DNS Redirector
 Return to FAQ List


FAQ 75: Create 3 tiers of blocking

Category: BlockedIP function


Here's the scenario:
1) Allow most users to browse only a handful of sites that you specify (whitelist only, or no websites at all)
2) Allow some users* to browse more of the Internet (but not pornography, other categories, or sites that you specify)
3) Allow administrators and/or executives to enter a password* and browse all of the Internet unrestricted

Resolution

Set dnsredir.ini as follows...

RedirectIP=192.168.0.3
...this becomes the Blocked page for the 1st tier users (which will be shown for any site not defined in always.txt below)
AuthKeywordsFile=authorized.txt
...this is required for 1st tier users to bypass the restriction and become 2nd tier users
AlwaysKeywordsFile=always.txt
...this is used as the list of allowed websites that 1st tier users may visit, add any domain names you want. See FAQ 5 for other domains that you'll need to add here.

BlockedIP=192.168.0.2
...this becomes the Blocked page for the 2nd tier users
BlockedKeywordsFile=blocked.txt
...this is used as the list of blocked sites (use our keywords lists, or add any domain names you want)
BypassBlockFile=bypassblock.txt
...this is required for 2nd tier users to bypass the restriction and become 3rd tier users

* For a password login, use blocked -suggested.zip for each site in IIS (creating seperate sites at IP .0.3 and .0.2) see FAQ 76.
For integrating with Active Directory credentials see FAQ 100.
For setting the tier at logon see FAQ 77.
For setting the workstation to tier 2 based on IP, set AuthClientsFile=authclients.txt in dnsredir.ini and add all the IPs that should be 2nd tier users to the authclients.txt file.

It may be helpful to distinguish between the blocked pages for each tier, we suggest the site at .0.3 says "BLOCKED ALL" whereas the site at .0.2 says "BLOCKED"



Related articles
FAQ 5  Block everything and allow just a few sites

 
DNS Redirector | Legal Information | 2003-2017