Pinterest Stumbleupon Whatsapp
Ads by Google

This is a method that is best used to control network users to only have access to a limited number of websites. Alternatively, you may use it on home computers to restrict access to websites that you trust. Once the system is in place, you can work with Privoxy further to hone it to your needs. The system is not foolproof – no system for web access control is – however it has worked extremely well for me in the past.

I developed this system to deal with remote clients accessing non-work related websites via cellular-based Internet access. If your company has the means to implement a VPN, or to work with your service provider on a solution, that’s probably the best way to go. For small and medium sized business, this works just fine.

Part One: Implement Privoxy on Your Server

Privoxy is an open source proxy server that can help you control what your users connect to on the Internet. Since it is free for personal or corporate use, the documentation is somewhat limited, but that’s what this article is for. Go ahead and download Privoxy. I’m working on Windows XP, but this tutorial should be useful for other operating systems.

Step One: Install Privoxy

Once you have the Privoxy installer downloaded, find it and double-click on it to begin the installation.

privoxy_installer

Ads by Google

First, you will see a screen with a warning. Read it carefully and click Next if it seems right to do so.

privoxy_security_warningNext, you’ll encounter the Installation Options window, asking you what options you would like with your Privoxy. Want fries with that? By default, all three options are checked. There is no need to change them. Click Next, please.

privoxy_1

Now, the Privoxy Setup will ask where you would like the program installed. I use the default location.

privoxy_3

Once installed, you’ll see the final screen. Click OK, you know you want to.privoxy_2

That’s the installation part of setting up Privoxy. Now let’s move on to using Privoxy as a White List Proxy Server

Step Two: Configure Privoxy Server to Restrict Access To Websites You Trust

Yep, seems like a lot. Hang in there, sunshine. Once the installation is complete, Privoxy should open up a window that resembles Notepad more than a program. Click on Options > Edit Main Configuration.privocy_config_1Now, Notepad will in fact open. It’ll be a configuration file in which you’ll need to change a few lines. The changes are simple to make, don’t panic. You can do it.

The first thing we need to change is the trustfile variable. Scroll down to 2.7. trustfile. Scroll down a little futher until you see the line #trustfile trust.txt. Just delete the pound sign (#) at the front of this line. Now save the document. We’ll come back to this in Step 3.

trust_file1

Now, look for the line that reads 4.1. listen-address. Scroll down a bit further from there and find listen-address  127.0.0.1:8118. That is your IP address and the port that Privoxy will listen for traffic on. If you are using this in your home, it’s probably best to leave it as it is. In the workplace, you want the IP address to be the static IP of your server. Once you have your IP address and port set, save the document.

listen_address

Step 3: Set Up Your Trust List

To do this, you need to navigate to the trust.txt file. You’ll find that by opening your Start menu. Go to All Programs > Privoxy > Edit Config and click on Trust list. Yep, another Notepad file.

edit_trust_list

Look for the line that reads ~config.privoxy.org. This is where you start adding the sites you want whitelisted. If you put a tilde (~) in front of a domain name, Privoxy will allow access to only that domain. If you put a plus sign (+) in front of the domain, Privoxy will allow access to that domain as well as any domains to which that one refers.

trust_list_1

Here’s a sample:

+guymcdowell.com will allow you to access guymcdowell.com and any sites linked to from it.
~makeuseof.com will allow you to access only makeuseof.com.

This can get tricky since some sites are dependent on subdomains to function. Hotmail is a good example of this. So, you may need to add few entries such as:
+*.hotmail.com – Allows you to access such things as mail.hotmail.com, blah.hotmail.com and more. How? Because the asterisk (*) is a wildcard character. Sneaky, huh?

So sit down and reflect upon what websites a person really needs to access to get their work done. Make a list and enter it in the trust.txt file accordingly. Remember to save the file as well.

That’s how you set up Privoxy as a whitelist proxy server. Stay tuned for Part Two where I show you how to force Internet Explorer to only use the Privoxy server as its gateway to the Internet, and make it very difficult to circumvent. We get into the registry! Super cool!

Are you totally confused or do you have any questions? Are you familiar with any better tool to restrict access to websites on your network or home PC? Go on and shoot them into the comments!

Image credit: delboy74

  1. reedone816
    December 21, 2015 at 9:28 am

    it's been 6 years, but still useful.
    thanks, i successfully implement it in my workplace.

    • Guy McDowell
      December 21, 2015 at 8:44 pm

      Glad it's helping you out. In a small business where a small set of sites are actually necessary, Privoxy is a good choice.

  2. mark
    July 21, 2009 at 10:15 pm

    with the default seetings, it doesn't seem to allow https of a domain that is on the whitelist? what do i need to adjust?

  3. James G
    June 14, 2009 at 10:36 am

    Another simple option is to modify your \Windows\System32\Drivers\etc\hosts file and add any domains you don't want to resolve to 127.0.0.1, like this:

    127.0.0.1 badsite.com

    Works great! And easy!

    • Guy McDowell
      June 14, 2009 at 9:21 pm

      That does work very well and very simply, if you are only controlling the local machine. It doesn't work that great for networked machines.

      Good advice for someone who shares their machine though. Thanks!

  4. jonwu
    June 10, 2009 at 4:57 pm

    Is there a way to use different white lists for different user groups?

    • Guy McDowell
      June 10, 2009 at 10:33 pm

      With this method, I don't think there is. Unless you set up the browser for the different groups to point to different ports. At that point, you probably have a large enough user base to have a large enough company to afford a more comprehensive package.

Leave a Reply

Your email address will not be published. Required fields are marked *