Hi guys, I'm looking for an application that I can install on my server to restrict internet access. Something that works kinda like.. users 1-10, except user 9, only access the internet before or after working hours. User 9 only has access to a certain website at all hours. I have tried googling but what I'm getting isn't really helping, so I thought to turn to the list. Any advice? P.S. I have installed AnalogX proxy, but I don't think it has all that capability. Thanks, S. -- שִׁמְעוֹן
I'm looking for an application that I can install on my server to restrict internet access. Something that works kinda like.. users 1-10, except user 9, only access the internet before or after working hours. User 9 only has access to a certain website at all hours. I have tried googling but what I'm getting isn't really helping, so I thought to turn to the list. Any advice?
P.S. I have installed AnalogX proxy, but I don't think it has all that capability.
Have you tried squid? www.*squid*-cache.org -- Δαβίδ <http://www.brainyquote.com/quotes/authors/m/mike_ditka.html>
From a very nasty experience here @ work, I highly recommend Sonic Wall<http://www.sonicwall.com/us/Products_Solutions.html>. I have been trying to bypass it since it was installed but will little luck. Restriction can be based on ip address, and or ip range or even subnet. The sys admin is rather mum about its details e.g. how its deployed on a network etc, but he did say that its damn expensive.
It can also restrict certain websites based on the categories they are in, e.g. software downloads, social networking etc. If you do implement it, could you send me pointers on how to bypass it? Damn thing has made my life miserable! On Tue, Oct 13, 2009 at 3:20 PM, Simon Mbuthia <simon.mbuthia@gmail.com>wrote:
Hi guys,
I'm looking for an application that I can install on my server to restrict internet access. Something that works kinda like.. users 1-10, except user 9, only access the internet before or after working hours. User 9 only has access to a certain website at all hours. I have tried googling but what I'm getting isn't really helping, so I thought to turn to the list. Any advice?
P.S. I have installed AnalogX proxy, but I don't think it has all that capability.
Thanks,
S.
-- שִׁמְעוֹן
_______________________________________________ Skunkworks mailing list Skunkworks@lists.my.co.ke http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------ Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke Other lists ------------- Announce: http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks-announce Science: http://lists.my.co.ke/cgi-bin/mailman/listinfo/science kazi: http://lists.my.co.ke/cgi-bin/mailman/admin/kazi/general
The are some equipment called Fortinet which you could use, but I don't know of any dealers in Kenya and they also come with a managed service for Webfilter, Anti-Virus and Anti-Spam. You can even restrict instant messaging for some users while leaving the others.
@Peter - Yours is most likely on transparent mode vis a vis routed which means every traffic on your network will have to pass through it since its an inline deployment. @Simon - Have a look at untangle. Some applications are free but some like policy management, which is what you seem interested in will need licensing, but its affordable. On Tue, Oct 13, 2009 at 3:29 PM, Peter Karunyu <pkarunyu@gmail.com> wrote:
From a very nasty experience here @ work, I highly recommend Sonic Wall<http://www.sonicwall.com/us/Products_Solutions.html>. I have been trying to bypass it since it was installed but will little luck. Restriction can be based on ip address, and or ip range or even subnet. The sys admin is rather mum about its details e.g. how its deployed on a network etc, but he did say that its damn expensive.
It can also restrict certain websites based on the categories they are in, e.g. software downloads, social networking etc.
If you do implement it, could you send me pointers on how to bypass it? Damn thing has made my life miserable!
On Tue, Oct 13, 2009 at 3:20 PM, Simon Mbuthia <simon.mbuthia@gmail.com>wrote:
Hi guys,
I'm looking for an application that I can install on my server to restrict internet access. Something that works kinda like.. users 1-10, except user 9, only access the internet before or after working hours. User 9 only has access to a certain website at all hours. I have tried googling but what I'm getting isn't really helping, so I thought to turn to the list. Any advice?
P.S. I have installed AnalogX proxy, but I don't think it has all that capability.
Thanks,
S.
-- שִׁמְעוֹן
_______________________________________________ Skunkworks mailing list Skunkworks@lists.my.co.ke http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------ Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke Other lists ------------- Announce: http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks-announce Science: http://lists.my.co.ke/cgi-bin/mailman/listinfo/science kazi: http://lists.my.co.ke/cgi-bin/mailman/admin/kazi/general
_______________________________________________ Skunkworks mailing list Skunkworks@lists.my.co.ke http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------ Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke Other lists ------------- Announce: http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks-announce Science: http://lists.my.co.ke/cgi-bin/mailman/listinfo/science kazi: http://lists.my.co.ke/cgi-bin/mailman/admin/kazi/general
Go for Cyberoam friends. IT has user based access rights. On Tue, Oct 13, 2009 at 3:29 PM, Peter Karunyu <pkarunyu@gmail.com> wrote:
From a very nasty experience here @ work, I highly recommend Sonic Wall<http://www.sonicwall.com/us/Products_Solutions.html>. I have been trying to bypass it since it was installed but will little luck. Restriction can be based on ip address, and or ip range or even subnet. The sys admin is rather mum about its details e.g. how its deployed on a network etc, but he did say that its damn expensive.
