White list internet browsing

daddy-o-p40 · #11

RussellHltn, OpenDNS.com can do what jhvdh is suggesting. You have to block all categories and then list the sites you want people to be able to visit in the white list. OpenDNS.com is a good solution. Been using it for years with no issues.

russellhltn · #12

Can OpenDNS be bypassed by specifying the IP address?

daddy-o-p40 · #13

RussellHltn, You cannot bypass OpenDNS by specifying IP addresses. It's pretty neat give it a spin.

LakeyTW · #14

RussellHltn wrote:Can OpenDNS be bypassed by specifying the IP address?

Yes, it can be bypassed. No DNS lookup = no filtering.

daddy-o-p40 · #15

lakeytw, before assuring RuseellHltn of this I tested it on a domain category we block because of youtube. Then while I could resolve the IP and ping youtube at 208.67.219.130 I could not get the page to come up. Instead I get the block page.

Were you speaking from direct experience with OpenDNS? If so, I'd be more than happy to help you set it up to do this for you. It works great.

russellhltn · #16

enriquer wrote:I tested it on a domain category we block because of youtube. Then while I could resolve the IP and ping youtube at 208.67.219.130 I could not get the page to come up. Instead I get the block page.

That's because 208.67.219.130 is the block page. Youtube is located at 208.65.153.238. It would seem that one could easily circumvent OpenDNS just by going to another DNS lookup such as network-tools.com and doing a manual lookup.

DNS filtering would stop a lot of people, but I'm concerned it's too easy to work around.

LakeyTW · #17

enriquer wrote:lakeytw, before assuring RuseellHltn of this I tested it on a domain category we block because of youtube. Then while I could resolve the IP and ping youtube at 208.67.219.130 I could not get the page to come up. Instead I get the block page.

Were you speaking from direct experience with OpenDNS? If so, I'd be more than happy to help you set it up to do this for you. It works great.

Yes, from actual real world security experience using OpenDNS and other name resolution blocking schemes. This type of measure is a nice way of blacklisting stuff you dont want to accidentally see, but it absolutely does not PREVENT someone from browsing inappropriate material deliberately.

If you would like more info on why this is so, please look at the OpenDNS forums or I would be more than happy to explain name resolution to you.

daddy-o-p40 · #18

lakeytw, you are right.

I know how name resolution works and was surprised when it appeared to.

Thankfully IP rotate a lot to avoid DOS attacks AND people don't carry around a blackbook of IP addresses.

This is still the best FREE solution for the majority of the users out there.

Are there any other freebies that do this without software?

russellhltn · #19

enriquer wrote:Are there any other freebies that do this without software?

I'm willing to do this with software as long as I can lock down the software so the standard login can't defeat it. At least that will work on Church computers. Won't work on member computers (if that's where Meetinghouse Internet is headed.)

peter.robison · #20

I have a limited, simple solution to set up a whitelist with just a few button clicks. If you use Firefox, there is an extension called Pro Con Latte that filters for content. You can set varying levels of security; the most stringent "Secure" setting blocks all sites except those whitelisted. You can set an admin password to prevent other users from changing the settings.

I know it's an imperfect solution since IE is presumably still available, but it can provide some help.