Stop them surfing? - Tilted Forum Project Discussion Community

Magpie0001 · 07-29-2005, 01:25 AM

I have been put in charge of the network here in work because I know slightly more about computers than anyone else. Ill be the first to admit that im learning as I go along & theres lots that I donk (yet) know how to do. It is lots of fun solving problems & figuring things out, however its eating into my work time quite a bit.
Weve got 10 pooter networked & online. Had some problems with viruses & porn & tracking cookies already & what I need to do is limit the websites available on 7 of the pooters to just a few work related sites & nothing else.

I really dont know where to start.
Does it involve a firewall? Is there an easy way?
Any clues would be helpfull, or just an arrow in the right direction.
Can anyone help.

Thanks.

Silvy · 07-29-2005, 02:49 AM

I don't have much experience in this field, but my gut feeling tells me that it requires 3 things:
- a firewall blocking all outbound traffic destined for port 80 (that means NO BROWSING) except coming from the proxy:
- a proxy that forwards all traffic to the firewall if it meets your criteria
- all browsers would need to be configured to use the proxy.

The criteria would need to be something along the lines of:
- if the source is PC_CEO then allow
- if the source is PC_MAgpie0001 then allow
- if the destination is ( insert list of allowed sites here) then allow
- else: block (or redirect to a page with a useful message).

As I said, I've got no experience in building such a setup, but having worked with (under?) several, I assume that this is how it works.

PC ---> Proxy (is allowed?) yes-----> remote website

EDIT: I'm real interested in knowing how to build such a setup myself, so keep us posted!

As a side note: as a user I despise such setups, but as an administrator I'd love one

I'd like to think I'd be judged on my productivity, regardless of what I'm actually doing with my time.

Magpie0001 · 08-08-2005, 11:49 AM

Shit! When you start saying words like "proxy" & "do" I start to feel dizzy. I was hoping that there was an easier way. I also uncovered another problem. We need to use a few websites that have live (java, I think) updates. Its a stock monitor thingy. Well I cant get it working unless I log on as an administrator. No idea why & Ive tried to fiddle with the user settings to no avail.

spindles · 08-08-2005, 02:48 PM

I would consider looking at a product like ipcop link. It is a linux based firewall product. From there FAQ, you see there is a web content plugin called Dan's Guardian.

I have installed this quite a while ago, and the simple setup was very easy.

RE proxies/firewalls, this looks like a good summary.

07-29-2005, 01:25 AM	#1 (permalink)
Magpie0001 Nobody Loves Me Location: Irish In Madrid	Stop them surfing? I have been put in charge of the network here in work because I know slightly more about computers than anyone else. Ill be the first to admit that im learning as I go along & theres lots that I donk (yet) know how to do. It is lots of fun solving problems & figuring things out, however its eating into my work time quite a bit. Weve got 10 pooter networked & online. Had some problems with viruses & porn & tracking cookies already & what I need to do is limit the websites available on 7 of the pooters to just a few work related sites & nothing else. I really dont know where to start. Does it involve a firewall? Is there an easy way? Any clues would be helpfull, or just an arrow in the right direction. Can anyone help. Thanks. __________________ Music is my first love & It will be my last.

07-29-2005, 02:49 AM	#2 (permalink)
Silvy paranoid Location: The Netherlands	I don't have much experience in this field, but my gut feeling tells me that it requires 3 things: - a firewall blocking all outbound traffic destined for port 80 (that means NO BROWSING) except coming from the proxy: - a proxy that forwards all traffic to the firewall if it meets your criteria - all browsers would need to be configured to use the proxy. The criteria would need to be something along the lines of: - if the source is PC_CEO then allow - if the source is PC_MAgpie0001 then allow - if the destination is ( insert list of allowed sites here) then allow - else: block (or redirect to a page with a useful message). As I said, I've got no experience in building such a setup, but having worked with (under?) several, I assume that this is how it works. PC ---> Proxy (is allowed?) yes-----> remote website EDIT: I'm real interested in knowing how to build such a setup myself, so keep us posted! As a side note: as a user I despise such setups, but as an administrator I'd love one I'd like to think I'd be judged on my productivity, regardless of what I'm actually doing with my time. __________________ "Do not kill. Do not rape. Do not steal. These are principles which every man of every faith can embrace. " - Murphy MacManus (Boondock Saints) Last edited by Silvy; 07-29-2005 at 02:53 AM..

08-08-2005, 11:49 AM	#3 (permalink)
Magpie0001 Nobody Loves Me Location: Irish In Madrid	Shit! When you start saying words like "proxy" & "do" I start to feel dizzy. I was hoping that there was an easier way. I also uncovered another problem. We need to use a few websites that have live (java, I think) updates. Its a stock monitor thingy. Well I cant get it working unless I log on as an administrator. No idea why & Ive tried to fiddle with the user settings to no avail. __________________ Music is my first love & It will be my last.

08-08-2005, 02:48 PM	#4 (permalink)
spindles Mine is an evil laugh Location: Sydney, Australia	I would consider looking at a product like ipcop link. It is a linux based firewall product. From there FAQ, you see there is a web content plugin called Dan's Guardian. I have installed this quite a while ago, and the simple setup was very easy. RE proxies/firewalls, this looks like a good summary. __________________ who hid my keyboard's PANIC button?