[WEB4LIB] Re: restricting users to just one site
Vermeersch, Scott M.
Vermeersch.Scott at mayo.edu
Wed Mar 6 16:30:46 EST 2002
A better way to limit users to a web site with Public Web Browser is to get
the newest version (PWB v1.28r6). This version can exclude or include by IP
address. We use the "-ALL" to exclude all IP addresses then add in the web
site IP address we want to limit access to.
Scott Vermeersch
Computer Systems Analyst
Mayo Medical Library
-----Original Message-----
From: Karen Knox [mailto:kknox at tln.lib.mi.us]
Sent: Wednesday, March 06, 2002 3:14 PM
To: Multiple recipients of list
Subject: [WEB4LIB] Re: restricting users to just one site
I've got Public Web Browser installed and use the "OnlyAccess" file to
restrict users to particular sites.
PWB is available at: http://www.teamsoftwaresolutions.com/downloads.htm
Since it runs on top of Internet Explorer, it wouldn't be too difficult of a
transition from the setup you describe with IE on WinNT. Drop me a note if
you want more info.
Karen
--------------------------------------------------------
Karen C. Knox, MLIS
kknox at tln.lib.mi.us
Head of Systems & Technology
Novi Public Library - Novi, Michigan
> -----Original Message-----
> From: web4lib at webjunction.org
> [mailto:web4lib at webjunction.org]On Behalf Of Peter Murray
> Sent: Wednesday, March 06, 2002 4:08 PM
> To: Multiple recipients of list
> Subject: [WEB4LIB] Re: restricting users to just one site
>
>
> I talk about this in my LITA Regional Institute on Web Proxy Servers
> and Authentication (care to host a Regional Institute in Ireland?),
> and I offer three suggestions of increasing complexity to solve the
> problem:
>
> 1. As Jacque pointed out, you can use the "Proxy Exeptions"
> configuration in the web browser to limit access. This is described
> best by Andrew Mutch on his Tech pages:
> <http://northville.lib.mi.us/tech/lockin.htm> (Navigator)
> <http://tech.tln.lib.mi.us/lockinie.htm> (Internet Explorer)
>
> 2. The problem with #1 is that the user gets a somewhat cryptic error
> message from the browser ('Netscape is unable to locate the
> server "Your
> Error Message":0 Please check the server name and try again.') My
> enhancement to Andrew's idea is to put the address of a "fake" proxy
> server (the only thing this server does is return a page). In this
> case, we run a fake proxy server on a specific port on a UNIX
> box which
> simply displays an HTML page.
>
> a. Create a HTTP-response-in-a-file
> (/usr/local/sorry.cat-html in
> this example):
>
> HTTP/1.0 200 Ok
> Content-type: text/html
>
> <HTML>
> <HEAD><TITLE>Can't go there</TITLE></HEAD>
> <BODY><P>Sorry -- you can't get there from this
> workstation.</P></BODY> </HTML>
>
> b. Add a line to your services file: fakeproxy 8080/tcp
> c. Add a line to your inetd.conf file: fakeproxy
> stream tcp nowait
> httpusr /bin/cat cat /usr/local/sorry.cat-html ...and restart
> your
> inetd server with a HUP signal.
> d. Change the configuration of the browser in example #1 above
> such
> that the HTTP proxy hostname is your UNIX server and 8080 is
> the
> port.
>
> There is probably an equivalent way to do this under NT. (Anybody know
> how?)
>
> 3. Option #2 above is great, but if you want to change the list of
> "Exceptions" you must visit each browser and reconfigure it (unless
> you are using something like NT profiles). To solve that
> problem, I suggest
> using Proxy Automatic Configuration (PAC) files to define the
> exceptions
> list. That way you can make the change to the PAC file on your web
> server and the clients will pick up the changes the next time the web
> browser is restarted.
>
>
> Peter
> --
> Peter Murray, Computer Services Librarian W: 860-570-5233
> University of Connecticut Law School Hartford, Connecticut
>
More information about the Web4lib
mailing list