Kaseya Community

How To Block Access To Specific Web Sites

  • Is there a way in Kaseya or via scripts that I can block users from specific web sites (like a black list). I want to block for both IE and Firefox. These are work PCs and the owner would like to prevent his employees from visiting places like MySpace and Facebook.

    Thanks in advance.

    Legacy Forum Name: How To Block Access To Specific Web Sites,
    Legacy Posted By Username: jhurff
  • If you are just looking for an easy way to do it through Kaseya, you can use the Distribute File option with a custom HOSTS file.

    The ideal way would be to get a decent web/content filter in place (Sonicwall, Untangle, Barracuda, 8e6, etc. etc. etc.), as they are loads easier to manage than continually editing a hosts file.

    Legacy Forum Name: How-To,
    Legacy Posted By Username: CeruleanBlue
  • You can also use a free product like opendns.org. We use this for several customers to solve the exact issues you describe. They'll even let you brand the look and feel (mostly).

    Did I mention that it as free?

    Legacy Forum Name: How-To,
    Legacy Posted By Username: boudj
  • boudj
    You can also use a free product like opendns.org. We use this for several customers to solve the exact issues you describe. They'll even let you brand the look and feel (mostly).

    Did I mention that it as free?


    Ahh yes, we use OpenDNS (just the IP addresses) too. Can't believe I forgot they had the filtering thing going on.

    Legacy Forum Name: How-To,
    Legacy Posted By Username: CeruleanBlue
  • Another vote for OpenDNS, really simple to use and at no cost. The only 'downside' is that filters apply to the entire site at all times of the day.If you want iintellegent filerting based on users, time of day etc take a look at untangle www.untangle.com/gomsp

    Legacy Forum Name: How-To,
    Legacy Posted By Username: PeterS
  • jhurff
    Is there a way in Kaseya or via scripts that I can block users from specific web sites (like a black list). I want to block for both IE and Firefox. These are work PCs and the owner would like to prevent his employees from visiting places like MySpace and Facebook.

    Thanks in advance.


    Script Name: Block Websites - Myspace Facebook Friendster
    Script Description: This script is a sample for blocking Myspace, Facebook, Friendster

    IF Test File
    Parameter 1 : %windir%\system32\drivers\etc\hosts
    Not Contains :myspace
    THEN
    Get File
    Parameter 1 : %windir%\system32\drivers\etc\hosts
    Parameter 2 : ..\Docs\Hosts-original.txt
    Parameter 3 : 1
    OS Type : 13
    Execute Shell Command
    Parameter 1 : copy %windir%\system32\drivers\etc\hosts %windir%\system32\drivers\etc\hosts.bak1
    Parameter 2 : 1
    OS Type : 13
    Execute Shell Command
    Parameter 1 : attrib -r %windir%\system32\drivers\etc\hosts
    Parameter 2 : 1
    OS Type : 13
    Execute Shell Command
    Parameter 1 : echo.127.0.0.1 www.myspace.com >>>> %windir%\system32\drivers\etc\hosts
    Parameter 2 : 1
    OS Type : 13
    Execute Shell Command
    Parameter 1 : echo.127.0.0.1 www.friendster.com >>>> %windir%\system32\drivers\etc\hosts
    Parameter 2 : 1
    OS Type : 13
    Execute Shell Command
    Parameter 1 : echo.127.0.0.1 www.facebook.com >>>> %windir%\system32\drivers\etc\hosts
    Parameter 2 : 1
    OS Type : 13
    Execute Shell Command
    Parameter 1 : attrib +r %windir%\system32\drivers\etc\hosts
    Parameter 2 : 1
    OS Type : 13
    Get File
    Parameter 1 : %windir%\system32\drivers\etc\hosts
    Parameter 2 : ..\Docs\Hosts-new.txt
    Parameter 3 : 2
    OS Type : 13
    ELSE
    Get File
    Parameter 1 : %windir%\system32\drivers\etc\hosts
    Parameter 2 : ..\Docs\Hosts-new.txt
    Parameter 3 : 0
    OS Type : 0
    Write Script Log Entry
    Parameter 1 : Host file appears to block specified websites. Check Documents tab for agent and 'hosts' file to verify.
    OS Type : 0



    Crude, but effective. You should be able to find out if your more savvy users are modifying the file and removing the block, too.

    Legacy Forum Name: How-To,
    Legacy Posted By Username: Benjamin.Lavalley@kaseya.com
  • boudj
    You can also use a free product like opendns.org. We use this for several customers to solve the exact issues you describe. They'll even let you brand the look and feel (mostly).

    Did I mention that it as free?


    Do you script out the deployment of the opendns dns servers on your agents?

    I was considering this but didn't know how popular it was.

