We help IT Professionals succeed at work.

Control Internet access per user not IP


Can someone recommend a good way to filter internet access for a small business? Right now we're using Untangle web filter (free), it does a good job but it works per IP address not per user.
I want to be able to block ftp/smtp on all computers (can also be done at the FW level), some users will have access only to certain web sites, others will have no access at all. Mgmt employees will have full internet access, all internet access must be logged and reported.

This is Windows 2008/2003 server environment with WIn XP pro as workstations. I'd prefer centralized solution free would be best.

Thank you
Watch Question

Use IPCop as your firewall with URL filter and Advance proxy add-ons loaded.


I can't replace firewall, we have ASA 5505 with VPN set up.


can it be used in bridge mode?
From Cisco - check out https://supportforums.cisco.com/message/3023268

This will tell you how to filter url's using the ASA 5505.
Expanding on the logic I would use role based groups (i.e.group membership in AD) to apply filters as well.
While you can't replace your existing firewall, could you not add a second firewall?
I believe a Watchguard can do what you need using AD integration.


I considered cisco, but it does per ip/host filtering, I need per user (LDAP) filtering.

Yes I could do it, however there must be an easier way to filter web access by username.
Software and Hardware Engineer
squid can do ntlm authentication (i.e. based on username logged into active directory) and will run on windows.

requirement though is a windows server to run it on - but most people have at least a SBS these days.
Dave HoweSoftware and Hardware Engineer

or of course linux+samba, if you have a linux box. or if you really want to push the envelope, OES2 and DSfW :)