Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations IamaSherpa on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Positive Restriction of Internet Browsing

Status
Not open for further replies.
Peahippo

Peahippo

MIS
Jul 18, 2003
91
US
I need a way to stop all the common users on an XP Pro machine from accessing certain sites on the Internet. The problem starts that these machines are used in a common work environment that allows people to walk away and let another user walk up to the machine and use it (to control check-sorting machines). Since each person has their own login, and the screensavers are disabled on purpose, anyone else in the area can use the machine. SPECIFICALLY, they can browse to the bank website that allows a person to check their own bank account. This is keyed to their login. Hence, anyone in the work area can check the bank account of the person who logged into the machine.

To avoid this so far, I simply set a restriction on MSHTML.DLL, which effectively killed all the browsing on the machine. But we are coming up with needs to use the Internet browser (machine monitoring via web interfaces, for one).

I see a lot of filters and blockers online for use in blocking sites in Windows, but I want to be sure that anything I install is transparent to the users. It would also be helpful if the software is simple.

I note that using the "C:\Windows\hosts" file doesn't work for these machines, for some reason (perhaps related to how the company setup the Internet proxies). It would have been a wonderful solution to use the hosts file set to "administrators only" and then put the bank-site URL in there as "127.0.0.1".

I need: Simple-administration of site banning for Internet browsing, for Windows XP and MSIE 6. (The "restricted sites" security zone for MSIE doesn't actually perform site-bans, just performs restrictions on running scripts, etc.)
 
Sort by date Sort by votes
The PC Magazine article talks about tricking MSIE's proxy feature to setup a block on all websites except a few you want to allow. The trick is to setup MSIE to use a proxy, but not to specify one.

This won't work for my application since I want the inverse situation (allow all websites except a few I want to deny), and anyway, we do use a proxy for browsing.

MSIE has never had the ability to block specific sites. This is one feature that should have been in MSIE since XP came out, but it's still not there, and we are forced to use 3rd-party software to add that feature. At home, I use Windows95 (yep, Win95) for Internet browsing, and so I use the hosts file combined with eDexter for limiting exposure to ads. The hosts file also allows for site blocking in general (which I've done for a moderate list of browser-hijacking sites). (For some reason, the hosts file in our Windows XP Pro is not used. I suspect that's due to however the security department setup the Internet proxy.)
 
Upvote 0 Downvote
Hi, try to configure the bank site URL in the exception list for the proxy server (bypass proxy) and disable the connection tab in gpedit.msc for the users to be incapable to change these parameters.

The web browser will bypass the proxy for the bank site and since your only mean to browse the internet is to actually use the proxy server it simply won't work.


Hope this helps. Please let know if this resolve your issue

Jeff
 
Upvote 0 Downvote
I am curious as to why you do not use Content Advisor.
Under "Approved sites" you can list specific sites that are always allowed or always denied.

Another thought, is use ROUTE ADD -p and point the IP of the site to localhost.
 
Upvote 0 Downvote
I tried Content Advisor (since I have no access to the company proxy). I note that is seems easy to use and seems secure from unauthorized changes. However, I note that despite adding this site (we'll use "thebank" in this example):


... still didn't catch all accessing of this site. Sure, if you type in the sitename " or click on a link to it, you get the Content Advisor warning and it summarily denies you. Note all these are "http".

However, a link that looks like this:


... DID display contents. This also happened when I typed in " directly.

Why does the "https" bypass the site bans in Content Advisor?
 
Upvote 0 Downvote
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

pjw001
  • Locked
  • Question
Latest Windows Update - End of Service
Replies
2
Views
2K
pjw001
pjw001
goombawaho
  • Locked
  • Question
Risk of running unsupported server version 1
Replies
7
Views
319
goombawaho
goombawaho
Flinx
  • Locked
  • Question
the SAGA of trying to get a computer to sleep and wake up on a schedule
Replies
1
Views
964
Flinx
Flinx
johncp
  • Locked
  • Question
W10 Defender blocking installation of uTorrent
Replies
9
Views
600
mikrom
mikrom
Mike Lewis
  • Locked
  • Question
Using TASKKILL to close a bunch of EXEs
Replies
7
Views
493
mikrom
mikrom

Part and Inventory Search

Sponsor

Back
Top