Block all websites except 1

Discussion in 'Computer Software and Operating Systems' started by jumpman17, Aug 6, 2014.

  1. jumpman17
    OP

    jumpman17 He's a semi-aquatic egg laying mammal of action!

    Former Staff
    8,996
    183
    Apr 11, 2003
    United States
    I'm looking for a way to essentially block the entire internet, except for 1 website. Most methods I have found involve a blacklist, but I need something with a whitelist. Where only listed websites work. Any ideas?
     
  2. Issac

    Issac I

    Global Moderator
    GBAtemp Patron
    Issac is a Patron of GBAtemp and is helping us stay independent!

    Our Patreon
    5,368
    2,659
    Apr 10, 2004
    Sweden
    Sweden
  3. jumpman17
    OP

    jumpman17 He's a semi-aquatic egg laying mammal of action!

    Former Staff
    8,996
    183
    Apr 11, 2003
    United States
    Some further info, this is on Windows 8, and using Chrome. And I'm looking for something where the settings can't be changed by a non-admin account. Basically, my company is going to be giving out lots of laptops to the workers for the sole purpose of going to a single site and entering data while on the job. Currently, I have IE uninstalled and found an extension in Chrome that does what I need, but you can just open the extension and change the whitelist. I'm sure most won't know how to do that, but there may be some. And still, you can plug in a thumbdrive with Firefox Portable and use that.
     
  4. bobmcjr

    bobmcjr GBAtemp Advanced Fan

    Member
    897
    335
    Apr 26, 2013
    United States
    Find the IP address of that one site, change the DNS's of each computer to something invalid (e.g. 127.0.0.1), and then add the IP address of that one site to the HOSTS file.
    Seems like it should work given that shouldn't know of any domains besides the ones in hosts.

    Edit: And don't forget to flush the dns cache.
     
  5. oji

    oji GBAtemp Regular

    Member
    273
    62
    Sep 1, 2012
    Russia
    In Soviet Russia you're the Location
    In Internet Explorer you can define proxy server & exclusions for specific sites. You can set nonexistent proxy & put your site in exclusion. If you want to prohibit changing this behavior, just give to user non-administrative rights to system & configure these settings through GPO (gpedit.msc for WG computer or AD policies for domain). It's also may be useful to enable software execution restrictions in GPO to protect against alternative browsers.
     
  6. moerik

    moerik GBAtemp Regular

    Member
    109
    14
    Sep 14, 2009
    Canada
    Canada, Alberta
    Does your router allow parental control settings of some sort? My shitty ISP provided router/modem unit can allow only a certain website after blocking them all, theoretically. Which can also be assigned to each laptop individually after giving them static DCHPs.
     
  7. nando

    nando GBAtemp Addict

    Member
    2,131
    395
    Jan 1, 2008
    United States
    on mac there is parental controls which allows you to make a white list of sites and applications allowed by specific users. windows doesn't have anything like that?
     
  8. jumpman17
    OP

    jumpman17 He's a semi-aquatic egg laying mammal of action!

    Former Staff
    8,996
    183
    Apr 11, 2003
    United States
    That may work. I'd like to be able to keep the admin account with working internet though.

    I have to have Chrome though as the site doesn't work in IE because nothing seems to work in IE11. Also, I thought you couldn't change the Host files anymore in Windows 8. And don't you have to be running Windows NT to use GPOs?

    They'll be out and about connecting to either families' routers or with a portable hotspot with a data plan.

