[Bug 1263] New: protect IE^windows users and the network (block IE with squid)

To: debian-edu@lists.debian.org
Subject: [Bug 1263] New: protect IE^windows users and the network (block IE with squid)
From: bugzilla-skolelinux@maintainer.skolelinux.no
Date: Fri, 19 Oct 2007 23:54:03 +0200
Message-id: <[🔎] E1Iizn9-0003UY-0O@maintainer.skolelinux.no>

http://bugs.skolelinux.no/show_bug.cgi?id=1263

           Summary: protect IE^windows users and the network (block IE with
                    squid)
           Product: Skolelinux
           Version: etch-release-3.0r0
          Platform: Other
        OS/Version: Linux
            Status: NEW
          Severity: normal
          Priority: P3
         Component: Configuration
        AssignedTo: debian-edu@lists.debian.org
        ReportedBy: holger@layer-acht.org


From: José "L. Redrejo" Rodríguez <jredrejo@edu.juntaextremadura.net>  (Junta 
de Extremadura)

  As some of you know, at LinEx (Extremadura) we're working in the merge
with Debian Edu.
Currently we're keeping a meeting where we're analyzing some of the
differences between both setups.

For the Squid configuration we're using since last September almost the
same configuration Debian Edu has. The only difference is this simple
text added to squid.conf:

##############################

acl no_ie browser MSIE
http_access deny no_ie
#allowing windowsupdate with ie:
acl windowsupdate dstdomain .windowsupdate.com
acl windowsupdate dstdomain .microsoft.com
acl windowsupdate dstdomain .public-trust.com
acl windowsupdate dstdomain .windows.com
acl windowsupdate dstdomain .webiqonline.com
acl windowsupdate dstdomain 207.46.224.158
acl windowsupdate dstdomain .msn.com
always_direct allow windowsupdate
http_access allow windowsupdate

##########################

There is a powerful reason to add this: avoid windows machines using
Internet Explorer (there're still some old windows in our schools, or
some new windows in Vocational Teaching departments). Quite (very) often
it's a source of viruses, trojans, etc. that steal most of the bandwith
of the schools networks. With this setup Outlook can not show online
texts in the mails either.

Windows users must switch to other browsers as Firefox or Opera. The
last part of the config is to allow MS machines do their needed security
updates.

Maybe this could be useful for Debian Edu too. For LinEx is a must. 

Regards.
José L.

---

IMO this should be part of our default squid.conf - not sure if we should 
introduce this for r1 (because we might break existing behaviour, but OTOH 
maybe thats a feature :)

Of course we should comment+document this properly.



------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

Reply to:

Prev by Date: first try to send a .po file
Next by Date: Re: first try to send a .po file
Previous by thread: first try to send a .po file
Next by thread: new .po file for debian edu doc
Index(es):
- Date
- Thread