The scourge that is WebMarshal June 5, 2007 10:56 PM   Subscribe

Our employer gives us an allocated amount of personal browsing time every day, which is filtered by WebMarshall. Metafilter is normally my prefered surfing choice, but WM must have picked up an excessive number of references to s-ex, pr0n, and other filth on the blue, (and also the Human Relations category of AskMefi kicks up the "Blocked: Pr0nography" page as well. Normally I'd just http://ip.address/ to work around that, but with metafilter that just redirects back to Lynx via telnet/ssh is painful at best, especially for image heavy links. Any functional suggestions? (asking the sysadmin to unblock a site flagged as pr0n is just tempting fate). DNS/domain work arounds? I'm prepared for all the "get back to work!" comments on this post too... It seems that even mild references to human anatomy send WebMarshal into a furious rampage blocking even some news sites. :-(
posted by chrisbucks to MetaFilter-Related at 10:56 PM (25 comments total) 1 user marked this as a favorite

oh :( formatting fails me.
posted by chrisbucks at 10:57 PM on June 5, 2007 [1 favorite]

Proxies. Tor. Wayback Machine. Google Cache. Coral Cache. SSH port forwarding. Get back to work.

(Accessing a site by IP address breaks name-based virtual hosting, which means it will only ever work for sites large and prominent enough to be the only thing hosted on that address, which is an extremely tiny fraction of total sites. Or in other words, "that's not expected to work.")
posted by Rhomboid at 11:38 PM on June 5, 2007

I bet it was the word piss on the sidebar which done it1.

1. Not really2.
2. Well, it'd be satisfying if it were true, I admit.
posted by Ethereal Bligh at 11:49 PM on June 5, 2007

If you've got a box you can SSH to, set up a proxy using PuTTy. You can have Firefox automatically proxy certain sites with FoxyProxy. If you want to get really fancy, you can do the whole thing with Portable Firefox so there's no trace left on the machine.
posted by team lowkey at 11:54 PM on June 5, 2007

Well, it'd be satisfying if it were true, I admit.

I'm gonna stab you so dead.
posted by Krrrlson at 12:48 AM on June 6, 2007

Wow, even the old fake subdomains redirect to www. Matt, that should be fixed, mayhaps.
posted by Plutor at 3:51 AM on June 6, 2007

If http://ip.address works, at what functional level is your nanny blocking the site?

If the IP address works, but you need the http request to be to '' for the virtual host to work, you can bypass the DNS lookup by adding to your /etc/hosts file. It's worth a shot -- it depends on whether or not the nanny is blocking based on the domain name lookup or the HTTP request headers.

The ssh tunnel or web proxy is the general solution for what you're willing to do. It's also a very handy thing to have up, in case you ever find yourself on a public computer or public network.
posted by cotterpin at 5:13 AM on June 6, 2007

Basically everything is tunneled through a proxy which checks against an allow list, presents you with a page with a button on it saying "grant temporary access" and it opens access to that site for X many minutes.

http headers I'm expecting, since it only blocks '' but nothing else on that subdomain (yet). I already use ssh to access a account which gives me Lynx, maybe I'll try going a step further as team lowkey suggested (cheers!).

[8 hours alone with no pre-set tasks until the phone rings. Played Civilization to death, Civ 2 isnt proving any more entertaining, SlashDot (and now MeFi) is blocked. Theme Hospital causes BSOD. :-( ]
posted by chrisbucks at 5:40 AM on June 6, 2007

Perhaps if we were to run a phased inversion pulse through the main deflector, this might cause a cascade on the relay induction coil, and then we could bypass the secondary circuits to unphase the initialization drive routine? That should allow you to view the pages via the ip address.

It'll take me a few hours to hook everything up, but this just... might... work!
posted by blue_beetle at 8:30 AM on June 6, 2007 [4 favorites]

Computer, end program.
posted by Ethereal Bligh at 8:34 AM on June 6, 2007

Personal VPN through SecureIX is pretty good for this sort of thing. The free servers are a bit slow during peak hours, but you can cherry pick the one thats got the least users on it before you connect.
posted by tracert at 9:08 AM on June 6, 2007

It'll take me a few hours to hook everything up, but this just... might... work!

