Fork me on GitHub

Limiting users to your Website

No addressbar

The easiest way to limit users to your Website, in your order is to select "User interface without URL address bar, used for limiting users to your homepage" or the advanced API command chrome=webcnoaddressbar. This modifies the User Interface to remove the URL addressbar, so that users are effectively walled into your homepage and its links.

Beware your homepage's external link might link to Google and allow that user to browse effectively anywhere.

Fine grained filtering as a Webconverger product (recommended)

From Webconverger 24, we have a simpler filter=BLACKLIST_URL,REDIR_IP API which is able to filter on DNS wildcards.

From March 2014, Webconverger provides a competitive service http://filter.webconverger.com/ where you can select categories of sites (this is kept uptodate) you want to block, as well as your own whitelist/blacklist and it creates/maintains the BLACKLIST_URL.

It offers the same functionality as OpenDNS, though at 3/4 of the cost. Please contact sales.

Coarse grained filtering with the hosts= API (not supported)

Using the hosts file is a naive way of filtering Web access of your Webconverger deployments. It's by no means fool-proof, and you need to be able to create the file yourself for the time being on a public URL since we don't offer a configuration Web user-interface for it atm.

Note the hosts file is only setup on boot, so if you change the hosts= file you need to reboot the machine for it to take affect of any modified rules.

WARNING: If the hosts file fails to retrieve, the machine can be left unprotected. We will make this feature more failsafe, i.e. if the hosts file fails to download, it will show a graphic to that affect and halt.

iptables API

Iptables man page

E.g. to block the IP 8.8.8.8

iptables=-I%20INPUT%20-s%208.8.8.8%20-j%20DROP

You can have multiple iptables= commands and they will be processed in order.

Blacklist

Specifying hosts=http://example.webconverger.com/blacklist will replace /etc/hosts with the black list http://example.webconverger.com/blacklist.

To attempt to blacklist for example reddit.com, you would typically add lines in this format:

255.255.255.255 reddit.com
255.255.255.255 www.reddit.com

Therefore the machine would be blacklisted to surf upon reddit.com, however's reddit's content might be available through other websites or subdomains so this method is not fool-proof.

Whitelist

To setup a whitelist where only domains you specify can be accessed since the DNS service is disabled, your hosts= value must contain the word whitelist.

For example: hosts=http://example.webconverger.com/whitelist

http://example.webconverger.com/whitelist contains the sites you explicitly want to resolve/allow.

How to prevent users leaving public kiosks in a "bad state"

You will want to consider the kiosk reset options in order to reset Webconverger to your site every say, 3 minutes. This can help avoid an unsupervised Webconverger kiosk being set on a non-mandated Website for too long in public spaces.

Further un-supported options

Using your router or wireless access point

As mentioned on http://webconverger.org/blog/entry/Better_Routing_wanted

3rd party firmware like OpenWRT provide options to limit Internet access.

http://www.mikrotik.com/ also supply very good flexible access point solutions.