002011-12-07T21:35:13-05:00New .XXX TLD for Adult Contenthttps://lists.maine.edu/cgi-bin/wa?A2=JOEBOX-L;41b7ac57.1112In case you didn't see the news about it already,<br><br>The new ".xxx" TLD, which is for Adult Content, is now open for<br>registration. We will no doubt start to see this TLD used for<br>websites inappropriate for children.<br><br>It is advisable to add ".xxx" to your Global URL Block List in<br>MECguard to prohibit these sites. [...] Ray Soucy2011-09-27T11:20:11-04:002011-09-27T11:20:11-04:00Update Statushttps://lists.maine.edu/cgi-bin/wa?A2=JOEBOX-L;36cf8321.110923.8% of Joeboxes have been upgraded to the latest code.<br><br>These updates fix an issue with DNS services crashing intermittently<br>and potentially disrupting service.<br><br>For those of you who haven't upgraded yet this is just a remind that<br>in addition to doing the upgrade manually, you can always call our<br>support line 1-888-367-6756 and ask us to perform a scheduled upgrade<br>for you between 8:00 AM and 10:00 PM weekdays, or 8:00 AM to 5:00 PM<br>on Saturdays. Randy Easter2011-09-16T11:48:48-04:002011-09-16T11:48:48-04:00Re: Updatehttps://lists.maine.edu/cgi-bin/wa?A2=JOEBOX-L;6774419.1109I am not in my office. I will get back to you as soon I return.Ray Soucy2011-09-16T11:46:21-04:002011-09-16T11:46:21-04:00Updatehttps://lists.maine.edu/cgi-bin/wa?A2=JOEBOX-L;aac274f9.1109We have a small software update for the Joebox to upgrade DNS and DHCP<br>services to new software. This is to resolve outstanding issues with<br>DNS sometimes crashing on the Joebox and backup DHCP services failing<br>to start for sites making use of public IP addressing.<br><br>Please take a moment and run the Software Update on your Joebox and<br>reboot when convenient. Ray Soucy2011-09-13T12:03:41-04:002011-09-13T12:03:41-04:00Re: Question about some odditieshttps://lists.maine.edu/cgi-bin/wa?A2=JOEBOX-L;917ce87b.1109Took a quick look.<br><br>You do have a firewall rule dropping the majority of traffic for an IP<br>address (you can see it in the Firewall Log). The thing to keep in<br>mind, though, is that that filtering happens after traffic is<br>redirected to MECguard, so web traffic will work (but other traffic<br>will not). [...] Vincent Vanier2011-09-13T10:59:38-04:002011-09-13T10:59:38-04:00Re: Question about some odditieshttps://lists.maine.edu/cgi-bin/wa?A2=JOEBOX-L;ebd228ed.1109James,<br><br>A few thoughts about the three items you posted yesterday:<br><br>1. First sounds like a DHCP choice. We're using NetworkMaine to do DHCP.<br>One advantage of that is that when it does DHCP, it looks at the MAC<br>address, and if the MAC address is in the address table, it gives it the<br>matching IP address. I'm not sure if the JoeBox is the tool for the job<br>there. [...] James Jalbert2011-09-12T11:20:06-04:002011-09-12T11:20:06-04:00Question about some odditieshttps://lists.maine.edu/cgi-bin/wa?A2=JOEBOX-L;fb4bf13c.1109I am wondering if anyone has seen or has any information on any of the following issues my district has seen now that we are using the Joebox as our router/firewall/filter.<br><br>1. The old firewall that we were using, I was able to go into the firewall settings, and block a single IP address completely. We have had issues with students hard coding IPs into their personal devices, and using them on our network. I have in the past been able to trace the IP address to an unknown device(one that is NOT ours), then go to my old firewall(PFSense) [...] Ray Soucy2011-06-30T16:59:12-04:002011-06-30T16:59:12-04:00Re: proxy list setting for mecguardhttps://lists.maine.edu/cgi-bin/wa?A2=JOEBOX-L;b8476699.1106I would think just by nature of going through MecGuard this type of<br>traffic would break anyway. MecGuard won't pass through content that<br>doesn't conform to HTTP from what I understand.<br><br>Can you give an example application?