Go Back   Team-BHP > Around the Corner > Shifting gears


Reply
 
Thread Tools Search this Thread
Old 29th March 2006, 15:40   #1
GTO
Team-BHP Support
 
GTO's Avatar
 
Join Date: Feb 2004
Location: Bombay
Posts: 46,561
Thanked: 80,350 Times
Default Restricting websites on a server?

Hi

Our office has an X number of computers which connect to the internet through a single XP Professional based server. It has ISS and all that running perfectly.

I know that there is a way but I cant find it. How do I block access to certain websites, so that my staff cannot access a specific list of websites?

Thanks a ton

GTO
GTO is offline   Reply With Quote
Old 29th March 2006, 15:42   #2
BHPian
 
v.tec's Avatar
 
Join Date: Mar 2006
Location: Gurgaon
Posts: 251
Thanked: 16 Times
Default

Why dont you try putting netnanny or a software like cyberpatrol? i dont know if i'm on the right track but just a wild guess..
v.tec is offline   Reply With Quote
Old 29th March 2006, 15:46   #3
Team-BHP Support
 
Samurai's Avatar
 
Join Date: Jan 2005
Location: B'lore-Manipal
Posts: 22,043
Thanked: 13,495 Times
Default

Consider Microsoft ISA Server 2000/2004 if it is within your budget. This is extremely flexible, have used it since 2000.
Samurai is offline   Reply With Quote
Old 29th March 2006, 16:55   #4
Senior - BHPian
 
satish_appasani's Avatar
 
Join Date: Jun 2004
Location: Hyderabad
Posts: 1,029
Thanked: 42 Times
Default

Is it Team-Bhp the first site that you want to restrict?
satish_appasani is offline   Reply With Quote
Old 29th March 2006, 17:01   #5
Team-BHP Support
 
tsk1979's Avatar
 
Join Date: Feb 2005
Location: New Delhi
Posts: 22,852
Thanked: 15,407 Times
Default

you need a proxy for that. It can either be a transparent proxy or the user may have to specify the proxy address in browser. Now in your proxy, lets say squid proxy you can setup the list of blocked sites.
A question though, the main server which connects to the internet, is it a windows server or a linux server? If its a linux server you can contact the bangalore Linux Users Group(BLUG, http://www.blug.in) or Mumbai LUG
tsk1979 is offline   Reply With Quote
Old 29th March 2006, 17:35   #6
SLK
Senior - BHPian
 
SLK's Avatar
 
Join Date: Feb 2004
Location: DL XX XX XXXX
Posts: 1,288
Thanked: 184 Times
Default

Quote:
It has ISS and all that running perfectly.
Pardon my ignorance but is it ISS? or ICS? (Internet Connection Sharing)

Anyways there are a few ways
1).. You install a firewall like zone alarm Pro... and block anything you like.
2).. Within windows you have "Local security settings" (part of administrative tools).. there is a section called IP security policies... you can block domains from there.

The above 2 methods have a limitation..... when you first make a blocking rule for a domain.. they resolve the domain to IP addresses and block them instead.
Now in due course of time ... the IP addresses linked to specific domains change... so then you need to refresh the rules. (this happens very frequently with big sites like misrosoft or say google or yahoo).

now the easier ways (but this needs to be done on every computer)
1) .. go edit the "host" file located in ... windows\system32\drivers\etc
put an entry
127.0.0.1 www.google.com
to block www.google.com
2) ... if all computers use internet explorer ONLY... you can use the "content" feature and not use the rating part BUT just specify the websites to be blocked.

if you have a office full of software guys or geeks ... the above 2 ways can be broken easily.

Last edited by SLK : 29th March 2006 at 17:41.
SLK is offline   Reply With Quote
Old 29th March 2006, 17:40   #7
Team-BHP Support
 
Samurai's Avatar
 
Join Date: Jan 2005
Location: B'lore-Manipal
Posts: 22,043
Thanked: 13,495 Times
Default

Quote:
Originally Posted by SLK
1) .. go edit the "host" file located in ... windows\system32\drivers\etc
put an entry
127.0.0.1 www.google.com
to block www.google.com
Gotta hand it to you, that's the cheapest way to do it. It may not be broken easily if that XP Pro machine has restricted access.
Samurai is offline   Reply With Quote
Old 29th March 2006, 17:48   #8
SLK
Senior - BHPian
 
SLK's Avatar
 
Join Date: Feb 2004
Location: DL XX XX XXXX
Posts: 1,288
Thanked: 184 Times
Default

