asked on

How do I create an entry in the HOSTS or LMHOSts to make all website BUT the ones we want to redirect to 127.0.0.1?

Is there a way to create a HOSTS file that is opposite of the current one? Meaning can I make a HOSTS file that locks every website and I make a list of acceptable sites?

I like that MVPS hosts fie but it doesn't limit my work employees from going to youtube and what not.

I have a sonicwall but I dont want to limit every computer. Any suggestions?

cuziyq

Set the default gateway of the machine to 127.0.0.1. Then add the acceptable sites to the hosts file. If a site is requested for which there is no hosts entry, it will try to use the default gateway to resolve it.

The problem with this approach is that you'd also need entries for sites on your own network as well. Firewalls are the best solution for this kind of security. I've never used sonicwall, but I find it hard to believe that theirs is an all or nothing solution.

andygarratt

I agree with cuziyg about the default gateway, you could then also ass route into the local routing table of the machine but its a messy way of doing it.

A simple web proxy like squid provides white lists of website and then will prompt for authentication when going outside of them

Andy

andygarratt

They really should let you edit your responses to avoid things like ass instead of add :o)

cuziyq

LOL! At least I got a good laugh out of it.

Brian Pierce

If you want to do this properly you need to invest in a proxy server - then you can have full control over what users can and can't access, log what they are doing and speed up access by caching content.
The range of proxy server goes from acFree Proxy - http://sourceforge.net/projects/acfreeproxy/ which is free but limited to ISA server http://www.microsoft.com/isaserver/default.mspx which is fully featured - at a price

ccampan

ASKER

That's a good approach. We are a small workgroup (3 VISTA, 2 OSX) so this approach is reasonable considering we really only have one or two mapped drives.

cuziyq

If that's the case, then yeah, just make sure all 5 of those machines have an entry in your hosts file so this machine can see them. Also make sure they have static addresses. You wouldn't want to be changing it every time one of them got a new IP address. Then set the default gateway to 127.0.0.1

ccampan

ASKER

To be exact we have 3 PC's running Quickbooks Point of Sale. I am not sure how they find one another. 1 of the three is the server and the other two log onto that database server.

What entries would I need to make do you think? Simply the computer name like 192.168.1.20 KATVPOS as an example in the HOSTS?

Brian Pierce

Making the default GateWay 127.0.0.1 is going to prohibit all internet traffic regardless of any entries in the hosts file so only do this if you want NO access outside of the current subnet so unless you want to ban ALL internet access don't do this.

The short anser is you can't do this without some addition software such as a proxy server. The hosts file cannot be used like this. If you had a domain you could use conditional forwarding to build a bodge - but the real answer is a proxy server.

ASKER CERTIFIED SOLUTION

naldiian

membership

This solution is only available to members.

To access this solution, you must be a member of Experts Exchange.

Start Free Trial

ccampan

ASKER

Wow, lots to think about. I tried the entire hosts file dump but I am unsure if this is going to create issues with windows update and symantec AV updates.

It does work well for us though as the only 'server' we connect to via web browser is our booking server which we use via IP and not domain.

I need to go to school on the firewall. Apparently the firewall is the end all be all.