<br><br>If we can determine the protocol used, and it's encased within HTTP,<br>and it's going through MecGuard, we can probably block it with RTF, or<br>look into making a more intelligent filter. But we would need to be<br>able to know what pattern to look for, and it wouldn't work for<br>encrypted (SSL) traffic, as you can't inspect the content of SSL<br>without [...] Ray Soucy2011-06-30T16:35:10-04:002011-06-30T16:35:10-04:00Re: proxy list setting for mecguardhttps://lists.maine.edu/cgi-bin/wa?A2=JOEBOX-L;f8c3944f.1106"air-proxy.com" is one of the sites included in the proxy URL list<br>(even before the update). Are you making use of it?<br><br>I'd need to look into the Sonicwall thing; but from what I understand<br>Sonicwall does 100% of it's web filtering using databases, such as URL<br>lists; though I believe that Sonicwall recently moved to a model where<br>the database is hosted by them instead of on the Firewall to reduce<br>load on the appliance. [...] Kyle Green2011-06-30T16:35:10-04:002011-06-30T16:35:10-04:00Re: proxy list setting for mecguardhttps://lists.maine.edu/cgi-bin/wa?A2=JOEBOX-L;d7f38bc0.1106On Thursday, June 30, 2011 at 4:28 PM, Eric R. Warren wrote:<br><br>> Kyle's idea is excellent, and has been implemented in the content filtering<br>> module built into Sonicwall firewalls. Just check off "Proxy/Avoidance<br>> Websites" and the device loads a big list of known proxies and starts<br>> blocking them. If you want to allow one, just whitelist it.<br>Actually, my idea goes a step farther and has the JoeBox actively determining if the remote host is an open proxy.Eric R. Warren2011-06-30T16:28:31-04:002011-06-30T16:28:31-04:00Re: proxy list setting for mecguardhttps://lists.maine.edu/cgi-bin/wa?A2=JOEBOX-L;7076a04f.1106It's sites like http://www.air-proxy.com that are causing issues for the<br>schools that I work at; sites that don't require browser configuration of<br>any kind. If you block one, the kids will find another one. It's just a<br>Google search away.<br><br>Kyle's idea is excellent, and has been implemented in the content filtering<br>module built into Sonicwall firewalls. Just check off "Proxy/Avoidance<br>Websites" and the device loads a big list of known proxies and starts<br>blocking them. If you want to allow one, just whitelist it. [...] Kyle Green2011-06-30T16:21:33-04:002011-06-30T16:21:33-04:00Re: proxy list setting for mecguardhttps://lists.maine.edu/cgi-bin/wa?A2=JOEBOX-L;4b9e8346.1106On Thursday, June 30, 2011 at 4:08 PM, Ray Soucy wrote:<br><br>> Are HTTP proxies (e.g. ones that require browser configuration) a<br>> common problem for you? Have you verified that they're using port 80<br>> and that MecGuard doesn't break them already? If it's not on port 80,<br>> then you might need to look at blocking traffic using Firewall rules.<br>I wouldn't say I spend hours a day dealing with them, but I know they've been used in the past. MECGuard might be dealing with most of them through the lists already, but those are rarely up-to-date. We're [...]Seth Thompson2011-06-30T16:14:31-04:002011-06-30T16:14:31-04:00Re: proxy list setting for mecguardhttps://lists.maine.edu/cgi-bin/wa?A2=JOEBOX-L;e5722fdc.1106It does seem to be better. Camolist.com still gets through.<br><br>i'm planning to try SSL filtering this fall. I haven't worked out the<br>details yet but I'd like to give this a shot. It seems like our best bet for<br>reliable filtering.<br><br>Thanks,<br>Seth<br><br>On Thu, Jun 30, 2011 at 1:47 PM, Ray Soucy <rps@maine.edu> wrote: [...] Ray Soucy2011-06-30T16:08:53-04:002011-06-30T16:08:53-04:00Re: proxy list setting for mecguardhttps://lists.maine.edu/cgi-bin/wa?A2=JOEBOX-L;8ea8e8fa.1106Are HTTP proxies (e.g. ones that require browser configuration) a<br>common problem for you? Have you verified that they're using port 80<br>and that MecGuard doesn't break them already? If it's not on port 80,<br>then you might need to look at blocking traffic using Firewall rules.<br><br>Secondly, you reference a proxy allow list; can you provide an example<br>of a legitimate proxy? I can't think of one off the top of my head in<br>a K12 context. [...] Kyle Green2011-06-30T15:47:52-04:002011-06-30T15:47:52-04:00Re: proxy list setting for mecguardhttps://lists.maine.edu/cgi-bin/wa?A2=JOEBOX-L;6176e65a.1106Not everything everything--I'm looking for whitelist/blacklist filtering for /proxies alone/ to be added.