|
-
Dec 17th, 2008, 02:57 PM
#1
[RESOLVED] [serious] internet access blocking
We have a need at a location to block ALL internet access on 2 specific computers, except for manually entered exceptions. The other machines should be unrestricted.
The location uses a linksys router with built in internet access restrictions, but it is implemented half-arsed. It allows you to block internet access completely for given macs or IPs, or block certain sites. It doesn't give the option to block all except defined exceptions, which is what I need.
Machines are not on a domain, and the 2 that need the access restrictions will likely be running as standard user (non admin) accounts.
I read an article about using a fake proxy address in IE, and listing the allowed sites you want as exceptions for the proxy server. Then all non exceptions fail because the proxy doesnt exist, while the allowed sites don't use the proxy and then work. I guess that is an option, but I figure maybe someone else has some more ideas.
Bottom line is they are looking to do this without buying hardware/software to implement it, so either using the router somehow, or just using whats available in XP Pro. and its a childrens daycare center, so its not like they are worried about 4-8 year olds figuring out how to bypass the restrictions...
-
Dec 17th, 2008, 03:45 PM
#2
Re: [serious] internet access blocking
Have you checked out changing the host headers? If the guys in question are smart, they might be able to undo it, but it seems to me you should be able to list the sites you want and their respective IP addresses, then list *.*.*.* and point it to 127.0.0.1 or some such stunt. Maybe even a custom page on the server that says "Oh no! Stop trying to break the rules!"
-
Dec 17th, 2008, 03:52 PM
#3
Re: [serious] internet access blocking
yeah I read an article about the host file too, and was going to look at that if the built in features of IE didn't do the trick.
I think the biggest problem I am going to run into is the fact that we need to BLOCK ALL BUT ALLOW SOME. One of the issues is of course many sites use cross domains for data, so it will be a bit of trial and error to get the needed sites working. So if a site is www.whatever.com and it gets all its images from www.parentsiteofwhatever.com, i need to allow both.. it could get a bit tricky..
-
Dec 17th, 2008, 04:09 PM
#4
Re: [serious] internet access blocking
Some sites are smart and put all their images on a subdomain... so for some of them, you may be able to allow www.whatever.com and images.parentsiteofwhatever.com but still have www.parentsiteofwhatever.com blocked.
-
Dec 17th, 2008, 04:11 PM
#5
Re: [serious] internet access blocking
yeah.. I think its only maybe 10-12 sites that need to be enabled. Its a daycare, so they want things like nickelodeon, webkinz, disney, etc.. unblocked. Obviously the rest of the filth of the internet needs to be locked down
-
Dec 17th, 2008, 04:14 PM
#6
Re: [serious] internet access blocking
I was just thinking about it, and if I went the host file route, that is computer wide, so if I needed to lets say, get out to the web to run windows updates and what not, or just needed to do some admin stuff on the web, I would need to swap out the host file to grant access again right?
-
Dec 17th, 2008, 04:15 PM
#7
Re: [serious] internet access blocking
Poke around, you may be able to enable all subdomains of a given domain... something like *.microsoft.com should let updates run to completion without much difficulty.
-
Dec 17th, 2008, 04:56 PM
#8
Re: [serious] internet access blocking
I am messing with the "content advisor" feature in IE... I won't say its my solution yet, but so far, it rocks, and seems very easy to implement. I disallowed *.*, then allowed certain sites. It lets you set a password to override.
So if I visit a site that is not explicitly allowed, I get a popup stating that, which allows me to enter the password I had set to override the policy. It even gives you an option to ADD the blocked site to the allow list at this point, so I can give the manager there the password, and then can easily add sites as needed without having to get me over there to modify host files, etc...
So far its perfect... will post back with my disappointment after I find its fatal flaw 
EDIT: oh and even admin user accounts can't modify the listing or password without knowing the existing one.. which is nice..
Last edited by kleinma; Dec 17th, 2008 at 05:00 PM.
-
Dec 17th, 2008, 05:25 PM
#9
Re: [serious] internet access blocking
so far I can't find anything wrong with using IE content advisor to restrict browsing. I know it isn't a system wide solution, but these machines will be locked down enough to handle most other scenarios.
So until this gives me a reason not to use it, I think I will stick with it.
-
Dec 17th, 2008, 05:41 PM
#10
Hyperactive Member
Re: [RESOLVED] [serious] internet access blocking
Basic linksys home routers come with an internet access filter that may do what you need.
