Roland Roland wrote:
> Hello,
>
> for a while now.. almost 3 weeks I've been using an ACL tht matches a
> specific file content with url_regex
> in this file there's facebook, and a few other sites that I don't want
> users to access.
>
> users have found a way to bypass these restrictions
> by using online sites that supports such a thing.. like using google
> translate service to translate sites which by default would be blocked..
> or simply using other online websites that masks such a usage...
>
>
> anyone has a better way for me to block such sites?
>
> thanks in advance,
>
> Roland
You have entered into an arms race with your users. This particular race
is one which network admin often try and there is no known way to win
short of shutting down the network. Have you considered that even P2P
instant messengers can transfer HTML content in their messages? or
emails?. Any given packet on your network may or may not contain what
you think it does.
My advice: don't block. Fight social networking with social responses.
Use delay pools to rate-limit the amount of access they get to those
sites and when. Youtube videos downloading at 2KB/sec are not that
appealing to watch. Facebook pages that take 5 minutes to post a 2-line
comment are not that interesting.
If you are in a company situation a 'top ten non-working employees' can
do wonders. Log and measure how much time each employee is spending on
these sites and make it known. Which sites and how long. That also gives
the policy makers some ammo if they really want to act on it.
Amos
-- Please be using Current Stable Squid 2.7.STABLE6 or 3.0.STABLE16 Current Beta Squid 3.1.0.9Received on Sun Jul 12 2009 - 01:52:55 MDT
This archive was generated by hypermail 2.2.0 : Sun Jul 12 2009 - 12:00:02 MDT