<br><br>In this scenario, every time JoeBox processes an outbound HTTP request (as determined by L7 filtering), it looks to see if the request is to a whitelisted proxy. If it is, it's allowed to proceed to the destination. [...]Ray Soucy2011-06-30T15:15:00-04:002011-06-30T15:15:00-04:00Re: proxy list setting for mecguardhttps://lists.maine.edu/cgi-bin/wa?A2=JOEBOX-L;920ca851.1106I'm not exactly clear on what you're asking.<br><br>Are you suggesting that we block everything by default and only use<br>allow lists to permit access?<br><br>You can effectively do this by placing a "." on a line by itself in<br>your global block list, then creating entries for the sites you want<br>to allow in your allow list. [...] Kyle Green2011-06-30T14:00:59-04:002011-06-30T14:00:59-04:00Re: proxy list setting for mecguardhttps://lists.maine.edu/cgi-bin/wa?A2=JOEBOX-L;25535004.1106It'd be nice if the JoeBox to be configured such that we can whitelist<br>acceptable proxies (for legitimate uses of squid or dansguardian or<br>whatever), and then it checks every further HTTP request to see if<br>it's an open proxy (and caches the result for a day or so).<br><br>Can that get put on the feature wish list? It just seems to me that<br>relying on set blacklists for this is going to result in us<br>perpetually being three steps behind. [...] Ray Soucy2011-06-30T13:47:15-04:002011-06-30T13:47:15-04:00Re: proxy list setting for mecguardhttps://lists.maine.edu/cgi-bin/wa?A2=JOEBOX-L;dc68b2a9.1106Seth,<br><br>I contacted MecNet to see if they could look at additional sources for<br>their URL lists, and they have made an update. I've applied the<br>update on your Joebox (the rest of users will get the update<br>overnight).<br><br>Do you notice any change? Or is it still letting most through?<br><br>On Thu, Jun 30, 2011 at 7:47 AM, Seth Thompson <thompsons@rsu5.org> wrote:<br>> I have this enabled and the majority of proxies are still available.<br>> Seth<br>><br>> On Mon, Jun 27, 2011 at 2:14 PM, Ray Soucy <rps@maine.edu> wrote:<br>>><br>>> "Sites with proxies to bypass filters" [...] Ed Bourdeau2011-06-30T10:23:09-04:002011-06-30T10:23:09-04:00Re: proxieshttps://lists.maine.edu/cgi-bin/wa?A2=JOEBOX-L;577bacef.1106Thanks Ray, when you check the proxy box and then check the details, there is a list of proxies that it blocks. Do you know where that list comes from? I guess what I'm asking is, is it a regularly maintained/updated list by a third party? If so, who and how often? If not, what could we do to get to a list that is updated regularly? Thanks,,Ed [...] Seth Thompson2011-06-30T07:47:52-04:002011-06-30T07:47:52-04:00Re: proxy list setting for mecguardhttps://lists.maine.edu/cgi-bin/wa?A2=JOEBOX-L;a8fbaf25.1106I have this enabled and the majority of proxies are still available.<br><br>Seth<br><br>On Mon, Jun 27, 2011 at 2:14 PM, Ray Soucy <rps@maine.edu> wrote:<br><br>> "Sites with proxies to bypass filters" would be the MECguard category.<br>> Have you tried enabling this for your group filter lists? I'm not<br>> sure how comprehensive the list is...<br>><br>> On Mon, Jun 27, 2011 at 1:48 PM, Ed Bourdeau<br>> <ebourdeau@erskineacademy.org> wrote:<br>> > Overall I am very happy with the JoeBox/MecGuard setup. My number 1<br>> input<br>> > for future change is that you add a Proxy settings [...] Ray Soucy2011-06-29T14:21:51-04:002011-06-29T14:21:51-04:00Re: proxieshttps://lists.maine.edu/cgi-bin/wa?A2=JOEBOX-L;fe512bd1.1106Sorry for the X-Post. Want to make sure we catch everyone.<br><br>If you're a Joebox user and not on the Joebox List drop a note to<br>support@maine.edu to get added.<br><br>A lot of confusion around MecGuard (the web filter on the Joebox).<br><br>From what I've seen to date, it seems that the vast majority of<br>problems with MecGuard come down to two issues: [...] Ray Soucy2011-06-27T14:14:23-04:002011-06-27T14:14:23-04:00Re: proxy list setting for mecguardhttps://lists.maine.edu/cgi-bin/wa?A2=JOEBOX-L;ca46e0cd.1106"Sites with proxies to bypass filters" would be the MECguard category.<br>Have you tried enabling this for your group filter lists? I'm not<br>sure how comprehensive the list is...