Home » Questions » Computers [ Ask a new question ]

Restricting system-wide access to all websites outside of a specified list

Restricting system-wide access to all websites outside of a specified list

I want to restrict access to all websites outside of a list of allowed domains. (localhost, superuser.com, stackoverflow.com, etc.) I would like this to be applied system-wide and to be browser agnostic.

Asked by: Guest | Views: 252
Total answers/comments: 1
Guest [Entry]

"These things can be done,

Setup the firewall to restrict to you domain list for outbound connections

this will prevent all outbound communications the restricted set
besides the usual inbound restrictions that a firewall is usually configured for
Check your router/modem for filter support
the same firewall trick, but at the network device rather than the machine
this is sometimes more effective
Use OpenDNS filtering capabilities
I could not quickly lookup a scheme to allow a set
Though, there are ways to block specific sets
If you have a set of machines in your network that needs this control,
a proxy (like Squid) could also be setup for filtering access.
This would be more effort (another squid running machine required in the path)
The overhead will be amortized if you have several machines to control.

HowToGeek OpenDNS reference.

HowToForge Squid Proxy Server On Ubuntu 9.04 Server
with DansGuardian, ClamAV, And WPAD (Proxy Auto-Detection).

Update:

A host-based firewall should work.
Unfortunately, the Windows XP firewall does not support outbound filtering.

The firewall software in Windows XP was simple and rudimentary and protected incoming traffic only, blocking any inbound connections that had not been initiated by your computer - and it was turned off by default. Service Pack 2 turned it on by default and made it possible for administrators to enable it via Group Policy.

But, other firewalls will probably allow you to control outbound connections.
Typically, I have seen application based control (rather than port or domain based) in Windows based firewall tools. However, there may be other forms (here is a quick reference to some Windows free and trial firewall apps). Others may have more information on this.

If the users do not need administrative rights,
setting up that way will not allow them to change your configurations.
Any third-party application will probably also prohibit configuration changes by non admin users."