How do I ... block access to Web sites with ProCon Latte?

There are times when you need to be able to block access to certain Web sites. Jack Wallen shows you how to set up ProCon Latte to block users from accessing Web sites they shouldn't.

No matter your reason, there are times when you need to be able to block access to certain Web sites. The biggest problem with this process is keeping users from viewing the thousands upon thousands of black-listed sites you do not want them to see. A better solution is to employ a white list of sites that only allows users to see the sites that you have configured to allow them to see.

There are plenty of applications out there that will allow you to control browsing via white lists. But none of them is as simple and as effective as ProCon Latte.

Of course, you might be asking yourself, "What good is a Firefox add-in to block users when the users can simply disable it?" Fortunately, the developers of ProCon Latte have thought of this as well. You can password protect this white-list filter so that only authenticated users can change the settings or disable the plug-in.

And ProCon Latte is cross-platform ready with install candidates for Linux, Windows, and Mac, and it works with Firefox 2.x - 3.x.

This blog post is also available in PDF format in a free TechRepublic download. A previous version of ProCon Latte is available from the TechRepublic Software Library.

Getting and installing

As you would expect, installing ProCon Latte is as simple as installing any other Firefox extension. You visit the ProCon Latte extension page, click on the Add to Firefox button, agree to the license agreement, and restart Firefox when prompted.

What to do now?

The first thing you need to do is open up ProCon Latte. To open up the Latte window, go to the Tools menu and select ProCon from the list. This will open the main window where you can take care of your configuration (Figure A).

Figure A

Upon installation, the only aspect of ProCon Latte that is enabled is the Explicate Material Filter.

General settings

In the General Settings window (Figure B), there are plenty of options. You can immediately see, in the left pane, the status of each of the filters.

Figure B

If you see a green check by the status of a filter, it is enabled.

In the General Settings window, there are three particular settings you want to take care of right away:

  • Set Password
  • Prevent from Being Disabled or Uninstalled, and
  • Lock about:config

In order to set a password, click the Set Password button and enter the password twice. Once you have done this, the user will have to enter the password in order to open the ProCon Latte window.

But don't think you are finished with locking this down simply because a password has been set. The smart user could enter "about:config" in the URL bar, search for the ProCon entry, and disable it from there. Fortunately, you can disable the ProCon entry from about:config.

You will also want to check the Prevent from Being Disabled or Uninstalled entry. This will keep your users from opening the Addons window and disabling ProCon from the list of installed Addons.

Set up your white list

To set up your white list, all you have to do is go to the White List tab and configure the sites you want to allow. You will see three sites already included in the list (Figure C). First you must actually enable this feature by clicking the Enable Whitelist check box. There are two ways to add a site to your white list. You can either hit the Add Current Site button or type the URL (one URL per line) in the text area.

Figure C

Once enabled, only the sites in this list will be available to the user.

After you are satisfied with your white list, click the OK button to finish. Now Firefox can visit only those particular sites.

There is another way to add sites to your white list that is even easier. From the General Settings window, if you select Enable Right-click Adding to Whitelist, you can then right-click anywhere on a Web site and you will see a new ProCon menu entry. From this new menu entry, you can select Add Current Page to Whitelist to immediately add the page.

If you want to block all traffic except white-listed sites, you will need to go to the Main Filter tab of the options window and select the entry Secure.

Various filters and settings

ProCon Latte contains a few other filters. You can enable a profanity filter that will allow you to enter single words (one per line) to filter. You also have to make sure you enable this filter before it will work.

There is also an explicit material filter that allows you to block Web sites based on key words. In this window you simply click on key words (such as Adults Only) and add them to the list. Once these sites are added, ProCon Latte will filter out any content based on those key words.

You can also enable specific messages that will be displayed when a user has attempted to visit a forbidden site. This is done in the Main Filter tab of the Settings window. If you don't want to just display a message, you can choose to redirect to another page all together. This is done in the same window.

Final thoughts

If you are looking for a tool to filter Web traffic for users but you don't want to add third-party software, the Firefox add-on, ProCon Latte, is a simple solution that allows you to easily set up filters based on white lists, explicit material, and profanity. Of course, if you're looking to deploy this on a large scale, this would require imaging or creating a custom installation script. If you're looking for a smaller deployment, installing ProCon Latte is a simple solution to a challenging problem.

Stay on top of the latest XP tips and tricks with TechRepublic's Windows XP newsletter, delivered every Thursday. Automatically sign up today!


Jack Wallen is an award-winning writer for TechRepublic and He’s an avid promoter of open source and the voice of The Android Expert. For more news about Jack Wallen, visit his website

Aaron McV
Aaron McV

OpenDNS filters by using OpenDNS servers. Modify your DNS records at the router or server and your done! The nice feature with OpenDNS is there is a community of users helping to create and manage the whitelist.


The best solution I has come across is also free. It doesn't require computer by computer configuration and you have full control over what websites are available. You can block by categories or by individual websites. Even better, it protects against known phishing sites. The solution is OpenDNS. It is the best thing I have ever seen. Very few false positives and very easy to setup and to use. Check it out at You may think I work for them or something but I am just a very happy user. I have a school using them and we use it in our business.

The 'G-Man.'
The 'G-Man.'

Sits as a proxy / filtering server for all machines on the DMZ before users get access to the internet. Set to use active directory accounts for authentication. Can set the filters as I see fit.


However,I could not block Google with it.In Temperary Internet files I noticed that Google uploads a lot of exe's so I wanted to block it.

Mark W. Kaelin
Mark W. Kaelin

Is your enterprise actively blocking access to specific Web sites? What applications are you using and how effective are they?


this solution. But seeing as they all have admin access to their computers.... it took them all about 12 seconds to bypass the opendns filters and hit up Youtube on lunch. Ahh, got to love generic multi-business tech support with zero vested interest in more then just the appearance of doing anything real. But, that being said, Opendns is a very good solution for smaller business's that remember to not give every user full admin access... And a great solution for home users.


The built in Windows firewall is pretty worthless. It is certainly better than nothing but it is hardly useful for more than basic protection while surfing the net.


We use multi-layered approach. First a squid proxy using squidguard. This also allows us to use SARG to log web traffic. Secondly, we use openDNS to block users from Adult Sites and advertisements. Both are free solutions in terms of reoccurring costs. The two solutions together seem to catch most material that might cause an HR situation.


Just modify the etc/hosts file, and include entries like This way, it is effective no matter the browser or any other app (like yahoo mess)


Sadly, it is easy for a knowledgeable computer user to change their DNS entries and bypass OpenDNS, unless they don't have the rights to do so. I guess that is where group policy would come in, if you are using Active directory, or, by restricting users to limited access rather than administrative. OpenDNS is great for protecting your network from harmful sites though and well worthwhile.

Editor's Picks