<br><br>On Mon, Jun 27, 2011 at 1:48 PM, Ed Bourdeau<br><ebourdeau@erskineacademy.org> wrote:<br>> Overall I am very happy with the JoeBox/MecGuard setup. My number 1 input<br>> for future change is that you add a Proxy settings option to MecGuard. By<br>> this I mean a more automated method to block proxies. If you could check a<br>> box, and have your choice of black lists that you could subscribe to [...] Ed Bourdeau2011-06-27T13:48:58-04:002011-06-27T13:48:58-04:00proxy list setting for mecguardhttps://lists.maine.edu/cgi-bin/wa?A2=JOEBOX-L;af8fb9f7.1106Overall I am very happy with the JoeBox/MecGuard setup. My number 1<br>input for future change is that you add a Proxy settings option to<br>MecGuard. By this I mean a more automated method to block proxies. If<br>you could check a box, and have your choice of black lists that you<br>could subscribe to this would make the filtering much more manageable.<br>Right now this is my #1 hole. [...] Ray Soucy2011-06-21T15:35:54-04:002011-06-21T15:35:54-04:00Are you using MECguard SSL?https://lists.maine.edu/cgi-bin/wa?A2=JOEBOX-L;11356b3c.1106I would be interested in finding out how many of you are making use of<br>the proxy-server MECguard SSL method for HTTPS filtering.<br><br>If you're using it please drop me a note. Ray Soucy2011-06-21T11:00:15-04:002011-06-21T11:00:15-04:00Joebox Software Updatehttps://lists.maine.edu/cgi-bin/wa?A2=JOEBOX-L;ca499ca3.1106Two new Joebox updates are available using the Software Update tool.<br><br>mecguard_maine 12.4<br>webgui_maine 12.3<br><br>Please update these at your convenience.<br><br>mecguard_maine 12.4<br>* Fixed a bug where URL filtering was case sensitive; A block for<br>Boston.com wouldn't catch boston.com.<br>* Workaround for a problem with X-Forwarded-For HTTP headers and CDN<br>load balancers; MECguard wil no longer provide X-Forwarded-For<br>headers. [...] Ray Soucy2011-06-02T13:04:00-04:002011-06-02T13:04:00-04:00Safari Bug with MECguard SSLhttps://lists.maine.edu/cgi-bin/wa?A2=JOEBOX-L;c0601cf5.1106Freeport HS discovered an odd bug with Safari not blocking HTTPS sites<br>under the following conditions:<br><br>1. System is configured to automatically detect proxy settings using<br>WPAD or manually configured to use a WPAD script.<br>2. Force MECguard SSL is not checked<br><br>The issue was hard to track down because the HTTPS requests will get<br>logged by MECguard as blocked, but go through fine on the host. [...] Kyle Green2011-05-26T15:50:00-04:002011-05-26T15:50:00-04:00Re: MECguard Updatehttps://lists.maine.edu/cgi-bin/wa?A2=JOEBOX-L;279c0a75.1105I'm also seeing an issue where JoeBox RTF filtering breaks some<br>streaming services (like Netflix).<br><br>The first chunk loads fine, but subsequent chunks are blocked by the<br>RTF. I've whitelisted the CDN for right now, but it'd be nice to know<br>why this is happening and if there's a way to adjust the RTF's<br>heuristics. [...] Ray Soucy2011-05-26T15:26:44-04:002011-05-26T15:26:44-04:00MECguard Updatehttps://lists.maine.edu/cgi-bin/wa?A2=JOEBOX-L;339b39d1.1105All,<br><br>We have found an issue with some CDN (Content Delivery Network)<br>provides when X-Forwarded-For headers are included (as is done with<br>most proxy servers, including Bess) for private (RFC 1918) IP<br>addresses. The CDNs in question would see the RFC 1918 address and<br>default to directing traffic to data-centers that are often not the<br>closest or fastest for content. [...] Tim Levesque2011-05-04T07:43:15-04:002011-05-04T07:43:15-04:00Re: Can't load Google doc presentationshttps://lists.maine.edu/cgi-bin/wa?A2=JOEBOX-L;2af71525.1105Working fine on our network as well.<br><br>Tim Levesque<br>MCP, A+, NET+<br>Technology Director<br>Easton School Department<br>207-488-7702 ext 18<br>www.eastonschooldistrict.org<br><br>On May 4, 2011, at 7:08 AM, William Lowell wrote:<br><br>> google presentations and all of google docs is working fine here. Ran a google presentation yesterday in class in fact.<br>><br>> Bill<br>><br>> On Tue, May 3, 2011 at 8:45 PM, Eric R. Warren <eric@greenmarkit.com> wrote:<br>> Hello,<br>><br>> Has anyone experienced any problems loading a Google Docs presentation after the last Joebox update? All we can get is a blank white screen, doesn’t matter [...]