[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [K12OSN] Public Proxy server needed or advice



On 2/1/07, David Trask <dtrask vcsvikings org> wrote:
This is essentially a Windows question brought on by some cool stuff I did
in Linux   ;-)  Yesterday I upgraded my SME/DansGuardian server.  I ended
up with a tighter system then I had previously.  I am doing PAM
authentication so that when a user wants to use the Internet they must
authenticate with their web browser (clicking on any browser pops up a
login screen) before surfing.  This helps track activity, but has the
added benefit of allowing me to filter by groups and also give the staff
the ability to bypass the filter when they run into a blocked site.
Before the upgrade....if you had browser settings....you had to
authenticate.....if you did not have browser settings....then you were
transparently proxied and thus filtered at the default (and much harsher)
level.  Now....if you have browser settings....fine....if not...you ain't
going nowhere!  Ports 80 and 3128 are blocked....only 8080 is allowed for
DG.  Now....my problem is this.....

Due to the fact that I have to authenticate to the proxy before I can
access the outside world, this poses a problem for things like Windows
Update.  Many programs allow me to enter a proxy and the
username/password.  AVG does a great job with this.  It'll try the proxy
first and then try direct.  Windows Update depends on the proxy settings
in Internet Explorer.  Unfortunately there is no way (that I can find) to
embed the username and password in the Connection Settings.  To make life
easier I have written a proxy.pac file to auto-configure the proxy for IE
and firefox, but alas I am unable to find a way to authenticate IE so that
Windows Defender and windows update will work properly.  I'm basically
trying to get some staff laptops squared away with this.  The desktops are
fine....and everything else is either Linux or OS X....and thus easier to
work with in this regard.  My only other hope at this point is to use an
outside Proxy server on port 8080 (or other non-standard port) just for IE
(which we never use as a browser)  IE is only enabled on these particular
staff laptops....otherwise we use Firefox and Safari all around.    I
either need a good solid external proxy server (preferably on port 8080)
or some advice on how to either rewrite my proxy.pac file so that I can
embed the username and password....or some other Windows magic.  Any ideas?

My proxy.pac file is below:

function FindProxyForURL(url, host)
{
 if (isInNet(myIpAddress(), "10.0.0.0", "255.255.240.0"))
 return "PROXY 10.0.0.1:8080";
 else
 return "DIRECT";
}


(this file basically tests to see if it is on my LAN and if so...use the
proxy....otherwise (if at home or whatever) use a direct connection)

David N. Trask
Technology Teacher/Director
Vassalboro Community School
dtrask vcsvikings org
(207)923-3100



David,

This doesn't answer your question about public proxies, but may help
you nonetheless.

Our school ran into a similar problem with Windows Update on all our
Windows XP computers when we implemented CensorNet a few years ago.
(It uses Dansguardian and Squid, and I think.)  The solution that
worked for us was two-part:

1) add ".microsoft.com" and ".windowsupdate.com" to CensorNet's list
of authentication exceptions

2) instruct Windows Update to use Internet Explorer's proxy settings.
To do this:
- open a command window (Start | Run | cmd)
- enter the following: proxycfg -u

Step one removed the need to supply a username & password when running
Windows Update, though going through our proxy server (port 8080) was
still required.

Step two sets the default proxy settings in Windows by copying those
settings from the current user's Internet Explorer setup.  (We have
the proxy IP address and port entered directly in IE settings rather
than using proxy.pac.)  Windows Update uses the default proxy settings
rather than those for any specific user, as I understand it.

I'm not sure how exactly you could implement step one in your specific
setup, though I assume its possible.  (I've only ever worked with
Dansguardian as part of CensorNet and not in any other context.)

David Whitmer
Director of Media & Technology
Calvary Schools of Holland (Michigan)
web: www.calvaryschoolsholland.org
email: the whitmers gmail com


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]