restricting url access on public kiosk
June 11, 2006 5:34 PM   Subscribe

If you were setting up a public kiosk and wanted to limit Firefox's access to five different URLs, how would you do it?

It doesn't need to be a bulletproof solution--I don't need to disable ctrl-f4 or anything. I'm just looking for a way to stick a whitelist within firefox if possible. Also, this is on a machine with windows XP pro. Thank you.

p.s. linksys router. Should I stick the whitelist there?
posted by mecran01 to Computers & Internet (13 answers total) 1 user marked this as a favorite
 
Are you running Windows XP in Kiosk mode?
posted by k8t at 5:41 PM on June 11, 2006


No, I didn't even know it had a kiosk mode (off to google that)
posted by mecran01 at 5:42 PM on June 11, 2006


You could use Adblock and enable site blocking and then whitelist the 5 sites that you approve of with a block on a wildcard for everything else (http://*.*). There are several versions of Adblock out there - I would try the one at adblockplus.mozdev.org.
posted by Dipsomaniac at 6:01 PM on June 11, 2006


Sweet, elegant solution. Thanks!
posted by craniac at 6:03 PM on June 11, 2006


You might want to do more than http://*.*

That won't catch https or ftp.
posted by crypticgeek at 6:27 PM on June 11, 2006


As an added measure that isn't as easily turned off with a couple of clicks: you could add the objectionable hostnames to the computer's HOSTS file.
posted by scarabic at 6:28 PM on June 11, 2006


Or you could add the servers for those five URLs to the HOSTS file, and then set the DNS server in the network config to junk like 127.0.0.1. Only those five URLs will work by name. Everything else will require an IP address.
posted by smackfu at 6:31 PM on June 11, 2006 [1 favorite]


I would block every IP except the good ones in a firewall. Adblocks are much too easy to bypass, and the Hosts file approach operates at the level of URLs, not IPs.

It should be possible to put that in your router, or to get a relatively cheap external firewall device. If you're careful to change the access password, it should be pretty bullet-proof as long as hostile users can't physically rewire the network connections.
posted by Steven C. Den Beste at 6:41 PM on June 11, 2006


Allow that computer's fixed IP access to only those sites at an external firewall or router.
posted by odinsdream at 7:12 PM on June 11, 2006


PeerGuardian seems like a good application here. It can block both incoming and outgoing traffic based on IP lists without any hassle.

http://phoenixlabs.org/

http://en.wikipedia.org/wiki/Peerguardian
posted by deceptiv at 2:39 AM on June 12, 2006


Also, limit temptattion by removing the URL bar & putting the 5 white URLs into the bookmarks toolbar, so all the user can do really is click on those 5 buttons.
posted by scalefree at 6:54 AM on June 12, 2006


minor nit: if you set the DNS server address to junk and add the whitelist in the hosts file, it will indeed operate on the level of IPs. (the code that does the translation there will look in DNS, get nothing, and then look in the hosts file.) agree that this should be done in the firewall and not on the kiosk machine; the linksys (if memory servers) has a place to do this, so best to do it there.
posted by mrg at 8:01 AM on June 12, 2006


I like the hosts file idea, but instead of setting the DNS server address to "junk", you could point it at a page explaining why their access is restricted, and linking to the accessible URLs.
posted by robcorr at 1:54 AM on June 13, 2006


« Older What are some decent latin nightlife spots in...   |   easy way to restore mbr in winXP after removing... Newer »
This thread is closed to new comments.