Questions[websense](server)

Howdy: My company uses WebSense with MITM SSL intercept and it works, well quite badly. Some tools detect that the certs are forged and complain bitterly or just don't work at all.

Honesty is the best policy - I believe that if I configured systems to use a SOCKS proxy that I could solve some problems in that the apps would know they were being proxied but I'm having difficulty finding material that answers my questions.

If I configured WebSense to support SOCKS5, configured IE/FF/Chrome to use a SOCKS proxy, and then added the proxy cert to the trusted list, would these clients no longer try to verify a remote site's cert chain when they accessed a site? Since they trust the proxy and know they are using a proxy, would they just trust that the proxy server is performing adequate validation?

My understanding is that TLS 1.3 will break this cheesy MITM technique anyway, I'd like to solve the problem ahead of time. Thanks!

I'm attempting to set up a Websense filter server but discovered that a previous tech person decided it would be a good idea to uninstall .NET framework 3.5 from the server. In the process of trying to reinstall .NET framework...I used the .net cleanup tool to remove any residual data from the previous installation. I have successfully reinstalled .NET 1.1 and 1.1 sp1 but am running into an error stating that I must use server manager to install .NET framework 3.5.

I understand that .NET framework 2.0 and 3.0 is innately built into the Server 2008 R2 OS and can usually be accessed via the features menu in Server Manager.

In the server manager console, I am getting a repeating message saying that the console cannot refresh until the computer is restarted. This error prevents me from making any changes to the roles or features of the server as well as preventing the completion of .NET framework 3.5 SP1. I have restarted the server several times only to get the same issue. I did some research into the console refresh issue and discovered some references to updating Windows Update and/or reinstalling WUA 3.0. I downloaded and have been attempting to manually reinstall WUA 3.0 but get a "0x80070bc9" error message to that as well.

It's getting to the point that I'm not sure which issue to address first. Any guidance or input would be infinitely appreciated.

Question 1: How to set up websense to prevent workers from posting on SO (and all related sites), without blocking them from viewing answers?

Question 2: How to make SO (and all related sites) pop up a captcha everytime it is visited from the office intranet? Is it possible by appending to the URL?

https://stackoverflow.com/captcha

On some perfectly ligitimate sites, WebSense will randomly block images and allow others. However, when blocking images, instead of having blockpage.cgi display a page with the reason the page was blocked, it returns a 1px image so that the page that requested the image still renders. Makes sense.

My question: Is there any way, as a user, using the provided ws-session, to get the reason WebSense blocked the image so that I can diagnostic the problem with the page?

How do I block Skype using Websense?