Solved

Restrict access to some URL for some PC only

Posted on 2007-04-04
6
656 Views
Last Modified: 2011-09-20
Hi experts !

Let's consider I have a site with many PC with Internet access and using FireFox.
I want only some of them to be able to access only 1 or 2 Internet sites.

What are the different ways to accomplish this and which one is the best ?

Thanks a lot !
0
Comment
Question by:Joyf
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
6 Comments
 
LVL 29

Expert Comment

by:Alan Huseyin Kayahan
ID: 18850577
              *If you want a central-management, you should install a proxy server (Websense for example)
              *If you want client-side maangement, you should install internet security softwares like Norton internet security.
0
 
LVL 2

Expert Comment

by:Glowingdark
ID: 18850645
One solution would be to set up a proxy server that requires authentication.  Then, depending on authentication, you could limit access to only specific websites.  You would have to prevent access to the internet for anyone attempting to bypass the proxy, since your users could just disable the proxy settings in FireFox.  

Another solution is to point the computers that you wish to have limited access to a DNS server that only resolves the addresses of the hosts you want them to access.  This would not prevent them from browsing to other sites by IP address though.

A more robust solution would be to use VLANs or Physical LANs  (to segregate the computers that need only limited access), and routers with ACLs to limit traffic from the VLAN/ LAN.   This method would probably be the most complicated to set up, but the most transparent to the individual users.  

There are also web filtering products that will allow you to setup whitelists, which would allow you to setup a list of "allowed websites".    
0
 

Author Comment

by:Joyf
ID: 18851552
Thanks for your answers !
I then would need some more details :

1) Proxy authentication :
Does this mean that they would have a login page each time they access Internet the first time ?
Is this login page a Firefox dialog window ?
Any small clue on how to prevent users from bypassing the proxy ?

2) VLANs solution : can a standard Internet router can implement ACLs to filter URLs from differents VLANs ?

3) Can't a firewall could accomplish what I want ?

4) Client-side solution : this can be password-protected ? Any well-known open source solution for that ?

So many thanks in advance !
0
Veeam gives away 10 full conference passes

Veeam is a VMworld 2017 US & Europe Platinum Sponsor. Enter the raffle to get the full conference pass. Pass includes the admission to all general and breakout sessions, VMware Hands-On Labs, Solutions Exchange, exclusive giveaways and the great VMworld Customer Appreciation Part

 
LVL 2

Accepted Solution

by:
Glowingdark earned 50 total points
ID: 18853407
1) Yes, potentially the first time they open firefox they would have to authenticate.  Depending on the proxy server in use, you may be able to automate this.  I don't know if firefox can support integrated authentication to an ISA server.  

2) ACLs typically work on the IP address, not a URL.  However, you could combine VLANs and a proxy server that filters by source IP address instead of an authenticating proxy server.  This way you could avoid the need for your users to authenticate, making it more transparent.  

A soho linksys router is not going to provide this kind of functionality (VLANS and ACLS).  A cisco router  would have the capability to do this.

3) I am sure there are Firewall devices that can do it.  What it boils down to is the device doing the filtering (or blocking access to) needs to be able to identify who it should filter for, and who it should allow unrestricted access.  Somehow you have to identify this traffic, via authentication, network separation, or some other means.  

4) I would imagine that desktop content filtering software has some mechanism for preventing users from modifying the settings.  Sorry, I do not know of any open source software for this.

We use a combination of VLANs / Routing, and an expensive Enterprise web filtering software package to manage access to the internet.



0
 

Author Comment

by:Joyf
ID: 18856616
Thanks so much for this.
Just 3 things are not yet completely clear :

- If we combine VLANs and a proxy, we then don't need to use a router with ACLs ? And a router won't be able to filter URLs ?
- To prevent users from bypassing the proxy : is that performed on the internet access router that automatically redirects towards the proxy ?
- Can't a soft firewall could also do this ?

Thanks again !!!
0
 
LVL 3

Expert Comment

by:Comply
ID: 18868416
A router with Access Administration  Restrictions can do this. You just set the Web sites they are allowed to use.

Dlink, Linksys etc have these options as well as port restrictions, BW throttling.

Cost around $80.00 for the dlnik DIR-625 with a host of other options with USB support.
0

Featured Post

What, When and Where - Security Threats from Q1

Join Corey Nachreiner, CTO, and Marc Laliberte, Information Security Threat Analyst, on July 26th as they explore their key findings from the first quarter of 2017.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

When you try to share a printer , you may receive one of the following error messages. Error message when you use the Add Printer Wizard to share a printer: Windows could not share your printer. Operation could not be completed (Error 0x000006…
In this article, I am going to show you how to simulate a multi-site Lab environment on a single Hyper-V host. I use this method successfully in my own lab to simulate three fully routed global AD Sites on a Windows 10 Hyper-V host.
NetCrunch network monitor is a highly extensive platform for network monitoring and alert generation. In this video you'll see a live demo of NetCrunch with most notable features explained in a walk-through manner. You'll also get to know the philos…
Monitoring a network: why having a policy is the best policy? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the enormous benefits of having a policy-based approach when monitoring medium and large networks. Software utilized in this v…
Suggested Courses

617 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question