• We’re currently investigating an issue related to the forum theme and styling that is impacting page layout and visual formatting. The problem has been identified, and we are actively working on a resolution. There is no impact to user data or functionality, this is strictly a front-end display issue. We’ll post an update once the fix has been deployed. Thanks for your patience while we get this sorted.

Blocking web sites

S

steve wilson

Senior member
Hi,
We are a small business with 6 office workers in total and I want to block some web sites being accessed. I have a draytek vigor 2820 Router and have managed to block web sites using the URL filter. But it will not block secure web sites, like personal banking web sites. Https:// sites will just by pass the router URL blocking list.

What is the best way for me to block web sites?

We are running SBS 2003 and all machines have Windows XP SP3 on them.

Regards
Steve
 
Lot's of places use OpenDNS as a free solution to this problem. Your results with it may be varied.

Other places go with something like pfsense and dansguardian.

In my opinion, the easiest is to have a written Acceptable Computer Use policy and enforce it. Someone does something to break it, write them up or fire them.
 
If you're running SBS 2003, and you have a fairly limited list of sites you want to block, just create a zone in your local DNS server for that site and leave it empty.

* NOTE: anyone with a little bit of knowledge can get around this kind of block (as well as OpenDNS).

The reason HTTPS connections are bypassing your filter is because the URL is also encrypted and your router doesn't participate in that connection so it isn't privy to the keys being used. Some routers can do this (Palo Alto) but they're fairly expensive.
 
drebo said:
If you're running SBS 2003, and you have a fairly limited list of sites you want to block, just create a zone in your local DNS server for that site and leave it empty.

* NOTE: anyone with a little bit of knowledge can get around this kind of block (as well as OpenDNS).

The reason HTTPS connections are bypassing your filter is because the URL is also encrypted and your router doesn't participate in that connection so it isn't privy to the keys being used. Some routers can do this (Palo Alto) but they're fairly expensive.
Click to expand...

I'm not sure how create a zone in my local DNS server and leave it empty. Please can you give me a few tips?
 
well https is the protocol. As far as I know, the ip is still the same.

In other words:
the domain is NOT https://bofa.com
the domain IS bofa.com
http and https are protols to the same domain.

so it doesn't matter if its http or https, the ip is the same.
 
You could also push a HOSTS file on all the PC's. Simple list of the IP/Domain you don't want them to get to, a space followed by 127.0.0.1 and saved as HOSTS. It's in system32/drivers.ect and maybe hidden.
 
Rather than trying to figure out how to block those specifically, there are some cheap hardware solutions available. It's as simple as adding the domain to the block-list. One of those is iboss. They mostly provide enterprise level rack-mountable appliances but they also have a pro model for 150 HW and 250 per year. I sell them so let me know if you're interested. ross.young@iboss.com . Good luck.
 
You must log in or register to reply here.

TRENDING THREADS

Back
Top