Date: Wed, 11 Apr 2007 07:42:42 -0500 From: Kevin Kinsey <kdk@daleco.biz> To: DSA - JCR <juancr@dsa.es> Cc: freebsd-questions@freebsd.org Subject: Re: Forbidding or not access to webpages of network users Message-ID: <461CD7C2.1040106@daleco.biz> In-Reply-To: <2023.217.114.136.133.1176287010.squirrel@llca513-a.servidoresdns.net> References: <2023.217.114.136.133.1176287010.squirrel@llca513-a.servidoresdns.net>
next in thread | previous in thread | raw e-mail | index | archive | help
DSA - JCR wrote:
> Hi all in this list
>
> I want to know if there is a way to forbid to network users the access to
> fixed webpages.
Possibly.
> The example, I work in an enterprise in which several users are accesing
> to webpages others than the enterprise's own.
>
> I want that the users can only access to the the webpages and services of
> the enterprise, but also that 2 PC can access everywhere (the boss ones).
>
> Can I make it with FreeBSD? How? I have read the Firewall handbook pages,
> but i don't know exactly if i can do it with PF, IPF or IPFW (or something
> else). (examples?)
A common solution is to install a proxy server (such as Squid [/usr/ports/www/squid])
and set the firewall to not allow traffic from any machines out to the WWW except
the proxy server.
Squid can utilize "Access Control Lists"; here's a statement from my "squid.conf":
acl banned_sites url_regex -i "/etc/banned/porn"
http_access deny banned_sites
acl banned_sites2 url_regex -i "/etc/banned/games"
http_access deny banned_sites2
You can also have an "allow only" list and deny all other requests.
> My users are W2K.
>
> On the otherhand, I think this is a common problem, isn't it? ;D
For many people, yes.
Kevin Kinsey
--
Rules for Academic Deans:
(1) HIDE!!!!
(2) If they find you, LIE!!!!
-- Father Damian C. Fandal
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?461CD7C2.1040106>