Results 1 to 20 of 20

Thread: [RESOLVED] [serious] internet access blocking

  1. #1

    Thread Starter
    I'm about to be a PowerPoster! kleinma's Avatar
    Join Date
    Nov 2001
    Location
    NJ - USA (Near NYC)
    Posts
    23,373

    Resolved [RESOLVED] [serious] internet access blocking

    We have a need at a location to block ALL internet access on 2 specific computers, except for manually entered exceptions. The other machines should be unrestricted.

    The location uses a linksys router with built in internet access restrictions, but it is implemented half-arsed. It allows you to block internet access completely for given macs or IPs, or block certain sites. It doesn't give the option to block all except defined exceptions, which is what I need.

    Machines are not on a domain, and the 2 that need the access restrictions will likely be running as standard user (non admin) accounts.

    I read an article about using a fake proxy address in IE, and listing the allowed sites you want as exceptions for the proxy server. Then all non exceptions fail because the proxy doesnt exist, while the allowed sites don't use the proxy and then work. I guess that is an option, but I figure maybe someone else has some more ideas.

    Bottom line is they are looking to do this without buying hardware/software to implement it, so either using the router somehow, or just using whats available in XP Pro. and its a childrens daycare center, so its not like they are worried about 4-8 year olds figuring out how to bypass the restrictions...

  2. #2
    Banned timeshifter's Avatar
    Join Date
    Mar 2004
    Location
    at my desk
    Posts
    2,465

    Re: [serious] internet access blocking

    Have you checked out changing the host headers? If the guys in question are smart, they might be able to undo it, but it seems to me you should be able to list the sites you want and their respective IP addresses, then list *.*.*.* and point it to 127.0.0.1 or some such stunt. Maybe even a custom page on the server that says "Oh no! Stop trying to break the rules!"

  3. #3

    Thread Starter
    I'm about to be a PowerPoster! kleinma's Avatar
    Join Date
    Nov 2001
    Location
    NJ - USA (Near NYC)
    Posts
    23,373

    Re: [serious] internet access blocking

    yeah I read an article about the host file too, and was going to look at that if the built in features of IE didn't do the trick.

    I think the biggest problem I am going to run into is the fact that we need to BLOCK ALL BUT ALLOW SOME. One of the issues is of course many sites use cross domains for data, so it will be a bit of trial and error to get the needed sites working. So if a site is www.whatever.com and it gets all its images from www.parentsiteofwhatever.com, i need to allow both.. it could get a bit tricky..

  4. #4
    Banned timeshifter's Avatar
    Join Date
    Mar 2004
    Location
    at my desk
    Posts
    2,465

    Re: [serious] internet access blocking

    Some sites are smart and put all their images on a subdomain... so for some of them, you may be able to allow www.whatever.com and images.parentsiteofwhatever.com but still have www.parentsiteofwhatever.com blocked.

  5. #5

    Thread Starter
    I'm about to be a PowerPoster! kleinma's Avatar
    Join Date
    Nov 2001
    Location
    NJ - USA (Near NYC)
    Posts
    23,373

    Re: [serious] internet access blocking

    yeah.. I think its only maybe 10-12 sites that need to be enabled. Its a daycare, so they want things like nickelodeon, webkinz, disney, etc.. unblocked. Obviously the rest of the filth of the internet needs to be locked down

  6. #6

    Thread Starter
    I'm about to be a PowerPoster! kleinma's Avatar
    Join Date
    Nov 2001
    Location
    NJ - USA (Near NYC)
    Posts
    23,373

    Re: [serious] internet access blocking

    I was just thinking about it, and if I went the host file route, that is computer wide, so if I needed to lets say, get out to the web to run windows updates and what not, or just needed to do some admin stuff on the web, I would need to swap out the host file to grant access again right?

  7. #7
    Banned timeshifter's Avatar
    Join Date
    Mar 2004
    Location
    at my desk
    Posts
    2,465

    Re: [serious] internet access blocking

    Poke around, you may be able to enable all subdomains of a given domain... something like *.microsoft.com should let updates run to completion without much difficulty.

