Solved

Restrict access to some URL for some PC only

Posted on 2007-04-04
6
655 Views
Last Modified: 2011-09-20
Hi experts !

Let's consider I have a site with many PC with Internet access and using FireFox.
I want only some of them to be able to access only 1 or 2 Internet sites.

What are the different ways to accomplish this and which one is the best ?

Thanks a lot !
0
Comment
Question by:Joyf
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
6 Comments
 
LVL 29

Expert Comment

by:Alan Huseyin Kayahan
ID: 18850577
              *If you want a central-management, you should install a proxy server (Websense for example)
              *If you want client-side maangement, you should install internet security softwares like Norton internet security.
0
 
LVL 2

Expert Comment

by:Glowingdark
ID: 18850645
One solution would be to set up a proxy server that requires authentication.  Then, depending on authentication, you could limit access to only specific websites.  You would have to prevent access to the internet for anyone attempting to bypass the proxy, since your users could just disable the proxy settings in FireFox.  

Another solution is to point the computers that you wish to have limited access to a DNS server that only resolves the addresses of the hosts you want them to access.  This would not prevent them from browsing to other sites by IP address though.

A more robust solution would be to use VLANs or Physical LANs  (to segregate the computers that need only limited access), and routers with ACLs to limit traffic from the VLAN/ LAN.   This method would probably be the most complicated to set up, but the most transparent to the individual users.  

There are also web filtering products that will allow you to setup whitelists, which would allow you to setup a list of "allowed websites".    
0
 

Author Comment

by:Joyf
ID: 18851552
Thanks for your answers !
I then would need some more details :

1) Proxy authentication :
Does this mean that they would have a login page each time they access Internet the first time ?
Is this login page a Firefox dialog window ?
Any small clue on how to prevent users from bypassing the proxy ?

2) VLANs solution : can a standard Internet router can implement ACLs to filter URLs from differents VLANs ?

3) Can't a firewall could accomplish what I want ?

4) Client-side solution : this can be password-protected ? Any well-known open source solution for that ?

So many thanks in advance !
0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 2

Accepted Solution

by:
Glowingdark earned 50 total points
ID: 18853407
1) Yes, potentially the first time they open firefox they would have to authenticate.  Depending on the proxy server in use, you may be able to automate this.  I don't know if firefox can support integrated authentication to an ISA server.  

2) ACLs typically work on the IP address, not a URL.  However, you could combine VLANs and a proxy server that filters by source IP address instead of an authenticating proxy server.  This way you could avoid the need for your users to authenticate, making it more transparent.  

A soho linksys router is not going to provide this kind of functionality (VLANS and ACLS).  A cisco router  would have the capability to do this.

3) I am sure there are Firewall devices that can do it.  What it boils down to is the device doing the filtering (or blocking access to) needs to be able to identify who it should filter for, and who it should allow unrestricted access.  Somehow you have to identify this traffic, via authentication, network separation, or some other means.  

4) I would imagine that desktop content filtering software has some mechanism for preventing users from modifying the settings.  Sorry, I do not know of any open source software for this.

We use a combination of VLANs / Routing, and an expensive Enterprise web filtering software package to manage access to the internet.



0
 

Author Comment

by:Joyf
ID: 18856616
Thanks so much for this.
Just 3 things are not yet completely clear :

- If we combine VLANs and a proxy, we then don't need to use a router with ACLs ? And a router won't be able to filter URLs ?
- To prevent users from bypassing the proxy : is that performed on the internet access router that automatically redirects towards the proxy ?
- Can't a soft firewall could also do this ?

Thanks again !!!
0
 
LVL 3

Expert Comment

by:Comply
ID: 18868416
A router with Access Administration  Restrictions can do this. You just set the Web sites they are allowed to use.

Dlink, Linksys etc have these options as well as port restrictions, BW throttling.

Cost around $80.00 for the dlnik DIR-625 with a host of other options with USB support.
0

Featured Post

Is Your DevOps Pipeline Leaking?

Is your CI/CD pipeline a hodge-podge of randomly connected tools? You’ve likely got a tool to fix one problem & then a different tool to fix another, resulting in a cluster of tools with overlapping functionality. Learn how to optimize your pipeline with Gartner's recommendations

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
VOIP gateways - feedback 23 125
Checking Network connectivity 3 85
Add GoToMeeting Invites Rooms to Exchange Conference Rooms 2 58
Esxi host upgrade 16 99
In this article, I am going to show you how to simulate a multi-site Lab environment on a single Hyper-V host. I use this method successfully in my own lab to simulate three fully routed global AD Sites on a Windows 10 Hyper-V host.
For many of us, the  holiday season kindles the natural urge to give back to our friends, family members and communities. While it's easy for friends to notice the impact of such deeds, understanding the contributions of businesses and enterprises i…
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…

751 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question