Small Update on Content Filtering

While reviewing and compiling notes on the firewall policies for some yet-to-be-deployed equipment, it occurred to me that there was a potential security flaw in our content filtering and caching server.

Before, if you sent an e-mail or visited a web site, the IP address of the computer that made the request was the IP address of the server, not the client computer.

As of today, this has been changed for two important reasons:

1. Some sites may require the actual IP address of the computer being used to access the site.

2. If someone is using a public access computer to commit a crime, the trail won't dead-end at the content filtering server.

The second reason is especially important since it can save a lot of time tracking down a potential culprit without having to log into the server, go through the log files and even temporarily change how things are logged, and then change back when things are over.

How does this affect a patron's privacy? Simply put, it doesn't change it. All that's been done is that instead of showing only the caching server accessing a site, it now shows the address of a specific public access computer.