Solved

Restricted Internet via Web Browser?

Posted on 2010-08-29
21
742 Views
Last Modified: 2013-12-08
hi experts

My friend is a network administrator and on behalf of him, i would like to know that:

Is it possible to restrict websites such as facebook, twitter just via Internet Explorer (or any other browser) and not using any other third party software for doing the same? if yes, how could that be done and if how could that be avioded/break?

What he (my friend) has seen in one small organization was that no third party tools were installed that could log the internet traffic for the employees, yet they were not able to access social networking websites, online documents websites etc

P.S.: My intention is not encourage any kind of suspcious activity/piracy or violation of EE rules and regulations

thanks
0
Comment
Question by:meispisces
  • 5
  • 4
  • 4
  • +6
21 Comments
 
LVL 10

Expert Comment

by:Jini Jose
ID: 33556073
if a system administrator wants to block any website, he can do simply.
in an office all the internet connection is going through a server. so if they installed any software in that server, you can not identify that. and you cannot break that.
they can simply watch the browser activity of any computer connected to that server.
0
 
LVL 5

Expert Comment

by:TimAllan
ID: 33556079
Yes, you can restrict certain sites by adding entries to the local "hosts" file located under : C:\Windows\System32\drivers\etc

Put in an entry similar to this :
127.0.0.1  www.facebook.com

The user will just get a 404 Error... :)
0
 
LVL 7

Author Comment

by:meispisces
ID: 33556085
@gmailjini: Thanks for the comment,
The software that they be installing in server say XYZ, then XYZ client version is not needed on client computers to be installed?
0
Master Your Team's Linux and Cloud Stack!

The average business loses $13.5M per year to ineffective training (per 1,000 employees). Keep ahead of the competition and combine in-person quality with online cost and flexibility by training with Linux Academy.

 
LVL 4

Accepted Solution

by:
goyal_251 earned 100 total points
ID: 33556086
Yes can add the entry in host file.
go to c:\windows\system32\drivers\etc
open hosts file in note pad
127.0.0.1       facebook.com
127.0.0.1       twitter.com
and so on you can add any number of site..it will redirect the request to local machine.hence page would not open
0
 
LVL 10

Expert Comment

by:Jini Jose
ID: 33556094
meispisces

there is no need for a client software.

if the server is Linux, then there is a software available is Squid.
if it is windows then there are lots of software available for doing that.

can u please tell what is the error message comes when u accessing the blocked sites ?
0
 
LVL 7

Author Comment

by:meispisces
ID: 33556119
@gmailjini: Error message that was coming was a standard error message: "Internet Explorer cannot display the webpage" (when accessing in IE)
When accessing in MF, the error message is "Unable to connect. Firefox can't establish a connection to the server at 127.0.0.1:2372"
0
 
LVL 5

Expert Comment

by:TimAllan
ID: 33556136
You will get that error when you change the 'hosts' file.  The users will just think the web page is down....for a very long time and get the hint :)
0
 
LVL 7

Author Comment

by:meispisces
ID: 33556163
@TimAllan: So what needs to be done in that case?\
0
 
LVL 10

Expert Comment

by:Jini Jose
ID: 33556225
@meispisces

TimAllan is correct. i think it is not blocked through the server.

what is your intention ? to break the block ?
0
 
LVL 39

Expert Comment

by:Krzysztof Pytko
ID: 33556243
I would suggest to use PROXY server. Then you can simply control patterns, attachments, content, white lists, black lists aso. The most simple and free solution is SQUID (it works in bunch of Linux editions, FreeBSD, openBSD). YOu can manage whole Internet traffic in central store (SQUID) not in hosts file (which is painful :/) Alternative solution could be ISA or ForeFront Security (but it is paid solution).
0
 
LVL 7

Author Comment

by:meispisces
ID: 33556245
@gmailjini:No my intention is only to know how to block the websites without using 3rd party tools as i was unaware about the same.
 
 
0
 
LVL 39

Expert Comment

by:Krzysztof Pytko
ID: 33556266
Without 3rd party solutin it is a nightmare!
0
 
LVL 6

Expert Comment

by:syedyounus
ID: 33556385
without 3rd party solutions it will not work in a foolproof manner, since some advance users will check the host file & they will edit it.

0
 
LVL 5

Assisted Solution

by:TimAllan
TimAllan earned 100 total points
ID: 33556457
@meispisces
If the users are not administrators to the machine, then they shouldn't be able to edit the file.  All you need to do is edit that "hosts" file in the directory mentioned above with the sites you wish to block.  We do a similar thing here at work to block facebook/myspace.  Once your friend has all the sites listed in the hosts file that he/she wants to block, copy that file (either by Group Policy or a batch file) to all the computers on the workgroup/domain.  Easy!
0
 
LVL 10

Expert Comment

by:Jini Jose
ID: 33556466
@TimAllan

this will work if the network has only a few computers. but if the LAN is large, it is not applicable to edit all the computers host file.
0
 
LVL 39

Assisted Solution

by:Krzysztof Pytko
Krzysztof Pytko earned 100 total points
ID: 33556478
and it is no best practices. PROXY server were developed for that action.
0
 
LVL 5

Expert Comment

by:TimAllan
ID: 33556561
How many computers are they looking after meispisces?
0
 
LVL 3

Assisted Solution

by:frogmanalien
frogmanalien earned 100 total points
ID: 33557129
If you're looking for a very simple system, and are using Internet Explorer only, you can setup Content Advisor very easily to setup restrictions - http://support.microsoft.com/kb/310401 without any third party software or similar - just make sure you prevent them from using other browsers (block the download pages definitely- remove local admin rights ideally!).

Hope that helps
0
 
LVL 25

Expert Comment

by:madunix
ID: 33581517
These sites have lots of addresses so you will need to block every single one of them.... or alias
facebook.com    127.0.0.1 in the hosts file
0
 
LVL 47

Assisted Solution

by:Donald Stewart
Donald Stewart earned 100 total points
ID: 33593177
Good article here


Restricting Specific Web Sites in Internet Explorer Using Group Policy


http://www.windowsecurity.com/articles/Restricting-Specific-Web-Sites-Internet-Explorer-Using-Group-Policy.html
0
 
LVL 7

Author Closing Comment

by:meispisces
ID: 33821371
thanks
0

Featured Post

Master Your Team's Linux and Cloud Stack!

The average business loses $13.5M per year to ineffective training (per 1,000 employees). Keep ahead of the competition and combine in-person quality with online cost and flexibility by training with Linux Academy.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I annotated my article on ransomware somewhat extensively, but I keep adding new references and wanted to put a link to the reference library.  Despite all the reference tools I have on hand, it was not easy to find a way to do this easily. I finall…
SSL stands for “Secure Sockets Layer” and an SSL certificate is a critical component to keeping your website safe, secured, and compliant. Any ecommerce website must have an SSL certificate to ensure the safe handling of sensitive information like…
How to create a custom search shortcut to site-search Experts Exchange using Google in the Firefox browser. This eliminates the need to type out site:experts-exchange.com whenever you want to search the site. Launch your Bookmark Menu: Press 'Ctrl +…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

831 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question