Restricted Internet via Web Browser?

hi experts

My friend is a network administrator and on behalf of him, i would like to know that:

Is it possible to restrict websites such as facebook, twitter just via Internet Explorer (or any other browser) and not using any other third party software for doing the same? if yes, how could that be done and if how could that be avioded/break?

What he (my friend) has seen in one small organization was that no third party tools were installed that could log the internet traffic for the employees, yet they were not able to access social networking websites, online documents websites etc

P.S.: My intention is not encourage any kind of suspcious activity/piracy or violation of EE rules and regulations

thanks
LVL 7
meispiscesAsked:
Who is Participating?
 
goyal_251Connect With a Mentor Commented:
Yes can add the entry in host file.
go to c:\windows\system32\drivers\etc
open hosts file in note pad
127.0.0.1       facebook.com
127.0.0.1       twitter.com
and so on you can add any number of site..it will redirect the request to local machine.hence page would not open
0
 
Jini JoseSenior .Net DeveloperCommented:
if a system administrator wants to block any website, he can do simply.
in an office all the internet connection is going through a server. so if they installed any software in that server, you can not identify that. and you cannot break that.
they can simply watch the browser activity of any computer connected to that server.
0
 
TimAllanCommented:
Yes, you can restrict certain sites by adding entries to the local "hosts" file located under : C:\Windows\System32\drivers\etc

Put in an entry similar to this :
127.0.0.1  www.facebook.com

The user will just get a 404 Error... :)
0
Protect Your Employees from Wi-Fi Threats

As Wi-Fi growth and popularity continues to climb, not everyone understands the risks that come with connecting to public Wi-Fi or even offering Wi-Fi to employees, visitors and guests. Download the resource kit to make sure your safe wherever business takes you!

 
meispiscesAuthor Commented:
@gmailjini: Thanks for the comment,
The software that they be installing in server say XYZ, then XYZ client version is not needed on client computers to be installed?
0
 
Jini JoseSenior .Net DeveloperCommented:
meispisces

there is no need for a client software.

if the server is Linux, then there is a software available is Squid.
if it is windows then there are lots of software available for doing that.

can u please tell what is the error message comes when u accessing the blocked sites ?
0
 
meispiscesAuthor Commented:
@gmailjini: Error message that was coming was a standard error message: "Internet Explorer cannot display the webpage" (when accessing in IE)
When accessing in MF, the error message is "Unable to connect. Firefox can't establish a connection to the server at 127.0.0.1:2372"
0
 
TimAllanCommented:
You will get that error when you change the 'hosts' file.  The users will just think the web page is down....for a very long time and get the hint :)
0
 
meispiscesAuthor Commented:
@TimAllan: So what needs to be done in that case?\
0
 
Jini JoseSenior .Net DeveloperCommented:
@meispisces

TimAllan is correct. i think it is not blocked through the server.

what is your intention ? to break the block ?
0
 
Krzysztof PytkoSenior Active Directory EngineerCommented:
I would suggest to use PROXY server. Then you can simply control patterns, attachments, content, white lists, black lists aso. The most simple and free solution is SQUID (it works in bunch of Linux editions, FreeBSD, openBSD). YOu can manage whole Internet traffic in central store (SQUID) not in hosts file (which is painful :/) Alternative solution could be ISA or ForeFront Security (but it is paid solution).
0
 
meispiscesAuthor Commented:
@gmailjini:No my intention is only to know how to block the websites without using 3rd party tools as i was unaware about the same.
 
 
0
 
Krzysztof PytkoSenior Active Directory EngineerCommented:
Without 3rd party solutin it is a nightmare!
0
 
syedyounusCommented:
without 3rd party solutions it will not work in a foolproof manner, since some advance users will check the host file & they will edit it.

0
 
TimAllanConnect With a Mentor Commented:
@meispisces
If the users are not administrators to the machine, then they shouldn't be able to edit the file.  All you need to do is edit that "hosts" file in the directory mentioned above with the sites you wish to block.  We do a similar thing here at work to block facebook/myspace.  Once your friend has all the sites listed in the hosts file that he/she wants to block, copy that file (either by Group Policy or a batch file) to all the computers on the workgroup/domain.  Easy!
0
 
Jini JoseSenior .Net DeveloperCommented:
@TimAllan

this will work if the network has only a few computers. but if the LAN is large, it is not applicable to edit all the computers host file.
0
 
Krzysztof PytkoConnect With a Mentor Senior Active Directory EngineerCommented:
and it is no best practices. PROXY server were developed for that action.
0
 
TimAllanCommented:
How many computers are they looking after meispisces?
0
 
frogmanalienConnect With a Mentor Commented:
If you're looking for a very simple system, and are using Internet Explorer only, you can setup Content Advisor very easily to setup restrictions - http://support.microsoft.com/kb/310401 without any third party software or similar - just make sure you prevent them from using other browsers (block the download pages definitely- remove local admin rights ideally!).

Hope that helps
0
 
madunixCommented:
These sites have lots of addresses so you will need to block every single one of them.... or alias
facebook.com    127.0.0.1 in the hosts file
0
 
DonConnect With a Mentor Network AdministratorCommented:
Good article here


Restricting Specific Web Sites in Internet Explorer Using Group Policy


http://www.windowsecurity.com/articles/Restricting-Specific-Web-Sites-Internet-Explorer-Using-Group-Policy.html
0
 
meispiscesAuthor Commented:
thanks
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.