[WEB4LIB] restricting users to just one site

Chris Murphy chrism at thecommunitylibrary.org
Wed Mar 6 18:07:05 EST 2002


I have used automatic proxy configuration files as described by Tim Kambitsch:

http://www.dayton.lib.oh.us/~kambitsch/netscape/bogus-proxy-server.html

For example, I limited machine access to our subscribed databases, and the technique worked very well. Essentially, you use a javascript "bogus proxy configuration" file and configure your browser to use an Automatic Proxy Configuration script (.pac).

Browser Configurations:
IE6: Tools>Internet Options>Connections>LAN Settings>Use Automatic Proxy Configuration Script
Netscape: Edit>Preferences>Advanced>Proxies>Automatic Proxy Configuration

In the Address field, enter a URL pointing to a .pac file instead of an .html file, e.g., http://server.yourlibrary.com/proxy/catalog.pac

I have used this approach successfully on Navigator 4.x, Netscape 6, and IE v4-6. Opera 6.0 does not support automatic proxy configuration files, but I think Opera 6.01 might.

Here is one version of the java scripts I used:

with (ProxyConfig) {
function FindProxyForURL(url,host)
{
if(isPlainHostName(host) ||
dnsDomainIs(host, ".thecommunitylibrary.org")||
dnsDomainIs(host, ".epnet.com") ||
dnsDomainIs(host, ".galegroup.com") ||
dnsDomainIs(host, ".wsj.com") ||
dnsDomainIs(host, ".nytimes.com") ||
dnsDomainIs(host, "referenceusa.com") ||
return "DIRECT";
else
return "PROXY http://webserver.thecommunitylibrary.org"
}
}

I placed the script on a server and pointed the clients to it; however, you can also house a copy of the script on each local machine (e.g., http://127.0.0.1/proxy/proxy.pac).

One bug I ran into was that our internal web server did not have the ".pac" extension in its MIME type definitions as a javascript application. Once I figured that out, all went well.

The web server you define as your "PROXY" should return an Error 404 message for every URL requested that is not in the list. Alternately, you can, like I did, create a custom error message on your designated "PROXY" server.

We have since allowed full Internet access on all Internet capable computers, so I am no longer using the above approach to limit access to specified URLs. I also modified this approach to restrict access to web mail on Internet computers, but that's another story.

Hope this helps,

Chris Murphy

-- 
Christopher Murphy
Information Systems Manager
The Community Library, Ketchum, Idaho
chrism at thecommunitylibrary.org
(208) 726-3493 x111
http://www.thecommunitylibrary.org

Info Galway Library wrote:
> 
> Hi,
> 
> What is the best means of restricting users to just one site. Some of our
> pcs are reserved for the library catalogue. We have been using Cyber Patrol
> to specify one site that can be visited. Internet Explorer is opened in
> kiosk mode on Windows NT workstations.
> 
> This is not an elegant solution because users do not receive an explanation
> when a website they attempt to access is blocked.
> 
> Regards
> John Fitzgibbon
> 
> Galway Public Library
> Island House
> Cathedral Square
> Galway
> Ireland
> 
> http://www.galwaylibrary.ie
> 
> Phone: 00 353 91 562471
> Fax: 00 353 91 565039




More information about the Web4lib mailing list