Website restrictions

Posted on 2007-10-14
Last Modified: 2008-08-04
I would like to block access on my network to, and possibly other sites.   Can it be done via group policy?   We do not have ISA server running and are using a basic firewall/router such as Linksys.
Question by:ccsstore
    LVL 26

    Accepted Solution

    Greetings Ccsstore,

    The simplest way is to modify the HOSTS file on each PC and put an entry in it for each domain you DON'T want the users to access and point them to (you can edit the hostile with notepad)

    For example to block add this line to the end of the HOSTS file (%WINDIR%\system32\drivers\etc\)

    Another way is to add an entry in your DNS server for the website with an incorrect IP address. Create a DNS domain and then point it to an IP address in your corp network, maybe make one of your servers run IIS and put up a "Block Page" to display to the user.  Of course this can be tedious, we happen to use a content filter which sends a block page to the user when they try to access a site forbidden to them.

    Use Group Policy to Add the Sites into "Restricted sites" (the four groups in the "Security" tab of Internet Explorer).

    NOTE: This works with only Internet Explorer not with other browsers.

    Follow above site steps and Instead of adding the sites to "Trusted sites" add the sites that you do not want be visited to "Restricted Sites".

    You can use IPSec IP filter lists.

    Hope this helps!
    LVL 13

    Expert Comment

    It should be mentioned that many Internet users can get around all three of the first methods without much trouble, and the fourth method won't stop some of your more determined users who will likely VPN or secure tunnel out of your network.

    Policy statements, monitoring and warnings to those who break the rules may go a long way to preventing misuse of your network.  Psychology can be a strong technical control if utilized properly.

    LVL 3

    Expert Comment

    by:Adrien de Croy
    An intercepting proxy will also stop all but the more determined abusers.  You'd need to pipe all traffic through the proxy, and have it intercept web connections, and apply policy there.  Most commonly available proxy products (i.e. WinGate, WinRoute etc) will do this for you.  Depending on the product you can still allow some limited access to restricted sites as well (such as during lunch times or out of hours) - e.g WinGate has time-of-day rule capabilities.
    LVL 51

    Expert Comment

    the only reliable way is to force access through a proxy
    This proxy must terminate all SSL connections too if you want to avoid bypassing the proxy, which breaks the trust relations ship of all SSl certificates, obviously ...
    LVL 26

    Expert Comment

    Any update Ccsstore?

    Featured Post

    Looking for New Ways to Advertise?

    Engage with tech pros in our community with native advertising, as a Vendor Expert, and more.

    Join & Write a Comment

    More or less everybody in the IT market understands the basics of Networking, however when we start talking about Storage Networks, things get a bit dizzier, and this is where I would like to help.
    The use of stolen credentials is a hot commodity this year allowing threat actors to move laterally within the network in order to avoid breach detection.
    In this sixth video of the Xpdf series, we discuss and demonstrate the PDFtoPNG utility, which converts a multi-page PDF file to separate color, grayscale, or monochrome PNG files, creating one PNG file for each page in the PDF. It does this via a c…
    Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

    746 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    14 Experts available now in Live!

    Get 1:1 Help Now