Blocking all websites.....but with exceptions

[Bobster]

Hello.

Wasn't too sure whether to post this in this section or in Windows and other software.

Anyway, to the point. I've been asked by a client to restrict ALL websites on their network apart from one or two sites.
This would be fine apart from they do want one or two computers to have unrestricted access or at least customisable access.

To make matters worse, they have a load balancing dual WAN router (initially i was looking down the OpenDNS route)
I think this would have done the trick had the dual WAN router not been in place.

It's not a very big office so going round each machine wouldn't be a massive issue. The machine are already restricted for the 'normal' users....i.e. they don't have admin rights to the PC's

Whats the best way?

Cheers

 

[Bobster]

Proxy server running Squid?

Looks complicated!
Plus they don't have a spare machine to set it up on
Doubt they will want to splash out either. They are quite frugal.

 

[Bobster]

How exactly do they propose setting up blocking without spending some money on hardware or software first??

A machine to run Squid is hardly expensive!

If they have to splash out a couple of quid they probably will but they will always look to get things done a cheaply as possible!

Don't see why a dual WAN router is an issue, we use opendns just fine.

One of the lines is a dynamic IP address. I suppose I could see if they could get a static one.

In Group Policy you can just lock the browser down to only trusted sites. Add the sites you want them visiting to trusted sites.

A proxy server is a more reliable way to do it - it stops them potentially using portable browsers like Firefox to access other websites.

Thanks, I’ll take a look.

IPFire on an older machine (i.e. dirt cheap) will do this perfectly, and can sit behind the dual-WAN router so you don't need to mess about. It'll run SQUID and you can set the domain blocking (with static LAN IP exceptions) easily.

Thanks

has said dual wan router not got any Web blocking functionality? whats the model of it as it may be able to run custom firmware

It’s just a basic Intellinet router.
http://www.intellinet-network.com/en-US/products/6734-dual-wan-vpn-router
It has URL blocking but I need to restrict everything apart from a select few sites.
Then to complicate matters, some users need unrestricted access.

If you're using static addresses then it's fairly straight-forward; it's if you're using dynamic addresses does it get a bit fiddly, although it's still doable depending on hardware.

As Ashrobbo mentions, i'd be looking at the router first and taking it from there; no need to make it complicated if you don't have to.

Yeah, looking into the OpenDNS it would have been brilliant had I not had the load balancing router in the equation.
Looking at the responses I think a proxy is the way to go.

What router? Does it not have blocking functionality?

It does but not advanced enough.

Looks like a proxy is the way to go with this one.
Does anyone have any experience with http://www.youngzsoft.net/ccproxy/ ??