Quote:
Originally Posted by Samurai
It may not be broken easily if that XP Pro machine has restricted access.
I guess the host file is just used by the local computer.... so this needs to be done on all the computers.
SLK is offline   Reply With Quote
Old 29th March 2006, 17:56   #9
Team-BHP Support
 
Samurai's Avatar
 
Join Date: Jan 2005
Location: B'lore-Manipal
Posts: 22,043
Thanked: 13,495 Times
Default

Quote:
Originally Posted by SLK
I guess the host file is just used by the local computer.... so this needs to be done on all the computers.
Not sure where the DNS query is done, at the client or at the proxy. If it is at the client, then it can be broken unless write permission to hostfile is denied. If GTO has Windows domain instead of Windows workgroup, he will have better control on that.
Samurai is offline   Reply With Quote
Old 29th March 2006, 18:01   #10
Distinguished - BHPian
 
jkdas's Avatar
 
Join Date: Sep 2005
Location: Thiruvananthapu
Posts: 9,635
Thanked: 1,343 Times
Default

There are various products available. Check our a product called Websense.
You have a leased line?
jkdas is offline   Reply With Quote
Old 29th March 2006, 18:47   #11
Team-BHP Support
 
Zappo's Avatar
 
Join Date: Oct 2005
Location: Hyderabad
Posts: 5,631
Thanked: 1,976 Times
Default

Quote:
Originally Posted by jkdas
There are various products available. Check our a product called Websense.
You have a leased line?
Oye! Websense is too costly yaar, unless you are on a huge budget (read corporate behemoth)
Zappo is offline   Reply With Quote
Old 29th March 2006, 18:56   #12
SLK
Senior - BHPian
 
SLK's Avatar
 
Join Date: Feb 2004
Location: DL XX XX XXXX
Posts: 1,288
Thanked: 184 Times
Default

Quote:
Originally Posted by Samurai
Not sure where the DNS query is done, at the client or at the proxy.
Right, if its the windows native ICS GTO is using to share internet, the DNS queries are done at client side.... if it's a proxy software then its got to be the server side.

Quote:
Check out a product called Websense.
Man! thing has been my enemy at work... but yeah must be too costly and too much of an hassle.

BTW GTO how big is the list of websites you need to block? and what type of sites?
SLK is offline   Reply With Quote
Old 29th March 2006, 18:58   #13
Distinguished - BHPian
 
jkdas's Avatar
 
Join Date: Sep 2005
Location: Thiruvananthapu
Posts: 9,635
Thanked: 1,343 Times
Default

Quote:
Originally Posted by Zappo
Oye! Websense is too costly yaar, unless you are on a huge budget (read corporate behemoth)
haha. yaar I am into cooperate solutions business How about a FortiGuard 60A with webcontent filtering? It has websites categorised.Very easy to use.

Last edited by jkdas : 29th March 2006 at 19:01.
jkdas is offline   Reply With Quote
Old 29th March 2006, 20:09   #14
Senior - BHPian
 
kb100's Avatar
 
Join Date: Feb 2006
Location: Bangy Boy!
Posts: 1,554
Thanked: 14 Times
Default

Quote:
Originally Posted by jkdas
haha. yaar I am into cooperate solutions business How about a FortiGuard 60A with webcontent filtering? It has websites categorised.Very easy to use.
HA HA... JK trying to earn his HU!!)
kb100 is offline   Reply With Quote
Old 29th March 2006, 20:47   #15
Team-BHP Support
 
moralfibre's Avatar
 
Join Date: Dec 2004
Location: MH-12
Posts: 6,562
Thanked: 6,029 Times
Default

Download Superscout evaluation version and install it on the server. If you wish to buy it then you may do so. Install the evaluation copy to begin with. You can add websites with simple keywords and it works. Also has an email facility to notify the administrator.
moralfibre is offline   Reply With Quote
Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search


Similar Threads
Thread Thread Starter Forum Replies Last Post
CCI vs Car Manufacturers : Restricting over-the-counter sales of spare parts shahsingh The Indian Car Scene 239 14th August 2017 11:03
Server bole tho.... (those good ol college days..) Spinnerr Shifting gears 9 6th September 2007 15:49
FTP Server/Firewall/Settings johy Gadgets, Computers & Software 10 29th September 2006 11:48


All times are GMT +5.5. The time now is 20:05.

Copyright 2000 - 2017, Team-BHP.com
Proudly powered by E2E Networks