Don't get mad about employees' Web choices---limit them
A proxy server is simply a program that lets a webmaster replicate and filter Web
content based on the needs of the organization. Internet service providers rely on proxy
servers to cache frequently used documents, thus conserving bandwidth and reducing client
response times. But proxy servers also are also turning up in large intranets and at the
Internet gateways of government departments.
Install a proxy as a control point right at your Internet gateway, either on the gateway
machine itself or on a separate computer outside your firewall. Then you must configure
the Web browser on each user's desktop to point to the proxy for all Hypertext Transfer
To configure Netscape Navigator clients, for example, look under the Options menu. Select
Network Preferences and go to the Proxies tab, where you can set an automatic proxy
Now all uniform resource locator requests will pass through the proxy machine rather than
going out directly to any other server. To enforce use of the proxy, shut down all
outbound connections to the Internet except those through the proxy server.
You impose rules on the proxy server through dialog boxes or pull-down menus to permit or
refuse connections based on domain name, URL or a wildcard. For example, to ban access to
all files on a nasty site that you've identified, you'd list http://*.nastysite.com/*.
How do you know where to banish access? You can review traffic patterns yourself and
decide where abuse is occurring, or you can subscribe to a service that rates Internet
For an example of how this works, check out the Recreational Software Advisory Council's
site athttp://www.rsac.org/. To learn how other
governments handle the problem, see Great Britain's Department of Trade and Industry page
on rating, reporting and responsibility at http://www.dti.gov.uk/ safety-net/r3.htm.
Meanwhile, the other proxy function is equally intriguing. Cache configuration makes your
gateway operate more efficiently. For example, you could download whole sites during
low-traffic periods, essentially letting one office mirror a set of files from another
You can also use secure reverse proxying, which lets a proxy server act as an intermediary
to outsiders. When visitors request a popular document, they actually get a copy that's
cached outside your firewall.
To test a public-domain proxy server, download a Unix program called Squid from ftp://nlanr.ner/pub/squid-1.0.
Or look into the Apache Project, a volunteer group effort to provide a powerful
public-domain HTTP server with a proxy option. Visit http://www.apache.org/info.html for
information and to download pointers.
Netscape Communications Corp. has a proxy server that's extendable with an interface for
plug-ins and interaction with other Netscape products. Information appears at http://home.netscape.com/inf/comprod/ server_central/product/proxy/index.html.
Finally, if you'd still prefer commercial filtering software to limit what users see,
check out products like like Spyglass Inc.'s Surfwatch at http://www.surfwatch.com/ or Microsystems
Software Inc.'s Cyber Patrol at http://www.microsys.com/cyber/.
Shawn P. McCarthy is a computer journalist, webmaster and Internet programmer for
GCN's parent, Cahners Publishing Co. E-mail him at firstname.lastname@example.org.