Can I block a single website for a single user

Discussion in 'Windows Small Business Server' started by GTP, Jun 27, 2007.

  1. GTP

    GTP Guest

    I wish to block a single website for one user only on our network. Can anyone
    tell me who or where I should start.

    First I would like to generate a report of abuse before blocking the site
    entirely. Is ther a script or a report in SBS that I can use to track all
    activity on this webpage?

    Thanks,
    Greg
     
    GTP, Jun 27, 2007
    #1
    1. Advertisements

  2. GTP

    Steve Guest

    Do you have ISA 2004 installed? If so you can do this. If not it is more
    difficult.
     
    Steve, Jun 27, 2007
    #2
    1. Advertisements

  3. Are you running any kind of proxy software such as ISA Server 2004?
    If not, the answer to all your questions right now is no
     
    Cris Hanna [SBS-MVP], Jun 27, 2007
    #3
  4. GTP

    stephen Guest

    It's best done by a firewall/proxy, but one simple way is to blackhole
    the site by creating a bogus entry in
    %systemroot%/system32/drivers/etc/hosts such as:

    127.0.0.1 www.bannedsite.com

    Since the hosts file is always looked up first when resolving names, it
    effectively overrides the true IP from DNS.

    If the user has Admin rights and enough savvy they can obviously modify
    this.
    You need a proxy or a logging firewall to do this.

    -- stephen
     
    stephen, Jun 27, 2007
    #4
  5. GTP

    GTP Guest

    You know, I'm not sure if it is running or not. I don't even know if it is
    installed. Is there a way to verify so I can tell you the answer?


     
    GTP, Jun 27, 2007
    #5
  6. GTP

    SBS Rocker Guest

    You don't know what ISA is? you don't know if it is installed or how to
    check? How about checking in the Programs menu or perhaps Add/Remove
    programs? Are you sure you are the Domain Administrator? If not then you may
    be getting into something you don't want to.


     
    SBS Rocker, Jun 27, 2007
    #6
  7. If you look on the server, Start > All Programs > do you see ISA Server
    there?

    --
    Cris Hanna [SBS-MVP]
    -------------------------------------------------
    Microsoft MVPs
    Independent Experts (MVPs do not work for MS)
    Real World Answers
    ---------------------------------------------------------
    Please do not contact me directly regarding issues

     
    Cris Hanna [SBS-MVP], Jun 27, 2007
    #7
  8. GTP

    GTP Guest

    Well, there is no mention of ISA in the Start/Program menu. So I guess it is
    not installed. This shouldn't be rocket science, all I want to do is block a
    user from a site, how hard can it be?

    Thanks,
    Greg

     
    GTP, Jun 27, 2007
    #8
  9. GTP

    SBS Rocker Guest

    You need a firewall either hardware or software. ISA is a software
    firewall/proxy server and it is very easy to block websites if you have it.
    What are you using for a firewall?

     
    SBS Rocker, Jun 27, 2007
    #9
  10. GTP

    GTP Guest

    I used the wizard in SBS to implement the firewall. That is all I have.

     
    GTP, Jun 27, 2007
    #10
  11. GTP

    SBS Rocker Guest

    GTP,
    As much as I want to assist you I'm afraid I'm at a stand still here. You
    seem to (with all due respect) lack knowledge of what a firewall is. In
    order for you to "I used the wizard in SBS to implement the firewall. That
    is all I have." you need a firewall. Either hardware or software and if you
    do not know what you have I'm sorry I cannot help. Perhaps Cris can explain
    more.


     
    SBS Rocker, Jun 27, 2007
    #11
  12. With the standard version of SBS...the "basic" firewall only provides the
    most basic protection. on your server, go to www.grc.com and run a program
    on their called Shields UP! and find out how many ports you have open and
    then be prepared for the shock

    You have two options if you wish to take the kind of actions you are looking
    at.
    1. Upgrade to SBS Premium, which will get you ISA
    OR
    2. Invest in a true Hardware firewall solution, such as Sonicwall. 49.00
    Linksys/Netgear routers at best buy won't do it.

    --
    Cris Hanna [SBS-MVP]
    -------------------------------------------------
    Microsoft MVPs
    Independent Experts (MVPs do not work for MS)
    Real World Answers
    ---------------------------------------------------------
    Please do not contact me directly regarding issues

     
    Cris Hanna [SBS-MVP], Jun 27, 2007
    #12
  13. GTP

    GTP Guest

    Ok, I really appreciate your help. When it comes to erros and small
    implements or just keeping the company running I can handle that, but when it
    gets into more complex situations I am at a standstill and need to seek help,
    since we are a small family owned company and I not only do the IT but
    several, several other things.

    Again, I appreciate it.

    Greg

     
    GTP, Jun 27, 2007
    #13
  14. GTP

    GTP Guest

    Well, it seems pretty secure juding by the website you gave me. The only open
    ports are:
    25, 80, and 443

    I will investigate further. We have no credit card information on our server
    so that is good.


     
    GTP, Jun 27, 2007
    #14
  15. Port 80 means you have an open webserver somewhere, more than likely for
    connecting to RWW....

    Port 80 is the most singularly attacked port on the internet.
    When I'm at my server later tonight, I'll try to find the setting you can
    change to close that off, so that your server only accepts https connections
    for RWW

    --
    Cris Hanna [SBS-MVP]
    -------------------------------------------------
    Microsoft MVPs
    Independent Experts (MVPs do not work for MS)
    Real World Answers
    ---------------------------------------------------------
    Please do not contact me directly regarding issues

     
    Cris Hanna [SBS-MVP], Jun 27, 2007
    #15
  16. GTP

    GTP Guest

    Yes, we do use RWW. Thanks for your help.

     
    GTP, Jun 27, 2007
    #16
  17. SBS 2003 Standard (in 2 NIC config) offers basic firewall function without
    additional hard/software. Theoretically, you could give it direct ethernet
    to the 'net and only the ports opened by the CEICW will be visible. It uses
    RRAS NAT/firewall technology to do this.

    Not that I would do this. I would have a minimum NAT router in front of ISA
    or a more capable firewall device and a single NIC SBS.


     
    SuperGumby [SBS MVP], Jun 28, 2007
    #17
  18. If you want to "BLOCK" a website for that user
    Just edit the HOST file on the PC

    Odd's are they don't know how to edit it.
    Just redirect the domain to resolve to 127.0.0.1

    Russ

    --

    Russell Grover
    SBITS.Biz
    Microsoft Certified Small Business Specialist.
    MCP, MCPS, MCNPS, (MCP-SBS)
    support @ SBITS.Biz
    Remote SBS2003 Support
    http://www.SBITS.Biz
     
    Russ Grover \(SBITS.Biz\), Jun 29, 2007
    #18
  19. Oh sorry I didn't see you recommending the HOST file edit..
    Hey' it's quick easy and it works.

    Russ

    --

    Russell Grover
    SBITS.Biz
    Microsoft Certified Small Business Specialist.
    MCP, MCPS, MCNPS, (MCP-SBS)
    support @ SBITS.Biz
    Remote SBS2003 Support
    http://www.SBITS.Biz
     
    Russ Grover \(SBITS.Biz\), Jun 29, 2007
    #19
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.