  8. #8

    Thread Starter
    I'm about to be a PowerPoster! kleinma's Avatar
    Join Date
    Nov 2001
    Location
    NJ - USA (Near NYC)
    Posts
    23,373

    Re: [serious] internet access blocking

    I am messing with the "content advisor" feature in IE... I won't say its my solution yet, but so far, it rocks, and seems very easy to implement. I disallowed *.*, then allowed certain sites. It lets you set a password to override.

    So if I visit a site that is not explicitly allowed, I get a popup stating that, which allows me to enter the password I had set to override the policy. It even gives you an option to ADD the blocked site to the allow list at this point, so I can give the manager there the password, and then can easily add sites as needed without having to get me over there to modify host files, etc...

    So far its perfect... will post back with my disappointment after I find its fatal flaw

    EDIT: oh and even admin user accounts can't modify the listing or password without knowing the existing one.. which is nice..
    Last edited by kleinma; Dec 17th, 2008 at 05:00 PM.

  9. #9

    Thread Starter
    I'm about to be a PowerPoster! kleinma's Avatar
    Join Date
    Nov 2001
    Location
    NJ - USA (Near NYC)
    Posts
    23,373

    Re: [serious] internet access blocking

    so far I can't find anything wrong with using IE content advisor to restrict browsing. I know it isn't a system wide solution, but these machines will be locked down enough to handle most other scenarios.

    So until this gives me a reason not to use it, I think I will stick with it.

  10. #10
    Hyperactive Member Arrow_Raider's Avatar
    Join Date
    Dec 2001
    Location
    AVR Lovers Club
    Posts
    423

    Re: [RESOLVED] [serious] internet access blocking

    Basic linksys home routers come with an internet access filter that may do what you need.
    My monkey wearing the fedora points and laughs at you.

  11. #11
    I'm about to be a PowerPoster!
    Join Date
    Jan 2005
    Location
    Everywhere
    Posts
    13,647

    Re: [serious] internet access blocking

    Quote Originally Posted by kleinma
    so far I can't find anything wrong with using IE content advisor to restrict browsing. I know it isn't a system wide solution, but these machines will be locked down enough to handle most other scenarios.

    So until this gives me a reason not to use it, I think I will stick with it.
    This is more sensible than using the etc/hosts file. The hosts file is a sledgehammer solution which will affect all DNS lookups whereas your client's requirements are more specific than that. Browser restrictions are perfect for something like a childcare centre.

  12. #12

    Thread Starter
    I'm about to be a PowerPoster! kleinma's Avatar
    Join Date
    Nov 2001
    Location
    NJ - USA (Near NYC)
    Posts
    23,373

    Re: [RESOLVED] [serious] internet access blocking

    Quote Originally Posted by Arrow_Raider
    Basic linksys home routers come with an internet access filter that may do what you need.
    I mentioned its limitations in the first post. It doesn't do block all allow some, it does block some, allow all.

  13. #13
    Frenzied Member Jim Davis's Avatar
    Join Date
    Mar 2001
    Location
    Mars base one Username: Jim Davis Password: yCrm33
    Posts
    1,284

    Re: [serious] internet access blocking

    What if, they are installing FireFox, or any other browser? Will this parent lock work, if they specify an anonimity web service, for accessing any locked page?

    Example: http://anonym.to/?http://www.google.com

  14. #14

    Thread Starter
    I'm about to be a PowerPoster! kleinma's Avatar
    Join Date
    Nov 2001
    Location
    NJ - USA (Near NYC)
    Posts
    23,373

    Re: [RESOLVED] [serious] internet access blocking

    did you miss the part about these computers being used by little kids at a day care center?

    I doubt a 5 year old wanting to see sponge bob square pants dance around is going to be trying to go through anonymous web proxies.....

    The accounts are user accounts, not admin accounts, they can't install other browsers...

