[WEB4LIB] blocking the use of webmail on a public access pc

Chris Murphy chrism at thecommunitylibrary.org
Sat Jul 7 15:16:16 EDT 2001


Galway Library wrote:
> We wish to block the use of webmail or web based email on a selection of our
> pcs. How is this best achieved? ...

Our library uses a modified version of an "automatic proxy configuration file", a javascript filter that can be used with both Netscape Navigator and Internet Explorer. I adapted the approach of Tim Kambitsch at the Dayton, Ohio (USA) public library:

http://www.dayton.lib.oh.us/~kambitsch/netscape/bogus-proxy-server.html

To block web email, I transposed the code in Kambitsch's "bogus proxy server" to allow Internet surfing while eliminating access to web email. This application is working for us, is free and relatively simple to install and maintain, and can be used either locally or on a network.

For the record, our Internet workstations are running Windows 98 on a Windows NT 4.0 network. As an former Unix hack, I use several Unix-like utilities ported to DOS/Windows (available as shareware) and called through scripts/batch files to help maintain and update the filter.

Our javascript filter resides on a network server and contains a black list of URLs currently numbering ca. 1200. Each browser is set to go through it at startup. 

If a user attempts to access a black listed web email site, the proxy file intercepts the request and redirects the request to a server that returns an Error 404 (File Not Found) message. If the site is not in the list, the request continues on to a DNS server.

Because the filter works on the "black list" principle, you need to populate the filter with web mail URLs. This is not as difficult as it sounds. I populated our list originally by extracting web email URLs from pages returned by search engine searches for web email sites.

To update the filter, I generate a list of attempted and successful requests for email URLs by

1) copying the history files from the various Internet workstations (on Win98 PCs, Navigator 4.x uses netscape.hst, and IE5.x hides its history file in c:\windows\history\history.ie5\index.dat)
2) using Unix-style utilities to extract email URLs, e.g.,

   strings netscape.hst | grep mail | sort | uniq -u > urls.txt

[If you are not a Unix/Linux user, "strings" is a utility to extract ASCII text a non-text file specified as an argument, "grep" extracts lines containing the specified character string (mail) from the file, "sort" alphabetizes the input, and "uniq -u" eliminates the duplicate lines from the file. Each "|" pipes the output from the utility to the next utility instead of sending it to the screen, and ">" is used to redirect the output to a text file.]

The proxy configuration file is a text file which makes it simple to edit with new URLs. The new file is then copied to the server.

Not all email URLs contain the English word "mail", although many non-English sites do. In fact, our library serves a diverse international population due to our resort location (Sun Valley, Idaho), so I periodically search for the word "mail" in other languages.

You can let your patrons do the work of providing you with email URLs by extracting them from the history files for a period of time before you activate the filter. This can provide you with a starting list of those most commonly used at your library.

I also successfully tested Junkbuster, the advertisement blocking freeware from http://www.junkbuster.com, as an alternative to the javascript proxy. Junkbuster worked equally as well on our systems and might be better for some.

Of course, for all this to work, you need to secure your browser and PC against configuration changes. We use WinSelect to secure IE and Navigator. To secure the PCs we use DeepFreeze, HDD Sheriff, or Centurian Guard. The latter three products freeze a configuration by preventing permanent changes to the hard disk. They are one reason we use Win98 and not NT for the Internet workstations. There is no need to go through a shut down process; if there is a problem, or at the end of the day, simply turn off the computer. The PC starts again with its pre-determined settings (including blank browser history files).

WinSelect and Deep Freeze:
http://www.hypertec.com

HDDSheriff:
http://www.hdd-sheriff.com
http://www.jungsoft.com (Note: Korean site)

Centurion Guard:
http://www.centuriontech.com (we purchased directly from manufacturer)

As a final note, we use an integrated approach to management of email in the library, and the above is only the technical aspect of it. We defined why we wished to prohibit email, developed a policy addressing our decision, developed procedures for informing patrons and dealing with those who accessed email sites not in our blacklist, coordinated with other organizations locally, and provided handouts with locations, prices, and maps showing alternate locations where people could find public computers for accessing email.

Hope all this helps,

Chris Murphy

-- 
Christopher Murphy
Information Systems Manager
The Community Library, Ketchum, Idaho
chrism at thecommunitylibrary.org
(208) 726-3493 x111


More information about the Web4lib mailing list