Is there a way to deny access to the internet by computer/ip address. I want to be able to stop internet usage at a specific workstation even though the user has internet priveleges. We are using proxy 2.0
This conversation is currently closed to new comments.
This depends. If you have a firewall setup and you have blocked port80 then all machines are forced to the Proxy server to get out. If you do not have this setup then there is no way to prevent the user from accessing the internet.
You can simply configure your firewall to deny outbound access from the source IP address. If you're not using a firewall, then: 1 - you should be 2 - you can do the same thing on the router you use to connect to your ISP
PS: If the problem is with a USER, then I highly recommend dropping a Proxy in place, blocking O/B access at the FW, except for your Proxy (and maybe one or two other inside machines) and running something like WebTrends which gives real nice reports. The real nice thing is this is typically setup to manage connections by User I.D., so even if a problem user goes to a different PC, they're still "managed".
If you are already using filters in Proxy, just create a filter in Proxy 2.0 which prohibits traffic from the station you want to squelch. If you are not using filters, you would have to turn on the feature, and carefully make sure that the particular station is the only one you are blocking. (In Internet Service Manager, double-click the compter name under proxy, then go to Service tab/Shared Services/Security/Packet Filters.)
If your problem station is a problem because of the sites it isvisiting, there is also a feature in Proxy which can deny access to certain outside sites. (In Internet Service Manager, double-click the compter name under proxy, then go to Service tab/Shared Services/Security/Domain Filters.)
If it is really auser you want to block rather than a station, you can create a group (in User Manager for Domains) which will have proxy access, and put in only those who should be allowed to use the internet. Then, in Proxy, turn on user permissions (called AccessControl), and grant permissions to your group.
Proxy is a complicated product, with lots of options and most people do not bother to read the manual. Search the manual for "Access Control" "Packet Filter" and "Domain Filter" to read the details on these subjects. Everthing you want is there, you just need to turn it on.
If that machine is an NT or win2k machine, Then you can block access by denying access to the IExplorer.exe file thru NTFS permissions (thats how I have it setup on the computers).
If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.
deny access to internet