[TriLUG] MAC-based web blocking
Brian Henning
brian at strutmasters.com
Wed Sep 6 16:27:14 EDT 2006
The reason I don't want to use IP-based rules is that our problem users
are probably resourceful enough to try resetting their IPs.
But yeah, I was already on that track; glad to have some encouraging
suggestions. :-)
Thanks!
~B
Stephen Roller wrote:
> On Wed, 2006-09-06 at 15:37 -0400, Brian Henning wrote:
>> I need to selectively block access to web sites based on MAC address of
>> the browsing computer. It needs to be essentially transparent to
>> everyone except the computers of the users with whom we have issues
>> (fortunately $boss is not to the "$coworker has ruined it for everyone"
>> stage, and is just saying "block $coworker's access"). In other words,
>> I need "MAC addr xx:xx:xx:xx:xx:xx is only allowed to access this list
>> of sites."
>
> Squid (http://www.squid-cache.org/) can do that.
> http://www.visolve.com/squid/squid24s1/access_controls.php
> search for "MAC address" in this page. Of course, the proxy has to be
> on the same subnet.
>
> It might be easier to do it based on IP address. If you add a static
> entry to your DHCP table (Mac addr xx:xx:xx:xx:xx:xx always gets IP
> yyy.yyy.yyy.yyy). But you don't have to if you don't want to. Like I
> said, it can do MAC addresses just fine.
>
--
----------------
Brian A. Henning
strutmasters.com
336.597.2397x238
----------------
More information about the TriLUG
mailing list