Re: Controlling access to web through DNS server
- From: Andrew Hodgson <me3@xxxxxxxxxxx>
- Date: Wed, 30 Mar 2005 23:31:28 +0100
On Mon, 28 Mar 2005 16:40:19 -0500, "Teo" <nospam_teo@xxxxxxxxxxx>
wrote:
>Hey guys!!!
>Hope all of you are doing great.
>I have a situation at a customer of mine that has all of his computers in
>his office looking at a DNS server which is also their exchange server. I
>also placed a firewall on the outside of the company to allow me to give out
>policies to computers connected inside the network and also restrict some of
>them of accesing certain things on the outside.
What firewall did you use? If ISA, did you deploy it on the right
side of the network?
>Now my situation is the following.
>I need to restrit all HTTP, HTTPS, FTP etc excluding POP3 and SMTP from
>every machine on the company. Since all of them look at the Exchange server
>as their DNS server they can go out and surf the web, etc, that is what I
>really don't want. How can I solve this problem so that I can choose which
>computers can access the web and which can't. If I disable the Web policy
>for the DNS server all of the computers will be out, including the mail
>server itself and some power users that I want them to have access to the
>web.
Don't do that. You can restrict the machines from accessing external
addresses via the firewall, and then implement a proxy server such as
ISA or Squid. With DNS, you can still access sites if the user knows
the IP address (and I can get IP addresses for hostnames very easily
in a few seconds, even though my company very helpfully has managed to
block any external DNS queries from being resolved).
Andrew.
--
Andrew Hodgson in Bromyard, Herefordshire, UK.
My Email: use <andrew at hodgsonfamily dot org>.
.
- Prev by Date: Re: DNS Mass Changes
- Next by Date: Re: Failover route for DNS/Websites
- Previous by thread: Re: DNS Mass Changes
- Next by thread: Re: Failover route for DNS/Websites
- Index(es):
Relevant Pages
|