    Legacy Forum Name: How-To,
    Legacy Posted By Username: Benjamin.Lavalley@kaseya.com
  • OpenDNS.org works by using their dns servers to resolve public dns. So basically if they have a AD domain, you setup the forwarders on the internal name servers to use opendns.org's name servers. You then block all NS access in your firewall except for opendns.org's name servers. This way only opendns.org can resolve public dns queries.

    Legacy Forum Name: How-To,
    Legacy Posted By Username: boudj
  • We "modifing the hosts file" as mentioned below. We have a text file saved in managed files that contains all of the sites we want to block. We append this file to the hosts file on the clients.

    We have one script to push it down and another script to clear it out of the hosts file. The nice thing about this, is that we usually have different levels of standards for different clients or different machines within a customer. So we can run it on a machine by machine basis or against a server if the server is the primary DNS inside of the network.

    Legacy Forum Name: How-To,
    Legacy Posted By Username: doug.jenkins@ispire.ca
  • We use OpenDNS and Untangle.
    OpenDNS is easy to setup remotely
    We also have an Untangle option and use it as a Gateway security box.
    This gives you a LOT better control than OpenDNS with reporting like who is accessing what sites etc.

    As an MSP we are guiding all our customers to go with Untangle and have already seen reduction in calls due to virus and spam.
    Customers also like the usage reports Untangle can produce.

    Legacy Forum Name: How-To,
    Legacy Posted By Username: garry
  • Dear Sir,


    Please tell me how to write script to unblock the facebook and chat sites.

    Legacy Forum Name: How-To,
    Legacy Posted By Username: Ram Mohan
  • we use sonicwall firewalls. prefer to do this at the edge.

    Legacy Forum Name: How-To,
    Legacy Posted By Username: razmataz
  • A couple of things concern me about how this is being implemented and I want to see if anyone has any additional feedback.

    1) If a client has custom hosts files you cant overwrite those files. Is there a way to make a script in Kaseya that could merge a Kaseya generic blocker host file with another file(s) that has the special entries that would be necissary for the clients machine? (--think of VPN users that need to resolve servers by name with out having access to a companies internal DNS resolution)

    2) DNS forwarders in an Active Directory domain in general are a bad idea as the AD server will even forward internal DNS resolution requests to its forwarder for resolution. This causes DNS request time outs in regards to internal names resolution which in turn drives up WINS resolution requests if availabel and finally broadcast requests. Conditional forwarders are the way to go in order to minimize broadcast traffic for local name resolution but you dont want to set up a conditional forwarder for all 200,000 porn sites out there. How has OpenDNS affected client's DNS resolution for Single forest/multi site resolutions and across multiple subnets where broadcast requests can not resolve?

    3) Lastly, does anyone have a way to block traffic by IP that Kaseya has a way to monitor and report on?

    We, like most of you, use multiple hardware and software methods to do content filtering and traffic shaping but I would like to find out if someone has found a way to handle all or most of these issues so that Kaseya is responsible for the reporting and maintenance of this activity.

    Legacy Forum Name: How-To,
    Legacy Posted By Username: infinitytechnologies
  • infinitytechnologies
    A couple of things concern me about how this is being implemented and I want to see if anyone has any additional feedback.

    1) If a client has custom hosts files you cant overwrite those files. Is there a way to make a script in Kaseya that could merge a Kaseya generic blocker host file with another file(s) that has the special entries that would be necissary for the clients machine? (--think of VPN users that need to resolve servers by name with out having access to a companies internal DNS resolution)


    Yes, it would be like appending a text file (if you're doing the host file) there is a script floating around the scripts section that will do exactly that... Mind you, you'll want to make backups of each host file...

    infinitytechnologies

    2) DNS forwarders in an Active Directory domain in general are a bad idea as the AD server will even forward internal DNS resolution requests to its forwarder for resolution. This causes DNS request time outs in regards to internal names resolution which in turn drives up WINS resolution requests if availabel and finally broadcast requests. Conditional forwarders are the way to go in order to minimize broadcast traffic for local name resolution but you dont want to set up a conditional forwarder for all 200,000 porn sites out there. How has OpenDNS affected client's DNS resolution for Single forest/multi site resolutions and across multiple subnets where broadcast requests can not resolve?


    Not sure we don't use this type of option

    infinitytechnologies

    3) Lastly, does anyone have a way to block traffic by IP that Kaseya has a way to monitor and report on?


    You might be able to track it via firewall/snmp not sure.

    infinitytechnologies

    We, like most of you, use multiple hardware and software methods to do content filtering and traffic shaping but I would like to find out if someone has found a way to handle all or most of these issues so that Kaseya is responsible for the reporting and maintenance of this activity.


    Sorry I haven't

    Legacy Forum Name: How-To,
    Legacy Posted By Username: thirteentwenty
  • do you have agent procedure how to block facebookor twitter (social media)