8e6 R3000 Content Filter
Grant Wood AEA Participating Sites
Administration and Customization Notes
7/7/2005 Updated 7/10/2007
Step 1. Verify that your network is being filtered.
Open your browser and try to access a site that is blocked in the General Pornography category such as http://www.playboy.com (make sure no one is looking over your shoulder … just in case). You should get the default block page showing “Access Denied” in the General Pornography category. If you get anything else, contact Mike Hauer at 319-399-6788.
Note that 8e6 has changed the default block page. It is less conspicuous than the old one and contains more useful information. You can have your own custom block page as described in step 7 below.
Step 2. Review the new library groups and categories on the R3000.
8e6 has added many filtering categories and organized them into general groups. Some of the new categories that most sites will want to block are:
Peer-to-peer File Sharing (Bandwidth group)
Instant Messaging (Internet Communications group)
Malicious Code/Spyware/Virus (Security group)
School Cheating (Illegal/Questionable group)
You can find a list of all the categories with short descriptions here: http://8e6.com/products/datab/pd_86db_categories.htm. If you customize your profile as described later in this document, you will want to make sure you have a the following categories blocked at a minimum:
Child Pornography (Adult Content group)
Pornography/Adult Content (Adult content group)
Web Based Proxies (Security group)
Web based proxy sites can be used to mask the IP identity of the browser and effectively bypass the content filter, so make sure you always block that category.
Step 3. Prepare your computer to use the R3000 Administration GUI.
Important: Your browser’s popup blocker must be turned off when using the R3000 Administration GUI.
You will need a Windows machine with Internet Explorer. The R3000 Administration applet requires a browser plugin and the Java runtime environment from Sun Microsystems. Make sure your browser security settings are set to allow installation of ActiveX controls and applets. If you are using Windows NT, 2000 or XP, make sure you are logged on as a user with administrative rights on the local machine.
The URL for the R3000 GUI is: http://r3000.gwaea.org:88. The first time you access this URL, you may be prompted to install the Java Runtime environment by Sun Microsystems. This is a typical Windows installation dialog. Follow the prompts to complete the installation. Once the Java software is installed, minimize, but don’t close the R3000 Introductory window. You should now see the logon prompt. Log on with the group ID and password that was e-mailed to you.
NOTE: The default configuration of the Java Runtime environment does not allow copying and pasting into the Java applet. You will want this capability for managing your exception URL’s. To enable the clipboard features, you need to manually edit the file named “java.policy” with Windows Wordpad (don’t use Notepad). You should find this file in folder C:\Program Files\Java\j2re1.4.2_06\lib\security. If you don’t find it there you will need to do a search for the file named java.policy. If you have more than one file, make sure you update the one that was installed with this software.
About 6 lines down in the file you will see a line that has “};” on a line by itself. Insert the following 3 lines after this line. You can insert a blank line before and after the new lines to keep them separate from the rest of the file.
permission java.awt.AWTPermission "accessClipboard";
Save the modified version of the java.policy file, then close and re-start the R3000 GUI interface using the URL given above. You will now have cut and paste capability in the Java applet.
Step 4. Change your logon password.
In the R3000 application window, click on “Group” in the task bar at the top of the window. Then in the left hand pane, expand the navigation tree by clicking on the “+” next to “IP”. Click on your group name and select “Group Details” from the menu. Enter your new password in both boxes and click the “Apply” button.
Step 5. Review and customize your subgroup filtering categories.
In the R3000 application window, click on “Group” in the task bar at the top of the window. Then in the left hand pane, expand the navigation tree by clicking on the “+” next to “IP” and on the “+” next to your group name. If you have more than one IP subnet, you will have multiple subgroups, and the filtering categories must be set separately on each one. Click on the subgroup you want to review, and select “Subgroup Profile” from the menu. Under “Available Filter Levels” you can select a predefined rule or “Custom” to select your own custom set of filter categories. Your subgroups were initially set up based on what you had in the old R2000 system plus some of the new categories I assumed you would want blocked. In the “Rule Details” box, expand each group to see the individual categories. You can double click in the “Pass”, “Warn” or “Block” columns to select the desired policy for that category. In general, you will want a check mark in the “Block” column for each category that you want to block and a check in the “Pass” column for each category that you don’t want blocked. Note that “Warn” will cause the block page to appear with a warning that the site “may be against your organization’s filtering policy”, but the user will have the option to continue to the site. Once you have your list set the way you want it, click the “Apply” button.
The predefined rules are as follows.
Rule 0: Minimum. This lets everything pass, but does log the sites visited. Not recommended in normal situations
Rule 1: Bypass. This lets everything pass and does not log the sites visited. Not recommended.
Rule 2: Pornography. Blocks child and general pornography. Not recommended because Public Proxies are still open.
Rule 3. Blocks Child Porn, General Porn and Instant Messaging. Not recommended because Public Proxies are still open.
Rule 4. Blocks Child Porn, General Porn and Public Proxies. This should be the minimum rule selected in normal situations.
