Readme | FAQ | Wizard
Back Search Print article  /12

FAQ 5: Block everything and allow just a few sites

Category: BlockedIP function | Updated: 8/2/2010 6:56:09 PM | Read: 2452 (Last: 9/4/2010 11:42:41 PM)

Block all websites and all software that uses DNS lookups to login or communicate (such as IM, Chat, or email clients).
Allow a handful of predetermined websites.

Resolution

Create a blocked.txt file and put just a . (period) in it on the first line, this blocks everything.

Create an allowed.txt file of domains clients may visit, for example:
^cnn\.com$ <-- allows browsers to visit http://cnn.com
^.*\.cnn\.com$ <-- allows browsers to visit http://www.cnn.com and http://money.cnn.com
^microsoft\.com$
^.*\.microsoft\.com$
^.*\.msftncsi\.com$ <-- see FAQ 122
^update\.nai\.com$ <-- allows McAfee Virus Scan Enterprise updates via HTTP
^ftp\.nai\.com$ <-- allows McAfee Virus Scan Enterprise updates via FTP

Both of these files should be in the DNS Redirector working directory (usually C:\DNSREDIR) and specified in dnsredir.ini as:
BlockedKeywordsFile=blocked.txt
AllowedKeywordsFile=allowed.txt

Important Notes...

If client computers are part of a domain you will also want to allow your internal domain name(s) otherwise clients may have trouble reaching internal servers or experience very slow logon after CTRL+ALT+DEL. This domain name is shown under My Computer, right-click Properties, Computer Name tab, where it says Full computer name:
The format is: computer-name.netbios-domain-name.domain.tld
As an example: hp713.hq.contoso.com
So you could add a plain keyword like: .hq.contoso.com
or, a more secure regex keyword like: ^.*\.hq\.contoso\.com$

You may also want to allow software update domains such as virus scan definition updates, Adobe, or Microsoft updates.

You'll find some websites/software may need additional domains to function correctly, like their CDN or partner sites.
You can discover these other domains by:
- setting Logging=Full in dnsredir.ini
- restart DNS Redirector
- clear your cache and visit the website, or start the software/update
- look at today's logfile to see what else is required


Related articles
FAQ 75  Create 3 tiers of blocking

Was this article helpful?
Votes so far: 50% in 807
Yes | No

 
DNS Redirector | Copyright © 2003-2010