Solved

Restrict access to all websites using the hosts file

Posted on 2006-12-01
4
498 Views
Last Modified: 2008-02-01
I need to restrict access to all websites except a few internal sites on a terminal server.

Is it possible to do this using the host file?  Is there wildcard I can use to direct all sites to loopback?
0
Comment
Question by:lou6150
  • 2
  • 2
4 Comments
 
LVL 2

Accepted Solution

by:
nitsud01 earned 400 total points
ID: 18056502
There are a ton of ways.... One easy way to accomplish this....

For each computer that requires web access restriction....

Assign the computer an IP addresses within a predetermined "web restriction" scope (IP range) This will make it easier to specify the computers that you need to restrict in your firewall....
For instance... On my network, any IP addresses below 10.10.209.100 (ie 10.10.209.2-10.10.209.99) have internet access, all ip addresses above, do not... (i.e. 10.10.209.100-10.10.209.254)...

Block outgoing port 80 traffic in your router/firewall for the scope of ip addresses you've reserved for web restriction addresses...

If you have a linksys router, you'll need to use the "Blocked Services" section in the router web admin app....

Hope that helps...
0
 

Author Comment

by:lou6150
ID: 18056827
Unfortunately we have limitations which prevents me from doing most of those suggestions.

Intstead I simply put in bad DNS server addresses, created entries in the host file for the sites we need.

Thank you for your help though.
0
 
LVL 2

Expert Comment

by:nitsud01
ID: 18057227
No problem.... but, do you mean that you put "bad" DNS server addresses in the TCP/IP properties of the domain client's (terminal server's) NIC? or did you make changes to the DNS server's records themselves?

Though the solution you posted may achieve your goal, you will likely run into problems later if your DNS properties in your domain client's NICs do not point to the Primary DC or whatever server is running DNS... Slow logon/logoff times, intermittent script execution, among a billion other things, will be symptomatic of DNS problems.... Let me know if you run into other problems as you may need a different solution in the future than the one you've decided on currently.

But, I sincerely hope you DO NOT have problems, and that everything works out well... Just keep in mind, if you start seeing flaky behavior after today, look to your "bad" DNS entries first.....

Thanks for the points!
0
 

Author Comment

by:lou6150
ID: 18057408
You are absolutely right.  I didn't run into any problems, but shortly after posting I ended up forcing IE and Mozilla on that server to use a proxy instead, since web browsing is the only concern.
0

Featured Post

NAS Cloud Backup Strategies

This article explains backup scenarios when using network storage. We review the so-called “3-2-1 strategy” and summarize the methods you can use to send NAS data to the cloud

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Preface Having the need * to contact many different companies with different infrastructures * do remote maintenance in their network required us to implement a more flexible routing solution. As RAS, PPTP, L2TP and VPN Client connections are no…
Many of us need to configure DHCP server(s) in their environment. We can do that simply via DHCP console on server or using MMC snap-in on each computer with Administrative Tools installed in a network. But what if we have to configure many DHCP ser…
In a recent question (https://www.experts-exchange.com/questions/28997919/Pagination-in-Adobe-Acrobat.html) here at Experts Exchange, a member asked how to add page numbers to a PDF file using Adobe Acrobat XI Pro. This short video Micro Tutorial sh…
This video shows how to quickly and easily add an email signature for all users on Exchange 2016. The resulting signature is applied on a server level by Exchange Online. The email signature template has been downloaded from: www.mail-signatures…

786 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question