Modifying hosts for redirect?

W

wpd7

Gawd
Joined
Sep 30, 2003
Messages
891
Where I work, we are very small and do not have systemwide software in place to block non-work related sites. Normally this isn't a problem, except 4 users have taken their web surfing to an extreme and their supervisor would like me to put an end to it.

I was thinking of setting up a redirect on their hosts file to point to one site, possibly just our website. Now, I know how to set it up for one domain to another, but how do you set it up for all http traffic to be redirected into one URL?

Just in case it matters, these are non-intel macs running various flavors of OSX.

Help! :D
 
The host file will only do hosts. So, it's not going to be able to redirect traffic on a given port (80 or 443).

What you need is a proxy server. You say you don't have many resources. Do you have an old PC? If so, IPCop + Advanced Proxy + URL Filter would help take care of the problem.
 
Changing personnel would also resolve the issue. You might only have to change one before the rest caught on.
 
Take away the systems' access to DNS, then fill the host with only the approved locations? It would be tedious and labor intensive though. Maybe use a proxy server for all web access?
 
wpd7 said:
I was thinking of setting up a redirect on their hosts file to point to one site, possibly just our website. Now, I know how to set it up for one domain to another, but how do you set it up for all http traffic to be redirected into one URL?
Click to expand...

It's been a long time since I looked this up, but I don't believe you can wildcard(*) the Windows hosts file.
 
If they don't need access to the internet for their job why not just kill their WAN access at the router?
 
What type of network hardware do you have? You could dump them out via VLAN or similar and acl's. The most cost effective method without siad hardware is some form of linux based proxy server.

you can also filter sites on some SOHO routers. I have a dlink that I can permit/deny for any number of things. The problem with taking away DNS via DHCP is that if any of them even remotely understand DNS they can just fill it in themselves.

The effective mix here is probably 20% technical and %80 non technical, youll need policies and policy enforcement...consequences to an action, written records of offenses. People change their tune when their job is on the line.
 
You must log in or register to reply here.
Back
Top