Want to block P2P websites across domain

Posted on 2006-03-20
Last Modified: 2012-06-22
We have around 50-60 W2K/XP workstations (and 5 W2K servers) behind a SonicWall firewall. We do not have content filtering on the firewall and since we do not have any company policy on internet usage our IT director has no particular desire to upgrade our SonicWall package to include this.

However, one thing I would really like to do is to lock down file sharing sites like LimeWire, BearShare etc. I thought one idea might be to somehow use a script or Group Policy to deploy a Hosts file to each machine on the network with the following entries:

Whether this would have been a good idea or not, the boss says no because the HOSTS file on a lot of machines are actually used by their quote vendors like Bloomberg, Reuters etc.

So basically my question is, are there any ideas for blocking certain websites on all machines when this cannot be done either at the firewall or by using a blanket HOSTS file?

Any suggestions most welcome.

Question by:kevharlow
    LVL 2

    Accepted Solution

    Don't give the users local admin rights so they will not be able to install any apps without a formal IT request.
    Also do you use a proxy ? If not why not ? Squid is free and can run on an old box, then you can write an ACL (accesslist) to block/redirect any URL.

    Expert Comment

    What is your DNS configuration?

    If you run your own DNS then you could put the host names in there and return

    LVL 13

    Assisted Solution

    proxy server will be the best solution for your problem,
    but you can also block the P2P programs ports in the firewall so
    the users mybe can access the sites but won't be able to download with P2P programs.
    LVL 2

    Assisted Solution


    a GREAT resource for blocking stuff. I personally like adding the records to block into your local DNS server. this makes it easy to block. additionally, that site above has some tweaks that allow you to block all subdomains of the forbidden domains, not just


    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    Better Security Awareness With Threat Intelligence

    See how one of the leading financial services organizations uses Recorded Future as part of a holistic threat intelligence program to promote security awareness and proactively and efficiently identify threats.

    SHARE your personal details only on a NEED to basis. Take CHARGE and SECURE your IDENTITY. How do I then PROTECT myself and stay in charge of my own Personal details (and) - MY own WAY...
    If you get continual lockouts after changing your Active Directory password, there are several possible reasons.  Two of the most common are using other devices to access your email and stored passwords in the credential manager of windows.
    Sending a Secure fax is easy with eFax Corporate ( First, Just open a new email message.  In the To field, type your recipient's fax number You can even send a secure international fax — just include t…
    Here's a very brief overview of the methods PRTG Network Monitor ( offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

    759 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    10 Experts available now in Live!

    Get 1:1 Help Now