It can also restrict certain websites based on the categories they are in, e.g. software downloads, social networking etc.
If you do implement it, could you send me pointers on how to bypass it? Damn thing has made my life miserable!
On Tue, Oct 13, 2009 at 3:20 PM, Simon Mbuthia <simon.mbuthia@gmail.com>wrote:
Hi guys,
I'm looking for an application that I can install on my server to restrict internet access. Something that works kinda like.. users 1-10, except user 9, only access the internet before or after working hours. User 9 only has access to a certain website at all hours. I have tried googling but what I'm getting isn't really helping, so I thought to turn to the list. Any advice?
P.S. I have installed AnalogX proxy, but I don't think it has all that capability.
Thanks,
S.
-- שִׁמְעוֹן
_______________________________________________ Skunkworks mailing list Skunkworks@lists.my.co.ke http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------ Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke Other lists ------------- Announce: http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks-announce Science: http://lists.my.co.ke/cgi-bin/mailman/listinfo/science kazi: http://lists.my.co.ke/cgi-bin/mailman/admin/kazi/general
_______________________________________________ Skunkworks mailing list Skunkworks@lists.my.co.ke http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------ Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke Other lists ------------- Announce: http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks-announce Science: http://lists.my.co.ke/cgi-bin/mailman/listinfo/science kazi: http://lists.my.co.ke/cgi-bin/mailman/admin/kazi/general
On Tue, Oct 13, 2009 at 3:29 PM, Peter Karunyu <pkarunyu@gmail.com> wrote:
From a very nasty experience here @ work, I highly recommend Sonic Wall<http://www.sonicwall.com/us/Products_Solutions.html>. I have been trying to bypass it since it was installed but will little luck. Restriction can be based on ip address, and or ip range or even subnet. The sys admin is rather mum about its details e.g. how its deployed on a network etc, but he did say that its damn expensive.
It can also restrict certain websites based on the categories they are in, e.g. software downloads, social networking etc.
If you do implement it, could you send me pointers on how to bypass it? Damn thing has made my life miserable!
@Karunyu, Assuming you run a Linux Desktop, Tor (or was it called Onion), can help you circumvent the restriction. -- Best regards, Odhiambo WASHINGTON, Nairobi,KE +254733744121/+254722743223 _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ "If you have nothing good to say about someone, just shut up!." -- Lucky Dube
On Tue, Oct 13, 2009 at 3:20 PM, Simon Mbuthia <simon.mbuthia@gmail.com> wrote:
Hi guys,
I'm looking for an application that I can install on my server to restrict internet access. Something that works kinda like.. users 1-10, except user 9, only access the internet before or after working hours. User 9 only has access to a certain website at all hours. I have tried googling but what I'm getting isn't really helping, so I thought to turn to the list. Any advice?
P.S. I have installed AnalogX proxy, but I don't think it has all that capability.
squid. and if you have the appropriate Cisco gear, use WCCP to redirect outbound requests to the cache - transparent proxying. What's your network setup like? BR, S
On Tue, Oct 13, 2009 at 3:20 PM, Simon Mbuthia <simon.mbuthia@gmail.com>wrote:
Hi guys,
I'm looking for an application that I can install on my server to restrict internet access. Something that works kinda like.. users 1-10, except user 9, only access the internet before or after working hours. User 9 only has access to a certain website at all hours. I have tried googling but what I'm getting isn't really helping, so I thought to turn to the list. Any advice?
P.S. I have installed AnalogX proxy, but I don't think it has all that capability.
Squid, with dstdomain and Time-based ACLs can easily do this. Make sure you run a transparent proxy on the gateway. And yes, you can holla at me off list to get my working configs. -- Best regards, Odhiambo WASHINGTON, Nairobi,KE +254733744121/+254722743223 _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ "If you have nothing good to say about someone, just shut up!." -- Lucky Dube
or cisco's time based acl's not very granular for your case. I would also go with squid......... On Tue, Oct 13, 2009 at 3:43 PM, Odhiambo Washington <odhiambo@gmail.com> wrote:
On Tue, Oct 13, 2009 at 3:20 PM, Simon Mbuthia <simon.mbuthia@gmail.com> wrote:
Hi guys,
I'm looking for an application that I can install on my server to restrict internet access. Something that works kinda like.. users 1-10, except user 9, only access the internet before or after working hours. User 9 only has access to a certain website at all hours. I have tried googling but what I'm getting isn't really helping, so I thought to turn to the list. Any advice?
