blocking some websites in xp peer network

[aprocfu]

Hi, I would like to know if it is possible to block some websites in a XP peer network (no server). Or if there are routers where it can be managed to block some websites. The idea is to avoid to install a server to do so.

I appreciate your assistance

 

[flyboytim]

You could use custom Hosts files. Basically the hosts file is a database of internally translated hostnames e.g.

http://www.BBC.co.uk

instead of going to 212.58.224.138, you could send it to the loopback address,127.0.0.1, which of course has no associated webpage. You could also make the browser go to another site eg 173.194.36.104 - so if they think they are going to the BBC site, they find themselves on the Google search page.

In Windows XP the hosts file is found in c:\WINDOWS\SYSTEM32\DRIVERS\ETC\hosts (there is no file extension). It would be necessary to modify each workstation's hosts file, but it can be done with a relatively simple batch file across your peer network.

The following contains a lot of information on how to use the hosts file to block malware, and potentially hazardous sites:

http://www.mvps.org/winhelp2002/hosts.htm

It is also possible to block addresses at the router, but the technique will depend upon the router itself. At home, I use a Dlink DIR615 wireless router, which allows the administrator to set up "parental controls" for up to 10 sites.

Then there is the windows firewall, where each machine would need to be set up individually AFAIK.

This is why large organizations use Windows domains to manage security, and not workgroups!

 

[goombawaho]

It's a lot of work managing (blocking) web sites via the hosts file and it only works to exclude certain sites that are entered. Everything else is still fair game and unblocked.

So, you could block porno.com via a hosts entry, but everybody could still go to superporno.com if it wasn't also in the hosts file.

So, this is best for cases where you are trying to keep people off of certain sites, but it's also easily defeated if people look up the IP address associated with a web site and enter it manually.

 

[normntwrk]

Use OpenDNS for your dns servers, they have some low cost plans for businesses and free for home use

Norm

 

[linney]

If you only have IE installed see Tools/ Internet Options/ Content/ Enable/ Approved Sites.

"You can create a list of websites that are always viewable or never viewable regardless of how they are rated".

 

[goombawaho]

Users may be sophisticated enough to change IE Approved Sites though - right.

They may even be smart enough to modify the HOSTS file UNLESS they don't have access to do that via permissions.

I can't vouch for OpenDNS, but a "professional" (non-redneck) approach would be preferred, though not free. That's the problem - most people want fillet on their plate but only want to pay for hamburger.

 

[Prydonian]

You could give "Untangle" a try... It's a linux distribution that installs the O/S and app from one setup file. All you need is a dedicated workstation (PIII or better, if I remember)that has 2 E-net ports with one port connecting to your network and the other to your router so that all internet traffic flows though the workstation.

Best of all, for blocking websites, the app is 100% free of charge. Check them out; it works well and lets you run reports of who tried to access which sites.

http://www.untangle.com/

If you can read this, thank a teacher. If you can read this in English, thank a veteran!

 

[stduc]

A lot of Netgear Routers allow keyword blocking which would do the job providing you don't want to block too many. You may want to take a look and see if they would suffice. They don't permit a very long list though. probably to stop you degrading router performance.

 

[goombawaho]

I like how (with so many of these threads) we hear from the OP just once and then we go off on an esoteric analysis of the whole question.

 

[flyboytim]

There's another, less well known method called "Proxy Auto Configuration" or PAC.
Here's a tutorial, with a lot more information available via google.