California Educational Data Processing Association
     Selected by PC Webopaedia
The DataBus - Vol. 36, No. 1
December, 1995-January, 1996

Internet Access Control Using Proxy Servers

Resources: Firewall, software work best with a good Acceptable Use Policy.

Addison Ching

Web browsing client programs such as Netscape allow client computers to surf the web unencumbered. Any web page that is requested by the client is automatically accessed and retrieved by the client without regard to content or appropriateness. However, this flexibility also provides a means of accessing web sites and pages that might be considered inappropriate for classroom use. A Proxy Server can be used to limit access to some of these undesirable sites.

A Proxy Server is a World Wide Web server that acts as the sole web server for your entire domain or whatever clients you place behind the firewall, a logical block between your clients and the rest of the Internet. The proxy server usually sits on your firewall and intercepts all web requests coming from clients within the firewall. If the web page request is not on the proxy server's access control list, the request is processed normally and the retrieved web page is sent back to the requesting client. If, however, the requested web page or web site is on the control list, the client instead receives a message indicating that the URL is not accessible or not valid.

Your network must be set up such that clients needing access control must use the proxy server as their Internet gateway. This can be accomplished through proper router setup, placing all clients needing access control "behind" the firewall.

A proxy server can also improve your network's performance by functioning as a caching server. Using its cached web pages, the proxy server will serve already-accessed web pages to requesting clients without requiring outside access to the Internet. Consider the situation where a computer lab of twenty client computers is accessing the web under the direction of the teacher. The teacher instructs all twenty students to type in the address (URL) of the web page to be accessed. At the moment all twenty ENTER keys are pressed, twenty separate requests for that same web page are initiated, and twenty separate copies of that same web page are retrieved and returned to the classroom.

Using a proxy server, the same twenty web requests are handled more efficiently. Only the first request to reach the server actually causes that web page to be retrieved, and only if it is not already stored in the server's cache. When retrieved, that web page is sent back to the requesting client and is also cached on the proxy server's hard disk. The remaining 19 clients that requested that same web page are served instead from the proxy server's cache, thus avoiding unnecessary duplicated requests and delays from cyberspace.

Setting up a proxy server is relatively simple if your server supports proxy operation. However, maintaining the access control list can be a daunting task. While most proxy web servers can accept domain names, individual page names, or wildcard URL specifications, actual identification of inappropriate web sites and pages is like shooting at a moving target. As old, already-documented sites disappear, new ones appear. There are no public clearinghouses, per se, of sites or URLs that contain material that might qualify as "questionable" in the instructional setting. Additionally, the creation of such sites could possibly result in legal challenges. While some vendors market client-based products that will block access to objectionable sites, the updated lists they provide through subscription are designated to work with their product only.

A sampling of web sites that might qualify for access control lists might be obtained from several, public sources. Classified advertising in many popular computer magazines now includes Internet addresses. Internet yellow page listings sometimes contain references to "AO" material. Usenet newsgroups that specialize in adult topics most likely will contain some references. Cybersurfing is another method of collecting URLs for an access control list. YAHOO can also provide some sources.

Proxy servers are not a panacea. It is virtually impossible to document all sites and/or web pages that have material that might be considered inappropriate for the instructional setting. Proxy servers will not prevent "questionable" material from being downloaded as an e-mail message or as an attachment to an e-mail message. They cannot prevent objectionable material from being transmitted and received during a "chat" session. They cannot filter out material that has been placed on a web server behind the firewall and they cannot filter out material based solely on textual content.

Proxy servers can, however, provide a greater level of access control than that which exists with unrestricted browsing clients. Proxy servers can also make the process of accessing web pages more efficient for your agency. However, proxy servers are best used in conjunction with a strong Acceptable Use Policy that addresses what material is and is not appropriate to access, and what the consequences will be if the terms and conditions of the AUP are violated.

Return to December-January index