[WEB4LIB] Re: restricting users to just one site

Vermeersch, Scott M. Vermeersch.Scott at mayo.edu
Wed Mar 6 16:30:46 EST 2002


A better way to limit users to a web site with Public Web Browser is to get
the newest version (PWB v1.28r6). This version can exclude or include by IP
address. We use the "-ALL" to exclude all IP addresses then add in the web
site IP address we want to limit access to.

Scott Vermeersch
Computer Systems Analyst
Mayo Medical Library


-----Original Message-----
From: Karen Knox [mailto:kknox at tln.lib.mi.us] 
Sent: Wednesday, March 06, 2002 3:14 PM
To: Multiple recipients of list
Subject: [WEB4LIB] Re: restricting users to just one site


I've got Public Web Browser installed and use the "OnlyAccess" file to
restrict users to particular sites.

PWB is available at: http://www.teamsoftwaresolutions.com/downloads.htm

Since it runs on top of Internet Explorer, it wouldn't be too difficult of a
transition from the setup you describe with IE on WinNT.  Drop me a note if
you want more info.

          Karen
--------------------------------------------------------
Karen C. Knox, MLIS
kknox at tln.lib.mi.us
Head of Systems & Technology
Novi Public Library - Novi, Michigan


> -----Original Message-----
> From: web4lib at webjunction.org 
> [mailto:web4lib at webjunction.org]On Behalf Of Peter Murray
> Sent: Wednesday, March 06, 2002 4:08 PM
> To: Multiple recipients of list
> Subject: [WEB4LIB] Re: restricting users to just one site
>
>
> I talk about this in my LITA Regional Institute on Web Proxy Servers 
> and Authentication (care to host a Regional Institute in Ireland?), 
> and I offer three suggestions of increasing complexity to solve the 
> problem:
>
> 1.  As Jacque pointed out, you can use the "Proxy Exeptions" 
> configuration in the web browser to limit access.  This is described 
> best by Andrew Mutch on his Tech pages:
>   <http://northville.lib.mi.us/tech/lockin.htm> (Navigator)
>   <http://tech.tln.lib.mi.us/lockinie.htm> (Internet Explorer)
>
> 2.  The problem with #1 is that the user gets a somewhat cryptic error
> message from the browser ('Netscape is unable to locate the
> server "Your
> Error Message":0  Please check the server name and try again.')  My
> enhancement to Andrew's idea is to put the address of a "fake" proxy
> server (the only thing this server does is return a page).  In this
> case, we run a fake proxy server on a specific port on a UNIX
> box which
> simply displays an HTML page.
>
>     a.	Create a HTTP-response-in-a-file
> (/usr/local/sorry.cat-html in
>        this example):
>
>         HTTP/1.0 200 Ok
>         Content-type: text/html
>
>         <HTML>
>         <HEAD><TITLE>Can't go there</TITLE></HEAD>
>         <BODY><P>Sorry -- you can't get there from this
>         workstation.</P></BODY> </HTML>
>
>     b.	Add a line to your services file: fakeproxy 8080/tcp
>     c.	Add a line to your inetd.conf file: fakeproxy
> stream tcp nowait
>        httpusr /bin/cat cat /usr/local/sorry.cat-html ...and restart 
> your
>        inetd server with a HUP signal.
>     d. Change the configuration of the browser in example #1 above 
> such
>        that the HTTP proxy hostname is your UNIX server and 8080 is 
> the
>        port.
>
> There is probably an equivalent way to do this under NT. (Anybody know
> how?)
>
> 3.  Option #2 above is great, but if you want to change the list of 
> "Exceptions" you must visit each browser and reconfigure it (unless 
> you are using something like NT profiles).  To solve that
> problem, I suggest
> using Proxy Automatic Configuration (PAC) files to define the
> exceptions
> list.  That way you can make the change to the PAC file on your web
> server and the clients will pick up the changes the next time the web
> browser is restarted.
>
>
> Peter
> --
> Peter Murray, Computer Services Librarian              W: 860-570-5233
> University of Connecticut Law School             Hartford, Connecticut
>




More information about the Web4lib mailing list