Link to home
Start Free TrialLog in
Avatar of -pH
-pH

asked on

blocking / redirecting office users from certain websites

we have a few users that visit a few time wasting websites in the office and i would to somehow block those sites or redirect them to other sites. we have a basic  windows 2003 domain with a sonic wall firewall and a cisco 1700 router provided by our isp.
what would be the best / easiest way to do this? can it be done using their hosts file?
should it be done on the router instead?
-pH
Avatar of Rob Williams
Rob Williams
Flag of Canada image

You can easily add an entry to the hosts file such as
127.0.0.1  some.website.com
If you have numerous users, that could be updated by adding a couple of lines to the user's logon script, but if the Sonicwall has the capabilities of blocking sites or domains, that would be easier to centrally manage.
Filtering Internet access

*****Method one******
Pro's EASY TO DO.    CON's NOT GOOD FOR LOTS OF CLIENTS.

How you approach this depends on how many users you are talking about, if its just a few users, the simplest way is to modify the host file on each PC and put an entry in it for each domain you DONT want the users to access and point them to 127.0.0.1 (you can edit the hostile with notepad or this, http://members.shaw.ca/techcd/VB_Projects/HostsFileReader.exe
For example to block www.hotmail.com add this line to the end of the host file.

127.0.0.1     www.hotmail.com

NB in win 95/98/ME the host file is at C:\windows\hosts.sam (save it WITHOUT the. Sam extension and reboot)
In windows 2000 the host file is at C:\winnt\system32\drivers\etc\hosts (you can edit directly and NO reboot is required)
In Windows XP the host file is at C:\windows\system32\drivers\etc\hosts (you can edit directly and NO reboot is required)

*****Method Two*****
Pro's Easy to administer. CON's Expensive & NOT PRACTICAL FOR HOME USERS.

Give all your clients access to the Internet via a Proxy Server than can filter and block websites.
ISA Server http://www.microsoft.com/isaserver/
WinProxy http://www.winproxy.com/index.asp

*****Method Three*****
Pro's Very scalable from home user to businesses.  CON's Can Be Expensive

Use some third party software to do it for you.

Home Users see
Net Nanny http://store.netnanny.com/dr/v2/ec_dynamic.main?sp=1&pn=12&sid=53
Cyber Sitter http://www.cybersitter.com/
Home users/Small business's See
CyberPatrol http://www.cyberpatrol.com/
iProtectYou 3.01 http://www.download.com/iProtectYou/3000-2132_4-10137322.html?tag=lst-0-2 (FREEWARE)

Business's See
WebSense http://www.websense.com/
WebMarshal http://www.nwtechusa.com/webmarshal.php?iorb=4764&sc=106

*****Other options*****
How do I use IPSec IP filter lists?
http://www.jsifaq.com/subj/tip4500/rh4554.htm

How can I block a Windows 2000/XP/2003 computer from surfing on the Internet?
http://www.petri.co.il/block_web_browsing_with_ipsec.htm

Internet Explorer Administration Kit (IEAK) 6 SP1 enables the most cost-effective and efficient way to deploy and manage Web-based solutions.
http://www.microsoft.com/windows/ieak/default.mspx
Avatar of -pH
-pH

ASKER

its only a couple users that need to be regulated.
i tried editing the host file last night before posting this and it didn't work so i thought i may had done it worng. i just tried again and still nothing. i logged out and back in and again nothing.
any ideas?
host is not saved as a .txt
the entry is 127.0.0.1           www.match.com
i have tried  127.0.0.1           match.com      also to no avail.
-pH

Hosts file has a few "oddities".
After entering your line such as    127.0.0.1     www.match.com    make sure you hit return (carriage return), and save without an extension, though it seems you have done this.
Then you can try purging and re-loading your name cache, using:
nbtstat  -R
and then viewing the updated cache using:
nbtstat  -c
Note 'R' and 'c' are case sensitive.
Avatar of -pH

ASKER

i tried that, but again it didn't work.
is it necessary to do a complete restart on the machine?
ASKER CERTIFIED SOLUTION
Avatar of Rob Williams
Rob Williams
Flag of Canada image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of -pH

ASKER

for some reason it is just not working. even after fluching and registering dns.
i am kinda stumped as to why it would not allow me to do this.
Have you tried it on a second machine?
Avatar of -pH

ASKER

thanks, problem was it wasn't saving properly. it would only save as a .txt no matter what i tried. all is good now.
Ah !  That would do it. If ever you have the problem again save with quotations such as "hosts"

Thanks -pH, though perhaps since you used the hosts file, points should be split with PeteLong, since he initially provided additional useful details concerning it's use.
Cheers,
--Rob