How To Restrict Access to Websites with Privoxy [Part 2]

Ads by Google

workinginternet   How To Restrict Access to Websites with Privoxy [Part 2]Did you get Privoxy set up? Put together a good white list of sites? If you haven’t, head on back to How To Restrict Access to Websites with Privoxy [Part 1] before continuing with this tutorial.

Part Two is all about locking down Internet Explorer so it can only connect to the Internet through the Privoxy server and thus only able to access the websites you want. Then, we’ll look at ways of securing that connection so that people can’t circumvent it so easily. I’ll be working with Internet Explorer 7 (IE7) on my Windows XP Home computer. However, the principles should also apply to Vista and Internet Explorer 8. They do work on XP Pro and IE6 as well.

Step One: Force the Connection in IE7

Open up IE7 and look for the Tools button near the top right-hand side. Click on it, then on Internet Options.

step 1   How To Restrict Access to Websites with Privoxy [Part 2]

The Internet Options window will open. Click on the  Connections tab. Once you are in the Connections area, you’ll see a button at the bottom of the window called LAN Settings. Go ahead and click on that.

step 2   How To Restrict Access to Websites with Privoxy [Part 2]

Ads by Google

The Local Area Network (LAN) Settings window opens. This is where we will set the IP address and port number so it only connects to Privoxy. When you get to this window, the check box labeled Use a proxy server for your LAN… will be unchecked. Put a check-mark in it. It should already be set to the correct IP address and port, which is 127.0.0.1 and port 8118. Click OK to return to the Connections window.

step 3   How To Restrict Access to Websites with Privoxy [Part 2]

NOTE: If there is anything listed in the Dial-Up and Virtual Private Network setting box, simply select it, click on the Settings button and set it to use the proxy server, just like you did for the LAN. This is especially useful if your user can connect with a cellular card, satellite Internet, or dial-up connection. Do this for each connection listed.

Now IE7 will connect only through the Privoxy server and will only access the sites on your white list. Let’s do some things to keep it that way.

Step Three: Edit the Registry

You read that right, we’re editing the registry to prevent others from removing your settings from Internet Explorer. We are going there. As always, don’t go in the registry unless you feel confident, and always back up your registry before making changes. I think I have to say that by law. So now that’s over with, let’s move on.

Click on the Start button and then on the Run icon in the start menu.

registry 1   How To Restrict Access to Websites with Privoxy [Part 2]

The Run application will open. Type in the command regedit and click OK.

registry 2   How To Restrict Access to Websites with Privoxy [Part 2]

The Registry Editor will open. Time to make the backup! Click on File > Export.

export registry   How To Restrict Access to Websites with Privoxy [Part 2]

Name the file with something meaningful. You could use today’s date so you know when the back up was made. Click Save to, well… Save it.

export registry 2   How To Restrict Access to Websites with Privoxy [Part 2]

Let’s make some changes.

We’re going to do this through a .reg file that we can merge with the registry. Sounds crazy, but it works. To write a .reg file, open up Notepad.

Now, copy and paste the following lines in exactly as they read:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINESoftwarePoliciesMicrosoftInternet ExplorerControl Panel]
“ConnectionsTab”=dword:00000001
“Connection Settings”=dword:00000001
“Connection Wizard”=dword:00000001

By setting the dword value to 00000001, you are telling the registry that, yes, you want to restrict access to the Connections Tab, Connection Settings and the Connection Wizard.

Now that you have that in your Notepad file, you need to save it as a .reg file. I suggest saving the file to your Desktop for ease of finding when you are done. Here’s what you need to do when you save it: name the file something good like disable_connections.reg

Seriously, we’re almost done. Find the disable_connections.reg file you’ve just saved. Right-click on it and click Merge.

merge 1   How To Restrict Access to Websites with Privoxy [Part 2]

You’ll be asked if that’s what you really want to do. It’s up to you, but if you’ve come this far, you might as well commit. Click Yes.

The Registry Editor is kind enough to let you know that the merge is done. Why don’t we thank it by clicking OK? That’s nice, isn’t it?

merge 3   How To Restrict Access to Websites with Privoxy [Part 2]

Just to make sure it worked and I’m not lying to you, open up IE7, click on Tools > Internet Options. Look! No Connections tab!

Try going to a few sites that aren’t on your white list to test it. Then try going on a few sites that are on your white list. It should work.

I hope this tutorial has sparked some interest in using this to increase your information security. There’s much more that you can do with Privoxy and the registry to enforce compliance to your Internet Acceptable Use Policy.

Yes, there are ways around what I just showed you, such as using Portable Firefox, but that can be disabled in the registry too. But, as they say — that’s another story.

Let us know if this worked for you. Or if you know any other cool, free software ways to control Internet access. That’s what the comments are for!

Image credit: delboy74

Ads by Google

8 Comments - Write a Comment

Reply

Georges K.

I had never heard of Privoxy, sounds like a call solution for a home, or an SMB to control client access, for enterprises, I would think a more robust content filtering solution would be in order.

Regarding the second part though, regarding locking down IE. IMHO, this is security by obscurity at best. Given someone who is more or less technically savvy, it’s quite easy for them to get into the registry and revert this back. Ideally, this change would be best done through a GPO, in which case, it can’t be overriden by the user.

There is another piece of software that is similar to this, with a nicer interface, and doesn’t require a manual proxy setting, made by Bluecoat (Enterprise web filtering), though they have a “Personal Use” version called K9 Web Protection.

Guy McDowell

Exactly, it is best for the home or small to medium sized business with the usual shoetstring IT budget.

As far as the registry hacks go, you can go deeper if you wish and deny access to the registry or modifications to the registry after you have applied all the hacks you want. If you want to lock out other web browsers or USB based applications that could circumvent Privoxy, that can be done in the registry too.

I’m thinking of doing an e-book that goes into far greater detail on how I prep a computer for a field user. Any interest in that? Let me know.

Georges K.

you’re right, I think in a situation like this though, IMHO, it becomes a management nightmare, especially if you’re locking down registry with NTFS perms. Also, this will only be as good as the user privileges within their profile. So in order for the registry lock down to work, the user would have to be a power user or below, or, they will be able to somehow figure it out, depending on how smart they are :)

That’s mostly why I usually go for domain controlled methods (i.e GPO), as they cannot be easily circumvented by users no matter what they do … (short of hacking your domain I guess… but at this point, I would imagine you would have much bigger problems than figuring out who was trying to visit greatpr0n.com :)

Regarding your e-Book. I’d definitely read it, I’m always in or getting new ideas on doing things.

As much as I am playing devil’s advocate on this blog entry, it still remains my favorite type of blog entries to read :) … so keep’em comin’ guy!

Reply

Guy McDowell

In the real world case where I used it, the users were of the Admin and lower groups. It worked reasonably well.

Normally, I wouldn’t have used this approach at all. But what I had was about 50 users all connecting directly to the Internet via cellular cards (1x modems). We didn’t have the funds to afford for our ISP to control access so this was the next best solution. It’s definitely one big work-around.

Georges K.

Yeah, I think in your particular case it worked out well.
make sure you check out http://k9webprotection.com, for small environments, it may work reasonably well, and has a web interface for managing access… though in the case where you’d only want a kiosk mode to give access to only 1 or 2 websites, your method may be better using Privoxy.

Reply

Ron

FYI: I was just searching my HD for any other notes I might have had on Privoxy and found that it is included as part of OperaTor. Makes sense, limits access to their network of servers.

Reply

Nishant

Is this settings restricted to only IE or same is applicable in Firefox.

Guy McDowell

Honestly, I’m not sure how to set up Firefox in a similar manner.

Your comment