How can I block web access?

/usr/usr Member Posts: 1,768 ■■■□□□□□□□
I need to block internet access, but allow access to the intranet. I don't have the option to block port 80 and run the intranet servers on another port. I basically need something to run on local machines, be it a script, program, or setting, which will not allow access to the internet.

Comments

  • ajs1976ajs1976 Member Posts: 1,945 ■■■■□□□□□□
    If they are only access one LAN, remove the Default gateway address from the client PCs.

    Depending on the type of router you are using, you could set up an ACL.
    Andy

    2020 Goals: 0 of 2 courses complete, 0 of 2 exams complete
  • /usr/usr Member Posts: 1,768 ■■■□□□□□□□
    The DHCP server is going to give out the address unless it's configured not to. Some clients need access, others don't. Going that route leaves people who need access out of luck unless they stay away from the DHCP server and are given a static ip.
  • wildfirewildfire Member Posts: 654
    Need more info really youve not said what client people are using xp pro/2000 etc? do they access through a proxy server? broadband router? if so what type? or other router?
    Looking for CCIE lab study partnerts, in the UK or Online.
  • /usr/usr Member Posts: 1,768 ■■■□□□□□□□
    I need a way to disable this at the local level. The machine they are working on.

    Running a combination of NT/2000 machines.
  • BeachTech_BeachTech_ Member Posts: 12 ■□□□□□□□□□
    We have a user here that had his internet privledge revoked after he visited some "hot" sites (read "****"). He only needed to access one website...the corporate website. So I put in a bogus IP address for the DNS server, then put in the IP address as the IE Homepage (http://192.168.x.x).

    Now, if you need them to be able us use FQDN for the Intranet, what about pointing to a bogus DNS and creating a static HOST file on the client's machine? If it is an intranet, you shouldn't have too many entries in this table.
  • big boibig boi Member Posts: 10 ■□□□□□□□□□
    any proxy server should be able to do this. squid. symantec web security. etc.
Sign In or Register to comment.