We help IT Professionals succeed at work.

Control Web Access by User Name

bazianm
bazianm asked
on
Medium Priority
163 Views
Last Modified: 2010-04-18
I need to be able to control who accesses the web by network user name. I specifically want to block out all web access for certain people (or a group would work too) but I still need to be able to give them email (pop3) access.

Server is windows 2003 Server.

Any ideas?
Comment
Watch Question

Are you running IIS, apache, or other to host your site???  and is it only domain users (internally) who you want to block and is it a public or intranet site?  Need a little more info.
bazianmConsultant

Author

Commented:
I want to be able to determine which users on my network can get outside the network to browse the web. Most of the users should not have the ability to bring up ANY INTERNET web sites (as opposed to our local intranet which is running Apache on Win2k3 server).

The users who cannot get to the web do need to be able to get and send email using pop3 so I cannot block their connections entirely. Just web access.
How do they access it at the moment? Direct connection from their PCs?

If you want to restrict by username, you'll need to put in place some form of proxy which only allows specified users to access external websites, and then only allow access from that proxy through your firewall.
bazianmConsultant

Author

Commented:
Right now they go right out. I do not have a proxy server or a firewall (other than the router firewall).

Any ideas which proxy server will do the trick? And then what do I do... restrict port 80 only to the computer running the proxy server at the router level?
Squid Proxy is a very popular one.  http://www.squid-cache.org

Otherwise I've installed IPCop to do this.  http://ipcop.org

Not the solution you were looking for? Getting a personalized solution is easy.

Ask the Experts
You will need to restrict external access purely to the proxy on ports 80 and 443 as a minimum. Ideally you block all access from the client PCs and only open up what they actually need e.g. POP3.

As far as proxy software goes, I've use MS ISA server quite successfully, but that'll probably cost you money. If you aren't afraid to get your hands dirty I believe there is a Windows port of Squid which is free, although I've not looked at it for a few years.
Access more of Experts Exchange with a free account
Thanks for using Experts Exchange.

Create a free account to continue.

Limited access with a free account allows you to:

  • View three pieces of content (articles, solutions, posts, and videos)
  • Ask the experts questions (counted toward content limit)
  • Customize your dashboard and profile

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.