Solved

Limiting a PC to one URL

Posted on 2006-10-24
7
243 Views
Last Modified: 2012-07-27
Is there a way to limit a PC running XP to a range of addresses for http without using a firewall.

What I need to do is make sure a PC can only go to one site, but still be able to drill down into that site.

I was thinking that there might be a way to use the hosts file for a global redirect to null or loopback, with a line above the global redirect enabling an address range. However I haven't been able to find a way to put address ranges in a hosts file.

I also considered setting up the good address as a proxy, but that doesn't let me drill down.

Thx, Fred
0
Comment
Question by:freddick
7 Comments
 
LVL 2

Expert Comment

by:Machin__Shin
ID: 17800116
If it is just a single site, then knock out the DNS from the configuration of the client to the external network and just put the ip of the external network site into the hosts file.
0
 
LVL 2

Expert Comment

by:Machin__Shin
ID: 17800246
If it is a range then remove the gateway settings, but leaving the DNS on the client then use "Route add Destip Subnet gateway gwmetric" Destip = your ip range ie 210.232.152.0 Subnet = your target subnet ie 255.0.0.0 Gateway = your local network gateway. GWmetric usually just set to 2 or 3.
0
 
LVL 1

Expert Comment

by:Sean64
ID: 17800498
Have you tried setting the security level on the browser?
Just configure the site you're trying to get to as the only trusted page, and deny all other pages.

Or are you trying to block other traffic besides web?

0
Network it in WD Red

There's an industry-leading WD Red drive for every compatible NAS system to help fulfill your data storage needs. With drives up to 8TB, WD Red offers a wide array of solutions for customers looking to build the biggest, best-performing NAS storage solution.  

 
LVL 14

Accepted Solution

by:
Juan Ocasio earned 500 total points
ID: 17800667
Here is a simple way to trick your PC into using one URL, but only works if you do not have a proxy server.  If you know the IP address then you can go to the user's Internet settings Tools-> Internet Options.  Select the Connection's Tab and then LAN Settings.  Select the Use a Proxy server... Checkbox and type in a fictious IP address.  Click the Advanced button and for the exception put the IP address of the site.  So if the sites IP address is 123.123.123.123, you'd type in
HTTP://123.123.123.*

Check the box that says use Proxy server for all protocols and then click OK, OK and OK.

HTH

jocasio
0
 
LVL 5

Expert Comment

by:trarthur
ID: 17802883
Sounds like you want a kiosk type setup.

Assuming you have a domain, you can configure IE to use the site as its home page, and also configure proxy exceptions.

You need the ADM file for the "Shared Computer Toolkit"

Administrative Templates
All Shared Computer Toolkit Restrictions/General Settings
Policy Setting
Set Internet Homepage Enabled
Set Home Page:  HTTP(S)://site.com
 
Policy Setting
Set Proxy Exceptions Enabled
Set Proxy Exceptions https://*.site.com;http://*.site.com

I took the settings above from a GPO I built for a kiosk that was setup to access one site only.
Software restriction policies allow only IE to run.

 
0
 

Author Comment

by:freddick
ID: 17803566
Thank you for ALL of the good suggestions. I liked jocasio123's suggestion for being the easiest to implement. Thanks!
0
 

Author Comment

by:freddick
ID: 17804616
After fooling with this for a while I ended up with a bit different solution. The customer told us at the last minute that they wanted these public PC's to be able to access 2 websites, not just 1.

What ended up working (and I don't know why), was to do the following:

Tools>Options>Connections>LAN Settings

check proxy box and put in text box:

http://www.website1.com

go to advanced and put in exclusion box:

http://www.website2.com;xxx.xxx.xxx.xxx

where xxx.xxx.xxx.xxx is the ip of website2

we tried many different syntaxes and for some reason this was the only way that worked.

Hope this helps somebody.

Fred
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Linux as a middle box 7 64
cant ping a windows 10 computer 12 56
Sonicwall TZ 205- Dropping Incoming E-mail as IP Spoof 13 96
PCI Compliance Free scan 2 78
This is an article about my experiences with remote access to my clients (so that I may serve them) and eventually to my home office system via Radmin Remote Control. I have been using remote access for over 10 years and have been improving my metho…
If your business is like most, chances are you still need to maintain a fax infrastructure for your staff. It’s hard to believe that a communication technology that was thriving in the mid-80s could still be an essential part of your team’s modern I…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Internet Business Fax to Email Made Easy - With  eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, f…

895 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now