> ... We are a K-12 education and are mandated by federal law to
> monitor and protect student access to the internet. ... We are
> now allowing students to bring their own notebooks ...
Yep, yet another instance of the classic problem "filter 'the net' rather than individual computers". (Same thing comes up with iPhones and with wireless.) By requiring NTLM authentication against your own domain, you're requiring users to use your names and passwords even if they use their own computer; that gets you part way. The remaining issue is how to avoid the dreaded "dead end browser" that won't do anything until its proxy options are changed but can't even display the directions for changing those options.
One possible solution is to put a webserver on port 80 that gives detailed instructions on how to set the "proxy" options in all the various browsers. Reconfigured browsers will access the filter on a special port (3128? 8080?) which works withOUT the problematic transparent/intercepting and withOUT any IPtables rules for the filter. No matter what newly arrived browsers try to view, they'll just see your page of instructions.
The biggest problem here may be that K-12 includes some very young kids. Hopefully any young kid that brings their own computer from home can deal with this stuff. (Definitely no problem beyond about third grade - kids are geeks.) Use lots of screenshots and train the teachers.
Making this "network billboard" idea work requires a couple things:
1) use IPtables to "redirect" all the port 80 traffic to port 80 (!?)- the net effect is the IP address of the desired website will be replaced with the IP address of your own server
2) use an .htaccess file with an "ErrorDocument 404 ..." in it so all browsers get to your page of instructions no matter what page they originally desired
See http://contentfilter.futuragts.com/wiki/doku.php?id=network_billboard for details.
thanks! -Chuck Kollars
Received on Tue Jan 06 2009 - 22:50:15 MST
This archive was generated by hypermail 2.2.0 : Wed Jan 07 2009 - 12:00:02 MST