Basically be able to override blocked sites with a username/password or strictly when your logged in to opendns, with a cookie of some sort?
40 Comments
40 Comments
Who voted for this idea
- pencoyd
- miked
- masa
- josh
- thejoker
- duhriddler
- hyper
- gamer8519
- lordkenthegreat
- jeffmccann
- infinity306
- dlbyrge
- flatlinebb
- shadow00caster
- Khürt
- coda_it
- network1254
- serussell
- comzip99
- Jamison Kissh
- hawk-mckain
- crcdatatech
- holden
- sndtech
- doyle_am
- freddy
- akulich
- danbedford
- Andrew Mayes
- dgmurdockiii
- hermdog
- Courtenay
- nhhcs
- Jason
- stemount
- newhopenet
- mcdave
- mkearl
- neilkelty
- gpisistemas
- davicavalheiro
- Michael
- ricky1146
- adbrem
- ikes
- mysteryfcm
- Ulrich
- fordred
- eclark4
- tjg50311
Comments
written by Ryan Craig 623 days ago
Rating: 3
| Rate Comment:
Then again, if a student got the password, you could just change it... or create a DNS resolution client for deployment across the network with different access levels.
sometimes people in my company are ereporting that some sites are blocked, but shouldn't. As admin, I'd like to check the sites BEFORE I whitelist them.
Now I'm checking the IP with nslookup and different DNS, and add this as HOSTS entry. After checking, I must remove it.
Before mentioned idea would simplify such tasks.
This would be very helpful in a public library setup.
written by stevendolinsky 639 days ago
Rating: 5
| Rate Comment:
This would be very helpful, even more helpful is if the Administrator of the dashboard could create individual accounts as to who has what access to which website. Even if they are group permissions. Although, this may be beyond the current scope of OpenDns.
written by michael.massey 638 days ago
Rating: 3
| Rate Comment:
what we do is have a separate proxy that admins can use that does not query opendns for is dns settings.
Thus firefox uses one proxy and IE another proxy.
When in IE I am using opendns and when I am in firefox I am not. I think that is a good setup for seeing if you believe it is blocked in error.
This would be good, but I would like to see any overrides in the stats, along with the machine name and timestamp to make sure this is not abused.
written by Homer T. Nacho Cheese 632 days ago
Rating: 4
| Rate Comment:
All this assumes that cookies can do what I am suggesting:
When a user gets to a blocked site, allow an admin to enter a password to allow the user in for x minutes. Set a cookie at that point that sets the end time. User now browses through an OpenDNS site that is serving the target web content in a frame.
Allow an admin to do this remotely. Admin logs into OpenDNS, enters the internal computername, username, or IP address of the blocked user. Then enters the domain or category to temporarily allow (or just open access, or allow to check a list of categories to remove restrictions from - we don't want to lift restrictions on porn or phishing sites). Then enter an expiration. Also, allow this to be a list of users with different combinations of unrestricted access and times. User(s) can now browse through an OpenDNS site that is serving the target web content in a frame. The cookie can check the local client against the settings remotely set.
I am not sure what the impact would be on the OpenDNS servers if the pages are served through OpenDNS web pages.
To take this a step further, you could schedule times or granted or open access using these methods.
Now, I am not an expert on DNS servers, but is it possible for the two OpenDNS servers return the target web page during scheduled times or during periods of granted access?
written by jack.r.young 630 days ago
Rating: 4
| Rate Comment:
Great idea, I would like the ability for a UserID + PWD override. A site might not be allowed for some family members, but admins could override on a per-request basis.
Overriding on a per-request basis will be hard, I think, due to local caches on the workstation. Remember: DNS is all about resolving a domain name into an IP number. Once the workstation knows the number, it does not need to ask the DNS server again (until the cache has expired). So, this feature would need all TTLs set to a small value (just in case some admin decides to change the settings) which will result in increased load and lower performance. Furthermore the DNS server would not be able to tell different computers using the same IP address apart, so when someone is allowed to get access, everyone using that internet connection will get access. Note that a browser will not hand out cookies to a DNS server.
Serving content into some frameset (within the opendns.com web site) requires a lot of additional bandwith, which I doubt the OpenDNS organisation can pay for -- but it might be some paid service though, especially for admin purposes or temporary access.
Whats to stop someone setting up their own OpenDNS account and using this password to get round this limitation? I would prefer a page on the dashboard that allows you to type in URL and open the page without it being blocked. (Might like to add this to the Domain Blocking routine as at moment if site is blocked and you are asked to classify it......)
What about a view of the page (with no links) under the Domain Tagging Tag. One should be able to see what is going on from the front page and if anyone hacked the account it would not be very useful.
The only probalem with you suggestion is that then opendns would have to act like a proxy and based on experience, proxies don't handle flash, java, or any music or video files too well.
To prevent someone from using their own account, only accounts tied to the particular network or main account should work, something like Comcast's subaccounts. The subaccounts could bypass certain categories but not change settings.
written by mattdonnelly 625 days ago
Rating: 1
| Rate Comment:
That's a fantastic idea for sure. I too monitor suitable web usage and would like an EASIER way to view the sites before i whitelist them. An admin logon should unlock the site, display it in a seperate frame, and the admin can click a "White List now" link on the top portion of the page. I like it.
written by danbedford 620 days ago
Rating: 0
| Rate Comment:
Would it be possible then, for a person to log in to their own personal OpenDNS account while using your content-filtered network, and then go to any site they want?
