--Boundary_(ID_6GXeh7A4b8jO4+qmZbTE+g)
Content-type: text/plain; charset=us-ascii
Content-transfer-encoding: 7bit
Content-length: 2219
Hi,
I found out that I posted in a wrong mailing list because there is a firewall mailing
list for this kind of question. But I think I owe you my summary so here it is:
MY ORIGINAL QUESTION:
Hi everybody,
>
>Please update me on firewall technology....
>
>I need to secure our network from excessive browsing. What I want is to allow people
to use netscape but with specific web site only. Accessing other site will not be
allowed. Is it possible?
>thanks a lot.
THANKS TO:
Rich Kulawiec for the mailing list clarification.
The following gave a similar suggestions:
David Wolfskill
Derek Eichele
William Kuderka
Parthiv Shah
Daniel Falconer
Davorin Bengez
Chris Tubutis
Mark Allen
Below is the reply of Leif Hedstrom:
>
>I'm assuming you already have a firewall protecting you from the outside, so I want
say
>anything about that.
>
>To restrict you internal users, you probably need to do two things:
>
> 1. Restrict port 80 and port 443 (and perhaps even all outgoing connections) in
your
> router and/or firewall. Only allow one (or a few) dedicated machines to do
> outgoing connections. These machines will be your proxy machines.
> 2. Install a Proxy server on this machine (or machines), and configure it to only
> allow certain URLs. Make sure each client is configured to use these proxy
> machines. You can configure the client to "fetch" the proper Proxy configurations
> from any Web server, or from the Netscape Proxy server directly (that's what
we
> do, makes it easier if you ever want to change the proxy config for all clients).
> You can also use Netscapes Autoadmin or Mission Control to make "global"
> configurations for all your Netscape clients and users.
>
>I know you can do different kind of filters, URL rewrites, and even redirect using
the
>Netscape Proxy Server (commercial software). Apache comes with a Proxy as well,
but I
>don't know if it can do "filtering" (but if you are prepared to spend the time,
you can
>always hack it, since you get the source).
>
>Hope this help.
>
>-- Leif
>
>
Best regards....
>
Free web-based email, Forever, From anywhere!
http://www.mailexcite.com
--Boundary_(ID_6GXeh7A4b8jO4+qmZbTE+g)
Received: from netscape.com ([205.217.243.32])
by dredd.mcom.com (Netscape Messaging Server 3.0) with ESMTP id AAA13563 for
<aco.kan@mailexcite.com>; Tue, 30 Sep 1997 22:39:50 -0700
Date: Tue, 30 Sep 1997 22:39:36 -0700
From: Leif Hedstrom <leif@netscape.com>
Subject: Re: Firewall
Sender: leif@netscape.com (Leif Hedstrom)
To: aco kan <aco.kan@mailexcite.com>
Message-id: <3431E218.EEBB62C6@netscape.com>
Organization: Netscape Communications
MIME-version: 1.0
X-Mailer: Mozilla 4.04b9 [en] (X11; U; SunOS 5.5.1 sun4u)
Content-type: MULTIPART/ALTERNATIVE;
BOUNDARY="Boundary_(ID_ROe4s6x8Po70XSO3T1K49g)"
References: <JFJJNFCFJHPLAAAA@mailexcite.com>
--Boundary_(ID_ROe4s6x8Po70XSO3T1K49g)
Content-type: text/plain; charset=us-ascii
Content-transfer-encoding: 7bit
Content-length: 1592
aco kan wrote:
> Hi everybody,
>
> Please update me on firewall technology....
>
> I need to secure our network from excessive browsing. What I want is to allow people
> to use netscape but with specific web site only. Accesing other site will not be
> allowed. Is it possible?
I'm assuming you already have a firewall protecting you from the outside, so I want say
anything about that.
To restrict you internal users, you probably need to do two things:
1. Restrict port 80 and port 443 (and perhaps even all outgoing connections) in your
router and/or firewall. Only allow one (or a few) dedicated machines to do
outgoing connections. These machines will be your proxy machines.
2. Install a Proxy server on this machine (or machines), and configure it to only
allow certain URLs. Make sure each client is configured to use these proxy
machines. You can configure the client to "fetch" the proper Proxy configurations
from any Web server, or from the Netscape Proxy server directly (that's what we
do, makes it easier if you ever want to change the proxy config for all clients).
You can also use Netscapes Autoadmin or Mission Control to make "global"
configurations for all your Netscape clients and users.
I know you can do different kind of filters, URL rewrites, and even redirect using the
Netscape Proxy Server (commercial software). Apache comes with a Proxy as well, but I
don't know if it can do "filtering" (but if you are prepared to spend the time, you can
always hack it, since you get the source).
Hope this help.
-- Leif
--Boundary_(ID_ROe4s6x8Po70XSO3T1K49g)
Content-type: text/html; charset=us-ascii
Content-transfer-encoding: 7bit
Content-length: 1655
aco kan wrote:
Hi everybody,Please update me on firewall technology....
I need to secure our network from excessive browsing. What I want is to allow people
to use netscape but with specific web site only. Accesing other site will not be
allowed. Is it possible?
I'm assuming you already have a firewall protecting you from the outside, so I want say anything about that.
To restrict you internal users, you probably need to do two things:
I know you can do different kind of filters, URL rewrites, and even redirect using the Netscape Proxy Server (commercial software). Apache comes with a Proxy as well, but I don't know if it can do "filtering" (but if you are prepared to spend the time, you can always hack it, since you get the source).
Hope this help.
-- Leif
--Boundary_(ID_ROe4s6x8Po70XSO3T1K49g)--
--Boundary_(ID_6GXeh7A4b8jO4+qmZbTE+g)--