Solved

Restrict access to all websites using the hosts file

Posted on 2006-12-01
4
496 Views
Last Modified: 2008-02-01
I need to restrict access to all websites except a few internal sites on a terminal server.

Is it possible to do this using the host file?  Is there wildcard I can use to direct all sites to loopback?
0
Comment
Question by:lou6150
  • 2
  • 2
4 Comments
 
LVL 2

Accepted Solution

by:
nitsud01 earned 400 total points
ID: 18056502
There are a ton of ways.... One easy way to accomplish this....

For each computer that requires web access restriction....

Assign the computer an IP addresses within a predetermined "web restriction" scope (IP range) This will make it easier to specify the computers that you need to restrict in your firewall....
For instance... On my network, any IP addresses below 10.10.209.100 (ie 10.10.209.2-10.10.209.99) have internet access, all ip addresses above, do not... (i.e. 10.10.209.100-10.10.209.254)...

Block outgoing port 80 traffic in your router/firewall for the scope of ip addresses you've reserved for web restriction addresses...

If you have a linksys router, you'll need to use the "Blocked Services" section in the router web admin app....

Hope that helps...
0
 

Author Comment

by:lou6150
ID: 18056827
Unfortunately we have limitations which prevents me from doing most of those suggestions.

Intstead I simply put in bad DNS server addresses, created entries in the host file for the sites we need.

Thank you for your help though.
0
 
LVL 2

Expert Comment

by:nitsud01
ID: 18057227
No problem.... but, do you mean that you put "bad" DNS server addresses in the TCP/IP properties of the domain client's (terminal server's) NIC? or did you make changes to the DNS server's records themselves?

Though the solution you posted may achieve your goal, you will likely run into problems later if your DNS properties in your domain client's NICs do not point to the Primary DC or whatever server is running DNS... Slow logon/logoff times, intermittent script execution, among a billion other things, will be symptomatic of DNS problems.... Let me know if you run into other problems as you may need a different solution in the future than the one you've decided on currently.

But, I sincerely hope you DO NOT have problems, and that everything works out well... Just keep in mind, if you start seeing flaky behavior after today, look to your "bad" DNS entries first.....

Thanks for the points!
0
 

Author Comment

by:lou6150
ID: 18057408
You are absolutely right.  I didn't run into any problems, but shortly after posting I ended up forcing IE and Mozilla on that server to use a proxy instead, since web browsing is the only concern.
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

Organizations create, modify, and maintain huge amounts of data to help their businesses earn money and generally function.  Typically every network user within an organization has a bit of disk space to store in process items and personal files.   …
by Batuhan Cetin Within the dynamic life of an IT administrator, we hold many information in our minds like user names, passwords, IDs, phone numbers, incomes, service tags, bills and the order from our wives to buy milk when coming back to home.…
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…
This video explains how to create simple products associated to Magento configurable product and offers fast way of their generation with Store Manager for Magento tool.

706 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

15 Experts available now in Live!

Get 1:1 Help Now