Restrict access to some URL for some PC only

Hi experts !

Let's consider I have a site with many PC with Internet access and using FireFox.
I want only some of them to be able to access only 1 or 2 Internet sites.

What are the different ways to accomplish this and which one is the best ?

Thanks a lot !
JoyfAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Alan Huseyin KayahanCommented:
              *If you want a central-management, you should install a proxy server (Websense for example)
              *If you want client-side maangement, you should install internet security softwares like Norton internet security.
0
GlowingdarkCommented:
One solution would be to set up a proxy server that requires authentication.  Then, depending on authentication, you could limit access to only specific websites.  You would have to prevent access to the internet for anyone attempting to bypass the proxy, since your users could just disable the proxy settings in FireFox.  

Another solution is to point the computers that you wish to have limited access to a DNS server that only resolves the addresses of the hosts you want them to access.  This would not prevent them from browsing to other sites by IP address though.

A more robust solution would be to use VLANs or Physical LANs  (to segregate the computers that need only limited access), and routers with ACLs to limit traffic from the VLAN/ LAN.   This method would probably be the most complicated to set up, but the most transparent to the individual users.  

There are also web filtering products that will allow you to setup whitelists, which would allow you to setup a list of "allowed websites".    
0
JoyfAuthor Commented:
Thanks for your answers !
I then would need some more details :

1) Proxy authentication :
Does this mean that they would have a login page each time they access Internet the first time ?
Is this login page a Firefox dialog window ?
Any small clue on how to prevent users from bypassing the proxy ?

2) VLANs solution : can a standard Internet router can implement ACLs to filter URLs from differents VLANs ?

3) Can't a firewall could accomplish what I want ?

4) Client-side solution : this can be password-protected ? Any well-known open source solution for that ?

So many thanks in advance !
0
Do You Have a Trusted Wireless Environment?

A Trusted Wireless Environment is a framework for building a complete Wi-Fi network that is fast, easy to manage, and secure.

GlowingdarkCommented:
1) Yes, potentially the first time they open firefox they would have to authenticate.  Depending on the proxy server in use, you may be able to automate this.  I don't know if firefox can support integrated authentication to an ISA server.  

2) ACLs typically work on the IP address, not a URL.  However, you could combine VLANs and a proxy server that filters by source IP address instead of an authenticating proxy server.  This way you could avoid the need for your users to authenticate, making it more transparent.  

A soho linksys router is not going to provide this kind of functionality (VLANS and ACLS).  A cisco router  would have the capability to do this.

3) I am sure there are Firewall devices that can do it.  What it boils down to is the device doing the filtering (or blocking access to) needs to be able to identify who it should filter for, and who it should allow unrestricted access.  Somehow you have to identify this traffic, via authentication, network separation, or some other means.  

4) I would imagine that desktop content filtering software has some mechanism for preventing users from modifying the settings.  Sorry, I do not know of any open source software for this.

We use a combination of VLANs / Routing, and an expensive Enterprise web filtering software package to manage access to the internet.



0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
JoyfAuthor Commented:
Thanks so much for this.
Just 3 things are not yet completely clear :

- If we combine VLANs and a proxy, we then don't need to use a router with ACLs ? And a router won't be able to filter URLs ?
- To prevent users from bypassing the proxy : is that performed on the internet access router that automatically redirects towards the proxy ?
- Can't a soft firewall could also do this ?

Thanks again !!!
0
ComplyCommented:
A router with Access Administration  Restrictions can do this. You just set the Web sites they are allowed to use.

Dlink, Linksys etc have these options as well as port restrictions, BW throttling.

Cost around $80.00 for the dlnik DIR-625 with a host of other options with USB support.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Networking Hardware-Other

From novice to tech pro — start learning today.