Re: Firewall

From: Leif Hedstrom (leif@netscape.com)
Date: Wed Oct 01 1997 - 00:39:36 CDT


Hi,

I found out that I posted in a wrong mailing list because there is a firewall mailing
list for this kind of question. But I think I owe you my summary so here it is:

MY ORIGINAL QUESTION:

Hi everybody,
>
>Please update me on firewall technology....
>
>I need to secure our network from excessive browsing. What I want is to allow people
to use netscape but with specific web site only. Accessing other site will not be
allowed. Is it possible?

>thanks a lot.

THANKS TO:
Rich Kulawiec for the mailing list clarification.

The following gave a similar suggestions:
David Wolfskill
Derek Eichele
William Kuderka
Parthiv Shah
Daniel Falconer
Davorin Bengez
Chris Tubutis
Mark Allen

Below is the reply of Leif Hedstrom:
>
>I'm assuming you already have a firewall protecting you from the outside, so I want
say
>anything about that.
>
>To restrict you internal users, you probably need to do two things:
>
> 1. Restrict port 80 and port 443 (and perhaps even all outgoing connections) in
your
> router and/or firewall. Only allow one (or a few) dedicated machines to do

> outgoing connections. These machines will be your proxy machines.
> 2. Install a Proxy server on this machine (or machines), and configure it to only

> allow certain URLs. Make sure each client is configured to use these proxy

> machines. You can configure the client to "fetch" the proper Proxy configurations

> from any Web server, or from the Netscape Proxy server directly (that's what
we
> do, makes it easier if you ever want to change the proxy config for all clients).

> You can also use Netscapes Autoadmin or Mission Control to make "global"
> configurations for all your Netscape clients and users.
>
>I know you can do different kind of filters, URL rewrites, and even redirect using
the
>Netscape Proxy Server (commercial software). Apache comes with a Proxy as well,
but I
>don't know if it can do "filtering" (but if you are prepared to spend the time,
you can
>always hack it, since you get the source).
>
>Hope this help.
>
>-- Leif
>
>

Best regards....
>

Free web-based email, Forever, From anywhere!
http://www.mailexcite.com

aco kan wrote:

> Hi everybody,
>
> Please update me on firewall technology....
>
> I need to secure our network from excessive browsing. What I want is to allow people
> to use netscape but with specific web site only. Accesing other site will not be
> allowed. Is it possible?

I'm assuming you already have a firewall protecting you from the outside, so I want say
anything about that.

To restrict you internal users, you probably need to do two things:

  1. Restrict port 80 and port 443 (and perhaps even all outgoing connections) in your
     router and/or firewall. Only allow one (or a few) dedicated machines to do
     outgoing connections. These machines will be your proxy machines.
  2. Install a Proxy server on this machine (or machines), and configure it to only
     allow certain URLs. Make sure each client is configured to use these proxy
     machines. You can configure the client to "fetch" the proper Proxy configurations
     from any Web server, or from the Netscape Proxy server directly (that's what we
     do, makes it easier if you ever want to change the proxy config for all clients).
     You can also use Netscapes Autoadmin or Mission Control to make "global"
     configurations for all your Netscape clients and users.

I know you can do different kind of filters, URL rewrites, and even redirect using the
Netscape Proxy Server (commercial software). Apache comes with a Proxy as well, but I
don't know if it can do "filtering" (but if you are prepared to spend the time, you can
always hack it, since you get the source).

Hope this help.

-- Leif



This archive was generated by hypermail 2.1.2 : Fri Sep 28 2001 - 23:12:05 CDT