Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Can I block some computers from certian websites (facebook) and not all

Posted on 2010-11-19
11
Medium Priority
?
447 Views
Last Modified: 2012-05-10
I've got a client with a lot of users who wants me to block facebook and some other sites from their network but that have a corporate facebook page for business so they want some users to be allowed to access it. What I tried was createing a false DNS entry on the DNS server so when users went to facebook they got redirected to the companies Website. My plan was to then edit the hosts file on the specific users that they want allowed with the correct IP. But on those PC's the main site sort of appears but you don't see the pictures and every link they click on inside the site gets blocked. I don't have the time to add the URL to every specific form in faceboom to the hosts file.

Is there another way of accomplishing what they want me to do?
0
Comment
Question by:Axis52401
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
  • 2
  • +2
11 Comments
 
LVL 2

Expert Comment

by:Andy_23
ID: 34175277
That depends. What kind of firewall do You use? On specific firewalls You can set a policy that allow certain group of users to have access to certain group of sites and other havent.

0
 
LVL 5

Expert Comment

by:CAGdorf
ID: 34175297
Also you can do that with some Antivirus products. We have that feature with Trend Micro Worry Free Business. Another trick I use, if I can't do that. I manage the local policy on the computer and add facebook.com to the restricted sites. They can still visit it, but it looks like *hit so they won't have much fun there.
0
 
LVL 2

Author Comment

by:Axis52401
ID: 34175357
They have a watchguard firewall that has some sort of Web blocking feature but I don't know what options it has since you have to buy a subscription for it to even see the options. We do use Trend Worry fre Antivirus. Is there a way of using the restricted sites option on some computers and not all?
0
Simplify Your Workload with One Tool

How do you combat today’s intelligent hacker while managing multiple domains and platforms? By simplifying your workload with one tool. With Lunarpages hosting through Plesk Onyx, you can:

Automate SSL generation and installation with two clicks
Experience total server control

 
LVL 12

Expert Comment

by:mccracky
ID: 34175380
This is more of a networking question than anything else.  Facebook (and a lot of other services) is harder to block these days as they have so many variations and other sites, so you can't do just one IP or DNS entry.  It is possible, but it depends what your infrastructure is like.  What I'd do:

1. Set up OpenDNS (www.opendns.com) and set that to block facebook (and other social networking sites) and whatever else falls outside the bounds of company policy.
2. Put the opendns servers in the DHCP server so all clients get that as their DNS.
3. Set up an authenticating proxy server (Squid is what I'd use) that authenticates either by user or by computer IP (IP would be easier, but either is possible).
4. Set up Squid to use other DNS servers that don't block Facebook.
5. Set up those that need to access Facebook to use the Squid proxy server.

There are other ways, and depending on how strict the rules need to be enforced or the technical savvy of the users there can be variations on the above.
0
 
LVL 5

Expert Comment

by:CAGdorf
ID: 34175515
With the Trend Micro you can create a group of computers, say "Restricted" and set the properties of that restricted group to not be able to go to whatever sites you deem inappropriate.
0
 
LVL 5

Expert Comment

by:CAGdorf
ID: 34175552
I guess I can't find where you type in custom ones, but they do offer a lot of categories. I thought I saw somewhere where you can type in custom ones:  Trend Micro
0
 
LVL 4

Expert Comment

by:LBACIS
ID: 34180290
This is all built into the watchguard firewall already;

Create separate "http proxy" policies for the filtering use webblocker. I usually create 3 or 4 levels of browsing rights with separate webblocker policies; full, medium, low. Then use the windows authentication that is built into the watchguard and create groups in Active directory that match your browsing policies that you just created. Now add the groups as the from and any as the to for each policy except for the "default" policy because any unauthenticated user will get shoved into that policy anyway. Post if you need further direction but I use this and have it in place anywhere that I have installed a firebox.
0
 
LVL 2

Author Comment

by:Axis52401
ID: 34181497
They don't want to pay for the Watch guard web filtering service. I'm looking for a solution that will work with their existing equipment.
0
 
LVL 4

Expert Comment

by:LBACIS
ID: 34181729
Do you only have two groups?
0
 
LVL 12

Expert Comment

by:mccracky
ID: 34197466
Do they have more than one external IP?  If so you can set up OpenDNS filtering differently according to what IP they use.  You can use different gateways for the two classes of users.  

"I'm looking for a solution that will work with their existing equipment."

You need to let us know what they have to be able to advise you if this is a requirement.  Like I said, it's better managed as a network issue rather than a per computer issue as it allows better administration.  What is the infrastructure like?

0
 
LVL 4

Accepted Solution

by:
LBACIS earned 2000 total points
ID: 34200869
McCracky you beat me to it. That is exactly why I asked if he has two groups. You place two IP addresses as the gateways for the clients and use separate external IP addressees, then you will change the dynamic NAT rule in the watchguard.
0

Featured Post

Hire Technology Freelancers with Gigs

Work with freelancers specializing in everything from database administration to programming, who have proven themselves as experts in their field. Hire the best, collaborate easily, pay securely, and get projects done right.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Dramatic changes are revolutionizing how we build and use technology. Every company is automating, digitizing, and modernizing operations. We need a better, more connected way to work together as teams so we can harness the insights from our system…
Ever visit a website where you spotted a really cool looking Font, yet couldn't figure out which font family it belonged to, or how to get a copy of it for your own use? This article explains the process of doing exactly that, as well as showing how…
The purpose of this video is to demonstrate how to update a WordPress Site’s version. WordPress releases new versions of its software frequently and it is important to update frequently in order to keep your site secure, and to get new WordPress…
The purpose of this video is to demonstrate how to set up basic WordPress SEO. This will be demonstrated using a Windows 8 PC. The plugin used will be WordPress SEO by Yoast. Go to your WordPress login page. This will look like the following: myw…
Suggested Courses

604 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question