Link to home
Start Free TrialLog in
Avatar of Sheldon Livingston
Sheldon LivingstonFlag for United States of America

asked on

Blocking websites

Microsoft's website suggest using a noaccess.rat rating hack to prohibit users from going to websites.

I am trying to allow users from a two computer, peer-to-peer, network to only access certain sites.  Using the technique above results in two issues.

One > This technique blocks all sites that are not rated at all... like nextel.com

Two > Web mail is impossible to pull as users are bounced from site to site (authenticating, etc).

These are XP Pro machines.

Please advise.
Avatar of rpggamergirl
rpggamergirl
Flag of Australia image

Do you mean those unwanted sites?
You can use Winhelp2002 hosts file to block unwanted bad sites.
http://www.mvps.org/winhelp2002/hosts.htm

You can also just add the sites in your hosts file to block websites that you don't want people to have access to.
something like:

127.0.0.1 (name of site you don't want them to have access to)
Avatar of Sheldon Livingston

ASKER

I was hoping to configure IE to allow them to half a dozen sites.
Hello Classnet,

You can achieve what you want to by using either a group policy (local, i know you said you have a peer to peer network, but you can still use local group policy, gpedit.msc). The second way of doing it using proxy settings in IE.

The second way is easier, because using GPEDIT.msc you might have to download new templates. Let me explain the first way of using a proxy to allow only allow sites, if it does not work, let me know and I would explain the second way.

- Open IE
- Go to Tools -> Internet Options -> Connections -> Lan Settings
- Check the box where it says "Use proxy server for your LAN" In the address field put in 127.0.0.1 , in port put in 80
  Also check the box that says "Bypass proxy server for local addresses"
- Click ok and then hit apply
- Now click on the Security tab on IE options
- Click on the Local InteraNet icon, and click on Sites button
- Click on Advanced
- Add the websites you want to allow in here, you can also use wildcards, such as *.cnn.com
- Click Ok, Ok, Apply, Ok
- Restart IE and test your access.

Thanks and Good Luck!
ASKER CERTIFIED SOLUTION
Avatar of KaliKoder
KaliKoder
Flag of Canada image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Do they have admin rights? They can install an alternate browser such as FireFox or Opera and bypass IE's "content advisor" or the noaccess.rat file. The most thorough approach is to block at the network level. You can use White-List approaches or black-lists. A whitelist is a list of approved site's that can be visited, all others are not allowed (like the .rat file does) or a black-list approach that blocks sites that are listed in it, and allows all others, or a combination of both. There is software like WebSense and other NetNanny types that have scoured the internet, catagorized, rated and described millions of web-sites and they allow you to choose the ratings you want, as well as black/whitlist approaches.
http://support.microsoft.com/?kbid=267930
http://www.microsoft.com/technet/prodtechnol/ie/reskit/6/part2/c05ie6rk.mspx (both bypassed by using alternate browsers, anonymizer services, and with admin access, both are able to be removed)

If you block destination port  80, 443, 8080, 8090 on the firewall for these two pc's, and force them to use a proxy, even if they use an alternate browser theya re forced to use the proxy server, and the proxy server dictates what they can and can't view. You can also use the firewall itself to allow them to those certain sites, no real need for a proxy with 2 users, use the whitelist approach. You can use your router/firewall, or configure an IPSEC Filter to block access in this fashion, I'd ultimately suggest the network over the ipsec filter, however both are effective.
-rich