How to Block all websites except one website in a LAN of Ubuntu 11.10 Clients ?
Asked
Active
Viewed 2,829 times
2 Answers
5
One of the simplest ways is to set up a squid proxy, and put rules in place to allow only the site you want. Then block access to all ports on your firewall for LAN PCs (you may need to consider if your clients need to access any other internet services). Finally, push out proxy info using wpad.dat or dhcp option 252, both of which should work for linux I believe.
A bit more info about your scenario would help tailor a better solution.
Tom Newton
- 4,021
- 2
- 23
- 28
-
Actually we are organising exams and we want that students should open only our one website and they can not search anything on internet. – Naval Saini Jun 02 '12 at 10:18
-
Proxy sounds perfect for this to me. Just create some ACL's in Squid. – boburob Jun 02 '12 at 10:20
-
thanx boburob and Tom Newton i'll try – Naval Saini Jun 02 '12 at 10:31
-
Sounds like a plan then - they won't need email etc. you can just lock the firewall right down. Take care that you unblock the whole exam site and any sites eg. cdns which it may use. – Tom Newton Jun 02 '12 at 19:17
-1
One can use a DNS server that only resolves that one website, and block port 53 (both TCP and UDP) except for your DNS filter, to prevent circumvention. This will work even if the websites use HTTPS.
For added blocking, whitelist the IP address(es) for the whitelisted site, and if the site uses HTTPS, the CRL/OCSP server for the site's SSL certificate (in the DNS too), to make the browser happy.
William
- 149
- 6
-
1) DNS can easily be worked around via the hosts file. 2) Many websites don't have a "single" IP address. The only reliable solution to the OPs question is above, to use a proxy that understands the HTTP protocol and can filter on a URL basis. – EEAA Oct 02 '16 at 23:27