How to limit XP to two websites

Topic

New Reply

I have a Windows XP machine that I have been happily using for some time now to access two client sites via their VPNs.

For each client I navigate to a URL in IE which logs me in to their VPN. I then run software on the PC to access their systems.

The machine works perfectly well for what I need so I don’t want to upgrade the PC just because XP is no longer supported. Because of accessing the client sites I cannot just “turn off the internet”, so I was wondering if I could “turn it off” for every site EXCEPT these two URLs?

TIA for any assistance.

Reply | Quote

Replies

Stargoo,

Welcome to the Lounge as a new poster. :cheers:

You could do this via the Hosts file but unfortunately it does not accept wild cards so you would have to make an entry for every web address in existence except for the two you want to use. Not very practical!

However, there is a free Proxy DNS program called Acrylic that does accept wild cards so you should be able to disable all urls with the exception of the two you want with only a couple of entries. I’m no expert in this area but I’ve used a hosts file before to keep people off of time killers like Facebook, MySpace, etc. and it works just fine so this method should work but it will take a little study on your part. HTH :cheers:

May the Forces of good computing be with you!

RG

PowerShell & VBA Rule!
Computer Specs

Reply | Quote

Thanks for the welcome RetiredGeek.

I read a comment somewhere in the wilds of the internet that suggested I might be able to do it without loading any additional software:

“set the dns server of the client to NOTHING, or an invalid address and then in the host file just put the hosts you want to resolve.”

I don’t know if this is a valid solution, and even if it is I have no idea how to go about doing that. I’d love to hear your opinion on that approach, especially in context of the impending XP obsolescence. Would that introduce a performance hit (eg. waiting for a timeout every time when it can’t find the DNS)?

Reply | Quote

Depends on what you are trying to achieve. As the Turkish President found out when trying to ban Twitter, there are ways around anything on the Internet. You don’t need DNS or HOSTS to surf the net, I have a few IP addresses memorised for use when DNS is down, and especially 8.8.8.8 (Google DNS) which allows me to use NSLOOKUP to find a website’s IP address when DNS is not working. (Note that some websites won’t respond to an IP address because they use a system called named virtual hosts.)

To use the method, get into your network adapter’s properties. Find the TCP/IP V4 protocol and look at its properties. Set DNS to “these addresses” and set them to something wild like 111.111.111.111. You now have no Internet name lookup, and trying a named website will result in a 20 second timeout. Now open a command window and enter a command like “nslookup http://www.bbc.co.uk 8.8.8.8″. Note the IP address returned (e.g. 212.58.246.91). Then use Notepad to edit C:windowssystem32driversetchosts with the line “212.58.246.91 http://www.bbc.co.uk”. You can now surf to the BBC website but no other (unless you know its IP address…)

Alternatively, and more effectively, you might be able to put a whitelist on your router/firewall – block access to all IPs then allow access to those VPN IPs and prioritise the second rule. You might be able to apply those rules to just your XP PC (remember to reserve it’s LAN IP address). Also remember to secure your router/firewall.

Ian.

Reply | Quote

Actually this is relatively trivial to do:

Go into Tools – Internet Options – Connections – Lan Settings – Proxy Server – Advanced (Make sure you
have use Proxy Server checked so you see advanced button not greyed out.)

Under HTTP “Proxy Address to Use” we type something like “Access Denied” (it honestly doesn’t
matter what you type as long as it’s not an ip address, “localhost” or a domain name) and leave the port
blank. Fill in the exceptions box with JUST the addresess for servers you want to connect to.

It’s similar in Firefox. Ther you would go to Tools- Options – Advanced – Network – Cpnnections – Settings and do the same.

Hope this helps.

Giles W. Riesner, Jr. | Lead Library Technician, Library Technology/Library System Administrator
The Community College of Baltimore County | 800 South Rolling Road | Catonsville, MD 21228 USA
Phone: 1-443-840-2736 | Email: griesner@ccbcmd.edu

Reply | Quote

Nice one Giles! Elegant and simple.

cheers, Paul

Reply | Quote