Control Web Access by User Name

I need to be able to control who accesses the web by network user name. I specifically want to block out all web access for certain people (or a group would work too) but I still need to be able to give them email (pop3) access.

Server is windows 2003 Server.

Any ideas?
Who is Participating?
trippleO7Connect With a Mentor Commented:
Squid Proxy is a very popular one.

Otherwise I've installed IPCop to do this.
Are you running IIS, apache, or other to host your site???  and is it only domain users (internally) who you want to block and is it a public or intranet site?  Need a little more info.
bazianmConsultantAuthor Commented:
I want to be able to determine which users on my network can get outside the network to browse the web. Most of the users should not have the ability to bring up ANY INTERNET web sites (as opposed to our local intranet which is running Apache on Win2k3 server).

The users who cannot get to the web do need to be able to get and send email using pop3 so I cannot block their connections entirely. Just web access.
Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

How do they access it at the moment? Direct connection from their PCs?

If you want to restrict by username, you'll need to put in place some form of proxy which only allows specified users to access external websites, and then only allow access from that proxy through your firewall.
bazianmConsultantAuthor Commented:
Right now they go right out. I do not have a proxy server or a firewall (other than the router firewall).

Any ideas which proxy server will do the trick? And then what do I do... restrict port 80 only to the computer running the proxy server at the router level?
You will need to restrict external access purely to the proxy on ports 80 and 443 as a minimum. Ideally you block all access from the client PCs and only open up what they actually need e.g. POP3.

As far as proxy software goes, I've use MS ISA server quite successfully, but that'll probably cost you money. If you aren't afraid to get your hands dirty I believe there is a Windows port of Squid which is free, although I've not looked at it for a few years.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.