Solved

Can I block some computers from certian websites (facebook) and not all

Posted on 2010-11-19
11
442 Views
Last Modified: 2012-05-10
I've got a client with a lot of users who wants me to block facebook and some other sites from their network but that have a corporate facebook page for business so they want some users to be allowed to access it. What I tried was createing a false DNS entry on the DNS server so when users went to facebook they got redirected to the companies Website. My plan was to then edit the hosts file on the specific users that they want allowed with the correct IP. But on those PC's the main site sort of appears but you don't see the pictures and every link they click on inside the site gets blocked. I don't have the time to add the URL to every specific form in faceboom to the hosts file.

Is there another way of accomplishing what they want me to do?
0
Comment
Question by:Axis52401
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
  • 2
  • +2
11 Comments
 
LVL 2

Expert Comment

by:Andy_23
ID: 34175277
That depends. What kind of firewall do You use? On specific firewalls You can set a policy that allow certain group of users to have access to certain group of sites and other havent.

0
 
LVL 5

Expert Comment

by:CAGdorf
ID: 34175297
Also you can do that with some Antivirus products. We have that feature with Trend Micro Worry Free Business. Another trick I use, if I can't do that. I manage the local policy on the computer and add facebook.com to the restricted sites. They can still visit it, but it looks like *hit so they won't have much fun there.
0
 
LVL 2

Author Comment

by:Axis52401
ID: 34175357
They have a watchguard firewall that has some sort of Web blocking feature but I don't know what options it has since you have to buy a subscription for it to even see the options. We do use Trend Worry fre Antivirus. Is there a way of using the restricted sites option on some computers and not all?
0
Visualize your virtual and backup environments

Create well-organized and polished visualizations of your virtual and backup environments when planning VMware vSphere, Microsoft Hyper-V or Veeam deployments. It helps you to gain better visibility and valuable business insights.

 
LVL 12

Expert Comment

by:mccracky
ID: 34175380
This is more of a networking question than anything else.  Facebook (and a lot of other services) is harder to block these days as they have so many variations and other sites, so you can't do just one IP or DNS entry.  It is possible, but it depends what your infrastructure is like.  What I'd do:

1. Set up OpenDNS (www.opendns.com) and set that to block facebook (and other social networking sites) and whatever else falls outside the bounds of company policy.
2. Put the opendns servers in the DHCP server so all clients get that as their DNS.
3. Set up an authenticating proxy server (Squid is what I'd use) that authenticates either by user or by computer IP (IP would be easier, but either is possible).
4. Set up Squid to use other DNS servers that don't block Facebook.
5. Set up those that need to access Facebook to use the Squid proxy server.

There are other ways, and depending on how strict the rules need to be enforced or the technical savvy of the users there can be variations on the above.
0
 
LVL 5

Expert Comment

by:CAGdorf
ID: 34175515
With the Trend Micro you can create a group of computers, say "Restricted" and set the properties of that restricted group to not be able to go to whatever sites you deem inappropriate.
0
 
LVL 5

Expert Comment

by:CAGdorf
ID: 34175552
I guess I can't find where you type in custom ones, but they do offer a lot of categories. I thought I saw somewhere where you can type in custom ones:  Trend Micro
0
 
LVL 4

Expert Comment

by:LBACIS
ID: 34180290
This is all built into the watchguard firewall already;

Create separate "http proxy" policies for the filtering use webblocker. I usually create 3 or 4 levels of browsing rights with separate webblocker policies; full, medium, low. Then use the windows authentication that is built into the watchguard and create groups in Active directory that match your browsing policies that you just created. Now add the groups as the from and any as the to for each policy except for the "default" policy because any unauthenticated user will get shoved into that policy anyway. Post if you need further direction but I use this and have it in place anywhere that I have installed a firebox.
0
 
LVL 2

Author Comment

by:Axis52401
ID: 34181497
They don't want to pay for the Watch guard web filtering service. I'm looking for a solution that will work with their existing equipment.
0
 
LVL 4

Expert Comment

by:LBACIS
ID: 34181729
Do you only have two groups?
0
 
LVL 12

Expert Comment

by:mccracky
ID: 34197466
Do they have more than one external IP?  If so you can set up OpenDNS filtering differently according to what IP they use.  You can use different gateways for the two classes of users.  

"I'm looking for a solution that will work with their existing equipment."

You need to let us know what they have to be able to advise you if this is a requirement.  Like I said, it's better managed as a network issue rather than a per computer issue as it allows better administration.  What is the infrastructure like?

0
 
LVL 4

Accepted Solution

by:
LBACIS earned 500 total points
ID: 34200869
McCracky you beat me to it. That is exactly why I asked if he has two groups. You place two IP addresses as the gateways for the clients and use separate external IP addressees, then you will change the dynamic NAT rule in the watchguard.
0

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Internet is a big network which is formed by connecting multiple small networks.It is a platform for all the users which are connected to it.Internet act as platform in different fields. Such as: Internet  as a collaboration platform. Internet  as…
#Citrix #Internet Explorer #Enterprise Mode #IE 11 #IE 8
The purpose of this video is to demonstrate how to set up the permalinks on a WordPress Website. This will be demonstrated using a Windows 8 PC. Go to your WordPress login page. This will look like the following: mywebsite.com/wp-login.php : Go t…
This Micro Tutorial will demonstrate how nuggets on the Web are formatted by using Chrome Developer Tools. These tools would not only view the site's CSS but it can also modify it and save the CSS to use on your own site.

735 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question