Limit Internet access to White-Listed Sites?

Question

We have need for certain computers to have their Internet access limited to a list of sites, denying access to all others (white-listing).

Some of these sites use HTTPS, so the solution needs to support both HTTP and HTTPS.

I'm not super concerned about people bypassing the filter mechanism, as this is not really for malicious behavior but more for blocking the accidental malware click that has happened in the past.

I'd rather this be something that is installed centrally, rather than the list having to be maintained on each computer. We currently have a Linux Server that can be used.

I'm not opposed to buying another box, like some sort of firewall, given two conditions:

It doesn't require a large annual subscription fee -- since we are creating the white list ourselves we don't care about a provider's list of appropriate websites.
It allows for a reasonably high list of white-listed sites. I read the manual for one such box but realized they only allowed 64 sites in the white list, which is pretty small considering some sites have several domains associated with them.

I started setting up squid for this purpose and it seems decent, although a web interface would be nice for adding to the white list. Is there a better solution?

Do you not have a proxy already in place? How are your users getting out to the internet? not directly surely? — Chopper3, Jan 01 '12 at 21:17

score 3 · Answer 1 · answered Jan 01 '12 at 21:34

Have you tried a specialised/custom version of Linux/BSD? pfSense would be one example. Endian firewall would be another. Since they rely on Squid as their backend theoretically everything that you are currently doing should be supported. Else have you invesitagated frontends for Squid such as Webmin or DansGuardian?

score 2 · Answer 2 · answered Jan 01 '12 at 22:21

2

You just need a proxy for everyone to go through, one that allows for rules such as you mention. You should also look for one that caches too as it'll help your users and optimise bandwidth. I'd suggest Squid.

answered Jan 01 '12 at 22:21

Chopper3

101,299
9
108
239

score 1 · Accepted Answer · answered Feb 09 '12 at 15:57

I ended up using DNSMasq to create a whitelist. The advantage of this is that it works fine with both HTTP and HTTPS, and requires minimal configuration on each computer -- just setting their DNS server to that of the server running DNSMasq. DNSMasq is configured to reject all DNS requests except ones that have been whitelisted -- those it forwards on to the router which has its own DNS server.

The downside of this approach is that this filter could easily be overridden by someone changing the DNS server address, using a proxy, or going directly to an IP address. In my application, this is of low risk.

I followed this guide to configuring DNSMasq as a whitelist.

score 1 · Answer 4 · answered Jun 14 '13 at 02:09

1

You can use "WFilter free" free web filter(windows freeware). It supports website white list for both http and https websites.

Two steps:

Setup a mirroring port in your switch.
Connect the WFilter computer to the mirroring port.

answered Jun 14 '13 at 02:09

user2427116

11
1

score 0 · Answer 5 · answered Jun 13 '13 at 21:17

0

Squid is the easy option - as other also suggested.

ufdbGuard is the easist option for a URL filter. It is Open Source Software and can be downloaded from ufdbGuard on SourceForge and ufdbGuard on URLfilterDB.

answered Jun 13 '13 at 21:17

Marcus K

1
1

Limit Internet access to White-Listed Sites?

5 Answers5