How can access only one web site?
Moderator: Qbik Staff
6 posts
• Page 1 of 1
How can access only one web site?
by greenpierre » Dec 12 07 2:10 pm
I want to set up wingate to access only one web site like ; some users can access all web sites but some others can access only one web site.PLss help me.
- greenpierre
- Posts: 4
- Joined: Dec 12 07 1:48 pm
by jasona » Dec 12 07 2:17 pm
This is very easy to do using policies.
the below is taken from the knowledge base on the WinGate site
1. Open Gatekeeper on the WinGate server.
2. Double click the WWW Proxy Server from the Service tab.
3. Open the Policies tab.
4. Select Default Rights (System Policies) are ignored,
5. Click Add.
6. In the Properties for new recipient dialogue select the Recipient tab and select the Users/groups to whom this policy will apply.
7. Select the Advanced tab and choose Specify which requests this recipient has rights for
8. Click Add filter,Add criterion.
9. Choose This criterion is met if
10. HTTP URL
11. contains
12. wingate
13. Ok your way out.
This has created a policy that allows access ONLY to any URL that contains WinGate.
If you wish to explicitly allow access to more sites repeat steps 7-12. We could have specified a complete URL
the below is taken from the knowledge base on the WinGate site
1. Open Gatekeeper on the WinGate server.
2. Double click the WWW Proxy Server from the Service tab.
3. Open the Policies tab.
4. Select Default Rights (System Policies) are ignored,
5. Click Add.
6. In the Properties for new recipient dialogue select the Recipient tab and select the Users/groups to whom this policy will apply.
7. Select the Advanced tab and choose Specify which requests this recipient has rights for
8. Click Add filter,Add criterion.
9. Choose This criterion is met if
10. HTTP URL
11. contains
12. wingate
13. Ok your way out.
This has created a policy that allows access ONLY to any URL that contains WinGate.
If you wish to explicitly allow access to more sites repeat steps 7-12. We could have specified a complete URL
- jasona
- Qbik Staff
- Posts: 140
- Joined: Nov 12 07 2:52 pm
- Location: Auckland
:(((
by greenpierre » Dec 12 07 2:54 pm
its useless i did everything that u said but still my X user pc can enter all sites in the web.
- greenpierre
- Posts: 4
- Joined: Dec 12 07 1:48 pm
Maybe u need to know my configurations
by greenpierre » Dec 12 07 3:05 pm
1.in the users tab i have 3 different users(user1,user2,user3) and all of them in the users group
2.i assumed this users
3.In the users tab system policies: i added everyone with unrestricted rights
4.In the services tab proxy server properties:
**policies = user1 added with (are ignored)
and http rules = http url contains "wingate"
but when i try to enter any web site user1 pc can enter
2.i assumed this users
3.In the users tab system policies: i added everyone with unrestricted rights
4.In the services tab proxy server properties:
**policies = user1 added with (are ignored)
and http rules = http url contains "wingate"
but when i try to enter any web site user1 pc can enter
- greenpierre
- Posts: 4
- Joined: Dec 12 07 1:48 pm
by logan » Dec 12 07 3:34 pm
From what you have said so far, it sounds like your client computers are not connecting to the internet through the WWW Proxy, but by another method. You can make sure that all your client computers are using the WWW Proxy Server by transparently redirecting all port 80 (HTTP) traffic through the proxy.
Gatekeeper > Services > WWW Proxy Server > Sessions
- Select "Intercept connections made via ENS..."
- Add port 80 to the list
Also, remember that policies which grant the user the most access rights will always be used. This means if you have a policy setup that restricts a user to only one website, but there is another policy that grants all users unrestricted access, the policy that grants unrestricted access will be used since it lets the user access the website in question.
Now that all HTTP traffic is going through the WWW Proxy Server, you will have full control over your clients www usage and the WWW Proxy Policies can show their true colors. Here's how I would go about setting up your scenario. Before following these steps, remove any policies that currently exist in the WWW Proxy.
Restricting all users to one website:
1. Navigate to Gatekeeper > Services > WWW Proxy Server > Policies
2. Change the default rights to "are ignored"
This stops the proxy from using the System Policies after checking it's own.
3. Click Add
4. Goto the Advanced tab
You can leave all the other tabs as their default settings, you will only need to adjust the advanced tab for this policy.
