freddick
asked on
Limiting a PC to one URL
Is there a way to limit a PC running XP to a range of addresses for http without using a firewall.
What I need to do is make sure a PC can only go to one site, but still be able to drill down into that site.
I was thinking that there might be a way to use the hosts file for a global redirect to null or loopback, with a line above the global redirect enabling an address range. However I haven't been able to find a way to put address ranges in a hosts file.
I also considered setting up the good address as a proxy, but that doesn't let me drill down.
Thx, Fred
What I need to do is make sure a PC can only go to one site, but still be able to drill down into that site.
I was thinking that there might be a way to use the hosts file for a global redirect to null or loopback, with a line above the global redirect enabling an address range. However I haven't been able to find a way to put address ranges in a hosts file.
I also considered setting up the good address as a proxy, but that doesn't let me drill down.
Thx, Fred
If it is just a single site, then knock out the DNS from the configuration of the client to the external network and just put the ip of the external network site into the hosts file.
If it is a range then remove the gateway settings, but leaving the DNS on the client then use "Route add Destip Subnet gateway gwmetric" Destip = your ip range ie 210.232.152.0 Subnet = your target subnet ie 255.0.0.0 Gateway = your local network gateway. GWmetric usually just set to 2 or 3.
Have you tried setting the security level on the browser?
Just configure the site you're trying to get to as the only trusted page, and deny all other pages.
Or are you trying to block other traffic besides web?
Just configure the site you're trying to get to as the only trusted page, and deny all other pages.
Or are you trying to block other traffic besides web?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Sounds like you want a kiosk type setup.
Assuming you have a domain, you can configure IE to use the site as its home page, and also configure proxy exceptions.
You need the ADM file for the "Shared Computer Toolkit"
Administrative Templates
All Shared Computer Toolkit Restrictions/General Settings
Policy Setting
Set Internet Homepage Enabled
Set Home Page: HTTP(S)://site.com
Policy Setting
Set Proxy Exceptions Enabled
Set Proxy Exceptions https://*.site.com;http://*.site.com
I took the settings above from a GPO I built for a kiosk that was setup to access one site only.
Software restriction policies allow only IE to run.
Assuming you have a domain, you can configure IE to use the site as its home page, and also configure proxy exceptions.
You need the ADM file for the "Shared Computer Toolkit"
Administrative Templates
All Shared Computer Toolkit Restrictions/General Settings
Policy Setting
Set Internet Homepage Enabled
Set Home Page: HTTP(S)://site.com
Policy Setting
Set Proxy Exceptions Enabled
Set Proxy Exceptions https://*.site.com;http://*.site.com
I took the settings above from a GPO I built for a kiosk that was setup to access one site only.
Software restriction policies allow only IE to run.
ASKER
Thank you for ALL of the good suggestions. I liked jocasio123's suggestion for being the easiest to implement. Thanks!
ASKER
After fooling with this for a while I ended up with a bit different solution. The customer told us at the last minute that they wanted these public PC's to be able to access 2 websites, not just 1.
What ended up working (and I don't know why), was to do the following:
Tools>Options>Connections>
check proxy box and put in text box:
http://www.website1.com
go to advanced and put in exclusion box:
http://www.website2.com;xxx.xxx.xxx.xxx
where xxx.xxx.xxx.xxx is the ip of website2
we tried many different syntaxes and for some reason this was the only way that worked.
Hope this helps somebody.
Fred
What ended up working (and I don't know why), was to do the following:
Tools>Options>Connections>
check proxy box and put in text box:
http://www.website1.com
go to advanced and put in exclusion box:
http://www.website2.com;xxx.xxx.xxx.xxx
where xxx.xxx.xxx.xxx is the ip of website2
we tried many different syntaxes and for some reason this was the only way that worked.
Hope this helps somebody.
Fred