Website restrictions

Posted on 2007-10-14
Medium Priority
Last Modified: 2008-08-04
I would like to block access on my network to Facebook.com, Myspace.com and possibly other sites.   Can it be done via group policy?   We do not have ISA server running and are using a basic firewall/router such as Linksys.
Question by:ccsstore
LVL 26

Accepted Solution

Farhan Kazi earned 2000 total points
ID: 20076700
Greetings Ccsstore,

The simplest way is to modify the HOSTS file on each PC and put an entry in it for each domain you DON'T want the users to access and point them to (you can edit the hostile with notepad)

For example to block www.hotmail.com add this line to the end of the HOSTS file (%WINDIR%\system32\drivers\etc\)     www.hotmail.com

Another way is to add an entry in your DNS server for the website with an incorrect IP address. Create a facebook.com DNS domain and then point it to an IP address in your corp network, maybe make one of your servers run IIS and put up a "Block Page" to display to the user.  Of course this can be tedious, we happen to use a content filter which sends a block page to the user when they try to access a site forbidden to them.

Use Group Policy to Add the Sites into "Restricted sites" (the four groups in the "Security" tab of Internet Explorer).

NOTE: This works with only Internet Explorer not with other browsers.



Follow above site steps and Instead of adding the sites to "Trusted sites" add the sites that you do not want be visited to "Restricted Sites".

You can use IPSec IP filter lists.

Hope this helps!
LVL 13

Expert Comment

ID: 20080768
It should be mentioned that many Internet users can get around all three of the first methods without much trouble, and the fourth method won't stop some of your more determined users who will likely VPN or secure tunnel out of your network.

Policy statements, monitoring and warnings to those who break the rules may go a long way to preventing misuse of your network.  Psychology can be a strong technical control if utilized properly.


Expert Comment

by:Adrien de Croy
ID: 20083442
An intercepting proxy will also stop all but the more determined abusers.  You'd need to pipe all traffic through the proxy, and have it intercept web connections, and apply policy there.  Most commonly available proxy products (i.e. WinGate, WinRoute etc) will do this for you.  Depending on the product you can still allow some limited access to restricted sites as well (such as during lunch times or out of hours) - e.g WinGate has time-of-day rule capabilities.
LVL 51

Expert Comment

ID: 20094861
the only reliable way is to force access through a proxy
This proxy must terminate all SSL connections too if you want to avoid bypassing the proxy, which breaks the trust relations ship of all SSl certificates, obviously ...
LVL 26

Expert Comment

by:Farhan Kazi
ID: 20211877
Any update Ccsstore?

Featured Post


Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Backups and Disaster RecoveryIn this post, we’ll look at strategies for backups and disaster recovery.
A new hacking trick has emerged leveraging your own helpdesk or support ticketing tools as an easy way to distribute malware.
In this video, Percona Solutions Engineer Barrett Chambers discusses some of the basic syntax differences between MySQL and MongoDB. To learn more check out our webinar on MongoDB administration for MySQL DBA: https://www.percona.com/resources/we…
We’ve all felt that sense of false security before—locking down external access to a database or component and feeling like we’ve done all we need to do to secure company data. But that feeling is fleeting. Attacks these days can happen in many w…
Suggested Courses
Course of the Month13 days, 13 hours left to enroll

807 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question