Re: Web Filtering

chad wrote:
I run a network of about 50 users. Ten of these users need access to
the Internet for specific sites they have to go to for work. What
program does everyone suggest for this? I don't want to completely
block their access. I was thinking of using Websense. Any suggestions?

The central way to manage it is with a router that supports Access Control Lists (ACLs). Some routers even support ACLs using URLs. The trick is to look for a router that lets you specify "block all except those listed". You can't filter by exclusion, there are just too many to exclude. Some routers provide content filtering as a $ub$sciption, but it doesn't work well, and still doesn't let you directly specify allowed sites. With a Cisco (or similar) router you can just specify ACLs as

access-list 101 permit ip any 72.14.253.0 255.255.255.0
access-list 101 permit ip 72.14.253.0 255.255.255.0 any

This allows any IP address to connect to Google. Once you add a "permit", everything else is implicitly denied. So if you had only this ACL applied, the only website you could get to would be Google.

Another way, if you are running you own DNS, is to set up a root zone "." and do not specify forwarders. Then add the urls for allowed websites manually in your own DNS. Although this doesn't technically block anything, few users know the IP addresses of websites they may try to visit. If you don't currently do your own DNS, you can set up a DNS server on minimal hardware, install your favorite flavor of Linux (free), and run a BIND DNS server.

Then there are proxy servers with various levels of control. Google and look for one that suits your needs.

On an individual PC basis, there are a few choices, but of course you have to set up and maintain each PC one at a time.
.

Relevant Pages

  • Re: SuSE 8.0 and slow DNS resolution
    ... You don't piss me off, ... different DNS addresses in. ... not as a result of the router response, but based on my DNS settings ... > specify your domain name. ...
    (comp.os.linux.networking)
  • Re: Hey Guys... Problem with my Win 2003 AD and Group Policy
    ... Give the clients your DC's IP address as the only DNS reference. ... Could you help me with where I specify these settings? ... I specify the IP of My Router ... If you could let me know that would be greatly appreciated Florian! ...
    (microsoft.public.win2000.group_policy)
  • Hey Guys... Still having Issues with AD and Group Policy
    ... Give the clients your DC's IP address as the only DNS reference. ... Could you help me with where I specify these settings? ... I specify the IP of My Router ... If you could let me know that would be greatly appreciated Florian! ...
    (microsoft.public.win2000.group_policy)
  • Re: [SLE] trouble configuring for web access
    ... > I can ping any address on our network, and by entering the router ... Did you specify any DNS at all? ...
    (SuSE)
  • Re: Cannot connect to RWW from home PC
    ... No 10.0.0.138 is the address used to log onto Thomson's router to make the ... On the DNS question I can add an MX record in the DNS area of GoDaddy's ... eth0 172.26.0.1/16 Extra none ... Heres' the info for our server: ...
    (microsoft.public.windows.server.sbs)