    I found this, and when I do this, it won't let you mess with the extension settings, but it also makes the extension no longer work as it can't "read" the file. Although only setting it to deny write abilities does nothing.
    http://superuser.com/questions/665952/how-to-prevent-my-guest-user-from-installing-chrome-extensions
     
  9. bobmcjr

    bobmcjr GBAtemp Advanced Fan

    Member
    897
    335
    Apr 26, 2013
    United States
    Try these bash scripts for easy setting/resetting:
    (Replace and or copy Local Area Connection for as many connections you have, and obviously replace YourOnlySite.com and 255.255.255.255 with your respective site and site's IP address)

    To set:
    Code:
    <at symbol>echo off
    SET NEWLINE=^& echo.
    FIND /C /I "YourOnlySite.com" %WINDIR%\system32\drivers\etc\hosts IF %ERRORLEVEL% NEQ 0 ECHO %NEWLINE%^255.255.255.255 YourOnlySite.com>>%WINDIR%\System32\drivers\etc\hosts
    netsh interface ip set dns name="Local Area Connection" static 127.0.0.1 index=1
    netsh interface ip set dns name="Local Area Connection" static 127.0.0.1 index=2
    ipconfig /flushdns
    
    To reset (hosts shouldn't need to be changed since your site's IP is the same, right?):
    Code:
    <at symbol>echo off
    netsh interface ip set dnsservers name="Local Area Connection" source=dhcp
    ipconfig /flushdns
    
     
  10. FAST6191

    FAST6191 Techromancer

    pip Reporter
    23,747
    9,618
    Nov 21, 2005
    United Kingdom
    If they are out and about and connecting in does that mean they will have a VPN (and then a proxy on your work network where this sort of thing is trivial to handle)*? If the data is any kind of sensitive (medical, legal and sales are usually an easy pitch for there) then that is probably a good thing. You could probably do something similar with a plain proxy if you want to run one.

    The methods from the others will probably work, however hardcoding local IP/hosts/DNS can possibly leave you troubled if the IP suddenly changes/url schemas/subdomains change..... not to mention if your people are in the field for days at a time (conference, because that is what they do, .....).

    *if you feel like getting a I R the netwark admin tshirt/some good resume padding you can do something fun with software defined networking if you do not have a decent link at the office.

    Only thing I will say is try it on a network that redirects HTTP to a signup screen (a lot of web cafes/hotspots and the like).
     
  11. oji

    oji GBAtemp Regular

    Member
    273
    62
    Sep 1, 2012
    Russia
    In Soviet Russia you're the Location
    You can use GPOs in any current Windows (i.e. all non 9x) & if you are not in domain just run "gpedit.msc" to edit the local policy. If your site isn't working in IE (have you tried compatibility mode, btw?) you can check this link: http://4sysops.com/archives/group-policy-for-firefox-and-chrome/. But for me the latest IE is most secure & flexible in GPO configuration so it's better for a sandbox environment.
     
  12. p3rand0r

    p3rand0r Advanced Member

    Newcomer
    83
    14
    Mar 10, 2014
    Albania
    On the ⌨
    i have something called WasteNoTime
    Its a chrome extension and it allows only the website you add in your white list , and has some great customizations , cons? its only for your browser if someone adds a new browser it can enter every page its wants :/
     
  13. jumpman17
    OP

    jumpman17 He's a semi-aquatic egg laying mammal of action!

    Former Staff
    8,996
    183
    Apr 11, 2003
    United States
    Thanks for all the suggestions guys. After trying some of these things and fiddling around, I found a feature in Windows 8 called Family Safety. If I make the non-admin account a "child" account, I can block all internet sites except for ones on a whitelist. This leaves the admin account with full internet access and the child account can only go to the one website they should be going to.
     
  14. SlCKB0Y

    SlCKB0Y GBAtemp Regular

    Member
    110
    21
    Nov 22, 2006
    Sydney
    Just curious but why are they only allowed to go to one website?

    What are the negatives your company sees from giving employees more freedom that have led to this policy.
     
  15. gudenau

    gudenau Largely ignored

    Member
    GBAtemp Patron
    gudenau is a Patron of GBAtemp and is helping us stay independent!

    Our Patreon
    3,287
    1,252
    Jul 7, 2010
    United States
    /dev/random
    Add a wildcard to hosts, then the site and it's ip. I think that should work, but you need superuser/admin access.