LinuxQuestions.org
Go Job Hunting at the LQ Job Marketplace
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - General
User Name
Password
Linux - General This Linux forum is for general Linux questions and discussion.
If it is Linux Related and doesn't seem to fit in any other forum then this is the place.

Notices



Reply
 
Search this Thread
Old 05-30-2006, 11:29 AM   #1
whayford
LQ Newbie
 
Registered: May 2006
Posts: 3

Rep: Reputation: 0
Question Limit Browser to specific domains


I am looking for a web browser solution in the Linux environment to provide controlled access to one or two domains. This is for a factory/warehouse implementation. The machines will be used to access shipping information and email or report to headquarters.

An optimal solution would have limits based on user id or role. The machine should boot up to the browser with limits.

I don't need to know all the gory details about how to do it right now. I just need to know that it is feasible and what combination of products it would take. I am looking at this as a better alternative to a Windows/Citrix/and other junk solution.

Assuming there is a solution, does anyone have any idea of how complex this is to do?

Thanks.
 
Old 05-30-2006, 12:07 PM   #2
acid_kewpie
Moderator
 
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,415

Rep: Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968
sounds like a real simple squid proxy, something that a dedicated firewall distro like ipcop could easily handle for you with its default builtin squid server. you could run it transparently and authenticate on a per ip address basis, but if you can define how the users and machines work, e.g. will the same machine be used by different people for different functions?
 
Old 05-30-2006, 01:14 PM   #3
whayford
LQ Newbie
 
Registered: May 2006
Posts: 3

Original Poster
Rep: Reputation: 0
More details:

there will probably only be two or three roles (administrator, power-user, worker-bee

the machines are located in geographically dispersed locations with normally no overlap of usage. In other words, under normal circumstances a machine would be dedicated to one role.

It would be optimal, since there will be only one active machine per location, if a machine could allow more than one role. This would allow a visiting administrator or power-user to use the machine.
 
Old 05-30-2006, 03:46 PM   #4
acid_kewpie
Moderator
 
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,415

Rep: Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968
ok, so are you looking for a central solution? a solution that is on each machine that the browser is using? If you are using a centralised point of internet access then again i'd refer back to ipcop, with the advproxy addon http://www.advproxy.net. you could also deploy this in each location, but it would require a seperate machine on each site (unless you ran a vmware instance on the single machine which is feasible but not what you really wanti'm sure) which, if it's only serving one machine anyway seems odd at best.

Now, outside of this i am not sure how you would achieve user based authentication to restrict access to certain sites iwth no additional machine. you can certainly run squid and authenticate on it when you are telling a browser to go directly to a proxy, but what's stopping a user disabling that proxy and just going direct to the internet? an iptables rule can intercept port 80 requests, but those requests will come from squid too anyway.... I'm\ rambling now, probably worth ignoring all that.

OK, so what if you don't want squid... could you not simply restrict the visible UI of the browser they are given to use? if they can only go to a homepage which is a menu, and have no access to other parts of the browser then would that be all you'd want as an assurance they can not go elsewhere? i'm sure there will be firefox extensions for this for example.
 
Old 05-31-2006, 08:26 AM   #5
whayford
LQ Newbie
 
Registered: May 2006
Posts: 3

Original Poster
Rep: Reputation: 0
Thanks for your suggestion. After searching I found the Opera browser has a Kiosk mode designed to allow you to limit the domains which can be seen. It also has an ability to display a site in full screen mode with no buttons or tool bars. This will handle the problem. Google Opera Kiosk mode for more information on how to.

Thanks.
 
Old 05-31-2006, 08:49 AM   #6
acid_kewpie
Moderator
 
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,415

Rep: Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968
well there are kiosk modes for all browsers afaik, nothing special about opera's implementation i'd have thought.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Blocking mails from specific email addresses/domains in postfix jomy Linux - Networking 1 07-15-2008 09:32 PM
Is there a hard limit to virtual domains? kuplo Linux - Software 6 11-10-2005 04:50 AM
Relay email for specific domains to an external address on a non-standard port BaDaBooM Linux - Networking 2 03-18-2003 11:40 PM
Can ping domains, but can't use browser jbellmyer Linux - Networking 7 05-10-2002 02:38 AM
How do I auto delete mails from a specific domains/users? markng Linux - Security 4 05-02-2002 11:41 PM


All times are GMT -5. The time now is 05:28 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration