On Mon, 14 Aug 2006, Ashley M. Kirchner wrote:
-- I accidentally sent this to just Frank, so here it is for the list --
Quoting Frank Cox <theatre@xxxxxxxxxxx>:
Anything that you use will require "installing and setting it up".
You could use Squid, or you could use Privoxy. Either one (or both together)
will work just dandy for what you want.
Well, I figured that much. :) I meant I don't have a whole lot of time to get
something installed, configured and all, specially not something I know nothing
about, such as squid. But, if that's what it takes, then that's what it takes.
I'm S.O.L. either way I suppose.
This all stemmed because some employees are using their machines to do
"personal" chit-chat and e-mailing, something upper management wants curbed, or
at the very least, limited. Things that immediately came up in our meeting was
the blocking of Yahoo!, Google, and MSN mail during work hours (and possibly
unblocked during lunch hours, but that's still being discussed.) While I think
it's a bit extreme, they sign my paycheque, so I do as I'm told.
For right now, my immediate task is to block those sites from getting reached
and I'm trying to figure out how to (efficiently) do that through iptables. My
next concern is to start logging everything else being visited, and I guess
that's where squid (or something else) will come into play.
If anyone wants to give pointers, and or help with either one of those two
tasks, I'll be greatful.
If you are willing to block access to everyone on your network for a given
domain such as aol.com AND you run your own dns servers on the internal net, why
not simply add a zone that is authoritative for the domain and directs all
requests to the company web site. That is what I do for garbage like
myspace.com. Much easier than maintaining iptables rules.
Regards,
--
Tom Diehl tdiehl@xxxxxxxxxxxx Spamtrap address mtd123@xxxxxxxxxxxx
