<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40"><head><meta http-equiv=Content-Type content="text/html; charset=us-ascii"><meta name=Generator content="Microsoft Word 14 (filtered medium)"><style><!--
/* Font Definitions */
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:"Trebuchet MS";
panose-1:2 11 6 3 2 2 2 2 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri","sans-serif";}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
span.EmailStyle17
{mso-style-type:personal-compose;
font-family:"Calibri","sans-serif";
color:windowtext;}
.MsoChpDefault
{mso-style-type:export-only;
font-family:"Calibri","sans-serif";}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]--></head><body lang=EN-US link=blue vlink=purple><div class=WordSection1><p class=MsoNormal>I’ve been experiencing an odd issue with my web filtering firewall pertaining to Chinese web sites and spam email. I have a ClearOS server in bridge mode doing URL re-write filtering sitting in front of my main firewall. The ClearOS server catches all web traffic leaving the network, filters out any bad words, and enforces safe searches (Google, Bing, etc.). And due to the large amount of past malicious activity, I’ve blocked most of APNIC, RIPE, AFRNIC, and LACNIC IP addresses on my main firewall (MikroTik RB2011UiAS-RM).<o:p></o:p></p><p class=MsoNormal> <o:p></o:p></p><p class=MsoNormal>I’ve narrowed the issue down to a particular patron that has been visiting web sites such as tw.yahoo.com, mail.com, and email.com. According to my ClearOS logs, the web pages with Chinese characters generate a long URL which crashes our web browsing – except for the Patron viewing the web pages. Once it crashes, I have to restart the ClearOS server and then it works for about 20-30 minutes before it crashes again. I’ve contacted ClearOS and they can’t recreate the issue but suggested that I turn off write caching – which I have but that doesn’t help.<o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>I want to allow the patron to view web sites in their foreign language, but I also can’t have the internet crash every time they come in to use a computer. As far as email.com and mail.com, the patron’s email account is loaded with spam and they click on everything. I’ve seen them click on a spam email that when opened, contain an endless redirect script that eventually crashes the internet for everyone. The redirects go to a random generated URL based in China. I don’t know if the patron has caught on that they are causing the issue and are purposely causing the internet to crash, or if they are just click happy and actually enjoy reading malicious emails? It’s suspicious that they click on the spam email and minimize the window while the redirect script runs in the background. <o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>The public computers are on the same subnet as the staff and they are locked down heavily with group policy, Faronics WINSelect, Anti-Virus, and DeepFreeze. I’ve tried switching them to a different subnet but that doesn’t fix the issue.<o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>I’ve concluded:<o:p></o:p></p><p class=MsoNormal>- My ClearOS setup doesn’t play nice with web sites based in China, long Chinese characters in the URL, email.com and mail.com. <o:p></o:p></p><p class=MsoNormal>- The ClearOS server works fantastic with everything else. <o:p></o:p></p><p class=MsoNormal>- The recommendation from ClearOS support doesn’t work. <o:p></o:p></p><p class=MsoNormal>- The issue happens with the particular patron only.<o:p></o:p></p><p class=MsoNormal>- We use OpenDNS to block web sites in addition to my IP range blocks on my gateway<o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>Is there anyone else out there that uses a Dansguardian/Squid based content filter? If so, have you had issues like me?<o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>Thank you,<br><br>Chad<br><br><o:p></o:p></p><p class=MsoNormal>--<br><span style='font-size:10.0pt;font-family:"Trebuchet MS","sans-serif";color:black'>Chad Morris<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:10.0pt;font-family:"Trebuchet MS","sans-serif";color:black'>Technology Coordinator<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:10.0pt;font-family:"Trebuchet MS","sans-serif";color:black'>Franklin-Springboro Public Library<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:10.0pt;font-family:"Trebuchet MS","sans-serif";color:black'>44 E. Fourth Street<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:10.0pt;font-family:"Trebuchet MS","sans-serif";color:black'>Franklin, OH 45005<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:10.0pt;font-family:"Trebuchet MS","sans-serif";color:black'>Office: (937) 746-2665 ext 116<br>Fax: (937) 746-2847<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:10.0pt;font-family:"Trebuchet MS","sans-serif";color:black'>Email: <a href="https://mail.oplin.org/webmail/src/compose.php?send_to=morrisch%40oplin.org"><span style='color:black'>morrisch@oplin.org</span></a><br><a href="www.fspl.org"><span style='color:black'>www.fspl.org</span></a></span><span style='font-size:10.0pt;font-family:"Trebuchet MS","sans-serif"'><o:p></o:p></span></p><p class=MsoNormal><o:p> </o:p></p></div></body></html>