Solved

Can I block some computers from certian websites (facebook) and not all

Posted on 2010-11-19
11
435 Views
Last Modified: 2012-05-10
I've got a client with a lot of users who wants me to block facebook and some other sites from their network but that have a corporate facebook page for business so they want some users to be allowed to access it. What I tried was createing a false DNS entry on the DNS server so when users went to facebook they got redirected to the companies Website. My plan was to then edit the hosts file on the specific users that they want allowed with the correct IP. But on those PC's the main site sort of appears but you don't see the pictures and every link they click on inside the site gets blocked. I don't have the time to add the URL to every specific form in faceboom to the hosts file.

Is there another way of accomplishing what they want me to do?
0
Comment
Question by:Axis52401
  • 3
  • 3
  • 2
  • +2
11 Comments
 
LVL 2

Expert Comment

by:Andy_23
ID: 34175277
That depends. What kind of firewall do You use? On specific firewalls You can set a policy that allow certain group of users to have access to certain group of sites and other havent.

0
 
LVL 5

Expert Comment

by:CAGdorf
ID: 34175297
Also you can do that with some Antivirus products. We have that feature with Trend Micro Worry Free Business. Another trick I use, if I can't do that. I manage the local policy on the computer and add facebook.com to the restricted sites. They can still visit it, but it looks like *hit so they won't have much fun there.
0
 
LVL 2

Author Comment

by:Axis52401
ID: 34175357
They have a watchguard firewall that has some sort of Web blocking feature but I don't know what options it has since you have to buy a subscription for it to even see the options. We do use Trend Worry fre Antivirus. Is there a way of using the restricted sites option on some computers and not all?
0
 
LVL 12

Expert Comment

by:mccracky
ID: 34175380
This is more of a networking question than anything else.  Facebook (and a lot of other services) is harder to block these days as they have so many variations and other sites, so you can't do just one IP or DNS entry.  It is possible, but it depends what your infrastructure is like.  What I'd do:

1. Set up OpenDNS (www.opendns.com) and set that to block facebook (and other social networking sites) and whatever else falls outside the bounds of company policy.
2. Put the opendns servers in the DHCP server so all clients get that as their DNS.
3. Set up an authenticating proxy server (Squid is what I'd use) that authenticates either by user or by computer IP (IP would be easier, but either is possible).
4. Set up Squid to use other DNS servers that don't block Facebook.
5. Set up those that need to access Facebook to use the Squid proxy server.

There are other ways, and depending on how strict the rules need to be enforced or the technical savvy of the users there can be variations on the above.
0
 
LVL 5

Expert Comment

by:CAGdorf
ID: 34175515
With the Trend Micro you can create a group of computers, say "Restricted" and set the properties of that restricted group to not be able to go to whatever sites you deem inappropriate.
0
IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

 
LVL 5

Expert Comment

by:CAGdorf
ID: 34175552
I guess I can't find where you type in custom ones, but they do offer a lot of categories. I thought I saw somewhere where you can type in custom ones:  Trend Micro
0
 
LVL 4

Expert Comment

by:LBACIS
ID: 34180290
This is all built into the watchguard firewall already;

Create separate "http proxy" policies for the filtering use webblocker. I usually create 3 or 4 levels of browsing rights with separate webblocker policies; full, medium, low. Then use the windows authentication that is built into the watchguard and create groups in Active directory that match your browsing policies that you just created. Now add the groups as the from and any as the to for each policy except for the "default" policy because any unauthenticated user will get shoved into that policy anyway. Post if you need further direction but I use this and have it in place anywhere that I have installed a firebox.
0
 
LVL 2

Author Comment

by:Axis52401
ID: 34181497
They don't want to pay for the Watch guard web filtering service. I'm looking for a solution that will work with their existing equipment.
0
 
LVL 4

Expert Comment

by:LBACIS
ID: 34181729
Do you only have two groups?
0
 
LVL 12

Expert Comment

by:mccracky
ID: 34197466
Do they have more than one external IP?  If so you can set up OpenDNS filtering differently according to what IP they use.  You can use different gateways for the two classes of users.  

"I'm looking for a solution that will work with their existing equipment."

You need to let us know what they have to be able to advise you if this is a requirement.  Like I said, it's better managed as a network issue rather than a per computer issue as it allows better administration.  What is the infrastructure like?

0
 
LVL 4

Accepted Solution

by:
LBACIS earned 500 total points
ID: 34200869
McCracky you beat me to it. That is exactly why I asked if he has two groups. You place two IP addresses as the gateways for the clients and use separate external IP addressees, then you will change the dynamic NAT rule in the watchguard.
0

Featured Post

Threat Intelligence Starter Resources

Integrating threat intelligence can be challenging, and not all companies are ready. These resources can help you build awareness and prepare for defense.

Join & Write a Comment

Do you come here a lot? Are you lazy like me and don't want to go through the "trouble" of having to click your Dock's Safari icon and then having to click your Experts Exchange Favorites bookmark to get here? Well then this article is for you.
Citrix XenApp, Internet Explorer 11 set to Enterprise Mode and using central hosted sites.xml file.
The purpose of this video is to demonstrate how to Import and export files in WordPress. This will be demonstrated using a Windows 8 PC. Go to your WordPress login page. This will look like the following: mywebsite.com/wp-login.php : Click on Too…
This Micro Tutorial will demonstrate how to add subdomains to your content reports. This can be very importing in having a site with multiple subdomains.

746 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now