Rule 5. Blocks Child Porn, General Porn, Public Proxies, Peer to Peer, Malicious Code and School Cheating. This is the recommended rule if you want Instant Messaging enabled on your network.
Rule 6. Same as Rule 5 with Instant Messaging also blocked. This is the recommended rule if you want Instant Messaging blocked.
Rule 7. All objectionable categories. This rule is very restrictive. It is not recommended because it will create a lot of complaints from your users and cause you to maintain a large list of Exception URL’s.
Use one of the predefined rules if it fits your school’s filtering policy. Otherwise, select the rule that is the closest fit and add or remove categories as described above to create your custom list. When you are finished, click the “Apply” button.
Step 6. Review and customize your subgroup exception URL’s.
Exception URL’s are used for two purposes. They can be used to block specific sites that are not included in any of the supplied library categories you are blocking. They can also be used to open up specific sites that are included in one or more of the categories you are blocking. It is best to keep your exception lists as short as possible and use the library categories for blocking instead. Extremely long exception lists can create a delay in the R3000 performance, allowing blocked sites to respond before the R3000 can send out the block page.
You can look up specific URL’s to see if they are contained in any of the 8e6 library categories. In the R3000 application window, click on “Library” in the task bar at the top of the window, then click on “Library Lookup” in the navigation tree. Type in the complete URL you want to test, including the http:// prefix and click the “Lookup” button. I encourage you to re-test all your exception URL’s and remove any of them you no longer need.
To customize your exception URL’s, in the R3000 application window, click on “Group” in the task bar at the top of the window. Then in the left hand pane, expand the navigation tree by clicking on the “+” next to “IP” and on the “+” next to your group name. If you have more than one IP subnet, you will have multiple subgroups, and the exception URL’s must be entered separately for each one. You can copy a URL from one subgroup and paste it into the exception list of another subgroup.
Click on the subgroup you want to customize, and select “Exception URL” from the menu. The top pane shows the URL’s you are blocking and the bottom pane shows URL’s you are allowing to pass. To remove a URL from the list, highlight it, then click the “Remove” button. To add a URL, type the complete URL including the http:// prefix and click the “Add” button. Once you have made all your changes, click the “Apply” button at the bottom of the window. Don’t forget to click the “Apply” button or you will lose all the changes you made!
To copy a URL from the list (for pasting to another subgroup), highlight it and press the Ctrl/C key.
Step 7. Redirect the block page to your own URL (optional).
If you have your own “Block page” instead of the one supplied by 8e6, you will need redirect the block page to your own URL. In the R3000 application window, click on “Group” in the task bar at the top of the window. Then in the left hand pane, expand the navigation tree by clicking on the “+” next to “IP” and on the “+” next to your group name. If you have more than one IP subnet, you will have multiple subgroups, and the redirect URL must be set separately on each one. Click on the subgroup you want to change, and select “Subgroup Profile” from the menu. Click on the “Redirect URL” tab. Change the selection from “Default Block Page” to “Custom URL”. Type in your complete block page URL including the http:// prefix and click the “Apply” button.
Step 8. Log off from the R3000 applet.
You can log off the R3000 applet from any window by clicking on “Quit” in the task bar at the top of the window. You can then close the R3000 Introductory window in your browser.
Ongoing Management of the R3000 Content Filter.
Once you have the subgroup profiles and exception URL’s configured to match your school’s filtering policy, the R3000 requires little ongoing management. You can always log in to the R3000 and change your subgroup profiles or exception URL’s using the methods described above. Changes you make take effect immediately.
New library updates from 8e6 are applied automatically to the 8e6 filtering categories. This update cycle occurs daily, usually between and . The 8e6 Technologies company is very aware that new sites come on-line every day and they have been very quick to respond when these sites are reported to them. If you find a web site that you don’t want your students to access, you can block it immediately by adding it to your exception URL list. If you believe the site should be blocked by one of the library categories you are blocking, please report the site to 8e6 for review. They almost always respond to your request within 24 hours. To report the site go to this URL http://www.8e6.com/submit and fill out the form. For the organization name, use “Grant Wood AEA” instead of your school name. Use your own e-mail address so the 8e6 review team can respond to you directly.
Similarly, if you find a site that you think is incorrectly categorized and is being blocked, you can open it up immediately for your users with the exception URL’s. Again, please report this to 8e6 for review so they can make the correction in their library database.
If the 8e6 review team agrees with you on the URL’s you submitted, they will send an e-mail response and include the correction in their next library update. Give the update cycle a day or two to complete then remove the exception URL from your list and test the site to make sure the change has taken effect. As described above, it is best to keep your list of exception URL’s as short as possible. If the 8e6 review team does not agree with you about the site you submitted, they will respond by e-mail giving the reasons why. In this case you will want to keep the site in your exceptions list.
There are many features and capabilities in the R3000 that are not covered in this document. You can find the group administration section of the user’s manual here: http://www.gwaea.org/R3000/R3000Group.pdf and the complete user’s manual here: http://www.gwaea.org/R3000/R3000.pdf. Contact Mike Hauer (319-399-6788, firstname.lastname@example.org) if you have questions or need assistance with the R3000 setup.