5. Select "Specify which requests this recipient has rights for"
6. Click Add Filter
7. Click Add Criterion
8. Set the criterion as [This criterion is met if] [HTTP URL] [contains] [example.com]
replace example.com with the website you want to restrict everyone to
9. Click OK, OK, then OK to finalise the change
All your client computers should now only be able to visit the website that you specified. Now you can create a new policy that overrides the existing one to allow a certain group of people unrestricted access to the internet.
Allowing Unrestricted access for a specific group of users:
1. Create a new user group in the user database and give it a name like "Unrestricted" or "Full Access"
2. Add the users that you want to grant full internet access to the group
3. Navigate to Gatekeeper > Services > WWW Proxy Server > General
4. These unrestricted users are going to need to authenticate themselves before WinGate can grant them unrestricted access, so select one authentication method under "Authentication where required by policies".
I suggest using the Java client when using the WinGate user database, or NTLM when using the Windows user database as these are the most secure methods.
5. Goto the Policies section of the WWW Proxy
6. Click Add to make a second policy
7. Under the recipient tab, select "Specify user or group" and select the new group you just created from the list.
8. Change the authentication level from "user may be unknown" to "user may be assumed" or "user must be authenticated" to require authentication from users in this group.
The authentication level you choose depends on the authentication method you chose earlier. Secure methods can use "must be authenticated" while insecure methods must use "may be assumed".
9. Click OK, OK, the OK to finalise the change.
When users browse to websites other than the one that was allowed in the first policy, they will now be prompted for authentication. If a username and password is entered from the user group specified in the second policy, the user will be allowed to access all other websites.
Gatekeeper > Services > WWW Proxy Server > Sessions
- Select "Intercept connections made via ENS..."
- Add port 80 to the list
Also, remember that policies which grant the user the most access rights will always be used. This means if you have a policy setup that restricts a user to only one website, but there is another policy that grants all users unrestricted access, the policy that grants unrestricted access will be used since it lets the user access the website in question.
Now that all HTTP traffic is going through the WWW Proxy Server, you will have full control over your clients www usage and the WWW Proxy Policies can show their true colors. Here's how I would go about setting up your scenario. Before following these steps, remove any policies that currently exist in the WWW Proxy.
Restricting all users to one website:
1. Navigate to Gatekeeper > Services > WWW Proxy Server > Policies
2. Change the default rights to "are ignored"
This stops the proxy from using the System Policies after checking it's own.
3. Click Add
4. Goto the Advanced tab
You can leave all the other tabs as their default settings, you will only need to adjust the advanced tab for this policy.
5. Select "Specify which requests this recipient has rights for"
6. Click Add Filter
7. Click Add Criterion
8. Set the criterion as [This criterion is met if] [HTTP URL] [contains] [example.com]
replace example.com with the website you want to restrict everyone to
9. Click OK, OK, then OK to finalise the change
All your client computers should now only be able to visit the website that you specified. Now you can create a new policy that overrides the existing one to allow a certain group of people unrestricted access to the internet.
Allowing Unrestricted access for a specific group of users:
1. Create a new user group in the user database and give it a name like "Unrestricted" or "Full Access"
2. Add the users that you want to grant full internet access to the group
3. Navigate to Gatekeeper > Services > WWW Proxy Server > General
4. These unrestricted users are going to need to authenticate themselves before WinGate can grant them unrestricted access, so select one authentication method under "Authentication where required by policies".
I suggest using the Java client when using the WinGate user database, or NTLM when using the Windows user database as these are the most secure methods.
5. Goto the Policies section of the WWW Proxy
6. Click Add to make a second policy
7. Under the recipient tab, select "Specify user or group" and select the new group you just created from the list.
8. Change the authentication level from "user may be unknown" to "user may be assumed" or "user must be authenticated" to require authentication from users in this group.
The authentication level you choose depends on the authentication method you chose earlier. Secure methods can use "must be authenticated" while insecure methods must use "may be assumed".
9. Click OK, OK, the OK to finalise the change.
When users browse to websites other than the one that was allowed in the first policy, they will now be prompted for authentication. If a username and password is entered from the user group specified in the second policy, the user will be allowed to access all other websites.
- logan
- Qbik Staff
- Posts: 671
- Joined: Oct 19 06 2:49 pm
- Location: Auckland, New Zealand
6 posts
• Page 1 of 1
Who is online
Users browsing this forum: No registered users and 16 guests