Blocking specific sites without using any software

Home Forums Client Operating Systems Windows 2000 Pro, XP Pro Blocking specific sites without using any software

This topic contains 19 replies, has 10 voices, and was last updated by Avatar kgoering 6 years, 12 months ago.

Viewing 20 posts - 1 through 20 (of 20 total)
  • Author
    Posts
  • Avatar
    Anishk
    Participant
    #159714

    Hi,

    Iam trying to block some websites like facebook and orkut without using any software. While googling, i could see that listing those websites in the location C:WINDOWSsystem32driversetc ‘s host file would block the sites mentioned in the hosts file but that one is not working for me. Could you please tell me some other way of blocking such sites ?

    Regards,
    Anish

    Avatar
    Anonymous
    #376323

    Re: Blocking specific sites without using any software

    If you add fictitious hostnames in the hosts file, and map those hostnames to say the loopback address (127.0.0.1), that would prevent the user from being able to resolve the correct IP for that hostname since the items listed in the hosts file are automatically stored in the DNS cache (you can check it by going to a command prompt and typing ipconfig /displaydns).

    However, if your user has proxy settings enabled in their browser, this is not going to work, because the browser is configured to to to the proxy to access websites. Its the proxy server(s) that will resolve the host name, not the client in this case.

    Additionally, this is not a good solution in any case for various reasons…

    1) its very difficult to manage
    2) users with admin privileges can work around this
    3) you can boot to another OS and work around this
    4) you can install virtual guests on a computer and work around this
    5) you can connect to a proxy server and work around this

    Avatar
    Ossian
    Moderator
    #187225

    Re: Blocking specific sites without using any software

    IMHO this is partially an HR issue — users should be made aware that if they go to prohibited sites (and IT will be monitoring) they will face disciplinary action

    Avatar
    wullieb1
    Moderator
    #243865

    Re: Blocking specific sites without using any software

    Anishk;263762 wrote:
    Hi,

    Iam trying to block some websites like facebook and orkut without using any software. While googling, i could see that listing those websites in the location C:WINDOWSsystem32driversetc ‘s host file would block the sites mentioned in the hosts file but that one is not working for me. Could you please tell me some other way of blocking such sites ?

    Regards,
    Anish

    What isn’t working for you???

    Can you please explain a bit more about your environment.

    Avatar
    Anonymous
    #368166

    Re: Blocking specific sites without using any software

    this policy apply only to IE and not other so if you accessing particular site from another browser than Internet Explorer it will open…… for more info kindly follow:google:

    Avatar
    wullieb1
    Moderator
    #243868

    Re: Blocking specific sites without using any software

    Raj_trust;263994 wrote:
    this policy apply only to IE and not other so if you accessing particular site from another browser than Internet Explorer it will open…… for more info kindly follow:google:

    Can you kindly explain exactly what you mean by this comment.

    Avatar
    Anonymous
    #368167

    Re: Blocking specific sites without using any software

    wullieb1;264051 wrote:
    Can you kindly explain exactly what you mean by this comment.

    yes i mean…. C:WINDOWSsystem32driversetc ‘s host file apply only for internet explorer and not other browser …:|

    Avatar
    Ossian
    Moderator
    #187283

    Re: Blocking specific sites without using any software

    What rubbish!
    The host file is used as part of the operating systems name resolution process, and is totally independent of the browser involved.

    I am shocked, absolutely shocked, that a “server support engineer” does not know that.

    Avatar
    wullieb1
    Moderator
    #243870

    Re: Blocking specific sites without using any software

    Raj_trust;264068 wrote:
    yes i mean…. C:WINDOWSsystem32driversetc ‘s host file apply only for internet explorer and not other browser …:|

    I think you need to re-look at the name resolution process as outlined here.

    http://technet.microsoft.com/en-us/library/bb727005.aspx

    This will outline what the HOSTS file is, which BTW is not limited to windows operating systems.

    http://www.accs-net.com/hosts/what_is_hosts.html

    As a test please add an entry to yours that states that http://www.google.com is equal to 127.0.0.1.

    Save and close the file then try and ping google and see what is resolved.

    Avatar
    Ossian
    Moderator
    #187297

    Re: Blocking specific sites without using any software

    I don’t think there is any particular requirement to change the IP each time — 127.0.0.1 is the only one you need (actually any address in the Class A 127.x.x.x network is a valid localhost)

    The problem with the hostfile method is maintenance — typically there are multiple names for the site (sitename.com, http://www.sitename.com etc. as well as multiple national variants. The other issue is deploying the hosts file to multiple client computers (and redeploying it every time it changes).

