LinuxQuestions.org
Did you know LQ has a Linux Hardware Compatibility List?
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices



Reply
 
Search this Thread
Old 09-02-2008, 04:45 AM   #1
bkcreddy17
Member
 
Registered: Feb 2008
Location: India-Hyderabad
Distribution: RHEL and Fedora
Posts: 171

Rep: Reputation: 15
how to block a particular web site


hi,
how to block a particular web site for all networks and allow for a particular network. suppose i want to allow abc.example.com only from a particular public ip or *.example.com network. i think we can't use tcp wrappers for this. should we use iptables or what. if we use iptables can any body tell me the rules? i am using rhel5 server 32-bit.
Thank you.
 
Old 09-02-2008, 06:42 AM   #2
Tobler
LQ Newbie
 
Registered: Oct 2007
Distribution: Ubuntu, RedHat Enterprise Linux
Posts: 12

Rep: Reputation: 0
Block web address

Quote:
Originally Posted by bkcreddy17 View Post
hi,
how to block a particular web site for all networks and allow for a particular network. suppose i want to allow abc.example.com only from a particular public ip or *.example.com network. i think we can't use tcp wrappers for this. should we use iptables or what. if we use iptables can any body tell me the rules? i am using rhel5 server 32-bit.
Thank you.
You didn't tell what/who is trying to access forbidden networks. I assume you mean web browsing? Or just servers who should not contact outside networks?

Blocking web surfing:
Depends your network configuration. Blocking addresses with firewall is not good. One web site may have many different IP addresses (eg www.google.com) so blocking them separately is too difficult.

So - easiest way is block with domain name. On large network configure your DNS server to give "wrong" IP for bad domains. www.bad-host.org goes to company web server (CNAME or A) which will tell that "sorry - access to that domain is forbidden".
On smaller scale you can just modify /etc/hosts -file and put forbidden hosts there and give IP address 127.0.0.1. Or other internal web IP server which will give error message.

But these are not complete protection. Just most easiest to setup. For complete protection is force to use company web proxy that will control access to internet (addresses/domains). For example DansGuardian is very usefull proxy extension.

br, Tobler
 
Old 09-02-2008, 02:52 PM   #3
immortaltechnique
Member
 
Registered: Oct 2006
Location: Kenya
Distribution: Ubuntu, RHEL, OpenBSD
Posts: 287

Rep: Reputation: 32
How about trying the /etc/hosts.deny? You could add the annoying domains/netblocks in the file.
 
1 members found this post helpful.
  


Reply

Tags
access control list, block


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Block web site (slack 8.0) Hondro Slackware 6 10-12-2007 04:41 AM
trying to block users from accessing web site with iptables Histamine Linux - Security 2 08-10-2007 09:36 AM
trying to block user from accessing external web site with iptables Histamine Linux - Networking 1 08-10-2007 08:43 AM
How to block web site? General Linux - General 2 10-08-2006 09:07 PM
How I can block a IP to view my web site?? AZIMBD03 Linux - Networking 6 02-26-2004 04:19 PM


All times are GMT -5. The time now is 06:52 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration