Proxy Servers

Permabanned
Joined
19 Apr 2006
Posts
2,333
Location
West Yorkshire
We are currently using a bit of software called CyBlock SA for our proxy server at work.

This runs on windows, but is incredibly slow and problematic and uses a shed load of memory.

So what are our alternatives?

I have heard that there is something native to MS (ISA Server?) is it any good?

Do you have to pay extra or is it built in to Windows server?

Is it is easy to configure and manage on a day to day basis?
 
i've used ISA 2004, which was very good (I hear that 2006 is excellent). Altough you have to pay for these.

Squid is also excellent and free.
 
I need something that has the following features:

1) Users can be put in to 2 groups (whitelist and full access).
2) User names are gathered from Active Directory.
3) Reports can be made on what users have been looking at.
4) Doesnt die from intensive CPU/Memory use when at peak load.

Can ISA server do these sort of things?
 
Actually just looking at ISA server and it seems far more than we need, dont need firewall and dont need inter-branch connectivity (we already have a sweet WAN).

So any other recomendations?
 
The_KiD said:
I need something that has the following features:

1) Users can be put in to 2 groups (whitelist and full access).
2) User names are gathered from Active Directory.
3) Reports can be made on what users have been looking at.
4) Doesnt die from intensive CPU/Memory use when at peak load.

Can ISA server do these sort of things?
You mean blacklist? White list just lists what websites they CAN go on?

So rarther than an out and out proxy, you want the ability to filter web traffic, and see what users have been upto/log it?

We use SurfControl here, and it does all that very well.
You have to install it on a machine thats between the rest of the network and your net connection though.
So i suppose in your case, if you already have a firewall, you'd have it connected like so:
--->Internet--->Firewall--->SurfControl System--->Rest of network.

:).
 
ISA Server is overkill, if you're only after web access logging and reports. I don't know if this is an option, but, if you're comfortable with running Linux, take a look at Dansguardian. It ticks all the boxes and can't really be beaten on price. ;)
 
BoomAM said:
You mean blacklist? White list just lists what websites they CAN go on?

Exactly, we dont want a blacklist as that involves investigating every site on the internet to decide if it allowed or not.

A whitelist allows us to say these are the sites you can access and thats it!

Hmmmm was kind of hoping there was some function in MS Server 2003 or a MS add on that would do it.

Will take a look at surf control.
 
The_KiD said:
Exactly, we dont want a blacklist as that involves investigating every site on the internet to decide if it allowed or not.

A whitelist allows us to say these are the sites you can access and thats it!

Hmmmm was kind of hoping there was some function in MS Server 2003 or a MS add on that would do it.

Will take a look at surf control.
The problem with any type of listings though is that not all websites have their entire contents in a common format.
And doing phrase based filtering, like '.google.', isnt foolproof either, as it can still allow or disallow access to any old website with that phrase in it.

I'd say SurfControl is your best bet. Theres normal and ISA versions available. Both pretty much do the same thing.:).
 
Thanks boom I will take a look.

You dont know what it's like on resource usage as ideally I would like to install it on our management server as I cannot justify getting a server just to act as proxy.
 
BoomAM said:
The problem with any type of listings though is that not all websites have their entire contents in a common format.
And doing phrase based filtering, like '.google.', isnt foolproof either, as it can still allow or disallow access to any old website with that phrase in it.

I'd say SurfControl is your best bet. Theres normal and ISA versions available. Both pretty much do the same thing.:).

Don't know what firewall you have, but some can run web filtering by using the surfcontrol database. I know the Juniper Netscreens for example have this functionality.

If you are looking to upgrade your firewall this may be something you want to investigate.
 
We use a combination of ISA Server 2000 to decide what users are allowed onto the net and SurfControl to decide what they can and can't see.

Works a charm.
 
oddjob62 said:
Don't know what firewall you have, but some can run web filtering by using the surfcontrol database.

We have a managed Cisco PIX firewall and is not really something we can be running proxy on.
 
The_KiD said:
I need something that has the following features:

1) Users can be put in to 2 groups (whitelist and full access).
2) User names are gathered from Active Directory.
3) Reports can be made on what users have been looking at.
4) Doesnt die from intensive CPU/Memory use when at peak load.

Can ISA server do these sort of things?
Webmarshal does all those.

No software is installed on clients machines, all done via windows proxy server (we have it setup so that they have to go via proxy otherwise no internet access)

names are gathered from Active directory

You can create groups on what they cant download (or even what sites they are allowed on)
for example we block by default, all zip's,.exes,.com,.vbs, (usual suspect ones)

even video is all blocked.

if somone needs to download a vbs or activex, we can put them in a group temporarly and let them work away.

Blacklists are created as well, for example all email traffic we want it to go through a certain path (to block vbs/.exes.zips etc..) so we block hotmail and all the other usual webmails.

We can run reports on what the user has been doing or view at a glance what they are on now (and what amount of downloading/time spent etc..)

As for intensive cpu/memory requirements, our server is a crap windows 2000 P3 1ghz with 512mb of ram and 80gb hd. This runs webmarshal and also mcafee (all web traffic gets scanned by mcafee) and this caters for approx 300 users.

You can download a free 30 day trial and the support forums are good as well

heres the link
 
The_KiD said:
Thanks boom I will take a look.

You dont know what it's like on resource usage as ideally I would like to install it on our management server as I cannot justify getting a server just to act as proxy.
Unfortunatelly, some functions of SurfControl, we have the ISA version fyi, can be very intensive. Normal filtering doesnt appear to use much resources.
But filtering by NetBIOS, going into logs in depth, and having the logs generate on the fly rarther than 24hours later, makes the server that its on run VERY slow, as as a result, makes web browsing for clients take ages.
 
Back
Top Bottom