    Blood
    Blood
    Moderator
    #336143

    Re: Blocking specific sites without using any software

    Nope – no need to change it at all. Checkout the MVPS Hosts file:

    http://winhelp2002.mvps.org/hosts.txt

    Avatar
    kgoering
    Member
    #386530

    Re: Blocking specific sites without using any software

    Hi,

    You are right sir. the configurations might not be working for our case as we are under a proxy set up.

    Regards,
    Anish

    [JM];263766 wrote:
    If you add fictitious hostnames in the hosts file, and map those hostnames to say the loopback address (127.0.0.1), that would prevent the user from being able to resolve the correct IP for that hostname since the items listed in the hosts file are automatically stored in the DNS cache (you can check it by going to a command prompt and typing ipconfig /displaydns).

    However, if your user has proxy settings enabled in their browser, this is not going to work, because the browser is configured to to to the proxy to access websites. Its the proxy server(s) that will resolve the host name, not the client in this case.

    Additionally, this is not a good solution in any case for various reasons…

    1) its very difficult to manage
    2) users with admin privileges can work around this
    3) you can boot to another OS and work around this
    4) you can install virtual guests on a computer and work around this
    5) you can connect to a proxy server and work around this

    Avatar
    kgoering
    Member
    #386531

    Re: Blocking specific sites without using any software

    Hi,

    We have squid proxy configured in our network.

    Regards,
    Anish

    wullieb1;263801 wrote:
    What isn’t working for you???

    Can you please explain a bit more about your environment.

    Avatar
    kgoering
    Member
    #386532

    Re: Blocking specific sites without using any software

    Hi,

    Is there any other way restricting some site access without installing thrid party softwares?

    Regards,
    Anish

    Avatar
    Ossian
    Moderator
    #187307

    Re: Blocking specific sites without using any software

    a) What went wrong when trying to edit the hosts file?
    b) No

    Blood
    Blood
    Moderator
    #336144

    Re: Blocking specific sites without using any software

    According to the Squid FAQ this can be done

    http://wiki.squid-cache.org/SquidFaq/SquidAcl#How_do_I_implement_an_ACL_ban_list.3F

    I have to admit that I have never used Squid so don’t know if this applies to your specific situation

    Avatar
    anas
    Member
    #386147

    Re: Blocking specific sites without using any software

    I’d go down the HR backside-kicking route. We can only go so far as administrators (especially without 3rd party software/hardware) and at the end of the day, the users are paid by your company, so have a robust IT policy that forms part of the standard employment contract, so it’s clear that no personal internet use can happen outside of specific break times, you don’t want users to hate you either, so it’s a fine line.

    I busted by backside trying to block websites in my last firm, but in the end just updated the IT policy and got all users to sign it – no excuses then and it saves you a whole heap of admin work. After doing that it should be up to the line managers to monitor their charges work, if they are spending too much time on the internet then it’ll show in their productivity. Plus you can do periodic checks on potentially problematic users and drop them in it if they are being bad doggies………

    Avatar
    L4ndy
    Member
    #277180

    Re: Blocking specific sites without using any software

    I agree that it needs reinforcing from the HR but there are certain excpectations that can be achieved technically to ensure compliance.
    With the wide range of open source proxy servers now (Inc Squid) you should be able to restrict that traffic (even if it’s https).
    You could also create a DNS zone and equivalent firewall rules to block it that way, saving you the management headache of the Hosts file.
    IMO a total ban of facebook wouldn’t worry me despite the freedom of internet argument. It’s becoming a bit of a religion which we could do with less if I am honest.

    Avatar
    J0K3R
    Member
    #249450

    Re: Blocking specific sites without using any software

    seriously folks
    do you all remember the now old addage. “Google is my friend”, well google can be your friend too :P lol

    http://servercomputing.blogspot.com.au/2012/01/block-facebook-in-squid-proxy-server.html

    Blood
    Blood
    Moderator
    #336149

    Re: Blocking specific sites without using any software

    Yes, I used Google to research this but ignored the Linux results as I was not sure if they would be pertinent to a Windows environment.

Viewing 20 posts - 1 through 20 (of 20 total)

You must be logged in to reply to this topic.