You have 30 minutes.
posted by !Jim at 11:43 AM on June 6, 2007

It'll take me a few hours to hook everything up, but this just... might... work!

You have 30 minutes.

Make it so.
posted by arcticwoman at 12:02 PM on June 6, 2007

Can we argue with the nanny tech that blocks MetaFilter? How can a site with no pictures or charts be pornographic?
That there is vulgar language is undeniable, but some of the sites posted to the blue are edifying. Should those good things balance the street language?
posted by Cranberry at 12:11 PM on June 6, 2007

Nanny programs don't care about balance, they care about giving the subscribers plausible deny ability.
posted by Mitheral at 12:35 PM on June 6, 2007

Plausible deniability.
posted by team lowkey at 1:05 PM on June 6, 2007

Deniable Plausibility?
posted by blue_beetle at 1:56 PM on June 6, 2007

I keep checking this site, and every MeFi site I check is listed as only "Newsgroups / Bulletin Boards / Blogs." Even the human relations category or individual questions are marked under only that category.

Perhaps your workplace is blocking the Blog category? If not, find the sites that are blocked and use that website to resubmit what it should be. Worked in my high school when they blocked Yahoo.
posted by ALongDecember at 2:09 PM on June 6, 2007

They list that they are using is probably a customized list, sites will be fine for a while until (eg: human relations) the filter comes across the words 'sex' or 'erection', or some snarky comment contains "fuck" etc. So it's setup to automatically add sites that it filters.

Normally it says "site is blocked under "General Sites"" then has a button which you click which gives permission for a set period of time. But if the filter picks up something that doesnt fit with 'family values and common sense" then it comes back blocked next time you try to access it.

The story about the polevaulters-lawyer-dad with the court victim who was a pole-dancer-thing must have set it off for the blue page :-P
posted by chrisbucks at 7:55 PM on June 6, 2007

Chrisbucks is right, the domain will have triggered a rule that says "If the page contains ((badword)) or links to ((known bad site)) add it to ((blocked sites)) category.". As others had said, this also happens to most news sites after a while.
You will need to convince the admin to add to a known list of good domains.
posted by AndrewStephens at 11:05 PM on June 6, 2007

Tunnelier makes the proxying through an ssh host extremely painless. Set up the host & login name to your ssh server, enable SOCKS/HTTP Proxy Forwarding on the services tab, tell your your browser to use a socks proxy (tools/options/advanced/network/connection) at the listen ip & port tunnelier says its using on that tab.

Adding Foxyproxy lets you tell everything to default to that proxy and have a No Proxy entry that you whitelist things on, like your internal 192.168.* network, or company resources.

So I've heard, anyway.
posted by phearlez at 11:05 AM on June 7, 2007

Nothing against Tunnelier, but PuTTy is just as easy with the added benefit that you don't need to install it on the computer. It is just a stand-alone executable. So you can still use it even if you're at a machine that you're not allowed to install software on. You don't even have to configure a profile, if you don't want to. Create a batch script in the same directory as putty, with this command in it:

putty -D 8080

That "-D 8080" is all it takes to make PuTTy into a SOCKS proxy listening on port 8080. On my own machine, I have FirefoxPortable (with FoxyProxy and all my other favorite add-ons) in the same directory as putty, so I simply add FirefoxPortable to the batch script. I click my secure_browser.bat, enter my password, and I'm done. One-click tunneling. You can carry around the whole shebang on a USB key, and never need to install anything.
posted by team lowkey at 1:00 PM on June 7, 2007

I can't give a definition of Human Relations, but I know it when I see it.
posted by ikkyu2 at 7:46 PM on June 7, 2007

Tunnelier can run off of a thumb drive too. Just saying.
posted by caution live frogs at 9:20 PM on June 7, 2007

IMHO it's because of the names of the HTML (or PHP or whatever) files. "Nazi Cumshot", FFS? Are you trying to get people fired?

Couldn't we just have a unique numerical ID generated?
posted by aeschenkarnos at 5:18 AM on June 8, 2007

« Older Wasn't there a post about dry ice and ethenol...   |   Is this really necessary? Newer »

You are not logged in, either login or create an account to post comments