MRVDOG Posted February 4, 2013 Share Posted February 4, 2013 Hi, Is there a way to redirect users who visit blocked websites on our network to a website on my server, I.E. if they visit facebook.com, I want it to show a custom error message on my server saying the site is blocked, as the blocked website message on our current router (seen below) is ugly and not very professional... If this is possible I can then add some PHP to log the attempt with the LAN IP, and the website they tried to access, thanks for your time Quote Link to comment Share on other sites More sharing options...
Infiltrator Posted February 4, 2013 Share Posted February 4, 2013 You can do that with a Squid proxy! Quote Link to comment Share on other sites More sharing options...
Jason Cooper Posted February 4, 2013 Share Posted February 4, 2013 (edited) If you have your own DNS server that your machines use for look ups then you could simply put an entry in it for the sites that you want to block that returns your websites IP. Then set up your website to just return the blocked page no matter the page requested. Edited February 4, 2013 by Jason Cooper Quote Link to comment Share on other sites More sharing options...
MRVDOG Posted February 4, 2013 Author Share Posted February 4, 2013 You can do that with a Squid proxy! I tried Squid Proxy 3, but was having problems loading my own website from the same machine that the proxy was on, was getting so frustrated that I just uninstalled it, haha, also you have to configure each machine to run through the proxy which I don't really want If you have your own DNS server that your machines use for look ups then you could simply put an entry in it for the sites that you want to block that returns your websites IP. Then set up your website to just return the blocked page no matter the page requested. I have no Idea how i would even start with my own DNS server... Quote Link to comment Share on other sites More sharing options...
Jason Cooper Posted February 4, 2013 Share Posted February 4, 2013 Looking at your current blocked page message I guess your router is already doing a similar thing with the DNS. What router are you using and what version of firmware is it running? It might be possible to edit the page that is displays to the user (even if it is changed to a simple redirect to another web server). Quote Link to comment Share on other sites More sharing options...
digip Posted February 4, 2013 Share Posted February 4, 2013 Only other way to do it, is have the block be in front of the router, ie: own DNS, or some other proxy/IDS/3rd party product to act as a filter. Best way, is with your own DNS server, which means setting up a domain controller, that all machines use to lookup request from, or go Squid, which I think a combination of the two would do the trick. Squid is nice because you force all users to have to configure the browsers proxy settings, to run through squid to reach the internet, and you can then also assign each user, their own internet sign on, so monitoring becomes that much easier since you can tie the sign on to the site reached. Either that, or blow some money on another appliance to do it for you, that sites between the router and your internet network that intercepts and displays the message you want, and does the monitoring for you. Thing to note, unless using Squid or forcing proxy usage on every users browser, a VPN service will most likely bypass all restrictions and you won't be able to see what they visit. Especially if its tunneled over port 80 and they use their own DNS on the VPN, such a OpenDNS, you won't have a whole lot of control in blocking them, if at all. Even with Squid, to some extent, is futile to try and block a savvy user who understands how to work around net filters and tunnel traffic through firewalls. Quote Link to comment Share on other sites More sharing options...
MRVDOG Posted February 4, 2013 Author Share Posted February 4, 2013 Looking at your current blocked page message I guess your router is already doing a similar thing with the DNS. What router are you using and what version of firmware is it running? It might be possible to edit the page that is displays to the user (even if it is changed to a simple redirect to another web server). Netgear N300 - DGND3300 (Firmware: V2.1.00.54_1.00.54), I have accessed its files with telnet, backed up block.htm and changed it, but it didn't change when accessing a blocked website Only other way to do it, is have the block be in front of the router, ie: own DNS, or some other proxy/IDS/3rd party product to act as a filter. Best way, is with your own DNS server, which means setting up a domain controller, that all machines use to lookup request from, or go Squid, which I think a combination of the two would do the trick. Squid is nice because you force all users to have to configure the browsers proxy settings, to run through squid to reach the internet, and you can then also assign each user, their own internet sign on, so monitoring becomes that much easier since you can tie the sign on to the site reached. Either that, or blow some money on another appliance to do it for you, that sites between the router and your internet network that intercepts and displays the message you want, and does the monitoring for you. Thing to note, unless using Squid or forcing proxy usage on every users browser, a VPN service will most likely bypass all restrictions and you won't be able to see what they visit. Especially if its tunneled over port 80 and they use their own DNS on the VPN, such a OpenDNS, you won't have a whole lot of control in blocking them, if at all. Even with Squid, to some extent, is futile to try and block a savvy user who understands how to work around net filters and tunnel traffic through firewalls. That sounds really confusing :S, I have already tried Squid, got it blocking certain websites, but it was also blocking my website which is hosted on the same machine as Squid Quote Link to comment Share on other sites More sharing options...
jesseconsopolus Posted February 4, 2013 Share Posted February 4, 2013 (edited) you could dd-wrt the firmware on the router... set your own custom page up... that is if they have it available....or if you have some linux knowledge try this below.... How To Change "BLOCKED BY NETGEAR FIREWALL"1. Enable Debug Mode On Your Router a) http://192.168.0.1/setup.cgi?todo=debug B) http://192.168.0.1/block.htm c) view source of block.htm, copy it to notepad, edit to your liking. d) save modified block.htm as block.htm to your C:\ as c:\block.htm2. Open up a telnet console a) telnet 192.168.0.1 B) enter your router username c) enter your router password3. Navigate/Change/CHMOD a) cd /etc/ B) CHMOD 0777 block.htm c) mv block.htm old_block.htm4. Upload a) open an FTP command line B) upload c:\block.htm to your server c) make sure it looks nice (NOTE: Angelfire/Geocities/etc... will not work, banners ruin it)5. SECRET WGET in Router a) navigate to /etc/ in your router from telnet B) wget http://yourpaidwebhost.com/block.htm c) enjoy6. Visit a blocked website a) visit a blocked website. i should say i have personally never tried this... but looks like it may at least point you in the right direction... or brick that bad boi! lulz Edited February 4, 2013 by jesseconsopolus Quote Link to comment Share on other sites More sharing options...
digip Posted February 4, 2013 Share Posted February 4, 2013 It might of blocked your site because it was a localhost issue on the same box, not sure, but usually, the squid box should be a stand alone machine you setup to route all users through to reach the internet and then you can control what sites they see or what they see when they request specific sites. Visualize it in terms of topology: (just an example) cloud/internet -> Your business entry point/modem/etc - > router -> lan switch -> user workstations With filtering other than whats based on the netgear: cloud/internet -> Your business entry point/modem/etc - > router -> squid/IDS/Filter device/DNS services -> lan switch -> user workstations. Quote Link to comment Share on other sites More sharing options...
Infiltrator Posted February 5, 2013 Share Posted February 5, 2013 (edited) I tried Squid Proxy 3, but was having problems loading my own website from the same machine that the proxy was on, was getting so frustrated that I just uninstalled it, haha, also you have to configure each machine to run through the proxy which I don't really want I have no Idea how i would even start with my own DNS server... I never had that problem before, furthermore, there are two ways to force each and every machine to go through a proxy, without having to go to each machine and setting up the proxy address individually. 1) You can setup a transparent proxy 2) Or use a Domain Group Police, to change the LAN settings on each individual machine. Setting up a DNS server is not very hard, you can achieve that with a Windows Server OS, or any Linux Distro by using BIND. Edited February 5, 2013 by Infiltrator Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.