Jump to content

how to redirect when accessing blocked sites in business

MRVDOG

By MRVDOG
in Questions

 Share

Recommended Posts

MRVDOG Newbie

MRVDOG

Posted
Posted

Hi, Is there a way to redirect users who visit blocked websites on our network to a website on my server, I.E. if they visit facebook.com, I want it to show a custom error message on my server saying the site is blocked, as the blocked website message on our current router (seen below) is ugly and not very professional... If this is possible I can then add some PHP to log the attempt with the LAN IP, and the website they tried to access, thanks for your time

blocked+web.jpg

Link to comment
Share on other sites
Infiltrator Newbie

Infiltrator

Posted
Posted

You can do that with a Squid proxy!

Link to comment
Share on other sites
Jason Cooper Newbie

Jason Cooper

Posted
Posted (edited)

If you have your own DNS server that your machines use for look ups then you could simply put an entry in it for the sites that you want to block that returns your websites IP. Then set up your website to just return the blocked page no matter the page requested.

Edited by Jason Cooper
Link to comment
Share on other sites
MRVDOG Newbie

MRVDOG

Posted
  • Author
Posted

You can do that with a Squid proxy!

I tried Squid Proxy 3, but was having problems loading my own website from the same machine that the proxy was on, was getting so frustrated that I just uninstalled it, haha, also you have to configure each machine to run through the proxy which I don't really want

If you have your own DNS server that your machines use for look ups then you could simply put an entry in it for the sites that you want to block that returns your websites IP. Then set up your website to just return the blocked page no matter the page requested.

I have no Idea how i would even start with my own DNS server...

Link to comment
Share on other sites
Jason Cooper Newbie

Jason Cooper

Posted
Posted

Looking at your current blocked page message I guess your router is already doing a similar thing with the DNS. What router are you using and what version of firmware is it running? It might be possible to edit the page that is displays to the user (even if it is changed to a simple redirect to another web server).

Link to comment
Share on other sites
digip Newbie

digip

Posted
Posted

Only other way to do it, is have the block be in front of the router, ie: own DNS, or some other proxy/IDS/3rd party product to act as a filter. Best way, is with your own DNS server, which means setting up a domain controller, that all machines use to lookup request from, or go Squid, which I think a combination of the two would do the trick. Squid is nice because you force all users to have to configure the browsers proxy settings, to run through squid to reach the internet, and you can then also assign each user, their own internet sign on, so monitoring becomes that much easier since you can tie the sign on to the site reached. Either that, or blow some money on another appliance to do it for you, that sites between the router and your internet network that intercepts and displays the message you want, and does the monitoring for you.

Thing to note, unless using Squid or forcing proxy usage on every users browser, a VPN service will most likely bypass all restrictions and you won't be able to see what they visit. Especially if its tunneled over port 80 and they use their own DNS on the VPN, such a OpenDNS, you won't have a whole lot of control in blocking them, if at all. Even with Squid, to some extent, is futile to try and block a savvy user who understands how to work around net filters and tunnel traffic through firewalls.

Link to comment
Share on other sites
MRVDOG Newbie

MRVDOG

Posted
  • Author
Posted

Looking at your current blocked page message I guess your router is already doing a similar thing with the DNS. What router are you using and what version of firmware is it running? It might be possible to edit the page that is displays to the user (even if it is changed to a simple redirect to another web server).

Netgear N300 - DGND3300 (Firmware: V2.1.00.54_1.00.54), I have accessed its files with telnet, backed up block.htm and changed it, but it didn't change when accessing a blocked website

Only other way to do it, is have the block be in front of the router, ie: own DNS, or some other proxy/IDS/3rd party product to act as a filter. Best way, is with your own DNS server, which means setting up a domain controller, that all machines use to lookup request from, or go Squid, which I think a combination of the two would do the trick. Squid is nice because you force all users to have to configure the browsers proxy settings, to run through squid to reach the internet, and you can then also assign each user, their own internet sign on, so monitoring becomes that much easier since you can tie the sign on to the site reached. Either that, or blow some money on another appliance to do it for you, that sites between the router and your internet network that intercepts and displays the message you want, and does the monitoring for you.

Thing to note, unless using Squid or forcing proxy usage on every users browser, a VPN service will most likely bypass all restrictions and you won't be able to see what they visit. Especially if its tunneled over port 80 and they use their own DNS on the VPN, such a OpenDNS, you won't have a whole lot of control in blocking them, if at all. Even with Squid, to some extent, is futile to try and block a savvy user who understands how to work around net filters and tunnel traffic through firewalls.

That sounds really confusing :S, I have already tried Squid, got it blocking certain websites, but it was also blocking my website which is hosted on the same machine as Squid

Link to comment
Share on other sites
jesseconsopolus Newbie

jesseconsopolus

Posted
Posted (edited)

you could dd-wrt the firmware on the router... set your own custom page up... that is if they have it available....or if you have some linux knowledge try this below....

How To Change "BLOCKED BY NETGEAR FIREWALL"

1. Enable Debug Mode On Your Router
a) http://192.168.0.1/setup.cgi?todo=debug
B) http://192.168.0.1/block.htm
c) view source of block.htm, copy it to notepad, edit to your liking.
d) save modified block.htm as block.htm to your C:\ as c:\block.htm
2. Open up a telnet console
a) telnet 192.168.0.1
B) enter your router username
c) enter your router password
3. Navigate/Change/CHMOD
a) cd /etc/
B) CHMOD 0777 block.htm
c) mv block.htm old_block.htm
4. Upload
a) open an FTP command line
B) upload c:\block.htm to your server
c) make sure it looks nice (NOTE: Angelfire/Geocities/etc... will not work, banners ruin it)
5. SECRET WGET in Router
a) navigate to /etc/ in your router from telnet
B) wget http://yourpaidwebhost.com/block.htm
c) enjoy
6. Visit a blocked website
a) visit a blocked website.

i should say i have personally never tried this... but looks like it may at least point you in the right direction... or brick that bad boi! lulz

Edited by jesseconsopolus
Link to comment
Share on other sites
digip Newbie

digip

Posted
Posted

It might of blocked your site because it was a localhost issue on the same box, not sure, but usually, the squid box should be a stand alone machine you setup to route all users through to reach the internet and then you can control what sites they see or what they see when they request specific sites.

Visualize it in terms of topology:

(just an example)

cloud/internet -> Your business entry point/modem/etc - > router -> lan switch -> user workstations

With filtering other than whats based on the netgear:

cloud/internet -> Your business entry point/modem/etc - > router -> squid/IDS/Filter device/DNS services -> lan switch -> user workstations.

Link to comment
Share on other sites
Infiltrator Newbie

Infiltrator

Posted
Posted (edited)

I tried Squid Proxy 3, but was having problems loading my own website from the same machine that the proxy was on, was getting so frustrated that I just uninstalled it, haha, also you have to configure each machine to run through the proxy which I don't really want

I have no Idea how i would even start with my own DNS server...

I never had that problem before, furthermore, there are two ways to force each and every machine to go through a proxy, without having to go to each machine and setting up the proxy address individually.

1) You can setup a transparent proxy

2) Or use a Domain Group Police, to change the LAN settings on each individual machine.

Setting up a DNS server is not very hard, you can achieve that with a Windows Server OS, or any Linux Distro by using BIND.

Edited by Infiltrator
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...