Join 3,363 readers in helping fund MetaFilter (Hide)


Is there a simple (client-side) way to allow web access to one domain only on a machine?
August 3, 2012 11:56 AM   Subscribe

Is there a simple (client-side) way to allow web access to one domain only on a machine?

I'm trying to set up a little touchscreen terminal at a business in order to make their site easily available to in-store customers. I figured I'd just set the browser full screen and disable "right" clicking. However, I'm not sure of a way to disallow the site's outbound links.

I don't have the experience/vernacular to do anything beyond the very basics on the server-side of things. So, I'm hoping there might be a software solution for this one computer.

(Also, I don't think a local offline copy of the site would work that well here either -- as it's a relatively frequently updated Wordpress site.)

Besides disabling the extra-domained links, are there any other settings I should consider for this site-specific terminal project? Thanks for your help.
posted by glibhamdreck to Technology (4 answers total)
 
Assuming this is a Windows machine, you want to look at configuring Kiosk mode. If it's a different type of machine, you need to perform a similar lockdown. This machine needs to be firewalled from everything on the network except that website. Incidentally, that will also disable any outbound links -- they'll just time out.

Is this an e-commerce website that accepts payment? If so, stop and do not pass go. PCI violations that you are clearly not qualified to address if you're asking this question. Call an infosec professional to design a deployment architecture.

If you want to get really fancy, you can access the website through mod_proxy for Apache, and rewrite extra-domain links to be null.
posted by bfranklin at 12:06 PM on August 3, 2012


You can:

Enable whatever firewall your OS supports and block outbound http/https to everywhere but the site you want.

But beware that some other OS things like system updates, that little widget that shows you the weather, etc. may also be using http/https behind the scenes and you'll end up breaking them as well.

Or:

Configure a local to the host proxy server and configure it to deny anything but the site you want. Configure the browser to use the proxy. Lock down browser to prohibit configuration changes.
posted by zengargoyle at 12:10 PM on August 3, 2012


One cheap way would be to remove any DNS entries in the networking config and put a HOSTS file that maps the one good site to an IP number.

Though, I'd just get SiteKiosk Basic and set it up. We used it at the museum I worked at and it was easy and reliable.
posted by advicepig at 12:14 PM on August 3, 2012 [1 favorite]


Opera kiosk mode.
posted by Monsieur Caution at 1:00 PM on August 3, 2012


« Older I'd like to acquire a very ser...   |  K-Cup Keurig Coffee Maker Drin... Newer »
This thread is closed to new comments.