Pinterest Stumbleupon Whatsapp

Did you get Privoxy set up? Put together a good white list of sites? If you haven’t, head on back to How To Restrict Access to Websites with Privoxy [Part 1] before continuing with this tutorial.

Part Two is all about locking down Internet Explorer so it can only connect to the Internet through the Privoxy server and thus only able to access the websites you want. Then, we’ll look at ways of securing that connection so that people can’t circumvent it so easily. I’ll be working with Internet Explorer 7 (IE7) on my Windows XP Home computer. However, the principles should also apply to Vista and Internet Explorer 8. They do work on XP Pro and IE6 as well.

Step One: Force the Connection in IE7

Open up IE7 and look for the Tools button near the top right-hand side. Click on it, then on Internet Options.

how to restrict access to websites

The Internet Options window will open. Click on the  Connections tab. Once you are in the Connections area, you’ll see a button at the bottom of the window called LAN Settings. Go ahead and click on that.



The Local Area Network (LAN) Settings window opens. This is where we will set the IP address and port number so it only connects to Privoxy. When you get to this window, the check box labeled Use a proxy server for your LAN… will be unchecked. Put a check-mark in it. It should already be set to the correct IP address and port, which is and port 8118. Click OK to return to the Connections window.


NOTE: If there is anything listed in the Dial-Up and Virtual Private Network setting box, simply select it, click on the Settings button and set it to use the proxy server, just like you did for the LAN. This is especially useful if your user can connect with a cellular card, satellite Internet, or dial-up connection. Do this for each connection listed.

Now IE7 will connect only through the Privoxy server and will only access the sites on your white list. Let’s do some things to keep it that way.

Step Three: Edit the Registry

You read that right, we’re editing the registry to prevent others from removing your settings from Internet Explorer. We are going there. As always, don’t go in the registry unless you feel confident, and always back up your registry before making changes. I think I have to say that by law. So now that’s over with, let’s move on.

Click on the Start button and then on the Run icon in the start menu.


The Run application will open. Type in the command regedit and click OK.


The Registry Editor will open. Time to make the backup! Click on File > Export.


Name the file with something meaningful. You could use today’s date so you know when the back up was made. Click Save to, well… Save it.


Let’s make some changes.

We’re going to do this through a .reg file that we can merge with the registry. Sounds crazy, but it works. To write a .reg file, open up Notepad.

Now, copy and paste the following lines in exactly as they read:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINESoftwarePoliciesMicrosoftInternet ExplorerControl Panel]
“Connection Settings”=dword:00000001
“Connection Wizard”=dword:00000001

By setting the dword value to 00000001, you are telling the registry that, yes, you want to restrict access to the Connections Tab, Connection Settings and the Connection Wizard.

Now that you have that in your Notepad file, you need to save it as a .reg file. I suggest saving the file to your Desktop for ease of finding when you are done. Here’s what you need to do when you save it: name the file something good like disable_connections.reg

Seriously, we’re almost done. Find the disable_connections.reg file you’ve just saved. Right-click on it and click Merge.


You’ll be asked if that’s what you really want to do. It’s up to you, but if you’ve come this far, you might as well commit. Click Yes.

The Registry Editor is kind enough to let you know that the merge is done. Why don’t we thank it by clicking OK? That’s nice, isn’t it?


Just to make sure it worked and I’m not lying to you, open up IE7, click on Tools > Internet Options. Look! No Connections tab!

Try going to a few sites that aren’t on your white list to test it. Then try going on a few sites that are on your white list. It should work.

I hope this tutorial has sparked some interest in using this to increase your information security. There’s much more that you can do with Privoxy and the registry to enforce compliance to your Internet Acceptable Use Policy.

Yes, there are ways around what I just showed you, such as using Portable Firefox, but that can be disabled in the registry too. But, as they say — that’s another story.

Let us know if this worked for you. Or if you know any other cool, free software ways to control Internet access. That’s what the comments are for!

Image credit: delboy74

  1. Nishant
    October 22, 2009 at 2:06 am

    Is this settings restricted to only IE or same is applicable in Firefox.

    • Guy McDowell
      October 22, 2009 at 7:54 pm

      Honestly, I'm not sure how to set up Firefox in a similar manner.

  2. Ron
    June 15, 2009 at 2:45 pm

    FYI: I was just searching my HD for any other notes I might have had on Privoxy and found that it is included as part of OperaTor. Makes sense, limits access to their network of servers.

  3. Guy McDowell
    June 14, 2009 at 11:50 pm

    In the real world case where I used it, the users were of the Admin and lower groups. It worked reasonably well.

    Normally, I wouldn't have used this approach at all. But what I had was about 50 users all connecting directly to the Internet via cellular cards (1x modems). We didn't have the funds to afford for our ISP to control access so this was the next best solution. It's definitely one big work-around.

    • Georges K.
      June 15, 2009 at 12:04 am

      Yeah, I think in your particular case it worked out well.
      make sure you check out, for small environments, it may work reasonably well, and has a web interface for managing access... though in the case where you'd only want a kiosk mode to give access to only 1 or 2 websites, your method may be better using Privoxy.

  4. Georges K.
    June 14, 2009 at 1:36 am

    I had never heard of Privoxy, sounds like a call solution for a home, or an SMB to control client access, for enterprises, I would think a more robust content filtering solution would be in order.

    Regarding the second part though, regarding locking down IE. IMHO, this is security by obscurity at best. Given someone who is more or less technically savvy, it's quite easy for them to get into the registry and revert this back. Ideally, this change would be best done through a GPO, in which case, it can't be overriden by the user.

    There is another piece of software that is similar to this, with a nicer interface, and doesn't require a manual proxy setting, made by Bluecoat (Enterprise web filtering), though they have a "Personal Use" version called K9 Web Protection.

    • Guy McDowell
      June 14, 2009 at 9:26 pm

      Exactly, it is best for the home or small to medium sized business with the usual shoetstring IT budget.

      As far as the registry hacks go, you can go deeper if you wish and deny access to the registry or modifications to the registry after you have applied all the hacks you want. If you want to lock out other web browsers or USB based applications that could circumvent Privoxy, that can be done in the registry too.

      I'm thinking of doing an e-book that goes into far greater detail on how I prep a computer for a field user. Any interest in that? Let me know.

      • Georges K.
        June 14, 2009 at 10:04 pm

        you're right, I think in a situation like this though, IMHO, it becomes a management nightmare, especially if you're locking down registry with NTFS perms. Also, this will only be as good as the user privileges within their profile. So in order for the registry lock down to work, the user would have to be a power user or below, or, they will be able to somehow figure it out, depending on how smart they are :)

        That's mostly why I usually go for domain controlled methods (i.e GPO), as they cannot be easily circumvented by users no matter what they do ... (short of hacking your domain I guess... but at this point, I would imagine you would have much bigger problems than figuring out who was trying to visit :)

        Regarding your e-Book. I'd definitely read it, I'm always in or getting new ideas on doing things.

        As much as I am playing devil's advocate on this blog entry, it still remains my favorite type of blog entries to read :) ... so keep'em comin' guy!

Leave a Reply

Your email address will not be published. Required fields are marked *