• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 512
  • Last Modified:

Restrict access to all websites using the hosts file

I need to restrict access to all websites except a few internal sites on a terminal server.

Is it possible to do this using the host file?  Is there wildcard I can use to direct all sites to loopback?
0
lou6150
Asked:
lou6150
  • 2
  • 2
1 Solution
 
nitsud01Commented:
There are a ton of ways.... One easy way to accomplish this....

For each computer that requires web access restriction....

Assign the computer an IP addresses within a predetermined "web restriction" scope (IP range) This will make it easier to specify the computers that you need to restrict in your firewall....
For instance... On my network, any IP addresses below 10.10.209.100 (ie 10.10.209.2-10.10.209.99) have internet access, all ip addresses above, do not... (i.e. 10.10.209.100-10.10.209.254)...

Block outgoing port 80 traffic in your router/firewall for the scope of ip addresses you've reserved for web restriction addresses...

If you have a linksys router, you'll need to use the "Blocked Services" section in the router web admin app....

Hope that helps...
0
 
lou6150Author Commented:
Unfortunately we have limitations which prevents me from doing most of those suggestions.

Intstead I simply put in bad DNS server addresses, created entries in the host file for the sites we need.

Thank you for your help though.
0
 
nitsud01Commented:
No problem.... but, do you mean that you put "bad" DNS server addresses in the TCP/IP properties of the domain client's (terminal server's) NIC? or did you make changes to the DNS server's records themselves?

Though the solution you posted may achieve your goal, you will likely run into problems later if your DNS properties in your domain client's NICs do not point to the Primary DC or whatever server is running DNS... Slow logon/logoff times, intermittent script execution, among a billion other things, will be symptomatic of DNS problems.... Let me know if you run into other problems as you may need a different solution in the future than the one you've decided on currently.

But, I sincerely hope you DO NOT have problems, and that everything works out well... Just keep in mind, if you start seeing flaky behavior after today, look to your "bad" DNS entries first.....

Thanks for the points!
0
 
lou6150Author Commented:
You are absolutely right.  I didn't run into any problems, but shortly after posting I ended up forcing IE and Mozilla on that server to use a proxy instead, since web browsing is the only concern.
0

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

  • 2
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now