P.S. I have installed AnalogX proxy, but I don't think it has all that capability.
Squid, with dstdomain and Time-based ACLs can easily do this. Make sure you run a transparent proxy on the gateway. And yes, you can holla at me off list to get my working configs. -- Best regards, Odhiambo WASHINGTON, Nairobi,KE +254733744121/+254722743223 _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ "If you have nothing good to say about someone, just shut up!." -- Lucky Dube
_______________________________________________ Skunkworks mailing list Skunkworks@lists.my.co.ke http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------ Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke Other lists ------------- Announce: http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks-announce Science: http://lists.my.co.ke/cgi-bin/mailman/listinfo/science kazi: http://lists.my.co.ke/cgi-bin/mailman/admin/kazi/general
-- **Gitau
...i second nderitu... UNTANGLE http://www.untangle.com/ <m.b> On Tue, Oct 13, 2009 at 3:20 PM, Simon Mbuthia <simon.mbuthia@gmail.com>wrote:
Hi guys,
I'm looking for an application that I can install on my server to restrict internet access. Something that works kinda like.. users 1-10, except user 9, only access the internet before or after working hours. User 9 only has access to a certain website at all hours. I have tried googling but what I'm getting isn't really helping, so I thought to turn to the list. Any advice?
P.S. I have installed AnalogX proxy, but I don't think it has all that capability.
Thanks,
S.
-- שִׁמְעוֹן
_______________________________________________ Skunkworks mailing list Skunkworks@lists.my.co.ke http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------ Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke Other lists ------------- Announce: http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks-announce Science: http://lists.my.co.ke/cgi-bin/mailman/listinfo/science kazi: http://lists.my.co.ke/cgi-bin/mailman/admin/kazi/general
-- ------------------------------ <usinichunguze, ukiweza jifunze> ------------------------------ [: +254 722 296 184 , +254 732 296 654 e: motobaridi@motobaridi.com
@Peter, i thot u were in info sec, last i met you in SecureICT, LOL! Anyway if you tunnel ur traffic, u shud be able to reach any site no matter the proxy infront. On 10/13/09, MotoBaridi <motobaridi@gmail.com> wrote:
...i second nderitu... UNTANGLE http://www.untangle.com/
<m.b>
On Tue, Oct 13, 2009 at 3:20 PM, Simon Mbuthia <simon.mbuthia@gmail.com>wrote:
Hi guys,
I'm looking for an application that I can install on my server to restrict internet access. Something that works kinda like.. users 1-10, except user 9, only access the internet before or after working hours. User 9 only has access to a certain website at all hours. I have tried googling but what I'm getting isn't really helping, so I thought to turn to the list. Any advice?
P.S. I have installed AnalogX proxy, but I don't think it has all that capability.
Thanks,
S.
-- שִׁמְעוֹן
_______________________________________________ Skunkworks mailing list Skunkworks@lists.my.co.ke http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------ Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke Other lists ------------- Announce: http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks-announce Science: http://lists.my.co.ke/cgi-bin/mailman/listinfo/science kazi: http://lists.my.co.ke/cgi-bin/mailman/admin/kazi/general
-- ------------------------------ <usinichunguze, ukiweza jifunze> ------------------------------ [: +254 722 296 184 , +254 732 296 654 e: motobaridi@motobaridi.com
-- -- Gichuki John Ndirangu, C.E.H , C.P.T.P, O.S.C.P I.T Security Analyst and Penetration Tester infosigmer@inbox.com {FORUM}http://lists.my.co.ke/pipermail/security/ http://nspkenya.blogspot.com/ http://chuksjonia.blogspot.com/
On Tue, Oct 13, 2009 at 7:34 PM, Gichuki John Chuksjonia < chuksjonia@gmail.com> wrote:
@Peter, i thot u were in info sec, last i met you in SecureICT, LOL! Anyway if you tunnel ur traffic, u shud be able to reach any site no matter the proxy infront.
@Chuks, I did try Tor a few months ago when windows xp was my main os, but it was a pain. Then I moved to my mac-clone linux os and found PHProxy<http://www.phproxy.org/>a better option since its less invasive than Tor. I am still searching for the best option!
On Tue, Oct 13, 2009 at 6:02 PM, MotoBaridi <motobaridi@gmail.com> wrote:
...i second nderitu...
having taken a look, i third him...
UNTANGLE
guess I learnt something new today.....thanks to skw. BR, S -- "A democracy is a sheep and two wolves deciding on what to have for lunch. Freedom is a well armed sheep contesting the results of the decision." - Stolen from someone else's sig.
participants (11)
-
Alex Nderitu -
Athar Ahmad Bhatti -
David Njuki -
Gichuki John Chuksjonia -
John Gitau -
MotoBaridi -
Odhiambo Washington -
Peter Karunyu -
Philip Musyoki -
Simon Mbuthia -
Steve Muchai