4 Replies Latest reply: Jan 13, 2011 10:06 AM by harry @ pmsi
krol1k Level 1 Level 1 (0 points)
Hi All,

I'm a new one

I have xServe that is used as File, DNS, OD server based on xServe.

So all the computers in network are pointed to my domain. DHCP server is based on my InternetProvider side.

I want to block some websites (facebook, youtube, etc) for the whole network. I've tried to set up Forward Proxy (through Web service) but when i enable WebProxy on client computer all the websites are blocked. Then i've tried to block websites by editing hosts through the terminal, but the websites are blocking only on the server (not on client computers). I don't want to set up the firewall for blocking because it is working by blocking IPs.

Can anyone advise me the solution? Pls, HELP!!!

MacbookPro15, Mac OS X (10.6.6), +xServe
  • krol1k Level 1 Level 1 (0 points)
    Sorry, forgot to say, i have Mac os x 10.6 Server

    And i can set up the NAT service as it will be necessary maybe it will help..
  • hanefi turkoz Level 1 Level 1 (10 points)
    Hi,
    one solution is to set in DNS service on the Server :
    add new zone : facebook.com en point this to your server IP (web site)
    i think, this will be the trick
  • krol1k Level 1 Level 1 (0 points)
    as i understand that means that i should create new zone for each website that i want to block? But if I have a list of 100 websites? it is a pain to create such number of zones

    So my idea was to create a blocklist (just a list of websites that i want tot block, that i can modify whenever i want) somewhere on the server. All the client computers at first will request my server if the website is in blocklist, and only after will pass the website or not.
    Is it possible and how to make it?

    It seemed to me that Forward Proxy is the easiest solution, but for some reason it doesn't work :/
  • harry @ pmsi Level 3 Level 3 (535 points)
    Hi,
    Apache2 allows you to do this with block directive location containing
    order allow,deny
    # note there are no spaces in allow,deny
    # the deny prevails because it is the last order received
    allow from all
    deny from xx.xxx yy.yyy
    # note there is a space separating multiple ip addresses
    # or you can specify by url or domain as in
    deny badsite.com

    The following tutorial is more complete if you don't have an apache reference:

    http://blog.bodhizazen.net/linux/how-to-blacklist-an-ip-address-in-apache/

    If you put the directive in etc/apache2/httpd.conf it applies to all sites on your server,
    or etc/apache2/sites/domain.conf to apply only to a specific site on your server.

    HTH,
    Harry