  15. #15
    VB Addict Pradeep1210's Avatar
    Join Date
    Apr 2004
    Location
    Inside the CPU...
    Posts
    6,614

    Re: [RESOLVED] [serious] internet access blocking

    Any good free proxy server should work for you. You would install it from administrator account so that those users don't fiddle around with the settings. Usually they give an option to use the block list or allowed list.
    Pradeep, Microsoft MVP (Visual Basic)
    Please appreciate posts that have helped you by clicking icon on the left of the post.
    "A problem well stated is a problem half solved." — Charles F. Kettering

    Read articles on My Blog101 LINQ SamplesJSON ValidatorXML Schema Validator"How Do I" videos on MSDNVB.NET and C# ComparisonGood Coding PracticesVBForums Reputation SaverString EnumSuper Simple Tetris Game


    (2010-2013)
    NB: I do not answer coding questions via PM. If you want my help, then make a post and PM me it's link. If I can help, trust me I will...

  16. #16
    Frenzied Member Jim Davis's Avatar
    Join Date
    Mar 2001
    Location
    Mars base one Username: Jim Davis Password: yCrm33
    Posts
    1,284

    Re: [RESOLVED] [serious] internet access blocking

    , so its not like they are worried about 4-8 year olds figuring out how to bypass the restrictions...
    Sorry, i'm really missed this line. Nevermind!

  17. #17

    Thread Starter
    I'm about to be a PowerPoster! kleinma's Avatar
    Join Date
    Nov 2001
    Location
    NJ - USA (Near NYC)
    Posts
    23,373

    Re: [RESOLVED] [serious] internet access blocking

    yeah, I am sure its not a 100% fool proof implementation, but I think its good enough for the specific scenario. If it becomes to be an issue, I will look into setting up an actual proxy.

  18. #18
    Frenzied Member Jim Davis's Avatar
    Join Date
    Mar 2001
    Location
    Mars base one Username: Jim Davis Password: yCrm33
    Posts
    1,284

    Re: [RESOLVED] [serious] internet access blocking

    I was 6 when i got my first, Commodore 128. I was around 8 when i first done a small application, for filling up 10000 lottery tickets. All are i made in basic, and i got no any advises about how to do it, but i figured out by myself. The only thing i used a small syntax book i got for the commodore (around 50 pages), pretty much lack of examples. I was good (really, not the best) at maths in school, but i'm basically an average guy.

    This generation of kids are born, into the world of multimedia, high speed internet, they are start using internet (because of their parent show them) all days, in they very first ages. I have a hard feel that you will be surprised, pretty soon.

    I also heard about some 14 years olds kids, have got hacked into the Pentagon, and got downloaded some cheezy documents. Maybe they were got genius kids, or its just a hoax, i dont know, but it is just an interesting thing, how radically fast the kids can learn not just the basics of the computers, but getting even closer,.. fastern than my generation ever did.
    Last edited by Jim Davis; Dec 18th, 2008 at 01:16 PM.

  19. #19

    Thread Starter
    I'm about to be a PowerPoster! kleinma's Avatar
    Join Date
    Nov 2001
    Location
    NJ - USA (Near NYC)
    Posts
    23,373

    Re: [RESOLVED] [serious] internet access blocking

    Yes, I agree that computers are being used by younger people these days, mostly because of what is available. Computers were still just for games and business when I first started using them with DOS 5 at a pretty young age.

    I don't think however, now, that it will be an issue. I can lock down permissions on the machine, which is already pretty crippled by being a non admin account. So the internet policy, plus regular user accounts is a pretty good combination to keep things safe. The computers will have images to restore from in the event something happens, or someone manages to get a virus on the machine, etc...

  20. #20
    Frenzied Member Jim Davis's Avatar
    Join Date
    Mar 2001
    Location
    Mars base one Username: Jim Davis Password: yCrm33
    Posts
    1,284

    Re: [RESOLVED] [serious] internet access blocking

    what i'm sure that the life around us is to surprise us all the time, so you can ask on almost every days "uh, what, how why?!". You will be surprised how smart can be a kid.

    i was around 12 i first met a PC, eqipped with DR-DOS 5, that i immediately replaced to ms-dos to playing games woohoo ;-)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  



Click Here to Expand Forum to Full Width