Q: How can I prevent Microsoft Internet Explorer (IE) users from accessing certain websites without deploying special software?

Jan De Clercq

November 10, 2008

3 Min Read
ITPro Today logo in a gray background | ITPro Today

A: You can use IE’s built-in Content Advisor to prevent users from accessing specific websites. Content Advisor offers an interesting alternative to investing in a third-party solution to block URL access, or to blocking access on your organization’s Internet-facing firewalls, proxy servers, or content scanning servers.
    
You can access Content Advisor’s settings from the Content tab in IE’s Internet Options. If you click Enable in the Content Advisor section, IE will open the Content Advisor configuration options. To prohibit access to a given URL, click the Approved Sites tab, enter the URL in the Allow this website box , and click the Never button. This action will add the site to the list of prohibited websites, as shown in Figure 1 for www.contoso.com and www.toysrus.com. Note that enabling the Content Advisor setting will also require you to set a supervisor password.

You can also centrally control Content Advisor settings for IE users in your Windows domain using Group Policy Object (GPO) settings. You can find the Content Advisor settings in Group Policy Editor (GPE) in the User ConfigurationWindows SettingsInternet Explorer MaintenanceSecurity container. The Content Advisor settings are located under the Security Zones and Content Ratings GPO.

Configuring the Content Advisor GPO setting is slightly different from how you configure other GPO settings: Instead of configuring the Content Advisor settings in GPE directly, you must import them from a computer that’s already configured. GPE walks you through the process of importing the Content Advisor settings, as shown in Figure 2.

Note that there are ways around this block, such as looking at cached search engine results. Also, Content Advisor settings don’t stop a user from loading a different browser to look at blocked sites. If you’re using Windows Vista’s Home Basic, Home Premium, or Ultimate versions, consider using Vista’s built-in parental controls to prevent users from viewing specific websites instead

Another way to block access to specific websites is by using the little-known Route command. The Route command is available on every Windows system and can be used to modify the local IP network routing table. When you type a URL in your browser, Windows uses the local routing table as a network map to determine where to send the packet. In most cases, the routing table directs the packet to a default gateway, which then sends it out to another network or the Internet. Using the Route command, you can configure the routing table so that Windows will send the packets that are addressed to certain websites or IP addresses to a dead end. To the user it will appear the website doesn’t exist or isn’t accessible.

To use Route in this way, you must know the IP address of the website to which you want to block access. You must also know an IP address within your local network subnet that isn’t in use to use as the “dead end” IP address. For example, if the IP address of the website you want to block access to is 13.12.11.10, and the dead-end IP address on your local subnet is 192.153.34.33, then you would use the following command:

route -p add 13.12.11.10 mask 255.255.255.255 192.153.34.33

Read more about:

Microsoft
Sign up for the ITPro Today newsletter
Stay on top of the IT universe with commentary, news analysis, how-to's, and tips delivered to your inbox daily.

You May Also Like