Monday, September 11, 2006

A hard time with WebSense

A formal introduction to websense.

Websense, Inc. is the global leader of internet filtering and a premier provider of internet security software trusted by organizations worldwide with over 24 million seats under subscription. Websense products increase web security and employee productivity ( ?? ) through internet policy enforcement.

I think, its a good and pretty effective way to block access to lots of explicit sites either at workplace or an institution, and its certainly a lot better than simply restricting sites on the basis of keyword match in the urls.Kshitij is the annual Techno-Management fest at IIT Kharagpur, and two years back access to Kshitij site was blocked to IIT Kharagpur students because of the url keyword filter which was then recently added.

Websense outperforms all other blocking methods available till date but I was really pained to see my company being one among those worried institutions to install websense. On my first day at job, almost 90 percent of all my typed in urls were blocked by websense. And my daily surfing which includes Orkut, Netvibes, Orkut, Gmail, Orkut, Gtalk was reduced to Netvibes only.

For some days I kept track of my gmail messages through gmail feed , where I could see people scrapping me on orkut but still not able to do anything about it :-( .

I googled a lot for list of anonymous proxies and ways to access gmail and orkut, but access to kproxy, phpproxy blah blah all came under the websense category "Anonymous Proxies". A day later my manager called me up and showed me the list of all the blocked sites I was trying to access. This was a real bouncer for me and a realization as how much strict my company is over such policies.

Luckily, I had an access to a global ip and a webserver, where I can install stuff and well to my joy it dint fell under any websense category :) . I later installed PHProxy over there and did get access to my 80 % of websense categorized urls. Though its a very clean script and ready to run, but it does not support ssl/https connections. So still no gmails and orkuts for me.

My second try was a quite successful one but not the most convenient. I installed lynx ( its a command line http browser)on my global server and for a next few days I was all over orkut and gmail through ssh. SSL support is disabled by default in lynx, so as to enable https/SSL you will have to configure it with "./configure --with-ssl' flag.

Lynx was the most successful way till then but still very annonying sometimes, when the remote server is down or the bandwidth is all screwed up due to rain or clouds .

Next breakthrough was when I came across CGIProxy . No installation is required, its an amazing piece of work. All you need is configuring your webserver to allow execution of cgi scripts. Or simply put this in your cgi-bin and for most of the servers no configuration is required. CGIProxy does support https/ssl connections but you need a couple of packages on your system.

1. OpenSSL ( well most of the machines have this installed )
2. Net::SSLeay - A Perl module to interface with OpenSSL

As soon as you install Net::SSLeay, cgiproxy picks it up automatically and you can start browsing all kind of pages over the net.

Word of Caution: SSL/https is a way to secure your information over the internet, passwords and user information sent over the wire through https is encrypted at browser end and can be understood only by the server for whom it is meant.
So if you are using any kind of proxy scripts to access sites which require https or user/password login, you are risking your privacy to a great extent. Your username and passwords would be sent to the proxy server as a plain text and it would be encrypted only after that.

Gtalk, Yahoo IM can be accessed through the following sites, for those who are struck by websense, I would suggest them to go the IP way. ;-)

www.meebo.com
meebo.netvibes.com
www.radiusim.com
www.koolim.com