Limiting users to your Website
The easiest way to limit users to your Website, in your order is to select "User interface without URL address bar, used for limiting users to your homepage" or the advanced API command chrome=webcnoaddressbar. This modifies the User Interface to remove the URL addressbar, so that users are effectively walled into your homepage and its links.
Beware your homepage's external link might link to Google and allow that user to browse effectively anywhere.
Simple filtering with the hosts= API
Using the hosts file is a very simple way of filtering Web access of your Webconverger deployments. It's by no means fool-proof, and you need to be able to create the file yourself for the time being on a public URL since we don't offer a configuration Web user-interface for it atm.
Note the hosts file is only setup on boot, so if you change the
you need to reboot the machine for it to take affect of any modified rules.
WARNING: If the hosts file fails to retrieve, the machine can be left unprotected. We will make this feature more failsafe, i.e. if the hosts file fails to download, it will show a graphic to that affect and halt.
E.g. to block the IP 22.214.171.124
You can have multiple iptables= commands and they will be processed in order.
To attempt to blacklist for example reddit.com, you would typically add lines in this format:
255.255.255.255 reddit.com 255.255.255.255 www.reddit.com
Therefore the machine would be blacklisted to surf upon reddit.com, however's reddit's content might be available through other websites or subdomains so this method is not fool-proof. However for simple filtering, it may just suffice.
To setup a simple whitelist where
only sites you specify can be accessed since the DNS service is disabled, your
hosts= value must contain the word whitelist.
For example: hosts=http://example.webconverger.com/whitelist
http://example.webconverger.com/whitelist contains the sites you explicitly want to resolve/allow.
How to prevent users leaving public kiosks in a "bad state"
You will want to consider the kiosk reset options in order to reset Webconverger to your site every say, 3 minutes. This can help avoid an unsupervised Webconverger kiosk being set on a non-mandated Website for too long in public spaces.
We are working on an OpenDNS, DNS black listing alternative. Do enquire to learn more.
Further un-supported options
Using your router or wireless access point
As mentioned on http://webconverger.org/blog/entry/Better_Routing_wanted
3rd party firmware like dd-wrt provide options to limit WAN access under Access Restrictions to:
- Website Blocking by URL Address
- Website Blocking by Keyword
Webconverger and IPCop
IPCop is a lfs-based firewall which can easily be tweaked up to an url-filter.
- Easy to implement (no cost)
- Does not add any weight to Webconverger
- Secures your whole network from the Internet
- Very user-friendly and task-based GUI
- Great community behind the project
- An additional PC must be installed
- Network interfaces must be separated physically
- No multi-WAN connections
- AddOns can only be installed by using a shell
Here are two links when you have questions about IPCop.