how do you block access to a site?

smarthouseguy · 05-12-2006, 11:40 PM

I have slackware 10.2 working as my asterisk pbx and a router. I use dhcpd and iptables. I need to block access to myspace.com to save my bandwidth. Does anyone know how I would go about doing this?

Jerre Cope · 05-13-2006, 01:19 AM

I would use a program like squid ( squid-cache.org ) as a proxy where you could easily filter by urls and save bandwidth by caching web access for your whole site. The simplest way to setup squid is with webmin (webmin.com)

dugan · 05-13-2006, 01:39 AM

Edit /etc/hosts and set www.myspace.com to 127.0.0.1.

archtoad6 · 05-14-2006, 10:09 AM

And myspace.com
& <every_other_host_at>.myspace.com

The problem is: the hosts file doesn't do wildcards, so you must track down & enumerate every offensive host at every blocked domain & put each one in a separate line in your hosts file. Not only that, when <blocked_domain>.<tld> adds a new server, you must discover it & add it.

Consider the HOSTS file from www.accs-net.com/hosts: http://www.accs-net.com/hosts/Downloads/hosts127001.zip
I grepped it for each of the domains that had a host "ad250", piping the result through wc -l, here the results:

Code:

hpg.ig.com.br     1065 
hpg.com.br         877 
ezcybersearch.com  269 
popupad.net        269 
erasercash.com     267 
paycount.com       266

(I know a guy whose hosts file runs over 30,000 entries! Of course, he is doing serious malware as well as ad blocking.)

You're much better off taking the proxy server suggestion or using DNS.

If you want to pursue using DNS, you might consider adding dnsmasq to your router. Besides being a small combo DHCP & DNS server, you can block whole domains w/ one simple line per entire domain in its config file.

If you already have Bind running, then see http://pgl.yoyo.org/adservers/ for information on how to get it to block domains.

are especially useful.