1. Home
  2. Networking Firewalls
  3. How to limit a computer to specific website surfing

How to limit a computer to specific website surfing

Hello all,

I am looking for suggestions on how to go about limiting a public computer to only accessing specific websites. For example a school decides to take some old computers and make them public internet machines but the school only wants the computers to be able to access websites from a predefined list of public library websites.

The list of websites would be a changing one and list possibly hundreds of URLs so data imputing them into a router would be too time consuming. The best work around I have found is a program like NetNanny, that has an 'allow list' that can be edited with some type of script. Unfortunately I don't know if this can be done, or if this is the best way to approach the problem.

Apologies if this is the wrong forum to post the question and any input or brainstorms would be very helpful

THicks

Reply to
Thicks
Loading thread data ...

Reply to
Michael J. Pelletier

In article , Thicks wrote: :I am looking for suggestions on how to go about limiting a public :computer to only accessing specific websites. For example a school :decides to take some old computers and make them public internet :machines but the school only wants the computers to be able to access :websites from a predefined list of public library websites.

It depends in part on the amount of protection you can install on the computer itself.

If the systems are running Windows 2000 or XP, then I believe you can essentially lock the controls on IE, and you can create explicit lists of which programs may be executed on the computer. If you are able to do that and impliment effective controls against people rebooting from floppy or whatever, then a way to proceed would to be use a proxy server configuration. The proxy configuration could be done in at least two different ways: by redirecting -all- traffic to something like a 'squid' server and having that server do the filtering of requests; or by using a configurable proxy, which is essentially a bit of javascript code that gets loaded into each IE session and dynamically decides how to reach requested information: you would configure so that anything that wasn't on the list was refused (or, if necessary, proxied off of a non-existant host or off of 127.0.0.1).

You could also consider loading Linux or one of the BSD's onto the systems -- if all you need is a browser and a graphics interface, then you should be able to come up with a fairly small and fairly secure BSD configuration.

If you cannot impliment sufficient physical controls or it is not practical to use 2000 or XP or Linux/BSD/Unix, then you need to take the problem one or more hops away, to a router or firewall. A number of people are reporting good successes with taking old PCs, loading BSD on to them, installing two NICs, and making the device into a firewall. Such a thing would not pass muster in an environment that demands a certified firewall (e.g., a place that deals with medical data), but for your application it should work fine.

Reply to
Walter Roberson

Have a look at Dansguardian

formatting link
CU

Reply to
Frans de Vre

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.