Azekeil (azekeil) wrote,

  • Mood:

[Geek] Getting around your workplace web filters.

It seems they've finally caught up with ev1ldonut at work - LJ had been switched off for him from work.

However, I've just put in place a workaround for him. It's not brilliant, but it's pretty good. After trying a few search terms I found this. It's a perl-based web proxy. You put it on your server and browse to the page on your server. You then enter the URL of the page you actually want to visit and the program on the server fetches it for you and forwards it to you. This is identical to the sort of service and other similar sites gives you, only it's free, on a non-public URL (so won't already be in their filters) and very configurable.

This circumvents the filters put in place because neither the IP address nor the name of the server you're visiting are the same. I increased the default security by uncommenting the code to do some basic encoding on the URLs displayed and the cookies cached. I tried a blowfish encryption but the Crypt::Blowfish perl module seems to be neutered.

For added security if ev1ldonut's IT staff go to the URL he uses I put a .htaccess file in place so anyone going there must enter a username and password. This will also preserve my bandwidth by preventing joe public using my web proxy.

Additionally, I tried to get it working in mod_perl which I managed, but I couldn't get the .htaccess file to work as well, plus I had to disable the non-parsed headers which made it less compatible so I've given up for the time being.

I discovered as well Ghostzilla, which is a branch of an old version of Mozilla modified to be a very surruptitious browser. It will appear in the largest frame of whichever window has focus when you move your mouse to the screen edges: left-right-left. It disappears when you move your mouse a small distance away from the frame. The final bonus is that it will run from a CD which gets around the uncustomisable problem with the browser that's on ev1ldonut's work PC. Ghostzilla's been discontinued by the author on moral grounds and the browser is hard to get hold of [Update: It just seems to be a flakey download from their site]. Unfortunately I couldn't get hold of the version specifically designed for running from CD but the version I did have seems to run fine off a CD :)

Finally I put PuTTY on the CD so if he needs to tunnel through to another machine to give him access he can.

The last touch (which I haven't done yet) will be to make the web proxy available on SSL only so they can't even snoop the traffic from the websites he visits.

Although it will be slower than a standard connection (not by much if a friend of mine hosts it) I do quite like it for a couple of reasons: it doesn't actually rely on any special web settings, and because it's pretty impervious to attack without a great deal of effort.

It can also be rehosted if they end up blocking the range of IPs my server comes from, which I doubt as he's not exactly big fry. As an IT admin I know there are much better things I'd rather be spending my time on, and certainly for me I'd only be implementing web filtering if I was asked to by management, and would be pleased someone'd found a workaround ;)

  • Post a new comment


    default userpic

    Your reply will be screened

    Your IP address will be recorded 

    When you submit the form an invisible reCAPTCHA check will be performed.
    You must follow the Privacy Policy and Google Terms of use.