Solved

Restrict access to some URL for some PC only

Posted on 2007-04-04
6
650 Views
Last Modified: 2011-09-20
Hi experts !

Let's consider I have a site with many PC with Internet access and using FireFox.
I want only some of them to be able to access only 1 or 2 Internet sites.

What are the different ways to accomplish this and which one is the best ?

Thanks a lot !
0
Comment
Question by:Joyf
6 Comments
 
LVL 29

Expert Comment

by:Alan Huseyin Kayahan
ID: 18850577
              *If you want a central-management, you should install a proxy server (Websense for example)
              *If you want client-side maangement, you should install internet security softwares like Norton internet security.
0
 
LVL 2

Expert Comment

by:Glowingdark
ID: 18850645
One solution would be to set up a proxy server that requires authentication.  Then, depending on authentication, you could limit access to only specific websites.  You would have to prevent access to the internet for anyone attempting to bypass the proxy, since your users could just disable the proxy settings in FireFox.  

Another solution is to point the computers that you wish to have limited access to a DNS server that only resolves the addresses of the hosts you want them to access.  This would not prevent them from browsing to other sites by IP address though.

A more robust solution would be to use VLANs or Physical LANs  (to segregate the computers that need only limited access), and routers with ACLs to limit traffic from the VLAN/ LAN.   This method would probably be the most complicated to set up, but the most transparent to the individual users.  

There are also web filtering products that will allow you to setup whitelists, which would allow you to setup a list of "allowed websites".    
0
 

Author Comment

by:Joyf
ID: 18851552
Thanks for your answers !
I then would need some more details :

1) Proxy authentication :
Does this mean that they would have a login page each time they access Internet the first time ?
Is this login page a Firefox dialog window ?
Any small clue on how to prevent users from bypassing the proxy ?

2) VLANs solution : can a standard Internet router can implement ACLs to filter URLs from differents VLANs ?

3) Can't a firewall could accomplish what I want ?

4) Client-side solution : this can be password-protected ? Any well-known open source solution for that ?

So many thanks in advance !
0
New My Cloud Pro Series - organize everything!

With space to keep virtually everything, the My Cloud Pro Series offers your team the network storage to edit, save and share production files from anywhere with an internet connection. Compatible with both Mac and PC, you're able to protect your content regardless of OS.

 
LVL 2

Accepted Solution

by:
Glowingdark earned 50 total points
ID: 18853407
1) Yes, potentially the first time they open firefox they would have to authenticate.  Depending on the proxy server in use, you may be able to automate this.  I don't know if firefox can support integrated authentication to an ISA server.  

2) ACLs typically work on the IP address, not a URL.  However, you could combine VLANs and a proxy server that filters by source IP address instead of an authenticating proxy server.  This way you could avoid the need for your users to authenticate, making it more transparent.  

A soho linksys router is not going to provide this kind of functionality (VLANS and ACLS).  A cisco router  would have the capability to do this.

3) I am sure there are Firewall devices that can do it.  What it boils down to is the device doing the filtering (or blocking access to) needs to be able to identify who it should filter for, and who it should allow unrestricted access.  Somehow you have to identify this traffic, via authentication, network separation, or some other means.  

4) I would imagine that desktop content filtering software has some mechanism for preventing users from modifying the settings.  Sorry, I do not know of any open source software for this.

We use a combination of VLANs / Routing, and an expensive Enterprise web filtering software package to manage access to the internet.



0
 

Author Comment

by:Joyf
ID: 18856616
Thanks so much for this.
Just 3 things are not yet completely clear :

- If we combine VLANs and a proxy, we then don't need to use a router with ACLs ? And a router won't be able to filter URLs ?
- To prevent users from bypassing the proxy : is that performed on the internet access router that automatically redirects towards the proxy ?
- Can't a soft firewall could also do this ?

Thanks again !!!
0
 
LVL 3

Expert Comment

by:Comply
ID: 18868416
A router with Access Administration  Restrictions can do this. You just set the Web sites they are allowed to use.

Dlink, Linksys etc have these options as well as port restrictions, BW throttling.

Cost around $80.00 for the dlnik DIR-625 with a host of other options with USB support.
0

Featured Post

Maximize Your Threat Intelligence Reporting

Reporting is one of the most important and least talked about aspects of a world-class threat intelligence program. Here’s how to do it right.

Join & Write a Comment

Even if you have implemented a Mobile Device Management solution company wide, it is a good idea to make sure you are taking into account all of the major risks to your electronic protected health information (ePHI).
Join Greg Farro and Ethan Banks from Packet Pushers (http://packetpushers.net/podcast/podcasts/pq-show-93-smart-network-monitoring-paessler-sponsored/) and Greg Ross from Paessler (https://www.paessler.com/prtg) for a discussion about smart network …
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now