Forbidding or not access to webpages of network users
kdk at daleco.biz
Wed Apr 11 12:43:08 UTC 2007
DSA - JCR wrote:
> Hi all in this list
> I want to know if there is a way to forbid to network users the access to
> fixed webpages.
> The example, I work in an enterprise in which several users are accesing
> to webpages others than the enterprise's own.
> I want that the users can only access to the the webpages and services of
> the enterprise, but also that 2 PC can access everywhere (the boss ones).
> Can I make it with FreeBSD? How? I have read the Firewall handbook pages,
> but i don't know exactly if i can do it with PF, IPF or IPFW (or something
> else). (examples?)
A common solution is to install a proxy server (such as Squid [/usr/ports/www/squid])
and set the firewall to not allow traffic from any machines out to the WWW except
the proxy server.
Squid can utilize "Access Control Lists"; here's a statement from my "squid.conf":
acl banned_sites url_regex -i "/etc/banned/porn"
http_access deny banned_sites
acl banned_sites2 url_regex -i "/etc/banned/games"
http_access deny banned_sites2
You can also have an "allow only" list and deny all other requests.
> My users are W2K.
> On the otherhand, I think this is a common problem, isn't it? ;D
For many people, yes.
Rules for Academic Deans:
(2) If they find you, LIE!!!!
-- Father Damian C. Fandal
More information about the freebsd-questions