Hi List!
On Wed, 7 Dec 2005 07:01:16 +1100, Kevin Withnall wrote:
>That's very much like what I have. I don't know how to incorporate a
>whitelist into that though.
We have the following. Note, the order is important, so the porn_accept
rule, allows sites that are wrongly detected as porn from the !porn rules,
but it will allow everything after it, including games, nonessential, etc.,
which can be a bit of pain, so you need to be careful with the order.
The local_domains has the highest priority, as we don't want any of our
ACLs to affect sites we define as local:
classrooms {
rewrite pupil_rewrite
pass local_domains !proxies !spam ads_accept !ads all_exefiles_accept
!exefiles porn_accept !porn games_accept !games nonessential_accept
!nonessential personal_accept !personal_pages av_accept !audio-visual
mail_accept ip_accept !in-addr !mail all
redirect
http://proxy.fhs.local/generic.php?clientaddr=%a&clientname=%n&clientuser=%i&clientgroup=%s&url=%u&targetclass=%t&path=%p
} # End acl classrooms
You might find this one useful too - when we have a particularly 'excitable'
class, we define a list of sites that they can only visit, all others are
blocked
by default, bu the final 'none':
only_to_classrooms {
rewrite pupil_rewrite
pass local_domains only_to none
redirect http://proxy.fhs.local/allow-only.php
}
The rewrite rule, pupil_rewrite, includes things like appending
&safe=active to ALL google URLs, to ensure their safe search is
always switched on, or forcing .com sites to .co.uk, etc.
rewrite pupil_rewrite {
s@(.*.google.*/.*\?.*)@\1\&[EMAIL PROTECTED]
[EMAIL PROTECTED]@[EMAIL PROTECTED]
[EMAIL PROTECTED]@[EMAIL PROTECTED]
} # end pupil_rewrite
You'll need the full regular expression hack for that though :-)
https://listman.redhat.com/archives/k12osn/2004-April/msg00805.html
Ant
--
Anthony W Owen BSc(Hons) <[EMAIL PROTECTED]>
ICT Network Manager. Fallibroome High School. Macclesfield
Reception: 01625 827 898. Direct: +44 (0)870 765 3728
http://www.fallibroome.cheshire.sch.uk/