[WEB4LIB] Re: restricting users to just one site
Karen Knox
kknox at tln.lib.mi.us
Wed Mar 6 16:14:27 EST 2002
I've got Public Web Browser installed and use the "OnlyAccess" file to
restrict users to particular sites.
PWB is available at: http://www.teamsoftwaresolutions.com/downloads.htm
Since it runs on top of Internet Explorer, it wouldn't be too difficult of a
transition from the setup you describe with IE on WinNT. Drop me a note if
you want more info.
Karen
--------------------------------------------------------
Karen C. Knox, MLIS
kknox at tln.lib.mi.us
Head of Systems & Technology
Novi Public Library - Novi, Michigan
> -----Original Message-----
> From: web4lib at webjunction.org
> [mailto:web4lib at webjunction.org]On Behalf Of Peter Murray
> Sent: Wednesday, March 06, 2002 4:08 PM
> To: Multiple recipients of list
> Subject: [WEB4LIB] Re: restricting users to just one site
>
>
> I talk about this in my LITA Regional Institute on Web Proxy
> Servers and
> Authentication (care to host a Regional Institute in Ireland?), and I
> offer three suggestions of increasing complexity to solve the problem:
>
> 1. As Jacque pointed out, you can use the "Proxy Exeptions"
> configuration in the web browser to limit access. This is described
> best by Andrew Mutch on his Tech pages:
> <http://northville.lib.mi.us/tech/lockin.htm> (Navigator)
> <http://tech.tln.lib.mi.us/lockinie.htm> (Internet Explorer)
>
> 2. The problem with #1 is that the user gets a somewhat
> cryptic error
> message from the browser ('Netscape is unable to locate the
> server "Your
> Error Message":0 Please check the server name and try again.') My
> enhancement to Andrew's idea is to put the address of a "fake" proxy
> server (the only thing this server does is return a page). In this
> case, we run a fake proxy server on a specific port on a UNIX
> box which
> simply displays an HTML page.
>
> a. Create a HTTP-response-in-a-file
> (/usr/local/sorry.cat-html in
> this example):
>
> HTTP/1.0 200 Ok
> Content-type: text/html
>
> <HTML>
> <HEAD><TITLE>Can't go there</TITLE></HEAD>
> <BODY><P>Sorry -- you can't get there from this
> workstation.</P></BODY> </HTML>
>
> b. Add a line to your services file: fakeproxy 8080/tcp
> c. Add a line to your inetd.conf file: fakeproxy
> stream tcp nowait
> httpusr /bin/cat cat /usr/local/sorry.cat-html ...and
> restart your
> inetd server with a HUP signal.
> d. Change the configuration of the browser in example #1
> above such
> that the HTTP proxy hostname is your UNIX server and
> 8080 is the
> port.
>
> There is probably an equivalent way to do this under NT.
> (Anybody know
> how?)
>
> 3. Option #2 above is great, but if you want to change the list of
> "Exceptions" you must visit each browser and reconfigure it
> (unless you
> are using something like NT profiles). To solve that
> problem, I suggest
> using Proxy Automatic Configuration (PAC) files to define the
> exceptions
> list. That way you can make the change to the PAC file on your web
> server and the clients will pick up the changes the next time the web
> browser is restarted.
>
>
> Peter
> --
> Peter Murray, Computer Services Librarian W: 860-570-5233
> University of Connecticut Law School Hartford, Connecticut
>
More information about the Web4lib
mailing list