LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Newbie (https://www.linuxquestions.org/questions/linux-newbie-8/)
-   -   how to block a particular web site (https://www.linuxquestions.org/questions/linux-newbie-8/how-to-block-a-particular-web-site-667029/)

bkcreddy17 09-02-2008 04:45 AM

how to block a particular web site
 
hi,
how to block a particular web site for all networks and allow for a particular network. suppose i want to allow abc.example.com only from a particular public ip or *.example.com network. i think we can't use tcp wrappers for this. should we use iptables or what. if we use iptables can any body tell me the rules? i am using rhel5 server 32-bit.
Thank you.

Tobler 09-02-2008 06:42 AM

Block web address
 
Quote:

Originally Posted by bkcreddy17 (Post 3266990)
hi,
how to block a particular web site for all networks and allow for a particular network. suppose i want to allow abc.example.com only from a particular public ip or *.example.com network. i think we can't use tcp wrappers for this. should we use iptables or what. if we use iptables can any body tell me the rules? i am using rhel5 server 32-bit.
Thank you.

You didn't tell what/who is trying to access forbidden networks. I assume you mean web browsing? Or just servers who should not contact outside networks?

Blocking web surfing:
Depends your network configuration. Blocking addresses with firewall is not good. One web site may have many different IP addresses (eg www.google.com) so blocking them separately is too difficult.

So - easiest way is block with domain name. On large network configure your DNS server to give "wrong" IP for bad domains. www.bad-host.org goes to company web server (CNAME or A) which will tell that "sorry - access to that domain is forbidden".
On smaller scale you can just modify /etc/hosts -file and put forbidden hosts there and give IP address 127.0.0.1. Or other internal web IP server which will give error message.

But these are not complete protection. Just most easiest to setup. For complete protection is force to use company web proxy that will control access to internet (addresses/domains). For example DansGuardian is very usefull proxy extension.

br, Tobler

immortaltechnique 09-02-2008 02:52 PM

How about trying the /etc/hosts.deny? You could add the annoying domains/netblocks in the file.


All times are GMT -5. The time now is 01:41 AM.