My monkey wearing the fedora points and laughs at you.
-
Dec 17th, 2008, 07:51 PM
#11
Re: [serious] internet access blocking
 Originally Posted by kleinma
so far I can't find anything wrong with using IE content advisor to restrict browsing. I know it isn't a system wide solution, but these machines will be locked down enough to handle most other scenarios.
So until this gives me a reason not to use it, I think I will stick with it.
This is more sensible than using the etc/hosts file. The hosts file is a sledgehammer solution which will affect all DNS lookups whereas your client's requirements are more specific than that. Browser restrictions are perfect for something like a childcare centre.
-
Dec 18th, 2008, 01:28 AM
#12
Re: [RESOLVED] [serious] internet access blocking
 Originally Posted by Arrow_Raider
Basic linksys home routers come with an internet access filter that may do what you need.
I mentioned its limitations in the first post. It doesn't do block all allow some, it does block some, allow all.
-
Dec 18th, 2008, 01:43 AM
#13
Re: [serious] internet access blocking
What if, they are installing FireFox, or any other browser? Will this parent lock work, if they specify an anonimity web service, for accessing any locked page?
Example: http://anonym.to/?http://www.google.com
-
Dec 18th, 2008, 10:08 AM
#14
Re: [RESOLVED] [serious] internet access blocking
did you miss the part about these computers being used by little kids at a day care center?
I doubt a 5 year old wanting to see sponge bob square pants dance around is going to be trying to go through anonymous web proxies.....
The accounts are user accounts, not admin accounts, they can't install other browsers...
-
Dec 18th, 2008, 10:29 AM
#15
Re: [RESOLVED] [serious] internet access blocking
Any good free proxy server should work for you. You would install it from administrator account so that those users don't fiddle around with the settings. Usually they give an option to use the block list or allowed list.
-
Dec 18th, 2008, 12:50 PM
#16
Re: [RESOLVED] [serious] internet access blocking
, so its not like they are worried about 4-8 year olds figuring out how to bypass the restrictions...
Sorry, i'm really missed this line. Nevermind!
-
Dec 18th, 2008, 01:01 PM
#17
Re: [RESOLVED] [serious] internet access blocking
yeah, I am sure its not a 100% fool proof implementation, but I think its good enough for the specific scenario. If it becomes to be an issue, I will look into setting up an actual proxy.
-
Dec 18th, 2008, 01:12 PM
#18
Re: [RESOLVED] [serious] internet access blocking
I was 6 when i got my first, Commodore 128. I was around 8 when i first done a small application, for filling up 10000 lottery tickets. All are i made in basic, and i got no any advises about how to do it, but i figured out by myself. The only thing i used a small syntax book i got for the commodore (around 50 pages), pretty much lack of examples. I was good (really, not the best) at maths in school, but i'm basically an average guy.
This generation of kids are born, into the world of multimedia, high speed internet, they are start using internet (because of their parent show them) all days, in they very first ages. I have a hard feel that you will be surprised, pretty soon.
I also heard about some 14 years olds kids, have got hacked into the Pentagon, and got downloaded some cheezy documents. Maybe they were got genius kids, or its just a hoax, i dont know, but it is just an interesting thing, how radically fast the kids can learn not just the basics of the computers, but getting even closer,.. fastern than my generation ever did.
Last edited by Jim Davis; Dec 18th, 2008 at 01:16 PM.
-
Dec 18th, 2008, 01:38 PM
#19
Re: [RESOLVED] [serious] internet access blocking
Yes, I agree that computers are being used by younger people these days, mostly because of what is available. Computers were still just for games and business when I first started using them with DOS 5 at a pretty young age.
I don't think however, now, that it will be an issue. I can lock down permissions on the machine, which is already pretty crippled by being a non admin account. So the internet policy, plus regular user accounts is a pretty good combination to keep things safe. The computers will have images to restore from in the event something happens, or someone manages to get a virus on the machine, etc...
-
Dec 18th, 2008, 02:04 PM
#20
Re: [RESOLVED] [serious] internet access blocking
what i'm sure that the life around us is to surprise us all the time, so you can ask on almost every days "uh, what, how why?!". You will be surprised how smart can be a kid.
i was around 12 i first met a PC, eqipped with DR-DOS 5, that i immediately replaced to ms-dos to playing games woohoo ;-)
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
Click Here to Expand Forum to Full Width
|