If so, logging in to OpenDNS on an OpenDNS managed network should require only admins of that network the ability to login to an OpenDNS account.
If I make a change in my blocked list, it takes "three minutes to populate the servers". How would a certain override take care of this issue?
I love the idea. K9 web protection has this feature, and I'd love to see it implemented in OpenDNS.
I thought you are able to view blocked websites when you doa cache check?
This is very good idea, at the moment I have some of my systems using the isp dns because I need those systems (like the bosses computer) to not be restricted at all. It would be nice to be able to create groups and then allow or deny according to that.
written by cafecorali 600 days ago
Rating: 1
| Rate Comment:
As others have mentioned already.. this idea would be great. Me being a network admin for a public network would be able to check sites before i white/black list them. Definately a very interesting idea. Maybe protect it with a login feature or just a pass on the fly when trying to access the site.
Cheers.
I have been thinking on how this could work and it strikes me that if it were to be routed through the open DNS servers the best way to do it would be to give the HTML content only (without images, flash or anything like that which is embedded in it) this would reduce the size but still give the admin a fair assessment of what the site is about I would have thought.
First, I would like to say this is an AWESOME idea and would come in handy in numerous situations. Do we have any idea if OpenDNS is working on this, or if they know if it's even possible?
I like this idea very much. I'm new to OpenDNS and have really been kicking the tires on it over the last couple of days. I've been checking the logs to determine if the sites so far prohibited are really a problem or not and then toggling categories based on what I'm seeing. Going forward, this idea would be great for quickly fine-tuning our white-list. Great product by the way.
written by whiteyboy5 572 days ago
Rating: 0
| Rate Comment:
I think this idea is a really good one, as long as you make sure that nobody gets ahold of your password, then it should be fine :)
An admin over ride feature would be welcome. I use OpenDNS to restrict content for my extended family ( we liver within a 30 mile radius of each other ). We all have kids in elementary school and want to prevent them from seeing things like Victoria Secret but the adults have a need to shop when the kids are in bed.
What I have seen implemented into other networks is the use of an override time limit. On the block page there are the boxes that ask for your username and password and then under that is a box asking for you to enter how long you wish to override in minutes. The second that the time is up, your override session is done. This is perfectly fine with cookies and I have seen it implemented on some very complex networks that span entire school districts.
I would like to see this idea used in *conjunction* with the "Multiple Dashboard Users" idea. They are both great ideas, but seem to go hand-in-hand.
The following scenario is the reason for this: What if some IT personnel have OpenDNS log-in permissions to check stats and work with the network, but you do not want this person to have free-reign to visit whatever site they wish? (Granted, they could probably just go change blocking settings, but this is also why permission levels would be useful)
In my mind, if you were to implement user dashboard permissions, the permissions for the dashboard would also apply to permissions for overriding blocked sites. I.e.: If you don't have permission to change blocking categories, you would not have permission to override blocked sites.
Do you have a timeframe for when this will be implemented?
written by uturnaroun 462 days ago
Rating: 1
| Rate Comment:
I support a way to override it with a username+password. I hope it comes soon.
Rather than trying to implement the high level functionality of a web gateway perhaps a lower level approach would be better, i.e. two sets of opendns servers, one set filtered and one set not filtered?
I would like this only if there was an option to turn it off/on in the dashboard
I absolutely love this idea and wonder when it will be implemented. It is frustrating for me to have to blanket block things for everyone in my family when all I want to do is keep my kids away. It pisses my wife off.
Excellent idea. Its the kids access I want to limit. There may be reasons why I or my wife will want access to hotmail etc, or messenger services or whatever, while wanting to avoid the kids getting into that.
Would it be possible to set up a facility, available only to admin level windows users, to temporarily set the DNS back to auto, for a time limited period, and password controlled. Kids logged on could only ever go through OpenDNS, but admins would have the choice of a temporary override, not simply per-request?
written by kinglandgroup 284 days ago
Rating: 1
| Rate Comment:
I had the same problem. Sometimes you want to verify sites that are blocked, or on your blocked stats list. Or you want to confirm a site that a user has requested to be white-listed. Or the boss needs you to get something off e-bay which is otherwise blocked.
Here's how I solved it.
I setup Squid on one of my test boxes. Then on that box I set it to use my ISP's DNS instead of OpenDNS.
Now in FireFox, I installed the FoxyProxy extenstion and set it up to include the squid box as one of my proxy options. Now a simple click on the Foxy Proxy icon and I can bypass our filtering. Of course you can setup ACL's on the Squid box so only certain users can access it.
Works great.
Sadly this can never happen because they have no way to just disable the filter for your computer in less there was some type of router program that is installed (maybe an addon for dd-wrt?)
-Chris
When will this feature be implemented as it was suggested almost two years ago!!!
The blocked-page bypass option will be available by the end of this year (2009). We will post updates on our blog and in our newsletter as it becomes available.
Sign in to comment or register here.
Its a good idea, like when a site has come up on your stats and you want to find out if it is OK, but don't know if it ok as it is blocked. Would save having to white list it.
The only problem is it would be need to safe, if a student at a school, for example, got hold of it - they could go on any website.