[plug] Prevent downloads

[Craig Ringer]

> Not that Ive done it myself (hopefully someone can fill in the blanks) but I
> believe you should be looking at Squid, some transparent proxying iptables
> rules, and some squid configuration ......

Doubt his proxy runs squid, sounds like some dedicated proxy weirdness.

Even if it does, or has similar ACL functionality, any efforts to 
prevent users from downloading games, etc will also block legit things 
due to the nasty tendancy toward executable compressed archives in the 
'doze world.

You can only really block on MIME type and/or file ext at the proxy, and 
alas there's no application/x-windows-game-executable MIME type ;-)
You can't block .exe unless you want to prevent legit access to those 
awful self-unpacking archives (I'd do it anyway, but I'm a bit BOFH-ish 
at times). You can't block .zip for similar reasons. Basically, its not 
practical to do it at the proxy side IMHO unless your 'net access is for 
/very/ restricted purposes anyway.

>>I was asked how the coordinator could prevent casual computer users (school
>>kids and tourists) from downloading applications like games, Real Jukebox,
>>etc, from the Internet .... and I can't think of a quick answer.

You might be able to do it client-side on the '98 boxes using windows 
security policies (poledit.exe). Look at MS's knowledge base for more... 
but if you want something that will stop someone who is technically 
literate and has a brain, you're out of luck. On win98 security policies 
can be disabled by bringing poledit in on a floppy disk, you'd need 
win2k and users running as "restricted" to have a hope in hell.

Its night impossible to secure windows against local users w/o making it 
pretty unusable, unfortunately. See how you go.

Craig