using hosts file as http whitelist

Discussion in 'Networking' started by sao123, Jan 19, 2010.

  1. sao123

    sao123 Lifer

    Joined:
    May 27, 2002
    Messages:
    12,281
    Likes Received:
    7
    I have some public accessworkstations, which I need to limit to certain internet websites. To accomplish this, i am disabling DNS, and setting up a hosts file to enable certain permitted sites to be browsed.
    However, doing this, will prevent windows updates from being downloaded.

    Does anyone know the proper entries neeeded for my hosts file to re-enable windows update?
     
  2. Loading...

    Similar Threads - hosts file http Forum Date
    Help with file hosting Networking Nov 2, 2016
    HOSTS file for an IP dual-stack (v4/v6) OS? Networking Apr 3, 2013
    good hosts file to download Networking Mar 2, 2013
    Should there ever be more than 1 entry in the Hosts file? Networking Oct 26, 2011
    Good free file hosting? Networking Oct 14, 2008

  3. ViviTheMage

    ViviTheMage Lifer

    Joined:
    Dec 12, 2002
    Messages:
    35,939
    Likes Received:
    9
    try these

    download.windowsupdate.com
    v5.windowsupdate.microsoft.com

    also, if it doesn't work, deploy your own SuS?
     
    #2 ViviTheMage, Jan 19, 2010
    Last edited: Jan 19, 2010
  4. Fallen Kell

    Fallen Kell Diamond Member

    Joined:
    Oct 9, 1999
    Messages:
    5,031
    Likes Received:
    13
    Make sure you disable nslookup as well then. Anyone who knows anything about how the internet works will simply bring up a command window and do a nslookup to 4.2.2.1 (or any of the original base DNS servers on the net), get the IP and then enter the IP in the browser...
     
  5. Nothinman

    Nothinman Elite Member

    Joined:
    Sep 14, 2001
    Messages:
    30,672
    Likes Received:
    0
    That's not a good solution. You really should be making them browse through a proxy and then setup a whitelist on the proxy. That also ensures that no one brings in their own machine and uses that intead.

    Which will likely fail anyway because without the HTTP Host header given it'll just return the default website for that server which may or may not be the one you're aiming for.
     
  6. xSauronx

    xSauronx Lifer

    Joined:
    Jul 14, 2000
    Messages:
    19,591
    Likes Received:
    1
    seconded on the proxy and wsus suggestions. a wsus server is really easy to set up (though, with thousands of updates to filter from the start, can be tedious) and clients can be configured easily with a GPO. if you have a server that needs some action and has some disk space, a wsus server is worth setting up.
     
  7. sao123

    sao123 Lifer

    Joined:
    May 27, 2002
    Messages:
    12,281
    Likes Received:
    7
    guess I have to be a bit more specific.

    These systems are located at each of 40 semi-secure locations. (each essentially a 8x8 wooden shed with an attached outhouse on government property)
    Each location has a single DSL/Cable/Verizon Aircard, and a netgear/linksys/dlink wired 4 port router.

    Each location has 2 foreman each having a laptop which require full internet access. The above described desktop is to be a restricted weather terminal for all the non-foreman employees to use. it has guest level priviliges only with no logon password, and the internet is to be restricted to only our 4 permitted weather sites. (weather data is critical to our business).

    due to the large number of sites, and complete lack of servers, I cant do SuS.
    Due to the foremans requirements I cant do this at the router level...well at least not with $40 walmart routers.
     
  8. sao123

    sao123 Lifer

    Joined:
    May 27, 2002
    Messages:
    12,281
    Likes Received:
    7
    great start on a partial list, but i need more addresses than this.
     
  9. skyking

    skyking Lifer

    Joined:
    Nov 21, 2001
    Messages:
    17,951
    Likes Received:
    135