View Categories

Remote Proxy / Filter Access

3 min read

Table of Contents

Summary #

There are many possible situations where you want to filter your remote users through your SecureSchool, LibraryDoor, or ISBossBox filter.  For example, if you’re a school and issue students laptops to use at home and want those laptops to be filtered.  This article goes through the steps on how to do that, as well as the limitations of doing this.

More Information #

There are several things to consider before you deploy filtering “from home”.

  • The remote machine must be secured properly to ensure that the proxy settings cannot be removed from the browser.  If they can be, there’s no real point to even configuring them in the first place.
  • The remote machine will only have content going through the browser filtered.  Since the machine is not behind a firewall you are in control of (ie, SecureSchool, ISBossBox, or LibraryDoor), there’s no way to restrict the use of bypass mechanisms like a VPN or using an alternate browser.
  • You must be able to restrict the installation of new software on the remote machine.  For example, you do not want the user installing Firefox (or any other browser) that has it’s own proxy settings that need to be configured, effectively bypassing your restrictions.

To do this, you first need to make sure your appliance is setup to use a form of authentication: SSB (internal) Authentication, NTLM, or LDAP.

Once authentication is setup, you need to disable the rule that blocks outside proxy access.  Go to “Firewall” -> “Protocol Rules”, and look for the rule called “Proxy from outside” with a sequence number of 500.  This rule blocks all traffic from any IP address from the Internet to the appliance on port 8080.  Click on the “Deactivate Rule” link for this rule.  Once the rule is turned off, go to “Commit Changes” and click on “Restart”.

Lastly, you need to make sure your clients are configured to use the proxy server correctly, so it will work if they are remote or local.  In order to do this, you need to set the proxy server address to something that will resolve both publicly on the Internet as well as on your private network.  When on the Internet, it should resolve to the public IP address of the appliance.  When you are on the private network, it should resolve to the private IP address of the appliance.  The easiest way to do this is to use the name we assign to the appliance.  This name is in your quickstart guide, or you can call us to get it.  It’s something like “secureschool.school.state.k12us.com”.  This name is automatically updated to always have the correct IP address of your appliance when resolved from the Internet.  When you resolve it on the private network, the appliance intercepts the request and will return the private IP address (provided you have DNS forwarding setup.  See Setting up DNS Forwarders in Windows for help with how to do this on Windows servers, or Setting Up DNS Forwarders on OS X for help with a Mac server).

ISBossBox, LibraryDoor, SecureSchool
What are your Feelings

Leave a comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.

SOCIAL NETWORKS

CONTACT US

Phone: 1-877-225-0100 (toll-free) or 732-929-1485

Fax: 732-359-1522

Email: support@K12USA.com

Mail:

K12USA.com

24 Highland Bend

Island Heights, NJ 08732

JOIN OUR MAILING LIST

K12USA.com ©1999-2025