[GTO]

Hi

Our office has an X number of computers which connect to the internet through a single XP Professional based server. It has ISS and all that running perfectly.

I know that there is a way but I cant find it. How do I block access to certain websites, so that my staff cannot access a specific list of websites?

Thanks a ton

GTO

[v.tec]

Why dont you try putting netnanny or a software like cyberpatrol? i dont know if i'm on the right track but just a wild guess..

[Samurai]

Consider Microsoft ISA Server 2000/2004 if it is within your budget. This is extremely flexible, have used it since 2000.

[satish_appasani]

Is it Team-Bhp the first site that you want to restrict?

[tsk1979]

you need a proxy for that. It can either be a transparent proxy or the user may have to specify the proxy address in browser. Now in your proxy, lets say squid proxy you can setup the list of blocked sites.
A question though, the main server which connects to the internet, is it a windows server or a linux server? If its a linux server you can contact the bangalore Linux Users Group(BLUG, http://www.blug.in) or Mumbai LUG

[SLK]

Quote:

It has ISS and all that running perfectly.

Pardon my ignorance but is it ISS? or ICS? (Internet Connection Sharing)

Anyways there are a few ways
1).. You install a firewall like zone alarm Pro... and block anything you like.
2).. Within windows you have "Local security settings" (part of administrative tools).. there is a section called IP security policies... you can block domains from there.

The above 2 methods have a limitation..... when you first make a blocking rule for a domain.. they resolve the domain to IP addresses and block them instead.
Now in due course of time ... the IP addresses linked to specific domains change... so then you need to refresh the rules. (this happens very frequently with big sites like misrosoft or say google or yahoo).

now the easier ways (but this needs to be done on every computer)
1) .. go edit the "host" file located in ... windows\system32\drivers\etc
put an entry
127.0.0.1 www.google.com
to block www.google.com
2) ... if all computers use internet explorer ONLY... you can use the "content" feature and not use the rating part BUT just specify the websites to be blocked.

if you have a office full of software guys or geeks ... the above 2 ways can be broken easily.

[Samurai]

Quote:

Originally Posted by SLK

1) .. go edit the "host" file located in ... windows\system32\drivers\etc
put an entry
127.0.0.1 www.google.com
to block www.google.com

Gotta hand it to you, that's the cheapest way to do it. It may not be broken easily if that XP Pro machine has restricted access.

[SLK]

Quote:

Originally Posted by Samurai

It may not be broken easily if that XP Pro machine has restricted access.

I guess the host file is just used by the local computer.... so this needs to be done on all the computers.

[Samurai]

Quote:

Originally Posted by SLK

I guess the host file is just used by the local computer.... so this needs to be done on all the computers.

Not sure where the DNS query is done, at the client or at the proxy. If it is at the client, then it can be broken unless write permission to hostfile is denied. If GTO has Windows domain instead of Windows workgroup, he will have better control on that.

[jkdas]

There are various products available. Check our a product called Websense.
You have a leased line?

[Zappo]

Quote:

Originally Posted by jkdas

There are various products available. Check our a product called Websense.
You have a leased line?

Oye! Websense is too costly yaar, unless you are on a huge budget (read corporate behemoth)

[SLK]

Quote:

Originally Posted by Samurai

Not sure where the DNS query is done, at the client or at the proxy.

Right, if its the windows native ICS GTO is using to share internet, the DNS queries are done at client side.... if it's a proxy software then its got to be the server side.

Quote:

Check out a product called Websense.

Man! thing has been my enemy at work... but yeah must be too costly and too much of an hassle.

BTW GTO how big is the list of websites you need to block? and what type of sites?

[jkdas]

Quote:

Originally Posted by Zappo

Oye! Websense is too costly yaar, unless you are on a huge budget (read corporate behemoth)

haha. yaar I am into cooperate solutions business How about a FortiGuard 60A with webcontent filtering? It has websites categorised.Very easy to use.

[kb100]

Quote:

Originally Posted by jkdas

haha. yaar I am into cooperate solutions business How about a FortiGuard 60A with webcontent filtering? It has websites categorised.Very easy to use.

HA HA... JK trying to earn his HU!!)

[moralfibre]

Download Superscout evaluation version and install it on the server. If you wish to buy it then you may do so. Install the evaluation copy to begin with. You can add websites with simple keywords and it works. Also has an email facility to notify the administrator.