Using a paid service as a global http proxy

We use Smoothwall, but it is definitely not free. It replaced our firewall/local filter and global proxy for iPads. Their support is pretty good, getting all the kinks worked out did take some time but I think that's gonna be the case with any filter/firewall vendor change.

Previously used Lightspeed, which wasn't terrible, but Smoothwall seems to be more flexible.

After digging into this a little bit, it looks like that global HTTP setting can just be configured with a little bit of Javascript. I think we're probably just going to host our own and point the iPads at that.

The code that Weblock uses is very similar to what's in the Wikipedia article on proxy auto-config.

Yeah the pac file is the easy part, Smoothwall built ours for us. It wasn't clear if you already have a local firewall/filter/proxy already in place or not but you'll need one to point that pac file towards.

If you decide to put an open source proxy together I'd just caution please please document the crap out of the process you build it yourself and make sure it works really really well before implementing it. Imagine a worst case scenario that whatever you throw this on dies during a testing day or something similarly critical, and no iPads can access the Internet because you've forced them to go through a proxy that doesn't exist at the moment for whatever reason. Oh yeah, and you're on vacation or you took a promotion somewhere else and the team trying to figure it out is stuck with a pile of iPads that can't get online, talk to Casper, etc.

That's the biggest benefit of paying for critical services - its stable, consistently updated, and there's an 800 number and people who are highly skilled at helping when shit hits the fan.

For what its worth our mobile proxy gets about 6,800 requests/minute and median service time is about .2 seconds for roughly 1,200 iPads on a 1Gb/s Comcast line.

I think we're leaning towards using no real proxy, and instead a manual blacklist. Here's what I came up with this afternoon after looking at other examples:

function FindProxyForURL(url, host) {
if (dnsDomainIs(host, ".badsite1.com")
  ||dnsDomainIs(host, ".badsite2.com")) {
return "PROXY 8.8.8.8:53";
}
else {
return "DIRECT";
}
}

Apparently there's another district in the area doing it this way and our Apple state-wide rep suggested this yesterday.

We're a happy iboss user. I can't imagine in a million years trying to manage a black or white list.