Results 1 to 6 of 6
  1. #1
    New Lounger
    Join Date
    Mar 2014
    Posts
    2
    Thanks
    3
    Thanked 0 Times in 0 Posts

    How to limit XP to two websites

    I have a Windows XP machine that I have been happily using for some time now to access two client sites via their VPNs.

    For each client I navigate to a URL in IE which logs me in to their VPN. I then run software on the PC to access their systems.

    The machine works perfectly well for what I need so I don't want to upgrade the PC just because XP is no longer supported. Because of accessing the client sites I cannot just "turn off the internet", so I was wondering if I could "turn it off" for every site EXCEPT these two URLs?

    TIA for any assistance.

  2. #2
    Super Moderator RetiredGeek's Avatar
    Join Date
    Mar 2004
    Location
    Manning, South Carolina
    Posts
    6,389
    Thanks
    208
    Thanked 831 Times in 764 Posts
    Stargoo,

    Welcome to the Lounge as a new poster.

    You could do this via the Hosts file but unfortunately it does not accept wild cards so you would have to make an entry for every web address in existence except for the two you want to use. Not very practical!

    However, there is a free Proxy DNS program called Acrylic that does accept wild cards so you should be able to disable all urls with the exception of the two you want with only a couple of entries. I'm no expert in this area but I've used a hosts file before to keep people off of time killers like Facebook, MySpace, etc. and it works just fine so this method should work but it will take a little study on your part. HTH
    May the Forces of good computing be with you!

    RG

    VBA Rules!

    My Systems: Desktop Specs
    Laptop Specs


  3. The Following 2 Users Say Thank You to RetiredGeek For This Useful Post:

    SF99 (2014-03-28),stargoo (2014-03-24)

  4. #3
    New Lounger
    Join Date
    Mar 2014
    Posts
    2
    Thanks
    3
    Thanked 0 Times in 0 Posts
    Thanks for the welcome RetiredGeek.

    I read a comment somewhere in the wilds of the internet that suggested I might be able to do it without loading any additional software:

    "set the dns server of the client to NOTHING, or an invalid address and then in the host file just put the hosts you want to resolve."

    I don't know if this is a valid solution, and even if it is I have no idea how to go about doing that. I'd love to hear your opinion on that approach, especially in context of the impending XP obsolescence. Would that introduce a performance hit (eg. waiting for a timeout every time when it can't find the DNS)?

  5. #4
    2 Star Lounger
    Join Date
    Dec 2009
    Location
    Manchester, United Kingdom
    Posts
    115
    Thanks
    8
    Thanked 16 Times in 15 Posts
    Depends on what you are trying to achieve. As the Turkish President found out when trying to ban Twitter, there are ways around anything on the Internet. You don't need DNS or HOSTS to surf the net, I have a few IP addresses memorised for use when DNS is down, and especially 8.8.8.8 (Google DNS) which allows me to use NSLOOKUP to find a website's IP address when DNS is not working. (Note that some websites won't respond to an IP address because they use a system called named virtual hosts.)

    To use the method, get into your network adapter's properties. Find the TCP/IP V4 protocol and look at its properties. Set DNS to "these addresses" and set them to something wild like 111.111.111.111. You now have no Internet name lookup, and trying a named website will result in a 20 second timeout. Now open a command window and enter a command like "nslookup www.bbc.co.uk 8.8.8.8". Note the IP address returned (e.g. 212.58.246.91). Then use Notepad to edit C:\windows\system32\drivers\etc\hosts with the line "212.58.246.91 www.bbc.co.uk". You can now surf to the BBC website but no other (unless you know its IP address...)

    Alternatively, and more effectively, you might be able to put a whitelist on your router/firewall - block access to all IPs then allow access to those VPN IPs and prioritise the second rule. You might be able to apply those rules to just your XP PC (remember to reserve it's LAN IP address). Also remember to secure your router/firewall.

    Ian.

  6. The Following User Says Thank You to iansavell For This Useful Post:

    stargoo (2014-03-28)

  7. #5
    New Lounger
    Join Date
    Dec 2009
    Location
    Baltimore, MD
    Posts
    7
    Thanks
    0
    Thanked 9 Times in 4 Posts
    Actually this is relatively trivial to do:

    Go into Tools - Internet Options - Connections - Lan Settings - Proxy Server - Advanced (Make sure you
    have use Proxy Server checked so you see advanced button not greyed out.)

    Under HTTP "Proxy Address to Use" we type something like "Access Denied" (it honestly doesn't
    matter what you type as long as it's not an ip address, "localhost" or a domain name) and leave the port
    blank. Fill in the exceptions box with JUST the addresess for servers you want to connect to.

    It's similar in Firefox. Ther you would go to Tools- Options - Advanced - Network - Cpnnections - Settings and do the same.

    Hope this helps.



    Giles W. Riesner, Jr. | Lead Library Technician, Library Technology/Library System Administrator
    The Community College of Baltimore County | 800 South Rolling Road | Catonsville, MD 21228 USA
    Phone: 1-443-840-2736 | Email: griesner@ccbcmd.edu

  8. The Following 6 Users Say Thank You to griesner For This Useful Post:

    lumpy95 (2014-03-27),mrjimphelps (2014-03-27),Paul T (2014-03-27),RetiredGeek (2014-03-27),SF99 (2014-03-28),stargoo (2014-03-28)

  9. #6
    Platinum Lounger
    Join Date
    Dec 2009
    Location
    Earth
    Posts
    3,729
    Thanks
    7
    Thanked 236 Times in 224 Posts
    Nice one Giles! Elegant and simple.

    cheers, Paul

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •