Limiting users to your Website
The easiest way to limit users to your Website, in your customisation order please specify chrome=webcnoaddressbar. This modifies the User Interface to remove the URL addressbar, so that users can't navigate away from your homepage.
Simple filtering with the hosts= API
Using the hosts file is a very simple way of filtering Web access of your Webconverger deployments. It's by no means fool-proof, and you need to be able to create the file yourself for the time being on a public URL since we don't offer a configuration Web user-interface for it atm.
This feature was introduced in 839dde and if you are using the install version, you will automatically just get this.
Note the hosts file is only setup on boot, so if you change the
you need to reboot the machine for it to take affect of any modified rules.
WARNING: If the hosts file fails to retrieve, the machine can be left unprotected. We will make this feature more failsafe, i.e. if the hosts file fails to download, it will show a graphic to that affect and halt.
From Webconverger 18 there is a simple iptables API.
E.g. to block the IP 188.8.131.52
You can have multiple iptables= commands and they will be processed in order.
To attempt to blacklist for example reddit.com, you would typically add lines in this format:
255.255.255.255 reddit.com 255.255.255.255 www.reddit.com
Therefore the machine would be blacklisted to surf upon reddit.com, however's reddit's content might be available through other websites or subdomains so this method is not fool-proof. However for simple filtering, it may just suffice.
To setup a simple whitelist where
only sites you specify can be accessed since the DNS service is disabled, your
hosts= value must contain the word whitelist.
For example: hosts=http://example.webconverger.com/whitelist
http://example.webconverger.com/whitelist contains the sites you explicitly want to resolve/allow.
How to prevent users leaving public kiosks in a "bad state"
You will want to consider the kiosk reset options in order to reset Webconverger to your site every say, 3 minutes. This can help avoid an unsupervised Webconverger kiosk being set on a non-mandated Website for too long in public spaces.
Using a 3rd party DNS service for comprehensive filtering
You can open an account with OpenDNS directly or go through Webconverger.com's sales who are resellers of the product. email@example.com can generally get a better deal for you per seat because we buy OpenDNS services in blocks.
This uses the
Further un-supported options
Using your router or wireless access point
As mentioned on http://webconverger.org/blog/entry/Better_Routing_wanted
3rd party firmware like dd-wrt provide options to limit WAN access under Access Restrictions to:
- Website Blocking by URL Address
- Website Blocking by Keyword
Webconverger and IPCop
IPCop is a lfs-based firewall which can easily be tweaked up to an url-filter.
- Easy to implement (no cost)
- Does not add any weight to Webconverger
- Secures your whole network from the Internet
- Very user-friendly and task-based GUI
- Great community behind the project
- An additional PC must be installed
- Networkinterfaces must be separated physically
- No multi-WAN connections
- AddOns can only be installed by using a shell
Here are two links when you have questions about IPCop.