I worked in a large school system with a computer lab where we addressed
some of these issues.
The first thing we did was implement several different logins on local
machines and deployed identd. We locked down the student login and
browser (we use firefox and kiosk) so that students could not alter the
browser and we set up acls in squid to limit student access. we have a
pac file set up on a server that the controls the location of the proxy.
works very well without squidguard or dansguardian.
A next step would be of course to set up and authenticate via ldap. i
think it would be easy enough to differentiate between your staff and
students either via naming convention or via actual ldap content
there are some ready made solutions available if you want to import
blacklists into squid ...... I don;t have the url handy but they should
pop up pretty quick.....
Chris Robertson wrote:
Scott Ackerman wrote:
I am the IT Administrator for a local charter school. I was hired
after an external support company was determined to no longer meet our
needs. The short story is that I am trying to set up an adequate
web-filtering solution for our school. I have already set up Squid and
have it configured to run as a transparent proxy, as it is my
understanding that this is the only way I can force the use of our
proxy server (the little urchins discovered last year how to change
proxy settings in their browser to get to open proxies and view
anything they want). But I am not sure how well this will integrate
with Squidguard as I also understand that in order for me to allow
teachers more access, some form of authentication with squid needs to
happen which won't work with a transparent proxy. Any suggestions on
this. I am currently running squid 2.5 on a Fedora Core 5 box with
Shorewall doing the redirect through netfilter.
Set Squid up to listen on two ports, and only allow authenticated
requests on the second port. Teachers can specify the second port and
use authentication, and you can redirect other traffic to the
intercepting port.
Specifics depend on how you have defined your ACLs and http_access rules.
Chris
