Skip site navigation (1)Skip section navigation (2)
Date:      Wed, 11 Apr 2007 07:42:42 -0500
From:      Kevin Kinsey <kdk@daleco.biz>
To:        DSA - JCR <juancr@dsa.es>
Cc:        freebsd-questions@freebsd.org
Subject:   Re: Forbidding or not access to webpages of network users
Message-ID:  <461CD7C2.1040106@daleco.biz>
In-Reply-To: <2023.217.114.136.133.1176287010.squirrel@llca513-a.servidoresdns.net>
References:  <2023.217.114.136.133.1176287010.squirrel@llca513-a.servidoresdns.net>

next in thread | previous in thread | raw e-mail | index | archive | help
DSA - JCR wrote:
> Hi all in this list
> 
> I want to know if there is a way to forbid to network users the access to
> fixed webpages.

Possibly.

> The example, I work in an enterprise in which several users are accesing
> to webpages others than the enterprise's own.
> 
> I want that the users can only access to the the webpages and services of
> the enterprise, but also that 2 PC can access everywhere (the boss ones).
> 
> Can I make it with FreeBSD? How? I have read the Firewall handbook pages,
> but i don't know exactly if i can do it with PF, IPF or IPFW (or something
> else). (examples?)
 
A common solution is to install a proxy server (such as Squid [/usr/ports/www/squid])
and set the firewall to not allow traffic from any machines out to the WWW except
the proxy server.

Squid can utilize "Access Control Lists"; here's a statement from my "squid.conf":

        acl banned_sites url_regex -i "/etc/banned/porn"
        http_access deny banned_sites

        acl banned_sites2 url_regex -i "/etc/banned/games"
        http_access deny banned_sites2

You can also have an "allow only" list and deny all other requests.

> My users are W2K.
> 
> On the otherhand, I think this is a common problem, isn't it? ;D

For many people, yes.


Kevin Kinsey
-- 
Rules for Academic Deans:
	(1)  HIDE!!!!
	(2)  If they find you, LIE!!!!
		-- Father Damian C. Fandal



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?461CD7C2.1040106>